Commit Graph

144 Commits

Author SHA1 Message Date
John Blackbourn ed0c328547 Hardening: Ensure the attributes of enclosures are correctly escaped in RSS and Atom feeds.
Merges [42260] to the 4.6 branch.

Built from https://develop.svn.wordpress.org/branches/4.6@42278


git-svn-id: http://core.svn.wordpress.org/branches/4.6@42107 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-29 16:23:06 +00:00
Drew Jaynes 4418b71645 Docs: Add an initial `@since` version to wp-includes/feed.php.
The file was introduced in 2.1.0 when it was moved from wp-includes/feed-functions.php in [3862].

See #32246. See #36295.

Built from https://develop.svn.wordpress.org/trunk@38056


git-svn-id: http://core.svn.wordpress.org/trunk@37997 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-13 17:04:28 +00:00
Drew Jaynes d28f1a08ef Docs: Apply inline `@see` tags to hooks referenced in DocBlocks in a variety of wp-includes/* files.
Applying these specially-crafted `@see` tags allows the Code Reference parser to recognize and link these elements as actions and filters.

See #36921.

Built from https://develop.svn.wordpress.org/trunk@37543


git-svn-id: http://core.svn.wordpress.org/trunk@37511 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-05-23 19:01:27 +00:00
Drew Jaynes 46573c099d Docs: Standardize filter docs in wp-includes/feed.php to use third-person singular verbs per the inline documentation standards for PHP.
See #36913.

Built from https://develop.svn.wordpress.org/trunk@37516


git-svn-id: http://core.svn.wordpress.org/trunk@37484 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-05-22 18:47:27 +00:00
John Blackbourn a58ec423da Feeds: Revert [36230] which removed the `rss-http` feed content type. Removing this means that any feeds which are using this feed content type are now being served as `application/octet-stream` instead of `text/xml`.
See #36620

Built from https://develop.svn.wordpress.org/trunk@37282


git-svn-id: http://core.svn.wordpress.org/trunk@37248 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-04-21 18:57:28 +00:00
John Blackbourn a5d44337b2 Docs: `@param` fixes for a variety of docblocks.
See #32246

Built from https://develop.svn.wordpress.org/trunk@36232


git-svn-id: http://core.svn.wordpress.org/trunk@36199 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-01-09 01:45:26 +00:00
John Blackbourn 7931478595 Feeds: Remove the `rss-http` feed type, unused since r32468.
See #15110

Built from https://develop.svn.wordpress.org/trunk@36230


git-svn-id: http://core.svn.wordpress.org/trunk@36197 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-01-09 01:20:26 +00:00
Dominik Schilling ede3e66da7 Use correct placeholders for translator comments added in [35303].
See #31078.
Built from https://develop.svn.wordpress.org/trunk@35388


git-svn-id: http://core.svn.wordpress.org/trunk@35352 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-24 18:50:24 +00:00
Drew Jaynes 8549e76d56 Docs: Add translator comments for two `_deprecated_argument()` calls added to `get_wp_title_rss()` and `wp_title_rss()` in [35294].
See #31078. See #32246.

Built from https://develop.svn.wordpress.org/trunk@35303


git-svn-id: http://core.svn.wordpress.org/trunk@35269 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-20 19:20:25 +00:00
Drew Jaynes 0a1026ac10 Docs: Improve vague changelog entries for functions and hooks where arguments were deprecated in [35294].
See #31078. See #32246.

Built from https://develop.svn.wordpress.org/trunk@35297


git-svn-id: http://core.svn.wordpress.org/trunk@35263 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-20 18:10:43 +00:00
Konstantin Obenland c69e96422b Themes: Improve document title output.
Introduces more flexibility in filtering all parts of the document title,the
separator, and a way to short-circuit title generation. Plugins can now also
check for theme support and reliably filter the entire output. See #18548.
Deprecates `wp_title()`.

Fixes #31078.


