Commit Graph

268 Commits

Author SHA1 Message Date
Felix Arntz f6ebc1a80c Role/Capability: Introduce capabilities dedicated to installing and updating language files.
The new meta capabilities are called `install_languages` and `update_languages`. Prior to this change, there were no proper capability checks applied. Instead only the filesystem and related constants were checked, and for actual permissions a rather vague fallback was used where a user needed to have at least one of the other updating capabilities. In addition to being generally more verbose, the new capabilities make it possible for example to allow a user to update languages, but nothing else. By default they fall back to the original way of how they were handled.

Props johnbillion, flixos90.
Fixes #39677.

Built from https://develop.svn.wordpress.org/trunk@41268


git-svn-id: http://core.svn.wordpress.org/trunk@41108 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-08-18 18:31:44 +00:00
John Blackbourn b52e37f9bf Options, Meta APIs: Require a confirmation link in an email to be clicked when an admin attempts to change the site admin email address.
This adds this previously Multisite-only functionality to single site installations too. This change prevents accidental or erroneous email address changes from potentially locking users out of their site.

Props MatheusGimenez, johnbillion

Fixes #39118

Built from https://develop.svn.wordpress.org/trunk@41254


git-svn-id: http://core.svn.wordpress.org/trunk@41094 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-08-14 20:13:43 +00:00
Felix Arntz 6e5cd6d397 Multisite: Replace `is_super_admin()` with `manage_network_options` in `wp-admin/options.php`.
Props sathyapulse.
Fixes #39200. See #37616.

Built from https://develop.svn.wordpress.org/trunk@39933


git-svn-id: http://core.svn.wordpress.org/trunk@39870 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-20 17:39:41 +00:00
Sergey Biryukov ead8c38f38 Docs: Add variable to `@param` entry for `whitelist_options` filter.
Props keesiemeijer.
Fixes #39477.
Built from https://develop.svn.wordpress.org/trunk@39708


git-svn-id: http://core.svn.wordpress.org/trunk@39648 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-06 21:57:42 +00:00
Sergey Biryukov b1ed607578 Text Changes: Merge and clarify some permission error strings in the admin.
See #38857.
Built from https://develop.svn.wordpress.org/trunk@39308


git-svn-id: http://core.svn.wordpress.org/trunk@39248 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-19 01:38:31 +00:00
Dominik Schilling 89cab4e197 I18N: Show "Settings saved." in the correct language after switching the site language.
This simplifies the logic by comparing `get_user_locale()` before and after an settings update.

Props swissspidy, ocean90.
See #29783, #29281.
Fixes #38482.
Built from https://develop.svn.wordpress.org/trunk@39122


git-svn-id: http://core.svn.wordpress.org/trunk@39062 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-04 17:09:31 +00:00
Pascal Birchler 4a88d55054 I18N: Introduce a user-specific language setting.
By enabling the user to select their preferred locale when editing the profile, we allow for greater personalization of the WordPress admin and therefore a better user experience.

The back end will be displayed in the user's individual locale while the locale used on the front end equals the one set for the whole site. If the user didn't specify a locale, the site's locale will be used as a fallback. The new `locale` property of the `WP_User` class can be used to retrieve the user's locale setting.

Props ocean90, ipm-frommen, swissspidy.
Fixes #29783.
Built from https://develop.svn.wordpress.org/trunk@38705


git-svn-id: http://core.svn.wordpress.org/trunk@38648 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-03 07:04:29 +00:00
Dominik Schilling f8e7680cd6 Multisite: Use `hash_equals()` when comparing hashes to mitigate timing attacks.
Fixes #37324.
Built from https://develop.svn.wordpress.org/trunk@38032


git-svn-id: http://core.svn.wordpress.org/trunk@37973 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-10 19:43:28 +00:00
Jeremy Felt 24804144de Multisite: Add a nonce to the "Cancel" URL when changing a site's admin email.
Props scottbasgaard.
Fixes #36954.

Built from https://develop.svn.wordpress.org/trunk@38006


git-svn-id: http://core.svn.wordpress.org/trunk@37947 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-07 17:13:27 +00:00
Sergey Biryukov 139387b7e5 Docs: Use 3-digit, x.x.x-style semantic versioning for `_doing_it_wrong()`, `_deprecated_function()`, `_deprecated_argument()`, and `_deprecated_file()` throughout core.
Props metodiew.
Fixes #36495.
Built from https://develop.svn.wordpress.org/trunk@37985


git-svn-id: http://core.svn.wordpress.org/trunk@37926 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-06 12:40:29 +00:00
Dominik Schilling 25e66e4f1e Text Changes: Unify permission error messages.
The new format looks like "Sorry, you are not allowed to <action>.". This provides a consistent experience for all error messages related to missing permissions. It also reduces the number of similar strings and allows translators to provide a consistent style in their language.

