Commit Graph

293 Commits

Author SHA1 Message Date
Andrew Ozz 242e6eea46 Privacy: fix markup for the table of contents on privacy policy guide screen.
Props ocean90, azaozz.
Fixes #44056.
Built from https://develop.svn.wordpress.org/trunk@43265


git-svn-id: http://core.svn.wordpress.org/trunk@43094 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-14 16:46:23 +00:00
Andrew Ozz b5564c8646 Privacy: fix the "Privacy Policy Guide updated" message and add a link to the guide.
Props birgire, azaozz.
Fixes #44057.
Built from https://develop.svn.wordpress.org/trunk@43263


git-svn-id: http://core.svn.wordpress.org/trunk@43092 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-14 16:21:21 +00:00
Dominik Schilling 2d4311e32e Privacy: Remove `is-dismissible` class from notice when privacy info has changed.
The notice isn't dismissible as it only gets removed once you visit the privacy guide, see #44057 and #44063.

Fixes #44065.

Built from https://develop.svn.wordpress.org/trunk@43261


git-svn-id: http://core.svn.wordpress.org/trunk@43090 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-14 15:55:21 +00:00
Andrew Ozz a75b113bed Privacy: fix two typos in `WP_Privacy_Policy_Content::get_default_content()`.
Props dlh.
Fixes #44050.
Built from https://develop.svn.wordpress.org/trunk@43249


git-svn-id: http://core.svn.wordpress.org/trunk@43078 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-13 11:15:21 +00:00
Andrew Ozz b82fed1806 Privacy: require `manage_privacy_options` capability for showing `WP_Privacy_Policy_Content::notice()`.
Props ocean90.
Fixes #44055.
Built from https://develop.svn.wordpress.org/trunk@43248


git-svn-id: http://core.svn.wordpress.org/trunk@43077 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-13 11:04:21 +00:00
Andrew Ozz 5c5a527d96 Privacy: exclude the wrapper from the default policy content.
Fixes #44048.
Built from https://develop.svn.wordpress.org/trunk@43242


git-svn-id: http://core.svn.wordpress.org/trunk@43071 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-11 15:07:21 +00:00
iandunn 8af721fff8 Privacy: Replace intrusive policy update notice with menu bubbles.
Previously, when a plugin updated its suggested privacy policy text, an admin notice was shown on all screens in the Administration Panels. That was done in order to make sure that administrators were aware of it, so that they could update their policy if needed. That was a very heavy-handed and intrusive approach, though, which leads to a poor user experience, and notice fatigue. 

An alternative approach is to use bubble notifications in the menu, similar to when plugins have updates that need to be installed. That still makes it obvious that something needs the administrator's attention, but is not as distracting as a notice.

The notice will still appear on the Privacy page, though, since it is relevant to that screen, and provides an explanation of why the bubble is appearing.

Props azaozz, xkon, iandunn.
Fixes #43954. See #43953.

Built from https://develop.svn.wordpress.org/trunk@43223


git-svn-id: http://core.svn.wordpress.org/trunk@43052 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-10 19:52:21 +00:00
Sergey Biryukov 47e6c2f9ec Privacy: Make the help hint for Privacy Policy page more translatable and accessible.
Props tobifjellner.
See #43980.
Built from https://develop.svn.wordpress.org/trunk@43206


git-svn-id: http://core.svn.wordpress.org/trunk@43035 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-09 23:12:21 +00:00
Andrew Ozz 35d5911ae8 Privacy: fixes for the privacy policy guide and suggested content:
- Separate the guide text form the suggested policy text.
- Add table of content for easier navigation.
- Move the content to tools.php (prevents the settings menu of being open).
- Add a link to the guide from the Privacy settings screen.

Props melchoyce, azaozz.
See #43980.
Built from https://develop.svn.wordpress.org/trunk@43203


git-svn-id: http://core.svn.wordpress.org/trunk@43032 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-09 20:51:23 +00:00
Andrew Ozz 3099f4d9ed Privacy: outputting the privacy policy guide and suggested content to a new page instead of a postbox.
Props melchoyce, azaozz.
See #43980.
Built from https://develop.svn.wordpress.org/trunk@43184


git-svn-id: http://core.svn.wordpress.org/trunk@43013 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-08 23:45:21 +00:00
Sergey Biryukov f055261a05 Privacy: Remove stray closing tag in `WP_Privacy_Policy_Content::get_default_content()`, fix typo in `@return` tag.
Props dlh, tobifjellner.
Fixes #43951.
Built from https://develop.svn.wordpress.org/trunk@43170


git-svn-id: http://core.svn.wordpress.org/trunk@42999 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-04 01:56:22 +00:00
Andrew Ozz 58b2e6e143 Privacy: use `sprintf()` in translations.
Props birgire.
See #43473.
Built from https://develop.svn.wordpress.org/trunk@43150


git-svn-id: http://core.svn.wordpress.org/trunk@42979 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-03 18:25:21 +00:00
Andrew Ozz 7d4429b2c8 Privacy: fix typos and inconsistencies in the default suggested text.
Props macbookandrew.
See #43473.
Built from https://develop.svn.wordpress.org/trunk@43148


git-svn-id: http://core.svn.wordpress.org/trunk@42977 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-03 17:42:22 +00:00
Andrew Ozz c5d13c5934 Privacy: change how the default text for privacy policy is added:
- Insert both the text and tutorial in new policy pages and highlight is brightly in the editor.
- Show only the suggested text in the policy postbox.

Props melchoyce, azaozz.
See #43473.
Built from https://develop.svn.wordpress.org/trunk@43146


git-svn-id: http://core.svn.wordpress.org/trunk@42975 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-03 17:13:21 +00:00
Andrew Ozz 0d2eb27a5d Privacy: do not fold a single section in the privacy policy poxtbox.
See #43473.
Built from https://develop.svn.wordpress.org/trunk@43126


git-svn-id: http://core.svn.wordpress.org/trunk@42955 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-02 22:10:21 +00:00
Andrew Ozz 237df3367b Privacy: only fold the sections in the privacy policy poxtbox when more than one.
See #43473.
Built from https://develop.svn.wordpress.org/trunk@43052


git-svn-id: http://core.svn.wordpress.org/trunk@42881 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-05-01 09:48:21 +00:00
Andrew Ozz d1ab641d16 Privacy: edits and improvements for the default text for a privacy policy.
Props idea15, allendav.
See #43473.
Built from https://develop.svn.wordpress.org/trunk@43048


git-svn-id: http://core.svn.wordpress.org/trunk@42877 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-30 21:06:21 +00:00
Andrew Ozz c21c4e25b3 Privacy: add default text for a privacy policy. First run.
Props xkon, idea15, allendav, azaozz.
See #43473.
Built from https://develop.svn.wordpress.org/trunk@43044


