Commit Graph

207 Commits

Author SHA1 Message Date
Ryan Boren 09d2c65970 Always wp_unslash() the return of wp_get_referer().
see #21767


git-svn-id: http://core.svn.wordpress.org/trunk@23570 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-01 17:20:32 +00:00
Ryan Boren 43a7e695e9 Revert 23416, 23419, 23445 except for wp_reset_vars() changes. We are going a different direction with the slashing cleanup, so resetting to a clean slate. see #21767
git-svn-id: http://core.svn.wordpress.org/trunk@23554 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-01 16:28:40 +00:00
Andrew Nacin 83e0ce2ac1 Remove unused variables reset by wp_reset_vars(). Many of these haven't been used since b2. see #21767.
git-svn-id: http://core.svn.wordpress.org/trunk@23445 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-02-16 18:28:41 +00:00
Ryan Boren cc5ed3a485 Change all core API to expect unslashed rather than slashed arguments.
The exceptions to this are update_post_meta() and add_post_meta() which are often used by plugins in POST handlers and will continue accepting slashed data for now.

Introduce wp_upate_post_meta() and wp_add_post_meta() as unslashed alternatives to update_post_meta() and add_post_meta(). These functions could become methods in WP_Post so don't use them too heavily yet.

Remove all escape() calls from wp_xmlrpc_server. Now that core expects unslashed data this is no longer needed.

Remove addslashes(), addslashes_gpc(), add_magic_quotes() calls on data being prepared for handoff to core functions that until now expected slashed data. Adding slashes in no longer necessary.

Introduce wp_unslash() and use to it remove slashes from GPCS data before using it in core API. Almost every instance of stripslashes() in core should now be wp_unslash(). In the future (a release or three) when GPCS is no longer slashed, wp_unslash() will stop stripping slashes and simply return what is passed. At this point wp_unslash() calls can be removed from core.

Introduce wp_slash() for slashing GPCS data. This will also turn into a noop once GPCS is no longer slashed. wp_slash() should almost never be used. It is mainly of use in unit tests.

Plugins should use wp_unslash() on data being passed to core API.

Plugins should no longer slash data being passed to core. So when you get_post() and then wp_insert_post() the post data from get_post() no longer needs addslashes(). Most plugins were not bothering with this. They will magically start doing the right thing. Unfortunately, those few souls who did it properly will now have to avoid calling addslashes() for 3.6 and newer.

Use wp_kses_post() and wp_kses_data(), which expect unslashed data, instead of wp_filter_post_kses() and wp_filter_kses(), which expect slashed data. Filters are no longer passed slashed data.

Remove many no longer necessary calls to $wpdb->escape() and esc_sql().

In wp_get_referer() and wp_get_original_referer(), return unslashed data.

Remove old stripslashes() calls from WP_Widget::update() handlers. These haven't been necessary since WP_Widget.

Switch several queries over to prepare().

Expect something to break.

Props alexkingorg
see #21767


git-svn-id: http://core.svn.wordpress.org/trunk@23416 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-02-14 22:51:06 +00:00
Sergey Biryukov e9eb36face Only show "There is a pending change of your e-mail..." message on the current user's profile page. fixes #23146.
git-svn-id: http://core.svn.wordpress.org/trunk@23364 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-02-01 01:50:19 +00:00
Andrew Nacin fa76d11e93 As wp_dropdown_roles() only prints editable roles, ensure that the
"selected" role passed into it on the user-edit screen is editable.

props johnjamesjacoby. see #22361.



