Commit Graph

198 Commits

Author SHA1 Message Date
Pascal Birchler f7259c14e2 Adjust post meta checks
Merges [40692] to the 4.0 branch.

Built from https://develop.svn.wordpress.org/branches/4.0@40700


git-svn-id: http://core.svn.wordpress.org/branches/4.0@40563 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-16 08:53:37 +00:00
Pascal Birchler f35de85c64 Whitelist post arguments in XML-RPC
Merges [40677] to the 4.0 branch.

Built from https://develop.svn.wordpress.org/branches/4.0@40685


git-svn-id: http://core.svn.wordpress.org/branches/4.0@40548 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-16 08:27:19 +00:00
Dominik Schilling b81cdd60a3 XMLRPC: Don't allow private posts to be sticky.
Merge of [33325], [33612], and [34135] to the 4.0 branch.

See #20662.
Built from https://develop.svn.wordpress.org/branches/4.0@34154


git-svn-id: http://core.svn.wordpress.org/branches/4.0@34122 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-14 23:01:37 +00:00
Sergey Biryukov 871d808588 XML-RPC: Avoid a PHP notice in pingback_ping() method.
props jesin, simonp303.
fixes #29177.
Built from https://develop.svn.wordpress.org/trunk@29464


git-svn-id: http://core.svn.wordpress.org/trunk@29242 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-08-11 15:19:18 +00:00
Peter Westwood 1f147d24b1 XMLRPC: Switch the file deletion alias to be deleteFile to more closely make uploadFile.
Fixes #5310 props SergeyBiryukov.

Built from https://develop.svn.wordpress.org/trunk@29255


git-svn-id: http://core.svn.wordpress.org/trunk@29038 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-07-20 14:02:15 +00:00
Drew Jaynes 3665b5a1a1 Add periods to short descriptions for magic methods added in [28501], [28521], and [28524].
See #22234 and #28885.

Built from https://develop.svn.wordpress.org/trunk@29165


git-svn-id: http://core.svn.wordpress.org/trunk@28949 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-07-14 01:12:14 +00:00
Drew Jaynes 5f87736bc4 Fill out inline documentation for the `__call()` magic method added to the `wp_xmlrpc_server` class in [28515].
See #22234 and #28885.

Built from https://develop.svn.wordpress.org/trunk@29161


git-svn-id: http://core.svn.wordpress.org/trunk@28945 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-07-14 00:46:15 +00:00
Peter Westwood 105d9ce9cc XMLRPC: Restore support in wp.newPost for dates to be supplied in the structured dateTime.iso8601 format as well as still supporting dates specified as strings.
Fixes #28601.

Built from https://develop.svn.wordpress.org/trunk@29063


git-svn-id: http://core.svn.wordpress.org/trunk@28849 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-07-10 14:17:15 +00:00
Sergey Biryukov 81b8b6cfbc XML-RPC: Make sure wp.newPost does not produce a fatal error when a post_date field is included in the data.
props dllh.
fixes #28601.
Built from https://develop.svn.wordpress.org/trunk@28854


git-svn-id: http://core.svn.wordpress.org/trunk@28657 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-06-26 17:43:14 +00:00
Sergey Biryukov d7f9b38c3e XML-RPC: Add wp.deleteMediaItem as an alias to wp_deletePost.
props fahmiadib.
fixes #5310.
Built from https://develop.svn.wordpress.org/trunk@28849


git-svn-id: http://core.svn.wordpress.org/trunk@28653 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-06-26 15:21:15 +00:00
Scott Taylor 05eeb16e30 Replace all uses of `like_escape()` with `$wpdb->esc_like()`.
Props miqrogroove.
See #10041.

Built from https://develop.svn.wordpress.org/trunk@28712


git-svn-id: http://core.svn.wordpress.org/trunk@28528 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-06-10 00:44:15 +00:00
Scott Taylor cd96841632 `wp_xmlrpc_server::wp_getPage()` should `return new IXR_Error(` instead of `return(new IXR_Error(`. One of the few places that is unparseable by static analysis.
See #27882.

