Commit Graph

110 Commits

Author SHA1 Message Date
Sergey Biryukov 0008d8df06 Coding Standards: Replace `include_once` with `require_once` for required files.
Per [https://developer.wordpress.org/coding-standards/wordpress-coding-standards/php/#writing-include-require-statements WordPress PHP coding standards], it is ''strongly recommended'' to use `require[_once]` for unconditional includes. When using `include[_once]`, PHP will throw a warning when the file is not found but will continue execution, which will almost certainly lead to other errors/warnings/notices being thrown if your application depends on the file loaded, potentially leading to security leaks. For that reason, `require[_once]` is generally the better choice as it will throw a `Fatal Error` if the file cannot be found.

Follow-up to [1674], [1812], [1964], [6779], [8540], [10521], [11005], [11911], [16065], [16149], [25421], [25466], [25823], [37714], [42981], [45448], [47198], [54276], [55633].

Props kausaralm, SergeyBiryukov.
See #57839.
Built from https://develop.svn.wordpress.org/trunk@55641


git-svn-id: http://core.svn.wordpress.org/trunk@55153 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-04-09 11:57:22 +00:00
Sergey Biryukov 8a90b8691f Docs: Add a comment about the `$title` global usage in various admin files.
This should make it clear that the variable is used as part of the HTML `<title>` tag on admin screens.

Props ravipatel, hellofromTonya, sabernhardt, audrasjb, SergeyBiryukov.
Fixes #53729.
Built from https://develop.svn.wordpress.org/trunk@51475


git-svn-id: http://core.svn.wordpress.org/trunk@51086 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2021-07-22 13:53:00 +00:00
whyisjake 836ad98276 Upgrade/Install: Ensure cleanup after canceled update.
Ensure that the uploaded zip is hidden from the media library, where a task will remove failed installs after two hours.

Fixes #50612.

Props psykro, desrosj, joyously, azaozz, noisysocks, whyisjake. 

Built from https://develop.svn.wordpress.org/trunk@48417


git-svn-id: http://core.svn.wordpress.org/trunk@48186 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-07-10 06:08:06 +00:00
Andrew Ozz 49bbff551b Upgrade/install: Allow plugin and theme updates from a uploaded .zip file.
Props mariovalney, cyberhobo, imath, shaunandrews, mariovalney, earnjam, desrosj, dd32, folletto, swissspidy, melchoyce, pento, joshuawold, psykro, clorith, ahortin, galbaras, pingram3541, joyously, doobeedoo, karmatosed, poena, whyisjake, earnjam, sergeybiryukov, audrasjb, azaozz.

Fixes #9757.
Built from https://develop.svn.wordpress.org/trunk@48390


git-svn-id: http://core.svn.wordpress.org/trunk@48159 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-07-07 17:49:05 +00:00
Sergey Biryukov 7932193708 Coding Standards: Use strict comparison where static strings are involved.
This reduces the number of `WordPress.PHP.StrictComparisons.LooseComparison` issues in half, from 1897 to 890.

Includes minor code layout fixes for better readability.

See #49542.
Built from https://develop.svn.wordpress.org/trunk@47808


git-svn-id: http://core.svn.wordpress.org/trunk@47584 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-05-16 18:42:12 +00:00
Sergey Biryukov 38676936ba Coding Standards: Use strict type check for `in_array()` and `array_search()` where strings are involved.
This reduces the number of `WordPress.PHP.StrictInArray.MissingTrueStrict` issues from 486 to 50.

Includes minor code layout fixes for better readability.

See #49542.
Built from https://develop.svn.wordpress.org/trunk@47550


git-svn-id: http://core.svn.wordpress.org/trunk@47325 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-04-05 03:02:11 +00:00
Sergey Biryukov 47ed56f38f Code Modernization: Replace `dirname( __FILE__ )` calls with `__DIR__` magic constant.
This avoids the performance overhead of the function call every time `dirname( __FILE__ )` was used instead of `__DIR__`.