Props ramiy, Presskopp.
Fixes #34521.
Built from https://develop.svn.wordpress.org/trunk@37914


git-svn-id: http://core.svn.wordpress.org/trunk@37855 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-29 15:16:29 +00:00
Drew Jaynes c3055cc190 Docs: Standardize hook docs in wp-admin/* to use third-person singular verbs per the inline documentation standards for PHP.
See #36913.

Built from https://develop.svn.wordpress.org/trunk@37488


git-svn-id: http://core.svn.wordpress.org/trunk@37456 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-05-22 18:01:30 +00:00
Joe McGill bdfd58c8cf Media: Remove medium_large size from `$whitelist_options['media']` in `options.php`.
The `medium_large_size_w` and `medium_large_size_h` options were added to the
$whitelist_options['media'] in options.php in [35479], which causes both options
to be set to `0` when the media settings are changed. When this occurs, the
medium_large image size will no longer be created when an image is uploaded.

Since these options aren't meant to be updated via the settings UI, they can be
safely removed from the whitelist.

Fixes #36531.

Built from https://develop.svn.wordpress.org/trunk@37435


git-svn-id: http://core.svn.wordpress.org/trunk@37401 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-05-15 22:38:29 +00:00
Dominik Schilling c25efe2d52 Revert [35336] and [35337].
See #28344.
Built from https://develop.svn.wordpress.org/trunk@35685


git-svn-id: http://core.svn.wordpress.org/trunk@35649 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-18 20:30:25 +00:00
Scott Taylor d8eacd51d8 Media: add a new image size, `medium_large`. Bumps db version to add new options.
Adds unit tests.

Props DH-Shredder, joemcgill, azaozz.
Fixes #34196.

Built from https://develop.svn.wordpress.org/trunk@35479


git-svn-id: http://core.svn.wordpress.org/trunk@35443 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-31 20:50:25 +00:00
Dominik Schilling 253646fcd1 Options: Hide the week starts on setting for installs that have the default setting already.
The default setting is the value of `$wp_locale->start_of_week` which holds the value per locale, see [35336].

Props swissspidy, ocean90.
Fixes #28344.
Built from https://develop.svn.wordpress.org/trunk@35337


git-svn-id: http://core.svn.wordpress.org/trunk@35303 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-21 17:39:25 +00:00
Boone Gorges 3eab09a694 Don't force comment pagination.
[34561] instituted the policy of forcing pagination for comments. This strategy
was intended to avert problems when 'page_comments' is set to 0 - as it is by
default - and the number of comments on a given post rises into the hundreds or
thousands. By forcing pagination in all cases, we ensured that WordPress would
not time out by processing unwieldy numbers of comments on a given pageload.

The strategy proves problematic, however, because comment permalinks are
generated using the page of the comment. Forcing pagination for posts that
were not previously paginated would change the URL of all comments that do not
appear on the default comment page.

This changeset reintroduces the 'page_comments' setting and its corresponding
checkbox on Settings > Discussion. A number of tests, which were written after
[34561], are modified to work now that 'page_comments' will, once again, be
disabled by default.

See #8071.
Built from https://develop.svn.wordpress.org/trunk@35331


git-svn-id: http://core.svn.wordpress.org/trunk@35297 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-21 16:26:42 +00:00
Jeremy Felt 9926983b66 Revert [34778], continue using `_site_option()` for the current network.
The `_network_option()` parameter order will be changing to accept `$network_id` first. The `_site_option()` functions will remain in use throughout core as our way of retrieving a network option for the current network.

See #28290.

Built from https://develop.svn.wordpress.org/trunk@34912


git-svn-id: http://core.svn.wordpress.org/trunk@34877 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-07 17:11:25 +00:00
Jeremy Felt 54512d64cb MS: Use `*_network_option()` functions throughout core.
Replaces all uses of `*_site_option()` with the corresponding "network" function.

This excludes one usage in `wp-admin/admin-footer.php` that needs more investigation.

Props spacedmonkey.
See #28290.

Built from https://develop.svn.wordpress.org/trunk@34778


git-svn-id: http://core.svn.wordpress.org/trunk@34743 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-02 19:08:26 +00:00
Boone Gorges 18d6b3c8dc Force comment pagination on single posts.
Previously, the 'page_comments' toggle allowed users to disable comment
pagination. This toggle was only superficial, however. Even with
'page_comments' turned on, `comments_template()` loaded all of a post's
comments into memory, and passed them to `wp_list_comments()` and
`Walker_Comment`, the latter of which produced markup for only the
current page of comments. In other words, it was possible to enable
'page_comments', thereby showing only a subset of a post's comments on a given
page, but all comments continued to be loaded in the background. This technique
scaled poorly. Posts with hundreds or thousands of comments would load slowly,
or not at all, even when the 'comments_per_page' setting was set to a
reasonable number.

