diff --git a/wp-includes/js/tinymce/plugins/spellchecker/classes/GoogleSpell.php b/wp-includes/js/tinymce/plugins/spellchecker/classes/GoogleSpell.php
index 38daa06627..03e4a7848e 100644
--- a/wp-includes/js/tinymce/plugins/spellchecker/classes/GoogleSpell.php
+++ b/wp-includes/js/tinymce/plugins/spellchecker/classes/GoogleSpell.php
@@ -50,7 +50,9 @@ class GoogleSpell extends SpellChecker {
 		return $osug;
 	}
 
-	function &_getMatches($lang, $str) {
+	protected function &_getMatches($lang, $str) {
+		$lang = preg_replace('/[^a-z\-]/i', '', $lang);
+		$str = preg_replace('/[\x00-\x1F\x7F]/', '', $str);
 		$server = "www.google.com";
 		$port = 443;
 		$path = "/tbproxy/spell?lang=" . $lang . "&hl=en";
@@ -105,7 +107,7 @@ class GoogleSpell extends SpellChecker {
 		return $matches;
 	}
 
-	function _unhtmlentities($string) {
+	protected function _unhtmlentities($string) {
 		$string = preg_replace('~&#x([0-9a-f]+);~ei', 'chr(hexdec("\\1"))', $string);
 		$string = preg_replace('~&#([0-9]+);~e', 'chr(\\1)', $string);