Commit Graph

98 Commits

Author SHA1 Message Date
Ryan Boren
cc5ed3a485 Change all core API to expect unslashed rather than slashed arguments.
The exceptions to this are update_post_meta() and add_post_meta() which are often used by plugins in POST handlers and will continue accepting slashed data for now.

Introduce wp_upate_post_meta() and wp_add_post_meta() as unslashed alternatives to update_post_meta() and add_post_meta(). These functions could become methods in WP_Post so don't use them too heavily yet.

Remove all escape() calls from wp_xmlrpc_server. Now that core expects unslashed data this is no longer needed.

Remove addslashes(), addslashes_gpc(), add_magic_quotes() calls on data being prepared for handoff to core functions that until now expected slashed data. Adding slashes in no longer necessary.

Introduce wp_unslash() and use to it remove slashes from GPCS data before using it in core API. Almost every instance of stripslashes() in core should now be wp_unslash(). In the future (a release or three) when GPCS is no longer slashed, wp_unslash() will stop stripping slashes and simply return what is passed. At this point wp_unslash() calls can be removed from core.

Introduce wp_slash() for slashing GPCS data. This will also turn into a noop once GPCS is no longer slashed. wp_slash() should almost never be used. It is mainly of use in unit tests.

Plugins should use wp_unslash() on data being passed to core API.

Plugins should no longer slash data being passed to core. So when you get_post() and then wp_insert_post() the post data from get_post() no longer needs addslashes(). Most plugins were not bothering with this. They will magically start doing the right thing. Unfortunately, those few souls who did it properly will now have to avoid calling addslashes() for 3.6 and newer.

Use wp_kses_post() and wp_kses_data(), which expect unslashed data, instead of wp_filter_post_kses() and wp_filter_kses(), which expect slashed data. Filters are no longer passed slashed data.

Remove many no longer necessary calls to $wpdb->escape() and esc_sql().

In wp_get_referer() and wp_get_original_referer(), return unslashed data.

Remove old stripslashes() calls from WP_Widget::update() handlers. These haven't been necessary since WP_Widget.

Switch several queries over to prepare().

Expect something to break.

Props alexkingorg
see #21767


git-svn-id: http://core.svn.wordpress.org/trunk@23416 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-02-14 22:51:06 +00:00
Helen Hou-Sandí
1c816c795b Open external links to plugin homepages, plugin author homepages, and theme author homepages in a new window/tab. props SergeyBiryukov. fixes #20839.
git-svn-id: http://core.svn.wordpress.org/trunk@23394 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-02-08 16:20:01 +00:00
Andrew Nacin
c2257fcba3 Remove methods that override but do nothing. props jeremyfelt for initial patch. fixes #22368.
git-svn-id: http://core.svn.wordpress.org/trunk@22395 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-11-06 00:52:49 +00:00
Ryan Boren
a3cfe28527 Reduce reliance on global variables in the list tables. Allow passing a screen ID to the list tables so that ajax handlers can set the needed screen.
Props nacin
fixes #21871


git-svn-id: http://core.svn.wordpress.org/trunk@21914 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-09-19 12:43:31 +00:00
Andrew Nacin
fb36abe6b7 Always URL-encode a stylesheet directory value before using it in a URL. These situations are saved by wp_nonce_url(), but we should not depend on that. see #21749, for trunk only.
git-svn-id: http://core.svn.wordpress.org/trunk@21755 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-09-04 22:35:12 +00:00
Andrew Nacin
d476c22aa1 Fix old-school Preview links when a theme directory contains spaces. Fix the theme-editor.php link from MS themes screens when a theme directory contains spaces. see #21749.
git-svn-id: http://core.svn.wordpress.org/trunk@21752 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-09-04 22:25:25 +00:00
nacin
9d20dfc4e1 Enforce multisite plugins menu preference in map_meta_cap(). This means a simple current_user_can('activate_plugins') check will handle the 'Enable administration menus' setting.
Remove bogus checks for enabling/disabling the 'themes' menu (something core does not handle out of the box) when in the network admin.

fixes #21123.



