Commit Graph

362 Commits

Author SHA1 Message Date
Drew Jaynes fcd35518d9 Docs: Add a missing notation for the `$args` parameter in the DocBlock for `wp_xmlrpc_server::_multisite_getUsersBlogs()`.
Also adds a missing `@since` version. The method was introduced in [12852].

See #32246.

Built from https://develop.svn.wordpress.org/trunk@35957


git-svn-id: http://core.svn.wordpress.org/trunk@35921 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-16 05:49:26 +00:00
Drew Jaynes 489023e001 Docs: Add a missing summary and `@since` version to the DocBlock for `wp_xmlrpc_server::serve_request()`.
Introduced in [11789].

See #32246.

Built from https://develop.svn.wordpress.org/trunk@35956


git-svn-id: http://core.svn.wordpress.org/trunk@35920 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-16 05:43:26 +00:00
Scott Taylor d8eacd51d8 Media: add a new image size, `medium_large`. Bumps db version to add new options.
Adds unit tests.

Props DH-Shredder, joemcgill, azaozz.
Fixes #34196.

Built from https://develop.svn.wordpress.org/trunk@35479


git-svn-id: http://core.svn.wordpress.org/trunk@35443 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-31 20:50:25 +00:00
Dion Hulse a579aad05b XMLRPC: Prevent authentication from occuring after a failed authentication attmept in any single XML-RPC call.
This hardens WordPress against a common vector which uses multiple user identifiers in a single `system.multicall` call. In the event that authentication fails, all following authentication attempts ''in that call'' will also fail.

Props dd32, johnbillion.
Fixes #34336

Built from https://develop.svn.wordpress.org/trunk@35366


git-svn-id: http://core.svn.wordpress.org/trunk@35331 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-23 04:46:24 +00:00
Drew Jaynes 217b661703 Docs: Add missing descriptions for the `$wpdb` global in DocBlocks all the places.
See #32246.

Built from https://develop.svn.wordpress.org/trunk@35170


git-svn-id: http://core.svn.wordpress.org/trunk@35136 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-14 23:44:25 +00:00
Scott Taylor 8c256a3357 XML-RPC: allow `wp_xmlrpc_server::wp_getPosts()` to receive `s` as a filter.
Props chriscct7.
Fixes #25406.

Built from https://develop.svn.wordpress.org/trunk@34860


git-svn-id: http://core.svn.wordpress.org/trunk@34825 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-06 13:41:26 +00:00
Sergey Biryukov 0aacea6535 Merge some strings with the same meaning in `wp-includes/class-wp-xmlrpc-server.php`.
Props pavelevap.
Fixes #33644.
Built from https://develop.svn.wordpress.org/trunk@34798


git-svn-id: http://core.svn.wordpress.org/trunk@34763 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-03 14:09:43 +00:00
Scott Taylor 111c05ba47 XML-RPC: calculate the proper offset for GMT in `wp.newPost`, `mw.newPost`, and `mw.editPost` when `post_date` is set, `wp.editComment` when `comment_date` is set. `post|comment_date` is assumed to be GMT. This is only true if the timezone string for the site matches GMT.
Adds unit tests for each.

Props smerriman, justdaiv, wonderboymusic.
Fixes #30429.

Built from https://develop.svn.wordpress.org/trunk@34681


git-svn-id: http://core.svn.wordpress.org/trunk@34645 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-29 04:05:24 +00:00
Scott Taylor 2c30a11518 After [34577], alter `wp_xmlrpc_server::mw_newMediaObject()` to check upload space in multisite.
See #21292.

Built from https://develop.svn.wordpress.org/trunk@34603


git-svn-id: http://core.svn.wordpress.org/trunk@34567 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-26 19:49:25 +00:00
Scott Taylor 0405a03b5e XML-RPC: in `wp_xmlrpc_server::wp_editTerm()`, check `! empty` when applying `parent` logic.
Adds unit tests.

Props hrishiv90, markoheijnen, sam2kb.
Fixes #21977.

Built from https://develop.svn.wordpress.org/trunk@34580


git-svn-id: http://core.svn.wordpress.org/trunk@34544 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-26 05:31:25 +00:00
Scott Taylor 80ac048cbc XML-RPC: upgrade the resposnse of`wp_xmlrpc_server::mw_newMediaObject()` based on work down in 3.4 so that it runs the struct through `->_prepare_media_item()`.
Props markoheijnen.
Fixes #6430.

Built from https://develop.svn.wordpress.org/trunk@34579


git-svn-id: http://core.svn.wordpress.org/trunk@34543 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-26 05:15:25 +00:00
Scott Taylor e9aa518f04 XML-RPC: move the malfunctioning 'overwrite' code from `wp_xmlrpc_server::mw_newMediaObject()`. This was suggested 3 years ago.
Props markoheijnen.
Fixes #17604.

Built from https://develop.svn.wordpress.org/trunk@34578


git-svn-id: http://core.svn.wordpress.org/trunk@34542 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-26 05:03:24 +00:00
Scott Taylor ffe7f0ec5a XML-RPC: In `wp_xmlrpc_server::wp_getComments()`, allow `post_type` to be passed as part of `$struct`.
Props nprasath002.
Fixes #20026.

Built from https://develop.svn.wordpress.org/trunk@34575


git-svn-id: http://core.svn.wordpress.org/trunk@34539 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-26 04:45:25 +00:00
Scott Taylor c8b308a647 XML-RPC: In `wp_xmlrpc_server::wp_getUsersBlogs()`, return the `isPrimary` flag for each blog.
Props SergeyBiryukov, daniloercoli.
Fixes #25958.

Built from https://develop.svn.wordpress.org/trunk@34574


git-svn-id: http://core.svn.wordpress.org/trunk@34538 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-26 04:35:25 +00:00
Scott Taylor 9b253bbc7b XML-RPC: In `wp_xmlrpc_server::blogger_editPost()`, make use of the `$publish` arg (the 6th arg passed to the method) to specify `publish` or `draft`. Restores the arg, which I removed in [31092], because it was unused cruft.
Props mdawaffe.
Fixes #10764.

Built from https://develop.svn.wordpress.org/trunk@34573


git-svn-id: http://core.svn.wordpress.org/trunk@34537 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-26 04:01:26 +00:00
Scott Taylor dd1098e7c5 XML-RPC: In `wp_xmlrpc_server::mw_newPost()`, if `$dateCreated` is not set, don't set `post_date` and `post_date_gmt`. It calls `wp_insert_post()`, which will handle it correctly. The problem was drafts being created and GMT date being set. It shouldn't be.
Adds unit test.

Fixes #16985.

Built from https://develop.svn.wordpress.org/trunk@34572


git-svn-id: http://core.svn.wordpress.org/trunk@34536 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-26 03:38:25 +00:00
Scott Taylor a0ccd4eae8 XML-RPC: `wp.getComments` should be allowed to return approved comments to those without the `'moderate_comments'` cap.
Adds (rewrites) unit tests from 4 years ago that we never committed because....