This commit also includes:

* Removing unnecessary parentheses from `include`/`require` statements. These are language constructs, not function calls.
* Replacing `include` statements for several files with `require_once`, for consistency:
 * `wp-admin/admin-header.php`
 * `wp-admin/admin-footer.php`
 * `wp-includes/version.php`

Props ayeshrajans, desrosj, valentinbora, jrf, joostdevalk, netweb.
Fixes #48082.
Built from https://develop.svn.wordpress.org/trunk@47198


git-svn-id: http://core.svn.wordpress.org/trunk@46998 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-02-06 06:33:11 +00:00
Sergey Biryukov 001ffe81fb Docs: Improve inline comments per the documentation standards.
Includes minor code layout fixes for better readability.

See #48303.
Built from https://develop.svn.wordpress.org/trunk@47122


git-svn-id: http://core.svn.wordpress.org/trunk@46922 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-01-29 00:45:18 +00:00
Sergey Biryukov e199663322 I18N: Capitalize translator comments consistently, add trailing punctuation.
Includes minor code layout fixes.

See #44360.
Built from https://develop.svn.wordpress.org/trunk@45932


git-svn-id: http://core.svn.wordpress.org/trunk@45743 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-09-03 00:41:05 +00:00
Sergey Biryukov 16b8d91baa I18N: Improve translator comments.
* Add missing translator comments.
* Fix placement of some translator comments. Translator comments should be on the line directly above the line containing the translation function call for optimal compatibility with various `.pot` file generation tools. The CS auto-fixing, which changed some inconsistent function calls to multi-line function calls, is part of the reason why this was no longer the case for a select group of translator comments.

Includes minor code layout fixes.

Polyglots, rejoice! All WordPress core files now have translator comments for all strings with placeholders!

Props jrf, subrataemfluence, GaryJ, webdados, Dency, swissspidy, alvarogois, marcomartins, mihaiiceyro, vladwtz, niq1982, flipkeijzer, michielatyoast, chandrapatel, thrijith, joshuanoyce, FesoVik, tessak22, bhaktirajdev, cleancoded, dhavalkasvala, garrett-eclipse, bibliofille, socalchristina, priyankkpatel, 5hel2l2y, adamsilverstein, JeffPaul, pierlo, SergeyBiryukov.
Fixes #44360.
Built from https://develop.svn.wordpress.org/trunk@45926


git-svn-id: http://core.svn.wordpress.org/trunk@45737 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-09-01 17:13:59 +00:00
Gary Pendergast abcbee954f Coding Standards: Fix instances of `WordPress.PHP.NoSilencedErrors.Discouraged`.
Noteable changes:
- The `magic_quotes_runtime` and `magic_quotes_sybase` settings were removed in PHP 5.4, so no longer need to be set.
- Some functions that use external libraries can generate errors that can't be tested for, so are globally allowed to silence errors.
- Quite a few functions would cause errors if `safe_mode` was set. This setting was removed in PHP 5.4.
- Only a handful of `header()` calls needed corresponding `headers_sent()` checks for unit tests to pass, but more may need to be added as the nightlies builds are tested.

See #46732.

Built from https://develop.svn.wordpress.org/trunk@45611


git-svn-id: http://core.svn.wordpress.org/trunk@45422 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-07-09 05:45:58 +00:00
Gary Pendergast a02b5cc2a8 Coding Standards: Mark the handful of hook names with uppercase characters or hyphens as ignored.
See #47632.


Built from https://develop.svn.wordpress.org/trunk@45599


git-svn-id: http://core.svn.wordpress.org/trunk@45410 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-07-05 01:45:56 +00:00
Gary Pendergast 56c162fbc9 Coding Standards: Upgrade WPCS to 1.0.0
WPCS 1.0.0 includes a bunch of new auto-fixers, which drops the number of coding standards issues across WordPress significantly. Prior to running the auto-fixers, there were 15,312 issues detected. With this commit, we now drop to 4,769 issues.

This change includes three notable additions:
- Multiline function calls must now put each parameter on a new line.
- Auto-formatting files is now part of the `grunt precommit` script. 
- Auto-fixable coding standards issues will now cause Travis failures.

