Commit Graph

166 Commits

Author SHA1 Message Date
Mark Jaquith 24ac7c4ac5 Prevent invalid queries in certain empty-array-passing meta_query cases.
fixes #22096. props wonderboymusic.

git-svn-id: http://core.svn.wordpress.org/trunk@24563 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-07-05 16:40:46 +00:00
Sergey Biryukov 58c364947f PHPDoc fixes and additions. fixes #24616.
git-svn-id: http://core.svn.wordpress.org/trunk@24490 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-06-21 12:45:11 +00:00
Ryan Boren 15a06a35ab Use wp_unslash() instead of stripslashes() and stripslashes_deep(). Use wp_slash() instead of add_magic_quotes().
see #WP21767


git-svn-id: http://core.svn.wordpress.org/trunk@23591 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-03 16:30:38 +00:00
Ryan Boren 43a7e695e9 Revert 23416, 23419, 23445 except for wp_reset_vars() changes. We are going a different direction with the slashing cleanup, so resetting to a clean slate. see #21767
git-svn-id: http://core.svn.wordpress.org/trunk@23554 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-01 16:28:40 +00:00
Ryan Boren cc5ed3a485 Change all core API to expect unslashed rather than slashed arguments.
The exceptions to this are update_post_meta() and add_post_meta() which are often used by plugins in POST handlers and will continue accepting slashed data for now.

Introduce wp_upate_post_meta() and wp_add_post_meta() as unslashed alternatives to update_post_meta() and add_post_meta(). These functions could become methods in WP_Post so don't use them too heavily yet.

Remove all escape() calls from wp_xmlrpc_server. Now that core expects unslashed data this is no longer needed.

Remove addslashes(), addslashes_gpc(), add_magic_quotes() calls on data being prepared for handoff to core functions that until now expected slashed data. Adding slashes in no longer necessary.

Introduce wp_unslash() and use to it remove slashes from GPCS data before using it in core API. Almost every instance of stripslashes() in core should now be wp_unslash(). In the future (a release or three) when GPCS is no longer slashed, wp_unslash() will stop stripping slashes and simply return what is passed. At this point wp_unslash() calls can be removed from core.

Introduce wp_slash() for slashing GPCS data. This will also turn into a noop once GPCS is no longer slashed. wp_slash() should almost never be used. It is mainly of use in unit tests.

Plugins should use wp_unslash() on data being passed to core API.

Plugins should no longer slash data being passed to core. So when you get_post() and then wp_insert_post() the post data from get_post() no longer needs addslashes(). Most plugins were not bothering with this. They will magically start doing the right thing. Unfortunately, those few souls who did it properly will now have to avoid calling addslashes() for 3.6 and newer.

Use wp_kses_post() and wp_kses_data(), which expect unslashed data, instead of wp_filter_post_kses() and wp_filter_kses(), which expect slashed data. Filters are no longer passed slashed data.

Remove many no longer necessary calls to $wpdb->escape() and esc_sql().

In wp_get_referer() and wp_get_original_referer(), return unslashed data.

Remove old stripslashes() calls from WP_Widget::update() handlers. These haven't been necessary since WP_Widget.

Switch several queries over to prepare().

Expect something to break.

Props alexkingorg
see #21767


git-svn-id: http://core.svn.wordpress.org/trunk@23416 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-02-14 22:51:06 +00:00
Mark Jaquith cd250fa7df Defer the meta_id-fetching query until after comparison of the previous value, so that redundant calls to update_metadata() can bail without making that query. props nacin. fixes #22191
git-svn-id: http://core.svn.wordpress.org/trunk@22231 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-10-15 05:51:38 +00:00
Ryan Boren 778ba1c1b2 Improve performance of WP_Meta_Query when doing OR queries on meta keys. Props joehoyle, SergeyBiryukov. fixes #19729
git-svn-id: http://core.svn.wordpress.org/trunk@22103 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-10-03 12:35:06 +00:00
nacin aebd57c588 Add NOT EXISTS to meta queries, allowing you to query for the non-existence of a meta key.
You could already use EXISTS by omitting a value to check.