Recent changesets have addressed this problem through more efficient tree-
walking, better descendant caching, and more selective queries for top-level
post comments. The current changeset completes the project by addressing the
root issue: that loading a post causes all of its comments to be loaded too.

Here's the breakdown:

* Comment pagination is now forced. Setting 'page_comments' to false leads to evil things when you have many comments. If you want to avoid pagination, set 'comments_per_page' to something high.
* The 'page_comments' setting has been expunged from options-discussion.php, and from places in the codebase where it was referenced. For plugins relying on 'page_comments', we now force the value to `true` with a `pre_option` filter.
* `comments_template()` now queries for an appropriately small number of comments. Usually, this means the `comments_per_page` value.
* To preserve the current (odd) behavior for comment pagination links, some unholy hacks have been inserted into `comments_template()`. The ugliness is insulated in this function for backward compatibility and to minimize collateral damage. A side-effect is that, for certain settings of 'default_comments_page', up to 2x the value of `comments_per_page` might be fetched at a time.
* In support of these changes, a `$format` parameter has been added to `WP_Comment::get_children()`. This param allows you to request a flattened array of comment children, suitable for feeding into `Walker_Comment`.
* `WP_Query` loops are now informed about total available comment counts and comment pages by the `WP_Comment_Query` (`found_comments`, `max_num_pages`), instead of by `Walker_Comment`.

Aside from radical performance improvements in the case of a post with many
comments, this changeset fixes a bug that caused the first page of comments to
be partial (`found_comments` % `comments_per_page`), rather than the last, as
you'd expect.

Props boonebgorges, wonderboymusic.
Fixes #8071.
Built from https://develop.svn.wordpress.org/trunk@34561


git-svn-id: http://core.svn.wordpress.org/trunk@34525 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-25 20:40:25 +00:00
Dominik Schilling 33127a3f59 Don't use `<code>` in translation strings in `wp-admin/options.php`.
Props ramiy, wonderboymusic.
Fixes #31861.
Built from https://develop.svn.wordpress.org/trunk@34315


git-svn-id: http://core.svn.wordpress.org/trunk@34279 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-18 20:43:25 +00:00
Sergey Biryukov a880c5c576 Provide more helpful feedback than just "Cheatin' uh?" for permission errors in `wp-admin/options.php`.
props ericlewis, kraftbj, lukecarbis, mrmist.
fixes #33674. see #14530.
Built from https://develop.svn.wordpress.org/trunk@33863


git-svn-id: http://core.svn.wordpress.org/trunk@33831 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-02 18:31:21 +00:00
Dominik Schilling 85d7261305 Site icon: Remove option name from `$whitelist_options` for the general options screen.
The option gets saved in `WP_Site_Icon->set_site_icon()`.

fixes #32859.
Built from https://develop.svn.wordpress.org/trunk@33037


git-svn-id: http://core.svn.wordpress.org/trunk@33008 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-01 21:41:26 +00:00
Konstantin Obenland c56a8ae0f7 Introducing Site Icon, favicon management for WordPress.
This v1 marries Jetpack's Site Icon module with the Media Modal, reusing code
from the Custom Header admin. For now, the core-provided icons will be limited
to a favicon, an iOS app icon, and a Windows tile icon, leaving `.ico` support
and additional icons to plugins to add.

Props obenland, tyxla, flixos90, jancbeck, markjaquith, scruffian.
See #16434.


Built from https://develop.svn.wordpress.org/trunk@32994


git-svn-id: http://core.svn.wordpress.org/trunk@32965 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-06-29 12:58:25 +00:00
Konstantin Obenland 7dc1d06e64 Proper heading for admin screens.
First step towards restoring a good heading structure in wp-admin.
The previous `<h1>` contained the site title and a link to the front page and was removed with the toolbar refactoring in 3.2.

Props joedolson, afercia.
Fixes #31650.


Built from https://develop.svn.wordpress.org/trunk@32974


git-svn-id: http://core.svn.wordpress.org/trunk@32945 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-06-27 15:41:25 +00:00
Gary Pendergast 837fd1ca10 When saving Writing Options, check that the UI is enabled for `use_smilies` and `use_balanceTags` before trying to update them.
Fixes #5161.
Fixes #32298.


