Commit Graph

244 Commits

Author SHA1 Message Date
Drew Jaynes 217b661703 Docs: Add missing descriptions for the `$wpdb` global in DocBlocks all the places.
See #32246.

Built from https://develop.svn.wordpress.org/trunk@35170


git-svn-id: http://core.svn.wordpress.org/trunk@35136 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-14 23:44:25 +00:00
Dominik Schilling f8c467e07a Term Meta: Prevent a "Multiple primary key defined" error during database upgrades.
You must have two spaces between the words `PRIMARY KEY` and the definition of your primary key. Yes, seriously.

See [34529].
Fixes #34210.
Built from https://develop.svn.wordpress.org/trunk@34936


git-svn-id: http://core.svn.wordpress.org/trunk@34901 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-08 11:09:26 +00:00
Jeremy Felt 9926983b66 Revert [34778], continue using `_site_option()` for the current network.
The `_network_option()` parameter order will be changing to accept `$network_id` first. The `_site_option()` functions will remain in use throughout core as our way of retrieving a network option for the current network.

See #28290.

Built from https://develop.svn.wordpress.org/trunk@34912


git-svn-id: http://core.svn.wordpress.org/trunk@34877 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-07 17:11:25 +00:00
Jeremy Felt 54512d64cb MS: Use `*_network_option()` functions throughout core.
Replaces all uses of `*_site_option()` with the corresponding "network" function.

This excludes one usage in `wp-admin/admin-footer.php` that needs more investigation.

Props spacedmonkey.
See #28290.

Built from https://develop.svn.wordpress.org/trunk@34778


git-svn-id: http://core.svn.wordpress.org/trunk@34743 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-02 19:08:26 +00:00
Boone Gorges 4e051fa421 After [35461], remove 'page_comments' from database.
* Don't set as part of initial schema.
* Delete as part of the `$unusedoptions` routine.

Props ocean90.
See #8071.
Built from https://develop.svn.wordpress.org/trunk@34562


git-svn-id: http://core.svn.wordpress.org/trunk@34526 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-25 20:50:25 +00:00
Boone Gorges 18d6b3c8dc Force comment pagination on single posts.
Previously, the 'page_comments' toggle allowed users to disable comment
pagination. This toggle was only superficial, however. Even with
'page_comments' turned on, `comments_template()` loaded all of a post's
comments into memory, and passed them to `wp_list_comments()` and
`Walker_Comment`, the latter of which produced markup for only the
current page of comments. In other words, it was possible to enable
'page_comments', thereby showing only a subset of a post's comments on a given
page, but all comments continued to be loaded in the background. This technique
scaled poorly. Posts with hundreds or thousands of comments would load slowly,
or not at all, even when the 'comments_per_page' setting was set to a
reasonable number.

Recent changesets have addressed this problem through more efficient tree-
walking, better descendant caching, and more selective queries for top-level
post comments. The current changeset completes the project by addressing the
root issue: that loading a post causes all of its comments to be loaded too.

Here's the breakdown:

* Comment pagination is now forced. Setting 'page_comments' to false leads to evil things when you have many comments. If you want to avoid pagination, set 'comments_per_page' to something high.
* The 'page_comments' setting has been expunged from options-discussion.php, and from places in the codebase where it was referenced. For plugins relying on 'page_comments', we now force the value to `true` with a `pre_option` filter.
* `comments_template()` now queries for an appropriately small number of comments. Usually, this means the `comments_per_page` value.
* To preserve the current (odd) behavior for comment pagination links, some unholy hacks have been inserted into `comments_template()`. The ugliness is insulated in this function for backward compatibility and to minimize collateral damage. A side-effect is that, for certain settings of 'default_comments_page', up to 2x the value of `comments_per_page` might be fetched at a time.
* In support of these changes, a `$format` parameter has been added to `WP_Comment::get_children()`. This param allows you to request a flattened array of comment children, suitable for feeding into `Walker_Comment`.
* `WP_Query` loops are now informed about total available comment counts and comment pages by the `WP_Comment_Query` (`found_comments`, `max_num_pages`), instead of by `Walker_Comment`.

Aside from radical performance improvements in the case of a post with many
comments, this changeset fixes a bug that caused the first page of comments to
be partial (`found_comments` % `comments_per_page`), rather than the last, as
you'd expect.

