Commit Graph

511 Commits

Author SHA1 Message Date
Scott Taylor 66d2144e9a Ensure that `shortcode_unautop()` treats ` ` like whitespace.
`shortcode_unautop()` and `wptexturize()` now use `wp_spaces_regexp()` instead of raw regex.

Adds unit tests.

Props miqrogroove.
See #27588.

Built from https://develop.svn.wordpress.org/trunk@28716


git-svn-id: http://core.svn.wordpress.org/trunk@28530 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-06-10 01:55:15 +00:00
Scott Taylor b4b0efe701 Add a `$run_texturize` static var to `wptexturize()` that is filterable via a new run-once filter: `'run_wptexturize'`. Allows user to disable texturization.
Needs filter docs.

Props nacin, SergeyBiryukov.
See #19550.

Built from https://develop.svn.wordpress.org/trunk@28715


git-svn-id: http://core.svn.wordpress.org/trunk@28529 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-06-10 01:46:14 +00:00
Scott Taylor 82bdc78500 `LIKE` escape sanity:
* Deprecate `like_escape()`
* Add a method to `$wpdb`, `->esc_like()`, and add unit tests

`$wpdb::esc_like()` is not used yet. As such, many unit tests will throw `Unexpected deprecated notice for like_escape`. Subsequent commits will alleviate this.

Props miqrogroove.
See #10041.

Built from https://develop.svn.wordpress.org/trunk@28711


git-svn-id: http://core.svn.wordpress.org/trunk@28527 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-06-10 00:30:15 +00:00
Scott Taylor 46f82b03e7 Add a function: `wp_spaces_regexp()`. It is not used yet.
This function is required by a bunch of patches by miqrogroove. Needs filter docs.

Props miqrogroove.
See #27588.

Built from https://develop.svn.wordpress.org/trunk@28708


git-svn-id: http://core.svn.wordpress.org/trunk@28524 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-06-09 19:30:14 +00:00
Sergey Biryukov c20cdfcc38 Add a filter to human_time_diff().
props slimndap.
fixes #27271.
Built from https://develop.svn.wordpress.org/trunk@28670


git-svn-id: http://core.svn.wordpress.org/trunk@28488 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-06-05 00:39:14 +00:00
Sergey Biryukov 5c2d25aa77 Filter out empty and duplicate values in Comment Moderation and Comment Blacklist settings.
props GaVrA.
fixes #23800.
Built from https://develop.svn.wordpress.org/trunk@28444


git-svn-id: http://core.svn.wordpress.org/trunk@28271 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-16 11:10:14 +00:00
Andrew Nacin cfa2246cc7 Add braces to wptexturize() after [27839]. see #22692.
Built from https://develop.svn.wordpress.org/trunk@27844


git-svn-id: http://core.svn.wordpress.org/trunk@27678 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-03-29 09:00:15 +00:00
Andrew Nacin d04cd4147a Texturize: Massive performance improvements (~600% faster); better handling of nbsp, double, and weird spaces; 136 new unit tests.
big props miqrogroove.
fixes #22692.

Built from https://develop.svn.wordpress.org/trunk@27839


git-svn-id: http://core.svn.wordpress.org/trunk@27673 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-03-29 07:16:16 +00:00
Andrew Nacin 2133c89e8f Remove select and input from wpautop()'s HTML blocks list.
props rachelbaker, DH-Shredder.
fixes #22230.

Built from https://develop.svn.wordpress.org/trunk@27761


git-svn-id: http://core.svn.wordpress.org/trunk@27598 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-03-27 00:01:15 +00:00
Scott Taylor 0f55595472 In `sanitize_file_name()`, replace a UTF-8-encoded Unicode representation of a non-breaking space (`\u00a0` / `\xc2\xa`) with an old-fashioned space: ` `.
Fixes #27281.


Built from https://develop.svn.wordpress.org/trunk@27617


git-svn-id: http://core.svn.wordpress.org/trunk@27460 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-03-19 07:16:15 +00:00
John Blackbourn 184dc2bc33 `figcaption` should not be treated as a block-level element by `wpautop()`. See #25646. Props oso96_2000.
Built from https://develop.svn.wordpress.org/trunk@27527


git-svn-id: http://core.svn.wordpress.org/trunk@27370 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-03-13 21:51:16 +00:00
John Blackbourn 8d7f96c459 Deprecate `format_to_post()` and remove its filter. Fixes #25526. Props simonwheatley
Built from https://develop.svn.wordpress.org/trunk@27424


git-svn-id: http://core.svn.wordpress.org/trunk@27271 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-03-05 22:48:15 +00:00
Andrew Nacin 580b05ae5d Strip backslashes, not just forward slashes, from untrailingslashit().
trailingslashit() will now remove any forward or backslashes from the end of a string before appending a forward slash.

props knutsp, willmot.
fixes #22267.

Built from https://develop.svn.wordpress.org/trunk@27344


git-svn-id: http://core.svn.wordpress.org/trunk@27196 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-03-01 21:45:15 +00:00
Andrew Nacin ad8c3f0f02 Use placeholders in strings in wp_sprintf_l() to ensure spaces are not lost in translation.
props andy.
fixes #26651.

Built from https://develop.svn.wordpress.org/trunk@27284


git-svn-id: http://core.svn.wordpress.org/trunk@27140 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-02-26 16:50:15 +00:00
Scott Taylor 228fc639b9 When a video shortcode has content in its body, append it as inner HTML in the resulting `<video>`.
Reverts [27096].
Fixes #26628.
See #27016.