Built from https://develop.svn.wordpress.org/trunk@28636


git-svn-id: http://core.svn.wordpress.org/trunk@28454 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-30 19:22:13 +00:00
Scott Taylor b8d469600b These functions import `$wpdb` but do not use it.
See #27882.

Built from https://develop.svn.wordpress.org/trunk@28539


git-svn-id: http://core.svn.wordpress.org/trunk@28365 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-22 17:37:14 +00:00
Scott Taylor 25a70283e1 Add missing access modifiers to methods in `wp_xmlrpc_server`. Add a magic `__call()` method for BC.
See #27881, #22234.

Built from https://develop.svn.wordpress.org/trunk@28515


git-svn-id: http://core.svn.wordpress.org/trunk@28341 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-19 06:09:13 +00:00
Scott Taylor a25e03f833 In `wp_xmlrpc_server::mw_editPost`, also set `$post_type = $postdata['post_type']`.
See #22400, [28448].


Built from https://develop.svn.wordpress.org/trunk@28453


git-svn-id: http://core.svn.wordpress.org/trunk@28280 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-16 18:06:15 +00:00
Scott Taylor 463b7c4620 Eliminate use of `extract()` in `wp_xmlrpc_server::mw_editPost()` (MetaWeblog API, y'all).
A lot of the extracted variables are overwritten by being explicitly set later. 
Only set variables that would otherwise not be present with `compact()` is called.

See #22400.

Built from https://develop.svn.wordpress.org/trunk@28448


git-svn-id: http://core.svn.wordpress.org/trunk@28275 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-16 15:19:14 +00:00
Scott Taylor 4b94efd93b Eliminate use of `extract()` in `wp_xmlrpc_server::blogger_editPost()`.
See #22400.

Built from https://develop.svn.wordpress.org/trunk@28412


git-svn-id: http://core.svn.wordpress.org/trunk@28239 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-15 03:25:15 +00:00
Drew Jaynes 5e51ea9940 Priority fixes for various existing hook documentation.
Props kpdesign.
See #26869

Built from https://develop.svn.wordpress.org/trunk@28083


git-svn-id: http://core.svn.wordpress.org/trunk@27914 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-04-12 00:01:15 +00:00
Andrew Nacin 58ca03f8ea XML-RPC: Fix bracing of conditionals around doc blocks.
props redsweater, DrewAPicture.
fixes #27506.

Built from https://develop.svn.wordpress.org/trunk@28065


git-svn-id: http://core.svn.wordpress.org/trunk@27897 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-04-10 21:04:14 +00:00
Andrew Nacin a177d8bf18 Don't pass variables by reference.
props markjaquith.
fixes #27656.

Built from https://develop.svn.wordpress.org/trunk@27957


git-svn-id: http://core.svn.wordpress.org/trunk@27787 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-04-05 18:17:14 +00:00
Andrew Nacin d8622b39d6 Forward pingback IP during pingback verification.
props tellyworth, nacin.
fixes #27613.

Built from https://develop.svn.wordpress.org/trunk@27872


git-svn-id: http://core.svn.wordpress.org/trunk@27703 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-03-31 20:43:18 +00:00
Drew Jaynes c2ebd66843 Inline documentation for hooks in wp-includes/class-wp-xmlrpc-server.php.
Props kpdesign and DrewAPicture.
Fixes #27506.

Built from https://develop.svn.wordpress.org/trunk@27730


git-svn-id: http://core.svn.wordpress.org/trunk@27567 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-03-26 05:44:16 +00:00
Drew Jaynes 8efd225e4d Inline documentation for hooks in wp-admin/includes/file.php.
Fixes #27429.

Built from https://develop.svn.wordpress.org/trunk@27672


git-svn-id: http://core.svn.wordpress.org/trunk@27515 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-03-24 02:45:15 +00:00
Andrew Nacin 5d77f8a18a XML-RPC: In wp.editPost, Remove all terms in a taxonomy when an empty array is explicitly passed.
props jstraitiff, maxcutler.
fixes #26686.