Props boonebgorges, wonderboymusic.
Fixes #8071.
Built from https://develop.svn.wordpress.org/trunk@34561


git-svn-id: http://core.svn.wordpress.org/trunk@34525 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-25 20:40:25 +00:00
Boone Gorges 8b4a5d1ec0 Introduce metadata for taxonomy terms.
Adds a new table to the database schema (`wp_termmeta`), and a set of
`*_term_meta()` API functions. `get_terms()` and `wp_get_object_terms()`
now also support 'meta_query' parameters, with syntax identical to other
uses of `WP_Meta_Query`.

When fetching terms via `get_terms()` or `wp_get_object_terms()`, metadata for
matched terms is preloaded into the cache by default. Disable this behavior
by setting the new `$update_term_meta_cache` paramater to `false`.

To maximize performance, within `WP_Query` loops, the termmeta cache is *not*
primed by default. Instead, we use a lazy-loading technique: metadata for all
terms belonging to posts in the loop is loaded into the cache the first time
that `get_term_meta()` is called within the loop.

Props boonebgorges, sirzooro.
See #10142.
Built from https://develop.svn.wordpress.org/trunk@34529


git-svn-id: http://core.svn.wordpress.org/trunk@34493 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-25 03:59:27 +00:00
Sergey Biryukov 844586e889 Add missing translator comments after [34293].
See #31851.
Built from https://develop.svn.wordpress.org/trunk@34298


git-svn-id: http://core.svn.wordpress.org/trunk@34262 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-18 18:39:23 +00:00
Scott Taylor 318cd61abf Don't use `<code>` in translation strings in `wp-admin/includes/schema.php`.
Props ramiy.
Fixes #31851.

Built from https://develop.svn.wordpress.org/trunk@34293


git-svn-id: http://core.svn.wordpress.org/trunk@34257 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-18 18:21:25 +00:00
Aaron Jorbin 10d03c1ab3 Remove support for my-hacks.php
For the last 10 years, my-hacks has been deprecated and has been throwing a deprecation notice. For the last six years, you haven't been able to enable my-hacks.php in the admin UI. That should be enough time to give developers notice. Plugins and themes seem like they might have staying power.

Fixes #33741
Props bobbingwide


Built from https://develop.svn.wordpress.org/trunk@34291


git-svn-id: http://core.svn.wordpress.org/trunk@34255 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-18 17:06:25 +00:00
Gary Pendergast 0d85038ce6 Schema: Increase the length of `wp_options.option_name`.
It's pretty easy to run over the `option_name` length, which causes undefined behaviour when inserting and retrieving options. Increasing the length from `VARCHAR(64)` to `VARCHAR(191)` significantly reduces the risk of this occurring.

Because `option_name` has a `UNIQUE` index, we can only increase it to 191 characters, rather than 255. The index can only use a prefix of 191 characters, so will incorrectly restrict long different strings that have the same prefix, if we make the column longer.

Props scribu, OriginalEXE, khromov, MikeHansenMe, netweb, pento.

Fixes #13310.


Built from https://develop.svn.wordpress.org/trunk@34030


git-svn-id: http://core.svn.wordpress.org/trunk@33999 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-11 01:26:24 +00:00
Helen Hou-Sandí 1f500055a6 Drop the hyphen from e-mail and standardize on email.
The AP Stylebook changed this in 2011, and we're woefully inconsistent, so let's go with the standard.

props morganestes, voldemortensen, niallkennedy (for patching on the previous AP style).
fixes #26156.

Built from https://develop.svn.wordpress.org/trunk@33774


git-svn-id: http://core.svn.wordpress.org/trunk@33742 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-08-28 03:17:21 +00:00
Scott Taylor 767dd35a47 Media:
When inserting an image into a post, the values in `wp.media.controller.Library` should not default to linking the image when no user settings are present.

The default display setting value for `link` is now `none`. User settings persist and will override or confirm this value based on user actions.

Props liljimmi, janhenckens, eherman24, wonderboymusic.
Fixes #31467.

Built from https://develop.svn.wordpress.org/trunk@33729


git-svn-id: http://core.svn.wordpress.org/trunk@33697 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-08-25 12:13:23 +00:00
Boone Gorges dba7c50d29 Don't run term-splitting routine on new installations.
Props pento.
Fixes #30261.
Built from https://develop.svn.wordpress.org/trunk@33621


git-svn-id: http://core.svn.wordpress.org/trunk@33588 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-08-17 14:29:25 +00:00
Scott Taylor 282e28ad81 Add `@global` annotations to (the rest of the?) `wp-admin/*` files.
Does not include list table file changes.

See #32444.

Built from https://develop.svn.wordpress.org/trunk@32643


git-svn-id: http://core.svn.wordpress.org/trunk@32613 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-29 02:06:31 +00:00
Scott Taylor b56b9b3e5c Add `@global` annotations for `wp-admin/*`.
See #32444.