Built from https://develop.svn.wordpress.org/trunk@27097


git-svn-id: http://core.svn.wordpress.org/trunk@26968 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-02-05 01:43:12 +00:00
Andrew Ozz 98cb4984c0 Consolidate handling of <object>, <audio> and <video> in wpautop() and add unit tests for them. Part props wonderboymusic, see #26864
Built from https://develop.svn.wordpress.org/trunk@27094


git-svn-id: http://core.svn.wordpress.org/trunk@26966 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-02-05 00:46:12 +00:00
Andrew Nacin c4e119d530 Basic unit tests and additional documentation for wp_strip_all_tags().
props joehoyle.
fixes #25507.

Built from https://develop.svn.wordpress.org/trunk@27042


git-svn-id: http://core.svn.wordpress.org/trunk@26916 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-01-27 03:16:11 +00:00
Andrew Nacin 0ee1cb3046 make_clickable: When cleaning up accidental links within links, account for the tag being split by newlines.
props dd32.
fixes #19028.

Built from https://develop.svn.wordpress.org/trunk@26974


git-svn-id: http://core.svn.wordpress.org/trunk@26853 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-01-17 09:32:10 +00:00
Andrew Nacin d9b0e70d4a Unit tests for get_url_in_content(). Return false when no content is passed, to match the return value of no links being found.
props mdbitz.
#26171.

Built from https://develop.svn.wordpress.org/trunk@26972


git-svn-id: http://core.svn.wordpress.org/trunk@26851 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-01-17 07:47:10 +00:00
Ryan Boren 07c16fd23c The Pinking Shears stir from their slumber, awakened by what may seem, to those
innocent in the ways of The Shears, a triviality, a nothing-of-consequence. But there are consequences indeed for recklessly trailing your whitespace. Naturally, they a dire!

One, two! One, two! And through and through
The Pinking Shears went snicker-snack!
They plucked your tail and with your space
They went sniksnuking back.

Let me tell you, that can be uncomfortable, so always pre-sniksnuk your trailing whites. May The Shears be with you.

Built from https://develop.svn.wordpress.org/trunk@26851


git-svn-id: http://core.svn.wordpress.org/trunk@26738 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-12-11 19:49:11 +00:00
Drew Jaynes 087289b6a4 Hook docs pinking shears.
Built from https://develop.svn.wordpress.org/trunk@26631


git-svn-id: http://core.svn.wordpress.org/trunk@26521 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-12-04 20:03:09 +00:00
Andrew Nacin 64ff23f8f8 Remove certain accents in the Danish language.
props tlamedia.
fixes #23907.

Built from https://develop.svn.wordpress.org/trunk@26585


git-svn-id: http://core.svn.wordpress.org/trunk@26475 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-12-03 20:39:09 +00:00
Andrew Nacin 98215089b9 Revert [26050], stop trying to balance open HTML tags across nextpage and more tags for now.
see #6297.

Built from https://develop.svn.wordpress.org/trunk@26557


git-svn-id: http://core.svn.wordpress.org/trunk@26448 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-12-03 17:08:10 +00:00
Sergey Biryukov 9fa0ec4e94 Escape smiley URL in translate_smiley().
props simonwheatley.
fixes #25529.
Built from https://develop.svn.wordpress.org/trunk@26487


git-svn-id: http://core.svn.wordpress.org/trunk@26384 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-11-30 22:39:10 +00:00
Sergey Biryukov b6e094c748 Correct @since values. see #25518.
Built from https://develop.svn.wordpress.org/trunk@26486


git-svn-id: http://core.svn.wordpress.org/trunk@26383 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-11-30 19:05:10 +00:00
Drew Jaynes 2df1989c57 Inline documentation for hooks in wp-includes/formatting.php.
Props simonwheatley for the initial patch. Props DrewAPicture, kpdesign.
Fixes #25518.

Built from https://develop.svn.wordpress.org/trunk@26485


git-svn-id: http://core.svn.wordpress.org/trunk@26382 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-11-30 18:36:10 +00:00
Scott Taylor dc01b08a5e Add unit tests for `links_add_target()`. Alter the patterns in `links_add_target()` and `_links_add_target()` slightly based on learnings after running tests.
Props mdbitz.
Fixes #26164.


Built from https://develop.svn.wordpress.org/trunk@26328


git-svn-id: http://core.svn.wordpress.org/trunk@26230 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-11-22 16:25:10 +00:00
Scott Taylor c2bc0e6836 Don't place smilies inside of pre or code tags. Don't skip smilie after a smilie with an 8 in it. Fix regular expression used for smiley translations to work when there is only one registered emoticon.
Props solarissmoke, soulseekah, mdbitz, yonasy. ht to mdbitz for the Unit Tests and a comprehensive patch.
Fixes #16448, #20124, #25303.


Built from https://develop.svn.wordpress.org/trunk@26191


git-svn-id: http://core.svn.wordpress.org/trunk@26099 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-11-15 02:46:10 +00:00
Sergey Biryukov 3ce6b77afd Use a simple replacement for 'wp_title' filter in capital_P_dangit(), like we do for 'the_title'.
props nacin.
fixes #25796.
Built from https://develop.svn.wordpress.org/trunk@26122


git-svn-id: http://core.svn.wordpress.org/trunk@26034 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-11-13 03:56:09 +00:00
Scott Taylor 2e0af4405e Make HTML tag searches for `<code>` and `<pre>` case-insensitive in `make_clickable()`.
Props bpetty.
Fixes #23756.


Built from https://develop.svn.wordpress.org/trunk@26094


git-svn-id: http://core.svn.wordpress.org/trunk@26010 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-11-11 21:54:10 +00:00
Scott Taylor 275f39216a Don't convert URLs inside `<pre>` and `<code>` tags when parsing string using `make_clickable()`.
Adds Unit Tests.

Props johnjamesjacoby, helen, nacin, adamsilverstein, sirbrillig. 
Fixes #23756.


Built from https://develop.svn.wordpress.org/trunk@26052


git-svn-id: http://core.svn.wordpress.org/trunk@25977 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-11-08 22:38:10 +00:00
Scott Taylor 734fe0f6ad Split the content to balance open tags when `<!--nextpage-->` and `<!--more.*?-->` are used. Needs filter inline docs. The 4 unit tests that were previously failing for ticket 6297 now pass.
See #6297. 
Props devesine.


