diff --git a/docs/NEWS b/docs/NEWS
index ca4d80da..399f79b2 100644
--- a/docs/NEWS
+++ b/docs/NEWS
@@ -3,6 +3,8 @@
 Version 1.6 ()
 ------------------------------------------------------------------------
 
+    * Allow to moderate multiple selected comments (garvinhicking)
+    
     * Allow to pass 'template' variable to serendipity_showPlugin
     
     * Make CSS permalink pattern compatible to 1&1 servers,
@@ -83,6 +85,14 @@ Version 1.6 ()
     * Added event hook backend_sendcomment for sending comments and
       being able to chang via plugin API (onli)
 
+Version 1.5.5 (December 21st, 2010)
+------------------------------------------------------------------------
+
+    * Due to security issues in the bundled Xinha WYSIWYG,
+      disabled the PHP-based plugins (which are not utilized by
+      serendipity unless manually enabled), until a proper security
+      fix is available
+      
 Version 1.5.4 (August 26th, 2010)
 ------------------------------------------------------------------------
 
diff --git a/include/admin/comments.inc.php b/include/admin/comments.inc.php
index 451655d1..8cf5e1b6 100644
--- a/include/admin/comments.inc.php
+++ b/include/admin/comments.inc.php
@@ -14,10 +14,21 @@ $commentsPerPage = (int)(!empty($serendipity['GET']['filter']['perpage']) ? $ser
 $summaryLength = 200;
 
 if ($serendipity['POST']['formAction'] == 'multiDelete' && sizeof($serendipity['POST']['delete']) != 0 && serendipity_checkFormToken()) {
-    foreach ( $serendipity['POST']['delete'] as $k => $v ) {
-        serendipity_deleteComment($k, $v);
-        echo DONE . ': '. sprintf(COMMENT_DELETED, (int)$k) . '<br />';
-    }
+    if ($serendipity['POST']['togglemoderate'] != '') {
+		foreach ( $serendipity['POST']['delete'] as $k => $v ) {
+			$ac = serendipity_approveComment($k, $v, false, 'flip');
+			if ($ac > 0) {
+				echo DONE . ': '. sprintf(COMMENT_APPROVED, (int)$k) . '<br />';
+			} else {
+				echo DONE . ': '. sprintf(COMMENT_MODERATED, (int)$k) . '<br />';
+			}
+		}
+    } else {
+		foreach ( $serendipity['POST']['delete'] as $k => $v ) {
+#			serendipity_deleteComment($k, $v);
+			echo DONE . ': '. sprintf(COMMENT_DELETED, (int)$k) . '<br />';
+		}
+	}
 }
 
 
@@ -544,7 +555,10 @@ foreach ($sql as $rs) {
 </tr>
 <?php } ?>
 <tr>
-    <td><input type="button" name="toggle" value="<?php echo INVERT_SELECTIONS ?>" onclick="invertSelection()" class="serendipityPrettyButton input_button" /> <input type="submit" name="toggle" value="<?php echo DELETE_SELECTED_COMMENTS ?>" onclick="return confirm('<?php echo COMMENTS_DELETE_CONFIRM ?>')" tabindex="<?php echo ($i+1) ?>" class="serendipityPrettyButton input_button" /></td>
+    <td><input type="button" name="toggle" value="<?php echo INVERT_SELECTIONS ?>" onclick="invertSelection()" class="serendipityPrettyButton input_button" /> 
+    <input type="submit" name="toggle" value="<?php echo DELETE_SELECTED_COMMENTS ?>" onclick="return confirm('<?php echo COMMENTS_DELETE_CONFIRM ?>')" tabindex="<?php echo ($i+1) ?>" class="serendipityPrettyButton input_button" />
+    <input type="submit" name="serendipity[togglemoderate]" value="<?php echo MODERATE_SELECTED_COMMENTS ?>" class="serendipityPrettyButton input_button" />
+    </td>
 </tr>
 </table>
 <table width="100%" cellpadding="3" border="0" cellspacing="0">
diff --git a/include/functions_comments.inc.php b/include/functions_comments.inc.php
index f9d4378a..6def1305 100644
--- a/include/functions_comments.inc.php
+++ b/include/functions_comments.inc.php
@@ -635,8 +635,18 @@ function serendipity_approveComment($cid, $entry_id, $force = false, $moderate =
                     ". (($force === true) ? "" : "AND status = 'pending'");
     $rs  = serendipity_db_query($sql, true);
 
+	$flip = false;
+	if ($moderate === 'flip') {
+		$flip = true;
 
-    if ($moderate) {
+		if ($rs['status'] == 'pending') {
+	        $sql = "UPDATE {$serendipity['dbPrefix']}comments SET status = 'approved' WHERE id = ". (int)$cid;
+	        $moderate = false;
+		} else {
+	        $sql = "UPDATE {$serendipity['dbPrefix']}comments SET status = 'pending' WHERE id = ". (int)$cid;
+	        $moderate = true;
+		}
+	} elseif ($moderate) {
         $sql = "UPDATE {$serendipity['dbPrefix']}comments SET status = 'pending' WHERE id = ". (int)$cid;
     } else {
         $sql = "UPDATE {$serendipity['dbPrefix']}comments SET status = 'approved' WHERE id = ". (int)$cid;
@@ -689,6 +699,11 @@ function serendipity_approveComment($cid, $entry_id, $force = false, $moderate =
         serendipity_plugin_api::hook_event('backend_approvecomment', $rs);
     }
 
+	if ($flip) {
+		if ($moderate) return -1; // comment set to pending
+		if (!$moderate) return 1; // comment set to approved
+	}
+	
     return true;
 }
 
diff --git a/include/functions_smarty.inc.php b/include/functions_smarty.inc.php
index 1171a566..a65f388b 100644
--- a/include/functions_smarty.inc.php
+++ b/include/functions_smarty.inc.php
@@ -513,14 +513,13 @@ function serendipity_smarty_hookPlugin($params, &$smarty) {
                              'entries_footer',
                              'frontend_comment',
                              'frontend_footer');
-
     if (!isset($params['hook'])) {
         $smarty->trigger_error(__FUNCTION__ .": missing 'hook' parameter");
         return;
     }
 
     if (!in_array($params['hook'], $hookable) && $params['hookAll'] != 'true') {
-        $smarty->trigger_error(__FUNCTION__ .": illegal hook '". $params['hook'] ."'");
+        $smarty->trigger_error(__FUNCTION__ .": illegal hook '". $params['hook'] ."' (" . $params['hookAll'] . ")");
         return;
     }