Commit Graph

132 Commits

Author SHA1 Message Date
Ryan Boren cc5ed3a485 Change all core API to expect unslashed rather than slashed arguments.
The exceptions to this are update_post_meta() and add_post_meta() which are often used by plugins in POST handlers and will continue accepting slashed data for now.

Introduce wp_upate_post_meta() and wp_add_post_meta() as unslashed alternatives to update_post_meta() and add_post_meta(). These functions could become methods in WP_Post so don't use them too heavily yet.

Remove all escape() calls from wp_xmlrpc_server. Now that core expects unslashed data this is no longer needed.

Remove addslashes(), addslashes_gpc(), add_magic_quotes() calls on data being prepared for handoff to core functions that until now expected slashed data. Adding slashes in no longer necessary.

Introduce wp_unslash() and use to it remove slashes from GPCS data before using it in core API. Almost every instance of stripslashes() in core should now be wp_unslash(). In the future (a release or three) when GPCS is no longer slashed, wp_unslash() will stop stripping slashes and simply return what is passed. At this point wp_unslash() calls can be removed from core.

Introduce wp_slash() for slashing GPCS data. This will also turn into a noop once GPCS is no longer slashed. wp_slash() should almost never be used. It is mainly of use in unit tests.

Plugins should use wp_unslash() on data being passed to core API.

Plugins should no longer slash data being passed to core. So when you get_post() and then wp_insert_post() the post data from get_post() no longer needs addslashes(). Most plugins were not bothering with this. They will magically start doing the right thing. Unfortunately, those few souls who did it properly will now have to avoid calling addslashes() for 3.6 and newer.

Use wp_kses_post() and wp_kses_data(), which expect unslashed data, instead of wp_filter_post_kses() and wp_filter_kses(), which expect slashed data. Filters are no longer passed slashed data.

Remove many no longer necessary calls to $wpdb->escape() and esc_sql().

In wp_get_referer() and wp_get_original_referer(), return unslashed data.

Remove old stripslashes() calls from WP_Widget::update() handlers. These haven't been necessary since WP_Widget.

Switch several queries over to prepare().

Expect something to break.

Props alexkingorg
see #21767


git-svn-id: http://core.svn.wordpress.org/trunk@23416 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-02-14 22:51:06 +00:00
Sergey Biryukov 7a77f47f55 Use correct escaping function. fixes #23334.
git-svn-id: http://core.svn.wordpress.org/trunk@23413 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-02-14 05:52:23 +00:00
Andrew Nacin f2f9551287 Add context to the 'Random' string. It is now used in two places: gallery order and the links widget. props pavelevap, fixes #22724.
git-svn-id: http://core.svn.wordpress.org/trunk@23021 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-12-04 14:49:44 +00:00
Andrew Nacin 56c1b7c7ff Final HiDPI tweaks. Don't use rss-2x.png on a front-end widget. Improve selectors for favicons in the toolbar to avoid breaking existing images. Remove unnecessary RTL styles. FIXES #21019.
git-svn-id: http://core.svn.wordpress.org/trunk@22481 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-11-09 02:06:59 +00:00
Andrew Ozz 1276bcefb5 More retina backgrounds and bits, props saracannon, empireoflight and lessbloat, see #21019
git-svn-id: http://core.svn.wordpress.org/trunk@22439 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-11-07 20:54:08 +00:00
Andrew Nacin dc40f18228 Merge some strings. props pavelevap. fixes #22306.
git-svn-id: http://core.svn.wordpress.org/trunk@22430 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-11-07 19:37:54 +00:00
Andrew Nacin fb2c9e7e4f Prime post caches for the Recent Comments widget. props mitchoyoshitaka. see #15400.
git-svn-id: http://core.svn.wordpress.org/trunk@22278 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-10-23 14:18:37 +00:00
Ryan Boren 77518e9c71 Objects no longer need to be explicitly passed by ref to call_user_func*() to be callable. Props wonderboymusic. fixes #21865
git-svn-id: http://core.svn.wordpress.org/trunk@22118 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-10-04 20:00:16 +00:00
Andrew Nacin 0ced797e20 Close label. props lancewillett, fixes #21064.
git-svn-id: http://core.svn.wordpress.org/trunk@21978 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-09-24 19:16:53 +00:00
Peter Westwood d8e08eb3c2 Widgets: Add support for display the post date in the Recent Posts widget. Fixes #21064 props lancewillett and SergeyBiryukov.
git-svn-id: http://core.svn.wordpress.org/trunk@21935 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-09-21 10:05:54 +00:00
Andrew Nacin a2b71e7fae Use selected() in default widgets. props SergeyBiryukov, iamfriendly. fixes #21451.
git-svn-id: http://core.svn.wordpress.org/trunk@21867 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-09-16 16:51:12 +00:00
Andrew Nacin aa2fdd48ae Calendar widget: Don't print widget title markup when the title is empty. props jakub.tyrcha. fixes #17837.
git-svn-id: http://core.svn.wordpress.org/trunk@21841 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-09-13 19:46:24 +00:00
Andrew Nacin 84c3a86036 Hide the link manager from the UI on upgrade, if the site has no links. New DB option, link_manager_enabled.
Enforce this by denying the 'manage_links' capability, which hides the All Links, Add New Link, and Link Categories screens. Hide WP_Widget_Links and the UI for the default_link_category as well.