Fixes #44600.


Built from https://develop.svn.wordpress.org/trunk@43571


git-svn-id: http://core.svn.wordpress.org/trunk@43400 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-08-17 01:51:36 +00:00
Dion Hulse 7abfd84c75 Plugins: Use `api.wordpress.org/plugins/info/1.2/` for querying plugins & plugin information.
See #43192.
Fixes #29274.

Built from https://develop.svn.wordpress.org/trunk@42631


git-svn-id: http://core.svn.wordpress.org/trunk@42460 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-02-01 05:17:33 +00:00
Gary Pendergast aaf99e6913 Code is Poetry.
WordPress' code just... wasn't.
This is now dealt with.

Props jrf, pento, netweb, GaryJ, jdgrimes, westonruter, Greg Sherwood from PHPCS, and everyone who's ever contributed to WPCS and PHPCS.
Fixes #41057.


Built from https://develop.svn.wordpress.org/trunk@42343


git-svn-id: http://core.svn.wordpress.org/trunk@42172 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-30 23:11:00 +00:00
Weston Ruter 35b5c9e762 Customize: Eliminate use of customize-loader in core so Customizer is opened consistently in `top` window.
* Open the door for future browser history feature in #28536, which is currently not feasible when customize-loader is used.
* Remove customizer-loader from being used on admin screens for Dashboard, Themes, non-shiny theme install/update.
* Keep the customize-loader functionality available for plugins, for the time being. It may become deprecated.
* Ensure `return` param in customizer links in Themes screen update to reflect `search` updated by `pushState`.
* Persist `return` when reloading Customizer due to theme switch, autosave restoration, or changeset trashing.
* Use `location.replace()` instead of changing `location.href` when trashing.
* Hide theme browser while Themes screen is loading when there is a `search` to prevent flash of unfiltered themes.
* Use throttling instead of debouncing when searching themes to ensure that screen is updated immediately on page load.
* Fix encoding and decoding of `search` param between URL and search field.
* Add support for dismissing autosaves when closing customize-loader, when it is used by plugins.
* Skip sending changeset UUID to customize-loader for population in browser location if changeset branching is not enabled.

See #28536.
Fixes #40254.

Built from https://develop.svn.wordpress.org/trunk@41797


git-svn-id: http://core.svn.wordpress.org/trunk@41631 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-09 16:04:48 +00:00
John Blackbourn 28eda6f4bc General: Improve terminology used when referring to installations of WordPress and its extensions.
"Install" is not a noun, and while it might be acceptable to use the verb as a noun, it is not correct. Using the correct
noun, "installation", increases clarity, especially for non-native English speakers.

This change fixes the usage in user-facing text and in developer documentation.

Fixes #41620

Built from https://develop.svn.wordpress.org/trunk@41289


git-svn-id: http://core.svn.wordpress.org/trunk@41129 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-08-22 11:52:48 +00:00
Scott Taylor a3ffebce30 Bootstrap: do not go gentle into that good night r38411, r38412, and parts of r38389.
See #36335.

Built from https://develop.svn.wordpress.org/trunk@38470


git-svn-id: http://core.svn.wordpress.org/trunk@38411 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-08-31 16:31:29 +00:00
Scott Taylor 390ceba6c7 Bootstrap: after r38409 and r38410, revert r38402 which reverted r38399.
This fixes the paths in `wp-vendor/` that were including `src`. I want to drop this in so we can find out what else will break.

See #36335.

Built from https://develop.svn.wordpress.org/trunk@38411


git-svn-id: http://core.svn.wordpress.org/trunk@38352 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-08-27 22:32:37 +00:00
Dion Hulse 0e31a46161 Bootstrap: Revert [38399] as it's broken `/build/` and subsequently core.svn.wordpress.org.
The generated classmaps reference `/src/` files and operates in the assumption that the base directory is one level above `wp-settings.php`, which it isn't after our build processes are run.

