Commit Graph

175 Commits

Author SHA1 Message Date
Ryan Boren 43a7e695e9 Revert 23416, 23419, 23445 except for wp_reset_vars() changes. We are going a different direction with the slashing cleanup, so resetting to a clean slate. see #21767
git-svn-id: http://core.svn.wordpress.org/trunk@23554 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-01 16:28:40 +00:00
Ryan Boren cc5ed3a485 Change all core API to expect unslashed rather than slashed arguments.
The exceptions to this are update_post_meta() and add_post_meta() which are often used by plugins in POST handlers and will continue accepting slashed data for now.

Introduce wp_upate_post_meta() and wp_add_post_meta() as unslashed alternatives to update_post_meta() and add_post_meta(). These functions could become methods in WP_Post so don't use them too heavily yet.

Remove all escape() calls from wp_xmlrpc_server. Now that core expects unslashed data this is no longer needed.

Remove addslashes(), addslashes_gpc(), add_magic_quotes() calls on data being prepared for handoff to core functions that until now expected slashed data. Adding slashes in no longer necessary.

Introduce wp_unslash() and use to it remove slashes from GPCS data before using it in core API. Almost every instance of stripslashes() in core should now be wp_unslash(). In the future (a release or three) when GPCS is no longer slashed, wp_unslash() will stop stripping slashes and simply return what is passed. At this point wp_unslash() calls can be removed from core.

Introduce wp_slash() for slashing GPCS data. This will also turn into a noop once GPCS is no longer slashed. wp_slash() should almost never be used. It is mainly of use in unit tests.

Plugins should use wp_unslash() on data being passed to core API.

Plugins should no longer slash data being passed to core. So when you get_post() and then wp_insert_post() the post data from get_post() no longer needs addslashes(). Most plugins were not bothering with this. They will magically start doing the right thing. Unfortunately, those few souls who did it properly will now have to avoid calling addslashes() for 3.6 and newer.

Use wp_kses_post() and wp_kses_data(), which expect unslashed data, instead of wp_filter_post_kses() and wp_filter_kses(), which expect slashed data. Filters are no longer passed slashed data.

Remove many no longer necessary calls to $wpdb->escape() and esc_sql().

In wp_get_referer() and wp_get_original_referer(), return unslashed data.

Remove old stripslashes() calls from WP_Widget::update() handlers. These haven't been necessary since WP_Widget.

Switch several queries over to prepare().

Expect something to break.

Props alexkingorg
see #21767


git-svn-id: http://core.svn.wordpress.org/trunk@23416 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-02-14 22:51:06 +00:00
Andrew Nacin 97032e08aa Revert page on front changes. Reverts [22127] [22129] [22135] [22136]. see #16379.
git-svn-id: http://core.svn.wordpress.org/trunk@22653 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-11-19 01:28:32 +00:00
Andrew Nacin 1617e5ebdf Move the static front page saving routine to a single sanitize_option() callback for show_on_front. page_on_front and page_for_posts are now manually set by this callback, and not separately by options.php. see #16379.
git-svn-id: http://core.svn.wordpress.org/trunk@22136 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-10-08 21:25:13 +00:00
Andrew Nacin 1009245fa1 Remove the 'Size of the post box' (default_post_edit_rows) option. This will instead be handled by a user cookie tracking the resizing of both TinyMCE and the main textarea. see #21718.
git-svn-id: http://core.svn.wordpress.org/trunk@22006 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-09-26 03:17:28 +00:00
Andrew Nacin a6c93e2f65 Always attempt to embed URLs in content, removing the Auto-embeds (autoembed_urls) option.
Remove the UI for setting the default width and height for embeds. Width was confusing as it
was blank by default (inheriting the content width from the theme, or 500px). The height is
now calculated as 1.5x the content width, or 1000px, whichever is smaller.

The [embed] shortcode can still receive manual height and width attributes. This just removes
the global settings.

props wonderboymusic. see #21719.



git-svn-id: http://core.svn.wordpress.org/trunk@21998 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-09-25 07:10:09 +00:00
Andrew Nacin 85d25dacc5 Hide upload_path and upload_url_path from the Media Settings screen, assuming they are both set to their default values.
These can be set on options.php, or the UPLOADS constant or the filters in wp_upload_dir() should be used. WordPress should aim to avoid UI options that require filesystem changes as well, not to mention requiring the user to convert between paths and URLs.

fixes #21720.



git-svn-id: http://core.svn.wordpress.org/trunk@21852 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-09-14 21:00:39 +00:00
Andrew Nacin 8cbf331fa5 If an option was not sent to options.php, pass null to update_option(), rather than trimming the null and converting it to an empty string. This provides better context for sanitize_option() while still storing what ends up being an empty string either way. see #16416.
git-svn-id: http://core.svn.wordpress.org/trunk@21849 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-09-14 19:12:35 +00:00
Andrew Nacin 558a36c79f Avoid the need for a hidden input when suppressing the blog_charset option. fixes #21507.
git-svn-id: http://core.svn.wordpress.org/trunk@21842 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-09-14 03:23:06 +00:00
Andrew Nacin 7fd32ab9fc Fold Privacy Settings into Reading Settings, moving blog_public (search engine/robots) to options-reading and removing options-privacy.
When blog_public only has two values (as judged by whether the blog_privacy_selector action is used), convert from radio buttons to a checkbox, and rename from 'Site Visibility' to a more specific 'Search Engine Visibility'.