Built from https://develop.svn.wordpress.org/trunk@35294


git-svn-id: http://core.svn.wordpress.org/trunk@35260 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-20 16:21:25 +00:00
Drew Jaynes faa54e4dc2 Docs: Make a minor adjustment to the description syntax for the optional `$comment` argument in the DocBlock for `comment_link()`, introduced in [34071].
See #33638. See #32246.

Built from https://develop.svn.wordpress.org/trunk@34230


git-svn-id: http://core.svn.wordpress.org/trunk@34194 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-16 11:02:24 +00:00
Scott Taylor 1cbda0e1eb Comments: `comment_link()` currently takes no arguments, yet `get_comment_link()` does. Allow `comment_link()` to optionally take the same arguments.
See #33638.

Built from https://develop.svn.wordpress.org/trunk@34071


git-svn-id: http://core.svn.wordpress.org/trunk@34039 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-12 03:16:23 +00:00
Scott Taylor fd21c92b22 Correct the param docs for `comment_guid()` and `get_comment_guid()`.
Props dimadin.
Fixes #32619.

Built from https://develop.svn.wordpress.org/trunk@33913


git-svn-id: http://core.svn.wordpress.org/trunk@33882 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-05 20:00:25 +00:00
Scott Taylor e73ee5ac98 Introduce `WP_Comment` class to model/strongly-type rows from the comments database table. Inclusion of this class is a pre-req for some more general comment cleanup and sanity.
* Takes inspiration from `WP_Post` and adds sanity to comment caching. 
* Clarifies when the current global value for `$comment` is returned. The current implementation in `get_comment()` introduces side effects and an occasion stale global value for `$comment` when comment caches are cleaned.
* Strongly-types `@param` docs
* This class is marked `final` for now

Props wonderboymusic, nacin.

See #32619.

Built from https://develop.svn.wordpress.org/trunk@33891


git-svn-id: http://core.svn.wordpress.org/trunk@33860 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-03 18:17:24 +00:00
Helen Hou-Sandí 731c255aee Site icon: Rearrange function parameters to avoid frequently passing empty values.
props obenland.
fixes #33325.

Built from https://develop.svn.wordpress.org/trunk@33605


git-svn-id: http://core.svn.wordpress.org/trunk@33572 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-08-10 20:15:26 +00:00
Konstantin Obenland 3271513442 Feeds: Revert [32765] because of objections raised in #4575.
Built from https://develop.svn.wordpress.org/trunk@33281


git-svn-id: http://core.svn.wordpress.org/trunk@33253 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-15 19:58:24 +00:00
Drew Jaynes 21632885c7 Fix summaries for new feed functions added in 4.3.
* `get_last_build_date_feed()` [32765]
* `atom_site_icon()` [32994]
* `rss2_site_icon()` [32994]

See #32891.

Built from https://develop.svn.wordpress.org/trunk@33224


git-svn-id: http://core.svn.wordpress.org/trunk@33196 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-13 21:27:24 +00:00
Konstantin Obenland c56a8ae0f7 Introducing Site Icon, favicon management for WordPress.
This v1 marries Jetpack's Site Icon module with the Media Modal, reusing code
from the Custom Header admin. For now, the core-provided icons will be limited
to a favicon, an iOS app icon, and a Windows tile icon, leaving `.ico` support
and additional icons to plugins to add.

Props obenland, tyxla, flixos90, jancbeck, markjaquith, scruffian.
See #16434.


Built from https://develop.svn.wordpress.org/trunk@32994


git-svn-id: http://core.svn.wordpress.org/trunk@32965 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-06-29 12:58:25 +00:00
Scott Taylor b9e8ee95b5 `prep_atom_text_construct()` and `before_last_bar()` should strictly check against `false` when using `str(r)?pos()`.
Sidenote: there's a function named `before_last_bar`.

See #32444.

Built from https://develop.svn.wordpress.org/trunk@32940


git-svn-id: http://core.svn.wordpress.org/trunk@32911 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-06-25 16:49:25 +00:00
Scott Taylor 09c4444150 Make sure that all Gravatars are generated by `get_avatar()` or at least run through `apply_filters( 'get_avatar', $avatar )` for the sake of extensibility.
Props miqrogroove, GlennM, SergeyBiryukov.
Fixes #22650.

