Ryan Boren
53f9496a2f
Introduce wp_slash() and wp_unslash(). This will be used to cleanup the myriad calls to addslashes*, add_magic_quotes, stripslashes*. see #21767
...
git-svn-id: http://core.svn.wordpress.org/trunk@23555 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-01 16:34:48 +00:00
Ryan Boren
43a7e695e9
Revert 23416, 23419, 23445 except for wp_reset_vars() changes. We are going a different direction with the slashing cleanup, so resetting to a clean slate. see #21767
...
git-svn-id: http://core.svn.wordpress.org/trunk@23554 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-01 16:28:40 +00:00
Andrew Nacin
b88b1c1f53
Move revisions/autosave and post format functions from wp-includes/post.php into revision.php and post-formats.php.
...
git-svn-id: http://core.svn.wordpress.org/trunk@23466 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-02-21 21:24:34 +00:00
Helen Hou-Sandí
6d49a9cc8c
Output fallbacks / theme compat for post format metadata.
...
* Currently handles link, quote, image, gallery, audio, and video formats.
* `add_theme_support()` for a given post format is now an indicator that the theme handles format-specific metadata.
* If no support for a given format is defined, fallback output will be generated and hooked onto the_content if a post has metadata for that format.
* Fallbacks attempt to be smart about not duplicating data already appearing in the post content itself. Gallery is particularly liberal, looking for any instance of the gallery shortcode in the content, not just an exact match to the gallery shortcode defined in the format-specific meta.
* Compat output defaults to being wrapped in a `div` with a class of `post-format-content`.
Theme authors: please test and evaluate, keeping in mind that the goal is to support user expectations of not losing format-specific data they've entered in the admin when viewing the front-end of their site.
props wonderboymusic, beaulebens, helen. see #23347 .
git-svn-id: http://core.svn.wordpress.org/trunk@23450 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-02-18 19:22:58 +00:00
Sergey Biryukov
8fb830eeda
Fix typos in phpdoc. props markmcwilliams. fixes #23481 .
...
git-svn-id: http://core.svn.wordpress.org/trunk@23434 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-02-15 18:59:56 +00:00
Ryan Boren
cc5ed3a485
Change all core API to expect unslashed rather than slashed arguments.
...
The exceptions to this are update_post_meta() and add_post_meta() which are often used by plugins in POST handlers and will continue accepting slashed data for now.
Introduce wp_upate_post_meta() and wp_add_post_meta() as unslashed alternatives to update_post_meta() and add_post_meta(). These functions could become methods in WP_Post so don't use them too heavily yet.
Remove all escape() calls from wp_xmlrpc_server. Now that core expects unslashed data this is no longer needed.
Remove addslashes(), addslashes_gpc(), add_magic_quotes() calls on data being prepared for handoff to core functions that until now expected slashed data. Adding slashes in no longer necessary.
Introduce wp_unslash() and use to it remove slashes from GPCS data before using it in core API. Almost every instance of stripslashes() in core should now be wp_unslash(). In the future (a release or three) when GPCS is no longer slashed, wp_unslash() will stop stripping slashes and simply return what is passed. At this point wp_unslash() calls can be removed from core.
Introduce wp_slash() for slashing GPCS data. This will also turn into a noop once GPCS is no longer slashed. wp_slash() should almost never be used. It is mainly of use in unit tests.
Plugins should use wp_unslash() on data being passed to core API.
Plugins should no longer slash data being passed to core. So when you get_post() and then wp_insert_post() the post data from get_post() no longer needs addslashes(). Most plugins were not bothering with this. They will magically start doing the right thing. Unfortunately, those few souls who did it properly will now have to avoid calling addslashes() for 3.6 and newer.
Use wp_kses_post() and wp_kses_data(), which expect unslashed data, instead of wp_filter_post_kses() and wp_filter_kses(), which expect slashed data. Filters are no longer passed slashed data.
Remove many no longer necessary calls to $wpdb->escape() and esc_sql().
In wp_get_referer() and wp_get_original_referer(), return unslashed data.
Remove old stripslashes() calls from WP_Widget::update() handlers. These haven't been necessary since WP_Widget.
Switch several queries over to prepare().
Expect something to break.
