Commit Graph

87 Commits

Author SHA1 Message Date
Andrew Nacin 4e06d41b9f Assume that url_shorten() receives unslashed data, as it does in core usage. see #21767.
git-svn-id: http://core.svn.wordpress.org/trunk@23575 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-01 17:56:31 +00:00
Ryan Boren 5f809d1d22 Use wp_unslash() instead of stripslashes() and stripslashes_deep(). Use wp_slash() instead of add_magic_quotes().
see #21767


git-svn-id: http://core.svn.wordpress.org/trunk@23563 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-01 17:00:25 +00:00
Ryan Boren 43a7e695e9 Revert 23416, 23419, 23445 except for wp_reset_vars() changes. We are going a different direction with the slashing cleanup, so resetting to a clean slate. see #21767
git-svn-id: http://core.svn.wordpress.org/trunk@23554 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-01 16:28:40 +00:00
Andrew Ozz 9a827a485e Post locks: use heartbeat to dynamically update locked posts on the Posts screen, first run, see #23312
git-svn-id: http://core.svn.wordpress.org/trunk@23487 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-02-25 23:17:10 +00:00
Ryan Boren cc5ed3a485 Change all core API to expect unslashed rather than slashed arguments.
The exceptions to this are update_post_meta() and add_post_meta() which are often used by plugins in POST handlers and will continue accepting slashed data for now.

Introduce wp_upate_post_meta() and wp_add_post_meta() as unslashed alternatives to update_post_meta() and add_post_meta(). These functions could become methods in WP_Post so don't use them too heavily yet.

Remove all escape() calls from wp_xmlrpc_server. Now that core expects unslashed data this is no longer needed.

Remove addslashes(), addslashes_gpc(), add_magic_quotes() calls on data being prepared for handoff to core functions that until now expected slashed data. Adding slashes in no longer necessary.

Introduce wp_unslash() and use to it remove slashes from GPCS data before using it in core API. Almost every instance of stripslashes() in core should now be wp_unslash(). In the future (a release or three) when GPCS is no longer slashed, wp_unslash() will stop stripping slashes and simply return what is passed. At this point wp_unslash() calls can be removed from core.

Introduce wp_slash() for slashing GPCS data. This will also turn into a noop once GPCS is no longer slashed. wp_slash() should almost never be used. It is mainly of use in unit tests.

Plugins should use wp_unslash() on data being passed to core API.

Plugins should no longer slash data being passed to core. So when you get_post() and then wp_insert_post() the post data from get_post() no longer needs addslashes(). Most plugins were not bothering with this. They will magically start doing the right thing. Unfortunately, those few souls who did it properly will now have to avoid calling addslashes() for 3.6 and newer.

Use wp_kses_post() and wp_kses_data(), which expect unslashed data, instead of wp_filter_post_kses() and wp_filter_kses(), which expect slashed data. Filters are no longer passed slashed data.

Remove many no longer necessary calls to $wpdb->escape() and esc_sql().

In wp_get_referer() and wp_get_original_referer(), return unslashed data.

Remove old stripslashes() calls from WP_Widget::update() handlers. These haven't been necessary since WP_Widget.

Switch several queries over to prepare().

Expect something to break.