The text and implementation may change a bit. see #16416.



git-svn-id: http://core.svn.wordpress.org/trunk@21838 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-09-13 17:28:57 +00:00
Andrew Nacin 9d204841ee Remove AtomPub from core.
* Will be replaced with http://wordpress.org/extend/plugins/atom-publishing-protocol/.
 * Introduces an action, xmlrpc_rsd_apis, to add APIs to xmlrpc.php?rsd.
 * Introduces support for 'error' being 403 and 50x in class-wp.php.
 * Removes 'Remote Publishing' from Writing Settings (see [21804]). Keeps the remote_publishing settings section.

DB version is bumped to generate the new wp-app rewrite rule and remove the old enable_app option.

props wonderboymusic.
fixes #21509.



git-svn-id: http://core.svn.wordpress.org/trunk@21818 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-09-11 20:11:39 +00:00
Andrew Nacin 26dc1e74e5 Turn XML-RPC on and remove the option on the Writing Settings page.
props markoheijnen for the initial patch.

Introduces a new filter, xmlrpc_enabled.

Respects any current callbacks registered to the pre_option_enable_xmlrpc
and option_enable_xmlrpc filters, for anyone forcing it off via code.

fixes #21509.



git-svn-id: http://core.svn.wordpress.org/trunk@21804 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-09-11 00:37:31 +00:00
Andrew Nacin bfaaa3d8ab Remove unused multisite option 'language'. props wonderboymusic. fixes #21545.
git-svn-id: http://core.svn.wordpress.org/trunk@21551 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-08-20 16:43:44 +00:00
ryan e3b46b25d3 Lose EOF ?>. Clean up EOF newlines. fixes #12307
git-svn-id: http://svn.automattic.com/wordpress/trunk@19712 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-01-08 17:01:11 +00:00
ryan 616c35e71c One newline is enough.
git-svn-id: http://svn.automattic.com/wordpress/trunk@19684 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-01-05 20:10:39 +00:00
ryan 340e93324c Remove extraneous spaces. Props kenan3008, dimadin. fixes #19501 #19433
git-svn-id: http://svn.automattic.com/wordpress/trunk@19596 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-12-14 17:36:38 +00:00
markjaquith 37e23be4ed Be more consistent with ERROR: messages. fixes #15887
git-svn-id: http://svn.automattic.com/wordpress/trunk@18841 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-09-30 17:18:35 +00:00
nacin 40b0b6c65e Add option_page_capability_$option_page filter. see #14365.
git-svn-id: http://svn.automattic.com/wordpress/trunk@17986 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-05-22 21:32:22 +00:00
nacin 9cb6e158fc Switch from Panel/SubPanel to Screen in inline documentation and Codex links. props michaelh, fixes #17265.
git-svn-id: http://svn.automattic.com/wordpress/trunk@17748 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-04-28 15:24:49 +00:00
nacin ade50f7e35 Allow dfault post format selections. fixes #15882.
git-svn-id: http://svn.automattic.com/wordpress/trunk@17056 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-12-19 05:36:11 +00:00
markjaquith 7aa5cb911e Backwards compat for plugin use of updated=1. fixes #15660
git-svn-id: http://svn.automattic.com/wordpress/trunk@16706 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-12-03 10:59:20 +00:00
markjaquith 6482610f9a esc_textarea() and application for obvious textarea escaping. props alexkingorg. fixes #15454
git-svn-id: http://svn.automattic.com/wordpress/trunk@16431 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-17 17:12:01 +00:00
markjaquith fc6e89da45 Expand submit_button() capabilities. Replace all (or almost all) manual HTML instances in WP. props sbressler. see #15064
git-svn-id: http://svn.automattic.com/wordpress/trunk@16061 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-10-28 21:56:43 +00:00
scribu 799baf139c Use submit_button() in more places. See #15064
git-svn-id: http://svn.automattic.com/wordpress/trunk@15830 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-10-17 18:24:34 +00:00
nacin 5463205114 Remove default_comment_status_pages setting. Reverts [14451], [14448] for 3.0. see #12991.
git-svn-id: http://svn.automattic.com/wordpress/trunk@14650 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-05-15 04:56:56 +00:00
wpmuguru 96153a63ae add default comment status setting for pages, props messenlehner, see #12991
git-svn-id: http://svn.automattic.com/wordpress/trunk@14448 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-05-04 19:31:24 +00:00
ryan 116f361cad Don't stomp upload options when saving media options for MS sites. fixes #13182
git-svn-id: http://svn.automattic.com/wordpress/trunk@14316 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-04-30 14:31:18 +00:00
ryan 372ff2e83a Allow regular admins to change the admin email. see #13126
git-svn-id: http://svn.automattic.com/wordpress/trunk@14241 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-04-26 17:55:41 +00:00
nacin 6ec7cb4540 Use relative paths when including files, avoiding include_path. fixes #12594, props sorich87.