props georgestephanis, scribu
fixes #18158



git-svn-id: http://core.svn.wordpress.org/trunk@21185 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-06-29 19:59:29 +00:00
nacin c7cf0927fc Use the metadata API rather than raw queries and direct do_action calls. see #20417.
git-svn-id: http://svn.automattic.com/wordpress/trunk@20435 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-04-11 20:02:39 +00:00
nacin 0730535015 Introduce $wpdb->delete(). props justindgivens, scribu. fixes #18948.
git-svn-id: http://svn.automattic.com/wordpress/trunk@20287 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-03-24 15:24:31 +00:00
ryan e3b46b25d3 Lose EOF ?>. Clean up EOF newlines. fixes #12307
git-svn-id: http://svn.automattic.com/wordpress/trunk@19712 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-01-08 17:01:11 +00:00
ryan 07ff8b216b Use one space, not two, after trailing punctuation. fixes #19537
git-svn-id: http://svn.automattic.com/wordpress/trunk@19593 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-12-13 23:45:31 +00:00
ryan 62afab8db3 Pinking shears
git-svn-id: http://svn.automattic.com/wordpress/trunk@19054 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-10-24 19:13:23 +00:00
duck_ d5232043ce Fix back compat issues with delete_postmeta and deleted_postmeta actions as these should be passed the meta ID. Fixes #18825.
git-svn-id: http://svn.automattic.com/wordpress/trunk@18835 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-09-30 15:19:32 +00:00
duck_ fda510aca1 Automatically set 'compare' => 'IN' in WP_Meta_Query::get_sql() when the meta value is an array. Props ldebrouwer, SergeyBiryukov. Fixes #16829.
git-svn-id: http://svn.automattic.com/wordpress/trunk@18825 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-09-29 22:10:56 +00:00
nacin 1066f1addb Pass unslashed values from update_metadata() to add_metadata(). fixes #17343.
git-svn-id: http://svn.automattic.com/wordpress/trunk@18816 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-09-29 19:37:58 +00:00
nacin cb21513a15 Fix docs for get_meta_sql(). First arg cannot be optional. props duck_, fixes #18717.
git-svn-id: http://svn.automattic.com/wordpress/trunk@18789 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-09-27 05:13:07 +00:00
ryan 0f06334e11 Introduce metadata_exists(), WP_User::get_data_by(), WP_User::get(), WP_User::has_prop(). Don't fill user objects with meta. Eliminate data duplication in cache and memory. Props scribu. see #15458
git-svn-id: http://svn.automattic.com/wordpress/trunk@18597 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-08-24 19:32:59 +00:00
ryan 24d480d088 Turn delete_meta() , get_post_meta_by_id(), update_meta(), delete_post_meta_by_key() into wrappers around the metadata API. Add back compat *_postmeta actions to metadata API. Props jgadbois. see #18196
git-svn-id: http://svn.automattic.com/wordpress/trunk@18500 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-08-03 16:48:37 +00:00
ryan cd801aad2d update_metadata_by_mid() and delete_metadata_by_mid(). Props kovshenin. see #18195
git-svn-id: http://svn.automattic.com/wordpress/trunk@18494 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-08-01 17:01:54 +00:00
ryan 4ad0954961 Introduce register_meta(), get_metadata_by_mid(), and *_post_meta capabilities. fixes #17850
git-svn-id: http://svn.automattic.com/wordpress/trunk@18445 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-07-20 22:04:35 +00:00
nacin 2571545ec0 @since s/3.2/3.2.0/
git-svn-id: http://svn.automattic.com/wordpress/trunk@18268 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-06-11 04:40:18 +00:00
ryan daa14c36f9 Bring out the pinking shears.
git-svn-id: http://svn.automattic.com/wordpress/trunk@18254 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-06-10 23:01:45 +00:00
ryan 4da684cf9a Update @since
git-svn-id: http://svn.automattic.com/wordpress/trunk@18032 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-05-25 15:47:17 +00:00
ryan 81a5f821fb Sanitize guid on save and display. Sanitize mime type on save. Don't allow changing mime type via edit form handlers. Protect hidden meta.
git-svn-id: http://svn.automattic.com/wordpress/trunk@17994 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-05-22 23:19:42 +00:00
dd32 911af51915 Properly handle querying for meta by value without a key as well as those with invalid parameters. Props scribu. See #17264
