Commit Graph

75 Commits

Author SHA1 Message Date
Ryan Boren cc5ed3a485 Change all core API to expect unslashed rather than slashed arguments.
The exceptions to this are update_post_meta() and add_post_meta() which are often used by plugins in POST handlers and will continue accepting slashed data for now.

Introduce wp_upate_post_meta() and wp_add_post_meta() as unslashed alternatives to update_post_meta() and add_post_meta(). These functions could become methods in WP_Post so don't use them too heavily yet.

Remove all escape() calls from wp_xmlrpc_server. Now that core expects unslashed data this is no longer needed.

Remove addslashes(), addslashes_gpc(), add_magic_quotes() calls on data being prepared for handoff to core functions that until now expected slashed data. Adding slashes in no longer necessary.

Introduce wp_unslash() and use to it remove slashes from GPCS data before using it in core API. Almost every instance of stripslashes() in core should now be wp_unslash(). In the future (a release or three) when GPCS is no longer slashed, wp_unslash() will stop stripping slashes and simply return what is passed. At this point wp_unslash() calls can be removed from core.

Introduce wp_slash() for slashing GPCS data. This will also turn into a noop once GPCS is no longer slashed. wp_slash() should almost never be used. It is mainly of use in unit tests.

Plugins should use wp_unslash() on data being passed to core API.

Plugins should no longer slash data being passed to core. So when you get_post() and then wp_insert_post() the post data from get_post() no longer needs addslashes(). Most plugins were not bothering with this. They will magically start doing the right thing. Unfortunately, those few souls who did it properly will now have to avoid calling addslashes() for 3.6 and newer.

Use wp_kses_post() and wp_kses_data(), which expect unslashed data, instead of wp_filter_post_kses() and wp_filter_kses(), which expect slashed data. Filters are no longer passed slashed data.

Remove many no longer necessary calls to $wpdb->escape() and esc_sql().

In wp_get_referer() and wp_get_original_referer(), return unslashed data.

Remove old stripslashes() calls from WP_Widget::update() handlers. These haven't been necessary since WP_Widget.

Switch several queries over to prepare().

Expect something to break.

Props alexkingorg
see #21767


git-svn-id: http://core.svn.wordpress.org/trunk@23416 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-02-14 22:51:06 +00:00
Ryan Boren 57f65d2906 Try not to send Last-Modified, even with an empty value. Some servers interpret an empty value as the epoch.
Props nacin, slene, SergeyBiryukov, andy
see #23021 for trunk


git-svn-id: http://core.svn.wordpress.org/trunk@23267 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-01-04 19:51:31 +00:00
Andrew Nacin 1773a06874 Avoid 'headers already sent' messages for header_remove() the same way we currently do with header(). props ryan. fixes #22258.
git-svn-id: http://core.svn.wordpress.org/trunk@22303 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-10-25 20:38:55 +00:00
Andrew Nacin a88114dd92 Do not issue a Last-Modified header when issuing no-cache headers to avoid aggressive (webkit) caching. Serve a blank header when header_remove() is not available (PHP < 5.3). props andy. fixes #22258.
git-svn-id: http://core.svn.wordpress.org/trunk@22283 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-10-23 15:45:44 +00:00
Ryan Boren 77518e9c71 Objects no longer need to be explicitly passed by ref to call_user_func*() to be callable. Props wonderboymusic. fixes #21865
git-svn-id: http://core.svn.wordpress.org/trunk@22118 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-10-04 20:00:16 +00:00
Andrew Nacin 9d204841ee Remove AtomPub from core.
* Will be replaced with http://wordpress.org/extend/plugins/atom-publishing-protocol/.
 * Introduces an action, xmlrpc_rsd_apis, to add APIs to xmlrpc.php?rsd.
 * Introduces support for 'error' being 403 and 50x in class-wp.php.
 * Removes 'Remote Publishing' from Writing Settings (see [21804]). Keeps the remote_publishing settings section.

