Commit Graph

74 Commits

Author SHA1 Message Date
Sergey Biryukov
47ed56f38f Code Modernization: Replace dirname( __FILE__ ) calls with __DIR__ magic constant.
This avoids the performance overhead of the function call every time `dirname( __FILE__ )` was used instead of `__DIR__`.

This commit also includes:

* Removing unnecessary parentheses from `include`/`require` statements. These are language constructs, not function calls.
* Replacing `include` statements for several files with `require_once`, for consistency:
 * `wp-admin/admin-header.php`
 * `wp-admin/admin-footer.php`
 * `wp-includes/version.php`

Props ayeshrajans, desrosj, valentinbora, jrf, joostdevalk, netweb.
Fixes #48082.
Built from https://develop.svn.wordpress.org/trunk@47198


git-svn-id: http://core.svn.wordpress.org/trunk@46998 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-02-06 06:33:11 +00:00
Sergey Biryukov
e199663322 I18N: Capitalize translator comments consistently, add trailing punctuation.
Includes minor code layout fixes.

See #44360.
Built from https://develop.svn.wordpress.org/trunk@45932


git-svn-id: http://core.svn.wordpress.org/trunk@45743 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-09-03 00:41:05 +00:00
Andrea Fercia
48d9d94881 Accessibility: Improve settings tables and forms after [45403].
- adds `role="presentation"` to the edit comment table 
- removes a few pointless `<fieldset>` elements
- adds a few missing `<label>` elements
- adds the CSS class `class="td-full"` to table rows spanning to multiple cells
- adds explicit `scope="row"` attribute to the table headers in `options-permalink.php`: this table is better communicated as data table 
- uses consistent label association in the "Privacy Settings" page
- in the installation page "Set up your database connection": associates descriptions to their inout fields using `aria-describedby`
- improves the link to gravatar.com in the `user-edit.php` page

See #46899.
Fixes #47390.

Built from https://develop.svn.wordpress.org/trunk@45416


git-svn-id: http://core.svn.wordpress.org/trunk@45227 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-05-25 15:19:53 +00:00
Sergey Biryukov
b77cf42c0b Accessibility: Make sure layout tables across the admin are correctly linearized.
Adds `role="presentation"` to the `<table>` elements used for layout purposes.

Ideally, HTML tables should be used for tabular data. When tables are used for layout purposes, it's important to remove any native semantics so that assistive technologies can correctly announce the table content in a linearized fashion.

Props greatislander, afercia.
Fixes #46899.
Built from https://develop.svn.wordpress.org/trunk@45403


git-svn-id: http://core.svn.wordpress.org/trunk@45214 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-05-24 21:56:54 +00:00
Gary Pendergast
56c162fbc9 Coding Standards: Upgrade WPCS to 1.0.0
WPCS 1.0.0 includes a bunch of new auto-fixers, which drops the number of coding standards issues across WordPress significantly. Prior to running the auto-fixers, there were 15,312 issues detected. With this commit, we now drop to 4,769 issues.

This change includes three notable additions:
- Multiline function calls must now put each parameter on a new line.
- Auto-formatting files is now part of the `grunt precommit` script. 
- Auto-fixable coding standards issues will now cause Travis failures.

Fixes #44600.


Built from https://develop.svn.wordpress.org/trunk@43571


git-svn-id: http://core.svn.wordpress.org/trunk@43400 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-08-17 01:51:36 +00:00
Gary Pendergast
8244397ffb Coding Standards: Prepare for upgrading WPCS to 1.0.0.
In order to get the best result when running `phpcbf` across the codebase, there are some manual tweaks we need to make.

These fall into three categories:
- Fixing incorrectly indented code which has flow-on effects when auto-fixing.
- Tweaking the layout of inline PHP inside HTML tags.
- Moving more complex inline PHP inside HTML tags, to execute earlier.

See #44600.


Built from https://develop.svn.wordpress.org/trunk@43569


git-svn-id: http://core.svn.wordpress.org/trunk@43398 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-08-15 06:22:26 +00:00
Gary Pendergast
aaf99e6913 Code is Poetry.
WordPress' code just... wasn't.
This is now dealt with.

