Commit Graph

125 Commits

Author SHA1 Message Date
Ryan Boren cc5ed3a485 Change all core API to expect unslashed rather than slashed arguments.
The exceptions to this are update_post_meta() and add_post_meta() which are often used by plugins in POST handlers and will continue accepting slashed data for now.

Introduce wp_upate_post_meta() and wp_add_post_meta() as unslashed alternatives to update_post_meta() and add_post_meta(). These functions could become methods in WP_Post so don't use them too heavily yet.

Remove all escape() calls from wp_xmlrpc_server. Now that core expects unslashed data this is no longer needed.

Remove addslashes(), addslashes_gpc(), add_magic_quotes() calls on data being prepared for handoff to core functions that until now expected slashed data. Adding slashes in no longer necessary.

Introduce wp_unslash() and use to it remove slashes from GPCS data before using it in core API. Almost every instance of stripslashes() in core should now be wp_unslash(). In the future (a release or three) when GPCS is no longer slashed, wp_unslash() will stop stripping slashes and simply return what is passed. At this point wp_unslash() calls can be removed from core.

Introduce wp_slash() for slashing GPCS data. This will also turn into a noop once GPCS is no longer slashed. wp_slash() should almost never be used. It is mainly of use in unit tests.

Plugins should use wp_unslash() on data being passed to core API.

Plugins should no longer slash data being passed to core. So when you get_post() and then wp_insert_post() the post data from get_post() no longer needs addslashes(). Most plugins were not bothering with this. They will magically start doing the right thing. Unfortunately, those few souls who did it properly will now have to avoid calling addslashes() for 3.6 and newer.

Use wp_kses_post() and wp_kses_data(), which expect unslashed data, instead of wp_filter_post_kses() and wp_filter_kses(), which expect slashed data. Filters are no longer passed slashed data.

Remove many no longer necessary calls to $wpdb->escape() and esc_sql().

In wp_get_referer() and wp_get_original_referer(), return unslashed data.

Remove old stripslashes() calls from WP_Widget::update() handlers. These haven't been necessary since WP_Widget.

Switch several queries over to prepare().

Expect something to break.

Props alexkingorg
see #21767


git-svn-id: http://core.svn.wordpress.org/trunk@23416 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-02-14 22:51:06 +00:00
Andrew Nacin bee6374953 Send nocache_headers() in the admin earlier, on the DB upgrade page. Prevents a potential redirect loop reproduced in Chrome from heavy caching of headers. props mdawaffe. see #21745.
git-svn-id: http://core.svn.wordpress.org/trunk@21913 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-09-19 01:51:40 +00:00
Andrew Nacin e5848ee150 Set jQuery Color to be a dependency for wp-lists, rather than enqueueing it everywhere.
Any plugin wishing to use jQuery color animations must set jquery-color as a dependency
(or enqueue it).

Remove the un-minified version of jQuery Color.

props scribu.
fixes #21692.



git-svn-id: http://core.svn.wordpress.org/trunk@21646 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-08-28 17:51:35 +00:00
markjaquith de3514a705 About ten percent
git-svn-id: http://core.svn.wordpress.org/trunk@21422 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-08-05 18:32:39 +00:00
nacin 76defb20d4 load-importer-$importer hook. props simonwheatley. fixes #21071.
git-svn-id: http://core.svn.wordpress.org/trunk@21183 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-06-29 19:24:15 +00:00
duck_ a395e06896 Reduce references to the $wp_rewrite global because it's no longer used or a wrapper function can be used instead. Fixes #14546.#14546.
git-svn-id: http://svn.automattic.com/wordpress/trunk@20023 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-02-28 20:29:33 +00:00
ryan e3b46b25d3 Lose EOF ?>. Clean up EOF newlines. fixes #12307
git-svn-id: http://svn.automattic.com/wordpress/trunk@19712 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-01-08 17:01:11 +00:00
ryan 83b131f8e3 User lowercase true, false, null instead of uppercase. Props c3mdigital, mfields. fixes #16302
git-svn-id: http://svn.automattic.com/wordpress/trunk@19687 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-01-05 20:50:54 +00:00
ryan 616c35e71c One newline is enough.
git-svn-id: http://svn.automattic.com/wordpress/trunk@19684 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-01-05 20:10:39 +00:00
nacin 29e469f151 Consistently set taxnow/typenow and the current screen's post_type/taxnomy, whenever it can be detected. Allow WP_Screen::get() to accept a post type as a hook_name. Fixes issues with the meta box $page/$screen argument. fixes #19080. see #18785.
git-svn-id: http://svn.automattic.com/wordpress/trunk@19097 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-10-31 21:28:17 +00:00
dd32 5daf7aa2b0 Don't trigger Database Upgrades for POST requests with a body. Fixes #18712
git-svn-id: http://svn.automattic.com/wordpress/trunk@18731 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-09-20 04:17:55 +00:00
duck_ 9a5d3d4155 Pull out old import remnant from when importers were shipped in core. Fixes #15844.
git-svn-id: http://svn.automattic.com/wordpress/trunk@18640 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-09-05 19:18:36 +00:00
westi 80f4e83a8c Introduce WP_MAX_MEMORY_LIMIT constant for the high memory limit we set when image processing and unzipping.
Ensure it is always filterable by plugins as well as configurable in wp-config
Fixes #13847 props hakre