Props wonderboymusic, koke, ericmann, nprasath002.
Fixes #17981.

Built from https://develop.svn.wordpress.org/trunk@34570


git-svn-id: http://core.svn.wordpress.org/trunk@34534 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-26 02:49:27 +00:00
Scott Taylor 5ea01de963 XML-RPC: Introduce the concept of unit testing to `wp_xmlrpc_server::wp_newComment()`:
* Don't allow comments to be created for posts that have `comment_status` set to `'closed'`
* Set some magic props on `WP_User` to vars before passing them to `wp_xmlrpc_server::escape()`

Props wonderboymusic, jesin.
Fixes #27471.

Built from https://develop.svn.wordpress.org/trunk@34559


git-svn-id: http://core.svn.wordpress.org/trunk@34523 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-25 20:20:23 +00:00
Scott Taylor c871986819 Uploader: Fire 'wp_handle_upload' in `wp_upload_bits()`. Thusly, the filter in `wp_xmlrpc_server::mw_newMediaObject()` is redundant.
Props dllh.
Fixes #33539.

Built from https://develop.svn.wordpress.org/trunk@34257


git-svn-id: http://core.svn.wordpress.org/trunk@34221 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-17 04:46:25 +00:00
Dominik Schilling e932a2dc5d XMLRPC: Don't allow private posts to be sticky.
See #20662.
Built from https://develop.svn.wordpress.org/trunk@34135


git-svn-id: http://core.svn.wordpress.org/trunk@34103 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-14 22:38:23 +00:00
Scott Taylor e73ee5ac98 Introduce `WP_Comment` class to model/strongly-type rows from the comments database table. Inclusion of this class is a pre-req for some more general comment cleanup and sanity.
* Takes inspiration from `WP_Post` and adds sanity to comment caching. 
* Clarifies when the current global value for `$comment` is returned. The current implementation in `get_comment()` introduces side effects and an occasion stale global value for `$comment` when comment caches are cleaned.
* Strongly-types `@param` docs
* This class is marked `final` for now

Props wonderboymusic, nacin.

See #32619.

Built from https://develop.svn.wordpress.org/trunk@33891


git-svn-id: http://core.svn.wordpress.org/trunk@33860 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-03 18:17:24 +00:00
Sergey Biryukov ce05b02a59 Provide more helpful feedback than just "Cheatin' uh?" for permission errors in `wp-admin/users.php`.
props ericlewis, kraftbj, lukecarbis, mrmist.
fixes #33679. see #14530.
Built from https://develop.svn.wordpress.org/trunk@33885


git-svn-id: http://core.svn.wordpress.org/trunk@33854 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-03 08:54:24 +00:00
Sergey Biryukov b136b074bf Provide more helpful feedback than just "Cheatin' uh?" for permission errors in `wp-admin/edit.php`.
props ericlewis, kraftbj, lukecarbis, mrmist.
fixes #33671. see #14530.
Built from https://develop.svn.wordpress.org/trunk@33861


git-svn-id: http://core.svn.wordpress.org/trunk@33829 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-02 18:15:20 +00:00
Scott Taylor ef87172270 `foreach` is a statement, not a function.
See #33491.

Built from https://develop.svn.wordpress.org/trunk@33734


git-svn-id: http://core.svn.wordpress.org/trunk@33702 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-08-25 20:28:22 +00:00
Scott Taylor 3982598305 Doc block for`_wp_specialchars`: `$quote_style` can also be `string` ('single' or 'double')
See #33491.

Built from https://develop.svn.wordpress.org/trunk@33700


git-svn-id: http://core.svn.wordpress.org/trunk@33667 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-08-21 18:36:24 +00:00
Drew Jaynes 02ec47fc92 Docs: Standardize `@deprecated` tag formatting in the DocBlock for `wp_xmlrpc_server::login_pass_ok()`.
Props Alphawolf.
See #28806.

Built from https://develop.svn.wordpress.org/trunk@33677


git-svn-id: http://core.svn.wordpress.org/trunk@33644 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-08-20 22:38:25 +00:00
Scott Taylor 45fc6a3def Deprecate `post_permalink()` (Introduced in 1.0, already had a deprecated argument in 1.3), which just wraps `get_permalink()` and was only used by XML-RPC in 4 places.
Props solarissmoke.
Fixes #16982.

Built from https://develop.svn.wordpress.org/trunk@33659


git-svn-id: http://core.svn.wordpress.org/trunk@33626 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-08-20 06:24:26 +00:00
Scott Taylor 4a1f50f732 After [33325], supply a missing `post_type` in `->mw_editPost()`.
Add unit test.

Props ocean90.
Fixes #20662.

Built from https://develop.svn.wordpress.org/trunk@33612


git-svn-id: http://core.svn.wordpress.org/trunk@33579 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-08-13 15:28:27 +00:00
Drew Jaynes bed02906f2 Docs: Fix incorrect indentation for the `wp_xmlrpc_server->wp_getPostFormats()` DocBlock.
Also adds a missing return description.

Props TomHarrigan.
Fixes #33078.

Built from https://develop.svn.wordpress.org/trunk@33407


git-svn-id: http://core.svn.wordpress.org/trunk@33375 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-23 13:19:27 +00:00
Scott Taylor bf481ed496 After [33325], add a doc summary.
Fixes #20662.

Built from https://develop.svn.wordpress.org/trunk@33343


git-svn-id: http://core.svn.wordpress.org/trunk@33315 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-21 15:18:25 +00:00
Scott Taylor 432f9891f7 Ensure that private posts cannot be made sticky via Quick Edit.
DRY the logic for stickies in `wp_xmlrpc_server` by introducing `->_toggle_sticky()`.

Props wonderboymusic, obenland, chriscct7.
Fixes #20662.

Built from https://develop.svn.wordpress.org/trunk@33325


git-svn-id: http://core.svn.wordpress.org/trunk@33297 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-19 18:09:25 +00:00
Konstantin Obenland a4e803fbd4 Use `get_default_comment_status()` globally.
Also makes the filter name static and passes the post type for context.

Props valendesigns.
Fixes #31168.


Built from https://develop.svn.wordpress.org/trunk@33054


git-svn-id: http://core.svn.wordpress.org/trunk@33025 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-02 22:32:25 +00:00
Dion Hulse 2a35e075d7 XML-RPC: Only escape what we need to in `wp.editPage`, this allows for passwords with the special characters `"'` to work in a request.
Props redsweater for initial Patch.
Fixes #32703

Built from https://develop.svn.wordpress.org/trunk@32993


git-svn-id: http://core.svn.wordpress.org/trunk@32964 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-06-29 02:07:23 +00:00
Scott Taylor 5c6b63d3a6 `if` is a statment, not a function.
See #32444.

