Commit Graph

74 Commits

Author SHA1 Message Date
Boone Gorges 9088df3fee Prevent non-public taxonomies from registering aquery var.
[34247] made the 'public' paramater of `register_taxonomy()` work by blocking
requests for non-public taxonomy archives during `parse_request()`. Blocking
taxonomy archive requests this late means that it's impossible to register an
independent query var that matches the slug of a non-public taxonomy. By
moving the block to `register_taxonomy()` - not allowing these taxonomies to
register their query vars in the first place - we free up the slug for other
use. In addition, we free up a bit of processing (no need to look for the query
var in `parse_request()` and better parallel the way non-public post types
work. See `register_post_type()`.

Non-public taxonomy archives that are requested using `?taxonomy=tax_name` are
still blocked during `parse_request`. It's only custom query vars -
`?tax_name=term` - that are affected by this change.

Props mboynes.
Fixes #21949.
Built from https://develop.svn.wordpress.org/trunk@35333


git-svn-id: http://core.svn.wordpress.org/trunk@35299 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-21 16:54:24 +00:00
Sergey Biryukov 2d540d0280 In `WP::parse_request()` and `url_to_postid()`, don't skip objects that have a post status with `'exclude_from_search' => false`, e.g. `inherit`.
This fixes pretty permalinks for attachments, broken in [35195].

Fixes #21970.
Built from https://develop.svn.wordpress.org/trunk@35205


git-svn-id: http://core.svn.wordpress.org/trunk@35171 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-15 17:53:24 +00:00
Sergey Biryukov 8a6d07f596 In `WP::parse_request()` and `url_to_postid()`, if a post slug clashes with a trashed page, return the post instead of the page.
Props kovshenin, SergeyBiryukov, igmoweb.
Fixes #21970.
Built from https://develop.svn.wordpress.org/trunk@35195


git-svn-id: http://core.svn.wordpress.org/trunk@35161 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-15 06:49:25 +00:00
Gary Pendergast 83c3e3e00e Embeds: Add oEmbed provider support.
For the past 6 years, WordPress has operated as an oEmbed consumer, allowing users to easily embed content from other sites. By adding oEmbed provider support, this allows any oEmbed consumer to embed posts from WordPress sites.

In addition to creating an oEmbed provider, WordPress' oEmbed consumer code has been enhanced to work with any site that provides oEmbed data (as long as it matches some strict security rules), and provides a preview from within the post editor.

For security, embeds appear within a sandboxed iframe - the iframe content is a template that can be styled or replaced entirely by the theme on the provider site.

Props swissspidy, pento, melchoyce, netweb, pfefferle, johnbillion, extendwings, davidbinda, danielbachhuber, SergeyBiryukov, afercia

Fixes #32522.


Built from https://develop.svn.wordpress.org/trunk@34903


git-svn-id: http://core.svn.wordpress.org/trunk@34868 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-07 10:36:25 +00:00
Drew Jaynes 9c46736476 Docs: Fix some syntatical issues in the DocBlock for `WP::send_headers()` following [34632].
See #20226. See #32246.

Built from https://develop.svn.wordpress.org/trunk@34635


git-svn-id: http://core.svn.wordpress.org/trunk@34599 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-27 18:49:29 +00:00
Scott Taylor 8272a839cd Update the docs in `WP` to explain the need to do [34476].
Fixes #20226.

Built from https://develop.svn.wordpress.org/trunk@34632


git-svn-id: http://core.svn.wordpress.org/trunk@34596 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-27 18:28:24 +00:00
Scott Taylor b45178379b After [34492], no need to import the global instance when we are, in fact, currently, that instance.
See #11694.

Built from https://develop.svn.wordpress.org/trunk@34494


git-svn-id: http://core.svn.wordpress.org/trunk@34458 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-24 14:20:24 +00:00
Scott Taylor 175d476b0e Canonical/Rewrite: sanity check posts that are paged with `<!--nextpage-->`. Page numbers past the max number of pages are returning the last page of content and causing infinite duplicate content.
Awesome rewrite bug: the `page` query var was being set to `'/4'` in `$wp`. When cast to `int`, it returns `0` (Bless you, PHP). `WP_Query` calls `trim( $page, '/' )` when setting its own query var. The few places that were checking `page`	before posts were queried now have sanity checks, so that these changes work without flushing rewrites.	

Adds/updates unit tests.

Props wonderboymusic, dd32.
See #11694.

