Commit Graph

45 Commits

Author SHA1 Message Date
Sergey Biryukov 51be1d635c Escape the output in `wp_ajax_upload_attachment()`.
Merges [45936] to the 4.4 branch.
Props whyisjake, sstoqnov.
Built from https://develop.svn.wordpress.org/branches/4.4@45951


git-svn-id: http://core.svn.wordpress.org/branches/4.4@45762 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-09-04 16:38:22 +00:00
Helen Hou-Sandí 48befcf361 Superglobals: Revert [34059] until further notice.
see #33837.

Built from https://develop.svn.wordpress.org/trunk@34265


git-svn-id: http://core.svn.wordpress.org/trunk@34229 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-17 12:33:26 +00:00
Scott Taylor 191400f9e6 Don't ever use the `guid` value when retrieving URLs for media, use `wp_get_attachment_url()`. Use `get_attached_file()` for path to file.
Fixes #33386.

Built from https://develop.svn.wordpress.org/trunk@34163


git-svn-id: http://core.svn.wordpress.org/trunk@34131 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-15 02:50:25 +00:00
Scott Taylor cd7c0f0b0d Introduce `wp_validate_action( $action = '' )`, a helper function that checks `$_REQUEST` for `action` and returns it, or empty string if not present. If `$action` is passed, it checks to make sure they match before returning it, or an empty string. Strings are always returned to avoid returning multiple types.
Implementing this removes 27 uses of direct superglobal access in the admin.

For more reading:
https://codeclimate.com/github/WordPress/WordPress/wp-admin/edit-comments.php

See #33837.

Built from https://develop.svn.wordpress.org/trunk@34059


git-svn-id: http://core.svn.wordpress.org/trunk@34027 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-11 21:08:26 +00:00
Sergey Biryukov 32b5726fd4 Merge two similar strings.
props pavelevap.
fixes #33643.
Built from https://develop.svn.wordpress.org/trunk@33842


git-svn-id: http://core.svn.wordpress.org/trunk@33810 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-01 13:46:24 +00:00
Scott Taylor 8af2dbc671 Correct punctuation/case for inline comment in `async-upload.php`
Props chriscct7.
Fixes #33408.

Built from https://develop.svn.wordpress.org/trunk@33640


git-svn-id: http://core.svn.wordpress.org/trunk@33607 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-08-18 23:35:25 +00:00
Dion Hulse 3cec3655e9 Prevent IE9 and lower displaying the download file dialogue when attempting to upload using the `html4` Plupload handler.
The HTML4 Plupload handler uses a hidden iframe to POST the upload form,
Unfortunately Internet Explorer 9 doesn't support the `application/json` 
content-type which `wp_send_json_success()` and requires `text/html` instead.

This partially reverts [30354], keeping the better error messages.

Fixes #31037 for trunk.

Built from https://develop.svn.wordpress.org/trunk@31429


git-svn-id: http://core.svn.wordpress.org/trunk@31410 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-02-12 01:15:29 +00:00
Drew Jaynes 2faf449f51 Docs Formatting: Backtick-escape inline code for all dynamic hook docs in wp-admin/*.
Also includes some changes to move hook docs to directly precede hook lines. This is necessary to prevent DocBlock-matching confusion when core is parsed.

Affects DocBlocks for the following hooks:
* `wp_ajax_ . $_REQUEST['action']`
* `wp_ajax_nopriv_ . $_REQUEST['action']`
* `admin_footer- . $GLOBALS['hook_suffix']`
* `admin_head-$hook_suffix`
* `admin_post_nopriv_{$action}`
* `admin_post_{$action}`
* `load-  . $page_hook`
* `load- . $plugin_page`
* `load-importer- . $importer`
* `load- . $pagenow`
* `admin_action_ . $_REQUEST['action']`
* `async_upload_{$type}`
* `add_meta_boxes_ . $post_type`
* `{$taxonomy}_pre_edit_form`
* `{$taxonomy}_term_edit_form_tag`
* `{$taxonomy}_edit_form_fields`
* `{$taxonomy}_edit_form`
* `after-{$taxonomy}-table`
* `{$taxonomy}_pre_add_form`
* `{$taxonomy}_term_new_form_tag`
* `{$taxonomy}_add_form_fields`
* `{$taxonomy}_add_form`
* `media_upload_$type`
* `media_upload_$tab`
* `install_plugins_pre_$tab`
* `install_plugins_$tab`
* `install_themes_pre_{$tab}`
* `install_themes_{$tab}`
* `update-core-custom_{$action}`
* `update-custom_{$action}`
* `user_{$name}_label`

See #30552.