git-svn-id: http://core.svn.wordpress.org/trunk@22687 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-11-19 19:23:54 +00:00
Ryan Boren 75a9ce4b37 Remove unnecessary label. Props waclawjacek. fixes #17978
git-svn-id: http://core.svn.wordpress.org/trunk@21927 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-09-20 13:59:39 +00:00
Ryan Boren 9e9d4ebd50 Allow granting the network admin email user super admin. Props JustinSainton, garyc40. fixes #16629
git-svn-id: http://core.svn.wordpress.org/trunk@21925 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-09-20 13:50:35 +00:00
Ryan Boren cbd6a8becd Allow passing stdClass and WP_User to wp_insert_user() and wp_update_user(). Introduce WP_User::to_array(). Eliminate uses of get_object_vars() when passing to wp_*_user(). fixes #21429
git-svn-id: http://core.svn.wordpress.org/trunk@21496 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-08-10 15:36:54 +00:00
ryan 7b49ad8493 Introduce get_edit_user_link(). Props scribu, georgestephanis, johnbillion. fixes #14787 see #20307
git-svn-id: http://core.svn.wordpress.org/trunk@21364 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-07-30 18:30:03 +00:00
nacin a9ee3b61f5 Remove charset attribute from script elements. props neoxx, fixes #21146.
git-svn-id: http://core.svn.wordpress.org/trunk@21204 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-07-03 13:27:14 +00:00
azaozz 9855eccd45 Do not clear the old values in "Display name publicly as" drop-down on the user profile screen, append new values there when the user changes any of20747 the name fields, fixes #20747
git-svn-id: http://core.svn.wordpress.org/trunk@20964 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-05-30 21:54:33 +00:00
nacin 8c841df86d Revert type="email" (HTML5) as some browsers that do validation on these fields do not work for IDN domains yet. Core does not support these well either, but server-side validation can at least be dealt with by a plugin. see #17863.
git-svn-id: http://svn.automattic.com/wordpress/trunk@20196 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-03-15 18:09:14 +00:00
azaozz f3b63e4537 Set proper HTML5 input types in the admin, props georgestephanis, fixes #17863
git-svn-id: http://svn.automattic.com/wordpress/trunk@20168 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-03-10 01:23:48 +00:00
ryan e3b46b25d3 Lose EOF ?>. Clean up EOF newlines. fixes #12307
git-svn-id: http://svn.automattic.com/wordpress/trunk@19712 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-01-08 17:01:11 +00:00
ryan 616c35e71c One newline is enough.
git-svn-id: http://svn.automattic.com/wordpress/trunk@19684 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-01-05 20:10:39 +00:00
ryan 88b1f65116 s/Admin Bar/Toolbar/. Props ocean90. fixes #19461
git-svn-id: http://svn.automattic.com/wordpress/trunk@19569 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-12-08 16:49:16 +00:00
nacin 3d51303ca3 Help tweaks for users, tools. props jane, see #19020.
git-svn-id: http://svn.automattic.com/wordpress/trunk@19509 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-12-01 01:17:14 +00:00
koopersmith 90f4fb3dd5 Update help content for user edit page. props Ipstenu, see #19020.
git-svn-id: http://svn.automattic.com/wordpress/trunk@19459 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-11-28 16:32:33 +00:00
nacin 0f3e2f79bd Show 'Profile updated' for profile.php. props johnbillion, fixes #19053.
git-svn-id: http://svn.automattic.com/wordpress/trunk@19285 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-11-14 22:09:15 +00:00
nacin bfb98c193e s/add_help_sidebar/set_help_sidebar/g and introduce screen->remove_help_tab($id) and screen->remove_help_tabs(). see #19020, #18785.
git-svn-id: http://svn.automattic.com/wordpress/trunk@19119 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-11-02 20:14:10 +00:00
ryan 3ad1f67958 Use add_help_sidebar(). see #19020
git-svn-id: http://svn.automattic.com/wordpress/trunk@19111 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-11-02 03:12:37 +00:00
ryan 28a6d49c1a Validation fix for user-edit.php. Props sorich87. fixes #18921
git-svn-id: http://svn.automattic.com/wordpress/trunk@18953 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-10-12 19:47:00 +00:00
nacin 2ee655428d Force the admin bar on in the admin as it is now integrated. Removes the second UI option. Leaves out the upgrade routine for now. see #18197.
git-svn-id: http://svn.automattic.com/wordpress/trunk@18700 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-09-17 22:26:01 +00:00
nacin 1fdf0b9430 Add 'Add New' buttons to edit links, edit media, and edit user screens. props sbressler, fixes #17499.
git-svn-id: http://svn.automattic.com/wordpress/trunk@17975 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-05-19 19:52:11 +00:00
nacin 9cb6e158fc Switch from Panel/SubPanel to Screen in inline documentation and Codex links. props michaelh, fixes #17265.
git-svn-id: http://svn.automattic.com/wordpress/trunk@17748 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-04-28 15:24:49 +00:00
ryan 976fbf8505 Back to Authors and Users should say Back to Users. Props SergeyBiryukov. fixes #16054
git-svn-id: http://svn.automattic.com/wordpress/trunk@17657 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-04-18 21:53:15 +00:00
dd32 7c6cf52194 Add missing closing fieldset tag. Props bluntelk. Fixes #17042 for trunk