Built from https://develop.svn.wordpress.org/trunk@34492


git-svn-id: http://core.svn.wordpress.org/trunk@34456 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-24 14:04:24 +00:00
Scott Taylor 7a154ca666 WP: after [34443], calling `get_queried_object()` messes up unit tests. We can just clone the `$post` prop and call it a day.
Fixes #20226.

Built from https://develop.svn.wordpress.org/trunk@34476


git-svn-id: http://core.svn.wordpress.org/trunk@34440 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-24 03:54:24 +00:00
Scott Taylor 4cdd0b1688 PINGBACKS: After [34442], switch to `is_singular()` to check attachments and pages as well.
See #20226.

Built from https://develop.svn.wordpress.org/trunk@34443


git-svn-id: http://core.svn.wordpress.org/trunk@34407 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-22 19:10:29 +00:00
Scott Taylor 3bbd53c717 PINGBACKS: rather than sending the `X-Pingback` HTTP header on every single request for fun, perhaps only send it on single posts with pings open.
See #20226.

Built from https://develop.svn.wordpress.org/trunk@34442


git-svn-id: http://core.svn.wordpress.org/trunk@34406 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-22 18:47:25 +00:00
Boone Gorges 471fc6d9a5 Allow taxonomies to be non-public.
[13216] introduced the 'public' argument for `register_taxonomy()`. This param
was used to set defaults for 'show_ui' and a number of other params, but it
never did anything itself.

With this changeset, taxonomies registered with `public=false` will no longer
be queryable on the front end, ie via taxonomy archive queries.

Props wpsmith, ocean90, nacin, ericlewis, boonebgorges.
Fixes #21949.
Built from https://develop.svn.wordpress.org/trunk@34247


git-svn-id: http://core.svn.wordpress.org/trunk@34211 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-16 19:05:23 +00:00
Scott Taylor 8573a86def In `WP::parse_request()`, don't add query vars of non-viewable post types to `WP::public_query_vars`. In `register_post_type()`, don't add query vars of non-viewable post types to `WP::public_query_vars`.
In `_unregister_post_type()` (unit tests), don't add query vars of non-viewable post types to `WP::public_query_vars`.

Adds unit test.

Fixes #30018.

Built from https://develop.svn.wordpress.org/trunk@34215


git-svn-id: http://core.svn.wordpress.org/trunk@34179 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-15 18:54:30 +00:00
Scott Taylor ef87172270 `foreach` is a statement, not a function.
See #33491.

Built from https://develop.svn.wordpress.org/trunk@33734


git-svn-id: http://core.svn.wordpress.org/trunk@33702 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-08-25 20:28:22 +00:00
Scott Taylor 523b51a359 Query:
Add a query var, `title`, that allows you to query posts by `post_title`. To accomplish this now, you have to do something like:

{{{
$tacos = get_posts( [
  'post_type' => 'taco',
  's' => $name,
  'exact' => true,
  'sentence' => true,
  'post_status' => 'publish',
  'fields' => 'ids',
  'posts_per_page' => 1
] );
}}}

Adds unit tests.

Fixes #33074.

Built from https://develop.svn.wordpress.org/trunk@33706


git-svn-id: http://core.svn.wordpress.org/trunk@33673 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-08-22 16:59:26 +00:00
Scott Taylor 1fd0dcbc9e Ensure that feeds are served with the proper `Content-Type` HTTP header.
Props stevenkword.
Fixes #32024.

Built from https://develop.svn.wordpress.org/trunk@33658


git-svn-id: http://core.svn.wordpress.org/trunk@33625 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-08-20 06:10:24 +00:00
Dominik Schilling 0549150843 Parse request: Quote regular expression characters in home path.
Adds unit tests.

props akirk.
fixes #30438.
Built from https://develop.svn.wordpress.org/trunk@32708


git-svn-id: http://core.svn.wordpress.org/trunk@32678 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-06-08 13:29:26 +00:00
Boone Gorges ebac76facc When parsing what appears to be a date archive request, check for a post with a clashing permalink before resolving to the archive.
A URL like `example.com/2015/05/15/` generally resolves to the May 15, 2015 date
archive. But in certain cases, it could also be the permalink of a post with
the slug `'2015'`. When a conflict of this sort is detected, resolve to the post
instead of the archive.

URL conflicts of this sort should no longer occur for new posts; see [32647].

Props valendesigns, boonebgorges, Denis-de-Bernardy.
Fixes #5305.
Built from https://develop.svn.wordpress.org/trunk@32648


git-svn-id: http://core.svn.wordpress.org/trunk@32618 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-29 13:10:24 +00:00
Scott Taylor f217f8c5d2 Add missing doc blockss in `class-wp.php`.
See #32444.

