Commit Graph

49 Commits

Author SHA1 Message Date
Sergey Biryukov 771b29455b Provide more helpful feedback than just "Cheatin' uh?" for permission errors in `wp-admin/includes/bookmark.php`.
props ericlewis, kraftbj, lukecarbis, mrmist.
fixes #33682. see #14530.
Built from https://develop.svn.wordpress.org/trunk@33887


git-svn-id: http://core.svn.wordpress.org/trunk@33856 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-03 08:59:24 +00:00
Scott Taylor c6a4512b1b Add missing doc blocks to `wp-admin/includes/*`.
Fix some egregious uses of tabbing.
Some functions can simply return `apply_filters(...)` instead of setting a variable that is immediately returned.

See #32444.

Built from https://develop.svn.wordpress.org/trunk@32654


git-svn-id: http://core.svn.wordpress.org/trunk@32624 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-29 20:17:26 +00:00
Scott Taylor a51dfa3971 In the style of #30947 and `default-filters.php`, add 2 new files to `wp-admin/includes`:
`admin-filters.php`
`ms-admin-filters.php`

There are random actions and filters littered among files like `misc.php`. These files contain functions that won't work outside of admin context and are typically only loaded in files that have already loaded the admin bootstrap.

See #32529.

Built from https://develop.svn.wordpress.org/trunk@32653


git-svn-id: http://core.svn.wordpress.org/trunk@32623 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-29 17:04:26 +00:00
Scott Taylor b56b9b3e5c Add `@global` annotations for `wp-admin/*`.
See #32444.

Built from https://develop.svn.wordpress.org/trunk@32642


git-svn-id: http://core.svn.wordpress.org/trunk@32612 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-28 21:41:30 +00:00
John Blackbourn d88ed475b0 Switch to a `403` response code in places where it is more appropriate than a `500` due to permissions errors.
Fixes #10551
Props nacin

Built from https://develop.svn.wordpress.org/trunk@30356


git-svn-id: http://core.svn.wordpress.org/trunk@30355 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-16 06:16:22 +00:00
Scott Taylor 5e3a64e83d Correct some types in `wp-admin/*`-location files' doc blocks.
See #30224.

Built from https://develop.svn.wordpress.org/trunk@30203


git-svn-id: http://core.svn.wordpress.org/trunk@30203 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-03 07:09:23 +00:00
Sergey Biryukov 8dacdb77be Fix wp_insert_link(), broken in [28406]/[28408].
see #22400.
Built from https://develop.svn.wordpress.org/trunk@28475


git-svn-id: http://core.svn.wordpress.org/trunk@28302 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-18 09:56:15 +00:00
Scott Taylor ff665b2f38 (REALLY) Eliminate use of `extract()` in `wp_insert_link()`.
See #22400.

Built from https://develop.svn.wordpress.org/trunk@28408


git-svn-id: http://core.svn.wordpress.org/trunk@28235 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-15 02:55:16 +00:00
Scott Taylor 5f06d0f50a Eliminate use of `extract()` in `wp_insert_link()`.
See #22400.

Built from https://develop.svn.wordpress.org/trunk@28406


git-svn-id: http://core.svn.wordpress.org/trunk@28233 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-15 02:28:14 +00:00
Drew Jaynes ec96affcad Inline documentation for hooks in wp-admin/includes/bookmark.php.
Props johnafish, kpdesign.
Fixes #25494.

Built from https://develop.svn.wordpress.org/trunk@25706


git-svn-id: http://core.svn.wordpress.org/trunk@25620 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-10-07 02:19:09 +00:00
Ryan Boren 5f809d1d22 Use wp_unslash() instead of stripslashes() and stripslashes_deep(). Use wp_slash() instead of add_magic_quotes().
see #21767


git-svn-id: http://core.svn.wordpress.org/trunk@23563 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-01 17:00:25 +00:00
Ryan Boren 43a7e695e9 Revert 23416, 23419, 23445 except for wp_reset_vars() changes. We are going a different direction with the slashing cleanup, so resetting to a clean slate. see #21767
git-svn-id: http://core.svn.wordpress.org/trunk@23554 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-01 16:28:40 +00:00
Andrew Nacin 83e0ce2ac1 Remove unused variables reset by wp_reset_vars(). Many of these haven't been used since b2. see #21767.
git-svn-id: http://core.svn.wordpress.org/trunk@23445 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-02-16 18:28:41 +00:00
Ryan Boren cc5ed3a485 Change all core API to expect unslashed rather than slashed arguments.
The exceptions to this are update_post_meta() and add_post_meta() which are often used by plugins in POST handlers and will continue accepting slashed data for now.

