Commit Graph

217 Commits

Author SHA1 Message Date
Ryan Boren cc5ed3a485 Change all core API to expect unslashed rather than slashed arguments.
The exceptions to this are update_post_meta() and add_post_meta() which are often used by plugins in POST handlers and will continue accepting slashed data for now.

Introduce wp_upate_post_meta() and wp_add_post_meta() as unslashed alternatives to update_post_meta() and add_post_meta(). These functions could become methods in WP_Post so don't use them too heavily yet.

Remove all escape() calls from wp_xmlrpc_server. Now that core expects unslashed data this is no longer needed.

Remove addslashes(), addslashes_gpc(), add_magic_quotes() calls on data being prepared for handoff to core functions that until now expected slashed data. Adding slashes in no longer necessary.

Introduce wp_unslash() and use to it remove slashes from GPCS data before using it in core API. Almost every instance of stripslashes() in core should now be wp_unslash(). In the future (a release or three) when GPCS is no longer slashed, wp_unslash() will stop stripping slashes and simply return what is passed. At this point wp_unslash() calls can be removed from core.

Introduce wp_slash() for slashing GPCS data. This will also turn into a noop once GPCS is no longer slashed. wp_slash() should almost never be used. It is mainly of use in unit tests.

Plugins should use wp_unslash() on data being passed to core API.

Plugins should no longer slash data being passed to core. So when you get_post() and then wp_insert_post() the post data from get_post() no longer needs addslashes(). Most plugins were not bothering with this. They will magically start doing the right thing. Unfortunately, those few souls who did it properly will now have to avoid calling addslashes() for 3.6 and newer.

Use wp_kses_post() and wp_kses_data(), which expect unslashed data, instead of wp_filter_post_kses() and wp_filter_kses(), which expect slashed data. Filters are no longer passed slashed data.

Remove many no longer necessary calls to $wpdb->escape() and esc_sql().

In wp_get_referer() and wp_get_original_referer(), return unslashed data.

Remove old stripslashes() calls from WP_Widget::update() handlers. These haven't been necessary since WP_Widget.

Switch several queries over to prepare().

Expect something to break.

Props alexkingorg
see #21767


git-svn-id: http://core.svn.wordpress.org/trunk@23416 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-02-14 22:51:06 +00:00
Helen Hou-Sandí 42c9c61003 Minor phpdoc fixes for register_sidebar(). props SergeyBiryukov. fixes #22905.
git-svn-id: http://core.svn.wordpress.org/trunk@23199 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-12-23 22:11:37 +00:00
Helen Hou-Sandí a3b736bdd2 Refresh phpdoc for register_sidebar(). props jeremyfelt, SergeyBiryukov. fixes #22905.
git-svn-id: http://core.svn.wordpress.org/trunk@23196 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-12-23 16:18:16 +00:00
Ryan Boren 77518e9c71 Objects no longer need to be explicitly passed by ref to call_user_func*() to be callable. Props wonderboymusic. fixes #21865
git-svn-id: http://core.svn.wordpress.org/trunk@22118 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-10-04 20:00:16 +00:00
ryan 616c35e71c One newline is enough.
git-svn-id: http://svn.automattic.com/wordpress/trunk@19684 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-01-05 20:10:39 +00:00
ryan d1ba11c7d1 Update some @since. Props dgwyer. fixes #19638
git-svn-id: http://svn.automattic.com/wordpress/trunk@19673 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-01-04 19:03:33 +00:00
azaozz a55d901b12 Check the sidebar class for orphaned sidebars, match sidebars by id while retrieving orphans and the theme has not changed, props SergeyBiryukov, fixes #19350
git-svn-id: http://svn.automattic.com/wordpress/trunk@19455 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-11-26 06:16:43 +00:00
azaozz 2c9244965a Prioritize the saved data over the current data when restoring widget positions, props SergeyBiryukov, see #19092
git-svn-id: http://svn.automattic.com/wordpress/trunk@19340 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-11-18 19:50:17 +00:00
azaozz 83e2ae14d4 Don't try to convert empty widget settings from old format, props SergeyBiryukov, fixes #19091
git-svn-id: http://svn.automattic.com/wordpress/trunk@19333 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-11-18 06:11:38 +00:00
azaozz 84c1617da2 When restoring sidebars after switching back to an old theme, make sure the saved data matches the theme's current sidebars, fixes #19092
git-svn-id: http://svn.automattic.com/wordpress/trunk@19332 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-11-18 06:00:29 +00:00
ryan 62afab8db3 Pinking shears
git-svn-id: http://svn.automattic.com/wordpress/trunk@19054 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-10-24 19:13:23 +00:00
nacin 89c0895887 new does not require by reference.
git-svn-id: http://svn.automattic.com/wordpress/trunk@18995 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-10-18 20:20:59 +00:00
ryan 2edc82cd61 * Move the old sidebars_widgets array upgrade code to wp-admin/includes/upgrade.php
* Avoid infinite loop with wp_get_sidebars_widgets()
* Remove two unneeded wp_get_sidebars_widgets() calls
* Remove unused $wp_registered_sidebars variable from wp_get_sidebars_widgets().
* Combine  a couple of !empty( $sidebars_widgets ) checks in retrieve_widgets()
Props SergeyBiryukov, lancewillett. fixes #17979 #18598