Built from https://develop.svn.wordpress.org/trunk@32800


git-svn-id: http://core.svn.wordpress.org/trunk@32771 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-06-16 20:01:25 +00:00
Scott Taylor f888767c73 `$status` shouldn't be loosely compared to `true` in `wp_xmlrpc_server::wp_deleteComment()`.
`$initial` shouldn't be loosely compared to `true` in `get_calendar()`.
`current_user_can()` shouldn't be loosely compared to `false` in `kses_init()`
`$get_all` shouldn't be loosely compared to `true` in `get_blog_details()`.
`is_array()` and `in_array()` shouldn't be loosely compared in `wpmu_validate_user_signup()`.
`$result` should by strictly compared in `check_ajax_referer()`.
`wp_verify_nonce()` should by strictly compared in `_show_post_preview()`.
`is_user_logged_in()` should not be loosly compared against `false` in `wp-signup.php`.

See #32444.

Built from https://develop.svn.wordpress.org/trunk@32733


git-svn-id: http://core.svn.wordpress.org/trunk@32704 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-06-12 17:48:26 +00:00
Scott Taylor c502a281bb After [32656], add `@access` annotations to methods that have no doc block in `wp-includes/*`.
Makes it easier to search for no doc blocks via `}[\n\t\r ]+(protected|private|public)`.

See #32444.

Built from https://develop.svn.wordpress.org/trunk@32657


git-svn-id: http://core.svn.wordpress.org/trunk@32627 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-29 21:37:24 +00:00
Scott Taylor 19b8ef0c92 `get_comments()` can return `int`, so a few places need to check if the return value is traversable before passing what is assumed to be an `array`.
See #32444.

Built from https://develop.svn.wordpress.org/trunk@32600


git-svn-id: http://core.svn.wordpress.org/trunk@32570 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-25 17:59:25 +00:00
Drew Jaynes 4c37f68b79 Fix inline documentation syntax in `wp_xmlrpc_server`.
See #32246.

Built from https://develop.svn.wordpress.org/trunk@32591


git-svn-id: http://core.svn.wordpress.org/trunk@32561 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-25 06:25:25 +00:00
Scott Taylor bd8fafea54 Use `void` instead of `null` where appropriate when pipe-delimiting `@return` types. If a `@return` only contains `void`, remove it.
See #32444.

Built from https://develop.svn.wordpress.org/trunk@32568


git-svn-id: http://core.svn.wordpress.org/trunk@32538 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-24 05:40:25 +00:00
Drew Jaynes 459ccb0d8b Add missing or incomplete argument and return descriptions for `wp_xmlrpc_server->wp_editPost()`.
Also includes many small syntax fixes for inline documentation throughout the file.

See #32246.

Built from https://develop.svn.wordpress.org/trunk@32565


git-svn-id: http://core.svn.wordpress.org/trunk@32535 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-23 19:47:25 +00:00
Drew Jaynes 2bebcf4c39 Add missing parameter and return descriptions to the DocBlock for `wp_xmlrpc_server->_convert_date_gmt()`.
See #32246.

Built from https://develop.svn.wordpress.org/trunk@32564


git-svn-id: http://core.svn.wordpress.org/trunk@32534 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-23 19:41:24 +00:00
Drew Jaynes d94d97eab6 Add missing parameter and return descriptions to the DocBlock for `wp_xmlrpc_server->_convert_date()`.
See #32246.

Built from https://develop.svn.wordpress.org/trunk@32563


git-svn-id: http://core.svn.wordpress.org/trunk@32533 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-23 19:40:24 +00:00
Drew Jaynes 9f73a3351f Fix inline documentation syntax in the DocBlock for `wp_xmlrpc_server->_prepare_taxonomy()`.
See #32246.

Built from https://develop.svn.wordpress.org/trunk@32562


git-svn-id: http://core.svn.wordpress.org/trunk@32532 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-23 19:38:25 +00:00
Drew Jaynes 8aa163e65a Fix some inline documentation syntax in the DocBlock for `wp_xmlrpc_server->minimum_args()`.
See #32246.

Built from https://develop.svn.wordpress.org/trunk@32561


git-svn-id: http://core.svn.wordpress.org/trunk@32531 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-23 19:37:26 +00:00
Drew Jaynes ebe60d1fc4 Use a valid parameter type of string for the `$name` parameter in the `xmlrpc_call` hook docs.
See #32246.

Built from https://develop.svn.wordpress.org/trunk@32560


git-svn-id: http://core.svn.wordpress.org/trunk@32530 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-23 19:36:26 +00:00
Drew Jaynes 18066945ae Add missing argument descriptions for the `$args` hash notation in `wp_xmlrpc_server->wp_getUsersBlogs()`.
See #32246.

Built from https://develop.svn.wordpress.org/trunk@32559


git-svn-id: http://core.svn.wordpress.org/trunk@32529 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-23 19:33:27 +00:00
Drew Jaynes c76493d29b Properly notate the inline link to the `xmlrpc_blog_options` filter in the description for `wp_xmlrpc_server->initialise_blog_option_info()`.
See #30224.

Built from https://develop.svn.wordpress.org/trunk@32558


git-svn-id: http://core.svn.wordpress.org/trunk@32528 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-23 19:30:26 +00:00
Drew Jaynes ed0421e7de Add a proper return description for the `wp_xmlrpc_server->addTwoNumbers()` method.
See [30181]. See #30224.

Built from https://develop.svn.wordpress.org/trunk@32557


git-svn-id: http://core.svn.wordpress.org/trunk@32527 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-23 19:26:26 +00:00
Drew Jaynes 7a93dda2d2 Add proper descriptions for the `$methods`, `$blog_options`, and `$error` properties in `wp_xmlrpc_server`.
See [30181]. See #30224.

Built from https://develop.svn.wordpress.org/trunk@32556


git-svn-id: http://core.svn.wordpress.org/trunk@32526 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-23 19:23:25 +00:00
Scott Taylor ecf4c668b3 Upgrade the doc blocks in `class-wp-xmlrpc-server.php`. Rehabilitate some unfortunate use of tabbing.
See #32444.