Props alexkingorg
see #21767


git-svn-id: http://core.svn.wordpress.org/trunk@23416 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-02-14 22:51:06 +00:00
Ryan Boren b10f343480 Consistent escaping in admin_color_scheme_picker(). Props johnjamesjacoby. fixes #22326
git-svn-id: http://core.svn.wordpress.org/trunk@22375 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-11-05 18:16:23 +00:00
Andrew Nacin fac0ce8ec7 Flush rewrite rules when page_on_front is updated. props SergeyBiryukov. fixes #21274.
git-svn-id: http://core.svn.wordpress.org/trunk@22301 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-10-25 20:20:24 +00:00
Ryan Boren bcbc0b65ac Allow numbers in screen option IDs. Fixes setting posts per page for custom post types containing 0-9. Props SergeyBiryukov. fixes #18323
git-svn-id: http://core.svn.wordpress.org/trunk@22253 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-10-17 13:09:17 +00:00
Dion Hulse a41af6219a Move win_is_writable() from wp-admin/includes to wp-includes so that it's always available for get_temp_dir(). Fixes #20778
git-svn-id: http://core.svn.wordpress.org/trunk@22009 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-09-26 05:08:26 +00:00
ryan f45383244d Fix per_page screen option for custom post types and taxonomies. Don't convert taxonomy and post type slugs from hyphen to underscore when saving the per_page usermeta. Props nacin. see #18958
git-svn-id: http://core.svn.wordpress.org/trunk@21322 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-07-25 16:13:13 +00:00
azaozz 1d12cd07b0 Introduce wp_is_mobile() and use it instead of $is_iphone global, see #20014
git-svn-id: http://svn.automattic.com/wordpress/trunk@20417 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-04-10 01:19:30 +00:00
duck_ a395e06896 Reduce references to the $wp_rewrite global because it's no longer used or a wrapper function can be used instead. Fixes #14546.#14546.
git-svn-id: http://svn.automattic.com/wordpress/trunk@20023 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-02-28 20:29:33 +00:00
ryan e3b46b25d3 Lose EOF ?>. Clean up EOF newlines. fixes #12307
git-svn-id: http://svn.automattic.com/wordpress/trunk@19712 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-01-08 17:01:11 +00:00
ryan 616c35e71c One newline is enough.
git-svn-id: http://svn.automattic.com/wordpress/trunk@19684 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-01-05 20:10:39 +00:00
ryan 02a1dd7ccb Best practice, use wp_safe_redirect() when dealing with referrers. Props nacin.
git-svn-id: http://svn.automattic.com/wordpress/trunk@19579 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-12-10 18:26:48 +00:00
azaozz eb5dbde246 Admin bar IE7, iPad and rtl refresh, see #81197
git-svn-id: http://svn.automattic.com/wordpress/trunk@19368 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-11-21 02:03:02 +00:00
azaozz f85e0b3f00 Make iPad support usable again, add viewport meta, see #18863
git-svn-id: http://svn.automattic.com/wordpress/trunk@18926 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-10-10 04:19:05 +00:00
westi b816f54124 Revert [18747] until we can discuss it further. See #18453.
git-svn-id: http://svn.automattic.com/wordpress/trunk@18752 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-09-22 09:15:45 +00:00
azaozz 95e8b34104 Postpone warnings when WP_DEBUG and WP_DEBUG_DISPLAY are set, see #18453
git-svn-id: http://svn.automattic.com/wordpress/trunk@18747 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-09-22 02:27:00 +00:00
nacin a4c18fc053 Use untrailingslashit in url_shorten() and recurse_dirsize(). Remove unnecessary camelCase variables. see #18592.
git-svn-id: http://svn.automattic.com/wordpress/trunk@18637 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-09-05 16:53:19 +00:00
azaozz 06fd2002c5 Fix unfolding of the admin menu when no JS, fixes #17897
git-svn-id: http://svn.automattic.com/wordpress/trunk@18349 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-06-27 20:40:04 +00:00
westi 3c278d6421 Don't touch web.config when flushing rewrite rules if it is a multisite install. Fixes #16076 props nacin.
git-svn-id: http://svn.automattic.com/wordpress/trunk@17328 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-01-19 16:49:46 +00:00
dd32 20e1171ae8 Fix fatal error on IIS after r16797. props peaceablewhale. Limit variable string searching when possible. See #10187
git-svn-id: http://svn.automattic.com/wordpress/trunk@16904 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-12-14 08:31:33 +00:00
ryan 3f72e340d6 Update since phpdoc. Props demetris. fixes #15445
git-svn-id: http://svn.automattic.com/wordpress/trunk@16660 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-12-01 19:24:38 +00:00
nbachiyski 44f183e8dd Add another pair of parentheses, so that the right-hand win_is_writable() isn't always called. Fixes #15616
git-svn-id: http://svn.automattic.com/wordpress/trunk@16635 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-30 21:41:57 +00:00
nbachiyski db9eeb3019 Run the iis7_supports_permalinks() check first
* It's cheapest, most of the others involve disk operations
 * Doesn't go through win_is_writable(), which can't avoid relying on the @ operator


