Commit Graph

198 Commits

Author SHA1 Message Date
Ryan Boren 68b11a7c8f Use prepare instead of escape.
see #21767


git-svn-id: http://core.svn.wordpress.org/trunk@23564 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-01 17:01:01 +00:00
Ryan Boren 43a7e695e9 Revert 23416, 23419, 23445 except for wp_reset_vars() changes. We are going a different direction with the slashing cleanup, so resetting to a clean slate. see #21767
git-svn-id: http://core.svn.wordpress.org/trunk@23554 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-01 16:28:40 +00:00
Ryan Boren cc5ed3a485 Change all core API to expect unslashed rather than slashed arguments.
The exceptions to this are update_post_meta() and add_post_meta() which are often used by plugins in POST handlers and will continue accepting slashed data for now.

Introduce wp_upate_post_meta() and wp_add_post_meta() as unslashed alternatives to update_post_meta() and add_post_meta(). These functions could become methods in WP_Post so don't use them too heavily yet.

Remove all escape() calls from wp_xmlrpc_server. Now that core expects unslashed data this is no longer needed.

Remove addslashes(), addslashes_gpc(), add_magic_quotes() calls on data being prepared for handoff to core functions that until now expected slashed data. Adding slashes in no longer necessary.

Introduce wp_unslash() and use to it remove slashes from GPCS data before using it in core API. Almost every instance of stripslashes() in core should now be wp_unslash(). In the future (a release or three) when GPCS is no longer slashed, wp_unslash() will stop stripping slashes and simply return what is passed. At this point wp_unslash() calls can be removed from core.

Introduce wp_slash() for slashing GPCS data. This will also turn into a noop once GPCS is no longer slashed. wp_slash() should almost never be used. It is mainly of use in unit tests.

Plugins should use wp_unslash() on data being passed to core API.

Plugins should no longer slash data being passed to core. So when you get_post() and then wp_insert_post() the post data from get_post() no longer needs addslashes(). Most plugins were not bothering with this. They will magically start doing the right thing. Unfortunately, those few souls who did it properly will now have to avoid calling addslashes() for 3.6 and newer.

Use wp_kses_post() and wp_kses_data(), which expect unslashed data, instead of wp_filter_post_kses() and wp_filter_kses(), which expect slashed data. Filters are no longer passed slashed data.

Remove many no longer necessary calls to $wpdb->escape() and esc_sql().

In wp_get_referer() and wp_get_original_referer(), return unslashed data.

Remove old stripslashes() calls from WP_Widget::update() handlers. These haven't been necessary since WP_Widget.

Switch several queries over to prepare().

Expect something to break.

Props alexkingorg
see #21767


git-svn-id: http://core.svn.wordpress.org/trunk@23416 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-02-14 22:51:06 +00:00
Andrew Nacin d08bf937de Comment that the add_users capability was never used and has its days numbered. see #16719.
git-svn-id: http://core.svn.wordpress.org/trunk@22300 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-10-25 20:18:24 +00:00
Ryan Boren f742b675be Populate WPLANG site option when setting up a network. Props SergeyBiryukov. fixes #21726
git-svn-id: http://core.svn.wordpress.org/trunk@22257 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-10-17 20:29:53 +00:00
Ryan Boren ba79e04c10 In populate_network(), distinguish between upgrading from single to multisite and creating a new network in an existing multisite environment. When creating a new network steps related to setting up the main site must be skipped since the main site is created after populate_network() runs. Further, the global should not be modified since populating a new network does not involve switching to that network and making it current. fixes #22090
git-svn-id: http://core.svn.wordpress.org/trunk@22240 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-10-15 21:41:29 +00:00
Andrew Nacin 1009245fa1 Remove the 'Size of the post box' (default_post_edit_rows) option. This will instead be handled by a user cookie tracking the resizing of both TinyMCE and the main textarea. see #21718.
git-svn-id: http://core.svn.wordpress.org/trunk@22006 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-09-26 03:17:28 +00:00
Andrew Nacin a6c93e2f65 Always attempt to embed URLs in content, removing the Auto-embeds (autoembed_urls) option.
Remove the UI for setting the default width and height for embeds. Width was confusing as it
was blank by default (inheriting the content width from the theme, or 500px). The height is
now calculated as 1.5x the content width, or 1000px, whichever is smaller.

