Scott Taylor
ee97a47c61
In `_wp_handle_upload()`, if `test_upload` is set to `false` in the array of dangerous overrides that the function allows, the only thing that happens when an upload fails is more potential breakage.
...
`$test_uploaded_file` lets is know if `$file['tmp_name']` exists, which allows to exit with an error, instead of continuing to attempt to move the file.
`$test_upload` override is now a noop.
Fixes #28208 .
Built from https://develop.svn.wordpress.org/trunk@30076
git-svn-id: http://core.svn.wordpress.org/trunk@30076 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-10-28 21:17:22 +00:00
Andrew Nacin
1447092f6e
Don't set ftp_credentials option when installling. see #29635 .
...
Built from https://develop.svn.wordpress.org/trunk@29749
git-svn-id: http://core.svn.wordpress.org/trunk@29521 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-09-17 17:58:15 +00:00
Dominik Schilling
6c9853930a
Add missing array keys for connection type in `request_filesystem_credentials()`.
...
see [28456].
fixes #29347 .
Built from https://develop.svn.wordpress.org/trunk@29580
git-svn-id: http://core.svn.wordpress.org/trunk@29354 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-08-24 16:04:18 +00:00
Scott Taylor
a14f5b97d5
In `sanitize_file_name()`, replace `%20` and `+` with dashes. Remove unnecessary code from `_wp_handle_upload()`.
...
Adds unit tests.
Props ericmann.
Fixes #16330 .
Built from https://develop.svn.wordpress.org/trunk@29290
git-svn-id: http://core.svn.wordpress.org/trunk@29072 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-07-24 22:09:16 +00:00
Scott Taylor
fa02568c42
Merge `wp_handle_upload()` and `wp_handle_sideload()` by making them each wrap a new function: `_wp_handle_upload()`.
...
Props DrewAPicture for docs.
Fixes #23686 .
Built from https://develop.svn.wordpress.org/trunk@29209
git-svn-id: http://core.svn.wordpress.org/trunk@28993 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-07-17 18:58:44 +00:00
Drew Jaynes
097dc8ee15
Fix syntax for single- and multi-line comments in wp-admin-directory files.
...
See #28931 .
Built from https://develop.svn.wordpress.org/trunk@29206
git-svn-id: http://core.svn.wordpress.org/trunk@28990 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-07-17 09:14:16 +00:00
John Blackbourn
3f1c3dd4ca
Normalise the schemes used in `get_home_path()` so it returns the correct path for sites using SSL in the admin area but not the front end. Fixes #25767 . Props GregLone for the initial patch.
...
Built from https://develop.svn.wordpress.org/trunk@28893
git-svn-id: http://core.svn.wordpress.org/trunk@28692 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-06-29 10:29:14 +00:00
Scott Taylor
8eb9f2ffe4
Eliminate use of `extract()` in `request_filesystem_credentials()`.
...
The only property that doesn't need to be set to a variable is `$password`.
See #22400 .
Built from https://develop.svn.wordpress.org/trunk@28456
git-svn-id: http://core.svn.wordpress.org/trunk@28283 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-16 18:26:15 +00:00
Scott Taylor
39de969bf2
Update inline docs for `wp_handle_upload|sideload` to reflect their non-use of `extract()`.
...
See #22400 .
Built from https://develop.svn.wordpress.org/trunk@28452
git-svn-id: http://core.svn.wordpress.org/trunk@28279 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-16 17:41:16 +00:00
Scott Taylor
632eb5b17e
Eliminate use of `extract()` in `wp_handle_sideload()`.
...
See #22400 .
Built from https://develop.svn.wordpress.org/trunk@28451
git-svn-id: http://core.svn.wordpress.org/trunk@28278 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-16 16:15:14 +00:00
Scott Taylor
4caf3e79f3
Eliminate use of `extract()` in `wp_handle_upload()`.
...
See #22400 .