git-svn-id: http://svn.automattic.com/wordpress/trunk@18821 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-09-29 21:41:22 +00:00
westi 1b6398d64b A little bit of whitespace keeps the code readable.
git-svn-id: http://svn.automattic.com/wordpress/trunk@18678 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-09-15 10:09:45 +00:00
azaozz c00346820f Make check_theme_switched() run an action so this enhancement is available to plugins and themes too, see #17979
git-svn-id: http://svn.automattic.com/wordpress/trunk@18655 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-09-08 20:07:15 +00:00
azaozz b79223097c Use theme mods instead of transients for storing the previous theme's widgets config, props aaroncampbell, see #17979
git-svn-id: http://svn.automattic.com/wordpress/trunk@18654 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-09-08 19:25:20 +00:00
duck_ 2f51b9be0d Fix typos in documentation (wp-includes/[i-z]). See #18560.
git-svn-id: http://svn.automattic.com/wordpress/trunk@18639 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-09-05 19:08:15 +00:00
azaozz 4852c5887f Avoid losing widgets when switching themes - take one, props aaroncampbell, see #17979
git-svn-id: http://svn.automattic.com/wordpress/trunk@18630 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-09-02 22:13:55 +00:00
nbachiyski abe8b47351 Explicitly globalize some variables, so that unit tests can run WordPress inside a function. Fixes #17749
git-svn-id: http://svn.automattic.com/wordpress/trunk@18532 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-08-11 04:45:14 +00:00
nacin 0fc43cf648 s/displayied/displayed/. props kawauso, fixes #17633.
git-svn-id: http://svn.automattic.com/wordpress/trunk@18096 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-06-01 16:44:13 +00:00
ryan 6827de6cd9 Remove PHP4 constructors. Props scribu. fixes #16768
git-svn-id: http://svn.automattic.com/wordpress/trunk@17655 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-04-18 21:46:57 +00:00
nacin d9abef8ea3 Bail early in dynamic_sidebar() if there are no sidebars. fixes #14816.
git-svn-id: http://svn.automattic.com/wordpress/trunk@17545 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-03-23 18:59:52 +00:00
nacin d30ef21e80 Revert [15994] for now, as the default widgets then go through an identity crisis. see #14876, #15493.
git-svn-id: http://svn.automattic.com/wordpress/trunk@16521 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-21 13:48:35 +00:00
nacin 8f1f98fa02 Return empty array in wp_get_sidebars_widgets() if no sidebars are defined. fixes #14876.
git-svn-id: http://svn.automattic.com/wordpress/trunk@15994 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-10-27 01:56:54 +00:00
nacin 5a20c05d27 Phpdoc argument/@param cleanups. props duck_, see #14783.
git-svn-id: http://svn.automattic.com/wordpress/trunk@15590 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-09-07 11:21:11 +00:00
ryan 7b7243d94a Strip trailing whites.
git-svn-id: http://svn.automattic.com/wordpress/trunk@14404 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-05-03 20:26:11 +00:00
ryan 18513489e2 Hooks for the widgets api. Props ptahdunbar. fixes #12546
git-svn-id: http://svn.automattic.com/wordpress/trunk@14382 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-05-03 19:01:43 +00:00
markjaquith 4a1e7550a3 Make sure sidebars_widgets is an array. If it is a string (no idea how, but it happens), we get a fatal error
git-svn-id: http://svn.automattic.com/wordpress/trunk@14320 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-04-30 17:37:42 +00:00
nacin a6d816df0b Use wp_parse_args in register_sidebar. fixes #11836, props scribu.
git-svn-id: http://svn.automattic.com/wordpress/trunk@14154 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-04-18 15:32:39 +00:00
ryan c2a6f28bf5 Enable nav menu admin if theme supports widgets. Show notice if theme supports widgets but not nav-menus. see #11817
git-svn-id: http://svn.automattic.com/wordpress/trunk@13810 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-03-24 18:35:31 +00:00
nacin 30d6eb32c6 Remove redundant isset() and empty() checks.
git-svn-id: http://svn.automattic.com/wordpress/trunk@13770 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-03-19 21:29:21 +00:00
dd32 95029985a6 Restore backwards compatibility of integer sidebars("sidebar-$i"). See #12606
git-svn-id: http://svn.automattic.com/wordpress/trunk@13701 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-03-14 12:12:23 +00:00
dd32 a9ff74237a Revert [13699], It breaks dynamic_sidebar(<int>) compatibility. Use a safer loop for clashes. See #12606
git-svn-id: http://svn.automattic.com/wordpress/trunk@13700 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-03-14 11:58:53 +00:00
dd32 2a7375a600 Simplify the Id uniqueness loops. Guard against more use-cases which might cause ID conflicts. See #12606
git-svn-id: http://svn.automattic.com/wordpress/trunk@13699 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-03-14 11:34:51 +00:00
dd32 c6daeea61e Ensure that for multiple sidebar additions, the ID is unique (even if specified). Append -2.. for > 1 sidebars. Props minusfive. Fixes #12606
git-svn-id: http://svn.automattic.com/wordpress/trunk@13698 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-03-14 10:55:17 +00:00
nacin eb22ca285f Move deprecated pre-2.8 widget API to deprecated.php. Deprecate register_sidebar_widget, unregister_sidebar_widget, register_widget_control, unregister_widget_control, in favor of their wp_* counterparts. See #11388
git-svn-id: http://svn.automattic.com/wordpress/trunk@13098 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-02-13 07:55:28 +00:00
westi bf4a5241e1 Add missing version numbers to _deprecated_argument() calls.
Remove deprecated argument from xfn_check() calls.
Pass version number to deprecated_file_included, deprecated_function_run and deprecated_argument_run actions.
Fixes #11386 props nacin.