Props alexkingorg
see #21767
git-svn-id: http://core.svn.wordpress.org/trunk@23416 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-02-14 22:51:06 +00:00
Sergey Biryukov
9b347300e5
Correct the documentation for balanceTags(). Remove unnecessary boolean inversion. props TobiasBg. fixes #22537 .
...
git-svn-id: http://core.svn.wordpress.org/trunk@23368 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-02-01 22:20:06 +00:00
Sergey Biryukov
8cfd9e3c81
PHPDoc fixes and additions. props bananastalktome, DrewAPicture. fixes #23313 .
...
git-svn-id: http://core.svn.wordpress.org/trunk@23365 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-02-01 18:07:08 +00:00
Sergey Biryukov
8dbeee25b9
Use digraphs for German umlauts in remove_accents(). props SergeyBiryukov, ocean90. fixes #3782 .
...
git-svn-id: http://core.svn.wordpress.org/trunk@23361 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-01-31 01:55:09 +00:00
Andrew Ozz
50ceba1323
Autop: <samp> is not a block tag, props toscho, fixes #18807
...
git-svn-id: http://core.svn.wordpress.org/trunk@23327 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-01-22 19:05:21 +00:00
Andrew Nacin
c9a6c4ba0c
Treat URL schemes as case insensitive when sanitizing them in esc_url().
...
props mdawaffe.
fixes #23187 .
tests: [1184/tests]
git-svn-id: http://core.svn.wordpress.org/trunk@23303 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-01-17 15:07:32 +00:00
Peter Westwood
f683fc7677
Tighten our braces. Fixes #23118 props evansolomon.
...
git-svn-id: http://core.svn.wordpress.org/trunk@23265 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-01-04 10:13:51 +00:00
Helen Hou-Sandí
ba9220bd1f
s/Santizes/Sanitizes/ in phpdoc for sanitize_html_class(). props cais. fixes #22890 .
...
git-svn-id: http://core.svn.wordpress.org/trunk@23189 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-12-20 15:40:37 +00:00
Andrew Nacin
11e2073d89
Remove additional acute accents from permalink slugs via sanitize_title_with_dashes(). props SergeyBiryukov. fixes #22395 .
...
git-svn-id: http://core.svn.wordpress.org/trunk@23176 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-12-13 09:59:28 +00:00
Andrew Nacin
97032e08aa
Revert page on front changes. Reverts [22127] [22129] [22135] [22136]. see #16379 .
...
git-svn-id: http://core.svn.wordpress.org/trunk@22653 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-11-19 01:28:32 +00:00
Andrew Nacin
a73aa40cb5
Avoid an uncaught exception in get_gmt_from_date(). The return value is imperfect - date( $format, 0 ) - but better than a fatal error. props wonderboymusic. fixes #20942 .
...
git-svn-id: http://core.svn.wordpress.org/trunk@22435 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-11-07 20:07:41 +00:00
Jon Cave
df39c7be71
Update shortcode regular expression commentary. See #17657 .
...
git-svn-id: http://core.svn.wordpress.org/trunk@22401 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-11-06 14:47:33 +00:00
Ryan Boren
3757d63f6b
Allow hyphens in shortcode names.
...
Props kovshenin, solarissmoke, aaroncampbell
fixes #17657
git-svn-id: http://core.svn.wordpress.org/trunk@22382 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-11-05 22:27:36 +00:00
Ryan Boren
21d6dbc4a8
Fix wp_basename() for Windows by replacing %5C with /.
...
Props SergeyBiryukov
fixes #22138
git-svn-id: http://core.svn.wordpress.org/trunk@22310 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-10-25 22:31:17 +00:00
Ryan Boren
80a142c6a4
Pass each url in ping_sites through esc_url_raw() upin save. This ensures the urls have a valid protocol and avoids "Unable to parse URL" warning in WP_Http. Props SergeyBiryukov. fixes #21966
...
git-svn-id: http://core.svn.wordpress.org/trunk@22255 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-10-17 17:44:40 +00:00
Andrew Nacin
853184672d
Set show_on_front to 'posts' when no value is set. This occurs when the show_on_front checkbox is left unchecked and then sent through options.php. fixes #22131 .
...
git-svn-id: http://core.svn.wordpress.org/trunk@22135 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-10-08 18:41:19 +00:00
Andrew Nacin
1009245fa1
Remove the 'Size of the post box' (default_post_edit_rows) option. This will instead be handled by a user cookie tracking the resizing of both TinyMCE and the main textarea. see #21718 .