Built from https://develop.svn.wordpress.org/trunk@26050


git-svn-id: http://core.svn.wordpress.org/trunk@25975 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-11-08 22:22:11 +00:00
Andrew Nacin d93d8b850d Reverse the order of roles in wp_dropdown_roles(). Reset to 'subscriber' when the default role is removed and when a save is invalid.
props garyc40, wonderboymusic.
fixes #14578.

Built from https://develop.svn.wordpress.org/trunk@25695


git-svn-id: http://core.svn.wordpress.org/trunk@25610 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-10-06 10:56:09 +00:00
Sergey Biryukov bcb43b77d0 Correct phpdoc for translate_smiley(). props toscho. fixes #25440.
Built from https://develop.svn.wordpress.org/trunk@25646


git-svn-id: http://core.svn.wordpress.org/trunk@25563 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-09-29 10:08:10 +00:00
Dion Hulse 8a50bf2f14 Use a better variable name in antispambot() introduced with [25055]. Props duck_ Fixes #16754
Built from https://develop.svn.wordpress.org/trunk@25146


git-svn-id: http://core.svn.wordpress.org/trunk@25125 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-08-28 01:47:09 +00:00
Dion Hulse 7317940591 Correct a typo in a docblock in [25055]. Props buffler. See #16754
Built from https://develop.svn.wordpress.org/trunk@25058


git-svn-id: http://core.svn.wordpress.org/trunk@25044 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-08-20 07:10:09 +00:00
Dion Hulse 47c82e1c83 Remove some PHP4-ness from the antispambot() function, and update it to match some modern coding standards. Props hakre and crrobi01 for initial patches. Fixes #16754
Built from https://develop.svn.wordpress.org/trunk@25055


git-svn-id: http://core.svn.wordpress.org/trunk@25041 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-08-20 06:08:09 +00:00
Dion Hulse 2da772855e Simplify _deep_replace() by removing it's obscure looping and replacement checking logic, and instead, using the PHP5 $count parameter of str_replace(). Props hakre. Fixes #16903
Built from https://develop.svn.wordpress.org/trunk@25054


git-svn-id: http://core.svn.wordpress.org/trunk@25040 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-08-20 05:57:10 +00:00
Andrew Nacin 8ee6d136de Adjust esc_sql()'s @param documentation to reflect that it allows for arrays. props scribu, fixes #22573.
git-svn-id: http://core.svn.wordpress.org/trunk@24986 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-08-05 22:11:30 +00:00
Andrew Nacin 3b4f3dea29 Deprecate wpdb::escape() in favor of wpdb::prepare() and esc_sql(). fixes #24774.
git-svn-id: http://core.svn.wordpress.org/trunk@24718 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-07-16 17:44:42 +00:00
Andrew Nacin 7690d7fbeb Move get_url_in_content() out of post-formats.php. see #24202.
git-svn-id: http://core.svn.wordpress.org/trunk@24683 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-07-12 19:38:37 +00:00
Andrew Nacin bfb3b89672 Skip protocol checking in esc_url() when we are dealing with a relative URL. Prevents munging of colons in paths and query strings, when present in a protocol-relative URL.
props SergeyBiryukov.
fixes #21974.



git-svn-id: http://core.svn.wordpress.org/trunk@24642 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-07-10 13:45:22 +00:00
Andrew Nacin 720f37c374 Expand human_time_diff() from minutes/hours/days to also include weeks/months/years. Fix off-by-one issue.
props SergeyBiryukov, westi.
fixes #9272.



git-svn-id: http://core.svn.wordpress.org/trunk@24582 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-07-08 13:00:34 +00:00
Sergey Biryukov 58c364947f PHPDoc fixes and additions. fixes #24616.
git-svn-id: http://core.svn.wordpress.org/trunk@24490 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-06-21 12:45:11 +00:00
Andrew Nacin d80469f8a5 Fix storage of illegal_names. Add an upgrade routine to fix bad values.
props SergeyBiryukov.
see #23418.
for trunk.



git-svn-id: http://core.svn.wordpress.org/trunk@24448 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-06-19 22:06:42 +00:00
Mark Jaquith 74c6071b9d Improve regular expressions by using a backreference to match right quote of quote pair when matching attributes.
props kovshenin. see #24225.

git-svn-id: http://core.svn.wordpress.org/trunk@24241 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-05-10 22:54:33 +00:00
Sergey Biryukov 74638ccb5a Fix typos in phpdoc. props TheLastCicada. fixes #24302.
git-svn-id: http://core.svn.wordpress.org/trunk@24229 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-05-10 01:39:30 +00:00
Sergey Biryukov 415a5c60da * Pass ellipsis as a parameter to wp_html_excerpt() instead of appending it manually.
* Consolidate the logic to avoid appending ellipsis if the entire string is shown.
* Show ellipsis after truncated filenames and post titles.

props solarissmoke, bpetty, SergeyBiryukov. fixes #11446.

git-svn-id: http://core.svn.wordpress.org/trunk@24214 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-05-09 00:22:02 +00:00
Sergey Biryukov 57c10eadbb Use ellipsis instead of three dots. props tjsingleton, jordie23, wojtek.szkutnik, DrewAPicture, SergeyBiryukov. see #8714.
git-svn-id: http://core.svn.wordpress.org/trunk@24207 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-05-08 21:27:31 +00:00
Andrew Nacin 3139a0451e Variables passed by reference do not need to be set first.
props kovshenin.
see #24222.



git-svn-id: http://core.svn.wordpress.org/trunk@24129 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-04-29 14:48:31 +00:00
Andrew Nacin f1aeebf00b Improve the performance of backslashit() by avoiding regular expressions. backslashit() is used heavily in date_i18n().
props jbutkus.
fixes #22286.



