Andrew Nacin
7b47322e22
Ensure the referer functions operate completely on unslashed data: wp_referer_field(), wp_original_referer_field(), wp_get_referer(), wp_get_original_referer().
...
Use wp_slash() instead of addslashes().
see #21767 .
git-svn-id: http://core.svn.wordpress.org/trunk@23578 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-01 17:58:43 +00:00
Ryan Boren
5f809d1d22
Use wp_unslash() instead of stripslashes() and stripslashes_deep(). Use wp_slash() instead of add_magic_quotes().
...
see #21767
git-svn-id: http://core.svn.wordpress.org/trunk@23563 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-01 17:00:25 +00:00
Ryan Boren
43a7e695e9
Revert 23416, 23419, 23445 except for wp_reset_vars() changes. We are going a different direction with the slashing cleanup, so resetting to a clean slate. see #21767
...
git-svn-id: http://core.svn.wordpress.org/trunk@23554 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-01 16:28:40 +00:00
Ryan Boren
cc5ed3a485
Change all core API to expect unslashed rather than slashed arguments.
...
The exceptions to this are update_post_meta() and add_post_meta() which are often used by plugins in POST handlers and will continue accepting slashed data for now.
Introduce wp_upate_post_meta() and wp_add_post_meta() as unslashed alternatives to update_post_meta() and add_post_meta(). These functions could become methods in WP_Post so don't use them too heavily yet.
Remove all escape() calls from wp_xmlrpc_server. Now that core expects unslashed data this is no longer needed.
Remove addslashes(), addslashes_gpc(), add_magic_quotes() calls on data being prepared for handoff to core functions that until now expected slashed data. Adding slashes in no longer necessary.
Introduce wp_unslash() and use to it remove slashes from GPCS data before using it in core API. Almost every instance of stripslashes() in core should now be wp_unslash(). In the future (a release or three) when GPCS is no longer slashed, wp_unslash() will stop stripping slashes and simply return what is passed. At this point wp_unslash() calls can be removed from core.
Introduce wp_slash() for slashing GPCS data. This will also turn into a noop once GPCS is no longer slashed. wp_slash() should almost never be used. It is mainly of use in unit tests.
Plugins should use wp_unslash() on data being passed to core API.
Plugins should no longer slash data being passed to core. So when you get_post() and then wp_insert_post() the post data from get_post() no longer needs addslashes(). Most plugins were not bothering with this. They will magically start doing the right thing. Unfortunately, those few souls who did it properly will now have to avoid calling addslashes() for 3.6 and newer.
Use wp_kses_post() and wp_kses_data(), which expect unslashed data, instead of wp_filter_post_kses() and wp_filter_kses(), which expect slashed data. Filters are no longer passed slashed data.
Remove many no longer necessary calls to $wpdb->escape() and esc_sql().
In wp_get_referer() and wp_get_original_referer(), return unslashed data.
Remove old stripslashes() calls from WP_Widget::update() handlers. These haven't been necessary since WP_Widget.
Switch several queries over to prepare().
Expect something to break.
Props alexkingorg
see #21767
git-svn-id: http://core.svn.wordpress.org/trunk@23416 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-02-14 22:51:06 +00:00
azaozz
34535097b7
Remove nearly all tabindex attributes from the admin, leaving them only where absolutely necessary (for now that's only the toolbar).
...
Add tabindex="-1" for the menu images links to avoid double tab stops there when the menu is expanded.
Fix/add auto-focus on the first input fields on the Add/Edit Post, all taxonomy, all edit taxonomy, Log In and Edit Comment screens.
See #21340 .
git-svn-id: http://core.svn.wordpress.org/trunk@21311 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-07-24 00:15:15 +00:00
azaozz
bba9c91990
Responsive columns on the dashboard and write screens, first run, see #20015
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@20272 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-03-23 21:41:00 +00:00
nacin
8c841df86d
Revert type="email" (HTML5) as some browsers that do validation on these fields do not work for IDN domains yet. Core does not support these well either, but server-side validation can at least be dealt with by a plugin. see #17863 .
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@20196 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-03-15 18:09:14 +00:00
azaozz
f3b63e4537
Set proper HTML5 input types in the admin, props georgestephanis, fixes #17863
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@20168 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-03-10 01:23:48 +00:00
nacin
13be6d8fb9
In miscellaneous publishing actions, use :last-child instead of a separate misc-pub-section-last class to control borders. Allows for sane use of the post_submitbox_misc_actions hook. (Actually uses :first-child for browser compat reasons.) fixes #19604 .
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@20077 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-03-02 19:52:23 +00:00
westi
a1d2e646ab
Make sure to echo out the comment_post_ID when building the edit comment form otherwise the post comment counts will get out of sync. Fixes #20108 props dllh.
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@19981 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-02-23 18:16:46 +00:00
duck_
f17cb006cf
Remove extraneous single quote. Props garyc40. Fixes #19801 .
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@19731 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-01-11 23:35:35 +00:00
nacin
d39a1d4b1b
Remove dead variables and strings from edit-form-comment. props ocean90, fixes #19481 .
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@19612 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-12-20 21:39:46 +00:00
azaozz
9ca4a9a39a
Update Comment -> Update, props ocean90, fixes #19166
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@19176 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-11-05 18:03:33 +00:00
ryan
d0d8eb2aaf
Update meta box functions to handle WP_Screen objects and pass objects instead of IDs to them in core files. Allow passing emptiness to get the current screen. see #18958
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@19013 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-10-19 21:43:02 +00:00
duck_
c1d1590171
Fix typos in documentation (wp-admin/). See #18560 .
