Commit Graph

90 Commits

Author SHA1 Message Date
Aaron Jorbin a5a631ecf1 Grouped Backports to the 4.6 branch.
- Install: When populating options, maybe_serialize instead of always serialize.
- Uploads: Check for and verify ZIP archives.

Merges [57388] and [57389] to the 4.6 branch.

Props costdev, peterwilsoncc, azaozz, tykoted, johnbillion, desrosj, afragen, jorbin, xknown.

Built from https://develop.svn.wordpress.org/branches/4.6@57409


git-svn-id: http://core.svn.wordpress.org/branches/4.6@56915 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-01-30 15:08:23 +00:00
Dominik Schilling 25e66e4f1e Text Changes: Unify permission error messages.
The new format looks like "Sorry, you are not allowed to <action>.". This provides a consistent experience for all error messages related to missing permissions. It also reduces the number of similar strings and allows translators to provide a consistent style in their language.

Props ramiy, Presskopp.
Fixes #34521.
Built from https://develop.svn.wordpress.org/trunk@37914


git-svn-id: http://core.svn.wordpress.org/trunk@37855 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-29 15:16:29 +00:00
Dominik Schilling 7b33ad2a99 Plugins: Don't request all fields via `plugins_api( 'plugin_information' )` for plugin installs and update checks.
The Plugins API returns a lot of data by default (see [34596]) but when installing or checking for updates we don't need all of it. To save bandwidth, memory and time request only required fields.

Fixes #34030.
Built from https://develop.svn.wordpress.org/trunk@34598


git-svn-id: http://core.svn.wordpress.org/trunk@34562 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-26 15:50:25 +00:00
Helen Hou-Sandí 48befcf361 Superglobals: Revert [34059] until further notice.
see #33837.

Built from https://develop.svn.wordpress.org/trunk@34265


git-svn-id: http://core.svn.wordpress.org/trunk@34229 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-17 12:33:26 +00:00
Scott Taylor cd7c0f0b0d Introduce `wp_validate_action( $action = '' )`, a helper function that checks `$_REQUEST` for `action` and returns it, or empty string if not present. If `$action` is passed, it checks to make sure they match before returning it, or an empty string. Strings are always returned to avoid returning multiple types.
Implementing this removes 27 uses of direct superglobal access in the admin.

For more reading:
https://codeclimate.com/github/WordPress/WordPress/wp-admin/edit-comments.php

See #33837.

Built from https://develop.svn.wordpress.org/trunk@34059


git-svn-id: http://core.svn.wordpress.org/trunk@34027 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-11 21:08:26 +00:00
Andrew Ozz 2d36b8ff4a Accessibility improvements for Themes screen: fix keyboard events and callbacks for the Search field, increase trigger timeout a bit, improve Esc. key handling.
Props joedolson, adamsilverstein, afercia, DrewAPicture. Fixes #26600.
Built from https://develop.svn.wordpress.org/trunk@31994


git-svn-id: http://core.svn.wordpress.org/trunk@31973 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-03 02:32:28 +00:00
Drew Jaynes 2faf449f51 Docs Formatting: Backtick-escape inline code for all dynamic hook docs in wp-admin/*.
Also includes some changes to move hook docs to directly precede hook lines. This is necessary to prevent DocBlock-matching confusion when core is parsed.

Affects DocBlocks for the following hooks:
* `wp_ajax_ . $_REQUEST['action']`
* `wp_ajax_nopriv_ . $_REQUEST['action']`
* `admin_footer- . $GLOBALS['hook_suffix']`
* `admin_head-$hook_suffix`
* `admin_post_nopriv_{$action}`
* `admin_post_{$action}`
* `load-  . $page_hook`
* `load- . $plugin_page`
* `load-importer- . $importer`
* `load- . $pagenow`
* `admin_action_ . $_REQUEST['action']`
* `async_upload_{$type}`
* `add_meta_boxes_ . $post_type`
* `{$taxonomy}_pre_edit_form`
* `{$taxonomy}_term_edit_form_tag`
* `{$taxonomy}_edit_form_fields`
* `{$taxonomy}_edit_form`
* `after-{$taxonomy}-table`
* `{$taxonomy}_pre_add_form`
* `{$taxonomy}_term_new_form_tag`
* `{$taxonomy}_add_form_fields`
* `{$taxonomy}_add_form`
* `media_upload_$type`
* `media_upload_$tab`
* `install_plugins_pre_$tab`
* `install_plugins_$tab`
* `install_themes_pre_{$tab}`
* `install_themes_{$tab}`
* `update-core-custom_{$action}`
* `update-custom_{$action}`
* `user_{$name}_label`