git-svn-id: http://core.svn.wordpress.org/trunk@42873 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-30 14:47:21 +00:00
Andrew Ozz 41a82d6078 Privacy: add better docs for `wp_add_privacy_policy_content()` and `WP_Privacy_Policy_Content::add()`.
See #43620.
Built from https://develop.svn.wordpress.org/trunk@43003


git-svn-id: http://core.svn.wordpress.org/trunk@42832 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-25 18:10:21 +00:00
Andrew Ozz 11e315ca23 Make the string `WordPress` translatable.
Props mnelson4.
See #43620.
Built from https://develop.svn.wordpress.org/trunk@42999


git-svn-id: http://core.svn.wordpress.org/trunk@42828 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-24 21:23:21 +00:00
Andrew Ozz 891deab7c5 Privacy: make the sections in the suggested privacy policy text postbox foldable. Add Read More/Read Less buttons. Fix copying of the suggested text by pressing the button.
Props melchoyce, xkon, azaozz.
See #43620.
Built from https://develop.svn.wordpress.org/trunk@42992


git-svn-id: http://core.svn.wordpress.org/trunk@42821 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-19 12:39:21 +00:00
Andrew Ozz 8d9e4937f8 Fix typo in 'wp_get_default_privacy_policy_content' filter.
Props claudiu.
See #43620.
Built from https://develop.svn.wordpress.org/trunk@42985


git-svn-id: http://core.svn.wordpress.org/trunk@42814 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-17 21:09:20 +00:00
Andrew Ozz 3108d2ffb2 Privacy: add a postbox that is shown when editing the privacy policy page, and where plugins and core will output suggested content and additional privacy info. First run.
Props melchoyce, azaozz.
See #43620.
Built from https://develop.svn.wordpress.org/trunk@42980


git-svn-id: http://core.svn.wordpress.org/trunk@42809 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-16 08:53:20 +00:00
John Blackbourn b13e73d05c Docs: Document more parameters and properties using typed array notation.
See #41756

Built from https://develop.svn.wordpress.org/trunk@42875


git-svn-id: http://core.svn.wordpress.org/trunk@42705 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-03-25 18:10:32 +00:00
John Blackbourn d7025e7787 Security: Loosen the admin referrer policy header value to allow the referring host to be sent from the admin area in all cases.
This allows referrer-restricted content from third parties (such as images and fonts) to continue working in the admin area.

Props aranwer104, qcmiao

Fixes #43285

Built from https://develop.svn.wordpress.org/trunk@42830


git-svn-id: http://core.svn.wordpress.org/trunk@42660 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-03-12 10:57:35 +00:00
Dominik Schilling 666e203f31 Administration: Remove unnecessary capitalization when referencing to plugin/theme editors.
Fixes #43072.
Built from https://develop.svn.wordpress.org/trunk@42757


git-svn-id: http://core.svn.wordpress.org/trunk@42587 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-02-26 19:35:30 +00:00
Gary Pendergast aaf99e6913 Code is Poetry.
WordPress' code just... wasn't.
This is now dealt with.

Props jrf, pento, netweb, GaryJ, jdgrimes, westonruter, Greg Sherwood from PHPCS, and everyone who's ever contributed to WPCS and PHPCS.
Fixes #41057.


Built from https://develop.svn.wordpress.org/trunk@42343


git-svn-id: http://core.svn.wordpress.org/trunk@42172 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-30 23:11:00 +00:00
Sergey Biryukov 1a5adcf722 Rewrite Rules: Correct the logic in `extract_from_markers()` after [41928].
Props stodorovic.
Fixes #42579. See #39920.
Built from https://develop.svn.wordpress.org/trunk@42199


git-svn-id: http://core.svn.wordpress.org/trunk@42029 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-16 13:25:50 +00:00
Konstantin Obenland 65c1468ff5 File Editors: Account for network admin use
Fixes a bug where files couldn't be accessed in multisite installs.

Props flixos90, westonruter.
Fixes #42420.


Built from https://develop.svn.wordpress.org/trunk@42115


git-svn-id: http://core.svn.wordpress.org/trunk@41944 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-03 18:51:49 +00:00
Sergey Biryukov 0f06f90341 Rewrite Rules: Remove redundant `if` condition in `extract_from_markers()`.
Props Dency, yahil, appchecker.
Fixes #39920.
Built from https://develop.svn.wordpress.org/trunk@41928


git-svn-id: http://core.svn.wordpress.org/trunk@41762 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-18 21:28:46 +00:00
Weston Ruter 0659de4e21 File Editors: Display list of theme/plugin files in scrollable directory tree.
Props WraithKenny, afercia, melchoyce, westonruter.
Amends [41721].
Fixes #24048.

Built from https://develop.svn.wordpress.org/trunk@41851


git-svn-id: http://core.svn.wordpress.org/trunk@41685 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-13 02:39:47 +00:00
John Blackbourn fbd44ee554 Security: Add a referrer policy header to the admin and login screens.
This sets a referrer policy of `same-origin` which adds hardening by preventing a referrer being sent from the admin area or login screens to other origins. This helps prevent unwanted exposure of potentially sensitive information that may be contained within URLs.

This change introduces a new filter, `admin_referrer_policy`, for filtering the referrer policy header value. The header can be disabled if necessary by removing the `wp_admin_headers` action from the `admin_init` and `login_init` hooks.

Props joostdevalk
Fixes #42036

Built from https://develop.svn.wordpress.org/trunk@41741


git-svn-id: http://core.svn.wordpress.org/trunk@41575 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-04 18:25:46 +00:00
John Blackbourn b52e37f9bf Options, Meta APIs: Require a confirmation link in an email to be clicked when an admin attempts to change the site admin email address.
This adds this previously Multisite-only functionality to single site installations too. This change prevents accidental or erroneous email address changes from potentially locking users out of their site.

Props MatheusGimenez, johnbillion

Fixes #39118

Built from https://develop.svn.wordpress.org/trunk@41254


git-svn-id: http://core.svn.wordpress.org/trunk@41094 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-08-14 20:13:43 +00:00
Dion Hulse e8211f783a Docs: Correct a number of typos/spelling mistakes in inline comments.
Props ottok.
Fixes #38464.

Built from https://develop.svn.wordpress.org/trunk@38893


git-svn-id: http://core.svn.wordpress.org/trunk@38836 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-25 00:38:35 +00:00
Drew Jaynes 7eb6471461 Docs: Fix minor formatting and syntax for wp-admin/* elements introduced in 4.6.
See #37318.

