Commit Graph

130 Commits

Author SHA1 Message Date
Aaron Jorbin 71cf332e65 Replace usages of basename() with wp_basename() in order to support multibyte filenames
This is focused on the pieces of code that touch media files and the tests that support them. `basename` isn't multibyte compatible out of the box. See http://php.net/basename and https://bugs.php.net/bug.php?id=62119.

See #43170.
Props Viper007Bond.

Built from https://develop.svn.wordpress.org/trunk@44785


git-svn-id: http://core.svn.wordpress.org/trunk@44617 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-03-01 20:58:52 +00:00
Drew Jaynes 92aa2f9e92 Docs: Fix a few minor inline documentation typos in a variety of files and contexts.
Props ramizmanked.
Fixes #45463.

Built from https://develop.svn.wordpress.org/trunk@44331


git-svn-id: http://core.svn.wordpress.org/trunk@44161 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-12-19 07:42:49 +00:00
Gary Pendergast 56c162fbc9 Coding Standards: Upgrade WPCS to 1.0.0
WPCS 1.0.0 includes a bunch of new auto-fixers, which drops the number of coding standards issues across WordPress significantly. Prior to running the auto-fixers, there were 15,312 issues detected. With this commit, we now drop to 4,769 issues.

This change includes three notable additions:
- Multiline function calls must now put each parameter on a new line.
- Auto-formatting files is now part of the `grunt precommit` script. 
- Auto-fixable coding standards issues will now cause Travis failures.

Fixes #44600.


Built from https://develop.svn.wordpress.org/trunk@43571


git-svn-id: http://core.svn.wordpress.org/trunk@43400 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-08-17 01:51:36 +00:00
Gary Pendergast aaf99e6913 Code is Poetry.
WordPress' code just... wasn't.
This is now dealt with.

Props jrf, pento, netweb, GaryJ, jdgrimes, westonruter, Greg Sherwood from PHPCS, and everyone who's ever contributed to WPCS and PHPCS.
Fixes #41057.


Built from https://develop.svn.wordpress.org/trunk@42343


git-svn-id: http://core.svn.wordpress.org/trunk@42172 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-30 23:11:00 +00:00
Drew Jaynes 1a28ec87e1 Docs: Remove `@access` notations from method DocBlocks in wp-admin/* classes.
Prior to about 2013, many class methods lacked even access modifiers which made the `@access` notations that much more useful. Now that we've gotten to a point where the codebase is more mature from a maintenance perspective and we can finally remove these notations. Notable exceptions to this change include standalone functions notated as private as well as some classes still considered to represent "private" APIs.

See #41452.

Built from https://develop.svn.wordpress.org/trunk@41161


git-svn-id: http://core.svn.wordpress.org/trunk@41001 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-07-27 00:40:43 +00:00
Sergey Biryukov 5734818e35 Docs: Add `@access` entries for `$admin_header_callback` and `$admin_image_div_callback` properties in `Custom_Image_Header` and `Custom_Background`.
Props rushabh4486.
Fixes #41377.
Built from https://develop.svn.wordpress.org/trunk@41100


git-svn-id: http://core.svn.wordpress.org/trunk@40940 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-07-20 11:54:43 +00:00
Drew Jaynes 1d95dcfa2c Docs: Remove superfluous `@package WordPress` and `@subpackage` notations used outside of file headers in a variety of core files.
Per the inline documentation standards for PHP, there should only be one `@package` and/or `@subpackage` notation per file, and only in the file header.

See #41017.

Built from https://develop.svn.wordpress.org/trunk@40988


git-svn-id: http://core.svn.wordpress.org/trunk@40838 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-07-01 16:58:42 +00:00
Weston Ruter a86496aea4 Customize: Improve custom background properties UI.
Introduces new control for managing the background position. Adds control for setting the `background-size`.

Props cdog, celloexpressions, grapplerulrich, MikeHansenMe, FolioVision, afercia, helen, melchoyce, karmatosed, westonruter, Kelderic, sebastian.pisula.
Fixes #22058.

Built from https://develop.svn.wordpress.org/trunk@38948


git-svn-id: http://core.svn.wordpress.org/trunk@38891 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-26 06:52:29 +00:00
Andrea Fercia 25a882fc08 Accessibility: Remove target=_blank from the old custom background/header help tabs links.
Stop taking control of users' browsers.

Props rianrietveld.
Fixes #38141. See #23432.