See #36335

Built from https://develop.svn.wordpress.org/trunk@38402


git-svn-id: http://core.svn.wordpress.org/trunk@38343 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-08-27 14:37:32 +00:00
Scott Taylor 6a529648cf Bootstrap: Autoload classes using a Composer-generated PHP 5.2-compatible Autoloader.
* `wp-admin` and `wp-includes` are scanned for classes to autoload
* Several 3rd-party and Ryan McCue-shaped libraries are excluded when the classmap is generated, see `composer.json`: `autoload.exclude-from-classmap`
* `wp-vendor/autoload_52.php` is included at the top of `wp-settings.php` - no changes need to be made to unit tests to include the autoloader
* An avalanche of `require()` and `require_once()` calls that loaded class files have been removed from the codebase.

The following files have been added to `svn:ignore` - they are not 5.2-compatible and fail during pre-commit:
* src/wp-vendor/autoload.php
* src/wp-vendor/composer/autoload_real.php
* src/wp-vendor/composer/autoload_static.php
* src/wp-vendor/composer/ClassLoader.php

We favor these files instead:
* src/wp-vendor/autoload_52.php
* src/wp-vendor/composer/autoload_real_52.php
* src/wp-vendor/composer/ClassLoader52.php

When new PHP classes are added to the codebase, simply run `composer install` or `composer update` from the project root to update the autoloader.

The future is now.

See #36335.

Built from https://develop.svn.wordpress.org/trunk@38399


git-svn-id: http://core.svn.wordpress.org/trunk@38340 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-08-27 09:15:29 +00:00
Dominik Schilling 25e66e4f1e Text Changes: Unify permission error messages.
The new format looks like "Sorry, you are not allowed to <action>.". This provides a consistent experience for all error messages related to missing permissions. It also reduces the number of similar strings and allows translators to provide a consistent style in their language.

Props ramiy, Presskopp.
Fixes #34521.
Built from https://develop.svn.wordpress.org/trunk@37914


git-svn-id: http://core.svn.wordpress.org/trunk@37855 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-29 15:16:29 +00:00
Dominik Schilling 7b33ad2a99 Plugins: Don't request all fields via `plugins_api( 'plugin_information' )` for plugin installs and update checks.
The Plugins API returns a lot of data by default (see [34596]) but when installing or checking for updates we don't need all of it. To save bandwidth, memory and time request only required fields.

Fixes #34030.
Built from https://develop.svn.wordpress.org/trunk@34598


git-svn-id: http://core.svn.wordpress.org/trunk@34562 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-26 15:50:25 +00:00
Helen Hou-Sandí 48befcf361 Superglobals: Revert [34059] until further notice.
see #33837.

Built from https://develop.svn.wordpress.org/trunk@34265


git-svn-id: http://core.svn.wordpress.org/trunk@34229 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-17 12:33:26 +00:00
Scott Taylor cd7c0f0b0d Introduce `wp_validate_action( $action = '' )`, a helper function that checks `$_REQUEST` for `action` and returns it, or empty string if not present. If `$action` is passed, it checks to make sure they match before returning it, or an empty string. Strings are always returned to avoid returning multiple types.
Implementing this removes 27 uses of direct superglobal access in the admin.

For more reading:
https://codeclimate.com/github/WordPress/WordPress/wp-admin/edit-comments.php

See #33837.

Built from https://develop.svn.wordpress.org/trunk@34059


git-svn-id: http://core.svn.wordpress.org/trunk@34027 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-11 21:08:26 +00:00
Andrew Ozz 2d36b8ff4a Accessibility improvements for Themes screen: fix keyboard events and callbacks for the Search field, increase trigger timeout a bit, improve Esc. key handling.
Props joedolson, adamsilverstein, afercia, DrewAPicture. Fixes #26600.
Built from https://develop.svn.wordpress.org/trunk@31994


git-svn-id: http://core.svn.wordpress.org/trunk@31973 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-03 02:32:28 +00:00
Drew Jaynes 2faf449f51 Docs Formatting: Backtick-escape inline code for all dynamic hook docs in wp-admin/*.
Also includes some changes to move hook docs to directly precede hook lines. This is necessary to prevent DocBlock-matching confusion when core is parsed.