Introduce wp_upate_post_meta() and wp_add_post_meta() as unslashed alternatives to update_post_meta() and add_post_meta(). These functions could become methods in WP_Post so don't use them too heavily yet.

Remove all escape() calls from wp_xmlrpc_server. Now that core expects unslashed data this is no longer needed.

Remove addslashes(), addslashes_gpc(), add_magic_quotes() calls on data being prepared for handoff to core functions that until now expected slashed data. Adding slashes in no longer necessary.

Introduce wp_unslash() and use to it remove slashes from GPCS data before using it in core API. Almost every instance of stripslashes() in core should now be wp_unslash(). In the future (a release or three) when GPCS is no longer slashed, wp_unslash() will stop stripping slashes and simply return what is passed. At this point wp_unslash() calls can be removed from core.

Introduce wp_slash() for slashing GPCS data. This will also turn into a noop once GPCS is no longer slashed. wp_slash() should almost never be used. It is mainly of use in unit tests.

Plugins should use wp_unslash() on data being passed to core API.

Plugins should no longer slash data being passed to core. So when you get_post() and then wp_insert_post() the post data from get_post() no longer needs addslashes(). Most plugins were not bothering with this. They will magically start doing the right thing. Unfortunately, those few souls who did it properly will now have to avoid calling addslashes() for 3.6 and newer.

Use wp_kses_post() and wp_kses_data(), which expect unslashed data, instead of wp_filter_post_kses() and wp_filter_kses(), which expect slashed data. Filters are no longer passed slashed data.

Remove many no longer necessary calls to $wpdb->escape() and esc_sql().

In wp_get_referer() and wp_get_original_referer(), return unslashed data.

Remove old stripslashes() calls from WP_Widget::update() handlers. These haven't been necessary since WP_Widget.

Switch several queries over to prepare().

Expect something to break.

Props alexkingorg
see #21767


git-svn-id: http://core.svn.wordpress.org/trunk@23416 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-02-14 22:51:06 +00:00
Ryan Boren e55bebac25 Show a better message ondmins on link-manager.php, link-add.php, link.php when links are disabled.
Props nacin
fixes #22569