Built from https://develop.svn.wordpress.org/trunk@32642


git-svn-id: http://core.svn.wordpress.org/trunk@32612 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-28 21:41:30 +00:00
Sergey Biryukov 77572cf024 Multisite: Add translator comments to default email messages with non-typical placeholders.
props yoavf.
fixes #32263.
Built from https://develop.svn.wordpress.org/trunk@32381


git-svn-id: http://core.svn.wordpress.org/trunk@32351 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-06 09:12:25 +00:00
Sergey Biryukov 12f4004989 Replace generic "Dear user" greeting in email notifications with a more personalized one.
props Ipstenu.
fixes #31217.
Built from https://develop.svn.wordpress.org/trunk@31403


git-svn-id: http://core.svn.wordpress.org/trunk@31384 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-02-10 07:47:27 +00:00
Gary Pendergast b2cf823105 WPDB: If a site is using the `utf8` charset, and their version of MySQL supports `utf8mb4`, auto-upgrade them to `utf8mb4`.
This patch also resizes some indexes, to allow for the 767 byte index size limit in standard MySQL installs.

See #21212


Built from https://develop.svn.wordpress.org/trunk@31349


git-svn-id: http://core.svn.wordpress.org/trunk@31330 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-02-06 04:51:22 +00:00
Andrew Nacin 1cf7a49ffd Adjust [29806] and revert [29807] to restore placeholder and email copy order.
Avoids unnecessarily changing a (large, carefully formatted) translated string from 4.0.

fixes #21089.

Built from https://develop.svn.wordpress.org/trunk@30742


git-svn-id: http://core.svn.wordpress.org/trunk@30732 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-12-05 01:15:26 +00:00
Drew Jaynes 66c47f29bb Correct references of `@uses $wpdb` in core documentation to use `@global`.
See #30191, [30105].
Fixes #30217.

Built from https://develop.svn.wordpress.org/trunk@30122


git-svn-id: http://core.svn.wordpress.org/trunk@30122 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-10-31 17:56:22 +00:00
Boone Gorges 502bc03090 Remove UNIQUE key from 'slug' column of terms table.
Each slug is a unique and beautiful snowflake, but let's enforce that
uniqueness elsewhere.

Props hotchkissconsulting.
Fixes #22023.
Built from https://develop.svn.wordpress.org/trunk@30056


git-svn-id: http://core.svn.wordpress.org/trunk@30056 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-10-28 18:37:18 +00:00
Scott Taylor 258496edb6 In the `wp_new_blog_notification()` email template, include the login url.
Props obenland, georgestephanis.
Fixes #21089.

Built from https://develop.svn.wordpress.org/trunk@29806


git-svn-id: http://core.svn.wordpress.org/trunk@29572 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-10-02 01:28:16 +00:00
Drew Jaynes 097dc8ee15 Fix syntax for single- and multi-line comments in wp-admin-directory files.
See #28931.

Built from https://develop.svn.wordpress.org/trunk@29206


git-svn-id: http://core.svn.wordpress.org/trunk@28990 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-07-17 09:14:16 +00:00
Andrew Nacin 4bf7cdd49b DB schema change: Add comment_author_email(10) index.
props tellyworth, pento.
fixes #21435.

Built from https://develop.svn.wordpress.org/trunk@29188


git-svn-id: http://core.svn.wordpress.org/trunk@28972 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-07-16 15:54:16 +00:00
Scott Taylor b650c4fb55 Bring the list of `upload_filetypes` for multisite into modernity based on .com upgrades and supported extensions for audio and video.
Fixes #24434.

Built from https://develop.svn.wordpress.org/trunk@28832


git-svn-id: http://core.svn.wordpress.org/trunk@28636 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-06-25 18:00:15 +00:00
Scott Taylor 05eeb16e30 Replace all uses of `like_escape()` with `$wpdb->esc_like()`.
Props miqrogroove.
See #10041.

Built from https://develop.svn.wordpress.org/trunk@28712


git-svn-id: http://core.svn.wordpress.org/trunk@28528 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-06-10 00:44:15 +00:00
Scott Taylor af860fbe84 Cleanup for `switch` statements:
* Move `default` to the bottom in `WP_Theme_Install_List_Table`
* `switch/endswitch` syntax is not supported in Hack. Switch to `switch (...) {  .... }` syntax. (A few template-type instances linger).

Fixes #28409.
See #27881.