git-svn-id: http://core.svn.wordpress.org/trunk@24051 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-04-22 20:01:57 +00:00
Sergey Biryukov d454a9c86b Remove duplicate array key. props tivnet. fixes #24021.
git-svn-id: http://core.svn.wordpress.org/trunk@23948 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-04-10 15:55:53 +00:00
Peter Westwood 072cccd0e4 Formatting: Pass the blog charset to htmlspecialchars so that we don't eat non-UTF8 strings in PHP 5.4
Fixes #23688


git-svn-id: http://core.svn.wordpress.org/trunk@23685 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-13 15:24:38 +00:00
Andrew Nacin 2ca0cdcdfe Properly handle timezones in get_date_from_gmt() rather than relying on the implicit gmt_offset. This offset is only good for the current time, rather than the passed time, which causes problems when converting a DST date when DST is not in effect, or vice versa.
Update get_gmt_from_date() to make these functions match in formatting, as they are complementary and just reverse a few operations.

props scholesmafia
Tests: [1233/tests]

fixes #20328.



git-svn-id: http://core.svn.wordpress.org/trunk@23618 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-05 16:14:14 +00:00
Ryan Boren 15a06a35ab Use wp_unslash() instead of stripslashes() and stripslashes_deep(). Use wp_slash() instead of add_magic_quotes().
see #WP21767


git-svn-id: http://core.svn.wordpress.org/trunk@23591 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-03 16:30:38 +00:00
Ryan Boren 53f9496a2f Introduce wp_slash() and wp_unslash(). This will be used to cleanup the myriad calls to addslashes*, add_magic_quotes, stripslashes*. see #21767
git-svn-id: http://core.svn.wordpress.org/trunk@23555 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-01 16:34:48 +00:00
Ryan Boren 43a7e695e9 Revert 23416, 23419, 23445 except for wp_reset_vars() changes. We are going a different direction with the slashing cleanup, so resetting to a clean slate. see #21767
git-svn-id: http://core.svn.wordpress.org/trunk@23554 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-01 16:28:40 +00:00
Andrew Nacin b88b1c1f53 Move revisions/autosave and post format functions from wp-includes/post.php into revision.php and post-formats.php.
git-svn-id: http://core.svn.wordpress.org/trunk@23466 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-02-21 21:24:34 +00:00
Helen Hou-Sandí 6d49a9cc8c Output fallbacks / theme compat for post format metadata.
* Currently handles link, quote, image, gallery, audio, and video formats.
* `add_theme_support()` for a given post format is now an indicator that the theme handles format-specific metadata.
* If no support for a given format is defined, fallback output will be generated and hooked onto the_content if a post has metadata for that format.
* Fallbacks attempt to be smart about not duplicating data already appearing in the post content itself. Gallery is particularly liberal, looking for any instance of the gallery shortcode in the content, not just an exact match to the gallery shortcode defined in the format-specific meta.
* Compat output defaults to being wrapped in a `div` with a class of `post-format-content`.

Theme authors: please test and evaluate, keeping in mind that the goal is to support user expectations of not losing format-specific data they've entered in the admin when viewing the front-end of their site.

props wonderboymusic, beaulebens, helen. see #23347.


git-svn-id: http://core.svn.wordpress.org/trunk@23450 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-02-18 19:22:58 +00:00
Sergey Biryukov 8fb830eeda Fix typos in phpdoc. props markmcwilliams. fixes #23481.
git-svn-id: http://core.svn.wordpress.org/trunk@23434 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-02-15 18:59:56 +00:00
Ryan Boren cc5ed3a485 Change all core API to expect unslashed rather than slashed arguments.
The exceptions to this are update_post_meta() and add_post_meta() which are often used by plugins in POST handlers and will continue accepting slashed data for now.

Introduce wp_upate_post_meta() and wp_add_post_meta() as unslashed alternatives to update_post_meta() and add_post_meta(). These functions could become methods in WP_Post so don't use them too heavily yet.

Remove all escape() calls from wp_xmlrpc_server. Now that core expects unslashed data this is no longer needed.

Remove addslashes(), addslashes_gpc(), add_magic_quotes() calls on data being prepared for handoff to core functions that until now expected slashed data. Adding slashes in no longer necessary.

Introduce wp_unslash() and use to it remove slashes from GPCS data before using it in core API. Almost every instance of stripslashes() in core should now be wp_unslash(). In the future (a release or three) when GPCS is no longer slashed, wp_unslash() will stop stripping slashes and simply return what is passed. At this point wp_unslash() calls can be removed from core.

Introduce wp_slash() for slashing GPCS data. This will also turn into a noop once GPCS is no longer slashed. wp_slash() should almost never be used. It is mainly of use in unit tests.

Plugins should use wp_unslash() on data being passed to core API.

Plugins should no longer slash data being passed to core. So when you get_post() and then wp_insert_post() the post data from get_post() no longer needs addslashes(). Most plugins were not bothering with this. They will magically start doing the right thing. Unfortunately, those few souls who did it properly will now have to avoid calling addslashes() for 3.6 and newer.

Use wp_kses_post() and wp_kses_data(), which expect unslashed data, instead of wp_filter_post_kses() and wp_filter_kses(), which expect slashed data. Filters are no longer passed slashed data.

Remove many no longer necessary calls to $wpdb->escape() and esc_sql().

In wp_get_referer() and wp_get_original_referer(), return unslashed data.

Remove old stripslashes() calls from WP_Widget::update() handlers. These haven't been necessary since WP_Widget.

Switch several queries over to prepare().

Expect something to break.