...
git-svn-id: http://core.svn.wordpress.org/trunk@22006 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-09-26 03:17:28 +00:00
Andrew Nacin
a6c93e2f65
Always attempt to embed URLs in content, removing the Auto-embeds (autoembed_urls) option.
...
Remove the UI for setting the default width and height for embeds. Width was confusing as it
was blank by default (inheriting the content width from the theme, or 500px). The height is
now calculated as 1.5x the content width, or 1000px, whichever is smaller.
The [embed] shortcode can still receive manual height and width attributes. This just removes
the global settings.
props wonderboymusic. see #21719 .
git-svn-id: http://core.svn.wordpress.org/trunk@21998 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-09-25 07:10:09 +00:00
Andrew Nacin
557d9313a7
Introduce constants to allow for easier expression of time periods in seconds. Adds MINUTE_IN_SECONDS, HOUR_IN_SECONDS, DAY_IN_SECONDS, WEEK_IN_SECONDS, YEAR_IN_SECONDS. props nbachiyski, SergeyBiryukov. fixes #20987 .
...
git-svn-id: http://core.svn.wordpress.org/trunk@21996 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-09-25 05:26:19 +00:00
Andrew Nacin
0d37467603
Move sanitization for the multisite illegal_names, limited_email_domains, and banned_email_domains options to sanitize_option(). props wonderboymusic. fixes #21552 .
...
git-svn-id: http://core.svn.wordpress.org/trunk@21993 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-09-25 01:54:12 +00:00
Andrew Nacin
8fd2fb4998
Synchronize block-level elements between the JS and PHP versions of wpautop. props SergeyBiryukov. fixes #18534 .
...
git-svn-id: http://core.svn.wordpress.org/trunk@21888 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-09-18 17:32:44 +00:00
Andrew Nacin
1beb18d241
Add Pinyin diacritics to remove_accents(). Remove these diacritics in sanitize_title_with_dashes() on save as well. props bolo1988, SergeyBiryukov. fixes #20772 .
...
git-svn-id: http://core.svn.wordpress.org/trunk@21859 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-09-15 20:01:08 +00:00
Andrew Nacin
a8a78b8975
"[ ] Discourage search engines from indexing this site". fixes #16416 .
...
git-svn-id: http://core.svn.wordpress.org/trunk@21851 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-09-14 20:26:20 +00:00
Andrew Nacin
f4c9c9ce0d
Use the non-slashing variants of kses functions in sanitize_option() to avoid slash ping pong. fixes #21892 .
...
git-svn-id: http://core.svn.wordpress.org/trunk@21850 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-09-14 19:32:53 +00:00
Andrew Nacin
f54edf701a
When balancing tags, properly close tags that shouldn't be self-closed but are. Support all self-closing tags.
...
props coffee2code.
fixes #1597 .
git-svn-id: http://core.svn.wordpress.org/trunk@21828 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-09-13 16:39:06 +00:00
Andrew Nacin
e75671452c
Properly delimit URLs by \r, \n, \t *or* a space in sanitize_trackback_urls(). Fixes multiple trackback URL usage. props SergeyBiryukov, fixes #21624 for trunk.
...
git-svn-id: http://core.svn.wordpress.org/trunk@21718 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-09-04 03:36:19 +00:00
nacin
81ae841eba
Only run stripslashes() in stripslashes_deep() for strings, not other scalar values. props Kawauso, knutsp. props coffee2code for [UT698]. fixes #18026 .
...
git-svn-id: http://core.svn.wordpress.org/trunk@21292 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-07-20 15:14:26 +00:00
nacin
6c2720b7d1
HTML object tags are self-nestable. props coffee2code. fixes #20401 .
...
git-svn-id: http://core.svn.wordpress.org/trunk@21250 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-07-09 19:27:44 +00:00
markjaquith
d644bc50b0
Collapse an i18n context to make it more accurate and to make for one less string to translate. props pavelevap. fixes #21137
...
git-svn-id: http://core.svn.wordpress.org/trunk@21242 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-07-09 05:08:43 +00:00
markjaquith
d65e49c9f3
Bunch of PHPDoc corrections and cleanups. props c3mdigital. props SergeyBiryukov. fixes #21149
...
git-svn-id: http://core.svn.wordpress.org/trunk@21241 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-07-09 05:03:53 +00:00
ryan
c0339644ea
Shears of vigorous pinking.