git-svn-id: http://svn.automattic.com/wordpress/trunk@17749 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-04-28 16:25:36 +00:00
nacin 9cb6e158fc Switch from Panel/SubPanel to Screen in inline documentation and Codex links. props michaelh, fixes #17265.
git-svn-id: http://svn.automattic.com/wordpress/trunk@17748 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-04-28 15:24:49 +00:00
nacin 495c7f1782 Add the load-edit-link-categories.php hook for back compat. fixes #16307.
git-svn-id: http://svn.automattic.com/wordpress/trunk@17333 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-01-20 03:05:22 +00:00
nacin e1eec3925a More @since. props SergeyBiryukov, fixes #15445.
git-svn-id: http://svn.automattic.com/wordpress/trunk@17071 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-12-20 09:25:21 +00:00
nacin a717edca97 Always exit after wp_redirect. props filosofo, fixes #15518.
git-svn-id: http://svn.automattic.com/wordpress/trunk@16847 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-12-09 18:02:54 +00:00
scribu d2a5add61a Deprecate update_category_cache(). Fixes #15446
git-svn-id: http://svn.automattic.com/wordpress/trunk@16412 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-17 00:56:00 +00:00
dd32 4f3b9f7b7f Use Absolute URL's & API's in header redirects in more locations. See #14062
git-svn-id: http://svn.automattic.com/wordpress/trunk@16008 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-10-27 10:43:43 +00:00
nacin 14ccdbec33 Pruning shears.
git-svn-id: http://svn.automattic.com/wordpress/trunk@15904 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-10-21 19:55:28 +00:00
nacin 5e1184aa57 Pinking shears.
git-svn-id: http://svn.automattic.com/wordpress/trunk@15843 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-10-19 07:48:22 +00:00
ryan 9c31fd7c70 First pass of user admin. Network admin and screen cleanups. see #14696
git-svn-id: http://svn.automattic.com/wordpress/trunk@15746 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-10-07 19:34:18 +00:00
nacin 7e30a69c07 Add force_filtered_html_on_import filter. fixes #14818.
git-svn-id: http://svn.automattic.com/wordpress/trunk@15600 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-09-09 02:43:18 +00:00
ryan f781ba4824 is_blog_admin(). fixes #14763
git-svn-id: http://svn.automattic.com/wordpress/trunk@15558 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-09-02 15:03:39 +00:00
ryan 21e3f0f7fa Network Admin, first pass. see #14435
git-svn-id: http://svn.automattic.com/wordpress/trunk@15481 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-07-30 20:34:54 +00:00
ryan 98ea55a020 Back compat load actions. Props simonwheatley. fixes #14083 for 3.1
git-svn-id: http://svn.automattic.com/wordpress/trunk@15387 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-07-12 15:09:32 +00:00
ryan 4c94132656 Use WP_PLUGIN_DIR. Props bigsmoke, wojtek.szkutnik. fixes #14070 for 3.1
git-svn-id: http://svn.automattic.com/wordpress/trunk@15346 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-06-29 13:52:56 +00:00
ryan 1849b362b0 Make set_current_screen() taxonomy aware. Use current_screen when setting up table headers for edit-tags.php. see #13783
git-svn-id: http://svn.automattic.com/wordpress/trunk@15175 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-06-08 15:34:42 +00:00
nacin 5f66aba55e Nicer message for an uninstalled/invalid importer. see #13566.
git-svn-id: http://svn.automattic.com/wordpress/trunk@14970 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-05-27 02:03:06 +00:00
ryan 23aa576688 Add install links to the importer list if popular importers are not present. see #13465
git-svn-id: http://svn.automattic.com/wordpress/trunk@14759 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-05-20 19:20:25 +00:00
nacin e07bcb1a0e Bump memory_limit for admins in wp-admin. Should help in imports, upgrades, uploads, etc. props MarkJaquith.
git-svn-id: http://svn.automattic.com/wordpress/trunk@14491 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-05-06 21:36:55 +00:00
ryan aa47e83dee Fix submenus for post types. Props TobiasBg. see #12453
git-svn-id: http://svn.automattic.com/wordpress/trunk@13579 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-03-04 00:15:55 +00:00