Built from https://develop.svn.wordpress.org/trunk@32455


git-svn-id: http://core.svn.wordpress.org/trunk@32425 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-08 11:59:26 +00:00
Dominik Schilling 64fc7294b6 Use HTTPS URLs for codex.wordpress.org.
see #27115.
Built from https://develop.svn.wordpress.org/trunk@32116


git-svn-id: http://core.svn.wordpress.org/trunk@32095 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-12 21:29:32 +00:00
John Blackbourn d88ed475b0 Switch to a `403` response code in places where it is more appropriate than a `500` due to permissions errors.
Fixes #10551
Props nacin

Built from https://develop.svn.wordpress.org/trunk@30356


git-svn-id: http://core.svn.wordpress.org/trunk@30355 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-16 06:16:22 +00:00
Dominik Schilling 8fb6f317ff Site Language: Install translations on the fly.
The language dropdown now includes installed languages and all available translations when the filesystem is writable by WordPress.
Go to wp-admin/options-general.php, select one of the available translations, submit the form and let WordPress handle the rest.
Works for Multisite's Default Language too.

see #29395.
Built from https://develop.svn.wordpress.org/trunk@30335


git-svn-id: http://core.svn.wordpress.org/trunk@30334 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-13 17:01:24 +00:00
Dominik Schilling d544610681 Language packs: No WPLANG anymore.
* The WPLANG constant is no longer needed. Remove define('WPLANG', ''); from wp-config-sample.php. Populate WPLANG option based on the WPLANG constant. When get_option('WPLANG') is an empty string it will override WPLANG.
* Introduce translations_api() which is available to communicate with the translation API. Move translation install related functions to a new file.
* Replace mu_dropdown_languages() with wp_dropdown_languages(). wp_dropdown_languages() is now populated by the translation API.
* Remove wp_install_load_language() and allow load_default_textdomain() to switch a core translation.

fixes #13069, #15677, #19760, #28730, #29281. 
Built from https://develop.svn.wordpress.org/trunk@29630


git-svn-id: http://core.svn.wordpress.org/trunk@29404 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-08-26 19:59:16 +00:00
Drew Jaynes 097dc8ee15 Fix syntax for single- and multi-line comments in wp-admin-directory files.
See #28931.

Built from https://develop.svn.wordpress.org/trunk@29206


git-svn-id: http://core.svn.wordpress.org/trunk@28990 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-07-17 09:14:16 +00:00
Andrew Nacin 4e2f1bd155 Introduce wp_dropdown_languages() and use it on general settings.
Early rough cut. Obviously not fully implemented.

see #15677.

Built from https://develop.svn.wordpress.org/trunk@29007


git-svn-id: http://core.svn.wordpress.org/trunk@28795 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-07-05 06:19:16 +00:00
Drew Jaynes add93833c3 Add braces missed while adding docs for the `option_page_capability_{$option_page}` hook.
See [25372]. See #25229.

Built from https://develop.svn.wordpress.org/trunk@28833


git-svn-id: http://core.svn.wordpress.org/trunk@28637 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-06-25 21:48:15 +00:00
Scott Taylor 7415ae10a3 `hackificator` doesn't like mixed single/double-quoted attributes. These were 2 lingering instances in the admin.
See #27881.

Built from https://develop.svn.wordpress.org/trunk@28530


git-svn-id: http://core.svn.wordpress.org/trunk@28356 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-19 17:10:15 +00:00
Scott Taylor 2f513d3320 Fix some `hackificator` odds and ends in `wp-admin`:
* `wp-activate.php` and `wp-admin/themes.php` don't need the closing PHP tag
* Switch single quotes for HTML attribute values to double in a few places
* Convert `include_once file.php` syntax to `include_once( 'file.php' )`
* Add access modifiers to methods/members in: `_WP_List_Table_Compat`, `Walker_Nav_Menu_Edit`, `Walker_Nav_Menu_Checklist`, `WP_Screen`, `Walker_Category_Checklist`
* `edit_user()` doesn't need to import the `$wpdb` global
* `wp_list_widgets()` doesn't need to import the `$sidebars_widgets` global
* switch/endswitch syntax is not supported in Hack
* A `<ul>` in `wp-admin/users.php` is unclosed

See #27881.