Built from https://develop.svn.wordpress.org/trunk@38024


git-svn-id: http://core.svn.wordpress.org/trunk@37965 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-09 14:00:31 +00:00
Peter Wilson 47d26cd9fb DOCS: Replace HTTP links with HTTPS.
Replaces unsecure links in documentation and translator comments with their secure versions.

Props johnpgreen, netweb

Fixes #36993

Built from https://develop.svn.wordpress.org/trunk@37674


git-svn-id: http://core.svn.wordpress.org/trunk@37640 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-10 04:50:33 +00:00
Andrew Ozz 82ee5ca020 Editor: ensure the page is refreshed when the users navigate to it with the Back or Forward buttons. In these cases the browsers usually load the page from (memory) cache and it contains the old editor content.
Fixes #35852.
Built from https://develop.svn.wordpress.org/trunk@37619


git-svn-id: http://core.svn.wordpress.org/trunk@37587 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-02 01:30:27 +00:00
Drew Jaynes 1947f4d17c Docs: Apply inline `@see` tags to hooks referenced in DocBlocks for wp-admin/* files.
Applying these specially-crafted `@see` tags allows the Code Reference parser to recognize and link these elements as actions and filters.

See #36921.

Built from https://develop.svn.wordpress.org/trunk@37537


git-svn-id: http://core.svn.wordpress.org/trunk@37505 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-05-23 17:28:27 +00:00
Drew Jaynes c3055cc190 Docs: Standardize hook docs in wp-admin/* to use third-person singular verbs per the inline documentation standards for PHP.
See #36913.

Built from https://develop.svn.wordpress.org/trunk@37488


git-svn-id: http://core.svn.wordpress.org/trunk@37456 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-05-22 18:01:30 +00:00
Pascal Birchler a47fa4f197 Rewrite Rules: After [36953], correctly replace existing rules on IIS when updating them.
Props WiZZarD_.
Fixes #36506 for trunk.
Built from https://develop.svn.wordpress.org/trunk@37273


git-svn-id: http://core.svn.wordpress.org/trunk@37239 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-04-21 09:33:27 +00:00
Andrea Fercia 30866ceb5d Accessibility: Improve color contrast updating any `#999` gray used for text or icons to a darker gray.
Fixes #35660.
Built from https://develop.svn.wordpress.org/trunk@36587


git-svn-id: http://core.svn.wordpress.org/trunk@36554 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-02-19 18:44:27 +00:00
John Blackbourn a5d44337b2 Docs: `@param` fixes for a variety of docblocks.
See #32246

Built from https://develop.svn.wordpress.org/trunk@36232


git-svn-id: http://core.svn.wordpress.org/trunk@36199 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-01-09 01:45:26 +00:00
John Blackbourn 7718e07129 Docs: Correct the parameter docs for various Heartbeat filters and functions.
See #32246

Built from https://develop.svn.wordpress.org/trunk@36231


git-svn-id: http://core.svn.wordpress.org/trunk@36198 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-01-09 01:37:26 +00:00
Drew Jaynes e6578e7b4f Docs: Use 3-digit, x.x.x-style semantic versioning in the DocBlocks for `post_form_autocomplete_off()` and `WP_Filesystem_SSH2::sftp_path()`.
Props aaronrutley.
Fixes #34518.

Built from https://develop.svn.wordpress.org/trunk@35468


git-svn-id: http://core.svn.wordpress.org/trunk@35432 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-31 13:16:24 +00:00
Helen Hou-Sandí 6ca92efe23 List tables: Move the view mode switcher into screen options for posts.
Having a view mode switcher nestled within table navigation makes no sense, especially now that it's a sticky user option. While less convenient for frequent switching, there is no evidence as of yet that there is a large userbase of frequent view mode switchers.

Introduces a filter for `view_mode_post_types`, which by default is all hierarchical post types with edit UI on.

props Oxymoron.
fixes #22222.

Built from https://develop.svn.wordpress.org/trunk@35357


git-svn-id: http://core.svn.wordpress.org/trunk@35323 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-22 19:25:25 +00:00
Scott Taylor 8eb3de46c9 Formatting: move `url_shorten()` from `wp-admin/includes/misc.php` to `wp-includes/formatting.php` for more global access.
Adds unit tests.

Props mulvane, chriscct7.
Fixes #20166.

Built from https://develop.svn.wordpress.org/trunk@35314


git-svn-id: http://core.svn.wordpress.org/trunk@35280 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-21 03:48:24 +00:00
Dion Hulse 85258bb914 In `insert_with_markers()` restore the 4.3 behaviour of creating the file if it doesn't exist.
This change also makes it bail early (without writing) if the markers content is the same as the existing, and uses `ftell()` rather than `$bytes` for the location to truncate the file to - based on the file pointer being at the end of the written stream.

Props willmot tigertech kevinatelement
See #31767

Built from https://develop.svn.wordpress.org/trunk@35267


git-svn-id: http://core.svn.wordpress.org/trunk@35233 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-19 00:53:24 +00:00
Boone Gorges 0e7c1d3b14 Use `wp_installing()` instead of `WP_INSTALLING` constant.
The `WP_INSTALLING` constant is a flag that WordPress sets in a number of
places, telling the system that options should be fetched directly from the
database instead of from the cache, that WP should not ping wordpress.org for
updates, that the normal "not installed" checks should be bypassed, and so on.

A constant is generally necessary for this purpose, because the flag is
typically set before the WP bootstrap, meaning that WP functions are not yet
available.  However, it is possible - notably, during `wpmu_create_blog()` -
for the "installing" flag to be set after WP has already loaded. In these
cases, `WP_INSTALLING` would be set for the remainder of the process, since
there's no way to change a constant once it's defined. This, in turn, polluted
later function calls that ought to have been outside the scope of site
creation, particularly the non-caching of option data. The problem was
particularly evident in the case of the automated tests, where `WP_INSTALLING`
was set the first time a site was created, and remained set for the rest of the
suite.

The new `wp_installing()` function allows developers to fetch the current
installation status (when called without any arguments) or to set the
installation status (when called with a boolean `true` or `false`). Use of
the `WP_INSTALLING` constant is still supported; `wp_installing()` will default
to `true` if the constant is defined during the bootstrap.

Props boonebgorges, jeremyfelt.
See #31130.
Built from https://develop.svn.wordpress.org/trunk@34828


git-svn-id: http://core.svn.wordpress.org/trunk@34793 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-05 15:06:28 +00:00
Drew Jaynes 4c2203b370 Docs: Add missing summaries for functions in wp-admin/includes/misc.php.
Also restructures the summary for `update_home_siteurl()`.

See #32246.