git-svn-id: http://svn.automattic.com/wordpress/trunk@17593 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-04-04 08:04:41 +00:00
azaozz ade138d7ac Fix display of apostrophes in the user's first and last names on the User Profile page, partial props andrewryno, see #17004
git-svn-id: http://svn.automattic.com/wordpress/trunk@17587 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-04-01 20:40:16 +00:00
nacin 51b3f2faf2 Remove cryptic bitwise check. Todo, CPT/supports checks. see #17005.
git-svn-id: http://svn.automattic.com/wordpress/trunk@17574 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-03-31 06:33:20 +00:00
markjaquith 4d39c5894a Remove unused/non-functional code with old-style CSRF checking. see #16499
git-svn-id: http://svn.automattic.com/wordpress/trunk@17381 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-02-03 07:23:05 +00:00
nacin 1b1997583b Err, oops. Put the class on the table row. props yoast, see [17234], see #16004.
git-svn-id: http://svn.automattic.com/wordpress/trunk@17235 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-01-07 16:47:39 +00:00
nacin d2c179f49e Revert _admin_bar_preferences() and add a class to the table row to allow it to be hidden. Forcing the use of CSS at least attempts to ensure that the developer will recognize that the saving aspect isn't handled. Handle this in the future across all settings screens. Reverts [17161]. fixes #16004.
git-svn-id: http://svn.automattic.com/wordpress/trunk@17234 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-01-07 16:39:18 +00:00
nacin f15b1ad05d Allow us to return from whence we came. Specify wp_http_referer for user-edit in the network admin, as we may come from network/users or site-users. props PeteMall, SergeyBiryukov, fixes #16053.
git-svn-id: http://svn.automattic.com/wordpress/trunk@17201 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-01-01 22:30:46 +00:00
nacin a92b6663aa Move the admin bar profile preferences to a hook. fixes #16004.
git-svn-id: http://svn.automattic.com/wordpress/trunk@17161 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-12-28 19:37:11 +00:00
nacin 9009245db5 Tag textareas escaped earlier with textarea_escaped. see #15454.
git-svn-id: http://svn.automattic.com/wordpress/trunk@17141 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-12-25 17:58:01 +00:00
nacin a50012abc7 Final string tweaks to admin bar preferences. props jane, fixes #15829.
git-svn-id: http://svn.automattic.com/wordpress/trunk@17095 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-12-21 14:45:55 +00:00
nacin d2b0ef40c8 String changes to admin bar preferences. props jane, see #15829.
git-svn-id: http://svn.automattic.com/wordpress/trunk@17055 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-12-19 05:23:25 +00:00
ryan 58e65d1855 Admin bar visibility prefs. Props duck_. see #15829
git-svn-id: http://svn.automattic.com/wordpress/trunk@17032 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-12-17 21:48:30 +00:00
ryan d5f81d06f9 Don't show super admin checkbox for the user that has the network admin email address. Props duck_. fixes #14051
git-svn-id: http://svn.automattic.com/wordpress/trunk@16767 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-12-07 18:10:16 +00:00
nacin ee718e28c0 Don't double-escape user description. see #15454.
git-svn-id: http://svn.automattic.com/wordpress/trunk@16744 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-12-06 08:55:09 +00:00
PeteMall 5e3fd53b7a Ignore role selector in network admin user-edit. See #14435.
git-svn-id: http://svn.automattic.com/wordpress/trunk@16563 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-24 08:06:38 +00:00
nacin b3b979ce48 Codex links should open in a new window. fixes #14665, props qwertymaniac.
git-svn-id: http://svn.automattic.com/wordpress/trunk@16448 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-18 03:26:03 +00:00
markjaquith 6482610f9a esc_textarea() and application for obvious textarea escaping. props alexkingorg. fixes #15454
git-svn-id: http://svn.automattic.com/wordpress/trunk@16431 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-17 17:12:01 +00:00
ryan cd8c19d46d Remove role selector from network admin user-edit. Props PeteMall. see #14435
git-svn-id: http://svn.automattic.com/wordpress/trunk@16210 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-05 17:26:32 +00:00
nacin f5e23028ff Pass user object through _wp_get_user_contactmethods() to the user_contactmethods filter. props aaroncampbell, fixes #15186.
git-svn-id: http://svn.automattic.com/wordpress/trunk@15896 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-10-21 15:42:06 +00:00
scribu 799baf139c Use submit_button() in more places. See #15064
git-svn-id: http://svn.automattic.com/wordpress/trunk@15830 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-10-17 18:24:34 +00:00
scribu 08e984e5e8 move password-strength-meter.js into user-profile.js. See #5919
git-svn-id: http://svn.automattic.com/wordpress/trunk@15780 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-10-12 20:29:19 +00:00
ryan 9c31fd7c70 First pass of user admin. Network admin and screen cleanups. see #14696
git-svn-id: http://svn.automattic.com/wordpress/trunk@15746 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-10-07 19:34:18 +00:00
ryan 21e3f0f7fa Network Admin, first pass. see #14435
git-svn-id: http://svn.automattic.com/wordpress/trunk@15481 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-07-30 20:34:54 +00:00