git-svn-id: http://core.svn.wordpress.org/trunk@22855 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-11-27 00:20:27 +00:00
nacin 0730535015 Introduce $wpdb->delete(). props justindgivens, scribu. fixes #18948.
git-svn-id: http://svn.automattic.com/wordpress/trunk@20287 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-03-24 15:24:31 +00:00
nacin 6ae2e315fa Instantiate an object in get_default_link_to_edit(). fixes #20280.
git-svn-id: http://svn.automattic.com/wordpress/trunk@20256 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-03-22 05:07:27 +00:00
ryan e3b46b25d3 Lose EOF ?>. Clean up EOF newlines. fixes #12307
git-svn-id: http://svn.automattic.com/wordpress/trunk@19712 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-01-08 17:01:11 +00:00
nacin 5e1184aa57 Pinking shears.
git-svn-id: http://svn.automattic.com/wordpress/trunk@15843 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-10-19 07:48:22 +00:00
nacin 15bc341696 phpdoc, @since, whitespace. Also require an argument in wp_insert_post(). props duck_, see #14783.
git-svn-id: http://svn.automattic.com/wordpress/trunk@15564 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-09-05 02:45:39 +00:00
ryan 81e213c211 Use get_current_user() and get_current_user_id() instead of global . Props filofo. see #13934 for trunk
git-svn-id: http://svn.automattic.com/wordpress/trunk@15315 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-06-24 15:01:29 +00:00
nacin b4f362264e Don't use deprecated functions. see #11388
git-svn-id: http://svn.automattic.com/wordpress/trunk@13106 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-02-13 10:35:10 +00:00
ryan dde64e4cf1 Test explicitly for false from insert()/update(). Fixes early return that preventing link categories from being saved. fixes #12196
git-svn-id: http://svn.automattic.com/wordpress/trunk@13053 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-02-11 16:17:12 +00:00
ryan 0d31c12db6 Use update and insert. Props DD32. fixes #6836
git-svn-id: http://svn.automattic.com/wordpress/trunk@12652 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-01-07 20:13:54 +00:00
ryan cedfa0181b Use array calling style. Props Denis-de-Bernardy. see #6647
git-svn-id: http://svn.automattic.com/wordpress/trunk@12515 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-12-23 15:31:02 +00:00
markjaquith 3ebf837ced Deprecate sanitize_url() and clean_url() in favor of esc_url_raw() and esc_url()
git-svn-id: http://svn.automattic.com/wordpress/trunk@11383 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-05-18 16:00:33 +00:00
markjaquith 119b39cec2 deprecate wp_specialchars() in favor of esc_html(). Encode quotes for esc_html() as in esc_attr(), to improve plugin security.
git-svn-id: http://svn.automattic.com/wordpress/trunk@11380 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-05-18 15:11:07 +00:00
markjaquith 6c2ffddf31 _a(), _ea(), _xa(), attr() are now esc_attr__(), esc_attr_e(), esc_attr_x(), esc_attr() -- still short, but less cryptic. see #9650
git-svn-id: http://svn.automattic.com/wordpress/trunk@11204 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-05-05 19:43:53 +00:00
ryan 2d489767bb s/attribute_escape/attr/. see #9650
git-svn-id: http://svn.automattic.com/wordpress/trunk@11109 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-04-28 05:58:45 +00:00
ryan 576f4098d4 If link name not given, use url for name. Props Denis-de-Bernardy. fixes #7789 for trunk
git-svn-id: http://svn.automattic.com/wordpress/trunk@10414 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-01-22 22:47:34 +00:00
ryan 9861eb1a85 Notice fixes from DD32. see #7509
git-svn-id: http://svn.automattic.com/wordpress/trunk@9699 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-11-14 23:01:16 +00:00
markjaquith b9098f869b Code cleanup for wp-admin/includes/bookmark.php
git-svn-id: http://svn.automattic.com/wordpress/trunk@9659 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-11-13 07:17:40 +00:00
ryan 5fd146865b phpdoc for wp-admin/includes from jacobsantos. see #7527
git-svn-id: http://svn.automattic.com/wordpress/trunk@9053 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-10-02 01:03:26 +00:00
ryan bcdb29372d Add edit and delete links to the Content->Links rows. Add get_edit_bookmark_link(). Add caching for individual bookmarks. see #7552
git-svn-id: http://svn.automattic.com/wordpress/trunk@8758 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-08-27 22:04:12 +00:00
ryan 35b18e5034 Trailing whitespace cleanup
git-svn-id: http://svn.automattic.com/wordpress/trunk@8600 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-08-09 05:36:14 +00:00
ryan d814986be2 Strip slashes before preparing link for insert. see #6644
git-svn-id: http://svn.automattic.com/wordpress/trunk@7693 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-04-16 05:55:27 +00:00
ryan 248a0c06e2 Prepare DB queries in more places. Props filosofo. see #6644
git-svn-id: http://svn.automattic.com/wordpress/trunk@7645 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-04-14 16:13:25 +00:00
ryan b7f524580d Add sanitization to get_link() and get_link_to_edit(). Props mdawaffe. fixes #6125
git-svn-id: http://svn.automattic.com/wordpress/trunk@7193 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-03-10 05:28:21 +00:00
ryan db202d383f Add privacy and preview to edit link submitbox
git-svn-id: http://svn.automattic.com/wordpress/trunk@6935 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-02-20 08:06:03 +00:00
ryan 2283075a92 Remove unused variables. Props DD32. see #5418
git-svn-id: http://svn.automattic.com/wordpress/trunk@6363 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2007-12-06 06:37:30 +00:00
ryan ba0f401390 bookmark sanitizer funcs and default filter cleanup. see #4546
git-svn-id: http://svn.automattic.com/wordpress/trunk@5906 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2007-08-20 22:50:04 +00:00
ryan e2dc2a8dd3 Add some taxonomy validation. Rearrange funcs.
git-svn-id: http://svn.automattic.com/wordpress/trunk@5726 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2007-06-19 00:33:44 +00:00
ryan e7890261e5 EXTR_SKIP. See #4468
git-svn-id: http://svn.automattic.com/wordpress/trunk@5712 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2007-06-15 17:30:37 +00:00
ryan 2f09416258 Trim empty lines. Nothing but newline.
git-svn-id: http://svn.automattic.com/wordpress/trunk@5700 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2007-06-14 02:25:30 +00:00
ryan 4214428322 Separate AJAX cat adder into post and link flavors. see #4189
git-svn-id: http://svn.automattic.com/wordpress/trunk@5637 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2007-06-02 02:53:09 +00:00
ryan ab1d417e55 Return true when deleting link to satisfy admin-ajax error check. see #4189
git-svn-id: http://svn.automattic.com/wordpress/trunk@5564 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2007-05-27 19:43:44 +00:00
ryan eb541a962f Link category fixes. see #4189
git-svn-id: http://svn.automattic.com/wordpress/trunk@5560 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2007-05-27 17:21:04 +00:00
ryan c816b51b8c Fix object term relationship deletion and count updating.
git-svn-id: http://svn.automattic.com/wordpress/trunk@5556 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2007-05-27 05:15:18 +00:00
ryan 770613e763 Admin includes reorg. see #4334
git-svn-id: http://svn.automattic.com/wordpress/trunk@5542 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2007-05-25 07:16:21 +00:00