...
git-svn-id: http://core.svn.wordpress.org/trunk@20944 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-05-27 16:25:43 +00:00
westi
b36c335b7a
i18n: Update the word splitting we use when trimming strings to build excerpts so that it has support for a character based mode for locales where character splitting is more approproate like Japan.
...
See #16079 props tenpura.
git-svn-id: http://core.svn.wordpress.org/trunk@20859 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-05-23 21:04:35 +00:00
nacin
d74bcb4a14
Add Vietnamese vowels to remove_accents(). props SergeyBiryukov. fixes #17738 .
...
git-svn-id: http://core.svn.wordpress.org/trunk@20687 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-05-02 16:55:16 +00:00
nacin
874cd9077f
Add characters to be stripped or replaced in sanitize_title_with_dashes().
...
* Replace times (multiplication sign) with x.
* Strip low quotation marks and other curly quotes we don't already deal with.
props SergeyBiryukov. fixes #19820 .
git-svn-id: http://core.svn.wordpress.org/trunk@20686 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-05-02 16:37:42 +00:00
markjaquith
38dffbfe04
Ignore this. Just need an un-synced-to-GitHub commit so I can switch to using the new core.svn.wordpress.org URL.
...
git-svn-id: http://core.svn.wordpress.org/trunk@20672 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-05-01 21:05:02 +00:00
nacin
32c8d41cde
Properly convert two special Z characters in convert_chars(). props Namely, SergeyBiryukov. fixes #20503 .
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@20653 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-04-30 21:20:50 +00:00
nacin
3f51df65e0
Run rawurlencode_deep() through the parsed query in canonical. (Introduces rawurlencode_deep().) props toppa for the initial patch. fixes #20143 .
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@20611 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-04-27 15:40:00 +00:00
duck_
7d8a08881e
Recognise protocols other than "http" in _links_add_base(). Props SergeyBiryukov. Fixes #19665 .
...
Previously "https" URLs used in plugin READMEs displayed by install_plugin_information() would have the plugin's extend URL prepended.
git-svn-id: http://svn.automattic.com/wordpress/trunk@20466 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-04-14 19:14:10 +00:00
ryan
be5802b0f1
Don't attempt to make links inside attributes clickable. Props duck_ azaozz. fixes #20418
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@20443 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-04-11 21:14:13 +00:00
azaozz
b358b4accc
Do not process <pre> tags with wpautop, replace them with placeholders, process the rest of the content and then put them back. Part props kurtpayne, see #19855
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@20307 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-03-28 15:43:31 +00:00
nacin
248843afc4
<input> is not a block-level element; do not treat it like one in wpautop(). props SergeyBiryukov. props kurtpayne for the unit test. fixes #16456 .
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@20078 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-03-02 19:59:50 +00:00
azaozz
73c87020c7
HTML in image captions, first run, see #18311
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@19982 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-02-24 01:58:18 +00:00
nacin
8961a61f89
Combine two identical case statements.
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@19933 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-02-16 15:42:02 +00:00
nacin
66f64c7c01
Use correct reference in regex. props danielbachhuber, fixes #20018 .
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@19907 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-02-10 22:28:37 +00:00
duck_
5648dd3547
Add @since and @access tag to _split_str_by_whitespace(). Props ocean90. See #16892 .
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@19900 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-02-10 13:57:21 +00:00
duck_
d8a694d8ac
Improve efficiency of make_clickable(). Props mdawaffe. Fixes #16892 .
...
Not only does this improve general performance, but also helps to prevent
segfaults caused by malicious input to the regular expression. The regular
expression is also simplified to help readability and maintenance.
git-svn-id: http://svn.automattic.com/wordpress/trunk@19899 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-02-10 13:42:15 +00:00
nacin
2aec12b287
wptexturize() does not need to staticize variables it only uses to set up variables it needs statically. see #19602 .
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@19796 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-01-31 14:28:30 +00:00
nacin
1b7effa6eb
Allow the single quotes, apostrophes, and primes in wptexturize() to be translated. Allows replacements to be disabled by translating them back to " and '. fixes #19602 .
