Sergey Biryukov
16c32fb590
Grouped backports to the 4.2 branch.
...
- Posts, Post types: Apply KSES to post-by-email content,
- General: Validate host on "Are you sure?" screen,
- Posts, Post types: Remove emails from post-by-email logs,
- Pings/trackbacks: Apply KSES to all trackbacks,
- Comments: Apply kses when editing comments,
- Mail: Reset PHPMailer properties between use,
- Query: Validate relation in `WP_Date_Query`,
- Widgets: Escape RSS error messages for display.
Merges [54521], [54522], [54523], [54525], [54527], [54529], [54530], [54541] to the 4.2 branch.
Props voldemortensen, johnbillion, paulkevan, peterwilsoncc, xknown, dd32, audrasjb, martinkrcho, davidbaumwald, tykoted, johnjamesjacoby, ehtis, matveb, talldanwp.
Built from https://develop.svn.wordpress.org/branches/4.2@54554
git-svn-id: http://core.svn.wordpress.org/branches/4.2@54109 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2022-10-17 17:56:20 +00:00
Dominik Schilling
ddf451dbb5
Nav menus: Consistent titles in widgets.
...
Built from https://develop.svn.wordpress.org/branches/4.2@33529
git-svn-id: http://core.svn.wordpress.org/branches/4.2@33496 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-08-03 20:57:42 +00:00
Dominik Schilling
29907e5f8b
Text Widget: Use `!empty()` for checking if the filter setting is set.
...
props westonruter.
fixes #31690 .
Built from https://develop.svn.wordpress.org/trunk@31886
git-svn-id: http://core.svn.wordpress.org/trunk@31865 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-03-25 17:34:28 +00:00
Sergey Biryukov
c6522e3c93
Add missing labels to Archives and Categories dropdown widgets.
...
props joedolson, jlevandowski, DrewAPicture, SergeyBiryukov.
fixes #18650 .
Built from https://develop.svn.wordpress.org/trunk@31520
git-svn-id: http://core.svn.wordpress.org/trunk@31501 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-02-23 16:32:25 +00:00
Sergey Biryukov
7690d9b1aa
Add `'widget_nav_menu_args'` filter for Custom Menu widget arguments.
...
props cyman, DrewAPicture.
fixes #29463 .
Built from https://develop.svn.wordpress.org/trunk@31325
git-svn-id: http://core.svn.wordpress.org/trunk@31306 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-02-03 02:56:23 +00:00
Sergey Biryukov
eff3b8925b
Display correct title in Archives widget if the type of archive was changed using the 'widget_archives_dropdown_args' filter.
...
props floriansimeth for initial patch.
fixes #31024 .
Built from https://develop.svn.wordpress.org/trunk@31241
git-svn-id: http://core.svn.wordpress.org/trunk@31222 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-19 08:26:24 +00:00
Scott Taylor
5eb5afac34
For clarity, initialize some arrays that previously were only assigned via short circuit in loops.
...
See #30799 .
Built from https://develop.svn.wordpress.org/trunk@30982
git-svn-id: http://core.svn.wordpress.org/trunk@30968 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-12-20 22:47:22 +00:00
Drew Jaynes
e7b465046a
Cross-reference `WP_Comment_Query::query()` as the location for finding information on default arguments for `WP_Comment_Query`.
...
Also updates the return types on `get_comments()` and `get_approved_comments()`, as an integer can also be returned if the `$count` argument is true.
Fixes #30111 .
Built from https://develop.svn.wordpress.org/trunk@30281
git-svn-id: http://core.svn.wordpress.org/trunk@30281 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-08 20:35:22 +00:00
Sergey Biryukov
15a1e0731e
Use proper functions for escaped translations.
...
pros jcastaneda.
fixes #30012 .
Built from https://develop.svn.wordpress.org/trunk@29961
git-svn-id: http://core.svn.wordpress.org/trunk@29708 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-10-18 20:11:18 +00:00
Sergey Biryukov
504d4ad5eb
Change the default orderby value in wp_get_nav_menus() to 'name'.
...
props voldemortensen, igmoweb.
fixes #29460 .