The [embed] shortcode can still receive manual height and width attributes. This just removes
the global settings.

props wonderboymusic. see #21719.



git-svn-id: http://core.svn.wordpress.org/trunk@21998 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-09-25 07:10:09 +00:00
Andrew Nacin 54e24f964a Disable multisite quotas by default on new installs. props mpvanwinkle77. fixes #21513.
git-svn-id: http://core.svn.wordpress.org/trunk@21827 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-09-12 15:48:40 +00:00
Andrew Nacin dc49f24a6c Remove ms-files.php rewriting from WordPress multisite. fixes #19235.
Keep existing networks compatible with a ms_files_rewriting network option.



git-svn-id: http://core.svn.wordpress.org/trunk@21823 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-09-11 22:22:20 +00:00
Andrew Nacin 9d204841ee Remove AtomPub from core.
* Will be replaced with http://wordpress.org/extend/plugins/atom-publishing-protocol/.
 * Introduces an action, xmlrpc_rsd_apis, to add APIs to xmlrpc.php?rsd.
 * Introduces support for 'error' being 403 and 50x in class-wp.php.
 * Removes 'Remote Publishing' from Writing Settings (see [21804]). Keeps the remote_publishing settings section.

DB version is bumped to generate the new wp-app rewrite rule and remove the old enable_app option.

props wonderboymusic.
fixes #21509.



git-svn-id: http://core.svn.wordpress.org/trunk@21818 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-09-11 20:11:39 +00:00
Andrew Nacin 26dc1e74e5 Turn XML-RPC on and remove the option on the Writing Settings page.
props markoheijnen for the initial patch.

Introduces a new filter, xmlrpc_enabled.

Respects any current callbacks registered to the pre_option_enable_xmlrpc
and option_enable_xmlrpc filters, for anyone forcing it off via code.

fixes #21509.



git-svn-id: http://core.svn.wordpress.org/trunk@21804 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-09-11 00:37:31 +00:00
Andrew Nacin e3cb5634b4 Wrap the unused options line in populate_options().
git-svn-id: http://core.svn.wordpress.org/trunk@21803 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-09-11 00:08:58 +00:00
Ryan Boren 9267d41910 Initialize to avoid 'Creating default object from empty value' warning in PHP 5.4.4.
git-svn-id: http://core.svn.wordpress.org/trunk@21647 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-08-28 18:03:12 +00:00
Andrew Nacin bfaaa3d8ab Remove unused multisite option 'language'. props wonderboymusic. fixes #21545.
git-svn-id: http://core.svn.wordpress.org/trunk@21551 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-08-20 16:43:44 +00:00
Andrew Nacin 84c3a86036 Hide the link manager from the UI on upgrade, if the site has no links. New DB option, link_manager_enabled.
Enforce this by denying the 'manage_links' capability, which hides the All Links, Add New Link, and Link Categories screens. Hide WP_Widget_Links and the UI for the default_link_category as well.

Convert all references to 'posts and links' when handling reassignment on user deletion to just 'posts'.

see #21307.



git-svn-id: http://core.svn.wordpress.org/trunk@21501 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-08-13 16:18:42 +00:00
nacin 4e5fd4de46 Introduce wpdb::get_charset_collate() to return the DEFAULT CHARACTER SET and COLLATE for use in table schemas.
props simonwheatley, pento. fixes #18451.



git-svn-id: http://core.svn.wordpress.org/trunk@21471 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-08-08 06:13:48 +00:00
nacin a54b4f9c9e Always return a WP_Theme object from wp_get_theme(). Check \$theme->exists() or \$theme->errors() to confirm the requested theme actually exists. see #20361.
git-svn-id: http://svn.automattic.com/wordpress/trunk@20363 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-04-05 01:05:49 +00:00
nacin 0507fd7a00 Ensure we get a theme back from wp_get_theme() before checking ->errors(). see #20103.
git-svn-id: http://svn.automattic.com/wordpress/trunk@20331 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-03-30 16:35:51 +00:00
nacin f76fd8e6e6 Increase default upload space for sites on a network from 10M to 100M. props andrea_r. fixes #18831.
git-svn-id: http://svn.automattic.com/wordpress/trunk@20170 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-03-10 22:07:17 +00:00
duck_ 3385cbbd6f Use WP_Rewrite::set_permalink_structure instead of plain update_option() in populate_network(). Fixes #20174.
This has the benefit of calling WP_Rewrite::init() which correctly resets the permalink_structure
property of the $wp_rewrite global so that the rewrite rules generated on the next flush are correct.