Built from https://develop.svn.wordpress.org/trunk@28500


git-svn-id: http://core.svn.wordpress.org/trunk@28326 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-19 05:04:16 +00:00
Drew Jaynes 5e51ea9940 Priority fixes for various existing hook documentation.
Props kpdesign.
See #26869

Built from https://develop.svn.wordpress.org/trunk@28083


git-svn-id: http://core.svn.wordpress.org/trunk@27914 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-04-12 00:01:15 +00:00
Andrew Ozz 8d6059b383 Remove all screen_icon() calls and deprecate the functions, props TobiasBg, fixes #26119
Built from https://develop.svn.wordpress.org/trunk@26518


git-svn-id: http://core.svn.wordpress.org/trunk@26411 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-12-02 03:53:11 +00:00
Andrew Nacin 70fd806759 Revert r25824:25875 from the core.svn.wordpress.org repository.
These commits were accidentally re-synced commits from develop.svn.wordpress.org due to a race condition. Thankfully, the history of this repository matters fairly little. It also happened only for trunk.


git-svn-id: http://core.svn.wordpress.org/trunk@25876 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-10-25 02:29:52 +00:00
Andrew Nacin 8ae8e01b67 Remove the old wp_auto_updates_maybe_update cron event. Schedule the new wp_maybe_auto_update event at 7 a.m. and 7 p.m. in the site's timezone.
see #27704.

Built from https://develop.svn.wordpress.org/trunk@25825


git-svn-id: http://core.svn.wordpress.org/trunk@25825 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-10-24 22:53:14 +00:00
Ryan Boren b87d4b77e5 Pinking shears
Built from https://develop.svn.wordpress.org/trunk@25880


git-svn-id: http://core.svn.wordpress.org/trunk@25792 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-10-23 14:38:10 +00:00
Andrew Nacin fd57b239d2 Don't rely on include_path to include files.
Always use dirname() or, once available, ABSPATH.

props ketwaroo, hakre.
fixes #17092.

Built from https://develop.svn.wordpress.org/trunk@25616


git-svn-id: http://core.svn.wordpress.org/trunk@25533 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-09-25 00:18:11 +00:00
Sergey Biryukov f2391051c7 Inline documentation for hooks in wp-admin/options.php.
props siobhyb.
see #25229.
Built from https://develop.svn.wordpress.org/trunk@25372


git-svn-id: http://core.svn.wordpress.org/trunk@25322 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-09-12 03:44:08 +00:00
Ryan Boren f3a83744e9 Use wp_unslash() instead of stripslashes() and stripslashes_deep(). Use wp_slash() instead of add_magic_quotes().
git-svn-id: http://core.svn.wordpress.org/trunk@23567 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-01 17:14:09 +00:00
Ryan Boren 43a7e695e9 Revert 23416, 23419, 23445 except for wp_reset_vars() changes. We are going a different direction with the slashing cleanup, so resetting to a clean slate. see #21767
git-svn-id: http://core.svn.wordpress.org/trunk@23554 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-01 16:28:40 +00:00
Ryan Boren cc5ed3a485 Change all core API to expect unslashed rather than slashed arguments.
The exceptions to this are update_post_meta() and add_post_meta() which are often used by plugins in POST handlers and will continue accepting slashed data for now.

Introduce wp_upate_post_meta() and wp_add_post_meta() as unslashed alternatives to update_post_meta() and add_post_meta(). These functions could become methods in WP_Post so don't use them too heavily yet.

Remove all escape() calls from wp_xmlrpc_server. Now that core expects unslashed data this is no longer needed.

Remove addslashes(), addslashes_gpc(), add_magic_quotes() calls on data being prepared for handoff to core functions that until now expected slashed data. Adding slashes in no longer necessary.

Introduce wp_unslash() and use to it remove slashes from GPCS data before using it in core API. Almost every instance of stripslashes() in core should now be wp_unslash(). In the future (a release or three) when GPCS is no longer slashed, wp_unslash() will stop stripping slashes and simply return what is passed. At this point wp_unslash() calls can be removed from core.

Introduce wp_slash() for slashing GPCS data. This will also turn into a noop once GPCS is no longer slashed. wp_slash() should almost never be used. It is mainly of use in unit tests.

Plugins should use wp_unslash() on data being passed to core API.

Plugins should no longer slash data being passed to core. So when you get_post() and then wp_insert_post() the post data from get_post() no longer needs addslashes(). Most plugins were not bothering with this. They will magically start doing the right thing. Unfortunately, those few souls who did it properly will now have to avoid calling addslashes() for 3.6 and newer.

Use wp_kses_post() and wp_kses_data(), which expect unslashed data, instead of wp_filter_post_kses() and wp_filter_kses(), which expect slashed data. Filters are no longer passed slashed data.

Remove many no longer necessary calls to $wpdb->escape() and esc_sql().

In wp_get_referer() and wp_get_original_referer(), return unslashed data.

Remove old stripslashes() calls from WP_Widget::update() handlers. These haven't been necessary since WP_Widget.

Switch several queries over to prepare().

Expect something to break.