git-svn-id: http://svn.automattic.com/wordpress/trunk@17746 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-04-28 15:02:16 +00:00
ryan 0667ceb3be Introduce WP_Meta_Query and relation support. Props scribu, greuben. fixes #17165 #17011
git-svn-id: http://svn.automattic.com/wordpress/trunk@17699 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-04-25 17:27:35 +00:00
ryan 686c35340b Allow querying empty meta values. Props scribu. fixes #15292
git-svn-id: http://svn.automattic.com/wordpress/trunk@17674 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-04-21 18:13:03 +00:00
ryan 238dff4948 Avoid var name conflict in _get_meta_sql(). Fixes type var passed to get_meta_sql filter. Props Rahe, nacin. fixes #16825 for trunk
git-svn-id: http://svn.automattic.com/wordpress/trunk@17530 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-03-22 20:35:47 +00:00
nacin f508173dc0 get_meta_sql should be private. see #14645.
git-svn-id: http://svn.automattic.com/wordpress/trunk@17170 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-12-29 19:31:35 +00:00
ryan eb9fa27602 Add 'who' arg to wp_dropdown_users() and get_users(). Add' hide_if_only_one_author' argument to get_users(). Query only authors (user level greater than 0) when who => author is passed. Query only authors for author meta box and quick edit dropdowns. Props scribu. fixes #15871
git-svn-id: http://svn.automattic.com/wordpress/trunk@17088 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-12-20 17:25:39 +00:00
ryan 2cc6b2e7ff phpdoc notation fixes. Props demetris. fixes #15852
git-svn-id: http://svn.automattic.com/wordpress/trunk@17009 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-12-16 22:46:13 +00:00
nacin 899f0e115d Allow actual DB fields in WP_User_Query orderby. props duck, see #15816.
git-svn-id: http://svn.automattic.com/wordpress/trunk@16953 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-12-15 16:51:38 +00:00
ryan 21650c59bc Meta data caching improvements. Props mdawaffe. see #15545
git-svn-id: http://svn.automattic.com/wordpress/trunk@16596 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-26 21:35:26 +00:00
ryan 01a32c0af0 Use wp_cache_add() instead of wp_cache_set() in update_meta_cache(). fixes #15452
git-svn-id: http://svn.automattic.com/wordpress/trunk@16437 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-17 18:25:42 +00:00
scribu 8cf88a2e84 Minor get_meta_sql() cleanup. See #9124
git-svn-id: http://svn.automattic.com/wordpress/trunk@16410 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-17 00:27:34 +00:00
scribu 40b2c5b6c5 Kill WP_Object_Query. See #15032
git-svn-id: http://svn.automattic.com/wordpress/trunk@16353 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-13 18:32:43 +00:00
scribu 8885e4f78e Add context to get_meta_sql(). See #15018
git-svn-id: http://svn.automattic.com/wordpress/trunk@16286 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-11 10:06:05 +00:00
scribu db1d9369eb Make get_meta_sql() a standalone function. See #15032
git-svn-id: http://svn.automattic.com/wordpress/trunk@16266 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-09 23:22:13 +00:00
scribu 8a95232377 Fix inconsistencies in metadata filters. Props sc0ttkclark. See #14766
git-svn-id: http://svn.automattic.com/wordpress/trunk@16017 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-10-27 17:45:08 +00:00
scribu f7bb6febeb Add filters to *_metadata() functions. Props sc0ttkclark. Fixes #14766
git-svn-id: http://svn.automattic.com/wordpress/trunk@15983 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-10-26 19:11:27 +00:00
ryan 2e486e7b10 Actions for adding and deleting meta. Props wojtek.szkutnik mitchoyoshitaka. fixes #14173
git-svn-id: http://svn.automattic.com/wordpress/trunk@15917 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-10-22 19:18:33 +00:00
nacin 5a20c05d27 Phpdoc argument/@param cleanups. props duck_, see #14783.
git-svn-id: http://svn.automattic.com/wordpress/trunk@15590 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-09-07 11:21:11 +00:00
ryan 3a5154435e Perform strict equality comparison. Props shawnparker. fixes #13350 for 3.1
git-svn-id: http://svn.automattic.com/wordpress/trunk@15389 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-07-12 15:28:31 +00:00
ryan b2150816f8 Don't update meta data when the new value matches the old value. fixes #13350
git-svn-id: http://svn.automattic.com/wordpress/trunk@14564 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-05-11 17:35:07 +00:00