Built from https://develop.svn.wordpress.org/trunk@32550


git-svn-id: http://core.svn.wordpress.org/trunk@32520 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-22 19:37:24 +00:00
Dominik Schilling 60c9fdf9fd Merge similar error strings for invalid data.
props pavelevap.
fixes #32329.
Built from https://develop.svn.wordpress.org/trunk@32477


git-svn-id: http://core.svn.wordpress.org/trunk@32447 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-09 21:09:25 +00:00
Sergey Biryukov 7a6cba1308 Remove duplicate string with a typo, merge it with an existing string.
props pavelevap.
fixes #32020.
Built from https://develop.svn.wordpress.org/trunk@32209


git-svn-id: http://core.svn.wordpress.org/trunk@32182 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-20 15:27:25 +00:00
John Blackbourn c996169c04 Correctly set the post author in `wp_xmlrpc_server::mw_editPost()` when the current user is not the author of the post.
Props redsweater, markoheijnen, DrewAPicture
Fixes #24916

Built from https://develop.svn.wordpress.org/trunk@31983


git-svn-id: http://core.svn.wordpress.org/trunk@31962 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-02 15:49:30 +00:00
Sergey Biryukov 53a704a67a Fix a typo in [30138].
see #30224.
Built from https://develop.svn.wordpress.org/trunk@31279


git-svn-id: http://core.svn.wordpress.org/trunk@31260 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-25 09:48:21 +00:00
Scott Taylor fe6b5983df In PHP 5.0.0, `is_a()` became deprecated in favour of the `instanceof` operator. Calling `is_a()` would result in an `E_STRICT` warning.
In PHP 5.3.0, `is_a()` is no longer deprecated, and will therefore no longer throw `E_STRICT` warnings.

To avoid warnings in PHP < 5.3.0, convert all `is_a()` calls to `$var instanceof WP_Class` calls.

`instanceof` does not throw any error if the variable being tested is not an object, it simply returns `false`.

Props markoheijnen, wonderboymusic.
Fixes #25672.

Built from https://develop.svn.wordpress.org/trunk@31188


git-svn-id: http://core.svn.wordpress.org/trunk@31169 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-16 01:06:24 +00:00
Scott Taylor 0e84d59de5 In `wp_xmlrpc_server`, only allow `__call()` to run against `->_multisite_getUsersBlogs()`.
See #30891.

Built from https://develop.svn.wordpress.org/trunk@31149


git-svn-id: http://core.svn.wordpress.org/trunk@31130 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-11 22:31:22 +00:00
Scott Taylor 0a511680f4 Adding a `@return` annotation to constructors is generally not recommended as a constructor does not have a meaningful return value. Constructors do not have meaningful return values, anything that is returned from here is discarded.
See #30799.

Built from https://develop.svn.wordpress.org/trunk@31126


git-svn-id: http://core.svn.wordpress.org/trunk@31107 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-10 06:54:23 +00:00
Scott Taylor ac6fddee35 In `wp_xmlrpc_server`, remove dead code.
See #30799.

Built from https://develop.svn.wordpress.org/trunk@31092


git-svn-id: http://core.svn.wordpress.org/trunk@31073 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-08 07:21:22 +00:00
Scott Taylor 60b0cd7943 The keyword `elseif` should be used instead of `else if` so that all control keywords look like single words.
This was a mess, is now standardized across the codebase, except for a few 3rd-party libs. 

See #30799.

Built from https://develop.svn.wordpress.org/trunk@31090


git-svn-id: http://core.svn.wordpress.org/trunk@31071 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-08 07:05:25 +00:00
Scott Taylor ac4e67b82e Perl-style comments should not be used
See #30799.

Built from https://develop.svn.wordpress.org/trunk@31079


git-svn-id: http://core.svn.wordpress.org/trunk@31060 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-08 05:52:24 +00:00
Scott Taylor e619abda6e Improve various `@param` docs for `src/wp-includes/*`.
See #30224.

Built from https://develop.svn.wordpress.org/trunk@30681


git-svn-id: http://core.svn.wordpress.org/trunk@30671 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-12-01 01:34:24 +00:00
Scott Taylor c598d35e41 Almost every method in `wp_xmlrpc_server` can also return `IXR_Error` and should be labeled as such. Rehabilitate some `return` syntax.
See #30224.

Built from https://develop.svn.wordpress.org/trunk@30181


git-svn-id: http://core.svn.wordpress.org/trunk@30181 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-03 03:04:22 +00:00
Scott Taylor be707cd614 In `wp_xmlrpc_server` methods, for comprehensibility:
* initialize arrays in loops, instead of overriding an uninitialized array each time
* in `->blogger_getRecentPosts()` and `->mw_getRecentPosts()`, remove the extra loops by only setting one `array`

See #30224.

Built from https://develop.svn.wordpress.org/trunk@30153


git-svn-id: http://core.svn.wordpress.org/trunk@30153 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-01 19:45:25 +00:00
Scott Taylor 65ab0a188e In `wp_xmlrpc_server->pingback_ping()`, remove the internal variable `$way` each time it is set and not used.
See #30224.

Built from https://develop.svn.wordpress.org/trunk@30139


git-svn-id: http://core.svn.wordpress.org/trunk@30139 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-01 01:50:21 +00:00
Scott Taylor 4f6745e9aa In `wp_xmlrpc_server` methods, don't set `$blog_id` internally if it is never used, which is almost always. Updates the docs.
See #30224.

Built from https://develop.svn.wordpress.org/trunk@30138


git-svn-id: http://core.svn.wordpress.org/trunk@30138 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-01 01:44:23 +00:00
Scott Taylor 0d3270282d In `wp_xmlrpc_server->_prepare_comment()`, `$comment_date` is set internally but never used.
See #30224.

Built from https://develop.svn.wordpress.org/trunk@30137


git-svn-id: http://core.svn.wordpress.org/trunk@30137 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-01 01:29:24 +00:00
Sergey Biryukov a32a75b9f4 XML-RPC: Check if category support was added for pages before calling wp_get_post_categories() to avoid unnecessary query in wp.getPage.
props markoheijnen, nprasath002.
fixes #17920.
Built from https://develop.svn.wordpress.org/trunk@29731


git-svn-id: http://core.svn.wordpress.org/trunk@29505 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-09-11 13:56:15 +00:00
Sergey Biryukov 871d808588 XML-RPC: Avoid a PHP notice in pingback_ping() method.
props jesin, simonp303.
fixes #29177.
Built from https://develop.svn.wordpress.org/trunk@29464


git-svn-id: http://core.svn.wordpress.org/trunk@29242 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-08-11 15:19:18 +00:00
Peter Westwood 1f147d24b1 XMLRPC: Switch the file deletion alias to be deleteFile to more closely make uploadFile.
Fixes #5310 props SergeyBiryukov.

Built from https://develop.svn.wordpress.org/trunk@29255


git-svn-id: http://core.svn.wordpress.org/trunk@29038 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-07-20 14:02:15 +00:00
Drew Jaynes 3665b5a1a1 Add periods to short descriptions for magic methods added in [28501], [28521], and [28524].
See #22234 and #28885.

Built from https://develop.svn.wordpress.org/trunk@29165


git-svn-id: http://core.svn.wordpress.org/trunk@28949 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-07-14 01:12:14 +00:00
Drew Jaynes 5f87736bc4 Fill out inline documentation for the `__call()` magic method added to the `wp_xmlrpc_server` class in [28515].
See #22234 and #28885.