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@19795 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-01-31 14:06:32 +00:00
ryan
e3b46b25d3
Lose EOF ?>. Clean up EOF newlines. fixes #12307
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@19712 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-01-08 17:01:11 +00:00
ryan
3eaf083995
Introduce sanitize_trackback_urls(). Don't ping bad urls. Don't ping bad urls or save them to the DB. Props xknown, SergeyBiryukov. fixes #17560
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@19675 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-01-04 19:45:13 +00:00
nacin
2ba0d300c4
Correct the documentation for balanceTags(). props mdawaffe, fixes #19576 .
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@19601 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-12-16 20:57:05 +00:00
ryan
07ff8b216b
Use one space, not two, after trailing punctuation. fixes #19537
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@19593 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-12-13 23:45:31 +00:00
nacin
524284fd6b
Allow 8212/8211 (em dash and en dash) to be translated in wptexturize(). props SergeyBiryukov, fixes #15556 .
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@19187 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-11-06 18:31:54 +00:00
nacin
b2560a3025
Add a few characters to remove_accents(). props SergeyBiryukov. props ampt for [UT471]. fixes #9591 .
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@19125 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-11-02 23:08:05 +00:00
ryan
91bc97be7b
Allow 0 - 9 in tag_escape(). Props sirzooro. fixes #18765
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@18955 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-10-12 20:34:14 +00:00
ryan
80351b789d
Avoid preg backtrack limit errors with large posts when processing shortcodes. Props mdawaffe. fixes #15600
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@18952 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-10-12 16:50:30 +00:00
ryan
b3054bd18f
phpdoc fix for zeroise(). Props trepmal. fixes #18854
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@18877 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-10-04 16:02:33 +00:00
duck_
4171ea192b
Introduce wp_allowed_protocols() for use in wp_kses() and esc_url(). See #18268 .
...
This allows plugins to filter the list of protocols used for esc_url() too, and helps us keep the list of protocols in sync.
git-svn-id: http://svn.automattic.com/wordpress/trunk@18826 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-09-29 22:33:51 +00:00
markjaquith
33c150d3de
Allow the text parameter in wp_trim_excerpt() to be omitted altogether, instead of requiring a blank string. props SergeyBiryukov. fixes #17492
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@18824 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-09-29 21:48:03 +00:00
nacin
07567002bb
Update esc_url() phpdoc. props sirzooro, fixes #18766 .
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@18769 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-09-24 19:52:26 +00:00
duck_
2fb95a133d
wp_strip_all_tags() in wp_trim_words() to remove CSS and JS within tags. Props evansolomon. Fixes #18726 .
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@18742 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-09-21 20:39:21 +00:00
ryan
7aedd7ec52
Run the sanitize_option_* filter for all options in sanitize_option(). Add some sanity checks for the permalink options while in there. fixes #18737
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@18738 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-09-21 19:05:06 +00:00
duck_
8cfc0fa5ec
Abstract word-trimming from wp_trim_excerpt() into wp_trim_words(). Props nacin. Fixes #16372 .
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@18732 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-09-20 17:14:23 +00:00
nacin
e5ca4fea40
Strip a number of special characters in sanitize_title_with_dashes on save. Includes quotes (curly, angle), dashes, marks, etc. props SergeyBiryukov. props ampt for the unit tests in [UT438]. see #10797 .
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@18705 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-09-18 19:53:59 +00:00
duck_
e4ed63fc6f
Fix typos in documentation (wp-includes/[a-h]). See #18560 .
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@18633 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-09-03 16:02:41 +00:00
nacin
d5cf830175
Add 'q' tag to nestable tags list in force_balance_tags(). props solarissmoke, fixes #6870 .
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@18585 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-08-23 15:37:38 +00:00
ryan
6c39a6f769
Better double encoding handling in _wp_special_chars(). Props miqrogroove.
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@18485 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-07-29 20:43:45 +00:00
ryan
55d7366c42
Recognize urls that start with a question mark as relative urls that do not require a scheme to be prepended. fixes #18260
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@18469 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-07-26 19:44:18 +00:00
westi
009b264271
Make [18456] more obvious. Fixes #16432 .
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@18465 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-07-25 13:20:07 +00:00
nacin
6185986c0e
Add pre_ent2ncr filter. props GaryJ, fixes #16432 .