Built from https://develop.svn.wordpress.org/trunk@28450
git-svn-id: http://core.svn.wordpress.org/trunk@28277 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-16 16:10:38 +00:00
Scott Taylor
d74272ecf5
Eliminate one of the uses of `extract()` in `wp_handle_upload()`.
...
See #22400 .
Built from https://develop.svn.wordpress.org/trunk@28417
git-svn-id: http://core.svn.wordpress.org/trunk@28244 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-15 04:31:14 +00:00
Scott Taylor
fc59804352
Eliminate one of the uses of `extract()` in `wp_handle_sideload()`.
...
See #22400 .
Built from https://develop.svn.wordpress.org/trunk@28416
git-svn-id: http://core.svn.wordpress.org/trunk@28243 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-15 04:29:15 +00:00
Scott Taylor
644024dfc4
Dead code in `wp-admin/includes/file.php`:
...
* In `wp_handle_upload()` and `wp_handle_sideload()`, `$ext` gets conditionally reset... and then is never used.
* In `request_filesystem_credentials()`, `$password` is initialized as an empty string. The variable is never used.
See #27882 .
Built from https://develop.svn.wordpress.org/trunk@28268
git-svn-id: http://core.svn.wordpress.org/trunk@28096 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-06 04:22:14 +00:00
Sergey Biryukov
2cb849fc52
Fix typo in verify_file_md5() description. see [25541].
...
props siobhan.
see #27651 .
Built from https://develop.svn.wordpress.org/trunk@27938
git-svn-id: http://core.svn.wordpress.org/trunk@27768 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-04-04 00:03:14 +00:00
Drew Jaynes
8efd225e4d
Inline documentation for hooks in wp-admin/includes/file.php.
...
Fixes #27429 .
Built from https://develop.svn.wordpress.org/trunk@27672
git-svn-id: http://core.svn.wordpress.org/trunk@27515 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-03-24 02:45:15 +00:00
Dion Hulse
87c6791a41
WP_Filesystem: Update request_filesystem_credentials() to handle the correct ssh value of FS_METHOD. Props jnielsendotnet. Fixes #27265
...
Built from https://develop.svn.wordpress.org/trunk@27546
git-svn-id: http://core.svn.wordpress.org/trunk@27389 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-03-15 03:09:16 +00:00
Sergey Biryukov
bc036d0843
Avoid an undefined index notice in wp_handle_upload().
...
props tivnet.
fixes #27225 .
Built from https://develop.svn.wordpress.org/trunk@27319
git-svn-id: http://core.svn.wordpress.org/trunk@27171 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-02-27 21:16:15 +00:00
Andrew Nacin
912379a022
Simplify error in validate_file_to_edit().
...
props MattyRob for initial patch.
fixes #25924 .
Built from https://develop.svn.wordpress.org/trunk@27219
git-svn-id: http://core.svn.wordpress.org/trunk@27076 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-02-21 14:46:14 +00:00
Andrew Ozz
eb1d21d782
Remove all "valign" attributes from tables in wp-admin, props MikeHansenMe, Marventus. Fixes #22712 .
...
Built from https://develop.svn.wordpress.org/trunk@27029
git-svn-id: http://core.svn.wordpress.org/trunk@26905 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-01-24 19:06:15 +00:00
Drew Jaynes
cd8cedc40d
First there were two, and now there are three -- in the @since versions that came before and that shall be. And so it will be, says nacin.
...
Props JustinSainton, SergeyBiryukov, DrewAPicture.
Fixes #26713 .
Built from https://develop.svn.wordpress.org/trunk@26868
git-svn-id: http://core.svn.wordpress.org/trunk@26754 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-12-24 18:57:12 +00:00
Andrew Nacin
d61e188f23
Only enforce disk free space checks when doing background updates.
...
see #25652 .
