Commit Graph

42 Commits

Author SHA1 Message Date
Ryan Boren 5f809d1d22 Use wp_unslash() instead of stripslashes() and stripslashes_deep(). Use wp_slash() instead of add_magic_quotes().
see #21767


git-svn-id: http://core.svn.wordpress.org/trunk@23563 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-01 17:00:25 +00:00
Ryan Boren 43a7e695e9 Revert 23416, 23419, 23445 except for wp_reset_vars() changes. We are going a different direction with the slashing cleanup, so resetting to a clean slate. see #21767
git-svn-id: http://core.svn.wordpress.org/trunk@23554 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-01 16:28:40 +00:00
Ryan Boren cc5ed3a485 Change all core API to expect unslashed rather than slashed arguments.
The exceptions to this are update_post_meta() and add_post_meta() which are often used by plugins in POST handlers and will continue accepting slashed data for now.

Introduce wp_upate_post_meta() and wp_add_post_meta() as unslashed alternatives to update_post_meta() and add_post_meta(). These functions could become methods in WP_Post so don't use them too heavily yet.

Remove all escape() calls from wp_xmlrpc_server. Now that core expects unslashed data this is no longer needed.

Remove addslashes(), addslashes_gpc(), add_magic_quotes() calls on data being prepared for handoff to core functions that until now expected slashed data. Adding slashes in no longer necessary.

Introduce wp_unslash() and use to it remove slashes from GPCS data before using it in core API. Almost every instance of stripslashes() in core should now be wp_unslash(). In the future (a release or three) when GPCS is no longer slashed, wp_unslash() will stop stripping slashes and simply return what is passed. At this point wp_unslash() calls can be removed from core.

Introduce wp_slash() for slashing GPCS data. This will also turn into a noop once GPCS is no longer slashed. wp_slash() should almost never be used. It is mainly of use in unit tests.

Plugins should use wp_unslash() on data being passed to core API.

Plugins should no longer slash data being passed to core. So when you get_post() and then wp_insert_post() the post data from get_post() no longer needs addslashes(). Most plugins were not bothering with this. They will magically start doing the right thing. Unfortunately, those few souls who did it properly will now have to avoid calling addslashes() for 3.6 and newer.

Use wp_kses_post() and wp_kses_data(), which expect unslashed data, instead of wp_filter_post_kses() and wp_filter_kses(), which expect slashed data. Filters are no longer passed slashed data.

Remove many no longer necessary calls to $wpdb->escape() and esc_sql().

In wp_get_referer() and wp_get_original_referer(), return unslashed data.

Remove old stripslashes() calls from WP_Widget::update() handlers. These haven't been necessary since WP_Widget.

Switch several queries over to prepare().

Expect something to break.

Props alexkingorg
see #21767


git-svn-id: http://core.svn.wordpress.org/trunk@23416 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-02-14 22:51:06 +00:00
Andrew Nacin 6f55c9a548 Trailing slash the URL for the 'Visit' link in network/sites.php.
git-svn-id: http://core.svn.wordpress.org/trunk@22190 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-10-11 17:48:42 +00:00
Ryan Boren a3cfe28527 Reduce reliance on global variables in the list tables. Allow passing a screen ID to the list tables so that ajax handlers can set the needed screen.
Props nacin
fixes #21871


git-svn-id: http://core.svn.wordpress.org/trunk@21914 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-09-19 12:43:31 +00:00
ryan 5ca54e7d2f Deprecate get_blog_option(), add_blog_option(), update_blog_option(), and delete_blog_option().
Use the regular option functions wrapped in switch_to_blog() and restore_current_blog() instead.

Group multiple operations within a single switch where possible.

fixes #21432


git-svn-id: http://core.svn.wordpress.org/trunk@21414 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-08-03 17:51:42 +00:00
ryan 73addbbd24 More screen reader text for list table checkboxes and theme install search. Props MikeLittle, SergeyBiryukov. see #21325
git-svn-id: http://core.svn.wordpress.org/trunk@21323 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-07-25 16:18:14 +00:00
ryan e3b46b25d3 Lose EOF ?>. Clean up EOF newlines. fixes #12307
git-svn-id: http://svn.automattic.com/wordpress/trunk@19712 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-01-08 17:01:11 +00:00
ryan 07ff8b216b Use one space, not two, after trailing punctuation. fixes #19537
git-svn-id: http://svn.automattic.com/wordpress/trunk@19593 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-12-13 23:45:31 +00:00
ryan 69994de5d1 Consolidate larg network criteria into wp_is_large_network(). Allow plugins to change this criteria via filter. Props PeteMall. fixes #18464
git-svn-id: http://svn.automattic.com/wordpress/trunk@18871 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-10-03 16:30:07 +00:00
nacin 0caf6ee451 Dissolve wp-admin/network/edit.php. props PeteMall, fixes #18379.
git-svn-id: http://svn.automattic.com/wordpress/trunk@18562 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-08-18 02:29:06 +00:00
ryan 7f88e6ee2f Sites search improvements. fixes #18013
git-svn-id: http://svn.automattic.com/wordpress/trunk@18442 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-07-15 15:42:26 +00:00
ryan 04487fc268 Constructor cleanup. Props ocean90. fixes #16768
git-svn-id: http://svn.automattic.com/wordpress/trunk@17771 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-04-29 20:05:12 +00:00
nacin 68322f81b5 Avoid mangling the current site path variable with the search query. props greuben, fixes #16720 for trunk.
git-svn-id: http://svn.automattic.com/wordpress/trunk@17496 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-03-02 18:33:55 +00:00
nacin ee1a4eba16 Link to site-users and network/user-edit on sites.php. props PeteMall, see #16322.
git-svn-id: http://svn.automattic.com/wordpress/trunk@17336 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-01-20 22:08:24 +00:00
nacin 37075f7f71 Remove AJAX from list tables. first pass. see #16262.
git-svn-id: http://svn.automattic.com/wordpress/trunk@17322 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-01-16 21:47:24 +00:00
ryan 2df3d85f4e Fix registered and path column sorting. Props garyc40. fixes #16034
git-svn-id: http://svn.automattic.com/wordpress/trunk@17180 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-12-30 18:06:33 +00:00
nacin b0be8cd9f4 Validation fixes. props ocean90, fixes #15287.
git-svn-id: http://svn.automattic.com/wordpress/trunk@17129 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-12-24 14:19:41 +00:00
nacin a189f21c45 Replace check_permissions() with ajax_user_can(). New method returns true/false to current_user_can(), which we then handle in admin ajax. see #15326.
git-svn-id: http://svn.automattic.com/wordpress/trunk@16992 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-12-16 09:18:28 +00:00
ryan 3949ce12d0 Pink trailing whites.
git-svn-id: http://svn.automattic.com/wordpress/trunk@16900 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-12-13 21:21:50 +00:00
westi 4b3fa56caf Actions and Filters for the Network Admin sites panel to make it easier to add custom actions.
git-svn-id: http://svn.automattic.com/wordpress/trunk@16707 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-12-03 12:12:44 +00:00
scribu cc540d502a Fix problems with hidden columns on network users screen. Props ocean90. See #14579
git-svn-id: http://svn.automattic.com/wordpress/trunk@16601 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-28 17:39:44 +00:00
westi da6fe519f3 And proper context too!
git-svn-id: http://svn.automattic.com/wordpress/trunk@16550 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-23 13:50:23 +00:00
westi 2e0a12e224 Correct incorrect action name.
git-svn-id: http://svn.automattic.com/wordpress/trunk@16549 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-23 13:41:57 +00:00
westi a1fa56fd5a Require nonces for all the confirm links so we know they actually came from us.
Add a nonce check on the confirm links in the Network Admin stage two.