Built from https://develop.svn.wordpress.org/trunk@29161


git-svn-id: http://core.svn.wordpress.org/trunk@28945 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-07-14 00:46:15 +00:00
Peter Westwood 105d9ce9cc XMLRPC: Restore support in wp.newPost for dates to be supplied in the structured dateTime.iso8601 format as well as still supporting dates specified as strings.
Fixes #28601.

Built from https://develop.svn.wordpress.org/trunk@29063


git-svn-id: http://core.svn.wordpress.org/trunk@28849 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-07-10 14:17:15 +00:00
Sergey Biryukov 81b8b6cfbc XML-RPC: Make sure wp.newPost does not produce a fatal error when a post_date field is included in the data.
props dllh.
fixes #28601.
Built from https://develop.svn.wordpress.org/trunk@28854


git-svn-id: http://core.svn.wordpress.org/trunk@28657 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-06-26 17:43:14 +00:00
Sergey Biryukov d7f9b38c3e XML-RPC: Add wp.deleteMediaItem as an alias to wp_deletePost.
props fahmiadib.
fixes #5310.
Built from https://develop.svn.wordpress.org/trunk@28849


git-svn-id: http://core.svn.wordpress.org/trunk@28653 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-06-26 15:21:15 +00:00
Scott Taylor 05eeb16e30 Replace all uses of `like_escape()` with `$wpdb->esc_like()`.
Props miqrogroove.
See #10041.

Built from https://develop.svn.wordpress.org/trunk@28712


git-svn-id: http://core.svn.wordpress.org/trunk@28528 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-06-10 00:44:15 +00:00
Scott Taylor cd96841632 `wp_xmlrpc_server::wp_getPage()` should `return new IXR_Error(` instead of `return(new IXR_Error(`. One of the few places that is unparseable by static analysis.
See #27882.

Built from https://develop.svn.wordpress.org/trunk@28636


git-svn-id: http://core.svn.wordpress.org/trunk@28454 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-30 19:22:13 +00:00
Scott Taylor b8d469600b These functions import `$wpdb` but do not use it.
See #27882.

Built from https://develop.svn.wordpress.org/trunk@28539


git-svn-id: http://core.svn.wordpress.org/trunk@28365 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-22 17:37:14 +00:00
Scott Taylor 25a70283e1 Add missing access modifiers to methods in `wp_xmlrpc_server`. Add a magic `__call()` method for BC.
See #27881, #22234.

Built from https://develop.svn.wordpress.org/trunk@28515


git-svn-id: http://core.svn.wordpress.org/trunk@28341 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-19 06:09:13 +00:00
Scott Taylor a25e03f833 In `wp_xmlrpc_server::mw_editPost`, also set `$post_type = $postdata['post_type']`.
See #22400, [28448].


Built from https://develop.svn.wordpress.org/trunk@28453


git-svn-id: http://core.svn.wordpress.org/trunk@28280 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-16 18:06:15 +00:00
Scott Taylor 463b7c4620 Eliminate use of `extract()` in `wp_xmlrpc_server::mw_editPost()` (MetaWeblog API, y'all).
A lot of the extracted variables are overwritten by being explicitly set later. 
Only set variables that would otherwise not be present with `compact()` is called.

See #22400.

Built from https://develop.svn.wordpress.org/trunk@28448


git-svn-id: http://core.svn.wordpress.org/trunk@28275 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-16 15:19:14 +00:00
Scott Taylor 4b94efd93b Eliminate use of `extract()` in `wp_xmlrpc_server::blogger_editPost()`.
See #22400.

Built from https://develop.svn.wordpress.org/trunk@28412


git-svn-id: http://core.svn.wordpress.org/trunk@28239 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-15 03:25:15 +00:00
Drew Jaynes 5e51ea9940 Priority fixes for various existing hook documentation.
Props kpdesign.
See #26869

Built from https://develop.svn.wordpress.org/trunk@28083


git-svn-id: http://core.svn.wordpress.org/trunk@27914 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-04-12 00:01:15 +00:00
Andrew Nacin 58ca03f8ea XML-RPC: Fix bracing of conditionals around doc blocks.
props redsweater, DrewAPicture.
fixes #27506.

Built from https://develop.svn.wordpress.org/trunk@28065


git-svn-id: http://core.svn.wordpress.org/trunk@27897 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-04-10 21:04:14 +00:00
Andrew Nacin a177d8bf18 Don't pass variables by reference.
props markjaquith.
fixes #27656.

Built from https://develop.svn.wordpress.org/trunk@27957


git-svn-id: http://core.svn.wordpress.org/trunk@27787 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-04-05 18:17:14 +00:00
Andrew Nacin d8622b39d6 Forward pingback IP during pingback verification.
props tellyworth, nacin.
fixes #27613.

Built from https://develop.svn.wordpress.org/trunk@27872


git-svn-id: http://core.svn.wordpress.org/trunk@27703 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-03-31 20:43:18 +00:00
Drew Jaynes c2ebd66843 Inline documentation for hooks in wp-includes/class-wp-xmlrpc-server.php.
Props kpdesign and DrewAPicture.
Fixes #27506.

Built from https://develop.svn.wordpress.org/trunk@27730


git-svn-id: http://core.svn.wordpress.org/trunk@27567 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-03-26 05:44:16 +00:00
Drew Jaynes 8efd225e4d Inline documentation for hooks in wp-admin/includes/file.php.
Fixes #27429.

Built from https://develop.svn.wordpress.org/trunk@27672


git-svn-id: http://core.svn.wordpress.org/trunk@27515 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-03-24 02:45:15 +00:00
Andrew Nacin 5d77f8a18a XML-RPC: In wp.editPost, Remove all terms in a taxonomy when an empty array is explicitly passed.
props jstraitiff, maxcutler.
fixes #26686.

Built from https://develop.svn.wordpress.org/trunk@27554


git-svn-id: http://core.svn.wordpress.org/trunk@27397 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-03-15 05:09:14 +00:00
Andrew Nacin a9e69869c9 XML-RPC: Include 'sticky' in the struct returned from metaWeblog.getRecentPosts.
Using wp.getPosts is preferred and non-WP XML-RPC APIs are no longer actively maintained. This is simply for parity with existing MW methods.

props soulseekah.
fixes #26679.

Built from https://develop.svn.wordpress.org/trunk@27553


git-svn-id: http://core.svn.wordpress.org/trunk@27396 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-03-15 05:05:15 +00:00
Andrew Nacin eb19a09f5b Avoid saving slashed data in XML-RPC's wp.setOptions.
props danielbachhuber.
fixes #22936.

Built from https://develop.svn.wordpress.org/trunk@27551


git-svn-id: http://core.svn.wordpress.org/trunk@27394 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-03-15 04:47:13 +00:00
Drew Jaynes cb8951b0b3 Remove all `@package` and `@subpackage` PHPDoc tags not at the file- or class-levels in core.
See #27200.