Built from https://develop.svn.wordpress.org/trunk@32551


git-svn-id: http://core.svn.wordpress.org/trunk@32521 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-22 20:05:25 +00:00
Scott Taylor cde4c83091 [31210] broke Supportflow on dotorg, which declares these methods as `protected`. Switch to `protected` for the noop methods. The subclasses can make them more visible using `public`.
See #30799.

Built from https://develop.svn.wordpress.org/trunk@31211


git-svn-id: http://core.svn.wordpress.org/trunk@31192 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-16 18:37:24 +00:00
Scott Taylor eab3aa7802 In `WP_MatchesMapRegex`:
* Exactly one method was made private in [28516], and is only used internally.
* 2 properties were made private, but they just store variables passed to the constructor.
* Instances of this class are never created in core. `WP_MatchesMapRegex::apply()` is called statically in `WP->parse_request()` and `url_to_postid()`. 

The chances that: 
1) this class is used as an instance somewhere and 
2) the properties that have always been marked `@access private` and begin with `_` were used publicly

...is extremely low.

Remove the magic methods, I should not have added them.

While we're at it, use the PHP5-style `__construct()` instead of the class name.

See #30891.

Built from https://develop.svn.wordpress.org/trunk@31136


git-svn-id: http://core.svn.wordpress.org/trunk@31117 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-10 23:27:21 +00:00
Scott Taylor 60b0cd7943 The keyword `elseif` should be used instead of `else if` so that all control keywords look like single words.
This was a mess, is now standardized across the codebase, except for a few 3rd-party libs. 

See #30799.

Built from https://develop.svn.wordpress.org/trunk@31090


git-svn-id: http://core.svn.wordpress.org/trunk@31071 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-08 07:05:25 +00:00
Drew Jaynes c4b9da857a Using let's properly in inline comments lets us move on to more pressing matters of inline documentation.
Props trepmal.
Fixes #30570.

Built from https://develop.svn.wordpress.org/trunk@30703


git-svn-id: http://core.svn.wordpress.org/trunk@30693 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-12-02 04:43:22 +00:00
Drew Jaynes f8657d5890 Remove redundant and erroneous `@uses` tag from most core inline documentation.
Per our inline documentation standards, no further use of the `@uses` tag is recommended as used and used-by relationships can be derived through other means. This removes most uses of the tag in core documentation, with remaining tags to be converted to `@global` or `@see` as they apply.

Fixes #30191.

Built from https://develop.svn.wordpress.org/trunk@30105


git-svn-id: http://core.svn.wordpress.org/trunk@30105 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-10-30 01:05:24 +00:00
Drew Jaynes a8583d5f19 Fix some words that aren't words.
See #28885.

Built from https://develop.svn.wordpress.org/trunk@29454


git-svn-id: http://core.svn.wordpress.org/trunk@29232 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-08-09 19:30:17 +00:00
Sergey Biryukov 47119960de Don't 404 for empty feeds.
fixes #18505.
Built from https://develop.svn.wordpress.org/trunk@29216


git-svn-id: http://core.svn.wordpress.org/trunk@29000 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-07-17 22:22:15 +00:00
Drew Jaynes 71eb75a159 Fill out inline documentation for magic methods added to the `WP_MatchesMapRegex` class in [28516].
See #27881, #22234 and #28885.

Built from https://develop.svn.wordpress.org/trunk@29142


git-svn-id: http://core.svn.wordpress.org/trunk@28926 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-07-13 23:39:14 +00:00
Scott Taylor 85f73cf458 Classes that have `__set()` also need `__isset()` and `__unset()`.
See #27881, #22234.

Built from https://develop.svn.wordpress.org/trunk@28524


git-svn-id: http://core.svn.wordpress.org/trunk@28350 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-19 06:52:14 +00:00
Scott Taylor 821246b4ae Some classes with `__get()` method also need `__set()`.
See #27881, #22234.

Built from https://develop.svn.wordpress.org/trunk@28521


git-svn-id: http://core.svn.wordpress.org/trunk@28347 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-19 06:31:15 +00:00
Scott Taylor dc24cef605 Add missing access modifiers to methods in `WP` and `WP_MatchesMapRegex`. Add magic `__call()` and `__get()` methods to `WP_MatchesMapRegex` for BC.
See #27881, #22234.