See #30552.

Built from https://develop.svn.wordpress.org/trunk@30649


git-svn-id: http://core.svn.wordpress.org/trunk@30639 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-30 11:42:24 +00:00
Andrew Nacin ac3dd27737 Plugin/Theme Uploads: New capabilities; unify UIs; ensure compatibility with old filters.
Introduce upload_plugins and upload_themes capabilities to allow blocking of plugin and theme uploads, versus the old hacky (and not secure) ways of just hiding UI tabs. These are simply meta capabilities that map to install_plugins and install_themes.
 
Also:
 * Use the same nice design for the plugin upload screen as the theme upload screen.
 * Better compatibility for the old install_themes_tabs filter added in [29002]. see #28578.
 * Ensure using the install_plugins_tabs filter to remove the upload tab removes the new button.
 * Use 'Add Plugins' instead of 'Install Plugins' to match 'Add Themes'.

fixes #29236.

Built from https://develop.svn.wordpress.org/trunk@29634


git-svn-id: http://core.svn.wordpress.org/trunk@29408 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-08-27 01:32:18 +00:00
Scott Taylor 2f513d3320 Fix some `hackificator` odds and ends in `wp-admin`:
* `wp-activate.php` and `wp-admin/themes.php` don't need the closing PHP tag
* Switch single quotes for HTML attribute values to double in a few places
* Convert `include_once file.php` syntax to `include_once( 'file.php' )`
* Add access modifiers to methods/members in: `_WP_List_Table_Compat`, `Walker_Nav_Menu_Edit`, `Walker_Nav_Menu_Checklist`, `WP_Screen`, `Walker_Category_Checklist`
* `edit_user()` doesn't need to import the `$wpdb` global
* `wp_list_widgets()` doesn't need to import the `$sidebars_widgets` global
* switch/endswitch syntax is not supported in Hack
* A `<ul>` in `wp-admin/users.php` is unclosed

See #27881.

Built from https://develop.svn.wordpress.org/trunk@28500


git-svn-id: http://core.svn.wordpress.org/trunk@28326 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-19 05:04:16 +00:00
Andrew Nacin 9f81d0526e Theme Installer: Revert to proxying through PHP for WordPress.org API requests.
This is to ensure we have valid installation nonces, though we've run into this as a problem previously (see #27639, #27581, #27055).

A tad slower, but we gained speed in 3.9 by simplifying the request made to the API.

props ocean90.
fixes #27798.

Built from https://develop.svn.wordpress.org/trunk@28126


git-svn-id: http://core.svn.wordpress.org/trunk@27957 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-04-15 01:16:14 +00:00
Andrew Nacin 9aca2a65f8 Bring the theme browsing experience from 3.8 to the theme installer. First pass.
props matveb with assists from me and gcorne.
see #27055.

Built from https://develop.svn.wordpress.org/trunk@27499


git-svn-id: http://core.svn.wordpress.org/trunk@27341 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-03-11 07:47:15 +00:00
Andrew Nacin 13e868ac55 Decrement update count bubbles as plugins/themes are updated, live.
props gcorne, mitchoyoshitaka.
fixes #17703.

Built from https://develop.svn.wordpress.org/trunk@27280


git-svn-id: http://core.svn.wordpress.org/trunk@27136 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-02-26 06:55:14 +00:00
Andrew Nacin 5f0981788d Detect and handle symlinking of plugins in plugin_basename().
props rmccue, MikeSchinkel, jdgrimes.
see #16953.