Props alexkingorg
see #21767


git-svn-id: http://core.svn.wordpress.org/trunk@23416 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-02-14 22:51:06 +00:00
Sergey Biryukov 9b347300e5 Correct the documentation for balanceTags(). Remove unnecessary boolean inversion. props TobiasBg. fixes #22537.
git-svn-id: http://core.svn.wordpress.org/trunk@23368 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-02-01 22:20:06 +00:00
Sergey Biryukov 8cfd9e3c81 PHPDoc fixes and additions. props bananastalktome, DrewAPicture. fixes #23313.
git-svn-id: http://core.svn.wordpress.org/trunk@23365 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-02-01 18:07:08 +00:00
Sergey Biryukov 8dbeee25b9 Use digraphs for German umlauts in remove_accents(). props SergeyBiryukov, ocean90. fixes #3782.
git-svn-id: http://core.svn.wordpress.org/trunk@23361 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-01-31 01:55:09 +00:00
Andrew Ozz 50ceba1323 Autop: <samp> is not a block tag, props toscho, fixes #18807
git-svn-id: http://core.svn.wordpress.org/trunk@23327 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-01-22 19:05:21 +00:00
Andrew Nacin c9a6c4ba0c Treat URL schemes as case insensitive when sanitizing them in esc_url().
props mdawaffe.
fixes #23187.
tests: [1184/tests]



git-svn-id: http://core.svn.wordpress.org/trunk@23303 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-01-17 15:07:32 +00:00
Peter Westwood f683fc7677 Tighten our braces. Fixes #23118 props evansolomon.
git-svn-id: http://core.svn.wordpress.org/trunk@23265 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-01-04 10:13:51 +00:00
Helen Hou-Sandí ba9220bd1f s/Santizes/Sanitizes/ in phpdoc for sanitize_html_class(). props cais. fixes #22890.
git-svn-id: http://core.svn.wordpress.org/trunk@23189 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-12-20 15:40:37 +00:00
Andrew Nacin 11e2073d89 Remove additional acute accents from permalink slugs via sanitize_title_with_dashes(). props SergeyBiryukov. fixes #22395.
git-svn-id: http://core.svn.wordpress.org/trunk@23176 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-12-13 09:59:28 +00:00
Andrew Nacin 97032e08aa Revert page on front changes. Reverts [22127] [22129] [22135] [22136]. see #16379.
git-svn-id: http://core.svn.wordpress.org/trunk@22653 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-11-19 01:28:32 +00:00
Andrew Nacin a73aa40cb5 Avoid an uncaught exception in get_gmt_from_date(). The return value is imperfect - date( $format, 0 ) - but better than a fatal error. props wonderboymusic. fixes #20942.
git-svn-id: http://core.svn.wordpress.org/trunk@22435 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-11-07 20:07:41 +00:00
Jon Cave df39c7be71 Update shortcode regular expression commentary. See #17657.
git-svn-id: http://core.svn.wordpress.org/trunk@22401 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-11-06 14:47:33 +00:00
Ryan Boren 3757d63f6b Allow hyphens in shortcode names.
Props kovshenin, solarissmoke, aaroncampbell
fixes #17657


git-svn-id: http://core.svn.wordpress.org/trunk@22382 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-11-05 22:27:36 +00:00
Ryan Boren 21d6dbc4a8 Fix wp_basename() for Windows by replacing %5C with /.
Props SergeyBiryukov
fixes #22138


git-svn-id: http://core.svn.wordpress.org/trunk@22310 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-10-25 22:31:17 +00:00
Ryan Boren 80a142c6a4 Pass each url in ping_sites through esc_url_raw() upin save. This ensures the urls have a valid protocol and avoids "Unable to parse URL" warning in WP_Http. Props SergeyBiryukov. fixes #21966
git-svn-id: http://core.svn.wordpress.org/trunk@22255 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-10-17 17:44:40 +00:00
Andrew Nacin 853184672d Set show_on_front to 'posts' when no value is set. This occurs when the show_on_front checkbox is left unchecked and then sent through options.php. fixes #22131.
git-svn-id: http://core.svn.wordpress.org/trunk@22135 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-10-08 18:41:19 +00:00
Andrew Nacin 1009245fa1 Remove the 'Size of the post box' (default_post_edit_rows) option. This will instead be handled by a user cookie tracking the resizing of both TinyMCE and the main textarea. see #21718.
git-svn-id: http://core.svn.wordpress.org/trunk@22006 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-09-26 03:17:28 +00:00
Andrew Nacin a6c93e2f65 Always attempt to embed URLs in content, removing the Auto-embeds (autoembed_urls) option.
Remove the UI for setting the default width and height for embeds. Width was confusing as it
was blank by default (inheriting the content width from the theme, or 500px). The height is
now calculated as 1.5x the content width, or 1000px, whichever is smaller.

The [embed] shortcode can still receive manual height and width attributes. This just removes
the global settings.

props wonderboymusic. see #21719.



git-svn-id: http://core.svn.wordpress.org/trunk@21998 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-09-25 07:10:09 +00:00
Andrew Nacin 557d9313a7 Introduce constants to allow for easier expression of time periods in seconds. Adds MINUTE_IN_SECONDS, HOUR_IN_SECONDS, DAY_IN_SECONDS, WEEK_IN_SECONDS, YEAR_IN_SECONDS. props nbachiyski, SergeyBiryukov. fixes #20987.
git-svn-id: http://core.svn.wordpress.org/trunk@21996 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-09-25 05:26:19 +00:00
Andrew Nacin 0d37467603 Move sanitization for the multisite illegal_names, limited_email_domains, and banned_email_domains options to sanitize_option(). props wonderboymusic. fixes #21552.
git-svn-id: http://core.svn.wordpress.org/trunk@21993 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-09-25 01:54:12 +00:00
Andrew Nacin 8fd2fb4998 Synchronize block-level elements between the JS and PHP versions of wpautop. props SergeyBiryukov. fixes #18534.
git-svn-id: http://core.svn.wordpress.org/trunk@21888 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-09-18 17:32:44 +00:00
Andrew Nacin 1beb18d241 Add Pinyin diacritics to remove_accents(). Remove these diacritics in sanitize_title_with_dashes() on save as well. props bolo1988, SergeyBiryukov. fixes #20772.
git-svn-id: http://core.svn.wordpress.org/trunk@21859 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-09-15 20:01:08 +00:00
Andrew Nacin a8a78b8975 "[ ] Discourage search engines from indexing this site". fixes #16416.
git-svn-id: http://core.svn.wordpress.org/trunk@21851 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-09-14 20:26:20 +00:00
Andrew Nacin f4c9c9ce0d Use the non-slashing variants of kses functions in sanitize_option() to avoid slash ping pong. fixes #21892.
git-svn-id: http://core.svn.wordpress.org/trunk@21850 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-09-14 19:32:53 +00:00
Andrew Nacin f54edf701a When balancing tags, properly close tags that shouldn't be self-closed but are. Support all self-closing tags.
props coffee2code.
fixes #1597.