Affects DocBlocks for the following hooks:
* `wp_ajax_ . $_REQUEST['action']`
* `wp_ajax_nopriv_ . $_REQUEST['action']`
* `admin_footer- . $GLOBALS['hook_suffix']`
* `admin_head-$hook_suffix`
* `admin_post_nopriv_{$action}`
* `admin_post_{$action}`
* `load-  . $page_hook`
* `load- . $plugin_page`
* `load-importer- . $importer`
* `load- . $pagenow`
* `admin_action_ . $_REQUEST['action']`
* `async_upload_{$type}`
* `add_meta_boxes_ . $post_type`
* `{$taxonomy}_pre_edit_form`
* `{$taxonomy}_term_edit_form_tag`
* `{$taxonomy}_edit_form_fields`
* `{$taxonomy}_edit_form`
* `after-{$taxonomy}-table`
* `{$taxonomy}_pre_add_form`
* `{$taxonomy}_term_new_form_tag`
* `{$taxonomy}_add_form_fields`
* `{$taxonomy}_add_form`
* `media_upload_$type`
* `media_upload_$tab`
* `install_plugins_pre_$tab`
* `install_plugins_$tab`
* `install_themes_pre_{$tab}`
* `install_themes_{$tab}`
* `update-core-custom_{$action}`
* `update-custom_{$action}`
* `user_{$name}_label`

See #30552.

Built from https://develop.svn.wordpress.org/trunk@30649


git-svn-id: http://core.svn.wordpress.org/trunk@30639 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-30 11:42:24 +00:00
Andrew Nacin ac3dd27737 Plugin/Theme Uploads: New capabilities; unify UIs; ensure compatibility with old filters.
Introduce upload_plugins and upload_themes capabilities to allow blocking of plugin and theme uploads, versus the old hacky (and not secure) ways of just hiding UI tabs. These are simply meta capabilities that map to install_plugins and install_themes.
 
Also:
 * Use the same nice design for the plugin upload screen as the theme upload screen.
 * Better compatibility for the old install_themes_tabs filter added in [29002]. see #28578.
 * Ensure using the install_plugins_tabs filter to remove the upload tab removes the new button.
 * Use 'Add Plugins' instead of 'Install Plugins' to match 'Add Themes'.

fixes #29236.

Built from https://develop.svn.wordpress.org/trunk@29634


git-svn-id: http://core.svn.wordpress.org/trunk@29408 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-08-27 01:32:18 +00:00
Scott Taylor 2f513d3320 Fix some `hackificator` odds and ends in `wp-admin`:
* `wp-activate.php` and `wp-admin/themes.php` don't need the closing PHP tag
* Switch single quotes for HTML attribute values to double in a few places
* Convert `include_once file.php` syntax to `include_once( 'file.php' )`
* Add access modifiers to methods/members in: `_WP_List_Table_Compat`, `Walker_Nav_Menu_Edit`, `Walker_Nav_Menu_Checklist`, `WP_Screen`, `Walker_Category_Checklist`
* `edit_user()` doesn't need to import the `$wpdb` global
* `wp_list_widgets()` doesn't need to import the `$sidebars_widgets` global
* switch/endswitch syntax is not supported in Hack
* A `<ul>` in `wp-admin/users.php` is unclosed

See #27881.

Built from https://develop.svn.wordpress.org/trunk@28500


git-svn-id: http://core.svn.wordpress.org/trunk@28326 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-19 05:04:16 +00:00
Andrew Nacin 9f81d0526e Theme Installer: Revert to proxying through PHP for WordPress.org API requests.
This is to ensure we have valid installation nonces, though we've run into this as a problem previously (see #27639, #27581, #27055).

A tad slower, but we gained speed in 3.9 by simplifying the request made to the API.

props ocean90.
fixes #27798.