Props jrf, pento, netweb, GaryJ, jdgrimes, westonruter, Greg Sherwood from PHPCS, and everyone who's ever contributed to WPCS and PHPCS.
Fixes #41057.


Built from https://develop.svn.wordpress.org/trunk@42343


git-svn-id: http://core.svn.wordpress.org/trunk@42172 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-30 23:11:00 +00:00
Felix Arntz
21f6d256b5 Multisite: Remove help text duplication on Edit Site screens in the network admin.
Prior to this change, the similar help tab and sidebar for these screens were all duplicated for each respective screen. This changeset introduces two internal admin functions `get_site_screen_help_tab_args()` and `get_site_screen_help_sidebar_content()` that make these available in a centralized location.

Props atanasangelovdev.
Fixes #41167.

Built from https://develop.svn.wordpress.org/trunk@41065


git-svn-id: http://core.svn.wordpress.org/trunk@40917 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-07-17 20:53:45 +00:00
Felix Arntz
c8de21c0c5 Multisite: Display correct scheme for the main site in site-info.php.
Props greatislander.
Fixes #39365.

Built from https://develop.svn.wordpress.org/trunk@39930


git-svn-id: http://core.svn.wordpress.org/trunk@39867 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-20 17:03:41 +00:00
Jeremy Felt
64886517b9 Multisite: Replace get_blog_details() with get_site() in network admin screens.
Props iamfriendly.
See #37102.
Fixes #38349.

Built from https://develop.svn.wordpress.org/trunk@38824


git-svn-id: http://core.svn.wordpress.org/trunk@38767 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-19 06:08:28 +00:00
Andrea Fercia
902cb70328 Accessibility: Remove target=_blank from the Network screens help tabs links.
Stop taking control of users' browsers.

Props rianrietveld.
Fixes #38159. See #23432.

Built from https://develop.svn.wordpress.org/trunk@38721


git-svn-id: http://core.svn.wordpress.org/trunk@38664 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-04 07:03:31 +00:00
Jeremy Felt
3d19ab1ce2 Multisite: Remove redundant is_multisite() checks in network admin templates.
`wp-admin/network/admin.php` is required by all of the individual network templates and begins with an `is_multisite()` check of its own. Because of this, we can remove the 26 other checks in the individual templates.

Props flixos90.
Fixes #37447.

Built from https://develop.svn.wordpress.org/trunk@38657


git-svn-id: http://core.svn.wordpress.org/trunk@38600 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-09-27 15:39:29 +00:00
Sergey Biryukov
44aac380f4 I18N: Add translator comments for Edit Site: %s string in network admin.
Props ramiy.
Fixes #37776.
Built from https://develop.svn.wordpress.org/trunk@38320


git-svn-id: http://core.svn.wordpress.org/trunk@38261 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-08-22 23:53:31 +00:00
Dominik Schilling
25e66e4f1e Text Changes: Unify permission error messages.
The new format looks like "Sorry, you are not allowed to <action>.". This provides a consistent experience for all error messages related to missing permissions. It also reduces the number of similar strings and allows translators to provide a consistent style in their language.

Props ramiy, Presskopp.
Fixes #34521.
Built from https://develop.svn.wordpress.org/trunk@37914


git-svn-id: http://core.svn.wordpress.org/trunk@37855 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-29 15:16:29 +00:00
Jeremy Felt
4a12078b31 Multisite: Filter the links displayed on "Edit Site" views
Introduce the `network_edit_site_nav` function, which DRYs up the code used to display a common set of links at the top of "Edit Site" views.

Introduce the `network_edit_site_nav_links` filter, which allows plugins to modify the list of links displayed at the top of Edit Site views as a "tabbed" interface.

Props johnjamesjacoby, c3mdigital, Bueltge.
Fixes #15800.

Built from https://develop.svn.wordpress.org/trunk@37466


git-svn-id: http://core.svn.wordpress.org/trunk@37434 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-05-19 21:48:30 +00:00
Jeremy Felt
fc8691778c Multisite: Show the main site's domain and path in site-info.php
* Use the domain and path combination from `wp_blogs` when displaying the site address for the main site.\
* Update the text from "Site URL" to "Site Address (URL)" for all sites in `site-info.php` to better align with how we refer to this in single site.

Props flixos90, rachelbaker.
Fixes #35632.