Built from https://develop.svn.wordpress.org/trunk@32845


git-svn-id: http://core.svn.wordpress.org/trunk@32816 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-06-18 18:36:25 +00:00
Scott Taylor 5c6b63d3a6 `if` is a statment, not a function.
See #32444.

Built from https://develop.svn.wordpress.org/trunk@32800


git-svn-id: http://core.svn.wordpress.org/trunk@32771 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-06-16 20:01:25 +00:00
Aaron Jorbin cbb6f91a29 Improve lastBuildDate timestamp in rss feeds
RSS feed timestamps should reflect the actual timestamps for those RSS feeds rather than the generic timestamp for all posts and all comments. 

Props stevenkword.
Fixes #4575.



Built from https://develop.svn.wordpress.org/trunk@32765


git-svn-id: http://core.svn.wordpress.org/trunk@32736 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-06-14 18:37:24 +00:00
Scott Taylor a6428fe295 In `fetch_feed()`, call `->set_output_encoding()` on the `SimplePie` instance to ensure the feed is served with encoding specified by the `blog_charset` option.
Props chriscct7.
Fixes #10713.

Built from https://develop.svn.wordpress.org/trunk@32469


git-svn-id: http://core.svn.wordpress.org/trunk@32439 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-09 06:49:24 +00:00
Andrew Nacin 7f1b31f80f Clean up wp_staticize_emoji() and friends.
* DOMDocument was removed in [31752] but not the check.
 * wp_staticize_emoji() has never accepted a second arg; remove it from calls.
 * Remove wp_staticize_emoji_for_feeds(), no need for it.
 * Remove _ and @ignore from wp_staticize_emoji_for_email(), no need for it.

see #31242.

Built from https://develop.svn.wordpress.org/trunk@32161


git-svn-id: http://core.svn.wordpress.org/trunk@32136 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-20 04:15:26 +00:00
Gary Pendergast a97462e755 Emoji: Rename the email and feed filter functions to be `_` prefixed, and `@ignore`-d in the PHPDocs.
See #31242


Built from https://develop.svn.wordpress.org/trunk@31791


git-svn-id: http://core.svn.wordpress.org/trunk@31773 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-03-16 10:46:26 +00:00
Gary Pendergast 46e2a65cf1 Add emoji support, with Twemoji fallback.
Replace exisiting smilies with equivalent emoji, or with shiny new smiley images where no emoji existed.

Props batmoo, joen and mkaz for the original plugin upon which this is based.

Props pento, iseulde, kraftbj and peterwilsoncc for making the internet's dreams come true.

See #31242


Built from https://develop.svn.wordpress.org/trunk@31733


git-svn-id: http://core.svn.wordpress.org/trunk@31714 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-03-11 22:49:28 +00:00
Scott Taylor e619abda6e Improve various `@param` docs for `src/wp-includes/*`.
See #30224.

Built from https://develop.svn.wordpress.org/trunk@30681


git-svn-id: http://core.svn.wordpress.org/trunk@30671 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-12-01 01:34:24 +00:00
Drew Jaynes f8657d5890 Remove redundant and erroneous `@uses` tag from most core inline documentation.
Per our inline documentation standards, no further use of the `@uses` tag is recommended as used and used-by relationships can be derived through other means. This removes most uses of the tag in core documentation, with remaining tags to be converted to `@global` or `@see` as they apply.

Fixes #30191.

Built from https://develop.svn.wordpress.org/trunk@30105


git-svn-id: http://core.svn.wordpress.org/trunk@30105 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-10-30 01:05:24 +00:00
Sergey Biryukov c6b70a9320 Correct references to post-template.php in the inline docs.
props softmodeling.
fixes #29188.
Built from https://develop.svn.wordpress.org/trunk@29469


git-svn-id: http://core.svn.wordpress.org/trunk@29247 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-08-12 01:09:17 +00:00
Sergey Biryukov 706f85d814 Force a separator in get_wp_title_rss() if it was inadvertently filtered out by the theme.
fixes #22362.
Built from https://develop.svn.wordpress.org/trunk@28921


git-svn-id: http://core.svn.wordpress.org/trunk@28720 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-06-30 10:11:15 +00:00
Drew Jaynes 2c00d8f9e3 Where a filter no longer exists, it need not be notated.
Fixes #24444. See r28258.