Built from https://develop.svn.wordpress.org/trunk@30649


git-svn-id: http://core.svn.wordpress.org/trunk@30639 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-30 11:42:24 +00:00
John Blackbourn fd15794b5c Add some specific JSON responses when there are user permission errors for AJAX file uploads. Replace some usage of `wp_json_encode()` with `wp_send_json_*()`.
See #25849
Props gcorne

Built from https://develop.svn.wordpress.org/trunk@30354


git-svn-id: http://core.svn.wordpress.org/trunk@30353 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-16 05:47:21 +00:00
Scott Taylor 2d1080aed1 Improve `wp.Uploader` documentation.
Props ericlewis.
See #30260.

Built from https://develop.svn.wordpress.org/trunk@30244


git-svn-id: http://core.svn.wordpress.org/trunk@30244 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-05 19:37:23 +00:00
Dominik Schilling 8ea68677f3 Media Upload: Improve styling of error messages.
props afercia, michalzuber.
fixes #29047.
Built from https://develop.svn.wordpress.org/trunk@29355


git-svn-id: http://core.svn.wordpress.org/trunk@29131 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-08-02 14:14:19 +00:00
Drew Jaynes 097dc8ee15 Fix syntax for single- and multi-line comments in wp-admin-directory files.
See #28931.

Built from https://develop.svn.wordpress.org/trunk@29206


git-svn-id: http://core.svn.wordpress.org/trunk@28990 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-07-17 09:14:16 +00:00
Scott Taylor b9afafffe3 `hackificator` complains if you call `include 'file.php'` without the parens, needs to be `include( 'file.php' )`
See #27881.

Built from https://develop.svn.wordpress.org/trunk@28479


git-svn-id: http://core.svn.wordpress.org/trunk@28306 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-18 20:52:15 +00:00
Scott Taylor 112ca4e055 Because the `WP_ADMIN` constant name can be bound in multiple files, all instances should check `! defined` first. `wp-admin/admin.php` already has this check.
See #27881.

Built from https://develop.svn.wordpress.org/trunk@28478


git-svn-id: http://core.svn.wordpress.org/trunk@28305 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-18 20:42:16 +00:00
Dominik Schilling 12334929d7 Fix typo in hook description for `async_upload_{$type}`.
Built from https://develop.svn.wordpress.org/trunk@27955


git-svn-id: http://core.svn.wordpress.org/trunk@27785 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-04-05 14:12:16 +00:00
Andrew Nacin 5965616aca Define DOING_AJAX earlier in async-upload.php.
props avryl.
fixes #27387. see [22902].

Built from https://develop.svn.wordpress.org/trunk@27558


git-svn-id: http://core.svn.wordpress.org/trunk@27401 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-03-15 19:59:15 +00:00
Drew Jaynes 95bf041b3a Inline documentation for hooks in wp-admin/async-upload.php.
Props rzen for the initial patch.
Fixes #25517.

Built from https://develop.svn.wordpress.org/trunk@25942


git-svn-id: http://core.svn.wordpress.org/trunk@25901 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-10-26 21:41:09 +00:00
Andrew Nacin fd57b239d2 Don't rely on include_path to include files.
Always use dirname() or, once available, ABSPATH.

props ketwaroo, hakre.
fixes #17092.

Built from https://develop.svn.wordpress.org/trunk@25616


git-svn-id: http://core.svn.wordpress.org/trunk@25533 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-09-25 00:18:11 +00:00
Andrew Nacin c2db94d10c Use meta caps edit_post, read_post, and delete_post directly, rather than consulting the post type object. map_meta_cap() handles that for us. props markjaquith, kovshenin. fixes #23226.
git-svn-id: http://core.svn.wordpress.org/trunk@24593 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-07-08 20:05:42 +00:00
Sergey Biryukov 415a5c60da * Pass ellipsis as a parameter to wp_html_excerpt() instead of appending it manually.
* Consolidate the logic to avoid appending ellipsis if the entire string is shown.
* Show ellipsis after truncated filenames and post titles.

props solarissmoke, bpetty, SergeyBiryukov. fixes #11446.

git-svn-id: http://core.svn.wordpress.org/trunk@24214 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-05-09 00:22:02 +00:00
Andrew Nacin 7e13a6656c Verify attachment parent during upload.
git-svn-id: http://core.svn.wordpress.org/trunk@22915 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-11-29 02:39:34 +00:00
Ryan Boren ea0d28db29 Route uploads through async-upload.php instead of admin-ajax.php.
Props nacin, koopersmith
fixes #22622


git-svn-id: http://core.svn.wordpress.org/trunk@22902 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-11-28 20:17:57 +00:00
Andrew Nacin e276fc44be Have media-new.php return simple rows of basic attachment data, with an 'Edit' link next to each taking them to post.php (in a new window). Not ideal, but this is largely a fallback screen at this point.
This is bolted on to existing code, the vast majority of which is destined to be ripped out in 3.6 once things settle.

see #22083.