Props alexkingorg
see #21767


git-svn-id: http://core.svn.wordpress.org/trunk@23416 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-02-14 22:51:06 +00:00
Andrew Nacin 97032e08aa Revert page on front changes. Reverts [22127] [22129] [22135] [22136]. see #16379.
git-svn-id: http://core.svn.wordpress.org/trunk@22653 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-11-19 01:28:32 +00:00
Andrew Nacin 1617e5ebdf Move the static front page saving routine to a single sanitize_option() callback for show_on_front. page_on_front and page_for_posts are now manually set by this callback, and not separately by options.php. see #16379.
git-svn-id: http://core.svn.wordpress.org/trunk@22136 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-10-08 21:25:13 +00:00
Andrew Nacin 1009245fa1 Remove the 'Size of the post box' (default_post_edit_rows) option. This will instead be handled by a user cookie tracking the resizing of both TinyMCE and the main textarea. see #21718.
git-svn-id: http://core.svn.wordpress.org/trunk@22006 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-09-26 03:17:28 +00:00
Andrew Nacin a6c93e2f65 Always attempt to embed URLs in content, removing the Auto-embeds (autoembed_urls) option.
Remove the UI for setting the default width and height for embeds. Width was confusing as it
was blank by default (inheriting the content width from the theme, or 500px). The height is
now calculated as 1.5x the content width, or 1000px, whichever is smaller.

The [embed] shortcode can still receive manual height and width attributes. This just removes
the global settings.

props wonderboymusic. see #21719.



git-svn-id: http://core.svn.wordpress.org/trunk@21998 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-09-25 07:10:09 +00:00
Andrew Nacin 85d25dacc5 Hide upload_path and upload_url_path from the Media Settings screen, assuming they are both set to their default values.
These can be set on options.php, or the UPLOADS constant or the filters in wp_upload_dir() should be used. WordPress should aim to avoid UI options that require filesystem changes as well, not to mention requiring the user to convert between paths and URLs.

fixes #21720.



git-svn-id: http://core.svn.wordpress.org/trunk@21852 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-09-14 21:00:39 +00:00
Andrew Nacin 8cbf331fa5 If an option was not sent to options.php, pass null to update_option(), rather than trimming the null and converting it to an empty string. This provides better context for sanitize_option() while still storing what ends up being an empty string either way. see #16416.
git-svn-id: http://core.svn.wordpress.org/trunk@21849 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-09-14 19:12:35 +00:00
Andrew Nacin 558a36c79f Avoid the need for a hidden input when suppressing the blog_charset option. fixes #21507.
git-svn-id: http://core.svn.wordpress.org/trunk@21842 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-09-14 03:23:06 +00:00
Andrew Nacin 7fd32ab9fc Fold Privacy Settings into Reading Settings, moving blog_public (search engine/robots) to options-reading and removing options-privacy.
When blog_public only has two values (as judged by whether the blog_privacy_selector action is used), convert from radio buttons to a checkbox, and rename from 'Site Visibility' to a more specific 'Search Engine Visibility'.

The text and implementation may change a bit. see #16416.



git-svn-id: http://core.svn.wordpress.org/trunk@21838 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-09-13 17:28:57 +00:00
Andrew Nacin 9d204841ee Remove AtomPub from core.
* Will be replaced with http://wordpress.org/extend/plugins/atom-publishing-protocol/.
 * Introduces an action, xmlrpc_rsd_apis, to add APIs to xmlrpc.php?rsd.
 * Introduces support for 'error' being 403 and 50x in class-wp.php.
 * Removes 'Remote Publishing' from Writing Settings (see [21804]). Keeps the remote_publishing settings section.

DB version is bumped to generate the new wp-app rewrite rule and remove the old enable_app option.

props wonderboymusic.
fixes #21509.



git-svn-id: http://core.svn.wordpress.org/trunk@21818 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-09-11 20:11:39 +00:00
Andrew Nacin 26dc1e74e5 Turn XML-RPC on and remove the option on the Writing Settings page.
props markoheijnen for the initial patch.

Introduces a new filter, xmlrpc_enabled.

Respects any current callbacks registered to the pre_option_enable_xmlrpc
and option_enable_xmlrpc filters, for anyone forcing it off via code.

fixes #21509.