Built from https://develop.svn.wordpress.org/trunk@27554


git-svn-id: http://core.svn.wordpress.org/trunk@27397 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-03-15 05:09:14 +00:00
Andrew Nacin a9e69869c9 XML-RPC: Include 'sticky' in the struct returned from metaWeblog.getRecentPosts.
Using wp.getPosts is preferred and non-WP XML-RPC APIs are no longer actively maintained. This is simply for parity with existing MW methods.

props soulseekah.
fixes #26679.

Built from https://develop.svn.wordpress.org/trunk@27553


git-svn-id: http://core.svn.wordpress.org/trunk@27396 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-03-15 05:05:15 +00:00
Andrew Nacin eb19a09f5b Avoid saving slashed data in XML-RPC's wp.setOptions.
props danielbachhuber.
fixes #22936.

Built from https://develop.svn.wordpress.org/trunk@27551


git-svn-id: http://core.svn.wordpress.org/trunk@27394 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-03-15 04:47:13 +00:00
Drew Jaynes cb8951b0b3 Remove all `@package` and `@subpackage` PHPDoc tags not at the file- or class-levels in core.
See #27200.

Built from https://develop.svn.wordpress.org/trunk@27262


git-svn-id: http://core.svn.wordpress.org/trunk@27119 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-02-25 17:14:14 +00:00
Drew Jaynes cd8cedc40d First there were two, and now there are three -- in the @since versions that came before and that shall be. And so it will be, says nacin.
Props JustinSainton, SergeyBiryukov, DrewAPicture.
Fixes #26713.

Built from https://develop.svn.wordpress.org/trunk@26868


git-svn-id: http://core.svn.wordpress.org/trunk@26754 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-12-24 18:57:12 +00:00
Sergey Biryukov 74f77b85a6 Use get_current_site() instead of the $current_site global when possible.
props jeremyfelt.
fixes #25158.
Built from https://develop.svn.wordpress.org/trunk@26120


git-svn-id: http://core.svn.wordpress.org/trunk@26032 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-11-13 03:23:10 +00:00
Dominik Schilling 8688857816 Introduce show_in_menu for register_taxonomy.
Accepts boolean: true to show, false to hide. If not set, the default is inherited from show_ui.

fixes #20930.
Built from https://develop.svn.wordpress.org/trunk@25133


git-svn-id: http://core.svn.wordpress.org/trunk@25113 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-08-26 22:35:10 +00:00
Andrew Nacin 21a1fe8d4b Use wp_safe_remote_request() and friends instead of reject_unsafe_urls = true.
fixes #24646.



git-svn-id: http://core.svn.wordpress.org/trunk@24917 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-07-31 06:52:13 +00:00
Andrew Nacin 7f12e16e47 Limit pingback response size. fixes #4137. for trunk.
git-svn-id: http://core.svn.wordpress.org/trunk@24871 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-07-29 18:00:06 +00:00
Andrew Nacin 929def2359 XML-RPC: Recursively escape arrays as before, to avoid stomping nested objects. fixes #21767.
git-svn-id: http://core.svn.wordpress.org/trunk@24731 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-07-18 14:31:25 +00:00
Andrew Nacin 44f89293f3 Update XML-RPC comment. props DrewAPicture, fixes #24751.
git-svn-id: http://core.svn.wordpress.org/trunk@24721 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-07-17 20:19:06 +00:00
Andrew Nacin 69dbdc4951 Use wp_slash() instead of the DB layer in XML-RPC. see #21767.
git-svn-id: http://core.svn.wordpress.org/trunk@24716 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-07-16 14:38:54 +00:00
Andrew Nacin 50d0428d42 Avoid notice in XML-RPC when attaching uploads, when attachments do not have a guid in the DB. props ericmann, markoheijnen. fixes #18310.
git-svn-id: http://core.svn.wordpress.org/trunk@24639 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-07-10 06:11:12 +00:00
Andrew Nacin 49bb647dda XML-RPC: Save enclosures with a trailing new line. fixes #23219.
git-svn-id: http://core.svn.wordpress.org/trunk@24623 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-07-10 03:34:35 +00:00
Andrew Nacin b578f36b54 XML-RPC: For wp.getOptions, set readonly to true for writable options that the user does not have permission to edit.
props westi.
fixes #20201.