git-svn-id: http://core.svn.wordpress.org/trunk@21198 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-06-30 12:40:25 +00:00
nacin
a7249bfee8 Move the 'Delete' bulk action to the bottom in the network themes list tables. Symmetry with the plugins list tables. props trepmal. fixes #21032.
git-svn-id: http://core.svn.wordpress.org/trunk@21164 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-06-28 20:05:15 +00:00
nacin
29bc67a989 Visually merge a plugin with its update notice. Same applies to themes in the network admin. Move from 'update automatically' to 'update now'. fixes #20273.
git-svn-id: http://svn.automattic.com/wordpress/trunk@20236 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-03-21 16:19:27 +00:00
nacin
98245701cb Don't show the Network Enable link for broken themes. Include broken themes in searching on network/themes.php. fixes #20099, see #20103.
git-svn-id: http://svn.automattic.com/wordpress/trunk@20160 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-03-08 17:08:55 +00:00
nacin
7bac1174bf In multisite, list broken themes on network/themes.php instead of on individual Manage Themes pages. see #20103.
git-svn-id: http://svn.automattic.com/wordpress/trunk@20151 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-03-08 07:32:42 +00:00
nacin
b16b7d770a Always print the Author in the MS themes list table. display('Author') will be 'Anonymous' if no author is specified. see #20103.
git-svn-id: http://svn.automattic.com/wordpress/trunk@20147 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-03-08 00:01:35 +00:00
nacin
57f8d7715f Remove extra $. see #20103.
git-svn-id: http://svn.automattic.com/wordpress/trunk@20052 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-02-29 22:54:50 +00:00
nacin
d130a63e25 Introduce WP_Theme, wp_get_themes(), and wp_get_theme() to replace get_themes(), get_theme(), get_theme_data(), current_theme_info(), and others.
* Getters and Helpers: Introduces a series of methods to allow for easy generation of headers for display, and other theme metadata, including page templates.
 * Screenshots: Handles support for multiple screenshots. (see # Additional screenshots must be PNG and start with screenshot-2.png, and be sequential to be counted. see #19816.
 * Error Handling: Broken themes have a WP_Error object attached to them.
 * Caching: Introduces a wp_cache_themes_persistently filter (also in [20020]) to enable persistent caching of all filesystem and sanitization operations normally handled by WP_Theme (and formerly get_file_data() and get_themes()). Themes are cached individually and across five different cache keys for different data pieces.
 * Compatibility: A WP_Theme object is backwards compatible with a theme's array formerly returned by get_themes() and get_theme(), and an stdClass object formerly returned by current_theme_info().
 * i18n/L10n: Theme headers are now localizable with proper Text Domain and Domain Path headers, like plugins. (Language packs may remove the requirement for headers.) For page templates, see #6007 (not fixed yet, but will be easy now). For headers, fixes #15858.
 * PHP and CSS files: New methods that fetch a list of theme files (for the theme editor) only on demand, rather than only loading them into memory. fixes #11214.

Functions deprecated:
 * get_themes(), get_allowed_themes() and get_broken_themes() -- use wp_get_themes()
 * get_theme() and current_theme_info() -- use wp_get_theme()
 * get_site_allowed_themes() -- use WP_Theme::get_allowed_on_network()
 * wpmu_get_blog_allowedthemes() -- use WP_theme::get_allowed_on_site()

see also [20016], [20018], [20019], [20020], [20021], [20022], [20025], [20026], [20027]. also fixes #19244.

see #20103.