Built from https://develop.svn.wordpress.org/trunk@34824


git-svn-id: http://core.svn.wordpress.org/trunk@34789 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-05 02:52:24 +00:00
Dion Hulse dc9203d753 Rewrite `insert_with_markers()` to use `flock()` when available, significant cleanup of the function too.
The call to `flock()` is an exclusive advisory lock, which in my testing only PHP respects (apache continues to read it).
Not all filesystems support locking (remote NFS mounts for example) so this offers minimal benefit to those platforms, but offers much better protection against file corruption on systems which do support it.
The call is blocking, so a second process will wait for the first to complete before writing if supported.

See #31767

Built from https://develop.svn.wordpress.org/trunk@34740


git-svn-id: http://core.svn.wordpress.org/trunk@34704 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-01 07:46:27 +00:00
Jeremy Felt 5397416276 MS: Delete `rewrite_rules` when updating a switched site's URL.
Previously, rewrite rules could be flushed and regenerated in the context of another site. Deleting the rules when in a switched state allows for them to be generated properly on the next page view.

Fixes #33816.

Built from https://develop.svn.wordpress.org/trunk@34672


git-svn-id: http://core.svn.wordpress.org/trunk@34636 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-28 23:24:27 +00:00
Scott Taylor 84da11d918 Pass `false` as the 2nd argument to `class_exists()` to disable autoloading and to not cause problems for those who define `__autoload()`.
Fixes #20523.

Built from https://develop.svn.wordpress.org/trunk@34348


git-svn-id: http://core.svn.wordpress.org/trunk@34312 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-20 03:52:25 +00:00
John Blackbourn 606b6d15f1 Introduce `wp_removable_query_args()`, which returns an array of single-use query variables which can be removed from a URL.
Also applies the function to the return URL when the Customizer is closed.

Fixes #32692
Props swissspidy, Mte90

Built from https://develop.svn.wordpress.org/trunk@33849


git-svn-id: http://core.svn.wordpress.org/trunk@33817 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-02 11:29:23 +00:00
John Blackbourn b9ec4136d9 Remove `error` from the query variables when cleaning up a URL in `wp_admin_canonical_url()`.
Fixes #32847

Built from https://develop.svn.wordpress.org/trunk@33770


git-svn-id: http://core.svn.wordpress.org/trunk@33738 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-08-27 17:26:21 +00:00
Andrew Ozz fa25fe82ef Fix updating of nonces on the Edit Post screen after the log in expires and the user logs in again.
Props iseulde, azaozz. Fixes #33098.
Built from https://develop.svn.wordpress.org/trunk@33468


git-svn-id: http://core.svn.wordpress.org/trunk@33435 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-28 22:07:25 +00:00
Scott Taylor 42d51a4f89 Add doc blocks to functions that are missing them.
If the function has no need for `@param` or `@return`, do an archeaological dig to find `@since`.

See #32444.

Built from https://develop.svn.wordpress.org/trunk@32672


git-svn-id: http://core.svn.wordpress.org/trunk@32642 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-31 03:18:25 +00:00
Scott Taylor a51dfa3971 In the style of #30947 and `default-filters.php`, add 2 new files to `wp-admin/includes`:
`admin-filters.php`
`ms-admin-filters.php`

There are random actions and filters littered among files like `misc.php`. These files contain functions that won't work outside of admin context and are typically only loaded in files that have already loaded the admin bootstrap.

See #32529.

Built from https://develop.svn.wordpress.org/trunk@32653


git-svn-id: http://core.svn.wordpress.org/trunk@32623 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-29 17:04:26 +00:00
Scott Taylor b56b9b3e5c Add `@global` annotations for `wp-admin/*`.
See #32444.

Built from https://develop.svn.wordpress.org/trunk@32642


git-svn-id: http://core.svn.wordpress.org/trunk@32612 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-28 21:41:30 +00:00
Helen Hou-Sandí bfda508c18 Update more instances of default admin blues and grays.
props hugobaeta.
fixes #31234.

Built from https://develop.svn.wordpress.org/trunk@32051


git-svn-id: http://core.svn.wordpress.org/trunk@32030 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-05 21:20:27 +00:00
Helen Hou-Sandí d85f8fe326 Admin notices: Make (most) core notices dismissible.
These no longer return upon refreshing the page when JS is on and working, so users should be able to dismiss them. This is particularly important on the post edit screen when DFW is triggered, but pretty much all notices can be dismissed if needed. A post on Make/Core will follow with information on how this can be leveraged in plugins.

props valendesigns, afercia, paulwilde, adamsilverstein, helen.
fixes #31233. see #23367.

Built from https://develop.svn.wordpress.org/trunk@31973


git-svn-id: http://core.svn.wordpress.org/trunk@31952 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-01 22:06:28 +00:00
Dion Hulse 7b5ae90225 When altering the admin URL to reflect the canonical location, keep the existing hash (if present) in the URL.
Fixes #31758. See #23367

Built from https://develop.svn.wordpress.org/trunk@31882


git-svn-id: http://core.svn.wordpress.org/trunk@31861 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-03-25 04:32:26 +00:00
Dominik Schilling 4cc85f4da2 Administration: Remove single-use URL parameters and create canonical link based on new URL.
The default removable query args are 'message', 'settings-updated', 'saved', 'update', 'updated','activated', 'activate', 'deactivate', 'locked', 'deleted', 'trashed', 'untrashed', 'enabled', 'disabled', and 'skipped'. 

props morganestes.
fixes #23367.
Built from https://develop.svn.wordpress.org/trunk@31736


git-svn-id: http://core.svn.wordpress.org/trunk@31717 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-03-11 23:09:26 +00:00
Scott Taylor 196d85a9f6 Fill in the `@param` types for the args for functions missing them in `wp-admin/includes/misc.php`.
See #30224.

Built from https://develop.svn.wordpress.org/trunk@30200


git-svn-id: http://core.svn.wordpress.org/trunk@30200 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-03 06:01:24 +00:00
Gary Pendergast 007ec52958 Add `wp_json_encode()`, a wrapper for `json_encode()` that ensures everything is converted to UTF-8.
Change all core calls from `json_encode()` to `wp_json_encode()`.

Fixes #28786.


Built from https://develop.svn.wordpress.org/trunk@30055


git-svn-id: http://core.svn.wordpress.org/trunk@30055 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-10-28 18:35:19 +00:00
Andrew Nacin f7392ef917 Pinking shears.
Built from https://develop.svn.wordpress.org/trunk@29707


git-svn-id: http://core.svn.wordpress.org/trunk@29481 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-09-04 15:23:16 +00:00
Andrew Ozz 4deee321e3 Editor: use the `post_edit_form_tag` action to add autocomplete="off" to the whole form on the Add/Edit Post screen in WebKit. Prevents editor problems when the browser's Back button is used. Fixes #28037.
Built from https://develop.svn.wordpress.org/trunk@29448


git-svn-id: http://core.svn.wordpress.org/trunk@29226 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-08-08 20:54:15 +00:00
Drew Jaynes 097dc8ee15 Fix syntax for single- and multi-line comments in wp-admin-directory files.
See #28931.