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@18632 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-09-03 14:18:10 +00:00
azaozz
1cdec6ff6e
Merge most admin css files, first run, see #18314
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@18577 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-08-21 03:46:43 +00:00
azaozz
f634dd5af4
Editor API enhancement, first run (still needs some work), see #17144
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@18498 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-08-03 10:19:00 +00:00
azaozz
96c6667c5c
Don't show the Fullscreen button on the comment edit page, see #17136
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@17966 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-05-19 07:34:54 +00:00
scribu
866c6e1faa
submit_button() fixes. Props sbressler. See #15064
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@16362 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-13 23:49:53 +00:00
markjaquith
fc6e89da45
Expand submit_button() capabilities. Replace all (or almost all) manual HTML instances in WP. props sbressler. see #15064
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@16061 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-10-28 21:56:43 +00:00
nacin
c6d21e7fbb
Introduce _ex(), a hybrid between _e() and _x() -- translate with context, then echo. props westi, see #13395 .
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@14647 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-05-14 21:46:25 +00:00
ryan
e18c1eeb3a
add_meta_boxes actions for comment and link forms.
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@14044 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-04-09 15:17:57 +00:00
azaozz
fb1bb44d60
Remove all instances of "Trash" from the UI when Trash is disabled, replace trash actions with "Delete permanently", props caesarsgrunt, see #4529
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@12162 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-11-10 10:38:19 +00:00
azaozz
195e473fe4
Fix trashing/untrashing comments when no JS, props caesarsgrunt, see #4529
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@12113 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-10-27 03:46:31 +00:00
azaozz
be026258fa
"Trash" updates, props caesarsgrunt, see #4529
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@11841 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-08-19 08:35:24 +00:00
azaozz
4105845402
Stop direct loading of files in wp-admin that should only be included, for trunk
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@11768 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-08-03 00:04:45 +00:00
azaozz
39e4f05a15
Trash status updates for posts, pages, comments and attachments, props caesarsgrunt, see #4529
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@11749 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-07-30 13:39:34 +00:00
azaozz
174f05ad82
Fix comment author url when editing, fixes #10466 for trunk
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@11739 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-07-22 22:32:27 +00:00
ryan
19b743e7e2
esc_attr() for comment author email
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@11727 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-07-20 02:51:14 +00:00
azaozz
8dff8f9f73
Properly escape comment_author_url when displaying, for trunk
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@11721 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-07-18 23:21:50 +00:00
markjaquith
3ebf837ced
Deprecate sanitize_url() and clean_url() in favor of esc_url_raw() and esc_url()
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@11383 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-05-18 16:00:33 +00:00
markjaquith
d7b015645d
esc_js(). Shorter, follows new escaping naming convention.
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@11245 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-05-09 07:27:22 +00:00
markjaquith
6c2ffddf31
_a(), _ea(), _xa(), attr() are now esc_attr__(), esc_attr_e(), esc_attr_x(), esc_attr() -- still short, but less cryptic. see #9650
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@11204 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-05-05 19:43:53 +00:00
ryan
942d030b1d
No need to attribute_escape a cleaned url. fixes #8587
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@11127 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-04-29 20:14:39 +00:00
ryan
7587955a22
urlencode referrer. Props hakre. fixes #8587
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@11120 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-04-29 16:20:14 +00:00
ryan
2d489767bb
s/attribute_escape/attr/. see #9650
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@11109 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-04-28 05:58:45 +00:00
ryan
c2ff1cd44a
Some attr escaping. see #9650
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@11104 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-04-27 23:09:08 +00:00
azaozz
67d841770a
Add "code" class to more URL input fields, props johnbillion, fixes #8383
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@10995 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-04-18 06:47:56 +00:00
azaozz
8c7f6cb6ee
Fix flash upload button, right sidebar on write pages in IE6
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@10865 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-04-04 10:21:43 +00:00
azaozz
3ca8d791a8
Fix right sidebar on edit comment screen
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@10843 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-03-26 22:22:52 +00:00
azaozz
61ff5addca
jQuery 1.3.2 and UI 1.7.1, may still have some regressions, add screen columns setting to the write/edit post/page screen options, fixes #8867
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@10834 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-03-25 14:29:22 +00:00
ryan
0bf194de3b
Use _x() and extracted comments. Props nbachiyski. see #9112
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@10680 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-03-02 19:20:19 +00:00
ryan
e89192b1a8
Strip trailing whitespace
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@10150 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-12-09 18:03:31 +00:00
ryan
2349f73659
Fix id typo. Props sivel. fixes #8401
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@9928 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-11-27 20:44:43 +00:00
azaozz
f0b7562b48
More screen icons and fixes, includes patch by johnconners, fixes #8380
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@9912 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-11-26 23:35:23 +00:00
westi
61fb6ea540
Give context to more translations to allow for differentiation between plural noun, verb and adjective translations. Fixes #8154 props nbachiyski.
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@9835 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-11-21 18:16:44 +00:00
markjaquith
af86fe57ca
change "Awaiting Moderation" to "Pending" fixes #8184
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@9656 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-11-13 05:57:07 +00:00
ryan
2bab4e2ec0
Differentiate between plural noun, verb and adjective Spam translations. Props nbachiyski. fixes #8154
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@9615 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-11-11 19:54:54 +00:00
ryan
81f671bb73
Validation fixes from Simek. fixes #8139
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@9592 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-11-10 17:49:00 +00:00
markjaquith
de3e6af863
Fix small typo in last commit.
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@9492 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-11-03 07:07:39 +00:00