Built from https://develop.svn.wordpress.org/trunk@36682


git-svn-id: http://core.svn.wordpress.org/trunk@36649 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-02-24 16:06:26 +00:00
Jeremy Felt
e7a7f08c8b Multisite: Avoid a PHP Notice when saving a site address without a path.
Props kjbenk.
Fixes #35631.

Built from https://develop.svn.wordpress.org/trunk@36561


git-svn-id: http://core.svn.wordpress.org/trunk@36528 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-02-17 20:50:27 +00:00
Andrea Fercia
52920b8511 Introduce a new generic CSS clearfix utility class.
`.wp-clearfix` is now the recommended way to clear and contain floated elements.
Adds back compatibility for the `.nav-tab-wrapper` navigation tabs.

See #26396.
Built from https://develop.svn.wordpress.org/trunk@36171


git-svn-id: http://core.svn.wordpress.org/trunk@36138 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-01-05 13:38:30 +00:00
Andrea Fercia
17f53091ed Bump H3 headings to H2 on the Network Admin > Sites > Edit Site screens.
The navigation tabs appear in an `<h3>` heading immediately following the main `<h1>` and need to have a proper hierarchy.
Also, fix the tabs focus style and introduce a new `.nav-tab-small` CSS class.

Fixes #34079.
Built from https://develop.svn.wordpress.org/trunk@34913


git-svn-id: http://core.svn.wordpress.org/trunk@34878 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-07 17:35:24 +00:00
Helen Hou-Sandí
48befcf361 Superglobals: Revert [34059] until further notice.
see #33837.

Built from https://develop.svn.wordpress.org/trunk@34265


git-svn-id: http://core.svn.wordpress.org/trunk@34229 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-17 12:33:26 +00:00
Scott Taylor
cd7c0f0b0d Introduce wp_validate_action( $action = '' ), a helper function that checks $_REQUEST for action and returns it, or empty string if not present. If $action is passed, it checks to make sure they match before returning it, or an empty string. Strings are always returned to avoid returning multiple types.
Implementing this removes 27 uses of direct superglobal access in the admin.

For more reading:
https://codeclimate.com/github/WordPress/WordPress/wp-admin/edit-comments.php

See #33837.

Built from https://develop.svn.wordpress.org/trunk@34059


git-svn-id: http://core.svn.wordpress.org/trunk@34027 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-11 21:08:26 +00:00
Jeremy Felt
af557379da Multisite: Update help tab text for site-info.php to reference "site URL".
In [32759] and [33586], we combined the domain and path entry for a site to a single "Site URL" field. This updates the help text to reflect that.

Fixes #33748. See #22383.

Built from https://develop.svn.wordpress.org/trunk@33921


git-svn-id: http://core.svn.wordpress.org/trunk@33890 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-05 20:53:24 +00:00
Scott Taylor
c15a1c2bab Replace some hyphens with &mdash;s in admin help tabs.
Props pixolin.
Fixes #30605.

Built from https://develop.svn.wordpress.org/trunk@33641


git-svn-id: http://core.svn.wordpress.org/trunk@33608 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-08-19 04:53:25 +00:00
Helen Hou-Sandí
d03082323e Network admin: Internationalize some existing strings that were missed in [33186].
Also adds the trailing slash to the `get_home_url()` calls.

props johnbillion.
fixes #33317.

Built from https://develop.svn.wordpress.org/trunk@33603


git-svn-id: http://core.svn.wordpress.org/trunk@33570 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-08-10 18:11:25 +00:00
Jeremy Felt
1e5b0ff0fa Multisite: Use single URL input when editing sites in a subdirectory configuration
In [32759], we adjusted `site-info.php` to display a single input for a site's full URL if the network was configured for subdomains. We also enforced path only editing for non-subdomain networks, which is a regression in expected behavior.

The full URL of a site can now be edited in both subdomain and subdirectory configurations.

Props @michaelryanmcneill.
Fixes #22383.

Built from https://develop.svn.wordpress.org/trunk@33586


git-svn-id: http://core.svn.wordpress.org/trunk@33553 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-08-05 03:34:25 +00:00
Jeremy Felt
a5f6dd3ea1 Network Admin: Improved header information in Edit Site tabs.
* Use the site's name rather than URL in the Edit Site header.
* Provide "Visit" and "Dashboard" links for the site on all tabs.