git-svn-id: http://svn.automattic.com/wordpress/trunk@20117 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-03-05 17:39:26 +00:00
nacin 3985eae452 Don't autoload the uninstall_plugins option. fixes #16741.
git-svn-id: http://svn.automattic.com/wordpress/trunk@20080 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-03-02 20:13:35 +00:00
nacin d130a63e25 Introduce WP_Theme, wp_get_themes(), and wp_get_theme() to replace get_themes(), get_theme(), get_theme_data(), current_theme_info(), and others.
* Getters and Helpers: Introduces a series of methods to allow for easy generation of headers for display, and other theme metadata, including page templates.
 * Screenshots: Handles support for multiple screenshots. (see # Additional screenshots must be PNG and start with screenshot-2.png, and be sequential to be counted. see #19816.
 * Error Handling: Broken themes have a WP_Error object attached to them.
 * Caching: Introduces a wp_cache_themes_persistently filter (also in [20020]) to enable persistent caching of all filesystem and sanitization operations normally handled by WP_Theme (and formerly get_file_data() and get_themes()). Themes are cached individually and across five different cache keys for different data pieces.
 * Compatibility: A WP_Theme object is backwards compatible with a theme's array formerly returned by get_themes() and get_theme(), and an stdClass object formerly returned by current_theme_info().
 * i18n/L10n: Theme headers are now localizable with proper Text Domain and Domain Path headers, like plugins. (Language packs may remove the requirement for headers.) For page templates, see #6007 (not fixed yet, but will be easy now). For headers, fixes #15858.
 * PHP and CSS files: New methods that fetch a list of theme files (for the theme editor) only on demand, rather than only loading them into memory. fixes #11214.

Functions deprecated:
 * get_themes(), get_allowed_themes() and get_broken_themes() -- use wp_get_themes()
 * get_theme() and current_theme_info() -- use wp_get_theme()
 * get_site_allowed_themes() -- use WP_Theme::get_allowed_on_network()
 * wpmu_get_blog_allowedthemes() -- use WP_theme::get_allowed_on_site()

see also [20016], [20018], [20019], [20020], [20021], [20022], [20025], [20026], [20027]. also fixes #19244.

see #20103.