git-svn-id: http://svn.automattic.com/wordpress/trunk@16548 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-23 12:14:03 +00:00
westi 52dc84f158 Implement proper column show/hide behaviour based on screen options for the Network Admin Sites table column added for the wpmublogsaction hook.
git-svn-id: http://svn.automattic.com/wordpress/trunk@16546 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-23 11:46:10 +00:00
westi 93e23a7101 Implement proper column show/hide behaviour based on screen options for the Network Admin Sites table.
git-svn-id: http://svn.automattic.com/wordpress/trunk@16545 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-23 11:39:50 +00:00
ryan c1812e444d Site search performance tweaks. Use subquery for registration log queries to allow cross DB queries. Lose order by id by default. Search only by blog_id for numeric search strings. see #15170
git-svn-id: http://svn.automattic.com/wordpress/trunk@16489 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-19 18:16:03 +00:00
ryan 847499e531 Pinking shears
git-svn-id: http://svn.automattic.com/wordpress/trunk@16438 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-17 18:47:34 +00:00
ryan f5282d040d Check delete_site and delete_sites caps. Check for delete_user is more places.
git-svn-id: http://svn.automattic.com/wordpress/trunk@16329 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-12 16:35:28 +00:00
scribu 456b6cf6ed Make 'registered' column sort by site id. See #14579
git-svn-id: http://svn.automattic.com/wordpress/trunk@16289 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-11 11:45:32 +00:00
scribu c5a9fd309d Default to get_current_screen() in list table classes. See #14579
git-svn-id: http://svn.automattic.com/wordpress/trunk@16182 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-04 15:00:55 +00:00
westi 5e90c5d1c3 Revert [16171] and [16172] - The class names were fine as they were and the MultiSite classes stand out more with the original naming.
git-svn-id: http://svn.automattic.com/wordpress/trunk@16175 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-04 08:07:03 +00:00
scribu 836ec33dca List-table Class Names: Consistency's Revenge. See #14579
git-svn-id: http://svn.automattic.com/wordpress/trunk@16171 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-03 21:09:27 +00:00
ryan 1e95d0f38e Allow trailing wildcard site searches by appending *. see #15170
git-svn-id: http://svn.automattic.com/wordpress/trunk@16169 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-03 19:26:23 +00:00
ryan b713a76272 Make IP query threshold more restrictive. see #15170
git-svn-id: http://svn.automattic.com/wordpress/trunk@16167 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-03 18:40:12 +00:00
ryan 97cb9b2a08 Drop Sites search action dropdown. Determine the search action from the search string. see #15170
git-svn-id: http://svn.automattic.com/wordpress/trunk@16166 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-03 18:28:02 +00:00
ryan 8804523ad7 Lose wildcards in site search. Maybe bring it back as an option. see #15170
git-svn-id: http://svn.automattic.com/wordpress/trunk@16161 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-03 13:57:43 +00:00
westi 0c4a2788cf Revert part of [16126] and restore the correct behaviour in the ms sites list. Fixes #15297 props ronbme
git-svn-id: http://svn.automattic.com/wordpress/trunk@16158 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-02 22:13:16 +00:00
ryan 32e86e7d3e Default to id since registered doesn't have an index. see #15170
git-svn-id: http://svn.automattic.com/wordpress/trunk@16157 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-02 21:23:26 +00:00
ryan e08e1bf63b For large networks, show the latest registered blogs without paging to avoid expensive count queries. see #15170
git-svn-id: http://svn.automattic.com/wordpress/trunk@16137 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-01 17:53:03 +00:00
westi ad92d629d6 The big renaming of the list-table class files.
See #14579

git-svn-id: http://svn.automattic.com/wordpress/trunk@16128 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-01 09:19:50 +00:00