Built from https://develop.svn.wordpress.org/trunk@28633


git-svn-id: http://core.svn.wordpress.org/trunk@28452 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-30 17:58:15 +00:00
Andrew Nacin f44e4226fa Move 'home' option to the top of populate_options().
fixes #28141.

Built from https://develop.svn.wordpress.org/trunk@28260


git-svn-id: http://core.svn.wordpress.org/trunk@28088 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-05 21:57:14 +00:00
Andrew Nacin 803d4ff54d Remove old links_recently_updated_* DB options that never had a UI.
fixes #27649.

Built from https://develop.svn.wordpress.org/trunk@27916


git-svn-id: http://core.svn.wordpress.org/trunk@27746 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-04-03 03:10:15 +00:00
Andrew Nacin ffc4ca7b01 Introduce get_site_by_path() and further rewrite the site detection process for multisite.
This is the first big step to supporting arbitrary domains and paths. In this new approach, sites are detected first where possible, then the network is inferred. Allows filtering for arbitrary path segments, smooths out some weirdness, and removes various restrictions. A sunrise plugin could do much of its work by adding filters, if those are even needed.

see #27003.

Built from https://develop.svn.wordpress.org/trunk@27359


git-svn-id: http://core.svn.wordpress.org/trunk@27209 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-03-02 22:25:14 +00:00
Sergey Biryukov 74f77b85a6 Use get_current_site() instead of the $current_site global when possible.
props jeremyfelt.
fixes #25158.
Built from https://develop.svn.wordpress.org/trunk@26120


git-svn-id: http://core.svn.wordpress.org/trunk@26032 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-11-13 03:23:10 +00:00
Drew Jaynes 4cf7175d6f Inline documentation for hooks in wp-admin/includes/schema.php.
Props johnafish, kpdesign.
Fixes #25498.

Built from https://develop.svn.wordpress.org/trunk@25938


git-svn-id: http://core.svn.wordpress.org/trunk@25897 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-10-26 20:29:10 +00:00
Andrew Nacin 27d04f9e5e Delete expired transients on database upgrades.
Reverts [25416], which had all transients being cleared. This leaves much to be desired, but we don't want a core update to be blamed for breaking a site that incorrectly assumes transients aren't transient.

props dartiss, pento.
fixes #20316.

Built from https://develop.svn.wordpress.org/trunk@25838


git-svn-id: http://core.svn.wordpress.org/trunk@25838 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-10-24 22:55:02 +00:00
Andrew Nacin 8ae8e01b67 Remove the old wp_auto_updates_maybe_update cron event. Schedule the new wp_maybe_auto_update event at 7 a.m. and 7 p.m. in the site's timezone.
see #27704.

Built from https://develop.svn.wordpress.org/trunk@25825


git-svn-id: http://core.svn.wordpress.org/trunk@25825 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-10-24 22:53:14 +00:00
Andrew Nacin 859da01c4a Delete expired transients on database upgrades.
Reverts [25416], which had all transients being cleared. This leaves much to be desired, but we don't want a core update to be blamed for breaking a site that incorrectly assumes transients aren't transient.

props dartiss, pento.
fixes #20316.

Built from https://develop.svn.wordpress.org/trunk@25838


git-svn-id: http://core.svn.wordpress.org/trunk@25750 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-10-18 07:48:09 +00:00
Andrew Nacin 6931079cec Multisite blogs table: Convert the archived field from enum to tinyint to match the other status fields. fixes #12832.
Built from https://develop.svn.wordpress.org/trunk@25448


git-svn-id: http://core.svn.wordpress.org/trunk@25369 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-09-15 23:12:11 +00:00
Andrew Nacin 52feff7a75 Clear all transients (regardless of expiration) on all database upgrades. see #20316.
Built from https://develop.svn.wordpress.org/trunk@25416


git-svn-id: http://core.svn.wordpress.org/trunk@25341 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-09-12 21:14:10 +00:00
Andrew Nacin e6bf2a293f Add populate_network_meta filter to populate_network().
props jeremyfelt.
fixes #25020.

Built from https://develop.svn.wordpress.org/trunk@25414


git-svn-id: http://core.svn.wordpress.org/trunk@25340 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-09-12 20:49:09 +00:00
Andrew Nacin 717ec20ac7 Fix comma placement in [25179].
props gradyetc.
see #15004, fixes #25298.

Built from https://develop.svn.wordpress.org/trunk@25413


git-svn-id: http://core.svn.wordpress.org/trunk@25339 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-09-12 20:16:11 +00:00
Andrew Nacin af70c14d6d Add signup_id primary key to $wpdb->signups, and add better indexes.
props josephscott, pento, barry.
see #15004.