DB version is bumped to generate the new wp-app rewrite rule and remove the old enable_app option.

props wonderboymusic.
fixes #21509.



git-svn-id: http://core.svn.wordpress.org/trunk@21818 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-09-11 20:11:39 +00:00
markjaquith 6960c76644 Allow home page of multisite (subdir install) sites to resolve regardless of capitalization, as they already do for URLs other than the home page. props SergeyBiryukov. fixes #16200
git-svn-id: http://core.svn.wordpress.org/trunk@21208 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-07-05 13:50:24 +00:00
nacin bdf490a7c6 Add do_parse_request filter to WP::parse_request() to allow short-circuiting. props andy, mikeschinkel. fixes #16692.
git-svn-id: http://core.svn.wordpress.org/trunk@21163 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-06-28 20:03:03 +00:00
nacin aefde50081 Deprecate ancient "debugging" tools.
* logIO() and the global $xmlrpc_logging in XML-RPC.
 * log_app() and the global $app_logging in APP.
 * debug_fwrite(), debug_fopen(), debug_fclose(), and $debug.
see #20051.



git-svn-id: http://svn.automattic.com/wordpress/trunk@19935 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-02-17 00:02:42 +00:00
ryan b0eb479cc2 404 non-existant pages. Make handle_404() readable. Props benbalter, nacin. fixes #15770
git-svn-id: http://svn.automattic.com/wordpress/trunk@19892 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-02-09 21:04:36 +00:00
ryan e3b46b25d3 Lose EOF ?>. Clean up EOF newlines. fixes #12307
git-svn-id: http://svn.automattic.com/wordpress/trunk@19712 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-01-08 17:01:11 +00:00
ryan 07ff8b216b Use one space, not two, after trailing punctuation. fixes #19537
git-svn-id: http://svn.automattic.com/wordpress/trunk@19593 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-12-13 23:45:31 +00:00
duck_ e82f153205 Use correct variable. We preg_match() against $request_match, so that's what should be checked with empty() too. Fixes #17177.
git-svn-id: http://svn.automattic.com/wordpress/trunk@19280 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-11-14 21:05:13 +00:00
ryan 28b1b4763d Avoid E_STRICT notices. see #18975
git-svn-id: http://svn.automattic.com/wordpress/trunk@19094 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-10-31 19:38:46 +00:00
nacin 239e36bc0a We know that pagename is being assigned to $matches-something, so skip the variable variable. props duck_. see #18991.
git-svn-id: http://svn.automattic.com/wordpress/trunk@19017 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-10-19 22:49:45 +00:00
nacin 89c0895887 new does not require by reference.
git-svn-id: http://svn.automattic.com/wordpress/trunk@18995 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-10-18 20:20:59 +00:00
duck_ e4ed63fc6f Fix typos in documentation (wp-includes/[a-h]). See #18560.
git-svn-id: http://svn.automattic.com/wordpress/trunk@18633 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-09-03 16:02:41 +00:00
markjaquith 4a610eaa7b Eliminate verbose rewrite rules for ambiguous rewrite structures, resulting in massive performance gains. props andy, otto42, duck_. Nice work everyone! see #16687
git-svn-id: http://svn.automattic.com/wordpress/trunk@18541 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-08-12 01:55:08 +00:00
ryan 3000ee7664 Explain the empty req_uri branch. Props duck_. fixes #17177
git-svn-id: http://svn.automattic.com/wordpress/trunk@18467 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-07-25 20:20:07 +00:00
ryan b1842a700c Optimize parse_request for the home page. Props duck_. see #17177
git-svn-id: http://svn.automattic.com/wordpress/trunk@18466 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-07-25 20:18:07 +00:00
nacin 5cc93d8dc4 Don't 404 for empty post type archives. props markmcwilliams, jfarthing84, fixes #17316.
git-svn-id: http://svn.automattic.com/wordpress/trunk@18192 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-06-08 16:07:38 +00:00
ryan 04487fc268 Constructor cleanup. Props ocean90. fixes #16768
git-svn-id: http://svn.automattic.com/wordpress/trunk@17771 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-04-29 20:05:12 +00:00
scribu 0a1d745a54 Move s/ /+ out of WP_Query, so that 'category_name=Some Category' works again. See #12891
git-svn-id: http://svn.automattic.com/wordpress/trunk@16526 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-21 16:33:05 +00:00
nacin 04deafb31c File-level phpdoc for new class files. fixes #10287.
git-svn-id: http://svn.automattic.com/wordpress/trunk@16101 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-10-30 14:09:05 +00:00
nacin 731bf1fb06 Begin the dissolution of classes.php. see #10287.
git-svn-id: http://svn.automattic.com/wordpress/trunk@16099 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-10-30 07:02:06 +00:00