git-svn-id: http://svn.automattic.com/wordpress/trunk@20029 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-02-28 21:24:44 +00:00
nacin
b367a71d1a Do not save the last visited tab on the multisite Network Themes page and Site Themes tab. These are poor UX, see #18810 for plugins. Entering these screens will always default to 'all' themes view. see #20103.
git-svn-id: http://svn.automattic.com/wordpress/trunk@20022 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-02-28 20:13:21 +00:00
ryan
e3b46b25d3 Lose EOF ?>. Clean up EOF newlines. fixes #12307
git-svn-id: http://svn.automattic.com/wordpress/trunk@19712 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-01-08 17:01:11 +00:00
ryan
04487fc268 Constructor cleanup. Props ocean90. fixes #16768
git-svn-id: http://svn.automattic.com/wordpress/trunk@17771 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-04-29 20:05:12 +00:00
ryan
65702d0ad1 Make plugin and theme title columns narrower. Props garyc40. fixes #16563 for trunk
git-svn-id: http://svn.automattic.com/wordpress/trunk@17449 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-02-15 03:43:47 +00:00
nacin
37075f7f71 Remove AJAX from list tables. first pass. see #16262.
git-svn-id: http://svn.automattic.com/wordpress/trunk@17322 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-01-16 21:47:24 +00:00
ryan
85f1feed84 Bring out the shears.
git-svn-id: http://svn.automattic.com/wordpress/trunk@17228 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-01-06 04:11:14 +00:00
markjaquith
ff92f29be4 urlencode() theme name when creating theme edit link. props tomthewebmaster. fixes #16028
git-svn-id: http://svn.automattic.com/wordpress/trunk@17177 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-12-30 16:09:01 +00:00
ryan
625a229313 MS themes fixes. Fix bulk actions when no items selected. Props SergeyBiryukov, nacin. fixes #15920
git-svn-id: http://svn.automattic.com/wordpress/trunk@17130 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-12-24 17:41:36 +00:00
nacin
b0be8cd9f4 Validation fixes. props ocean90, fixes #15287.
git-svn-id: http://svn.automattic.com/wordpress/trunk@17129 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-12-24 14:19:41 +00:00
ryan
41476a07ea Set the correct plural. Use plugins class on the table. Props scribu. fixes #15922
git-svn-id: http://svn.automattic.com/wordpress/trunk@17115 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-12-23 14:34:14 +00:00
ryan
a1d8c65604 Add delete support to network themes. Props PeteMall. fixes #15707
git-svn-id: http://svn.automattic.com/wordpress/trunk@17101 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-12-21 16:50:16 +00:00
ryan
09a2d27d5e Remove 'Search Results filter from ms themes. fixes #15872
git-svn-id: http://svn.automattic.com/wordpress/trunk@17050 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-12-19 01:11:38 +00:00
nacin
a189f21c45 Replace check_permissions() with ajax_user_can(). New method returns true/false to current_user_can(), which we then handle in admin ajax. see #15326.
git-svn-id: http://svn.automattic.com/wordpress/trunk@16992 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-12-16 09:18:28 +00:00
nacin
cc08068dba Remove check_permissions() calls outside of AJAX context. Also only check for switch_themes in check_permissions() for the themes table. see #15326.
git-svn-id: http://svn.automattic.com/wordpress/trunk@16990 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-12-16 08:43:22 +00:00
westi
dd86bd529f This is only for use in the Network admin when it is always multisite.
git-svn-id: http://svn.automattic.com/wordpress/trunk@16967 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-12-15 19:09:50 +00:00
PeteMall
d078d4a530 s/Enable/Network Enable for net admin themes. Fixes #14897
git-svn-id: http://svn.automattic.com/wordpress/trunk@16700 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-12-02 23:49:18 +00:00
markjaquith
df1887a81a Standardize around "Update" instead of "Upgrade." props RanYanivHartstein. props latz. fixes #14107
git-svn-id: http://svn.automattic.com/wordpress/trunk@16696 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-12-02 21:45:47 +00:00
PeteMall
91d8dac6b7 Remove update notifications from site-themes. See #14897
git-svn-id: http://svn.automattic.com/wordpress/trunk@16629 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-30 20:31:49 +00:00
scribu
cc540d502a Fix problems with hidden columns on network users screen. Props ocean90. See #14579
git-svn-id: http://svn.automattic.com/wordpress/trunk@16601 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-28 17:39:44 +00:00
PeteMall
5c803c9b28 Site Themes cleanup. See #14897.
git-svn-id: http://svn.automattic.com/wordpress/trunk@16559 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-24 00:27:54 +00:00
ryan
8b60cbd2db Set blog id for site-themes.php AJAX requests.
git-svn-id: http://svn.automattic.com/wordpress/trunk@16556 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-23 22:27:05 +00:00
ryan
847499e531 Pinking shears
git-svn-id: http://svn.automattic.com/wordpress/trunk@16438 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-17 18:47:34 +00:00
scribu
bb15731084 Rework WP_MS_Themes_List_Table column display. Props ocean90. See #15318
git-svn-id: http://svn.automattic.com/wordpress/trunk@16361 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-13 23:47:14 +00:00
ryan
8b562f1fb9 Set is_site_themes from current screen so the ajax request returns the proper rows for site-themes.php searches. see #14897
git-svn-id: http://svn.automattic.com/wordpress/trunk@16335 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-12 22:44:08 +00:00
ryan
0d489ee102 Add screen options to site-themes. Props PeteMall. see #14897
git-svn-id: http://svn.automattic.com/wordpress/trunk@16298 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-11 15:16:16 +00:00
ryan
d08a1970de site-themes.php cleanup. Props PeteMall. see #14897
git-svn-id: http://svn.automattic.com/wordpress/trunk@16242 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-08 21:52:54 +00:00
ryan
39c1f5dc43 Use bool for allowed themes. Props PeteMall. see #14897
git-svn-id: http://svn.automattic.com/wordpress/trunk@16241 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-08 19:40:05 +00:00
scribu
c0b067fcf5 remove leading <li> from get_views() and add it later. Fixes #15321
git-svn-id: http://svn.automattic.com/wordpress/trunk@16205 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-05 14:34:09 +00:00
scribu
b078890091 Fix screen options for the network admin themes and plugins. Props ocean90. Fixes #15269. Also fixes [16190]
git-svn-id: http://svn.automattic.com/wordpress/trunk@16194 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-04 20:49:30 +00:00
scribu
c5a9fd309d Default to get_current_screen() in list table classes. See #14579
git-svn-id: http://svn.automattic.com/wordpress/trunk@16182 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-04 15:00:55 +00:00
westi
5e90c5d1c3 Revert [16171] and [16172] - The class names were fine as they were and the MultiSite classes stand out more with the original naming.
git-svn-id: http://svn.automattic.com/wordpress/trunk@16175 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-04 08:07:03 +00:00
scribu
836ec33dca List-table Class Names: Consistency's Revenge. See #14579
git-svn-id: http://svn.automattic.com/wordpress/trunk@16171 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-03 21:09:27 +00:00
ryan
470304e2c6 Add edit theme links. Props PeteMall. see #14897
git-svn-id: http://svn.automattic.com/wordpress/trunk@16140 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-01 19:14:03 +00:00
westi
ad92d629d6 The big renaming of the list-table class files.
See #14579

git-svn-id: http://svn.automattic.com/wordpress/trunk@16128 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-01 09:19:50 +00:00