git-svn-id: http://core.svn.wordpress.org/trunk@21828 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-09-13 16:39:06 +00:00
Andrew Nacin e75671452c Properly delimit URLs by \r, \n, \t *or* a space in sanitize_trackback_urls(). Fixes multiple trackback URL usage. props SergeyBiryukov, fixes #21624 for trunk.
git-svn-id: http://core.svn.wordpress.org/trunk@21718 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-09-04 03:36:19 +00:00
nacin 81ae841eba Only run stripslashes() in stripslashes_deep() for strings, not other scalar values. props Kawauso, knutsp. props coffee2code for [UT698]. fixes #18026.
git-svn-id: http://core.svn.wordpress.org/trunk@21292 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-07-20 15:14:26 +00:00
nacin 6c2720b7d1 HTML object tags are self-nestable. props coffee2code. fixes #20401.
git-svn-id: http://core.svn.wordpress.org/trunk@21250 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-07-09 19:27:44 +00:00
markjaquith d644bc50b0 Collapse an i18n context to make it more accurate and to make for one less string to translate. props pavelevap. fixes #21137
git-svn-id: http://core.svn.wordpress.org/trunk@21242 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-07-09 05:08:43 +00:00
markjaquith d65e49c9f3 Bunch of PHPDoc corrections and cleanups. props c3mdigital. props SergeyBiryukov. fixes #21149
git-svn-id: http://core.svn.wordpress.org/trunk@21241 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-07-09 05:03:53 +00:00
ryan c0339644ea Shears of vigorous pinking.
git-svn-id: http://core.svn.wordpress.org/trunk@20944 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-05-27 16:25:43 +00:00
westi b36c335b7a i18n: Update the word splitting we use when trimming strings to build excerpts so that it has support for a character based mode for locales where character splitting is more approproate like Japan.
See #16079 props tenpura.


git-svn-id: http://core.svn.wordpress.org/trunk@20859 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-05-23 21:04:35 +00:00
nacin d74bcb4a14 Add Vietnamese vowels to remove_accents(). props SergeyBiryukov. fixes #17738.
git-svn-id: http://core.svn.wordpress.org/trunk@20687 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-05-02 16:55:16 +00:00
nacin 874cd9077f Add characters to be stripped or replaced in sanitize_title_with_dashes().
* Replace times (multiplication sign) with x.
 * Strip low quotation marks and other curly quotes we don't already deal with.
props SergeyBiryukov. fixes #19820.



git-svn-id: http://core.svn.wordpress.org/trunk@20686 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-05-02 16:37:42 +00:00
markjaquith 38dffbfe04 Ignore this. Just need an un-synced-to-GitHub commit so I can switch to using the new core.svn.wordpress.org URL.
git-svn-id: http://core.svn.wordpress.org/trunk@20672 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-05-01 21:05:02 +00:00
nacin 32c8d41cde Properly convert two special Z characters in convert_chars(). props Namely, SergeyBiryukov. fixes #20503.
git-svn-id: http://svn.automattic.com/wordpress/trunk@20653 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-04-30 21:20:50 +00:00
nacin 3f51df65e0 Run rawurlencode_deep() through the parsed query in canonical. (Introduces rawurlencode_deep().) props toppa for the initial patch. fixes #20143.
git-svn-id: http://svn.automattic.com/wordpress/trunk@20611 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-04-27 15:40:00 +00:00
duck_ 7d8a08881e Recognise protocols other than "http" in _links_add_base(). Props SergeyBiryukov. Fixes #19665.
Previously "https" URLs used in plugin READMEs displayed by install_plugin_information() would have the plugin's extend URL prepended.


git-svn-id: http://svn.automattic.com/wordpress/trunk@20466 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-04-14 19:14:10 +00:00
ryan be5802b0f1 Don't attempt to make links inside attributes clickable. Props duck_ azaozz. fixes #20418
git-svn-id: http://svn.automattic.com/wordpress/trunk@20443 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-04-11 21:14:13 +00:00
azaozz b358b4accc Do not process <pre> tags with wpautop, replace them with placeholders, process the rest of the content and then put them back. Part props kurtpayne, see #19855
git-svn-id: http://svn.automattic.com/wordpress/trunk@20307 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-03-28 15:43:31 +00:00
nacin 248843afc4 <input> is not a block-level element; do not treat it like one in wpautop(). props SergeyBiryukov. props kurtpayne for the unit test. fixes #16456.
git-svn-id: http://svn.automattic.com/wordpress/trunk@20078 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-03-02 19:59:50 +00:00
azaozz 73c87020c7 HTML in image captions, first run, see #18311
git-svn-id: http://svn.automattic.com/wordpress/trunk@19982 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-02-24 01:58:18 +00:00
nacin 8961a61f89 Combine two identical case statements.
git-svn-id: http://svn.automattic.com/wordpress/trunk@19933 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-02-16 15:42:02 +00:00
nacin 66f64c7c01 Use correct reference in regex. props danielbachhuber, fixes #20018.
git-svn-id: http://svn.automattic.com/wordpress/trunk@19907 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-02-10 22:28:37 +00:00
duck_ 5648dd3547 Add @since and @access tag to _split_str_by_whitespace(). Props ocean90. See #16892.
git-svn-id: http://svn.automattic.com/wordpress/trunk@19900 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-02-10 13:57:21 +00:00
duck_ d8a694d8ac Improve efficiency of make_clickable(). Props mdawaffe. Fixes #16892.
Not only does this improve general performance, but also helps to prevent
segfaults caused by malicious input to the regular expression. The regular
expression is also simplified to help readability and maintenance.