Built from https://develop.svn.wordpress.org/trunk@27262


git-svn-id: http://core.svn.wordpress.org/trunk@27119 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-02-25 17:14:14 +00:00
Drew Jaynes cd8cedc40d First there were two, and now there are three -- in the @since versions that came before and that shall be. And so it will be, says nacin.
Props JustinSainton, SergeyBiryukov, DrewAPicture.
Fixes #26713.

Built from https://develop.svn.wordpress.org/trunk@26868


git-svn-id: http://core.svn.wordpress.org/trunk@26754 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-12-24 18:57:12 +00:00
Sergey Biryukov 74f77b85a6 Use get_current_site() instead of the $current_site global when possible.
props jeremyfelt.
fixes #25158.
Built from https://develop.svn.wordpress.org/trunk@26120


git-svn-id: http://core.svn.wordpress.org/trunk@26032 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-11-13 03:23:10 +00:00
Dominik Schilling 8688857816 Introduce show_in_menu for register_taxonomy.
Accepts boolean: true to show, false to hide. If not set, the default is inherited from show_ui.

fixes #20930.
Built from https://develop.svn.wordpress.org/trunk@25133


git-svn-id: http://core.svn.wordpress.org/trunk@25113 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-08-26 22:35:10 +00:00
Andrew Nacin 21a1fe8d4b Use wp_safe_remote_request() and friends instead of reject_unsafe_urls = true.
fixes #24646.



git-svn-id: http://core.svn.wordpress.org/trunk@24917 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-07-31 06:52:13 +00:00
Andrew Nacin 7f12e16e47 Limit pingback response size. fixes #4137. for trunk.
git-svn-id: http://core.svn.wordpress.org/trunk@24871 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-07-29 18:00:06 +00:00
Andrew Nacin 929def2359 XML-RPC: Recursively escape arrays as before, to avoid stomping nested objects. fixes #21767.
git-svn-id: http://core.svn.wordpress.org/trunk@24731 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-07-18 14:31:25 +00:00
Andrew Nacin 44f89293f3 Update XML-RPC comment. props DrewAPicture, fixes #24751.
git-svn-id: http://core.svn.wordpress.org/trunk@24721 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-07-17 20:19:06 +00:00
Andrew Nacin 69dbdc4951 Use wp_slash() instead of the DB layer in XML-RPC. see #21767.
git-svn-id: http://core.svn.wordpress.org/trunk@24716 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-07-16 14:38:54 +00:00
Andrew Nacin 50d0428d42 Avoid notice in XML-RPC when attaching uploads, when attachments do not have a guid in the DB. props ericmann, markoheijnen. fixes #18310.
git-svn-id: http://core.svn.wordpress.org/trunk@24639 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-07-10 06:11:12 +00:00
Andrew Nacin 49bb647dda XML-RPC: Save enclosures with a trailing new line. fixes #23219.
git-svn-id: http://core.svn.wordpress.org/trunk@24623 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-07-10 03:34:35 +00:00
Andrew Nacin b578f36b54 XML-RPC: For wp.getOptions, set readonly to true for writable options that the user does not have permission to edit.
props westi.
fixes #20201.



git-svn-id: http://core.svn.wordpress.org/trunk@24597 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-07-09 02:22:57 +00:00
Andrew Nacin c2db94d10c Use meta caps edit_post, read_post, and delete_post directly, rather than consulting the post type object. map_meta_cap() handles that for us. props markjaquith, kovshenin. fixes #23226.
git-svn-id: http://core.svn.wordpress.org/trunk@24593 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-07-08 20:05:42 +00:00
Andrew Nacin f3e96f0c60 Add strict check in wp_xmlrpc_server::set_custom_fields(). The slash strip ensures these values are the same data type, but it might not be that way forever. props xknown.
git-svn-id: http://core.svn.wordpress.org/trunk@24521 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-06-27 02:46:23 +00:00
Andrew Nacin 96ee267343 Better validation of the URL used in core HTTP requests.
git-svn-id: http://core.svn.wordpress.org/trunk@24480 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-06-21 06:07:47 +00:00
Peter Westwood 34001cb325 XMLRPC: Expose the admin and login urls as read-only options over xml-rpc to make it easier to write rich clients. Fixes #23446 props daniloercoli.
git-svn-id: http://core.svn.wordpress.org/trunk@24382 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-05-29 11:01:32 +00:00
Sergey Biryukov 5679830030 Fix typos in comments. fixes #24337.
git-svn-id: http://core.svn.wordpress.org/trunk@24255 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-05-14 18:22:54 +00:00
Sergey Biryukov 57c10eadbb Use ellipsis instead of three dots. props tjsingleton, jordie23, wojtek.szkutnik, DrewAPicture, SergeyBiryukov. see #8714.
git-svn-id: http://core.svn.wordpress.org/trunk@24207 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-05-08 21:27:31 +00:00
Sergey Biryukov c955859738 Remove \s from regex in pingback_ping() to avoid UTF-8 issues. props tenpura. fixes #24001.
git-svn-id: http://core.svn.wordpress.org/trunk@23952 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-04-10 16:29:00 +00:00
Mark Jaquith acfeb6f20f Take revision control out of the realm of a pure constant. Make it filterable.
* New filter: wp_revisions_to_keep

props ethitter, SergeyBiryukov. fixes #22289.

git-svn-id: http://core.svn.wordpress.org/trunk@23818 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-27 18:11:56 +00:00
Andrew Nacin 799ac18951 XML-RPC: Return an error for getRecentPosts (mw and blogger) if the user does not have edit_posts.
props redsweater.
fixes #22320.



git-svn-id: http://core.svn.wordpress.org/trunk@23636 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-07 06:52:37 +00:00
Ryan Boren 15a06a35ab Use wp_unslash() instead of stripslashes() and stripslashes_deep(). Use wp_slash() instead of add_magic_quotes().
see #WP21767


git-svn-id: http://core.svn.wordpress.org/trunk@23591 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-03 16:30:38 +00:00
Ryan Boren 43a7e695e9 Revert 23416, 23419, 23445 except for wp_reset_vars() changes. We are going a different direction with the slashing cleanup, so resetting to a clean slate. see #21767
git-svn-id: http://core.svn.wordpress.org/trunk@23554 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-01 16:28:40 +00:00
Andrew Nacin 5cd77fdb99 Revert [23359]. The post_author and comment_count post object fields will remain numeric strings for back compat. see #22324.
git-svn-id: http://core.svn.wordpress.org/trunk@23531 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-02-28 19:40:26 +00:00
Ryan Boren cc5ed3a485 Change all core API to expect unslashed rather than slashed arguments.
The exceptions to this are update_post_meta() and add_post_meta() which are often used by plugins in POST handlers and will continue accepting slashed data for now.