Built from https://develop.svn.wordpress.org/trunk@28283


git-svn-id: http://core.svn.wordpress.org/trunk@28111 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-06 05:38:15 +00:00
Scott Taylor 511145b418 When `$type` is `atom` in `get_the_category_rss()`, use `get_bloginfo_rss( 'url' )` when setting the `scheme` attribute for the `<category>` node.
Props ejdanderson.
Fixes #24444.


Built from https://develop.svn.wordpress.org/trunk@28258


git-svn-id: http://core.svn.wordpress.org/trunk@28086 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-05 19:05:14 +00:00
Drew Jaynes cb8951b0b3 Remove all `@package` and `@subpackage` PHPDoc tags not at the file- or class-levels in core.
See #27200.

Built from https://develop.svn.wordpress.org/trunk@27262


git-svn-id: http://core.svn.wordpress.org/trunk@27119 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-02-25 17:14:14 +00:00
Sergey Biryukov 4e3b70d354 Correct @since values. see #26253.
Built from https://develop.svn.wordpress.org/trunk@26903


git-svn-id: http://core.svn.wordpress.org/trunk@26786 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-01-04 18:09:12 +00:00
Drew Jaynes d7f19a8044 Inline documentation for hooks in wp-includes/feed.php.
Props stevenkword, kpdesign, DrewAPicture.
Fixes #26253.

Built from https://develop.svn.wordpress.org/trunk@26902


git-svn-id: http://core.svn.wordpress.org/trunk@26785 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-01-04 06:22:11 +00:00
Drew Jaynes cd8cedc40d First there were two, and now there are three -- in the @since versions that came before and that shall be. And so it will be, says nacin.
Props JustinSainton, SergeyBiryukov, DrewAPicture.
Fixes #26713.

Built from https://develop.svn.wordpress.org/trunk@26868


git-svn-id: http://core.svn.wordpress.org/trunk@26754 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-12-24 18:57:12 +00:00
Dion Hulse 7f1047ece1 Remove the experimental RSS.JS feed, and move it to a plugin for feature development. Unprops pento. See #25639
Built from https://develop.svn.wordpress.org/trunk@26644


git-svn-id: http://core.svn.wordpress.org/trunk@26534 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-12-04 22:24:10 +00:00
Andrew Nacin c8bbc31c39 Add an experimental rssjs feed based on the experimental rss.js spec.
This is simply a JSON representation of the RSS 2.0 feed, accessible at /feed/rssjs/ anywhere.

props pento.
see #25639.

Built from https://develop.svn.wordpress.org/trunk@26294


git-svn-id: http://core.svn.wordpress.org/trunk@26199 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-11-20 22:58:09 +00:00
Andrew Nacin fd57b239d2 Don't rely on include_path to include files.
Always use dirname() or, once available, ABSPATH.

props ketwaroo, hakre.
fixes #17092.

Built from https://develop.svn.wordpress.org/trunk@25616


git-svn-id: http://core.svn.wordpress.org/trunk@25533 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-09-25 00:18:11 +00:00
Andrew Nacin 14613e5595 Pass the $sep function argument to the wp_title_rss and get_wp_title_rss filters. props scribu, fixes #16983.
git-svn-id: http://core.svn.wordpress.org/trunk@24997 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-08-06 18:41:10 +00:00
Sergey Biryukov 74638ccb5a Fix typos in phpdoc. props TheLastCicada. fixes #24302.
git-svn-id: http://core.svn.wordpress.org/trunk@24229 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-05-10 01:39:30 +00:00
Andrew Nacin 4c4147a322 Document that fetch_feed() can accept multiple URLs, thus leveraging SimplePie's multifeed feature. props JustinSainton, fixes #22140.
git-svn-id: http://core.svn.wordpress.org/trunk@24054 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-04-22 20:24:41 +00:00
Andrew Nacin f994ff39ac Add filters to comments_link_feed(), comment_link(), and get_comments_link(). esc_url() the echoed output of comments_link().
props MarcusPope.
fixes #19210.