Built from https://develop.svn.wordpress.org/trunk@38719


git-svn-id: http://core.svn.wordpress.org/trunk@38662 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-04 06:57:30 +00:00
Andrea Fercia eeefec932f Administration: Improve the usage of the button CSS classes.
Introduces some consistency in the usage of the button CSS classes, fixes the
focus style for accessibility and responsiveness of the buttons.

- Adds the `button` class to all primary buttons make them responsive
- Removes all `secondary-button` classes and replaces it with button when needed. `button-secondary` shouldn't be used and exists just for backward compatibility reasons
- Replaces classes inside `submit_button()` with a shorthand for some buttons, and use an empty string for the default `button` class. Passing `button` is unnecessary
- Adjusts `get_submit_button()` to remove empty items

Props iseulde, dimchik, chris_d2d, mhowell, afercia.
Fixes #27314, #37138, #37448.

Built from https://develop.svn.wordpress.org/trunk@38672


git-svn-id: http://core.svn.wordpress.org/trunk@38615 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-09-28 19:54:28 +00:00
Drew Jaynes 6c7148943b Docs: Standardize capitalization of Ajax throughout core documentation per the core spelling guide.
Ajax, while considered an acronym for Asynchronous JavaScript and XML, is most commonly capitalized only in the first character.

Part props ocean90.
See #32246.

Built from https://develop.svn.wordpress.org/trunk@38028


git-svn-id: http://core.svn.wordpress.org/trunk@37969 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-10 00:51:30 +00:00
John Blackbourn aa35e473f7 `callback` is not a valid type in PHP, PSR-5, or phpDocumentor. `callable` should be used instead.
Fixes #34032

Built from https://develop.svn.wordpress.org/trunk@34566


git-svn-id: http://core.svn.wordpress.org/trunk@34530 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-25 23:58:25 +00:00
Drew Jaynes caf3df03bc Docs: Add a summary, version, and `@access` tag to the property DocBlock for `Custom_Background->updated`.
See [13765] for where the property was initially introduced.
See [30186] for where the property was actually declared.

Props brentvr.
See #30224. See #32246.

Built from https://develop.svn.wordpress.org/trunk@34490


git-svn-id: http://core.svn.wordpress.org/trunk@34454 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-24 13:34:24 +00:00
Konstantin Obenland 7dc1d06e64 Proper heading for admin screens.
First step towards restoring a good heading structure in wp-admin.
The previous `<h1>` contained the site title and a link to the front page and was removed with the toolbar refactoring in 3.2.

Props joedolson, afercia.
Fixes #31650.


Built from https://develop.svn.wordpress.org/trunk@32974


git-svn-id: http://core.svn.wordpress.org/trunk@32945 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-06-27 15:41:25 +00:00
Scott Taylor f61501f57f The `query-attachments` AJAX action immediately errors out if the user doesn't have the `upload_files` cap. As such, the Customizer shouldn't show buttons that launch the media modal when the user doesn't have the proper permissions to query attachments.
See #32654.

Built from https://develop.svn.wordpress.org/trunk@32913


git-svn-id: http://core.svn.wordpress.org/trunk@32884 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-06-23 18:20:27 +00:00
Scott Taylor ab66fc95bc Fix some malformed doc blocks in `Custom_Background`.
See #32444.

Built from https://develop.svn.wordpress.org/trunk@32734


git-svn-id: http://core.svn.wordpress.org/trunk@32705 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-06-12 18:25:25 +00:00
Scott Taylor c6a4512b1b Add missing doc blocks to `wp-admin/includes/*`.
Fix some egregious uses of tabbing.
Some functions can simply return `apply_filters(...)` instead of setting a variable that is immediately returned.

See #32444.

Built from https://develop.svn.wordpress.org/trunk@32654


git-svn-id: http://core.svn.wordpress.org/trunk@32624 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-29 20:17:26 +00:00
Dominik Schilling 64fc7294b6 Use HTTPS URLs for codex.wordpress.org.
see #27115.
Built from https://develop.svn.wordpress.org/trunk@32116


git-svn-id: http://core.svn.wordpress.org/trunk@32095 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-12 21:29:32 +00:00
Scott Taylor 7f8b548df1 In HTML5, the `action` attribute is no longer required. Remove this attribute when empty.
The admin HTML is served with the HTML5 doctype.

"The action and formaction content attributes, if specified, must have a value that is a valid non-empty URL potentially surrounded by spaces." 
http://www.w3.org/html/wg/drafts/html/master/forms.html#attr-fs-action

Props voldemortensen.
Fixes #30126.