Built from https://develop.svn.wordpress.org/trunk@29206


git-svn-id: http://core.svn.wordpress.org/trunk@28990 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-07-17 09:14:16 +00:00
Andrew Ozz 5168f9c7c6 Secure embeds in the editor (first run):
- When the user pastes an embeddable http URL, try to get the https embed.
- If an embed provider doesn't support ssl embeds, show a placeholder/error message.
- Revise the way we return error messages.
See #28195, #28507.
Built from https://develop.svn.wordpress.org/trunk@28919


git-svn-id: http://core.svn.wordpress.org/trunk@28718 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-06-30 05:49:16 +00:00
Andrew Ozz 84f3e30f7b wpView: improve handling of embed errors/error messages, see #28195
Built from https://develop.svn.wordpress.org/trunk@28754


git-svn-id: http://core.svn.wordpress.org/trunk@28568 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-06-15 22:53:16 +00:00
Scott Taylor 69fbe27f48 Don't use variable variables in `wp_reset_vars()`. Test by searching in list tables, etc.
See #27881.

Built from https://develop.svn.wordpress.org/trunk@28746


git-svn-id: http://core.svn.wordpress.org/trunk@28560 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-06-11 20:00:15 +00:00
Drew Jaynes a6e536fba6 Make sure to use 3-digit x.x.x style for two 3.9.0 `@since` versions.
Props netweb.
Fixes #28446.

Built from https://develop.svn.wordpress.org/trunk@28658


git-svn-id: http://core.svn.wordpress.org/trunk@28476 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-06-04 05:35:16 +00:00
Drew Jaynes f609524261 Minor phpDoc fixes for the `got_rewrite`, `got_url_rewrite`, and `documentation_ignore_functions` hooks.
Props GaryJ.
See #26869.

Built from https://develop.svn.wordpress.org/trunk@28352


git-svn-id: http://core.svn.wordpress.org/trunk@28180 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-08 11:13:14 +00:00
Drew Jaynes 690481f8e8 Generalize the hook documentation for the `set-screen-option` filter.
The filter covers more than [items]_per_page screen options.

Fixes #26186.

Built from https://develop.svn.wordpress.org/trunk@27379


git-svn-id: http://core.svn.wordpress.org/trunk@27228 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-03-03 17:51:14 +00:00
Drew Jaynes 849ce35cb9 Inline documentation for hooks in wp-admin/includes/misc.php.
Props JoshuaAbenazer.
Fixes #26186

Built from https://develop.svn.wordpress.org/trunk@27375


git-svn-id: http://core.svn.wordpress.org/trunk@27224 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-03-03 17:20:16 +00:00
Sergey Biryukov f291730aec Avoid an undefined index notice in wp_doc_link_parse().
props pross for initial patch.
fixes #27214.
Built from https://develop.svn.wordpress.org/trunk@27323


git-svn-id: http://core.svn.wordpress.org/trunk@27175 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-02-27 23:16:13 +00:00
Andrew Ozz 335add2573 Autosave: refactor autosave.js, use heartbeat for transport and move all "Add/Edit Post" related functionality to post.js. See #25272.
Built from https://develop.svn.wordpress.org/trunk@26995


git-svn-id: http://core.svn.wordpress.org/trunk@26872 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-01-22 04:56:16 +00:00
Helen Hou-Sandí 60f3e98d51 Pass the $user_id to the `admin_color_scheme_picker` hook for context. props nacin. see #26607 for trunk.
Built from https://develop.svn.wordpress.org/trunk@26924


git-svn-id: http://core.svn.wordpress.org/trunk@26805 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-01-08 21:49:10 +00:00
Drew Jaynes cd8cedc40d First there were two, and now there are three -- in the @since versions that came before and that shall be. And so it will be, says nacin.
Props JustinSainton, SergeyBiryukov, DrewAPicture.
Fixes #26713.

Built from https://develop.svn.wordpress.org/trunk@26868


git-svn-id: http://core.svn.wordpress.org/trunk@26754 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-12-24 18:57:12 +00:00
Andrew Nacin 1fb828504e Avoid notices when default and light are not registered color schemes. see #26468.
Built from https://develop.svn.wordpress.org/trunk@26814


git-svn-id: http://core.svn.wordpress.org/trunk@26701 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-12-09 00:49:09 +00:00
Andrew Nacin 7dbfca1778 Nonces are already per-user. see #22862.
Built from https://develop.svn.wordpress.org/trunk@26793


git-svn-id: http://core.svn.wordpress.org/trunk@26680 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-12-08 07:05:10 +00:00
Andrew Nacin c09252b950 Core updates for the new color schemes.
* Update about page, there's now 8.
 * Display them four wide, not three, and ensure adequate spacing.
 * Use a dedicated nonce.
 * Push Light to the front in addition to Default.
 * Use user-profile.js on about.php. A few extra things are initialized but they are harmless.

see #26468, #26387.

Built from https://develop.svn.wordpress.org/trunk@26776


git-svn-id: http://core.svn.wordpress.org/trunk@26663 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-12-07 07:46:21 +00:00
Drew Jaynes fdbc44ff48 Inline documentation fixes for `wp_heartbeat_set_suspension()`.
See #25073.

Built from https://develop.svn.wordpress.org/trunk@26732


git-svn-id: http://core.svn.wordpress.org/trunk@26621 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-12-06 18:43:10 +00:00
Andrew Nacin 9b29ad0529 Allow for Dashicons and base64-encoded data:image/svg+xml URIs when specifying menu icons.
Both of these icons can be colored to match the color scheme, including hover states.
Both are accepted for register_post_type()'s menu_icon argument, and also add_menu_page()'s $icon_url argument.

To use a Dashicon, pass the name of the helper class, e.g. 'dashicons-piechart'.
To use an SVG, pass a valid data URI string starting with 'data:image/svg+xml;base64,'.

props helen.
fixes #25147.