Built from https://develop.svn.wordpress.org/trunk@25869
git-svn-id: http://core.svn.wordpress.org/trunk@25869 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-10-24 22:59:29 +00:00
Dion Hulse
8abd2f86d5
Silence PHP warnings from disk_free_space(). disk_free_space() will produce a warning in error conditions in addition to returning false, this includes a case where the bytes free is greater than PHP_INT_MAX (which is a error condition we don't need to check).
...
See #25576 , #22704
Built from https://develop.svn.wordpress.org/trunk@25831
git-svn-id: http://core.svn.wordpress.org/trunk@25831 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-10-24 22:54:05 +00:00
Andrew Nacin
8ae8e01b67
Remove the old wp_auto_updates_maybe_update cron event. Schedule the new wp_maybe_auto_update event at 7 a.m. and 7 p.m. in the site's timezone.
...
see #27704 .
Built from https://develop.svn.wordpress.org/trunk@25825
git-svn-id: http://core.svn.wordpress.org/trunk@25825 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-10-24 22:53:14 +00:00
Andrew Nacin
d5fdd66f9d
Only enforce disk free space checks when doing background updates.
...
see #25652 .
Built from https://develop.svn.wordpress.org/trunk@25869
git-svn-id: http://core.svn.wordpress.org/trunk@25781 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-10-22 18:18:09 +00:00
Dion Hulse
924e35d66a
Silence PHP warnings from disk_free_space(). disk_free_space() will produce a warning in error conditions in addition to returning false, this includes a case where the bytes free is greater than PHP_INT_MAX (which is a error condition we don't need to check).
...
See #25576 , #22704
Built from https://develop.svn.wordpress.org/trunk@25831
git-svn-id: http://core.svn.wordpress.org/trunk@25743 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-10-17 18:40:10 +00:00
Dion Hulse
1c8e79353a
Language Packs: Many many fixes such as:
...
- Add a "Update Translations" stand-alone button to the updates page
- Shift Language feedback to before update process completion action links & limit the verbosity of output (name + success/errors)
- Simplify/combine the language update descriptive string to only include a plugin/theme name
- Properly handle cache clearing after language updates to prevent langs being repeditively updated
- Display a "All items up to date" string when there's nothing to do
- Reduce the 'Connection Information' from a <h2> to a <h3> to remove duplicate h2's and screen icons from update screens
- Fix the Direct filesystem method not being used for Language updates because WP_LANG_DIR doesn't exist (check it's parent for writable instead)
See #18200 , #22704
Built from https://develop.svn.wordpress.org/trunk@25806
git-svn-id: http://core.svn.wordpress.org/trunk@25718 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-10-16 04:15:09 +00:00
Andrew Nacin
95831a8a67
Remove accidental debug cruft in [25780]. see #22704 .
...
Built from https://develop.svn.wordpress.org/trunk@25799
git-svn-id: http://core.svn.wordpress.org/trunk@25711 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-10-15 21:24:09 +00:00
Andrew Nacin
eeaad19a26
Use FS_CHMOD_FILE rather than an explicit 0644 in copy_dir() and _copy_dir().
...
This occurs when we can't copy a file. We chmod it and try again.
see #22704 .
Built from https://develop.svn.wordpress.org/trunk@25793
git-svn-id: http://core.svn.wordpress.org/trunk@25705 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-10-15 19:14:10 +00:00
Andrew Nacin
9b56d4d11f
Parse absolute paths out of error data. see #22704 .
...
Built from https://develop.svn.wordpress.org/trunk@25780
git-svn-id: http://core.svn.wordpress.org/trunk@25693 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-10-14 22:25:08 +00:00
Dion Hulse
4dcca90887
Remove PHP4 compat code from the ZipArchive unzip handler, and pass the failure reason into the WP_Error return.
...
See #22704
Built from https://develop.svn.wordpress.org/trunk@25779
git-svn-id: http://core.svn.wordpress.org/trunk@25692 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-10-14 21:55:09 +00:00
Andrew Nacin
145dbde82f
Account for possible failures by disk_free_space(), as well as the potential need to copy the unzipped files.
...
see #25576 .