Props @Fab1en, @jeremyfelt.
Fixes #32525.

Built from https://develop.svn.wordpress.org/trunk@33186


git-svn-id: http://core.svn.wordpress.org/trunk@33158 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-13 00:27:24 +00:00
Jeremy Felt
eb26a74073 Avoid PHP notice when attempting to edit a site that does not exist.
Show a more explicit error - "The requested site does not exist."

Fixes #32934.

Built from https://develop.svn.wordpress.org/trunk@33144


git-svn-id: http://core.svn.wordpress.org/trunk@33115 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-09 16:29:24 +00:00
Konstantin Obenland
7dc1d06e64 Proper heading for admin screens.
First step towards restoring a good heading structure in wp-admin.
The previous `<h1>` contained the site title and a link to the front page and was removed with the toolbar refactoring in 3.2.

Props joedolson, afercia.
Fixes #31650.


Built from https://develop.svn.wordpress.org/trunk@32974


git-svn-id: http://core.svn.wordpress.org/trunk@32945 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-06-27 15:41:25 +00:00
Jeremy Felt
8daec04557 Remove a now unused switch_to_blog() and restore_current_blog() in site-info.php
Now that we decide when to automatically update `home` and `siteurl`, we no longer need to switch to the site while displaying the form output.

See #32503.

Built from https://develop.svn.wordpress.org/trunk@32761


git-svn-id: http://core.svn.wordpress.org/trunk@32732 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-06-14 08:23:26 +00:00
Jeremy Felt
da35c25fb7 Remove the "Update siteurl and home as well" checkbox when editing a site
Rather than provide a checkbox to update the `siteurl` and `home` options, we can make an educated decision based on the current state. If the home and/or siteurl domain and path match the existing domain and path of the site, then we update with the new information.

Also, while scheme is not stored in `wp_blogs` along with a site, the scheme of the `home` and `siteurl` options can now be modified via the Site URL setting in `site-info.php` when the `home` and/or `siteurl` options match the existing domain.

Props @hugobaeta, @earnjam, @jeremyfelt.
Fixes #32503, see #22383.

Built from https://develop.svn.wordpress.org/trunk@32760


git-svn-id: http://core.svn.wordpress.org/trunk@32731 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-06-14 07:52:24 +00:00
Jeremy Felt
186c37a325 Capture domain and path when editing sites on a subdomain network
When a network is configured as subdomain, allow for the input of arbitrary domain and path combinations when editing a site rather than just the domain.

This takes a step or two toward #32503.

Props @scribu, @ericlewis, @jeremyfelt.
See #22383.

Built from https://develop.svn.wordpress.org/trunk@32759


git-svn-id: http://core.svn.wordpress.org/trunk@32730 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-06-14 07:09:25 +00:00
Jeremy Felt
f996e163b8 Improve code readability in site-info.php
In advance of some other work here, clean up some braces and spaces.

See #22383.

Built from https://develop.svn.wordpress.org/trunk@32758


git-svn-id: http://core.svn.wordpress.org/trunk@32729 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-06-14 05:01:28 +00:00
Andrew Nacin
9e92fab289 Update wp_die() calls modified in [31658] to use shorthand calling style.
see #31422.

Built from https://develop.svn.wordpress.org/trunk@32152


git-svn-id: http://core.svn.wordpress.org/trunk@32127 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-20 03:27:27 +00:00
Dominik Schilling
64fc7294b6 Use HTTPS URLs for codex.wordpress.org.
see #27115.
Built from https://develop.svn.wordpress.org/trunk@32116


git-svn-id: http://core.svn.wordpress.org/trunk@32095 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-12 21:29:32 +00:00
Helen Hou-Sandí
d85f8fe326 Admin notices: Make (most) core notices dismissible.
These no longer return upon refreshing the page when JS is on and working, so users should be able to dismiss them. This is particularly important on the post edit screen when DFW is triggered, but pretty much all notices can be dismissed if needed. A post on Make/Core will follow with information on how this can be leveraged in plugins.

props valendesigns, afercia, paulwilde, adamsilverstein, helen.
fixes #31233. see #23367.