Introduce wp_upate_post_meta() and wp_add_post_meta() as unslashed alternatives to update_post_meta() and add_post_meta(). These functions could become methods in WP_Post so don't use them too heavily yet.

Remove all escape() calls from wp_xmlrpc_server. Now that core expects unslashed data this is no longer needed.

Remove addslashes(), addslashes_gpc(), add_magic_quotes() calls on data being prepared for handoff to core functions that until now expected slashed data. Adding slashes in no longer necessary.

Introduce wp_unslash() and use to it remove slashes from GPCS data before using it in core API. Almost every instance of stripslashes() in core should now be wp_unslash(). In the future (a release or three) when GPCS is no longer slashed, wp_unslash() will stop stripping slashes and simply return what is passed. At this point wp_unslash() calls can be removed from core.

Introduce wp_slash() for slashing GPCS data. This will also turn into a noop once GPCS is no longer slashed. wp_slash() should almost never be used. It is mainly of use in unit tests.

Plugins should use wp_unslash() on data being passed to core API.

Plugins should no longer slash data being passed to core. So when you get_post() and then wp_insert_post() the post data from get_post() no longer needs addslashes(). Most plugins were not bothering with this. They will magically start doing the right thing. Unfortunately, those few souls who did it properly will now have to avoid calling addslashes() for 3.6 and newer.

Use wp_kses_post() and wp_kses_data(), which expect unslashed data, instead of wp_filter_post_kses() and wp_filter_kses(), which expect slashed data. Filters are no longer passed slashed data.

Remove many no longer necessary calls to $wpdb->escape() and esc_sql().

In wp_get_referer() and wp_get_original_referer(), return unslashed data.

Remove old stripslashes() calls from WP_Widget::update() handlers. These haven't been necessary since WP_Widget.

Switch several queries over to prepare().

Expect something to break.

Props alexkingorg
see #21767


git-svn-id: http://core.svn.wordpress.org/trunk@23416 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-02-14 22:51:06 +00:00
Sergey Biryukov 1d396b8a1f Merge two different descriptions of siteurl and home options. fixes #22771.
git-svn-id: http://core.svn.wordpress.org/trunk@23363 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-02-01 01:35:37 +00:00
Sergey Biryukov 142f8bbe58 Cast post_author to string in XML-RPC methods. props markoheijnen. fixes #22324.
git-svn-id: http://core.svn.wordpress.org/trunk@23359 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-01-31 01:25:26 +00:00
Andrew Nacin 82e9c40482 Validate pingback source URIs. Less verbose errors.
git-svn-id: http://core.svn.wordpress.org/trunk@23329 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-01-22 22:30:08 +00:00
Andrew Nacin fbf4acf638 Remove XML-RPC's blogger::getTemplate and setTemplate. They are not supported and do nothing.
git-svn-id: http://core.svn.wordpress.org/trunk@22914 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-11-29 02:35:39 +00:00
Andrew Nacin 61caecfa93 Use the create_posts post type cap in more places. Remove the janky create_posts meta cap. see #16714.
git-svn-id: http://core.svn.wordpress.org/trunk@22908 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-11-28 22:28:20 +00:00
Ryan Boren 55dc9d1616 Define array to avoid notice.
Props ericmann
fixes #22479


git-svn-id: http://core.svn.wordpress.org/trunk@22622 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-11-16 22:14:57 +00:00
Peter Westwood fe99b07017 XMLRPC: When Editing an existing post make sure to use wp_update_post instead of wp_insert_post so as to not perform destructive actions on the content.
The wp.EditPost() API will accept very limited data to only edit specific attributes of a post, if you didn't supply a category change then we would previously
overwrite the original categories with the default cat.

Fixes #22220 props nacin.


git-svn-id: http://core.svn.wordpress.org/trunk@22584 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-11-14 22:58:24 +00:00
Mark Jaquith ca7b159cc7 Squash a PHP notice in the XML-RPC server.
git-svn-id: http://core.svn.wordpress.org/trunk@22560 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-11-13 22:35:41 +00:00
Ryan Boren cf596d4979 In wp_xmlrpc_server::_insert_post(), preservea valid post status instead of overwriting it with 'draft'. This preserves the 'inherit' status of attachments. Props markoheijnen. fixes #22335
git-svn-id: http://core.svn.wordpress.org/trunk@22368 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-11-05 14:44:25 +00:00
Ryan Boren 3d4470939d In wp_xmlrpc_server::_insert_post(), don't return an error if set_post_thumbnail() returns false when the attachment ID doesn't change.
Props picklepete
fixes #22204


git-svn-id: http://core.svn.wordpress.org/trunk@22277 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-10-23 14:08:20 +00:00
Andrew Nacin 64a9609aeb Reference xmlrpc.php with the 'rpc' site_url() argument to ensure a proper scheme is applied. see #18731.
git-svn-id: http://core.svn.wordpress.org/trunk@22171 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-10-10 21:55:36 +00:00
Andrew Nacin dfbe93b7a5 Improve pingback text extraction by stopping at a closing block-level tag. props Otto42. see #21914.
git-svn-id: http://core.svn.wordpress.org/trunk@22152 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-10-09 23:56:32 +00:00
Andrew Nacin c38412a62f Request WP_User objects when caling get_users() in XML-RPC's wp.getUsers method. see #18428.
git-svn-id: http://core.svn.wordpress.org/trunk@22134 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-10-07 23:33:35 +00:00
Ryan Boren 7a86de87fb Reduce use of global. Use get_blog_details() instead. fixes #22090
git-svn-id: http://core.svn.wordpress.org/trunk@22108 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-10-04 12:40:09 +00:00
Andrew Nacin 8f62dfaf00 XML-RPC: Introduce wp.getRevisions and wp.restoreRevision.
props brandondove, koke, markoheijnen, JustinSainton, maxcutler.

fixes #21397.



git-svn-id: http://core.svn.wordpress.org/trunk@22037 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-09-27 04:17:15 +00:00
Andrew Nacin 646a4fd1e9 XML-RPC: Add an if_not_modified_since argument to wp.editPost.
Accepts a GMT date, which is used to compare to the current post_modified_gmt
value for the post being edited. If the post has since been edited (as in, too
old of a date was passed), the edit is rejected as overwriting a newer version.