nacin 4e6574f0ac Revert patch for expecting unslashed data in the metadata API. Had snuck in with [14546]. see #12416.
git-svn-id: http://svn.automattic.com/wordpress/trunk@14547 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-05-10 20:51:58 +00:00
nacin d91623d3d0 Fix double-tabbing in get_dropins.
git-svn-id: http://svn.automattic.com/wordpress/trunk@14546 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-05-10 20:41:14 +00:00
ryan e1fe1b138e Pass unserializeds value to meta actions.
git-svn-id: http://svn.automattic.com/wordpress/trunk@14308 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-04-29 19:26:40 +00:00
ryan 4939a7610a clean_user_cache() instead of direct cache delete.
git-svn-id: http://svn.automattic.com/wordpress/trunk@14305 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-04-29 18:32:01 +00:00
ryan ec46abfe29 Reset the global current_user object when the current user is changed.
git-svn-id: http://svn.automattic.com/wordpress/trunk@14302 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-04-29 18:24:18 +00:00
ryan 41a9873022 Clear the users cache when updating user metadata. fixes #13075
git-svn-id: http://svn.automattic.com/wordpress/trunk@14179 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-04-21 18:25:03 +00:00
dd32 5fc388aa29 Fix Metadata deletion. See #12414 for trunk
git-svn-id: http://svn.automattic.com/wordpress/trunk@13496 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-02-28 10:07:55 +00:00
nacin c68fb87dee Validate $object_id in *_metadata() functions. Props scribu fixes #11841
git-svn-id: http://svn.automattic.com/wordpress/trunk@13347 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-02-23 22:42:54 +00:00
nacin 25883dca37 Ensure we're back compat with return values and actions in deprecated *_usermeta() family. See #10837
git-svn-id: http://svn.automattic.com/wordpress/trunk@13326 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-02-23 09:15:47 +00:00
ryan 699387f747 Remove trailing whitespace
git-svn-id: http://svn.automattic.com/wordpress/trunk@12859 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-01-26 22:49:05 +00:00
ryan 7e294fd282 phpdoc for metadata API. Props wnorris. fixes #11943
git-svn-id: http://svn.automattic.com/wordpress/trunk@12761 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-01-19 17:08:04 +00:00
ryan 300360655f Use umeta_id for user meta. Props wnorris. fixes #11627 for trunk
git-svn-id: http://svn.automattic.com/wordpress/trunk@12562 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-12-28 16:42:31 +00:00
ryan 742349b291 Fix argument order. Props mdawaffe. fixes #11125
git-svn-id: http://svn.automattic.com/wordpress/trunk@12173 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-11-12 14:43:15 +00:00
ryan bf96c01551 Associate subdirector of whitespace trims trailing whites with pinking shears.
git-svn-id: http://svn.automattic.com/wordpress/trunk@12042 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-10-15 20:26:21 +00:00
westi f1db510742 Fix the specification of the object_type column in delete_metadata so that it will delete stuff if $delete_all is false. See #2659
git-svn-id: http://svn.automattic.com/wordpress/trunk@11999 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-10-06 19:18:21 +00:00
azaozz 5680630d1f Fix delete_metadata(), see #2659
git-svn-id: http://svn.automattic.com/wordpress/trunk@11996 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-10-05 01:08:06 +00:00
ryan 57f26bb58e Remove trailing whitespace
git-svn-id: http://svn.automattic.com/wordpress/trunk@11971 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-09-24 17:19:13 +00:00
ryan ead46cf470 Actions for postmeta updates. Props Demitrious Kelly. see #10750
git-svn-id: http://svn.automattic.com/wordpress/trunk@11968 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-09-24 17:10:28 +00:00
westi 8e7f77c8fb Return correct results for both single and array cases. Fixes #10803.
git-svn-id: http://svn.automattic.com/wordpress/trunk@11948 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-09-17 22:11:57 +00:00
westi 6ef909e45e Don't pass undefined vars to action hooks. See #2659.
git-svn-id: http://svn.automattic.com/wordpress/trunk@11946 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-09-17 21:05:29 +00:00
westi c67e70dd91 First pass commentmeta implementation. See #2659 props scribu.
git-svn-id: http://svn.automattic.com/wordpress/trunk@11943 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-09-17 20:17:33 +00:00