Convert all references to 'posts and links' when handling reassignment on user deletion to just 'posts'.

see #21307.



git-svn-id: http://core.svn.wordpress.org/trunk@21501 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-08-13 16:18:42 +00:00
nacin 64f77982ab Use get_taxonomies() instead of get_object_taxonomies() in the tag cloud widget. props GautamGupta, scribu. see #20238, see #16125.
git-svn-id: http://svn.automattic.com/wordpress/trunk@20285 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-03-24 14:00:52 +00:00
duck_ 8750c95b4a Remove dead code from the Links widget. Props pavelevap, SergeyBiryukov. Fixes #19179.
The widget() method isn't called on the admin screen.


git-svn-id: http://svn.automattic.com/wordpress/trunk@20245 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-03-21 21:01:05 +00:00
duck_ e8fb683689 Add a trailing colon for consistency with other widget labels. See #20158.
git-svn-id: http://svn.automattic.com/wordpress/trunk@20083 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-03-02 20:25:12 +00:00
duck_ 44202223d8 Unhide the Select Link Category label. Fixes #20158.
git-svn-id: http://svn.automattic.com/wordpress/trunk@20081 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-03-02 20:21:43 +00:00
duck_ aea371da0d Add sorting and limiting to the links widget. Props yoavf. Fixes #12785.
git-svn-id: http://svn.automattic.com/wordpress/trunk@20071 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-03-02 13:58:58 +00:00
nacin 814d899e88 Add widget_comments_args and widget_post_args filters. props ramiy, fixes #16159.
git-svn-id: http://svn.automattic.com/wordpress/trunk@20047 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-02-29 21:56:24 +00:00
duck_ 6b5a66022c Echo "WordPress.org" as well as translating it in the Meta widget. See #19603.
git-svn-id: http://svn.automattic.com/wordpress/trunk@19838 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-02-06 19:52:42 +00:00
nacin 56633093fd Use translate, not translate with context. props azaozz. see #19603.
git-svn-id: http://svn.automattic.com/wordpress/trunk@19829 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-02-04 18:37:53 +00:00
nacin 068819c1d5 Translate another http://wordpress.org/ link. see #19603.
git-svn-id: http://svn.automattic.com/wordpress/trunk@19823 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-02-03 20:16:58 +00:00
ryan c924060858 Remove extraneuos newlines
git-svn-id: http://svn.automattic.com/wordpress/trunk@19623 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-12-21 18:42:11 +00:00
nacin 3526f8a7da Context for 'All Links'. props SergeyBiryukov, pavelevap. fixes #18096.
git-svn-id: http://svn.automattic.com/wordpress/trunk@19202 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-11-07 17:28:20 +00:00
nacin ea5730329d Pass instance and id_base to widget_tirle filter in WP_Widget_Recent_Comments. props scribu, fixes #18393.
git-svn-id: http://svn.automattic.com/wordpress/trunk@18785 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-09-27 02:38:31 +00:00
westi 05ea44afea Remove the accidental commit of the cache avoiding test code in [18677] props vnsavage
git-svn-id: http://svn.automattic.com/wordpress/trunk@18679 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-09-15 10:43:22 +00:00
westi 5405bd3838 Set a consistent cache key when using the_widget to display the Recent Posts and Recent Comments widgets so that they get cached. See #16761.
git-svn-id: http://svn.automattic.com/wordpress/trunk@18677 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-09-15 10:08:43 +00:00
westi 7fd6ab93c3 Fix Notices in default Widgets when called using the_widget(). Fixes #16761 props mfields and SergeyBiryukov
git-svn-id: http://svn.automattic.com/wordpress/trunk@18676 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-09-15 09:41:17 +00:00
ryan 5e8db32ede Pass no_found_rows to query in recent posts widget. Props scribu. fixes #17203
git-svn-id: http://svn.automattic.com/wordpress/trunk@17825 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-05-06 20:54:43 +00:00
nacin 52e6f54063 Update the self-referential destruction sequence in WP_Widget_RSS to account for trailing slashes. TODO: Strengthen our validation here.
git-svn-id: http://svn.automattic.com/wordpress/trunk@17765 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-04-29 14:44:43 +00:00
ryan 430bb76d4b Allow retrieving comments by post type, status, author, author, name, or parent. Fetch only published posts for recent comments widget. Props filosofo. fixes #16506 #12904