Built from https://develop.svn.wordpress.org/trunk@25776
git-svn-id: http://core.svn.wordpress.org/trunk@25689 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-10-14 20:58:09 +00:00
Andrew Nacin
d68a80217f
In unzip_file(), confirm we have enough available disk space before extracting.
...
"enough" is calculated by adding up the uncompressed size of the files in the archive, then adding a 20% buffer.
props dd32.
fixes #25576 .
Built from https://develop.svn.wordpress.org/trunk@25774
git-svn-id: http://core.svn.wordpress.org/trunk@25687 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-10-14 20:15:09 +00:00
Andrew Nacin
29f5f5b5fd
Refine error codes throughout the upgrader so we can better detect at what stage updates fail.
...
see #22704 .
Built from https://develop.svn.wordpress.org/trunk@25763
git-svn-id: http://core.svn.wordpress.org/trunk@25676 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-10-11 16:06:11 +00:00
Dion Hulse
543d84a379
Upgrader: Create Directories with a minimum of 0755 and files with a minimum of 0644 when upgrading, which matches pre-3.7 behaviour. Fixes #20069
...
Built from https://develop.svn.wordpress.org/trunk@25739
git-svn-id: http://core.svn.wordpress.org/trunk@25652 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-10-09 16:47:09 +00:00
Dion Hulse
a82b463610
When using download_url(), if the resource supplies a Content-MD5 header, verify the downloaded file against it. Fixes #20074
...
Built from https://develop.svn.wordpress.org/trunk@25541
git-svn-id: http://core.svn.wordpress.org/trunk@25461 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-09-21 06:54:09 +00:00
Dion Hulse
6737d0a202
Upgrader: Perform a MD5 file verification check on the files during upgrade. This ensures that both a Partial upgrade build can be used, and that all the files were copied into place correctly.
...
Props pento for initial patch. Fixes #18201
Built from https://develop.svn.wordpress.org/trunk@25540
git-svn-id: http://core.svn.wordpress.org/trunk@25460 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-09-21 06:49:11 +00:00
Dion Hulse
f98f5d0a36
WordPress Upgrades: When defining the default filesystem permissions for files/directories, base the value on the existing ABSPATH & index.php file permissions - so as to respect the executable bit (if set) and not set global read if not required.
...
This sets a minimum permission set to 750 and 640 for directories and files, so any systems requring less permission than that will still need to define the constants themselves. Fixes #20069
Built from https://develop.svn.wordpress.org/trunk@25469
git-svn-id: http://core.svn.wordpress.org/trunk@25390 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-09-17 08:06:09 +00:00
Dion Hulse
83ebc727e8
Switch unzip_file() over to using the mbstring.func_override helper functions. See #25259
...
Built from https://develop.svn.wordpress.org/trunk@25347
git-svn-id: http://core.svn.wordpress.org/trunk@25309 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-09-11 08:09:08 +00:00
Sergey Biryukov
00c9232a19
Move get_real_file_to_edit() to wp-admin/includes/deprecated.php. props iamfriendly. fixes #23680 .
...
Built from https://develop.svn.wordpress.org/trunk@25201
git-svn-id: http://core.svn.wordpress.org/trunk@25173 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-09-01 12:37:12 +00:00
Dion Hulse
ff290a88bf
Add a note that the FTP Password will not be stored on the server to the FTP credentials page. Fixes #16492
...
Built from https://develop.svn.wordpress.org/trunk@25071
git-svn-id: http://core.svn.wordpress.org/trunk@25056 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-08-21 07:07:09 +00:00
Dion Hulse
ad980384f2
Check to see if mbstring.func_overload is configured to affect string functions before switching charsets. Props SergeyBiryukov. Fixes #25063
...
Built from https://develop.svn.wordpress.org/trunk@25056
git-svn-id: http://core.svn.wordpress.org/trunk@25042 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-08-20 06:24:09 +00:00
Andrew Nacin
21a1fe8d4b
Use wp_safe_remote_request() and friends instead of reject_unsafe_urls = true.