git-svn-id: http://svn.automattic.com/wordpress/trunk@12680 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-01-09 10:03:55 +00:00
westi ff7831207c Updates and improvements to _depreceated_argument. See #11386 props nacin.
git-svn-id: http://svn.automattic.com/wordpress/trunk@12584 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-12-30 16:23:39 +00:00
westi 47a7b1b003 Fix typo in _deprecated_argument() and start using _deprecated_argument() in wp-includes files. See #11386 props nacin.
git-svn-id: http://svn.automattic.com/wordpress/trunk@12537 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-12-24 11:12:04 +00:00
azaozz fce64c00bc Always register all widgets, props hakre, fixes #10954
git-svn-id: http://svn.automattic.com/wordpress/trunk@12249 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-11-21 03:40:55 +00:00
azaozz f2dc806c22 Add sidebar descriptions to sidebar settings and widget admin screen, props jeremyclarke scribu, fixes #11157
git-svn-id: http://svn.automattic.com/wordpress/trunk@12213 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-11-19 09:12:16 +00:00
azaozz 954a1c3bac Fix warning in wp-admin/widgets.php when using Accessibility Mode on brand new install, fixes #10610
git-svn-id: http://svn.automattic.com/wordpress/trunk@11824 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-08-16 01:56:21 +00:00
azaozz a85254b70c Convert the old style widgets order array only when loading the widgets screen, fixes #10300 for trunk
git-svn-id: http://svn.automattic.com/wordpress/trunk@11691 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-07-04 12:49:54 +00:00
azaozz cb0b89a71c is_active_sidebar() should use wp_get_sidebars_widgets(), props greenshady and Denis-de-Bernardy, fixes #10136
git-svn-id: http://svn.automattic.com/wordpress/trunk@11562 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-06-14 08:37:07 +00:00
azaozz e0a2b8eebe Improve widgets hooks, props Denis-de-Bernardy, fixes #10013
git-svn-id: http://svn.automattic.com/wordpress/trunk@11510 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-06-03 11:33:17 +00:00
azaozz b7bc0faa73 Reload the widget form with the ajax response after save, add Close link to the widgets, don't auto-close on save to show possible errors returned from validation
git-svn-id: http://svn.automattic.com/wordpress/trunk@11498 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-05-31 11:34:08 +00:00
ryan 02fb7b43fe Fix widget unregister back-compat. fixes #9952
git-svn-id: http://svn.automattic.com/wordpress/trunk@11484 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-05-29 16:32:20 +00:00
ryan 2df887bd07 Trim tailing whitespace
git-svn-id: http://svn.automattic.com/wordpress/trunk@11450 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-05-24 23:47:49 +00:00
azaozz 0632395ad6 Fix saving and deleting of widgets settings for no-js and for some non-standard widgets, run the actions from the widgets screen when saving with ajax, see #9511
git-svn-id: http://svn.automattic.com/wordpress/trunk@11427 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-05-22 12:08:51 +00:00
markjaquith 119b39cec2 deprecate wp_specialchars() in favor of esc_html(). Encode quotes for esc_html() as in esc_attr(), to improve plugin security.
git-svn-id: http://svn.automattic.com/wordpress/trunk@11380 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-05-18 15:11:07 +00:00