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@18456 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-07-21 21:41:21 +00:00
ryan
593659b8d0
Hardening. Santizers for WPLANG and new_admin_email. Prevent stomping ID and filter. Validate locale filename. Props westi.
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@18346 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-06-27 15:56:42 +00:00
ryan
bc667be71b
Allow plus '+' character when sanitizing mime type. Props cyberhobo. fixes #17855
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@18324 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-06-20 20:05:57 +00:00
westi
fda24a53ed
Ensure we have a valid timezone identifier before trying to use it.
...
Validate the new timezone identifier during option update.
Fixes #17840 .
git-svn-id: http://svn.automattic.com/wordpress/trunk@18323 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-06-20 14:58:50 +00:00
azaozz
ae81d75d39
Fix typo in remove_accents(), props scribu, fixes #16232
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@18159 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-06-06 02:22:50 +00:00
ryan
4da684cf9a
Update @since
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@18032 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-05-25 15:47:17 +00:00
ryan
81a5f821fb
Sanitize guid on save and display. Sanitize mime type on save. Don't allow changing mime type via edit form handlers. Protect hidden meta.
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@17994 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-05-22 23:19:42 +00:00
ryan
569c17df7f
Properly anchor mime preg.
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@17990 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-05-22 23:17:09 +00:00
nacin
98bd4c0b2f
s/coma/comma/. props ocean90.
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@17982 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-05-21 15:20:25 +00:00
ryan
b2c2e302be
Revert part of [17920]. Support for empty tz must remain. Props johnjamesjacoby. fixes #17448
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@17958 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-05-18 18:56:42 +00:00
westi
65e341d0cb
Fix typos and inconsistencies in PHPdoc / function declarations. See #17414 props duck_
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@17925 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-05-14 09:50:20 +00:00
ryan
58767691f4
Remove PHP5 back compat code from get_gmt_from_date. Props technosailor. fixes #16920
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@17920 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-05-13 19:17:07 +00:00
ryan
74354459f1
Performance improvements for wptexturize(). Props solarissmoke, hakre. fixes #16684
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@17636 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-04-13 17:11:35 +00:00
nacin
14ec951269
Make underscores valid in sanitize_html_class. fixes #17067 .
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@17614 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-04-06 21:28:52 +00:00
ryan
975a6a8c8d
Reduce backtracking in make_clickable() regex. Reduce pcre.recursion_limit to avoid segfaulting. Props hakre. For trunk.
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@17570 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-03-28 21:39:16 +00:00
ryan
4d46e8d95e
Lose create_function() in links_add_target() and links_add_base_url(). esc_attr() the target to provide extra coverage for plugins. Props Justin Rainbow, nacin. For trunk
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@17459 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-02-16 19:24:18 +00:00
ryan
85f1feed84
Bring out the shears.
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@17228 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-01-06 04:11:14 +00:00
ryan
81cd855720
Don't be case sensitive to attribute names. Handle padded entities when checking for bad protocols. Normalize entities before checking for bad protocols in esc_url(). Props Mauro Gentile, duck_, miqrogroove
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@17171 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-12-29 20:45:37 +00:00
nacin
95726df854
Revert [16995] due to the way the data enters the db. props garyc40, see #15454 .
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@17142 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-12-25 18:10:59 +00:00
ryan
3a66c698ee
Remove some unnecessary esc_textarea() calls. Props garyc40. see #15454
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@17001 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-12-16 17:48:20 +00:00
markjaquith
49c11dc768
Use ENT_QUOTES in esc_textarea() in case someone uses it in a value='' situation by accident. see #15454
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@16993 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-12-16 09:24:22 +00:00
westi
60aa1d3062
Ultimate make_clickable. Fixes #14993 props filosofo
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@16948 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-12-15 13:43:30 +00:00
westi
1df7f1be64
Revert [16279] - the recursive nature of this regex doesn't play well with stack space. See #14993
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@16692 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-12-02 17:26:06 +00:00
nacin
b8ce0261df
More param fixes, props duck_. see #14783 .
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@16469 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-18 19:12:48 +00:00
ryan
847499e531
Pinking shears
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@16438 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-17 18:47:34 +00:00
markjaquith
6482610f9a
esc_textarea() and application for obvious textarea escaping. props alexkingorg. fixes #15454
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@16431 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-17 17:12:01 +00:00