Built from https://develop.svn.wordpress.org/trunk@25179


git-svn-id: http://core.svn.wordpress.org/trunk@25151 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-08-30 04:30:08 +00:00
Andrew Nacin f16aee063e Avoid validating wildcard hostnames in populate_network() when multisite is already activated.
props jeremyfelt.
fixes #25182.

Built from https://develop.svn.wordpress.org/trunk@25171


git-svn-id: http://core.svn.wordpress.org/trunk@25146 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-08-29 19:31:09 +00:00
Andrew Nacin 19e485ce42 In populate_network(), insert the first site as blog_id 1, overriding any auto-increment DB seed. props wpmuguru, fixes #16568.
Built from https://develop.svn.wordpress.org/trunk@25038


git-svn-id: http://core.svn.wordpress.org/trunk@25025 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-08-16 20:08:09 +00:00
Andrew Nacin c80a049db3 In populate_options(), only query the option names we are checking against. No need to load the entire table into memory. props leewillis77. fixes #24620.
git-svn-id: http://core.svn.wordpress.org/trunk@24614 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-07-09 19:14:33 +00:00
Sergey Biryukov 5c23d5908a Avoid 'Only variables should be assigned by reference' warnings during installation. props sunnyratilal. fixes #24438.
git-svn-id: http://core.svn.wordpress.org/trunk@24381 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-05-28 17:06:39 +00:00
Andrew Nacin 14e31c8ec6 Use correct option name when deleting embed_autourls. props SergeyBiryukov. see #23715.
git-svn-id: http://core.svn.wordpress.org/trunk@23902 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-04-04 15:55:53 +00:00
Ryan Boren 68b11a7c8f Use prepare instead of escape.
see #21767


git-svn-id: http://core.svn.wordpress.org/trunk@23564 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-01 17:01:01 +00:00
Ryan Boren 43a7e695e9 Revert 23416, 23419, 23445 except for wp_reset_vars() changes. We are going a different direction with the slashing cleanup, so resetting to a clean slate. see #21767
git-svn-id: http://core.svn.wordpress.org/trunk@23554 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-01 16:28:40 +00:00
Ryan Boren cc5ed3a485 Change all core API to expect unslashed rather than slashed arguments.
The exceptions to this are update_post_meta() and add_post_meta() which are often used by plugins in POST handlers and will continue accepting slashed data for now.

Introduce wp_upate_post_meta() and wp_add_post_meta() as unslashed alternatives to update_post_meta() and add_post_meta(). These functions could become methods in WP_Post so don't use them too heavily yet.

Remove all escape() calls from wp_xmlrpc_server. Now that core expects unslashed data this is no longer needed.

Remove addslashes(), addslashes_gpc(), add_magic_quotes() calls on data being prepared for handoff to core functions that until now expected slashed data. Adding slashes in no longer necessary.

Introduce wp_unslash() and use to it remove slashes from GPCS data before using it in core API. Almost every instance of stripslashes() in core should now be wp_unslash(). In the future (a release or three) when GPCS is no longer slashed, wp_unslash() will stop stripping slashes and simply return what is passed. At this point wp_unslash() calls can be removed from core.

Introduce wp_slash() for slashing GPCS data. This will also turn into a noop once GPCS is no longer slashed. wp_slash() should almost never be used. It is mainly of use in unit tests.

Plugins should use wp_unslash() on data being passed to core API.

Plugins should no longer slash data being passed to core. So when you get_post() and then wp_insert_post() the post data from get_post() no longer needs addslashes(). Most plugins were not bothering with this. They will magically start doing the right thing. Unfortunately, those few souls who did it properly will now have to avoid calling addslashes() for 3.6 and newer.

Use wp_kses_post() and wp_kses_data(), which expect unslashed data, instead of wp_filter_post_kses() and wp_filter_kses(), which expect slashed data. Filters are no longer passed slashed data.

Remove many no longer necessary calls to $wpdb->escape() and esc_sql().

In wp_get_referer() and wp_get_original_referer(), return unslashed data.

Remove old stripslashes() calls from WP_Widget::update() handlers. These haven't been necessary since WP_Widget.

Switch several queries over to prepare().

Expect something to break.

Props alexkingorg
see #21767


git-svn-id: http://core.svn.wordpress.org/trunk@23416 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-02-14 22:51:06 +00:00
Andrew Nacin d08bf937de Comment that the add_users capability was never used and has its days numbered. see #16719.
git-svn-id: http://core.svn.wordpress.org/trunk@22300 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-10-25 20:18:24 +00:00