dd32 16a769cde9 Move admin CSS colour themes to the admin_init hook. Fixes #11625
git-svn-id: http://svn.automattic.com/wordpress/trunk@12982 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-02-06 05:15:26 +00:00
ryan ef301b7489 unset temp vars so they don't pollute the global namespace. Formatting cleanups
git-svn-id: http://svn.automattic.com/wordpress/trunk@12846 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-01-26 18:16:53 +00:00
ryan a731cbed8e Introduce set_current_screen(). Set current screen for inline edit ajax requests so post rows can be properly displayed. see #9674
git-svn-id: http://svn.automattic.com/wordpress/trunk@12797 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-01-22 18:27:54 +00:00
ryan f7d7bc2dd0 Use cap checks instead of multisite and super admin checks. Add some new caps. Merge cleanup. see #11644.
git-svn-id: http://svn.automattic.com/wordpress/trunk@12753 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-01-18 22:21:36 +00:00
ryan c2873bbab3 Coding style
git-svn-id: http://svn.automattic.com/wordpress/trunk@12736 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-01-15 23:49:09 +00:00
ryan 6da55f7792 Trailing whitespace cleanup
git-svn-id: http://svn.automattic.com/wordpress/trunk@12733 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-01-15 22:11:12 +00:00
ryan e7bfd5f2dd Move current_screen setup before plugin page handling so it is defined for all cases. see #9674
git-svn-id: http://svn.automattic.com/wordpress/trunk@12731 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-01-15 20:21:18 +00:00
ryan 05bf7382ff Merge edit-pages.php into edit.php. see #9674
git-svn-id: http://svn.automattic.com/wordpress/trunk@12728 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-01-15 16:58:36 +00:00
ryan 0fbb0fd093 Revert line accidentally added during merge. Props nacin. see #11644
git-svn-id: http://svn.automattic.com/wordpress/trunk@12720 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-01-13 19:04:30 +00:00
wpmuguru 346f859e12 merge multisite admin - edit links,tags,cats,options, See #11644
git-svn-id: http://svn.automattic.com/wordpress/trunk@12712 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-01-12 21:11:52 +00:00
westi 7d2e5130f6 Use a more reliable method of locating wp-load.php in the admin bootstrap. Fixes #11120.
git-svn-id: http://svn.automattic.com/wordpress/trunk@12583 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-12-30 10:15:10 +00:00
westi 5dca5f2d31 Remove unused global posts_per_page. Fixes #11458 props nacin.
git-svn-id: http://svn.automattic.com/wordpress/trunk@12551 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-12-27 09:01:53 +00:00
ryan 31f5798fbb Schedule trash collection from admin page loads. see #4529
git-svn-id: http://svn.automattic.com/wordpress/trunk@12120 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-10-27 18:13:42 +00:00
azaozz c790ebcdd9 Remove remains from the old bookmarklet code
git-svn-id: http://svn.automattic.com/wordpress/trunk@12029 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-10-14 05:53:49 +00:00
ryan 4d0c574bed Don't write to htaccess every time page is saved. Add hard/soft flush flag to flush_rules(). Make sure fopen is successful and silence errors. Props Viper007Bond. fixes #10181 for trunk
git-svn-id: http://svn.automattic.com/wordpress/trunk@11578 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-06-16 02:44:28 +00:00
ryan c383ff7450 Remove vestiges of what_to_show. Props filosofo. fixes #9815
git-svn-id: http://svn.automattic.com/wordpress/trunk@11318 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-05-13 22:28:56 +00:00
azaozz a12587214f Notice fixes, props sivel, see #9393
git-svn-id: http://svn.automattic.com/wordpress/trunk@11052 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-04-22 12:24:45 +00:00
markjaquith 8f91d9a0b9 Drop the dual-use of db_version. Now it just stores the version. Post-upgrade hook triggered by separate binary db_upgraded option. fixes #9618
git-svn-id: http://svn.automattic.com/wordpress/trunk@11040 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-04-21 23:12:57 +00:00