git-svn-id: http://core.svn.wordpress.org/trunk@23624 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-06 19:57:31 +00:00
Ryan Boren 15a06a35ab Use wp_unslash() instead of stripslashes() and stripslashes_deep(). Use wp_slash() instead of add_magic_quotes().
see #WP21767


git-svn-id: http://core.svn.wordpress.org/trunk@23591 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-03 16:30:38 +00:00
Ryan Boren 43a7e695e9 Revert 23416, 23419, 23445 except for wp_reset_vars() changes. We are going a different direction with the slashing cleanup, so resetting to a clean slate. see #21767
git-svn-id: http://core.svn.wordpress.org/trunk@23554 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-01 16:28:40 +00:00
Andrew Nacin ad2e5da6a0 Add self_link filter to self_link(). props josephscott. fixes #10434.
git-svn-id: http://core.svn.wordpress.org/trunk@23521 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-02-28 18:27:13 +00:00
Ryan Boren cc5ed3a485 Change all core API to expect unslashed rather than slashed arguments.
The exceptions to this are update_post_meta() and add_post_meta() which are often used by plugins in POST handlers and will continue accepting slashed data for now.

Introduce wp_upate_post_meta() and wp_add_post_meta() as unslashed alternatives to update_post_meta() and add_post_meta(). These functions could become methods in WP_Post so don't use them too heavily yet.

Remove all escape() calls from wp_xmlrpc_server. Now that core expects unslashed data this is no longer needed.

Remove addslashes(), addslashes_gpc(), add_magic_quotes() calls on data being prepared for handoff to core functions that until now expected slashed data. Adding slashes in no longer necessary.

Introduce wp_unslash() and use to it remove slashes from GPCS data before using it in core API. Almost every instance of stripslashes() in core should now be wp_unslash(). In the future (a release or three) when GPCS is no longer slashed, wp_unslash() will stop stripping slashes and simply return what is passed. At this point wp_unslash() calls can be removed from core.

Introduce wp_slash() for slashing GPCS data. This will also turn into a noop once GPCS is no longer slashed. wp_slash() should almost never be used. It is mainly of use in unit tests.

Plugins should use wp_unslash() on data being passed to core API.

Plugins should no longer slash data being passed to core. So when you get_post() and then wp_insert_post() the post data from get_post() no longer needs addslashes(). Most plugins were not bothering with this. They will magically start doing the right thing. Unfortunately, those few souls who did it properly will now have to avoid calling addslashes() for 3.6 and newer.

Use wp_kses_post() and wp_kses_data(), which expect unslashed data, instead of wp_filter_post_kses() and wp_filter_kses(), which expect slashed data. Filters are no longer passed slashed data.

Remove many no longer necessary calls to $wpdb->escape() and esc_sql().

In wp_get_referer() and wp_get_original_referer(), return unslashed data.

Remove old stripslashes() calls from WP_Widget::update() handlers. These haven't been necessary since WP_Widget.

Switch several queries over to prepare().

Expect something to break.

Props alexkingorg
see #21767


git-svn-id: http://core.svn.wordpress.org/trunk@23416 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-02-14 22:51:06 +00:00
Andrew Nacin 1607ed1246 Do SimplePie sanitization with wp_kses_post() rather than DOMDocument, which cannot be guaranteed to be available.
Overrides SimplePie_Sanitize with WP_SimplePie_Sanitize_KSES.

props markjaquith, rmccue.
see #21990.



git-svn-id: http://core.svn.wordpress.org/trunk@22811 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-11-22 07:23:43 +00:00
Andrew Nacin dfeced9fd1 Remove SimplePie 1.2/1.3 compatibility code no longer needed with 1.3.1. see #22321. see #21183.
git-svn-id: http://core.svn.wordpress.org/trunk@22599 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-11-15 09:51:02 +00:00