Built from https://develop.svn.wordpress.org/trunk@31200


git-svn-id: http://core.svn.wordpress.org/trunk@31181 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-16 04:16:24 +00:00
Scott Taylor 61f5cc459e In `Custom_Background`:
* In [28481], `$admin_header_callback` and `$admin_image_div_callback` were set to `private` based on their erroneous `@param` value
* `$admin_header_callback` and `$admin_image_div_callback` are used as hook callbacks - as such, they must be `public`
* In [28521] and [28524], magic methods were added for back-compat
* Currently, there are 2 properties marked `private`, `$page` and `$updated` - `$page` is never used and `$updated` was added by me in [30186] during 4.1

Set `$admin_header_callback` and `$admin_image_div_callback` to `public`.
Remove the `$page` property - it duplicated the `$page` local var and is referenced/used nowhere.
Remove the magic methods - they were beyond overkill and rendered moot by the above changes.

See #30891.

Built from https://develop.svn.wordpress.org/trunk@31133


git-svn-id: http://core.svn.wordpress.org/trunk@31114 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-10 21:59:22 +00:00
Scott Taylor aaae4e9df0 Since `get_theme_mod()` returns `false` on failure, `$background_image_thumb` can be set to it and checked instead of calling `get_background_image()` 3 times in `Custom_Background->admin_page()`.
See #30799.

Built from https://develop.svn.wordpress.org/trunk@31129


git-svn-id: http://core.svn.wordpress.org/trunk@31110 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-10 20:44:22 +00:00
Scott Taylor da99d29a59 Adding a `@return` annotation to constructors is generally not recommended as a constructor does not have a meaningful return value - anything that is returned is discarded.
See #30799.

Built from https://develop.svn.wordpress.org/trunk@31125


git-svn-id: http://core.svn.wordpress.org/trunk@31106 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-10 06:13:22 +00:00
Scott Taylor 709698a579 In `Custom_Background` and `Custom_Header`:
* In `->init()`, don't check `current_user_can()` since `add_theme_page()` will return `false` immediately if the cap check fails. 
* Bail if `add_theme_page()` returns `false`
* `wp_check_filetype_and_ext()` doesn't need a 3rd param, it already defaults to `null`. Passing `false` would fail a strict check.

See #30799.

Built from https://develop.svn.wordpress.org/trunk@31116


git-svn-id: http://core.svn.wordpress.org/trunk@31097 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-09 21:07:22 +00:00
Dominik Schilling fcb00b75e2 Customizer: Add `_wp_attachment_is_custom_background` meta to uploaded background images.
Adds `$type` property to `WP_Customize_Background_Image_Control` (PHP) and introduces `wp.customize.BackgroundControl` (JS).

see #30707.
Built from https://develop.svn.wordpress.org/trunk@30885


git-svn-id: http://core.svn.wordpress.org/trunk@30873 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-12-15 23:28:23 +00:00
Dominik Schilling 15df631e76 Make notices added in [30459] less ugly.
see #25569, #25571, [30505].
Built from https://develop.svn.wordpress.org/trunk@30657


git-svn-id: http://core.svn.wordpress.org/trunk@30647 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-30 12:21:22 +00:00
Dominik Schilling cffba3c1ba Customizer: Use deep-links for Backgrounds, Headers, and Widgets.
Replace links in admin menu and toolbar to Custom Background/Header screen with deep-links to the Customizer section.
On the Widgets screen display a link to the Customizer widgets panel.

props topher1kenobe, rzen, celloexpressions, westonruter
fixes #25569, #25571, #28032.
Built from https://develop.svn.wordpress.org/trunk@30459


git-svn-id: http://core.svn.wordpress.org/trunk@30450 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-20 15:29:23 +00:00
Dominik Schilling 120cb5e6ef Improve keyboard accessibility on Custom Header and Custom Background screen.
props florianziegler.
fixes #29289.
Built from https://develop.svn.wordpress.org/trunk@30327


git-svn-id: http://core.svn.wordpress.org/trunk@30326 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-13 12:00:57 +00:00
Scott Taylor a14a4fc9a5 In `Custom_Background`, declare `$updated` as a property.
See #30224.

Built from https://develop.svn.wordpress.org/trunk@30186


git-svn-id: http://core.svn.wordpress.org/trunk@30186 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-03 05:08:22 +00:00
Drew Jaynes a8583d5f19 Fix some words that aren't words.
See #28885.