Built from https://develop.svn.wordpress.org/trunk@26664


git-svn-id: http://core.svn.wordpress.org/trunk@26554 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-12-05 06:38:09 +00:00
Andrew Ozz e6dd5fbf48 Svg-painter:
- Clean up the JS, better names, etc.
- Convert the base64 encode/decode code from jQuery plugin to local use.
- Add missing icon colors for the default theme.
- Make it more error-proof.
Fixes #26333.
Built from https://develop.svn.wordpress.org/trunk@26601


git-svn-id: http://core.svn.wordpress.org/trunk@26491 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-12-04 04:13:11 +00:00
Andrew Ozz 0f20e57329 Heartbeat:
- Bring back heartbeat.interval().
- Rename wp_disable_heartbeat_suspend() to wp_heartbeat_set_suspension().
- Rename the option for disabling suspension from options.suspend to options.suspension.
Fixes #25073.
Built from https://develop.svn.wordpress.org/trunk@26549


git-svn-id: http://core.svn.wordpress.org/trunk@26441 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-12-03 00:45:10 +00:00
Andrew Ozz a6ac0bea23 Improve the admin color scheme picker:
- Easier to extend.
- Remove the "drop-down" look, show all choices inline.
- Some PHP and JS cleanup.
Props ryelle, fixes #26336.
Built from https://develop.svn.wordpress.org/trunk@26506


git-svn-id: http://core.svn.wordpress.org/trunk@26400 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-12-01 19:50:09 +00:00
Andrew Ozz 162037903d Heartbeat: introduce "suspend" functionality and enable it after 20 min. of inactivity, see #25073.
Built from https://develop.svn.wordpress.org/trunk@26428


git-svn-id: http://core.svn.wordpress.org/trunk@26328 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-11-27 01:56:10 +00:00
Sergey Biryukov f0a4d5a991 Rename mp6_color_scheme JS global to wp_color_scheme.
props kovshenin.
see #26263.
Built from https://develop.svn.wordpress.org/trunk@26406


git-svn-id: http://core.svn.wordpress.org/trunk@26306 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-11-26 13:58:10 +00:00
Helen Hou-Sandí 603c1aff6d Merge the color schemes component from MP6. Introduces Light, Blue, and Midnight.
Color scheme selection on your own profile page gives you a preview and autosaves the selection.

Also introduces the usage of a preprocessor for core files, namely Sass. For 3.8, we will not expand its implementation past the color schemes. This does require Ruby as well as Sass 3.3.0+ due to the usage of the sourcemap option.

Note that only the default color scheme is available when running out of src. Use build to test the rest as well as the color picker.

props ryelle, melchoyce, tillkruess, drw158, littlethingsstudio, helen. see #25858, #22862.

Built from https://develop.svn.wordpress.org/trunk@26137


git-svn-id: http://core.svn.wordpress.org/trunk@26048 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-11-13 19:38:38 +00:00
Andrew Nacin d0cfa40983 Add jshintrc to qunit.
props jorbin.
see #25187.

Built from https://develop.svn.wordpress.org/trunk@25992


git-svn-id: http://core.svn.wordpress.org/trunk@25925 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-10-30 14:39:10 +00:00
Andrew Nacin 82547b21b6 In show_message(), only print error data if it is a string.
see #25576, [25775].

Built from https://develop.svn.wordpress.org/trunk@25796


git-svn-id: http://core.svn.wordpress.org/trunk@25708 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-10-15 19:51:10 +00:00
Andrew Nacin d3b89d43fc Add nginx detection to the Permalink Settings screen.
Introduces got_url_rewrite() and a corresponding filter, which should now be used in lieu of the got_rewrite filter in got_mod_rewrite().

This does not write or even suggest nginx configuration; rather, it prevents nginx from being considered as either Apache or as an unrecognized server.

props johnbillion.
fixes #25098.

Built from https://develop.svn.wordpress.org/trunk@25456


git-svn-id: http://core.svn.wordpress.org/trunk@25377 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-09-16 20:07:09 +00:00
Andrew Nacin c2a543566c Move _local_storage_notice() to admin/includes/template.php. props azaozz, see #24756.
git-svn-id: http://core.svn.wordpress.org/trunk@24762 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-07-22 05:09:49 +00:00
Andrew Nacin 740d141e1d Support IIS 8 and above.
props hurtige for initial patch.
fixes #23533.



git-svn-id: http://core.svn.wordpress.org/trunk@24594 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-07-08 20:27:06 +00:00
Andrew Ozz b8b66e2cc1 Nonce refresh:
- Update the heartbeat nonce when refreshing nonces on the Edit Post screen.
- After a user logs in from the auth-check dialog, speed up heatrbeat to check/refresh nonces on the Edit Post screen.
- Speeding up heartbeat: bring back the setting how long it should last (how many ticks).
- Add 'heartbeat-nonces-expired' jQuery event when nonces have expired and the user is logged in.
See #23295, see #23216.

git-svn-id: http://core.svn.wordpress.org/trunk@24528 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-06-29 01:31:44 +00:00
Andrew Ozz 5642a56311 Post locks:
- When a post is locked, ensure the 'Go back' button doesn't reload the same screen. If no referrer, change the button from 'Go back' to 'Go to All Posts'/'Go to All Pages' etc.
- Remove restriction on checking locks only for posts.
See #23697.



git-svn-id: http://core.svn.wordpress.org/trunk@24408 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-06-05 03:01:59 +00:00
Andrew Ozz 0fff739949 Heartbeat: rename some vars/args to make them more intuitive, don't set user_id on every request, see #23216
git-svn-id: http://core.svn.wordpress.org/trunk@24406 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-06-05 00:13:40 +00:00
Ryan Boren ad4a081c0c Pinking shears
git-svn-id: http://core.svn.wordpress.org/trunk@24303 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-05-20 12:10:58 +00:00
Andrew Ozz 2f0c58960a Separate the nonces update from checking the post lock. Fix scheduling the logged out check. See #23697, see #23295.
git-svn-id: http://core.svn.wordpress.org/trunk@24273 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-05-16 03:47:09 +00:00
Andrew Ozz d0c5c59c94 Post locks and autosave:
- Move nonces refreshing from autosave to lock checking.
- Do autosave only when there is something to save.
See #23295

git-svn-id: http://core.svn.wordpress.org/trunk@24209 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-05-08 22:52:55 +00:00
Sergey Biryukov 57c10eadbb Use ellipsis instead of three dots. props tjsingleton, jordie23, wojtek.szkutnik, DrewAPicture, SergeyBiryukov. see #8714.
git-svn-id: http://core.svn.wordpress.org/trunk@24207 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-05-08 21:27:31 +00:00
Andrew Ozz d2a8f064aa Post locks:
- Show 'Saving revision...' while autosaving after a post has been taken over. Change to 'Your latest changes were saved as a revision.' when autosave completes.
- Make sure a user exists before using $user->display_name.
- Add 'post_lock_text' action for extending the message text.