git-svn-id: http://core.svn.wordpress.org/trunk@21804 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-09-11 00:37:31 +00:00
Andrew Nacin bfaaa3d8ab Remove unused multisite option 'language'. props wonderboymusic. fixes #21545.
git-svn-id: http://core.svn.wordpress.org/trunk@21551 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-08-20 16:43:44 +00:00
ryan e3b46b25d3 Lose EOF ?>. Clean up EOF newlines. fixes #12307
git-svn-id: http://svn.automattic.com/wordpress/trunk@19712 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-01-08 17:01:11 +00:00
ryan 616c35e71c One newline is enough.
git-svn-id: http://svn.automattic.com/wordpress/trunk@19684 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-01-05 20:10:39 +00:00
ryan 340e93324c Remove extraneous spaces. Props kenan3008, dimadin. fixes #19501 #19433
git-svn-id: http://svn.automattic.com/wordpress/trunk@19596 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-12-14 17:36:38 +00:00
markjaquith 37e23be4ed Be more consistent with ERROR: messages. fixes #15887
git-svn-id: http://svn.automattic.com/wordpress/trunk@18841 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-09-30 17:18:35 +00:00
nacin 40b0b6c65e Add option_page_capability_$option_page filter. see #14365.
git-svn-id: http://svn.automattic.com/wordpress/trunk@17986 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-05-22 21:32:22 +00:00
nacin 9cb6e158fc Switch from Panel/SubPanel to Screen in inline documentation and Codex links. props michaelh, fixes #17265.
git-svn-id: http://svn.automattic.com/wordpress/trunk@17748 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-04-28 15:24:49 +00:00
nacin ade50f7e35 Allow dfault post format selections. fixes #15882.
git-svn-id: http://svn.automattic.com/wordpress/trunk@17056 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-12-19 05:36:11 +00:00
markjaquith 7aa5cb911e Backwards compat for plugin use of updated=1. fixes #15660
git-svn-id: http://svn.automattic.com/wordpress/trunk@16706 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-12-03 10:59:20 +00:00
markjaquith 6482610f9a esc_textarea() and application for obvious textarea escaping. props alexkingorg. fixes #15454
git-svn-id: http://svn.automattic.com/wordpress/trunk@16431 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-17 17:12:01 +00:00
markjaquith fc6e89da45 Expand submit_button() capabilities. Replace all (or almost all) manual HTML instances in WP. props sbressler. see #15064
git-svn-id: http://svn.automattic.com/wordpress/trunk@16061 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-10-28 21:56:43 +00:00
scribu 799baf139c Use submit_button() in more places. See #15064
git-svn-id: http://svn.automattic.com/wordpress/trunk@15830 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-10-17 18:24:34 +00:00
nacin 5463205114 Remove default_comment_status_pages setting. Reverts [14451], [14448] for 3.0. see #12991.
git-svn-id: http://svn.automattic.com/wordpress/trunk@14650 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-05-15 04:56:56 +00:00
wpmuguru 96153a63ae add default comment status setting for pages, props messenlehner, see #12991
git-svn-id: http://svn.automattic.com/wordpress/trunk@14448 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-05-04 19:31:24 +00:00
ryan 116f361cad Don't stomp upload options when saving media options for MS sites. fixes #13182
git-svn-id: http://svn.automattic.com/wordpress/trunk@14316 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-04-30 14:31:18 +00:00
ryan 372ff2e83a Allow regular admins to change the admin email. see #13126
git-svn-id: http://svn.automattic.com/wordpress/trunk@14241 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-04-26 17:55:41 +00:00
nacin 6ec7cb4540 Use relative paths when including files, avoiding include_path. fixes #12594, props sorich87.
git-svn-id: http://svn.automattic.com/wordpress/trunk@14139 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-04-18 06:14:45 +00:00
dd32 442d41291a Tweak new strings for better typography. Props demetris. Fixes #12962
git-svn-id: http://svn.automattic.com/wordpress/trunk@14070 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-04-11 10:41:54 +00:00
nacin 73f9683d51 Move unregistered check to proper branch of code. prevents options.php panel from throwing errors. see #11730
git-svn-id: http://svn.automattic.com/wordpress/trunk@13789 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-03-21 07:38:10 +00:00
nacin adf8dd3743 Simplify the deprecated notice for unregistered settings. fixes #11730
git-svn-id: http://svn.automattic.com/wordpress/trunk@13785 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-03-21 01:49:00 +00:00
dd32 2ae741bb79 Remove reminents of 'misc' from whitelist options too. See [13745] See #12437
git-svn-id: http://svn.automattic.com/wordpress/trunk@13746 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-03-18 07:58:53 +00:00
dd32 d51a95d091 Remove the now defunct link update checker from core. Fixes #12437
git-svn-id: http://svn.automattic.com/wordpress/trunk@13744 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-03-18 07:17:55 +00:00
ryan e25a65b36a Trim trailing whitespace