Built from https://develop.svn.wordpress.org/trunk@29454


git-svn-id: http://core.svn.wordpress.org/trunk@29232 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-08-09 19:30:17 +00:00
Drew Jaynes 097dc8ee15 Fix syntax for single- and multi-line comments in wp-admin-directory files.
See #28931.

Built from https://develop.svn.wordpress.org/trunk@29206


git-svn-id: http://core.svn.wordpress.org/trunk@28990 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-07-17 09:14:16 +00:00
Drew Jaynes 3665b5a1a1 Add periods to short descriptions for magic methods added in [28501], [28521], and [28524].
See #22234 and #28885.

Built from https://develop.svn.wordpress.org/trunk@29165


git-svn-id: http://core.svn.wordpress.org/trunk@28949 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-07-14 01:12:14 +00:00
Drew Jaynes 5752274fc2 Fill out inline documentation for magic methods added to the `Custom_Background` class in [28481], [28521], and [28524].
See #22234 and #28885.

Built from https://develop.svn.wordpress.org/trunk@29149


git-svn-id: http://core.svn.wordpress.org/trunk@28933 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-07-13 23:58:15 +00:00
Scott Taylor 85f73cf458 Classes that have `__set()` also need `__isset()` and `__unset()`.
See #27881, #22234.

Built from https://develop.svn.wordpress.org/trunk@28524


git-svn-id: http://core.svn.wordpress.org/trunk@28350 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-19 06:52:14 +00:00
Scott Taylor 821246b4ae Some classes with `__get()` method also need `__set()`.
See #27881, #22234.

Built from https://develop.svn.wordpress.org/trunk@28521


git-svn-id: http://core.svn.wordpress.org/trunk@28347 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-19 06:31:15 +00:00
Scott Taylor 2e912d3108 Use proper access modifiers and add a magic `__get()` method to `Custom_Background` and `Custom_Image_Header`.
See #27881, #22234.

Built from https://develop.svn.wordpress.org/trunk@28481


git-svn-id: http://core.svn.wordpress.org/trunk@28307 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-18 21:31:16 +00:00
Andrew Nacin dce0b9adea Use SSL when linking to WordPress.org. see #27115.
Built from https://develop.svn.wordpress.org/trunk@27469


git-svn-id: http://core.svn.wordpress.org/trunk@27314 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-03-08 04:14:15 +00:00
Andrew Ozz eb1d21d782 Remove all "valign" attributes from tables in wp-admin, props MikeHansenMe, Marventus. Fixes #22712.
Built from https://develop.svn.wordpress.org/trunk@27029


git-svn-id: http://core.svn.wordpress.org/trunk@26905 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-01-24 19:06:15 +00:00
Sergey Biryukov 2f3ebce172 Always show Background Image section heading and the opening table tag on Custom Background screen, to make in consistent with Custom Header and avoid broken markup.
props obenland.
fixes #26731.
Built from https://develop.svn.wordpress.org/trunk@26878


git-svn-id: http://core.svn.wordpress.org/trunk@26761 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-12-29 08:06:11 +00:00
Andrew Nacin 9be4bd5720 Rename the new custom-background arguments passed to add_theme_support().
* background-position becomes default-position-x
 * background-attachment becomes default-attachment
 * background-repeat becomes default-repeat

These are in line with existing default-image and default-color arguments, and also makes the position argument unambiguous and forwards compatible.

fixes #20816.

Built from https://develop.svn.wordpress.org/trunk@26594


git-svn-id: http://core.svn.wordpress.org/trunk@26484 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-12-03 21:36:10 +00:00
Andrew Ozz 8d6059b383 Remove all screen_icon() calls and deprecate the functions, props TobiasBg, fixes #26119
Built from https://develop.svn.wordpress.org/trunk@26518


git-svn-id: http://core.svn.wordpress.org/trunk@26411 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-12-02 03:53:11 +00:00
Jon Cave fd14a5df71 Allow customisation of theme mod defaults via custom-background theme support.
Give the power to theme authors to select defaults when registering
custom-background support.

Props obenland. Fixes #20816.

Built from https://develop.svn.wordpress.org/trunk@26352


git-svn-id: http://core.svn.wordpress.org/trunk@26253 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-11-24 14:05:10 +00:00
Andrew Nacin 5361a8abca Spell out duplicate hook locations.
props DrewAPicture.
fixes #25658.

Built from https://develop.svn.wordpress.org/trunk@25868


git-svn-id: http://core.svn.wordpress.org/trunk@25868 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-10-24 22:59:20 +00:00
Andrew Nacin 8ae8e01b67 Remove the old wp_auto_updates_maybe_update cron event. Schedule the new wp_maybe_auto_update event at 7 a.m. and 7 p.m. in the site's timezone.
see #27704.