git-svn-id: http://svn.automattic.com/wordpress/trunk@14139 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-04-18 06:14:45 +00:00
dd32 442d41291a Tweak new strings for better typography. Props demetris. Fixes #12962
git-svn-id: http://svn.automattic.com/wordpress/trunk@14070 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-04-11 10:41:54 +00:00
nacin 73f9683d51 Move unregistered check to proper branch of code. prevents options.php panel from throwing errors. see #11730
git-svn-id: http://svn.automattic.com/wordpress/trunk@13789 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-03-21 07:38:10 +00:00
nacin adf8dd3743 Simplify the deprecated notice for unregistered settings. fixes #11730
git-svn-id: http://svn.automattic.com/wordpress/trunk@13785 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-03-21 01:49:00 +00:00
dd32 2ae741bb79 Remove reminents of 'misc' from whitelist options too. See [13745] See #12437
git-svn-id: http://svn.automattic.com/wordpress/trunk@13746 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-03-18 07:58:53 +00:00
dd32 d51a95d091 Remove the now defunct link update checker from core. Fixes #12437
git-svn-id: http://svn.automattic.com/wordpress/trunk@13744 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-03-18 07:17:55 +00:00
ryan e25a65b36a Trim trailing whitespace
git-svn-id: http://svn.automattic.com/wordpress/trunk@13733 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-03-17 16:27:25 +00:00
nacin 04ee3c93cb Fix branching, and correct deprecated version numbers. see #11730
git-svn-id: http://svn.automattic.com/wordpress/trunk@13721 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-03-16 20:59:26 +00:00
wpmuguru b1bcab8963 more descriptive message on blocking unregistered setting, see #11644, related #11730
git-svn-id: http://svn.automattic.com/wordpress/trunk@13711 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-03-15 22:00:48 +00:00
wpmuguru 1aa48c2677 block unregistered settings in multisite, see #11644, related #11730
git-svn-id: http://svn.automattic.com/wordpress/trunk@13709 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-03-15 18:10:34 +00:00
nacin cb22e5b10a Only show multisite admin email notice if the email was changed. Add a "Cancel" link so the nag doesn't stay forever if the admin ends up not changing the email. see #12192
git-svn-id: http://svn.automattic.com/wordpress/trunk@13705 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-03-15 17:18:00 +00:00
nacin 20eae9d24a Use disabled() form helper. fixes #12581
git-svn-id: http://svn.automattic.com/wordpress/trunk@13661 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-03-11 17:12:23 +00:00
wpmuguru c1b0c8e8c9 Display a warning when processing an unregistered setting, see #11730
git-svn-id: http://svn.automattic.com/wordpress/trunk@13646 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-03-10 17:44:32 +00:00
dd32 c21bb61eaf Cleanup of options.php. Adds concise&early wp_die()'s, reformats some poorly chosen branching. See #12455
git-svn-id: http://svn.automattic.com/wordpress/trunk@13627 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-03-09 10:57:49 +00:00
dd32 44308debbe Restore MultiSite checks on Upload settings, Add proper whitelisting. Props Denis-de-Bernardy. Fixes #11687
git-svn-id: http://svn.automattic.com/wordpress/trunk@13545 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-03-02 10:31:06 +00:00
dd32 90637984b6 Move Upload folder settings to Options -> Media. Props nacin. Fixes #11687
git-svn-id: http://svn.automattic.com/wordpress/trunk@13529 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-03-01 12:13:15 +00:00
nacin 833f47778f Fix typo in [13471]. Props miqrogroove, see #12417
git-svn-id: http://svn.automattic.com/wordpress/trunk@13472 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-02-27 22:54:40 +00:00
nacin 473ef7d459 Make it more obvious we're escaping values in options.php. fixes #12417
git-svn-id: http://svn.automattic.com/wordpress/trunk@13471 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-02-27 22:50:00 +00:00
ryan 08bb3568c6 Option validation error reporting. Props jeremyclarke. see #11474
git-svn-id: http://svn.automattic.com/wordpress/trunk@13177 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-02-17 17:50:42 +00:00
ryan 9469c9f02a Deprecate mu_options. Integrate directly into options.php. see #11644
git-svn-id: http://svn.automattic.com/wordpress/trunk@12825 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-01-25 21:33:49 +00:00
ryan 94859834fc i18n fixes. Props nbachiyski. fixes #11954
git-svn-id: http://svn.automattic.com/wordpress/trunk@12789 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-01-21 21:37:43 +00:00
ryan f7d7bc2dd0 Use cap checks instead of multisite and super admin checks. Add some new caps. Merge cleanup. see #11644.
git-svn-id: http://svn.automattic.com/wordpress/trunk@12753 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-01-18 22:21:36 +00:00