Built from https://develop.svn.wordpress.org/trunk@27158


git-svn-id: http://core.svn.wordpress.org/trunk@27024 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-02-10 23:00:15 +00:00
Drew Jaynes 0753c12b85 Inline documentation for hooks in wp-admin/update.php.
Props ninio, kpdesign.
Fixes #25723.

Built from https://develop.svn.wordpress.org/trunk@25951


git-svn-id: http://core.svn.wordpress.org/trunk@25910 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-10-27 18:37:09 +00:00
Andrew Nacin fd57b239d2 Don't rely on include_path to include files.
Always use dirname() or, once available, ABSPATH.

props ketwaroo, hakre.
fixes #17092.

Built from https://develop.svn.wordpress.org/trunk@25616


git-svn-id: http://core.svn.wordpress.org/trunk@25533 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-09-25 00:18:11 +00:00
Andrew Nacin 3bfb59b39d More robust escaping in the plugin/theme upgrader.
git-svn-id: http://core.svn.wordpress.org/trunk@24474 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-06-21 05:54:40 +00:00
Ryan Boren 43a7e695e9 Revert 23416, 23419, 23445 except for wp_reset_vars() changes. We are going a different direction with the slashing cleanup, so resetting to a clean slate. see #21767
git-svn-id: http://core.svn.wordpress.org/trunk@23554 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-01 16:28:40 +00:00
Ryan Boren cc5ed3a485 Change all core API to expect unslashed rather than slashed arguments.
The exceptions to this are update_post_meta() and add_post_meta() which are often used by plugins in POST handlers and will continue accepting slashed data for now.

Introduce wp_upate_post_meta() and wp_add_post_meta() as unslashed alternatives to update_post_meta() and add_post_meta(). These functions could become methods in WP_Post so don't use them too heavily yet.

Remove all escape() calls from wp_xmlrpc_server. Now that core expects unslashed data this is no longer needed.

Remove addslashes(), addslashes_gpc(), add_magic_quotes() calls on data being prepared for handoff to core functions that until now expected slashed data. Adding slashes in no longer necessary.

Introduce wp_unslash() and use to it remove slashes from GPCS data before using it in core API. Almost every instance of stripslashes() in core should now be wp_unslash(). In the future (a release or three) when GPCS is no longer slashed, wp_unslash() will stop stripping slashes and simply return what is passed. At this point wp_unslash() calls can be removed from core.

Introduce wp_slash() for slashing GPCS data. This will also turn into a noop once GPCS is no longer slashed. wp_slash() should almost never be used. It is mainly of use in unit tests.

Plugins should use wp_unslash() on data being passed to core API.

Plugins should no longer slash data being passed to core. So when you get_post() and then wp_insert_post() the post data from get_post() no longer needs addslashes(). Most plugins were not bothering with this. They will magically start doing the right thing. Unfortunately, those few souls who did it properly will now have to avoid calling addslashes() for 3.6 and newer.

Use wp_kses_post() and wp_kses_data(), which expect unslashed data, instead of wp_filter_post_kses() and wp_filter_kses(), which expect slashed data. Filters are no longer passed slashed data.

Remove many no longer necessary calls to $wpdb->escape() and esc_sql().

In wp_get_referer() and wp_get_original_referer(), return unslashed data.

Remove old stripslashes() calls from WP_Widget::update() handlers. These haven't been necessary since WP_Widget.

Switch several queries over to prepare().

Expect something to break.