git-svn-id: http://core.svn.wordpress.org/trunk@22755 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-11-21 13:05:44 +00:00
ryan e3b46b25d3 Lose EOF ?>. Clean up EOF newlines. fixes #12307
git-svn-id: http://svn.automattic.com/wordpress/trunk@19712 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-01-08 17:01:11 +00:00
ryan 0358498b0a Use text/html to appease IE < 9. Props azaozz. fixes #19494
git-svn-id: http://svn.automattic.com/wordpress/trunk@19586 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-12-11 00:03:24 +00:00
ryan 3862c4c34c Add cap and type checks to media item fetch. For trunk
git-svn-id: http://svn.automattic.com/wordpress/trunk@17390 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-02-05 18:22:53 +00:00
dd32 0821c7163b Better display handling of error messages during swfupload uploading. Fixes #12225
git-svn-id: http://svn.automattic.com/wordpress/trunk@14816 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-05-23 10:59:52 +00:00
nacin 6ec7cb4540 Use relative paths when including files, avoiding include_path. fixes #12594, props sorich87.
git-svn-id: http://svn.automattic.com/wordpress/trunk@14139 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-04-18 06:14:45 +00:00
ryan e8c32c03b0 Pass logged_in cookie to async-upload. Props nbachiyski. fixes #10739
git-svn-id: http://svn.automattic.com/wordpress/trunk@11904 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-09-08 15:22:42 +00:00
azaozz 85766ab12e Show "Delete" in Media -> Add New, props mgriepentrog, fixes #7879
git-svn-id: http://svn.automattic.com/wordpress/trunk@11421 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-05-21 01:42:40 +00:00
markjaquith 119b39cec2 deprecate wp_specialchars() in favor of esc_html(). Encode quotes for esc_html() as in esc_attr(), to improve plugin security.
git-svn-id: http://svn.automattic.com/wordpress/trunk@11380 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-05-18 15:11:07 +00:00
ryan a61bc0ec8a Trailing whitespace cleanup
git-svn-id: http://svn.automattic.com/wordpress/trunk@11013 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-04-20 18:18:39 +00:00
azaozz f26797d298 Define WP_ADMIN in flash uploader, props hailin, fixes #9368
git-svn-id: http://svn.automattic.com/wordpress/trunk@10827 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-03-20 01:07:35 +00:00
azaozz 65e0cea07b Show file url after upload form media library, props yoavf, fixes #9267
git-svn-id: http://svn.automattic.com/wordpress/trunk@10696 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-03-04 08:22:25 +00:00
ryan 9861eb1a85 Notice fixes from DD32. see #7509
git-svn-id: http://svn.automattic.com/wordpress/trunk@9699 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-11-14 23:01:16 +00:00
azaozz a6f7c12d48 Upload media from the Media Library page.
git-svn-id: http://svn.automattic.com/wordpress/trunk@8998 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-09-27 08:17:55 +00:00
ryan 175c2b6fb1 WP-Admin File Level Inline Documentation from santosj. see #7496
git-svn-id: http://svn.automattic.com/wordpress/trunk@8618 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-08-11 20:26:31 +00:00
ryan 35b18e5034 Trailing whitespace cleanup
git-svn-id: http://svn.automattic.com/wordpress/trunk@8600 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-08-09 05:36:14 +00:00
ryan 636c562256 SSL fixes. see #7001
git-svn-id: http://svn.automattic.com/wordpress/trunk@8190 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-06-24 22:19:27 +00:00
ryan 5ad5715af7 Add some noncing. Props andy.
git-svn-id: http://svn.automattic.com/wordpress/trunk@8023 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-05-30 20:43:36 +00:00
ryan a5336482b1 Add charset to async-upload content-type header. Props duncanmc. fixes #6873 for trunk
git-svn-id: http://svn.automattic.com/wordpress/trunk@8021 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-05-30 20:42:28 +00:00
ryan 5b8113578d Allow wp-config.php to exist one level up from WordPress root directory. Props sambauers. fixes #6933
git-svn-id: http://svn.automattic.com/wordpress/trunk@7971 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-05-21 05:59:27 +00:00
ryan cab4206406 Workaround response truncation by reducing size of response after uploading with flash uploader. Props tellyworth. fixes #6713
git-svn-id: http://svn.automattic.com/wordpress/trunk@7682 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-04-14 23:09:14 +00:00
ryan b0b5981a77 Add capability check to async-upload. Props xknown. fixes #5848
git-svn-id: http://svn.automattic.com/wordpress/trunk@6830 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-02-13 23:16:11 +00:00
matt f529123061 First pass at async upload, multi-upload, and gallery feature. Modified names from patch. Hat tip: tellyworth, skeltoac.
git-svn-id: http://svn.automattic.com/wordpress/trunk@6659 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-01-25 19:21:11 +00:00