git-svn-id: http://svn.automattic.com/wordpress/trunk@17667 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-04-20 18:02:41 +00:00
ryan 6827de6cd9 Remove PHP4 constructors. Props scribu. fixes #16768
git-svn-id: http://svn.automattic.com/wordpress/trunk@17655 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-04-18 21:46:57 +00:00
nacin 3e45fdb260 Disallow a self-reference on RSS widget save, which would DoS a site. Checking home/siteurl should cover the vast majority of cases. see #8910.
git-svn-id: http://svn.automattic.com/wordpress/trunk@17260 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-01-11 21:37:12 +00:00
nacin f4c1734b60 Remove ceilings on recent comments and posts widgets and dashboard widgets. fixes #14543.
git-svn-id: http://svn.automattic.com/wordpress/trunk@16922 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-12-14 17:58:47 +00:00
markjaquith f2d1e78ec6 Add class to Tag Cloud widget div. props djzone. fixes #12602
git-svn-id: http://svn.automattic.com/wordpress/trunk@16694 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-12-02 21:28:17 +00:00
westi 59c95ba48e Let SimplePie do more of the date handling for us. Props rmccue.
git-svn-id: http://svn.automattic.com/wordpress/trunk@16566 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-24 11:53:12 +00:00
nacin 72a354331b Add a simple filter to allow removing the recent comments default widget styles. fixes #15493, see #14876.
git-svn-id: http://svn.automattic.com/wordpress/trunk@16522 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-21 13:55:11 +00:00
markjaquith 6482610f9a esc_textarea() and application for obvious textarea escaping. props alexkingorg. fixes #15454
git-svn-id: http://svn.automattic.com/wordpress/trunk@16431 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-17 17:12:01 +00:00
westi 2f7035c68d Restore the (at most 15) on the Recent Posts Widgets UI - Accidentally removed as part of [14483].
git-svn-id: http://svn.automattic.com/wordpress/trunk@16013 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-10-27 14:10:47 +00:00
nacin c10da6c1ec Standardize on 'Display as dropdown' and list those before post counts in default widgets. fixes #15096.
git-svn-id: http://svn.automattic.com/wordpress/trunk@15993 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-10-27 01:52:59 +00:00
nacin 148dac95df s/showposts/posts_per_page/
git-svn-id: http://svn.automattic.com/wordpress/trunk@15788 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-10-13 05:25:00 +00:00
markjaquith 4d44c562e4 Rename caller_get_posts WP_Query flag to ignore_sticky_posts, because that is the only thing it does. fixes #14624. props scribu
git-svn-id: http://svn.automattic.com/wordpress/trunk@15589 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-09-07 04:46:08 +00:00
ryan cf17e68308 Filter title for Custom Menu widget. Props jorbin. fixes #14009 for 3.1
git-svn-id: http://svn.automattic.com/wordpress/trunk@15316 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-06-24 15:07:11 +00:00
ryan c614b6d0a2 Deprecate is_term, is_taxonomy, is_post_type for *_exists(). Props nacin. fixes #13747
git-svn-id: http://svn.automattic.com/wordpress/trunk@15220 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-06-11 15:53:41 +00:00
nacin 1e732357a2 Don't specify a background for the default RSS widget's icon. props lancewillet, fixes #13719.
git-svn-id: http://svn.automattic.com/wordpress/trunk@15192 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-06-10 17:49:55 +00:00
ryan a2b95178e4 Whitespace cleanup. Props zeo. fixes #13678
git-svn-id: http://svn.automattic.com/wordpress/trunk@15115 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-06-02 19:56:19 +00:00
nacin 982f8a95f1 Don't fall back to pages list in the menus widget. props filosofo, fixes #13634.
git-svn-id: http://svn.automattic.com/wordpress/trunk@15074 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-05-31 14:15:28 +00:00
ryan 1a552dd029 Strip trailing whitespace
git-svn-id: http://svn.automattic.com/wordpress/trunk@14924 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-05-26 02:42:15 +00:00
nacin 9d1d7a20ad s/navigation menu/custom menu/. props jane, duck_. fixes #13519.
git-svn-id: http://svn.automattic.com/wordpress/trunk@14849 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-05-24 19:31:31 +00:00
nacin 7202c8c0b0 Don't show unapproved comments in comments widget. props jshreve, fixes #10615.
git-svn-id: http://svn.automattic.com/wordpress/trunk@14679 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-05-15 21:44:12 +00:00