Built from https://develop.svn.wordpress.org/trunk@28126


git-svn-id: http://core.svn.wordpress.org/trunk@27957 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-04-15 01:16:14 +00:00
Andrew Nacin 9aca2a65f8 Bring the theme browsing experience from 3.8 to the theme installer. First pass.
props matveb with assists from me and gcorne.
see #27055.

Built from https://develop.svn.wordpress.org/trunk@27499


git-svn-id: http://core.svn.wordpress.org/trunk@27341 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-03-11 07:47:15 +00:00
Andrew Nacin 13e868ac55 Decrement update count bubbles as plugins/themes are updated, live.
props gcorne, mitchoyoshitaka.
fixes #17703.

Built from https://develop.svn.wordpress.org/trunk@27280


git-svn-id: http://core.svn.wordpress.org/trunk@27136 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-02-26 06:55:14 +00:00
Andrew Nacin 5f0981788d Detect and handle symlinking of plugins in plugin_basename().
props rmccue, MikeSchinkel, jdgrimes.
see #16953.

Built from https://develop.svn.wordpress.org/trunk@27158


git-svn-id: http://core.svn.wordpress.org/trunk@27024 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-02-10 23:00:15 +00:00
Drew Jaynes 0753c12b85 Inline documentation for hooks in wp-admin/update.php.
Props ninio, kpdesign.
Fixes #25723.

Built from https://develop.svn.wordpress.org/trunk@25951


git-svn-id: http://core.svn.wordpress.org/trunk@25910 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-10-27 18:37:09 +00:00
Andrew Nacin fd57b239d2 Don't rely on include_path to include files.
Always use dirname() or, once available, ABSPATH.

props ketwaroo, hakre.
fixes #17092.

Built from https://develop.svn.wordpress.org/trunk@25616


git-svn-id: http://core.svn.wordpress.org/trunk@25533 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-09-25 00:18:11 +00:00
Andrew Nacin 3bfb59b39d More robust escaping in the plugin/theme upgrader.
git-svn-id: http://core.svn.wordpress.org/trunk@24474 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-06-21 05:54:40 +00:00
Ryan Boren 43a7e695e9 Revert 23416, 23419, 23445 except for wp_reset_vars() changes. We are going a different direction with the slashing cleanup, so resetting to a clean slate. see #21767
git-svn-id: http://core.svn.wordpress.org/trunk@23554 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-01 16:28:40 +00:00
Ryan Boren cc5ed3a485 Change all core API to expect unslashed rather than slashed arguments.
The exceptions to this are update_post_meta() and add_post_meta() which are often used by plugins in POST handlers and will continue accepting slashed data for now.

Introduce wp_upate_post_meta() and wp_add_post_meta() as unslashed alternatives to update_post_meta() and add_post_meta(). These functions could become methods in WP_Post so don't use them too heavily yet.

Remove all escape() calls from wp_xmlrpc_server. Now that core expects unslashed data this is no longer needed.

Remove addslashes(), addslashes_gpc(), add_magic_quotes() calls on data being prepared for handoff to core functions that until now expected slashed data. Adding slashes in no longer necessary.

Introduce wp_unslash() and use to it remove slashes from GPCS data before using it in core API. Almost every instance of stripslashes() in core should now be wp_unslash(). In the future (a release or three) when GPCS is no longer slashed, wp_unslash() will stop stripping slashes and simply return what is passed. At this point wp_unslash() calls can be removed from core.

Introduce wp_slash() for slashing GPCS data. This will also turn into a noop once GPCS is no longer slashed. wp_slash() should almost never be used. It is mainly of use in unit tests.

Plugins should use wp_unslash() on data being passed to core API.

Plugins should no longer slash data being passed to core. So when you get_post() and then wp_insert_post() the post data from get_post() no longer needs addslashes(). Most plugins were not bothering with this. They will magically start doing the right thing. Unfortunately, those few souls who did it properly will now have to avoid calling addslashes() for 3.6 and newer.

Use wp_kses_post() and wp_kses_data(), which expect unslashed data, instead of wp_filter_post_kses() and wp_filter_kses(), which expect slashed data. Filters are no longer passed slashed data.