git-svn-id: http://svn.automattic.com/wordpress/trunk@16634 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-30 20:50:59 +00:00
nbachiyski 54886235ab Rename the $rm variable so that the logic in win_is_writable() makes more sense
git-svn-id: http://svn.automattic.com/wordpress/trunk@16623 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-30 19:57:39 +00:00
nbachiyski ce7bc3977b Proper spacing in win_is_writable(), according to the coding standards
git-svn-id: http://svn.automattic.com/wordpress/trunk@16622 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-30 19:13:27 +00:00
nbachiyski a3d185fd50 COonvert spaces to tabs
git-svn-id: http://svn.automattic.com/wordpress/trunk@16621 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-30 19:11:09 +00:00
PeteMall 652db28fad Add screen option in site-users. Props duck_, see #15558
git-svn-id: http://svn.automattic.com/wordpress/trunk@16570 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-24 16:54:53 +00:00
scribu 0324721ed2 Document url_shorten() and use in more places. Props latz for initial patch. Fixes #15540
git-svn-id: http://svn.automattic.com/wordpress/trunk@16536 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-22 17:17:31 +00:00
nacin 81a8f2d3ce Use square brackets instead of braces for string access. props hakre, fixes #13900.
git-svn-id: http://svn.automattic.com/wordpress/trunk@16340 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-13 09:53:55 +00:00
ryan 0d489ee102 Add screen options to site-themes. Props PeteMall. see #14897
git-svn-id: http://svn.automattic.com/wordpress/trunk@16298 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-11 15:16:16 +00:00
scribu b078890091 Fix screen options for the network admin themes and plugins. Props ocean90. Fixes #15269. Also fixes [16190]
git-svn-id: http://svn.automattic.com/wordpress/trunk@16194 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-04 20:49:30 +00:00
ryan 9c31fd7c70 First pass of user admin. Network admin and screen cleanups. see #14696
git-svn-id: http://svn.automattic.com/wordpress/trunk@15746 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-10-07 19:34:18 +00:00
scribu 020ce73746 Ajaxify list-type screens in the admin. See #14579
git-svn-id: http://svn.automattic.com/wordpress/trunk@15491 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-08-11 21:54:51 +00:00
markjaquith e3d5fb602b Make the number of taxonomies to display per page setting actually stick. props nacin. fixes #13899
git-svn-id: http://svn.automattic.com/wordpress/trunk@15263 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-06-15 20:07:02 +00:00
nacin c370c84d19 Remove autocomplete and codepress. for autocomplete, see #13283. for codepress, see #13307.
git-svn-id: http://svn.automattic.com/wordpress/trunk@14718 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-05-18 03:48:22 +00:00
westi 2c1cc83750 Fix support for rewrites on IIS7. Fixes #12973 props Frumph and ruslany.
git-svn-id: http://svn.automattic.com/wordpress/trunk@14312 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-04-29 21:41:20 +00:00
nacin 47b80515da Move send_nosniff_header() into wp-includes so it can be used in wp-ajax.php. props sivel, fixes #12683
git-svn-id: http://svn.automattic.com/wordpress/trunk@13806 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-03-23 19:13:58 +00:00
ryan e25a65b36a Trim trailing whitespace
git-svn-id: http://svn.automattic.com/wordpress/trunk@13733 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-03-17 16:27:25 +00:00
ryan b2c3ace49a Update ms-sites UI. Props ocean90. see #12460
git-svn-id: http://svn.automattic.com/wordpress/trunk@13609 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-03-06 18:31:10 +00:00
dd32 f3af366e3d First scrape at new UI for Bulk plugin upgrades. See #11232
git-svn-id: http://svn.automattic.com/wordpress/trunk@13602 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-03-06 08:39:50 +00:00
dd32 b1621c63ae Move Admin Colour Scheme picker to a hook. Props Jick. s/register_admin_color_themes()/register_admin_color_schemes/g. See #11625, Fixes #6837
git-svn-id: http://svn.automattic.com/wordpress/trunk@13487 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-02-28 06:34:31 +00:00
nacin 8b4e58529b A call to arms for grammarians. Fixes #12228 fixes #11875 props kurtmckee, filosofo, jjj
git-svn-id: http://svn.automattic.com/wordpress/trunk@13425 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-02-26 05:46:08 +00:00
westi 2372671879 Introduce send_nosniff_header() and use it to turn off content sniffing in supported browsers. Fixes #10671 props chrisscott and niallkennedy.
git-svn-id: http://svn.automattic.com/wordpress/trunk@13409 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-02-25 21:41:33 +00:00
nacin 8bcc5969dc Spelling and grammar fun. Fixes #11875 props cnorris23
git-svn-id: http://svn.automattic.com/wordpress/trunk@13382 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-02-24 20:13:23 +00:00
nacin 2ce7dc4dac Don't use deprecated *_usermeta() functions. Props technosailor fixes #10837
git-svn-id: http://svn.automattic.com/wordpress/trunk@13311 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-02-22 21:25:32 +00:00
markjaquith 927472de19 Better wp_reset_vars() behavior when var is already set. props scribu. fixes #11974
git-svn-id: http://svn.automattic.com/wordpress/trunk@12831 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-01-26 06:06:14 +00:00
ryan 8760e7da1b Coding standards, space after if
git-svn-id: http://svn.automattic.com/wordpress/trunk@12752 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-01-18 20:34:48 +00:00