Props alexkingorg
see #21767


git-svn-id: http://core.svn.wordpress.org/trunk@23416 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-02-14 22:51:06 +00:00
Andrew Nacin dc40f18228 Merge some strings. props pavelevap. fixes #22306.
git-svn-id: http://core.svn.wordpress.org/trunk@22430 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-11-07 19:37:54 +00:00
koopersmith a5dacf7da5 Theme Customizer: Allow the customize iframe to be accessed directly (with full feature support). see #19910.
* Move the 'Return to Manage Themes' and 'Collapse Sidebar' actions from themes.php to customize-controls.php.
* Create a postMessage connection between themes.php and customize-controls.php.
* Allow the theme customizer to be accessed directly (independent of themes.php and the customize loader).
* Add wp_customize_href() and wp_customize_url().
* Remove wp_customize_loader(). To include the loader, use wp_enqueue_script( 'customize-loader' ).
* The theme customizer now requires postMessage browser support.
* Add .hide-if-customize and .hide-if-no-customize CSS classes.
* Clean up customize-preview.js.

git-svn-id: http://svn.automattic.com/wordpress/trunk@20476 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-04-16 14:02:28 +00:00
koopersmith c2fb0c425b Replace all instances of thickbox theme preview with the theme customizer. fixes #20404.
* Use theme customizer in theme install/update screens.
* Separate the customize loader from the customizer. Use wp_customize_loader() to include the loader script and markup.
* Deprecated: wp-admin/js/theme-preview.js is now no longer used by core.