git-svn-id: http://svn.automattic.com/wordpress/trunk@20029 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-02-28 21:24:44 +00:00
duck_ a395e06896 Reduce references to the $wp_rewrite global because it's no longer used or a wrapper function can be used instead. Fixes #14546.#14546.
git-svn-id: http://svn.automattic.com/wordpress/trunk@20023 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-02-28 20:29:33 +00:00
ryan a575cd242e Switch post_content_filtered from text to longtext so that it matches post_content. Props ejdanderson. fixes #19387
git-svn-id: http://svn.automattic.com/wordpress/trunk@19863 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-02-08 14:51:18 +00:00
ryan 5fd633b48b Drop the comment_approved index from the comments table. comment_approved_date_gmt is sufficient. fixes #19935
git-svn-id: http://svn.automattic.com/wordpress/trunk@19799 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-01-31 18:26:07 +00:00
ryan 36d2989fed Remove blog_id column from wp_options. Props scribu. fixes #17188
git-svn-id: http://svn.automattic.com/wordpress/trunk@19793 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-01-30 20:47:25 +00:00
nacin 17ac9ebf82 Use the _x context function. props Mamaduka. see #19601.
git-svn-id: http://svn.automattic.com/wordpress/trunk@19788 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-01-29 23:43:14 +00:00
nacin fda09f5124 Allow translators to specify a default timezone string OR GMT offset. Stop doing date('Z')/3600 math for default gmt_offset, as since WP 2.9, we set server time to UTC. Server time is unreliable, so no workarounds for now. fixes #19601.
git-svn-id: http://svn.automattic.com/wordpress/trunk@19785 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-01-29 20:04:11 +00:00
nacin bdd70470e2 Use the site's locale for the feed language. Provides the same result as language_attributes(). Removes the rss_language option. fixes #13440. see #5517.
git-svn-id: http://svn.automattic.com/wordpress/trunk@19784 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-01-29 19:56:33 +00:00
nacin 0b169b5361 Offer start_of_week for translation. see #19601.
git-svn-id: http://svn.automattic.com/wordpress/trunk@19780 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-01-29 04:21:53 +00:00
ryan e3b46b25d3 Lose EOF ?>. Clean up EOF newlines. fixes #12307
git-svn-id: http://svn.automattic.com/wordpress/trunk@19712 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-01-08 17:01:11 +00:00
ryan 07ff8b216b Use one space, not two, after trailing punctuation. fixes #19537
git-svn-id: http://svn.automattic.com/wordpress/trunk@19593 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-12-13 23:45:31 +00:00
ryan b6b8a588bb Initialize active_sitewide_plugins during network install and upgrade. fixes #19385
git-svn-id: http://svn.automattic.com/wordpress/trunk@19470 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-11-28 20:35:36 +00:00
markjaquith 279615ea59 Fix "wp_db_current_db_version" typo. see #18693
git-svn-id: http://svn.automattic.com/wordpress/trunk@19411 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-11-22 22:05:42 +00:00
markjaquith a1fb35ca98 Introduce initial_db_version and leverage it so that pointers only get shown to updated installs, not new 3.3 installs. props nacin. see #18693
git-svn-id: http://svn.automattic.com/wordpress/trunk@19410 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-11-22 21:50:50 +00:00
ryan ba9bd2e208 Properly handle child themes for WP_DEFAULT_THEME. Props SergeyBiryukov. fixes #18591
git-svn-id: http://svn.automattic.com/wordpress/trunk@19249 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-11-10 21:06:57 +00:00
dd32 5194428741 Fix Undefined Variable Notices when no charset/collate is set for $wpdb. See #12028
git-svn-id: http://svn.automattic.com/wordpress/trunk@18986 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-10-18 02:48:07 +00:00
ryan a0f6c4469d Introduce wp_get_db_schema() for rerieving the various flavors of the WP db schema. Eliminates need to use global. Allows multiple calls to wpmu_create_blog(). see #12028
git-svn-id: http://svn.automattic.com/wordpress/trunk@18899 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-10-06 00:21:24 +00:00
ryan 760a1f8b6c Syncronize some strings. Props dcowgill, SergeyBiryukov. fixes #17770
git-svn-id: http://svn.automattic.com/wordpress/trunk@18878 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-10-04 16:09:24 +00:00
ryan ec4ccf2900 Deprecate get_userdatabylogin() and get_user_by_email(). Props scribu. fixes #18333
git-svn-id: http://svn.automattic.com/wordpress/trunk@18513 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-08-05 16:57:31 +00:00
nacin da2732c7de Use wp_remote_retrieve_* helper functions instead of the raw HTTP response array. props aaroncampbell, fixes #17416.
git-svn-id: http://svn.automattic.com/wordpress/trunk@17928 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-05-14 19:45:07 +00:00
markjaquith 87f06616a7 A few "login" used as a verb fixes. props xibe. fixes #17335
git-svn-id: http://svn.automattic.com/wordpress/trunk@17831 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-05-07 03:26:23 +00:00
nacin 02d663acb4 More room for your content! Increase default post edit rows as the meta boxes are all hidden by default. see #14212.
git-svn-id: http://svn.automattic.com/wordpress/trunk@17225 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-01-06 00:57:24 +00:00
nacin ade50f7e35 Allow dfault post format selections. fixes #15882.
git-svn-id: http://svn.automattic.com/wordpress/trunk@17056 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-12-19 05:36:11 +00:00
scribu 6963b1997b Get only required fields in populate_network(). See #15854
git-svn-id: http://svn.automattic.com/wordpress/trunk@17012 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-12-17 00:11:21 +00:00
nacin 62b349e605 Kill what_to_show on upgrade. fixes #9815.
git-svn-id: http://svn.automattic.com/wordpress/trunk@16092 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-10-29 22:39:05 +00:00
scribu 1652fe96c1 fix wp_getAuthors in xmlrpc.php. See #14572 and [15566]
git-svn-id: http://svn.automattic.com/wordpress/trunk@15567 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-09-05 14:49:52 +00:00
nacin a1ded4c270 Tiny code cleanup. intval is used earlier so it is stored properly in the db; we just need true/false.
git-svn-id: http://svn.automattic.com/wordpress/trunk@15305 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-06-23 05:10:45 +00:00
nacin a596163f6a Translate, don't echo. props SergeyBiryukov, fixes #14008 for trunk.
git-svn-id: http://svn.automattic.com/wordpress/trunk@15293 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-06-21 05:36:18 +00:00