git-svn-id: http://svn.automattic.com/wordpress/trunk@13733 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-03-17 16:27:25 +00:00
nacin 04ee3c93cb Fix branching, and correct deprecated version numbers. see #11730
git-svn-id: http://svn.automattic.com/wordpress/trunk@13721 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-03-16 20:59:26 +00:00
wpmuguru b1bcab8963 more descriptive message on blocking unregistered setting, see #11644, related #11730
git-svn-id: http://svn.automattic.com/wordpress/trunk@13711 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-03-15 22:00:48 +00:00
wpmuguru 1aa48c2677 block unregistered settings in multisite, see #11644, related #11730
git-svn-id: http://svn.automattic.com/wordpress/trunk@13709 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-03-15 18:10:34 +00:00
nacin cb22e5b10a Only show multisite admin email notice if the email was changed. Add a "Cancel" link so the nag doesn't stay forever if the admin ends up not changing the email. see #12192
git-svn-id: http://svn.automattic.com/wordpress/trunk@13705 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-03-15 17:18:00 +00:00
nacin 20eae9d24a Use disabled() form helper. fixes #12581
git-svn-id: http://svn.automattic.com/wordpress/trunk@13661 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-03-11 17:12:23 +00:00
wpmuguru c1b0c8e8c9 Display a warning when processing an unregistered setting, see #11730
git-svn-id: http://svn.automattic.com/wordpress/trunk@13646 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-03-10 17:44:32 +00:00
dd32 c21bb61eaf Cleanup of options.php. Adds concise&early wp_die()'s, reformats some poorly chosen branching. See #12455
git-svn-id: http://svn.automattic.com/wordpress/trunk@13627 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-03-09 10:57:49 +00:00
dd32 44308debbe Restore MultiSite checks on Upload settings, Add proper whitelisting. Props Denis-de-Bernardy. Fixes #11687
git-svn-id: http://svn.automattic.com/wordpress/trunk@13545 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-03-02 10:31:06 +00:00
dd32 90637984b6 Move Upload folder settings to Options -> Media. Props nacin. Fixes #11687
git-svn-id: http://svn.automattic.com/wordpress/trunk@13529 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-03-01 12:13:15 +00:00
nacin 833f47778f Fix typo in [13471]. Props miqrogroove, see #12417
git-svn-id: http://svn.automattic.com/wordpress/trunk@13472 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-02-27 22:54:40 +00:00
nacin 473ef7d459 Make it more obvious we're escaping values in options.php. fixes #12417
git-svn-id: http://svn.automattic.com/wordpress/trunk@13471 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-02-27 22:50:00 +00:00
ryan 08bb3568c6 Option validation error reporting. Props jeremyclarke. see #11474
git-svn-id: http://svn.automattic.com/wordpress/trunk@13177 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-02-17 17:50:42 +00:00
ryan 9469c9f02a Deprecate mu_options. Integrate directly into options.php. see #11644
git-svn-id: http://svn.automattic.com/wordpress/trunk@12825 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-01-25 21:33:49 +00:00
ryan 94859834fc i18n fixes. Props nbachiyski. fixes #11954
git-svn-id: http://svn.automattic.com/wordpress/trunk@12789 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-01-21 21:37:43 +00:00
ryan f7d7bc2dd0 Use cap checks instead of multisite and super admin checks. Add some new caps. Merge cleanup. see #11644.
git-svn-id: http://svn.automattic.com/wordpress/trunk@12753 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-01-18 22:21:36 +00:00
ryan 8760e7da1b Coding standards, space after if
git-svn-id: http://svn.automattic.com/wordpress/trunk@12752 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-01-18 20:34:48 +00:00
ryan 6da55f7792 Trailing whitespace cleanup
git-svn-id: http://svn.automattic.com/wordpress/trunk@12733 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-01-15 22:11:12 +00:00
wpmuguru 346f859e12 merge multisite admin - edit links,tags,cats,options, See #11644
git-svn-id: http://svn.automattic.com/wordpress/trunk@12712 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-01-12 21:11:52 +00:00
ryan 95835a693a Do not use deprecated Etc timezones. Props miqrogroove. fixes #11558 for trunk
git-svn-id: http://svn.automattic.com/wordpress/trunk@12507 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-12-23 14:16:36 +00:00
ryan 4aca3ca146 Remove oEmbed discovery option. Add hook so plugins can enable it. see #10337
git-svn-id: http://svn.automattic.com/wordpress/trunk@12411 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-12-15 21:16:00 +00:00
ryan eae8a055c6 Include admin-footer in options.php only for the default case. Avoids warning about hook_suffix not being set when POSTing to options.php. see #10131
git-svn-id: http://svn.automattic.com/wordpress/trunk@12337 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-12-08 01:11:02 +00:00
ryan cca2279a4d Switch oEmbed option to control discovery. Tweak whitelist and settings page. Props Viper007Bond. see #10337
git-svn-id: http://svn.automattic.com/wordpress/trunk@12136 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-11-02 14:41:35 +00:00