Built from https://develop.svn.wordpress.org/trunk@25825


git-svn-id: http://core.svn.wordpress.org/trunk@25825 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-10-24 22:53:14 +00:00
Andrew Nacin 74488bdcb0 Spell out duplicate hook locations.
props DrewAPicture.
fixes #25658.

Built from https://develop.svn.wordpress.org/trunk@25868


git-svn-id: http://core.svn.wordpress.org/trunk@25780 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-10-22 17:22:11 +00:00
Andrew Nacin e17beb58f7 Mark the hooks in custom-background.php as duplicates.
* image_size_names_choose should be documented in wp-includes/media.php
 * wp_create_file_in_uploads should be documented in custom-header.php

see #25229.

Built from https://develop.svn.wordpress.org/trunk@25283


git-svn-id: http://core.svn.wordpress.org/trunk@25247 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-09-06 17:05:09 +00:00
Scott Taylor 31f26dc3ce Remove lingering instances of call time pass-by-reference, limited to instances of `callable` - use `$this` instead of `&$this`.
Props jdgrimes.
See #25160.


Built from https://develop.svn.wordpress.org/trunk@25254


git-svn-id: http://core.svn.wordpress.org/trunk@25222 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-09-05 16:34:09 +00:00
Andrew Nacin 043f19b1dc When generating a background image thumbnail URL, escape percent signs for the eventual sprintf() call inside get_theme_mod().
props cfinke.
fixes #21241.



git-svn-id: http://core.svn.wordpress.org/trunk@24630 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-07-10 04:42:03 +00:00
Andrew Nacin e6afcb4aa2 Context for 'Attachment' when referring to the background image attachment. props xibe, fixes #23433.
git-svn-id: http://core.svn.wordpress.org/trunk@24621 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-07-10 03:07:53 +00:00
Ryan Boren 43a7e695e9 Revert 23416, 23419, 23445 except for wp_reset_vars() changes. We are going a different direction with the slashing cleanup, so resetting to a clean slate. see #21767
git-svn-id: http://core.svn.wordpress.org/trunk@23554 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-01 16:28:40 +00:00
Ryan Boren cc5ed3a485 Change all core API to expect unslashed rather than slashed arguments.
The exceptions to this are update_post_meta() and add_post_meta() which are often used by plugins in POST handlers and will continue accepting slashed data for now.

Introduce wp_upate_post_meta() and wp_add_post_meta() as unslashed alternatives to update_post_meta() and add_post_meta(). These functions could become methods in WP_Post so don't use them too heavily yet.

Remove all escape() calls from wp_xmlrpc_server. Now that core expects unslashed data this is no longer needed.

Remove addslashes(), addslashes_gpc(), add_magic_quotes() calls on data being prepared for handoff to core functions that until now expected slashed data. Adding slashes in no longer necessary.

Introduce wp_unslash() and use to it remove slashes from GPCS data before using it in core API. Almost every instance of stripslashes() in core should now be wp_unslash(). In the future (a release or three) when GPCS is no longer slashed, wp_unslash() will stop stripping slashes and simply return what is passed. At this point wp_unslash() calls can be removed from core.

Introduce wp_slash() for slashing GPCS data. This will also turn into a noop once GPCS is no longer slashed. wp_slash() should almost never be used. It is mainly of use in unit tests.

Plugins should use wp_unslash() on data being passed to core API.

Plugins should no longer slash data being passed to core. So when you get_post() and then wp_insert_post() the post data from get_post() no longer needs addslashes(). Most plugins were not bothering with this. They will magically start doing the right thing. Unfortunately, those few souls who did it properly will now have to avoid calling addslashes() for 3.6 and newer.

Use wp_kses_post() and wp_kses_data(), which expect unslashed data, instead of wp_filter_post_kses() and wp_filter_kses(), which expect slashed data. Filters are no longer passed slashed data.

Remove many no longer necessary calls to $wpdb->escape() and esc_sql().

In wp_get_referer() and wp_get_original_referer(), return unslashed data.

Remove old stripslashes() calls from WP_Widget::update() handlers. These haven't been necessary since WP_Widget.

Switch several queries over to prepare().

Expect something to break.

Props alexkingorg
see #21767


git-svn-id: http://core.svn.wordpress.org/trunk@23416 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-02-14 22:51:06 +00:00