Built from https://develop.svn.wordpress.org/trunk@28516


git-svn-id: http://core.svn.wordpress.org/trunk@28342 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-19 06:12:14 +00:00
Andrew Nacin 3eb91d047c Add post_parent to the private query vars list. Fixes detached media queries.
props SergeyBiryukov.
fixes #27532.

Built from https://develop.svn.wordpress.org/trunk@27782


git-svn-id: http://core.svn.wordpress.org/trunk@27618 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-03-27 16:37:16 +00:00
Andrew Nacin 86843194b8 Revert [27738] as the patient exhibited side effects. see #23862.
Built from https://develop.svn.wordpress.org/trunk@27768


git-svn-id: http://core.svn.wordpress.org/trunk@27605 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-03-27 01:31:15 +00:00
Andrew Nacin f5999e5d50 WP class: Remove duplication of the post_type query var, also specified as a public QV.
props prettyboymp.
fixes #23862.

Built from https://develop.svn.wordpress.org/trunk@27738


git-svn-id: http://core.svn.wordpress.org/trunk@27575 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-03-26 14:45:16 +00:00
Mark Jaquith d30ab62e44 Return 404 when querying author's posts who is not a member and has no posts on the site
fixes #20601. props yoavf, nacin, SergeyBiryukov, wonderboymusic, markjaquith.
Built from https://develop.svn.wordpress.org/trunk@27290


git-svn-id: http://core.svn.wordpress.org/trunk@27146 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-02-26 18:12:13 +00:00
Dion Hulse 7f1047ece1 Remove the experimental RSS.JS feed, and move it to a plugin for feature development. Unprops pento. See #25639
Built from https://develop.svn.wordpress.org/trunk@26644


git-svn-id: http://core.svn.wordpress.org/trunk@26534 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-12-04 22:24:10 +00:00
Andrew Nacin c8bbc31c39 Add an experimental rssjs feed based on the experimental rss.js spec.
This is simply a JSON representation of the RSS 2.0 feed, accessible at /feed/rssjs/ anywhere.

props pento.
see #25639.

Built from https://develop.svn.wordpress.org/trunk@26294


git-svn-id: http://core.svn.wordpress.org/trunk@26199 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-11-20 22:58:09 +00:00
Scott Taylor a5eb3208d7 `WP_UnitTestCase::go_to()` tried its best to clean up global space, but ultimately fell short. Because it was blowing away `WP` every time it was called, it was dropping all the query vars that were registered for custom taxonomies and custom post types (ouch).
Introduces `_cleanup_query_vars()`. This is a prerequisite for the unit tests on #20767. All unit tests pass with this change.

See #20767.
Fixes #25818.


Built from https://develop.svn.wordpress.org/trunk@26006


git-svn-id: http://core.svn.wordpress.org/trunk@25937 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-11-04 22:47:10 +00:00
Andrew Nacin d0cfa40983 Add jshintrc to qunit.
props jorbin.
see #25187.

Built from https://develop.svn.wordpress.org/trunk@25992


git-svn-id: http://core.svn.wordpress.org/trunk@25925 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-10-30 14:39:10 +00:00
Drew Jaynes 85ccb59294 Revert another instance where a `WP` property was assigned to a one-time variable for inline docs purposes.
Referencing a non-existent variable only in the docs here would have been the better choice.

See #25495.

Built from https://develop.svn.wordpress.org/trunk@25946


git-svn-id: http://core.svn.wordpress.org/trunk@25905 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-10-27 07:59:10 +00:00
Drew Jaynes c01501b516 Fix error introduced in [25940] where `$public_query_vars` should have only been used as a non-existent inline docs variable in the `query_vars` filter.
Restores `$this->public_query_vars` to the `query_vars` filter in wp-includes/class-wp.php.

Props mauryaratan.
Fixes #25495. See #25719.

Built from https://develop.svn.wordpress.org/trunk@25945


git-svn-id: http://core.svn.wordpress.org/trunk@25904 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-10-27 07:49:09 +00:00
Drew Jaynes 75e0cad6af Inline documentation for hooks in wp-includes/class-wp.php.
Props dougwollison.
Fixes #25495.

Built from https://develop.svn.wordpress.org/trunk@25940


git-svn-id: http://core.svn.wordpress.org/trunk@25899 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-10-26 21:03:09 +00:00
Andrew Nacin 9e15ed5b28 Ensure wp::send_headers() detects a comments feed when permalinks are disabled and thus the withcomments QV is omitted. This fixes Last-Modified.
props sweetie089.
fixes #24622.