It is rejected with a HTTP 409 Conflict status code. (Fancy.)

props koke, markoheinjen.
Tests: [UT1049]

see #21397.



git-svn-id: http://core.svn.wordpress.org/trunk@22034 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-09-27 03:39:40 +00:00
Andrew Nacin 7078e18d82 XML-RPC: Accept 'url', not 'website' in wp.editProfile. props maxcutler. see #18428.
git-svn-id: http://core.svn.wordpress.org/trunk@21959 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-09-23 19:36:17 +00:00
Peter Westwood 2fcdb3395d XMLRPC: Support searching via wp.getPosts() fixes #21623 props ericmann.
git-svn-id: http://core.svn.wordpress.org/trunk@21936 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-09-21 10:18:32 +00:00
Andrew Nacin bf3c8017a8 Introduce the xmlrpc_login_error filter, applied to the IXR_Error being returned by the server when login() fails. props JustinSainton, fixes #21907.
git-svn-id: http://core.svn.wordpress.org/trunk@21912 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-09-19 01:36:47 +00:00
Andrew Nacin c178b59da3 XML-RPC: Have the deprecated login_pass_ok() method wrap login(). Move it below login() so the proper method is found first. see #21907.
git-svn-id: http://core.svn.wordpress.org/trunk@21910 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-09-19 01:27:21 +00:00
Andrew Nacin 3c4460fc86 Allow wp.uploadFile to upload the attachment to a post. props djzone, josephscott, maxcutler. fixes #13917.
git-svn-id: http://core.svn.wordpress.org/trunk@21896 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-09-18 19:06:27 +00:00
Andrew Nacin f431b408da Combine some strings. props pavelevap. fixes #21087.
git-svn-id: http://core.svn.wordpress.org/trunk@21857 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-09-15 19:57:05 +00:00
Andrew Nacin 6a71516a85 XML-RPC: Introduce wp.getUsers, wp.getUser, wp.getProfile, wp.editProfile.
props maxcutler.
props nprasath002 for earlier patches.

see #18428.



git-svn-id: http://core.svn.wordpress.org/trunk@21824 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-09-12 00:04:21 +00:00
Andrew Nacin f84f149445 XML-RPC: Add the 'home' option to wp.getOptons. props mrroundhill. fixes #21822.
git-svn-id: http://core.svn.wordpress.org/trunk@21805 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-09-11 01:26:38 +00:00
Andrew Nacin 26dc1e74e5 Turn XML-RPC on and remove the option on the Writing Settings page.
props markoheijnen for the initial patch.

Introduces a new filter, xmlrpc_enabled.

Respects any current callbacks registered to the pre_option_enable_xmlrpc
and option_enable_xmlrpc filters, for anyone forcing it off via code.

fixes #21509.



git-svn-id: http://core.svn.wordpress.org/trunk@21804 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-09-11 00:37:31 +00:00
Ryan Boren bf9cff8bfc Fix typo in phpdoc for wp_newPost(). Props alyssonweb. fixes #21798
git-svn-id: http://core.svn.wordpress.org/trunk@21765 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-09-05 15:36:59 +00:00
Ryan Boren c55cf716da Use set_url_scheme(). Props johnbillion, MarcusPope. see #19037 #20759
git-svn-id: http://core.svn.wordpress.org/trunk@21664 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-08-30 13:33:00 +00:00
Ryan Boren 52b3f498e6 Add tags_input, page_template, and post_category get magic to WP_Post.
Deprecate get_post_to_edit() and wp_get_single_post().
Props scribu
see #21309


git-svn-id: http://core.svn.wordpress.org/trunk@21651 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-08-28 19:08:28 +00:00
Ryan Boren f56d8278bb Remove return ref from all calls to get_post()
Return WP_Post from get_default_post_to_edit()
Replace all calls to get_page() with get_post()
see #21309


git-svn-id: http://core.svn.wordpress.org/trunk@21597 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-08-23 20:01:10 +00:00
Ryan Boren 489924938f Return post_parent, menu_order, guid, and post_mime_type from wp.getPost(). Props maxcutler. fixes #21308
git-svn-id: http://core.svn.wordpress.org/trunk@21526 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-08-15 16:06:05 +00:00
ryan d286875515 switch_to_blog() and restore_current_blog() housekeeping.
wp-includes/admin-bar.php:

* Replace get_admin_url() and get_home_url() with admin_url() and home_url() and place them inside a switch/restore. Likewise replace current_user_can_for_blog() with current_user_can(). This avoids doing multiple switch restores.

wp-includes/ms-blogs.php:

* Deprecate the $validate argument to switch_to_blog(). This avoids a not very necessary call to get_blog_details(), possibly saving a few queries.
* Use $_wp_switched and $_wp_switched_stack instead of $switched and $switched_stack to make it less likely these globals will be stomped.
* Use GLOBALS to access blog_id and other globals. I've preferred this style lately since it makes it obvious a global is being used and avoids global blog_id being stomped by a local variable.
* Lose some is_object() checks. wp_get_current_user() always returns an object, for example.
* Call the new WP_Roles::reinit() method.

wp-includes/class-wp-xmlrpc-server.php:

* Replace current_user_can_for_blog() with current_user_can() and move it inside the switch/restore pair. This eliminates a switch/restore.

wp-includes/capabilities.php:

* Use array_keys() instead of $role => $data since $data is unused. I *think* this is a bit faster.
* Introduce WP_Roles::reinit(). This reinitializes WP_Roles and is used after switch_to_blog() has already update the blog ID in the wpdb object. If a global roles array is being used instead of the db, reinit is skipped.
* current_user_can_for_blog() now does a switch/restore. It didn't before meaning it could be reinitializing the user with the wrong role information for the current blog.

wp-includes/ms-settings.php:

* Define $_wp_switched_stack and $_wp_switched. This way switch_to_blog() and restore_current_blog() can rely on it being set.

wp-settings.php:

* Instantiate the WP_Roles global. This was it is always defined during init. To remove the WP_Roles checks from WP_Role and WP_User this would probably have to move before plugins are loaded, which might not be a good thing.

wp-includes/functions.php:

* Update wp_upload_dir() to reference _wp_switched.



git-svn-id: http://core.svn.wordpress.org/trunk@21485 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-08-09 16:28:15 +00:00
ryan 5ca54e7d2f Deprecate get_blog_option(), add_blog_option(), update_blog_option(), and delete_blog_option().
Use the regular option functions wrapped in switch_to_blog() and restore_current_blog() instead.

Group multiple operations within a single switch where possible.

fixes #21432


git-svn-id: http://core.svn.wordpress.org/trunk@21414 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-08-03 17:51:42 +00:00
nacin 81c22c98f8 Don't use switch_to_blog() in wp.getUsersBlogs to improve performance and memory footprint. props mohanjith for initial patch. fixes #20665.
git-svn-id: http://core.svn.wordpress.org/trunk@21194 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-06-30 11:49:02 +00:00
nacin e0012c7e67 Initialize a variable. props maxcutler. fixes #21058.
git-svn-id: http://core.svn.wordpress.org/trunk@21158 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-06-28 19:04:42 +00:00
nacin 9b7e633336 Use set_post_format(), not wp_set_post_terms(), in XML-RPC mw_newPost and mw_editPost. props koke. see #20697.
git-svn-id: http://core.svn.wordpress.org/trunk@21145 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-06-26 21:07:12 +00:00