git-svn-id: http://core.svn.wordpress.org/trunk@24042 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-04-22 03:08:51 +00:00
Andrew Ozz e9245269a7 Autosave to the browser's sessionStorage, compare this autosave to the post content on page load and let the user restore it when the data is not the same. First run, see #23220
git-svn-id: http://core.svn.wordpress.org/trunk@23683 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-13 10:08:16 +00:00
Andrew Ozz 3b4b058275 Post locks on the posts list screen: new icons for the lock, props empireoflight, show avatar for the user currently editing, props dh-shredder, see #23312
git-svn-id: http://core.svn.wordpress.org/trunk@23681 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-13 00:28:07 +00:00
Andrew Ozz edb9333d40 Check post locks with heartbeat and display modal notifications when a post is locked or a user takes over editing, props dh-shredder, see #23697
git-svn-id: http://core.svn.wordpress.org/trunk@23661 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-12 03:22:30 +00:00
Sergey Biryukov f288da4b7b Use correct variable. see [23575]. see #21767.
git-svn-id: http://core.svn.wordpress.org/trunk@23584 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-02 21:10:12 +00:00
Andrew Nacin 4e06d41b9f Assume that url_shorten() receives unslashed data, as it does in core usage. see #21767.
git-svn-id: http://core.svn.wordpress.org/trunk@23575 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-01 17:56:31 +00:00
Ryan Boren 5f809d1d22 Use wp_unslash() instead of stripslashes() and stripslashes_deep(). Use wp_slash() instead of add_magic_quotes().
see #21767


git-svn-id: http://core.svn.wordpress.org/trunk@23563 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-01 17:00:25 +00:00
Ryan Boren 43a7e695e9 Revert 23416, 23419, 23445 except for wp_reset_vars() changes. We are going a different direction with the slashing cleanup, so resetting to a clean slate. see #21767
git-svn-id: http://core.svn.wordpress.org/trunk@23554 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-01 16:28:40 +00:00
Andrew Ozz 9a827a485e Post locks: use heartbeat to dynamically update locked posts on the Posts screen, first run, see #23312
git-svn-id: http://core.svn.wordpress.org/trunk@23487 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-02-25 23:17:10 +00:00
Ryan Boren cc5ed3a485 Change all core API to expect unslashed rather than slashed arguments.
The exceptions to this are update_post_meta() and add_post_meta() which are often used by plugins in POST handlers and will continue accepting slashed data for now.

Introduce wp_upate_post_meta() and wp_add_post_meta() as unslashed alternatives to update_post_meta() and add_post_meta(). These functions could become methods in WP_Post so don't use them too heavily yet.

Remove all escape() calls from wp_xmlrpc_server. Now that core expects unslashed data this is no longer needed.

Remove addslashes(), addslashes_gpc(), add_magic_quotes() calls on data being prepared for handoff to core functions that until now expected slashed data. Adding slashes in no longer necessary.

Introduce wp_unslash() and use to it remove slashes from GPCS data before using it in core API. Almost every instance of stripslashes() in core should now be wp_unslash(). In the future (a release or three) when GPCS is no longer slashed, wp_unslash() will stop stripping slashes and simply return what is passed. At this point wp_unslash() calls can be removed from core.

Introduce wp_slash() for slashing GPCS data. This will also turn into a noop once GPCS is no longer slashed. wp_slash() should almost never be used. It is mainly of use in unit tests.

Plugins should use wp_unslash() on data being passed to core API.

Plugins should no longer slash data being passed to core. So when you get_post() and then wp_insert_post() the post data from get_post() no longer needs addslashes(). Most plugins were not bothering with this. They will magically start doing the right thing. Unfortunately, those few souls who did it properly will now have to avoid calling addslashes() for 3.6 and newer.

Use wp_kses_post() and wp_kses_data(), which expect unslashed data, instead of wp_filter_post_kses() and wp_filter_kses(), which expect slashed data. Filters are no longer passed slashed data.

Remove many no longer necessary calls to $wpdb->escape() and esc_sql().

In wp_get_referer() and wp_get_original_referer(), return unslashed data.

Remove old stripslashes() calls from WP_Widget::update() handlers. These haven't been necessary since WP_Widget.

Switch several queries over to prepare().

Expect something to break.