Built from https://develop.svn.wordpress.org/trunk@29792
git-svn-id: http://core.svn.wordpress.org/trunk@29564 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-09-29 15:45:16 +00:00
Helen Hou-Sandí
23905f1616
Remove remaining title attributes from default-widgets.php, with the exception of the one on the link to WordPress.org. fixes #26552 .
...
Built from https://develop.svn.wordpress.org/trunk@29338
git-svn-id: http://core.svn.wordpress.org/trunk@29118 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-08-01 17:05:16 +00:00
Sergey Biryukov
fdd0756e5a
Add a class for get_comment_author_link() in Recent Comments widget.
...
props DrewAPicture, dannydehaan, 5um17.
fixes #27944 .
Built from https://develop.svn.wordpress.org/trunk@29241
git-svn-id: http://core.svn.wordpress.org/trunk@29025 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-07-19 02:44:14 +00:00
Scott Taylor
b930c3a6fe
Cleanup `wp_widget_rss_form()` after [28734]. "$$input used sanitized variables which contained actual values, unlike $inputs[$input] which in that context contains data about which input fields are hidden."
...
Props kovshenin.
Fixes #27881 .
Built from https://develop.svn.wordpress.org/trunk@28787
git-svn-id: http://core.svn.wordpress.org/trunk@28600 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-06-20 17:29:14 +00:00
Scott Taylor
ecf0e4702f
Don't use a variable variable in `wp_widget_rss_form()`. Sidenote: the logic to show hidden fields is bizarre - would result in duplicate fields.
...
See #27881 .
Built from https://develop.svn.wordpress.org/trunk@28734
git-svn-id: http://core.svn.wordpress.org/trunk@28548 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-06-11 16:18:17 +00:00
Sergey Biryukov
f4a6632200
Clean up wp_widget_rss_output():
...
* Fix appending […] to $summary.
* Use wp_trim_words() instead of wp_html_excerpt().
* Trim $title before checking if it's empty. props UmeshSingla.
* Use correct escaping function for $title.
fixes #28356 .
Built from https://develop.svn.wordpress.org/trunk@28586
git-svn-id: http://core.svn.wordpress.org/trunk@28411 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-27 11:08:14 +00:00
Scott Taylor
49af14fde0
`WP_Date_Query` was only missing one access modifier.
...
Add access modifier (`public`) to all default widgets' class methods.
See #27881 , #22234 .
Built from https://develop.svn.wordpress.org/trunk@28532
git-svn-id: http://core.svn.wordpress.org/trunk@28358 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-19 17:30:17 +00:00
Scott Taylor
fdaea6b7f2
Eliminate use of `extract()` in `wp_widget_rss_form()`.
...
See #22400 .
Built from https://develop.svn.wordpress.org/trunk@28449
git-svn-id: http://core.svn.wordpress.org/trunk@28276 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-16 15:38:14 +00:00
Scott Taylor
6e8e30bb1e
Eliminate use of `extract()` in `wp_widget_rss_output()`.
...
Add `'items' => 0` to `$default_args`. When `0`, the value is set to `10` (the fallback).
Every other default arg has a default value of `0`.
`items` is expected to always be passed to this function.
See #22400 .
Built from https://develop.svn.wordpress.org/trunk@28440
git-svn-id: http://core.svn.wordpress.org/trunk@28267 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-15 19:42:13 +00:00
Scott Taylor
157f811a5e
Eliminate use of `extract()` in `WP_Widget_RSS::widget()`.
...
See #22400 .
Built from https://develop.svn.wordpress.org/trunk@28439
git-svn-id: http://core.svn.wordpress.org/trunk@28266 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-15 19:36:15 +00:00
Scott Taylor
67c51361d6
Eliminate use of `extract()` in `default-widgets.php`.
...
Props rzen, wonderboymusic.
See #22400 .
Built from https://develop.svn.wordpress.org/trunk@28433
git-svn-id: http://core.svn.wordpress.org/trunk@28260 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-15 16:33:15 +00:00
Mark Jaquith
a43313fe12
Use '— Select —' instead of '-- Select --' for nav menus. Looks nicer.