git-svn-id: http://svn.automattic.com/wordpress/trunk@19899 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-02-10 13:42:15 +00:00
nacin 2aec12b287 wptexturize() does not need to staticize variables it only uses to set up variables it needs statically. see #19602.
git-svn-id: http://svn.automattic.com/wordpress/trunk@19796 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-01-31 14:28:30 +00:00
nacin 1b7effa6eb Allow the single quotes, apostrophes, and primes in wptexturize() to be translated. Allows replacements to be disabled by translating them back to " and '. fixes #19602.
git-svn-id: http://svn.automattic.com/wordpress/trunk@19795 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-01-31 14:06:32 +00:00
ryan e3b46b25d3 Lose EOF ?>. Clean up EOF newlines. fixes #12307
git-svn-id: http://svn.automattic.com/wordpress/trunk@19712 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-01-08 17:01:11 +00:00
ryan 3eaf083995 Introduce sanitize_trackback_urls(). Don't ping bad urls. Don't ping bad urls or save them to the DB. Props xknown, SergeyBiryukov. fixes #17560
git-svn-id: http://svn.automattic.com/wordpress/trunk@19675 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-01-04 19:45:13 +00:00
nacin 2ba0d300c4 Correct the documentation for balanceTags(). props mdawaffe, fixes #19576.
git-svn-id: http://svn.automattic.com/wordpress/trunk@19601 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-12-16 20:57:05 +00:00
ryan 07ff8b216b Use one space, not two, after trailing punctuation. fixes #19537
git-svn-id: http://svn.automattic.com/wordpress/trunk@19593 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-12-13 23:45:31 +00:00
nacin 524284fd6b Allow 8212/8211 (em dash and en dash) to be translated in wptexturize(). props SergeyBiryukov, fixes #15556.
git-svn-id: http://svn.automattic.com/wordpress/trunk@19187 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-11-06 18:31:54 +00:00
nacin b2560a3025 Add a few characters to remove_accents(). props SergeyBiryukov. props ampt for [UT471]. fixes #9591.
git-svn-id: http://svn.automattic.com/wordpress/trunk@19125 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-11-02 23:08:05 +00:00
ryan 91bc97be7b Allow 0 - 9 in tag_escape(). Props sirzooro. fixes #18765
git-svn-id: http://svn.automattic.com/wordpress/trunk@18955 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-10-12 20:34:14 +00:00
ryan 80351b789d Avoid preg backtrack limit errors with large posts when processing shortcodes. Props mdawaffe. fixes #15600
git-svn-id: http://svn.automattic.com/wordpress/trunk@18952 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-10-12 16:50:30 +00:00
ryan b3054bd18f phpdoc fix for zeroise(). Props trepmal. fixes #18854
git-svn-id: http://svn.automattic.com/wordpress/trunk@18877 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-10-04 16:02:33 +00:00
duck_ 4171ea192b Introduce wp_allowed_protocols() for use in wp_kses() and esc_url(). See #18268.
This allows plugins to filter the list of protocols used for esc_url() too, and helps us keep the list of protocols in sync.


git-svn-id: http://svn.automattic.com/wordpress/trunk@18826 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-09-29 22:33:51 +00:00
markjaquith 33c150d3de Allow the text parameter in wp_trim_excerpt() to be omitted altogether, instead of requiring a blank string. props SergeyBiryukov. fixes #17492
git-svn-id: http://svn.automattic.com/wordpress/trunk@18824 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-09-29 21:48:03 +00:00
nacin 07567002bb Update esc_url() phpdoc. props sirzooro, fixes #18766.
git-svn-id: http://svn.automattic.com/wordpress/trunk@18769 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-09-24 19:52:26 +00:00
duck_ 2fb95a133d wp_strip_all_tags() in wp_trim_words() to remove CSS and JS within tags. Props evansolomon. Fixes #18726.
git-svn-id: http://svn.automattic.com/wordpress/trunk@18742 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-09-21 20:39:21 +00:00
ryan 7aedd7ec52 Run the sanitize_option_* filter for all options in sanitize_option(). Add some sanity checks for the permalink options while in there. fixes #18737
git-svn-id: http://svn.automattic.com/wordpress/trunk@18738 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-09-21 19:05:06 +00:00
duck_ 8cfc0fa5ec Abstract word-trimming from wp_trim_excerpt() into wp_trim_words(). Props nacin. Fixes #16372.
git-svn-id: http://svn.automattic.com/wordpress/trunk@18732 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-09-20 17:14:23 +00:00
nacin e5ca4fea40 Strip a number of special characters in sanitize_title_with_dashes on save. Includes quotes (curly, angle), dashes, marks, etc. props SergeyBiryukov. props ampt for the unit tests in [UT438]. see #10797.
git-svn-id: http://svn.automattic.com/wordpress/trunk@18705 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-09-18 19:53:59 +00:00
duck_ e4ed63fc6f Fix typos in documentation (wp-includes/[a-h]). See #18560.
git-svn-id: http://svn.automattic.com/wordpress/trunk@18633 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-09-03 16:02:41 +00:00
nacin d5cf830175 Add 'q' tag to nestable tags list in force_balance_tags(). props solarissmoke, fixes #6870.
git-svn-id: http://svn.automattic.com/wordpress/trunk@18585 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-08-23 15:37:38 +00:00
ryan 6c39a6f769 Better double encoding handling in _wp_special_chars(). Props miqrogroove.
git-svn-id: http://svn.automattic.com/wordpress/trunk@18485 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-07-29 20:43:45 +00:00
ryan 55d7366c42 Recognize urls that start with a question mark as relative urls that do not require a scheme to be prepended. fixes #18260
git-svn-id: http://svn.automattic.com/wordpress/trunk@18469 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-07-26 19:44:18 +00:00
westi 009b264271 Make [18456] more obvious. Fixes #16432.
git-svn-id: http://svn.automattic.com/wordpress/trunk@18465 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-07-25 13:20:07 +00:00
nacin 6185986c0e Add pre_ent2ncr filter. props GaryJ, fixes #16432.
git-svn-id: http://svn.automattic.com/wordpress/trunk@18456 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-07-21 21:41:21 +00:00
ryan 593659b8d0 Hardening. Santizers for WPLANG and new_admin_email. Prevent stomping ID and filter. Validate locale filename. Props westi.
git-svn-id: http://svn.automattic.com/wordpress/trunk@18346 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-06-27 15:56:42 +00:00
ryan bc667be71b Allow plus '+' character when sanitizing mime type. Props cyberhobo. fixes #17855
git-svn-id: http://svn.automattic.com/wordpress/trunk@18324 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-06-20 20:05:57 +00:00
westi fda24a53ed Ensure we have a valid timezone identifier before trying to use it.
Validate the new timezone identifier during option update.
Fixes #17840.