...
fixes #24646 .
git-svn-id: http://core.svn.wordpress.org/trunk@24917 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-07-31 06:52:13 +00:00
Andrew Nacin
96ee267343
Better validation of the URL used in core HTTP requests.
...
git-svn-id: http://core.svn.wordpress.org/trunk@24480 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-06-21 06:07:47 +00:00
Andrew Nacin
be01fce99f
Show a relative path in an upload error message.
...
git-svn-id: http://core.svn.wordpress.org/trunk@24463 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-06-21 02:29:26 +00:00
Ryan Boren
469d1a3099
Escape form action urls with esc_url() rather than esc_attr().
...
Props SergeyBiryukov
fixes #23266
git-svn-id: http://core.svn.wordpress.org/trunk@23739 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-18 14:01:25 +00:00
Sergey Biryukov
28248c1b08
Make get_home_path() return consistent slashes. fixes #23175 .
...
git-svn-id: http://core.svn.wordpress.org/trunk@23669 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-12 11:04:14 +00:00
Ryan Boren
5f809d1d22
Use wp_unslash() instead of stripslashes() and stripslashes_deep(). Use wp_slash() instead of add_magic_quotes().
...
see #21767
git-svn-id: http://core.svn.wordpress.org/trunk@23563 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-01 17:00:25 +00:00
Ryan Boren
43a7e695e9
Revert 23416, 23419, 23445 except for wp_reset_vars() changes. We are going a different direction with the slashing cleanup, so resetting to a clean slate. see #21767
...
git-svn-id: http://core.svn.wordpress.org/trunk@23554 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-01 16:28:40 +00:00
Ryan Boren
cc5ed3a485
Change all core API to expect unslashed rather than slashed arguments.
...
The exceptions to this are update_post_meta() and add_post_meta() which are often used by plugins in POST handlers and will continue accepting slashed data for now.
Introduce wp_upate_post_meta() and wp_add_post_meta() as unslashed alternatives to update_post_meta() and add_post_meta(). These functions could become methods in WP_Post so don't use them too heavily yet.
Remove all escape() calls from wp_xmlrpc_server. Now that core expects unslashed data this is no longer needed.
Remove addslashes(), addslashes_gpc(), add_magic_quotes() calls on data being prepared for handoff to core functions that until now expected slashed data. Adding slashes in no longer necessary.
Introduce wp_unslash() and use to it remove slashes from GPCS data before using it in core API. Almost every instance of stripslashes() in core should now be wp_unslash(). In the future (a release or three) when GPCS is no longer slashed, wp_unslash() will stop stripping slashes and simply return what is passed. At this point wp_unslash() calls can be removed from core.
Introduce wp_slash() for slashing GPCS data. This will also turn into a noop once GPCS is no longer slashed. wp_slash() should almost never be used. It is mainly of use in unit tests.
Plugins should use wp_unslash() on data being passed to core API.
Plugins should no longer slash data being passed to core. So when you get_post() and then wp_insert_post() the post data from get_post() no longer needs addslashes(). Most plugins were not bothering with this. They will magically start doing the right thing. Unfortunately, those few souls who did it properly will now have to avoid calling addslashes() for 3.6 and newer.
Use wp_kses_post() and wp_kses_data(), which expect unslashed data, instead of wp_filter_post_kses() and wp_filter_kses(), which expect slashed data. Filters are no longer passed slashed data.
Remove many no longer necessary calls to $wpdb->escape() and esc_sql().
In wp_get_referer() and wp_get_original_referer(), return unslashed data.
Remove old stripslashes() calls from WP_Widget::update() handlers. These haven't been necessary since WP_Widget.
Switch several queries over to prepare().
Expect something to break.
Props alexkingorg
see #21767
git-svn-id: http://core.svn.wordpress.org/trunk@23416 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-02-14 22:51:06 +00:00