Remove many no longer necessary calls to $wpdb->escape() and esc_sql().

In wp_get_referer() and wp_get_original_referer(), return unslashed data.

Remove old stripslashes() calls from WP_Widget::update() handlers. These haven't been necessary since WP_Widget.

Switch several queries over to prepare().

Expect something to break.

Props alexkingorg
see #21767


git-svn-id: http://core.svn.wordpress.org/trunk@23416 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-02-14 22:51:06 +00:00
Andrew Nacin dc40f18228 Merge some strings. props pavelevap. fixes #22306.
git-svn-id: http://core.svn.wordpress.org/trunk@22430 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-11-07 19:37:54 +00:00
koopersmith a5dacf7da5 Theme Customizer: Allow the customize iframe to be accessed directly (with full feature support). see #19910.
* Move the 'Return to Manage Themes' and 'Collapse Sidebar' actions from themes.php to customize-controls.php.
* Create a postMessage connection between themes.php and customize-controls.php.
* Allow the theme customizer to be accessed directly (independent of themes.php and the customize loader).
* Add wp_customize_href() and wp_customize_url().
* Remove wp_customize_loader(). To include the loader, use wp_enqueue_script( 'customize-loader' ).
* The theme customizer now requires postMessage browser support.
* Add .hide-if-customize and .hide-if-no-customize CSS classes.
* Clean up customize-preview.js.

git-svn-id: http://svn.automattic.com/wordpress/trunk@20476 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-04-16 14:02:28 +00:00
koopersmith c2fb0c425b Replace all instances of thickbox theme preview with the theme customizer. fixes #20404.
* Use theme customizer in theme install/update screens.
* Separate the customize loader from the customizer. Use wp_customize_loader() to include the loader script and markup.
* Deprecated: wp-admin/js/theme-preview.js is now no longer used by core.

git-svn-id: http://svn.automattic.com/wordpress/trunk@20419 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-04-10 02:25:03 +00:00
nacin 98862a975b Support child theme installation in the theme installer. props otto42, dd32. fixes #13774.
git-svn-id: http://svn.automattic.com/wordpress/trunk@20267 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-03-23 10:10:06 +00:00
dd32 ef278df299 Store Plugin/Theme uploads in the Media Library properly. Add Scheduled cleanup +2hrs to clean up any aborted installation attempts. See #18182
git-svn-id: http://svn.automattic.com/wordpress/trunk@18617 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-08-28 08:42:07 +00:00
dd32 b16b6f8a31 Only clean up the uploaded files after a successful (or failed) install. Allows files to persist past the FTP credential screen. See #18182
git-svn-id: http://svn.automattic.com/wordpress/trunk@18616 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-08-28 05:51:38 +00:00
dd32 ea3a169b6f Clean up Plugin/Theme uploads after successfully installing them. Restores pre-3.2 behaviour. See #18182
git-svn-id: http://svn.automattic.com/wordpress/trunk@18614 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-08-28 03:51:35 +00:00
nacin 1cdd5ad41a Remove more E_RECOVERABLE_ERROR checks. props duck_, see #16920.
git-svn-id: http://svn.automattic.com/wordpress/trunk@17632 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-04-12 09:21:13 +00:00
nacin c6c9ce82b3 IFRAME_REQUEST for network/update.php. props duck_, see #15724.
git-svn-id: http://svn.automattic.com/wordpress/trunk@16860 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-12-10 18:25:18 +00:00
ryan dfbd83784f Define IFRAME_REQUEST only for framed requests. Props ocean90. fixes #15721
git-svn-id: http://svn.automattic.com/wordpress/trunk@16780 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-12-07 23:05:27 +00:00
scribu 2c96912612 remove redundant require()s in wp-admin/update.php. See #15679
git-svn-id: http://svn.automattic.com/wordpress/trunk@16735 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-12-05 21:12:40 +00:00
scribu c45f3936a7 More s/upgrade/update. Props michaelh. See #15656
git-svn-id: http://svn.automattic.com/wordpress/trunk@16701 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-12-03 09:16:28 +00:00