...
see #27878
Built from https://develop.svn.wordpress.org/trunk@28205
git-svn-id: http://core.svn.wordpress.org/trunk@28035 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-04-25 00:35:25 +00:00
Mark Jaquith
8c830cef80
Force users to choose a nav menu in the custom nav menu widget, for a better customizer UX
...
Before, they had to make a dummy change to get it to render. Now they
are made to choose a nav menu from the dropdown, which feels more
natural.
fixes #27878 for trunk. props westonruter
Built from https://develop.svn.wordpress.org/trunk@28197
git-svn-id: http://core.svn.wordpress.org/trunk@28027 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-04-24 20:45:31 +00:00
Dominik Schilling
77beef348d
Recent Posts Widget: Use `ob_end_flush()` instead of `ob_flush()`.
...
`ob_end_flush()` flushes the output buffer *and* turns output buffering off, same as `ob_get_flush()`.
props m_i_n.
see #28009 for trunk.
Built from https://develop.svn.wordpress.org/trunk@28195
git-svn-id: http://core.svn.wordpress.org/trunk@28025 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-04-24 19:48:19 +00:00
Dominik Schilling
598907559c
WP_Widget: Introduce `is_preview()` method.
...
With the Widget Customizer it's possible that previewed widgets can leak data outside of Customizer, when the widget uses the cache API.
The Customizer calls the regular update callback which should already refresh the cache. Since cache additions aren't blocked yet the cache can be filled with preview data.
To prevent this issue `WP_Widget::is_preview()` will return true, when `$wp_customize->is_preview()` returns true. If `is_preview()` is true, cache additions are suspended via `wp_suspend_cache_addition()`. Make sure your object cache drop-in has implemented `wp_suspend_cache_addition()`.
`is_preview()` can/should also be used inside `WP_Widget::widget()`, see WP_Widget_Recent_Posts or WP_Widget_Recent_Comments for examples.
For more info see IRC logs: http://irclogs.wordpress.org/chanlog.php?channel=wordpress-dev&day=2014-04-02&sort=asc#m824279
props westonruter.
fixes #27538 .
Built from https://develop.svn.wordpress.org/trunk@27966
git-svn-id: http://core.svn.wordpress.org/trunk@27796 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-04-06 18:48:16 +00:00
Drew Jaynes
e6d9f04bcc
Inline documentation for hooks in wp-includes/default-widgets.php.
...
Props janw.oostendorp and kpdesign.
Fixes #25638 .
Built from https://develop.svn.wordpress.org/trunk@27697
git-svn-id: http://core.svn.wordpress.org/trunk@27536 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-03-25 08:53:14 +00:00
Andrew Nacin
3ffc6dd559
RSS widgets: Omit the title attribute when the summary is shown.
...
Trim the title attribute to ensure whitespace isn't rendered.
props SergeyBiryukov.
fixes #26520 . see #26552 .
Built from https://develop.svn.wordpress.org/trunk@27691
git-svn-id: http://core.svn.wordpress.org/trunk@27530 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-03-24 21:08:15 +00:00
Dominik Schilling
e1fde8d510
In Recent Posts widget set default number to 5.
...
props afercia.
fixes #27417 .
Built from https://develop.svn.wordpress.org/trunk@27561
git-svn-id: http://core.svn.wordpress.org/trunk@27404 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-03-17 17:01:14 +00:00
John Blackbourn
79d274f2f6
Add context and a missing period to widget descriptions. Fixes #26668 . Props pavelevap, Hanni
...
Built from https://develop.svn.wordpress.org/trunk@27412
git-svn-id: http://core.svn.wordpress.org/trunk@27259 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-03-05 17:26:17 +00:00
Andrew Nacin
0c16c0477b
Reference https://wordpress.org rather than http://wordpress.org in strings, links, comments, etc.
...
props Ipstenu, markjaquith.
see #27115 .
Built from https://develop.svn.wordpress.org/trunk@27369
git-svn-id: http://core.svn.wordpress.org/trunk@27219 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-03-03 02:34:27 +00:00
Andrew Ozz
db074f8e65
Widgets: improve the help text on the Widgets screen, props siobhan, props Hanni, fixes #26244 .