git-svn-id: http://svn.automattic.com/wordpress/trunk@20419 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-04-10 02:25:03 +00:00
nacin 98862a975b Support child theme installation in the theme installer. props otto42, dd32. fixes #13774.
git-svn-id: http://svn.automattic.com/wordpress/trunk@20267 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-03-23 10:10:06 +00:00
dd32 ef278df299 Store Plugin/Theme uploads in the Media Library properly. Add Scheduled cleanup +2hrs to clean up any aborted installation attempts. See #18182
git-svn-id: http://svn.automattic.com/wordpress/trunk@18617 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-08-28 08:42:07 +00:00
dd32 b16b6f8a31 Only clean up the uploaded files after a successful (or failed) install. Allows files to persist past the FTP credential screen. See #18182
git-svn-id: http://svn.automattic.com/wordpress/trunk@18616 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-08-28 05:51:38 +00:00
dd32 ea3a169b6f Clean up Plugin/Theme uploads after successfully installing them. Restores pre-3.2 behaviour. See #18182
git-svn-id: http://svn.automattic.com/wordpress/trunk@18614 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-08-28 03:51:35 +00:00
nacin 1cdd5ad41a Remove more E_RECOVERABLE_ERROR checks. props duck_, see #16920.
git-svn-id: http://svn.automattic.com/wordpress/trunk@17632 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-04-12 09:21:13 +00:00
nacin c6c9ce82b3 IFRAME_REQUEST for network/update.php. props duck_, see #15724.
git-svn-id: http://svn.automattic.com/wordpress/trunk@16860 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-12-10 18:25:18 +00:00
ryan dfbd83784f Define IFRAME_REQUEST only for framed requests. Props ocean90. fixes #15721
git-svn-id: http://svn.automattic.com/wordpress/trunk@16780 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-12-07 23:05:27 +00:00
scribu 2c96912612 remove redundant require()s in wp-admin/update.php. See #15679
git-svn-id: http://svn.automattic.com/wordpress/trunk@16735 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-12-05 21:12:40 +00:00
scribu c45f3936a7 More s/upgrade/update. Props michaelh. See #15656
git-svn-id: http://svn.automattic.com/wordpress/trunk@16701 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-12-03 09:16:28 +00:00
westi ee291ef5a5 Remove WP_SHOW_ADMIN_BAR and go off existing and new defines on page type. See #15315
git-svn-id: http://svn.automattic.com/wordpress/trunk@16221 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-06 09:41:03 +00:00
scribu 80ce121521 Don't call activation hooks when upgrading. Props joelhardi for initial patch. See #14915
git-svn-id: http://svn.automattic.com/wordpress/trunk@16012 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-10-27 13:40:14 +00:00
dd32 4f3b9f7b7f Use Absolute URL's & API's in header redirects in more locations. See #14062
git-svn-id: http://svn.automattic.com/wordpress/trunk@16008 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-10-27 10:43:43 +00:00
ryan 6b6c2583a4 Add plugin update notifications, plugin install, plugin update to the network admin screen. Props PeteMall. see #15129
git-svn-id: http://svn.automattic.com/wordpress/trunk@15867 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-10-20 14:16:03 +00:00
ryan 580bf5eead Allow turning off the admin bar via WP_SHOW_ADMIN_BAR constant, no_admin_bar() function, or show_admin_bar filter. see #14772
git-svn-id: http://svn.automattic.com/wordpress/trunk@15834 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-10-18 17:58:36 +00:00
dd32 de6abc0ee1 Add Importer support to Plugin Install workflow, Offers to Activate Plugin & Run installer, and returning to Imports upon successful Importer Plugin Installation. See #13566
git-svn-id: http://svn.automattic.com/wordpress/trunk@14985 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-05-27 11:04:08 +00:00
nacin ec38ce48e9 Support network-wide plugin re-activation in upgrades and edits. props PeteMall, fixes #13216
git-svn-id: http://svn.automattic.com/wordpress/trunk@14348 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-05-02 22:57:44 +00:00
nacin f9df8a36ae s/blog/site/ in more places. props PeteMall, see #11644.
git-svn-id: http://svn.automattic.com/wordpress/trunk@14313 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-04-30 01:54:32 +00:00
nacin 6ec7cb4540 Use relative paths when including files, avoiding include_path. fixes #12594, props sorich87.
git-svn-id: http://svn.automattic.com/wordpress/trunk@14139 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-04-18 06:14:45 +00:00
dd32 ad72910597 Fix a typo in the Theme Bulk upgrader. Fixes upgrading for those using FTP.
git-svn-id: http://svn.automattic.com/wordpress/trunk@14017 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-04-06 11:28:55 +00:00
dd32 96db88e1b8 Highlight correct submenu for Theme Installs. Fix PHP Notice for unset object properties (requires among others may not be set).
git-svn-id: http://svn.automattic.com/wordpress/trunk@13763 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-03-19 08:03:52 +00:00
ryan e25a65b36a Trim trailing whitespace
git-svn-id: http://svn.automattic.com/wordpress/trunk@13733 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-03-17 16:27:25 +00:00
dd32 f07052a516 Bulk Theme Upgrades. See #12528 See #11232 for Bulk UI
git-svn-id: http://svn.automattic.com/wordpress/trunk@13686 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-03-13 03:59:40 +00:00
dd32 f3af366e3d First scrape at new UI for Bulk plugin upgrades. See #11232
git-svn-id: http://svn.automattic.com/wordpress/trunk@13602 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-03-06 08:39:50 +00:00
dd32 b90b27a6d6 Display PHP Start-up Errors/Warnings. Props Denis-de-Bernardy. Fixes #12395.
git-svn-id: http://svn.automattic.com/wordpress/trunk@13499 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-02-28 12:19:09 +00:00
ryan 94859834fc i18n fixes. Props nbachiyski. fixes #11954
git-svn-id: http://svn.automattic.com/wordpress/trunk@12789 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-01-21 21:37:43 +00:00
ryan 8760e7da1b Coding standards, space after if
git-svn-id: http://svn.automattic.com/wordpress/trunk@12752 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-01-18 20:34:48 +00:00
azaozz 2d8cf34e49 Do not stop plugin activation due to E_DEPRECATED errors in php 5.3, props Denis-de-Bernardy, fixes #11250
git-svn-id: http://svn.automattic.com/wordpress/trunk@12383 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-12-12 09:20:07 +00:00
ryan a61bc0ec8a Trailing whitespace cleanup
git-svn-id: http://svn.automattic.com/wordpress/trunk@11013 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-04-20 18:18:39 +00:00
ryan 79c63cfe7d Install/upgrade cleanups. Props DD32, sivel. see #7875
git-svn-id: http://svn.automattic.com/wordpress/trunk@11012 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-04-20 18:15:08 +00:00