git-svn-id: http://svn.automattic.com/wordpress/trunk@18323 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-06-20 14:58:50 +00:00
azaozz ae81d75d39 Fix typo in remove_accents(), props scribu, fixes #16232
git-svn-id: http://svn.automattic.com/wordpress/trunk@18159 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-06-06 02:22:50 +00:00
ryan 4da684cf9a Update @since
git-svn-id: http://svn.automattic.com/wordpress/trunk@18032 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-05-25 15:47:17 +00:00
ryan 81a5f821fb Sanitize guid on save and display. Sanitize mime type on save. Don't allow changing mime type via edit form handlers. Protect hidden meta.
git-svn-id: http://svn.automattic.com/wordpress/trunk@17994 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-05-22 23:19:42 +00:00
ryan 569c17df7f Properly anchor mime preg.
git-svn-id: http://svn.automattic.com/wordpress/trunk@17990 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-05-22 23:17:09 +00:00
nacin 98bd4c0b2f s/coma/comma/. props ocean90.
git-svn-id: http://svn.automattic.com/wordpress/trunk@17982 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-05-21 15:20:25 +00:00
ryan b2c2e302be Revert part of [17920]. Support for empty tz must remain. Props johnjamesjacoby. fixes #17448
git-svn-id: http://svn.automattic.com/wordpress/trunk@17958 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-05-18 18:56:42 +00:00
westi 65e341d0cb Fix typos and inconsistencies in PHPdoc / function declarations. See #17414 props duck_
git-svn-id: http://svn.automattic.com/wordpress/trunk@17925 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-05-14 09:50:20 +00:00
ryan 58767691f4 Remove PHP5 back compat code from get_gmt_from_date. Props technosailor. fixes #16920
git-svn-id: http://svn.automattic.com/wordpress/trunk@17920 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-05-13 19:17:07 +00:00
ryan 74354459f1 Performance improvements for wptexturize(). Props solarissmoke, hakre. fixes #16684
git-svn-id: http://svn.automattic.com/wordpress/trunk@17636 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-04-13 17:11:35 +00:00
nacin 14ec951269 Make underscores valid in sanitize_html_class. fixes #17067.
git-svn-id: http://svn.automattic.com/wordpress/trunk@17614 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-04-06 21:28:52 +00:00
ryan 975a6a8c8d Reduce backtracking in make_clickable() regex. Reduce pcre.recursion_limit to avoid segfaulting. Props hakre. For trunk.
git-svn-id: http://svn.automattic.com/wordpress/trunk@17570 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-03-28 21:39:16 +00:00
ryan 4d46e8d95e Lose create_function() in links_add_target() and links_add_base_url(). esc_attr() the target to provide extra coverage for plugins. Props Justin Rainbow, nacin. For trunk
git-svn-id: http://svn.automattic.com/wordpress/trunk@17459 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-02-16 19:24:18 +00:00
ryan 85f1feed84 Bring out the shears.
git-svn-id: http://svn.automattic.com/wordpress/trunk@17228 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-01-06 04:11:14 +00:00
ryan 81cd855720 Don't be case sensitive to attribute names. Handle padded entities when checking for bad protocols. Normalize entities before checking for bad protocols in esc_url(). Props Mauro Gentile, duck_, miqrogroove
git-svn-id: http://svn.automattic.com/wordpress/trunk@17171 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-12-29 20:45:37 +00:00
nacin 95726df854 Revert [16995] due to the way the data enters the db. props garyc40, see #15454.
git-svn-id: http://svn.automattic.com/wordpress/trunk@17142 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-12-25 18:10:59 +00:00
ryan 3a66c698ee Remove some unnecessary esc_textarea() calls. Props garyc40. see #15454
git-svn-id: http://svn.automattic.com/wordpress/trunk@17001 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-12-16 17:48:20 +00:00
markjaquith 49c11dc768 Use ENT_QUOTES in esc_textarea() in case someone uses it in a value='' situation by accident. see #15454
git-svn-id: http://svn.automattic.com/wordpress/trunk@16993 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-12-16 09:24:22 +00:00