...
Built from https://develop.svn.wordpress.org/trunk@26505
git-svn-id: http://core.svn.wordpress.org/trunk@26399 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-12-01 18:29:09 +00:00
Andrew Nacin
791e807f08
More dash updates.
...
* Shuffle around some pixels.
* Rename some things that weren't caught in [26220].
* Revert default-widgets.php change from [26144].
props lessbloat.
see #25824 .
Built from https://develop.svn.wordpress.org/trunk@26230
git-svn-id: http://core.svn.wordpress.org/trunk@26137 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-11-15 22:23:09 +00:00
Andrew Nacin
809b335f7a
Merge the new dashboard design into core.
...
Merges https://github.com/growthdesigner/wp-dash .
props lessbloat, joen, helen, dbernar1, kraftbj, ryelle, tillkruess, grapplerulrich, markjaquith.
see #25824 .
Built from https://develop.svn.wordpress.org/trunk@26144
git-svn-id: http://core.svn.wordpress.org/trunk@26055 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-11-13 22:09:10 +00:00
Andrew Nacin
ce637bdcb3
Remove redundant title attributes.
...
props sabreuse.
see #24766 .
Built from https://develop.svn.wordpress.org/trunk@25675
git-svn-id: http://core.svn.wordpress.org/trunk@25591 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-10-02 22:51:10 +00:00
Scott Taylor
569bcc5dad
Use `wp_get_nav_menus()` instead of `get_terms('nav_menu')` in `WP_Nav_Menu_Widget` to preserve use of `wp_get_nav_menus' filter.
...
Props Frank Klein.
Fixes #25263 .
Built from https://develop.svn.wordpress.org/trunk@25332
git-svn-id: http://core.svn.wordpress.org/trunk@25294 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-09-10 23:30:10 +00:00
Sergey Biryukov
05d55a400b
Avoid PHP notices when configuring the Incoming Links dashboard widget. fixes #25250 .
...
Built from https://develop.svn.wordpress.org/trunk@25298
git-svn-id: http://core.svn.wordpress.org/trunk@25261 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-09-07 18:17:10 +00:00
Dominik Schilling
79fffba674
Flush the cache in Recent Comments widget on edit_comment. props pento, fixes #24779 .
...
Built from https://develop.svn.wordpress.org/trunk@25049
git-svn-id: http://core.svn.wordpress.org/trunk@25036 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-08-17 09:30:09 +00:00
Sergey Biryukov
98d6c31f84
Avoid an undefined index notice in WP_Widget_Recent_Posts::update(). props jrf. fixes #24577 .
...
git-svn-id: http://core.svn.wordpress.org/trunk@24504 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-06-23 08:20:08 +00:00
Sergey Biryukov
633a6fb400
Don't append ellipsis in RSS widget if the entire content is shown. props kovshenin. fixes #21702 .
...
git-svn-id: http://core.svn.wordpress.org/trunk@24213 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-05-08 23:23:05 +00:00
Sergey Biryukov
13c93f4dd5
Simplify logic in WP_Widget_Recent_Posts and WP_Widget_Recent_Comments. fixes #23089 .
...
git-svn-id: http://core.svn.wordpress.org/trunk@23597 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-04 02:14:23 +00:00
Ryan Boren
43a7e695e9
Revert 23416, 23419, 23445 except for wp_reset_vars() changes. We are going a different direction with the slashing cleanup, so resetting to a clean slate. see #21767
...
git-svn-id: http://core.svn.wordpress.org/trunk@23554 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-01 16:28:40 +00:00
Sergey Biryukov
7b62637af7
Add a missing closing tag. fixes #23510 . see #14358 .
...
git-svn-id: http://core.svn.wordpress.org/trunk@23454 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-02-19 02:06:21 +00:00
Sergey Biryukov
6a8a7a76b4
Filter "Powered by WordPress" text in Meta widget. props Viper007Bond, wonderboymusic. fixes #14358 .
