Index: modules/block/block.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/block/block.module,v
retrieving revision 1.329
diff -u -p -r1.329 block.module
--- modules/block/block.module	26 Apr 2009 16:30:28 -0000	1.329
+++ modules/block/block.module	27 Apr 2009 19:23:13 -0000
@@ -225,7 +225,7 @@ function block_block_save($delta = 0, $e
  */
 function block_block_view($delta = 0, $edit = array()) {
   $block = db_fetch_object(db_query('SELECT body, format FROM {box} WHERE bid = %d', $delta));
-  $data['content'] = check_markup($block->body, $block->format, '', FALSE);
+  $data['content'] = check_markup($block->body, $block->format);
   return $data;
 }
 
Index: modules/comment/comment.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/comment/comment.module,v
retrieving revision 1.706
diff -u -p -r1.706 comment.module
--- modules/comment/comment.module	27 Apr 2009 07:09:58 -0000	1.706
+++ modules/comment/comment.module	27 Apr 2009 19:41:07 -0000
@@ -709,7 +709,7 @@ function comment_node_update_index($node
   $text = '';
   $comments = db_query('SELECT subject, comment, format FROM {comment} WHERE nid = :nid AND status = :status', array(':nid' => $node->nid, ':status' => COMMENT_PUBLISHED));
   foreach ($comments as $comment) {
-    $text .= '<h2>' . check_plain($comment->subject) . '</h2>' . check_markup($comment->comment, $comment->format, FALSE);
+    $text .= '<h2>' . check_plain($comment->subject) . '</h2>' . check_markup($comment->comment, $comment->format);
   }
   return $text;
 }
@@ -1751,7 +1751,8 @@ function _comment_form_submit(&$comment_
     // 1) Filter it into HTML
     // 2) Strip out all HTML tags
     // 3) Convert entities back to plain-text.
-    // Note: format is checked by check_markup().
+    // Note: Access to text format for comment previews is already validated in
+    // comment_form_add_preview().
     $comment_values['subject'] = truncate_utf8(trim(decode_entities(strip_tags(check_markup($comment_values['comment'], $comment_values['comment_format'])))), 29, TRUE);
     // Edge cases where the comment body is populated only by HTML tags will
     // require a default subject.
@@ -1805,7 +1806,7 @@ function theme_comment_view($comment, $n
 
   // Switch to folded/unfolded view of the comment.
   if ($visible) {
-    $comment->comment = check_markup($comment->comment, $comment->format, '', FALSE);
+    $comment->comment = check_markup($comment->comment, $comment->format);
     // Comment API hook.
     comment_invoke_comment($comment, 'view');
     $output .= theme('comment', $comment, $node, $links);
Index: modules/filter/filter.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/filter/filter.module,v
retrieving revision 1.248
diff -u -p -r1.248 filter.module
--- modules/filter/filter.module	25 Apr 2009 18:01:10 -0000	1.248
+++ modules/filter/filter.module	27 Apr 2009 19:27:40 -0000
@@ -424,9 +424,8 @@ function filter_list_format($format) {
  *    showing content that is not (yet) stored in the database (eg. upon preview),
  *    set to TRUE so the user's permissions are checked.
  */
-function check_markup($text, $format = FILTER_FORMAT_DEFAULT, $langcode = '', $check = TRUE) {
-  // When $check = TRUE, do an access check on $format.
-  if (isset($text) && (!$check || filter_access($format))) {
+function check_markup($text, $format = FILTER_FORMAT_DEFAULT, $langcode = '', $check_access = FALSE) {
+  if (isset($text) && (!$check_access || filter_access($format))) {
     $format = filter_resolve_format($format);
 
     // Check for a cached version of this piece of text.
Index: modules/node/node.api.php
===================================================================
RCS file: /cvs/drupal/drupal/modules/node/node.api.php,v
retrieving revision 1.14
diff -u -p -r1.14 node.api.php
--- modules/node/node.api.php	25 Apr 2009 16:33:48 -0000	1.14
+++ modules/node/node.api.php	27 Apr 2009 19:29:01 -0000
@@ -372,7 +372,7 @@ function hook_node_update_index($node) {
   $text = '';
   $comments = db_query('SELECT subject, comment, format FROM {comment} WHERE nid = :nid AND status = :status', array(':nid' => $node->nid, ':status' => COMMENT_PUBLISHED));
   foreach ($comments as $comment) {
-    $text .= '<h2>' . check_plain($comment->subject) . '</h2>' . check_markup($comment->comment, $comment->format, FALSE);
+    $text .= '<h2>' . check_plain($comment->subject) . '</h2>' . check_markup($comment->comment, $comment->format);
   }
   return $text;
 }
Index: modules/node/node.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/node/node.module,v
retrieving revision 1.1042
diff -u -p -r1.1042 node.module
--- modules/node/node.module	26 Apr 2009 19:44:39 -0000	1.1042
+++ modules/node/node.module	27 Apr 2009 19:29:15 -0000
@@ -1230,10 +1230,10 @@ function node_prepare($node, $teaser = F
   $node->readmore = (strlen($node->teaser) < strlen($node->body));
 
   if ($teaser == FALSE) {
-    $node->body = check_markup($node->body, $node->format, $node->language, FALSE);
+    $node->body = check_markup($node->body, $node->format, $node->language);
   }
   else {
-    $node->teaser = check_markup($node->teaser, $node->format, $node->language, FALSE);
+    $node->teaser = check_markup($node->teaser, $node->format, $node->language);
   }
 
   $node->content['body'] = array(
Index: modules/profile/profile.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/profile/profile.module,v
retrieving revision 1.252
diff -u -p -r1.252 profile.module
--- modules/profile/profile.module	14 Mar 2009 23:01:37 -0000	1.252
+++ modules/profile/profile.module	27 Apr 2009 19:31:17 -0000
@@ -299,7 +299,7 @@ function profile_view_field($user, $fiel
   if (isset($user->{$field->name}) && $value = $user->{$field->name}) {
     switch ($field->type) {
       case 'textarea':
-        return check_markup($value);
+        return check_markup($value, NULL, '', TRUE);
       case 'textfield':
       case 'selection':
         return $browse ? l($value, 'profile/' . $field->name . '/' . $value) : check_plain($value);
Index: modules/user/user.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/user/user.module,v
retrieving revision 1.980
diff -u -p -r1.980 user.module
--- modules/user/user.module	26 Apr 2009 09:53:50 -0000	1.980
+++ modules/user/user.module	27 Apr 2009 19:42:51 -0000
@@ -2508,7 +2508,8 @@ function user_forms() {
  */
 function user_comment_view(&$comment) {
   if (variable_get('user_signatures', 0) && !empty($comment->signature)) {
-    $comment->signature = check_markup($comment->signature, $comment->format);
+    // @todo User signature needs an own text format.
+    $comment->signature = check_markup($comment->signature, $comment->format, '', TRUE);
   }
   else {
     $comment->signature = '';