Props alexkingorg
see #21767


git-svn-id: http://core.svn.wordpress.org/trunk@23416 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-02-14 22:51:06 +00:00
Ryan Boren b10f343480 Consistent escaping in admin_color_scheme_picker(). Props johnjamesjacoby. fixes #22326
git-svn-id: http://core.svn.wordpress.org/trunk@22375 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-11-05 18:16:23 +00:00
Andrew Nacin fac0ce8ec7 Flush rewrite rules when page_on_front is updated. props SergeyBiryukov. fixes #21274.
git-svn-id: http://core.svn.wordpress.org/trunk@22301 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-10-25 20:20:24 +00:00
Ryan Boren bcbc0b65ac Allow numbers in screen option IDs. Fixes setting posts per page for custom post types containing 0-9. Props SergeyBiryukov. fixes #18323
git-svn-id: http://core.svn.wordpress.org/trunk@22253 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-10-17 13:09:17 +00:00
Dion Hulse a41af6219a Move win_is_writable() from wp-admin/includes to wp-includes so that it's always available for get_temp_dir(). Fixes #20778
git-svn-id: http://core.svn.wordpress.org/trunk@22009 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-09-26 05:08:26 +00:00
ryan f45383244d Fix per_page screen option for custom post types and taxonomies. Don't convert taxonomy and post type slugs from hyphen to underscore when saving the per_page usermeta. Props nacin. see #18958
git-svn-id: http://core.svn.wordpress.org/trunk@21322 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-07-25 16:13:13 +00:00
azaozz 1d12cd07b0 Introduce wp_is_mobile() and use it instead of $is_iphone global, see #20014
git-svn-id: http://svn.automattic.com/wordpress/trunk@20417 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-04-10 01:19:30 +00:00
duck_ a395e06896 Reduce references to the $wp_rewrite global because it's no longer used or a wrapper function can be used instead. Fixes #14546.#14546.
git-svn-id: http://svn.automattic.com/wordpress/trunk@20023 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-02-28 20:29:33 +00:00
ryan e3b46b25d3 Lose EOF ?>. Clean up EOF newlines. fixes #12307
git-svn-id: http://svn.automattic.com/wordpress/trunk@19712 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-01-08 17:01:11 +00:00
ryan 616c35e71c One newline is enough.
git-svn-id: http://svn.automattic.com/wordpress/trunk@19684 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-01-05 20:10:39 +00:00
ryan 02a1dd7ccb Best practice, use wp_safe_redirect() when dealing with referrers. Props nacin.
git-svn-id: http://svn.automattic.com/wordpress/trunk@19579 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-12-10 18:26:48 +00:00
azaozz eb5dbde246 Admin bar IE7, iPad and rtl refresh, see #81197
git-svn-id: http://svn.automattic.com/wordpress/trunk@19368 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-11-21 02:03:02 +00:00
azaozz f85e0b3f00 Make iPad support usable again, add viewport meta, see #18863
git-svn-id: http://svn.automattic.com/wordpress/trunk@18926 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-10-10 04:19:05 +00:00
westi b816f54124 Revert [18747] until we can discuss it further. See #18453.
git-svn-id: http://svn.automattic.com/wordpress/trunk@18752 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-09-22 09:15:45 +00:00
azaozz 95e8b34104 Postpone warnings when WP_DEBUG and WP_DEBUG_DISPLAY are set, see #18453
git-svn-id: http://svn.automattic.com/wordpress/trunk@18747 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-09-22 02:27:00 +00:00
nacin a4c18fc053 Use untrailingslashit in url_shorten() and recurse_dirsize(). Remove unnecessary camelCase variables. see #18592.
git-svn-id: http://svn.automattic.com/wordpress/trunk@18637 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-09-05 16:53:19 +00:00
azaozz 06fd2002c5 Fix unfolding of the admin menu when no JS, fixes #17897
git-svn-id: http://svn.automattic.com/wordpress/trunk@18349 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-06-27 20:40:04 +00:00
westi 3c278d6421 Don't touch web.config when flushing rewrite rules if it is a multisite install. Fixes #16076 props nacin.
git-svn-id: http://svn.automattic.com/wordpress/trunk@17328 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-01-19 16:49:46 +00:00
dd32 20e1171ae8 Fix fatal error on IIS after r16797. props peaceablewhale. Limit variable string searching when possible. See #10187
git-svn-id: http://svn.automattic.com/wordpress/trunk@16904 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-12-14 08:31:33 +00:00
ryan 3f72e340d6 Update since phpdoc. Props demetris. fixes #15445
git-svn-id: http://svn.automattic.com/wordpress/trunk@16660 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-12-01 19:24:38 +00:00
nbachiyski 44f183e8dd Add another pair of parentheses, so that the right-hand win_is_writable() isn't always called. Fixes #15616
git-svn-id: http://svn.automattic.com/wordpress/trunk@16635 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-30 21:41:57 +00:00
nbachiyski db9eeb3019 Run the iis7_supports_permalinks() check first
* It's cheapest, most of the others involve disk operations
 * Doesn't go through win_is_writable(), which can't avoid relying on the @ operator


git-svn-id: http://svn.automattic.com/wordpress/trunk@16634 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-30 20:50:59 +00:00
nbachiyski 54886235ab Rename the $rm variable so that the logic in win_is_writable() makes more sense
git-svn-id: http://svn.automattic.com/wordpress/trunk@16623 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-30 19:57:39 +00:00
nbachiyski ce7bc3977b Proper spacing in win_is_writable(), according to the coding standards
git-svn-id: http://svn.automattic.com/wordpress/trunk@16622 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-30 19:13:27 +00:00
nbachiyski a3d185fd50 COonvert spaces to tabs
git-svn-id: http://svn.automattic.com/wordpress/trunk@16621 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-30 19:11:09 +00:00
PeteMall 652db28fad Add screen option in site-users. Props duck_, see #15558
git-svn-id: http://svn.automattic.com/wordpress/trunk@16570 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-24 16:54:53 +00:00
scribu 0324721ed2 Document url_shorten() and use in more places. Props latz for initial patch. Fixes #15540
git-svn-id: http://svn.automattic.com/wordpress/trunk@16536 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-22 17:17:31 +00:00
nacin 81a8f2d3ce Use square brackets instead of braces for string access. props hakre, fixes #13900.
git-svn-id: http://svn.automattic.com/wordpress/trunk@16340 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-13 09:53:55 +00:00
ryan 0d489ee102 Add screen options to site-themes. Props PeteMall. see #14897
git-svn-id: http://svn.automattic.com/wordpress/trunk@16298 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-11 15:16:16 +00:00
scribu b078890091 Fix screen options for the network admin themes and plugins. Props ocean90. Fixes #15269. Also fixes [16190]
git-svn-id: http://svn.automattic.com/wordpress/trunk@16194 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-04 20:49:30 +00:00
ryan 9c31fd7c70 First pass of user admin. Network admin and screen cleanups. see #14696
git-svn-id: http://svn.automattic.com/wordpress/trunk@15746 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-10-07 19:34:18 +00:00
scribu 020ce73746 Ajaxify list-type screens in the admin. See #14579
git-svn-id: http://svn.automattic.com/wordpress/trunk@15491 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-08-11 21:54:51 +00:00
markjaquith e3d5fb602b Make the number of taxonomies to display per page setting actually stick. props nacin. fixes #13899
git-svn-id: http://svn.automattic.com/wordpress/trunk@15263 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-06-15 20:07:02 +00:00
nacin c370c84d19 Remove autocomplete and codepress. for autocomplete, see #13283. for codepress, see #13307.
git-svn-id: http://svn.automattic.com/wordpress/trunk@14718 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-05-18 03:48:22 +00:00
westi 2c1cc83750 Fix support for rewrites on IIS7. Fixes #12973 props Frumph and ruslany.
git-svn-id: http://svn.automattic.com/wordpress/trunk@14312 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-04-29 21:41:20 +00:00
nacin 47b80515da Move send_nosniff_header() into wp-includes so it can be used in wp-ajax.php. props sivel, fixes #12683
git-svn-id: http://svn.automattic.com/wordpress/trunk@13806 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-03-23 19:13:58 +00:00
ryan e25a65b36a Trim trailing whitespace
git-svn-id: http://svn.automattic.com/wordpress/trunk@13733 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-03-17 16:27:25 +00:00
ryan b2c3ace49a Update ms-sites UI. Props ocean90. see #12460
git-svn-id: http://svn.automattic.com/wordpress/trunk@13609 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-03-06 18:31:10 +00:00
dd32 f3af366e3d First scrape at new UI for Bulk plugin upgrades. See #11232
git-svn-id: http://svn.automattic.com/wordpress/trunk@13602 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-03-06 08:39:50 +00:00
dd32 b1621c63ae Move Admin Colour Scheme picker to a hook. Props Jick. s/register_admin_color_themes()/register_admin_color_schemes/g. See #11625, Fixes #6837
git-svn-id: http://svn.automattic.com/wordpress/trunk@13487 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-02-28 06:34:31 +00:00