...
git-svn-id: http://core.svn.wordpress.org/trunk@23424 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-02-15 16:20:14 +00:00
Ryan Boren
cc5ed3a485
Change all core API to expect unslashed rather than slashed arguments.
...
The exceptions to this are update_post_meta() and add_post_meta() which are often used by plugins in POST handlers and will continue accepting slashed data for now.
Introduce wp_upate_post_meta() and wp_add_post_meta() as unslashed alternatives to update_post_meta() and add_post_meta(). These functions could become methods in WP_Post so don't use them too heavily yet.
Remove all escape() calls from wp_xmlrpc_server. Now that core expects unslashed data this is no longer needed.
Remove addslashes(), addslashes_gpc(), add_magic_quotes() calls on data being prepared for handoff to core functions that until now expected slashed data. Adding slashes in no longer necessary.
Introduce wp_unslash() and use to it remove slashes from GPCS data before using it in core API. Almost every instance of stripslashes() in core should now be wp_unslash(). In the future (a release or three) when GPCS is no longer slashed, wp_unslash() will stop stripping slashes and simply return what is passed. At this point wp_unslash() calls can be removed from core.
Introduce wp_slash() for slashing GPCS data. This will also turn into a noop once GPCS is no longer slashed. wp_slash() should almost never be used. It is mainly of use in unit tests.
Plugins should use wp_unslash() on data being passed to core API.
Plugins should no longer slash data being passed to core. So when you get_post() and then wp_insert_post() the post data from get_post() no longer needs addslashes(). Most plugins were not bothering with this. They will magically start doing the right thing. Unfortunately, those few souls who did it properly will now have to avoid calling addslashes() for 3.6 and newer.
Use wp_kses_post() and wp_kses_data(), which expect unslashed data, instead of wp_filter_post_kses() and wp_filter_kses(), which expect slashed data. Filters are no longer passed slashed data.
Remove many no longer necessary calls to $wpdb->escape() and esc_sql().
In wp_get_referer() and wp_get_original_referer(), return unslashed data.
Remove old stripslashes() calls from WP_Widget::update() handlers. These haven't been necessary since WP_Widget.
Switch several queries over to prepare().
Expect something to break.
Props alexkingorg
see #21767
git-svn-id: http://core.svn.wordpress.org/trunk@23416 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-02-14 22:51:06 +00:00
Sergey Biryukov
7a77f47f55
Use correct escaping function. fixes #23334 .
...
git-svn-id: http://core.svn.wordpress.org/trunk@23413 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-02-14 05:52:23 +00:00
Andrew Nacin
f2f9551287
Add context to the 'Random' string. It is now used in two places: gallery order and the links widget. props pavelevap, fixes #22724 .
...
git-svn-id: http://core.svn.wordpress.org/trunk@23021 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-12-04 14:49:44 +00:00
Andrew Nacin
56c1b7c7ff
Final HiDPI tweaks. Don't use rss-2x.png on a front-end widget. Improve selectors for favicons in the toolbar to avoid breaking existing images. Remove unnecessary RTL styles. FIXES #21019 .
...
git-svn-id: http://core.svn.wordpress.org/trunk@22481 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-11-09 02:06:59 +00:00
Andrew Ozz
1276bcefb5
More retina backgrounds and bits, props saracannon, empireoflight and lessbloat, see #21019
...
git-svn-id: http://core.svn.wordpress.org/trunk@22439 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-11-07 20:54:08 +00:00
Andrew Nacin
dc40f18228
Merge some strings. props pavelevap. fixes #22306 .
...
git-svn-id: http://core.svn.wordpress.org/trunk@22430 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-11-07 19:37:54 +00:00
Andrew Nacin
fb2c9e7e4f
Prime post caches for the Recent Comments widget. props mitchoyoshitaka. see #15400 .
...
git-svn-id: http://core.svn.wordpress.org/trunk@22278 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-10-23 14:18:37 +00:00
Ryan Boren
77518e9c71
Objects no longer need to be explicitly passed by ref to call_user_func*() to be callable. Props wonderboymusic. fixes #21865
...
git-svn-id: http://core.svn.wordpress.org/trunk@22118 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-10-04 20:00:16 +00:00