Built from https://develop.svn.wordpress.org/trunk@25683


git-svn-id: http://core.svn.wordpress.org/trunk@25599 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-10-03 03:15:08 +00:00
Scott Taylor e3d58a5b23 Make `url_to_postid()` work for custom post type URLs. Use `get_post_types()` and `get_taxonomies()` instead of directly accessing globals. Adds unit test.
Props faishal, for the globals fix.
Fixes #19744.


Built from https://develop.svn.wordpress.org/trunk@25659


git-svn-id: http://core.svn.wordpress.org/trunk@25576 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-10-02 19:42:09 +00:00
Andrew Nacin c2aa33de6a Clean up the path calculations in wp::parse_request().
props evansolomon for initial cleanup.
fixes #22209.

Built from https://develop.svn.wordpress.org/trunk@25617


git-svn-id: http://core.svn.wordpress.org/trunk@25534 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-09-25 00:47:09 +00:00
Andrew Nacin cc19b4a397 Avoid a notice. see #14408, [25574].
Built from https://develop.svn.wordpress.org/trunk@25585


git-svn-id: http://core.svn.wordpress.org/trunk@25502 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-09-23 21:44:09 +00:00
Andrew Nacin 2fa2b14192 Set up author data for the author template immediately, rather than waiting for the first the_post() call.
This removes the need to call the_post() and rewind_posts() in an author template to print information about the author.

props obenland.
fixes #14408.

Built from https://develop.svn.wordpress.org/trunk@25574


git-svn-id: http://core.svn.wordpress.org/trunk@25491 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-09-23 17:22:09 +00:00
Andrew Nacin a8ac6346f8 Remove double-strip on HTTP_IF_NONE_MATCH, which was done years ago (in #2597). see #21767.
git-svn-id: http://core.svn.wordpress.org/trunk@23573 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-01 17:51:16 +00:00
Ryan Boren 43a7e695e9 Revert 23416, 23419, 23445 except for wp_reset_vars() changes. We are going a different direction with the slashing cleanup, so resetting to a clean slate. see #21767
git-svn-id: http://core.svn.wordpress.org/trunk@23554 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-01 16:28:40 +00:00
Andrew Nacin 34e93a1155 WP_Query: `post_parent__in` and `post_parent__not_in`. props wonderboymusic. fixes #11056.
git-svn-id: http://core.svn.wordpress.org/trunk@23436 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-02-16 02:08:46 +00:00
Ryan Boren cc5ed3a485 Change all core API to expect unslashed rather than slashed arguments.
The exceptions to this are update_post_meta() and add_post_meta() which are often used by plugins in POST handlers and will continue accepting slashed data for now.

Introduce wp_upate_post_meta() and wp_add_post_meta() as unslashed alternatives to update_post_meta() and add_post_meta(). These functions could become methods in WP_Post so don't use them too heavily yet.

Remove all escape() calls from wp_xmlrpc_server. Now that core expects unslashed data this is no longer needed.

Remove addslashes(), addslashes_gpc(), add_magic_quotes() calls on data being prepared for handoff to core functions that until now expected slashed data. Adding slashes in no longer necessary.

Introduce wp_unslash() and use to it remove slashes from GPCS data before using it in core API. Almost every instance of stripslashes() in core should now be wp_unslash(). In the future (a release or three) when GPCS is no longer slashed, wp_unslash() will stop stripping slashes and simply return what is passed. At this point wp_unslash() calls can be removed from core.

Introduce wp_slash() for slashing GPCS data. This will also turn into a noop once GPCS is no longer slashed. wp_slash() should almost never be used. It is mainly of use in unit tests.

Plugins should use wp_unslash() on data being passed to core API.

Plugins should no longer slash data being passed to core. So when you get_post() and then wp_insert_post() the post data from get_post() no longer needs addslashes(). Most plugins were not bothering with this. They will magically start doing the right thing. Unfortunately, those few souls who did it properly will now have to avoid calling addslashes() for 3.6 and newer.

Use wp_kses_post() and wp_kses_data(), which expect unslashed data, instead of wp_filter_post_kses() and wp_filter_kses(), which expect slashed data. Filters are no longer passed slashed data.

Remove many no longer necessary calls to $wpdb->escape() and esc_sql().

In wp_get_referer() and wp_get_original_referer(), return unslashed data.

Remove old stripslashes() calls from WP_Widget::update() handlers. These haven't been necessary since WP_Widget.

Switch several queries over to prepare().

Expect something to break.

Props alexkingorg
see #21767


git-svn-id: http://core.svn.wordpress.org/trunk@23416 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-02-14 22:51:06 +00:00