git-svn-id: http://core.svn.wordpress.org/trunk@24597 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-07-09 02:22:57 +00:00
Andrew Nacin c2db94d10c Use meta caps edit_post, read_post, and delete_post directly, rather than consulting the post type object. map_meta_cap() handles that for us. props markjaquith, kovshenin. fixes #23226.
git-svn-id: http://core.svn.wordpress.org/trunk@24593 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-07-08 20:05:42 +00:00
Andrew Nacin f3e96f0c60 Add strict check in wp_xmlrpc_server::set_custom_fields(). The slash strip ensures these values are the same data type, but it might not be that way forever. props xknown.
git-svn-id: http://core.svn.wordpress.org/trunk@24521 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-06-27 02:46:23 +00:00
Andrew Nacin 96ee267343 Better validation of the URL used in core HTTP requests.
git-svn-id: http://core.svn.wordpress.org/trunk@24480 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-06-21 06:07:47 +00:00
Peter Westwood 34001cb325 XMLRPC: Expose the admin and login urls as read-only options over xml-rpc to make it easier to write rich clients. Fixes #23446 props daniloercoli.
git-svn-id: http://core.svn.wordpress.org/trunk@24382 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-05-29 11:01:32 +00:00
Sergey Biryukov 5679830030 Fix typos in comments. fixes #24337.
git-svn-id: http://core.svn.wordpress.org/trunk@24255 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-05-14 18:22:54 +00:00
Sergey Biryukov 57c10eadbb Use ellipsis instead of three dots. props tjsingleton, jordie23, wojtek.szkutnik, DrewAPicture, SergeyBiryukov. see #8714.
git-svn-id: http://core.svn.wordpress.org/trunk@24207 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-05-08 21:27:31 +00:00
Sergey Biryukov c955859738 Remove \s from regex in pingback_ping() to avoid UTF-8 issues. props tenpura. fixes #24001.
git-svn-id: http://core.svn.wordpress.org/trunk@23952 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-04-10 16:29:00 +00:00
Mark Jaquith acfeb6f20f Take revision control out of the realm of a pure constant. Make it filterable.
* New filter: wp_revisions_to_keep

props ethitter, SergeyBiryukov. fixes #22289.

git-svn-id: http://core.svn.wordpress.org/trunk@23818 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-27 18:11:56 +00:00
Andrew Nacin 799ac18951 XML-RPC: Return an error for getRecentPosts (mw and blogger) if the user does not have edit_posts.
props redsweater.
fixes #22320.



git-svn-id: http://core.svn.wordpress.org/trunk@23636 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-07 06:52:37 +00:00
Ryan Boren 15a06a35ab Use wp_unslash() instead of stripslashes() and stripslashes_deep(). Use wp_slash() instead of add_magic_quotes().
see #WP21767


git-svn-id: http://core.svn.wordpress.org/trunk@23591 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-03 16:30:38 +00:00
Ryan Boren 43a7e695e9 Revert 23416, 23419, 23445 except for wp_reset_vars() changes. We are going a different direction with the slashing cleanup, so resetting to a clean slate. see #21767
git-svn-id: http://core.svn.wordpress.org/trunk@23554 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-01 16:28:40 +00:00
Andrew Nacin 5cd77fdb99 Revert [23359]. The post_author and comment_count post object fields will remain numeric strings for back compat. see #22324.
git-svn-id: http://core.svn.wordpress.org/trunk@23531 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-02-28 19:40:26 +00:00