Built from https://develop.svn.wordpress.org/trunk@31973


git-svn-id: http://core.svn.wordpress.org/trunk@31952 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-01 22:06:28 +00:00
Sergey Biryukov
d013c703e4 Merge title strings on Edit Site screens.
props ramiy.
fixes #31844.
Built from https://develop.svn.wordpress.org/trunk@31962


git-svn-id: http://core.svn.wordpress.org/trunk@31941 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-01 18:00:28 +00:00
Jeremy Felt
80d13281ed Return HTTP status code 403 in network admin when access is forbidden.
When the error message "You do not have permission to access this page" is used in network admin screens, return an HTTP status code of 403 to match. Previously: [30356] and [31300].

Props yo-l1982.

Fixes #31422.

Built from https://develop.svn.wordpress.org/trunk@31658


git-svn-id: http://core.svn.wordpress.org/trunk@31639 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-03-07 06:00:28 +00:00
Jeremy Felt
7644e68119 Provide proper label associations and descriptions throughout the network admin
* Add labels previously missing for many inputs throughout the network admin screen.
* Add proper `aria-describedby` attributes to provide better descriptions.
* Wrap grouped inputs with `fieldset` elements.
* Remove now unneeded `title` attributes when appropriate.

Props cfoellmann, afercia, rianrietveld.

Fixes #38406.

Built from https://develop.svn.wordpress.org/trunk@31517


git-svn-id: http://core.svn.wordpress.org/trunk@31498 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-02-23 02:29:26 +00:00
Jeremy Felt
40bcb404a3 Update home and siteurl after path slashes are validated in update_blog_details()
When editing a site, if `home` and `siteurl` are checked to be updated along with a site's domain and path, they should receive the results of any modifications in `update_blog_details()` rather than trusting the POST data.

Previously, it was possible to save a value without a leading slash on the path, causing an invalid URL to be stored.

Props earnjam.

Fixes #30417.

Built from https://develop.svn.wordpress.org/trunk@31156


git-svn-id: http://core.svn.wordpress.org/trunk@31137 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-12 01:57:23 +00:00
Dominik Schilling
184d327ff4 Network Admin: Improve width of input fields on Add New Site and Edit Site screens.
props honeysilvas.
fixes #16383.
Built from https://develop.svn.wordpress.org/trunk@30578


git-svn-id: http://core.svn.wordpress.org/trunk@30568 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-26 19:51:23 +00:00
Drew Jaynes
097dc8ee15 Fix syntax for single- and multi-line comments in wp-admin-directory files.
See #28931.

Built from https://develop.svn.wordpress.org/trunk@29206


git-svn-id: http://core.svn.wordpress.org/trunk@28990 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-07-17 09:14:16 +00:00
Sergey Biryukov
66bfea485a Display the site scheme, not the current scheme on Edit Site screen in network admin.
props johnbillion.
fixes #28406.
Built from https://develop.svn.wordpress.org/trunk@28643


git-svn-id: http://core.svn.wordpress.org/trunk@28461 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-30 22:01:15 +00:00
Scott Taylor
130771a383 hackificator doesn't like mixed quote styles in some generated HTML. The switch from single to double allows these files to be parsed.
See #27881.

Built from https://develop.svn.wordpress.org/trunk@28497


git-svn-id: http://core.svn.wordpress.org/trunk@28323 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-19 01:59:15 +00:00
Andrew Nacin
dce0b9adea Use SSL when linking to WordPress.org. see #27115.
Built from https://develop.svn.wordpress.org/trunk@27469


git-svn-id: http://core.svn.wordpress.org/trunk@27314 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-03-08 04:14:15 +00:00
Andrew Ozz
8d6059b383 Remove all screen_icon() calls and deprecate the functions, props TobiasBg, fixes #26119
Built from https://develop.svn.wordpress.org/trunk@26518


git-svn-id: http://core.svn.wordpress.org/trunk@26411 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-12-02 03:53:11 +00:00
Andrew Nacin
fd57b239d2 Don't rely on include_path to include files.
Always use dirname() or, once available, ABSPATH.

props ketwaroo, hakre.
fixes #17092.

Built from https://develop.svn.wordpress.org/trunk@25616


git-svn-id: http://core.svn.wordpress.org/trunk@25533 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-09-25 00:18:11 +00:00
Andrew Nacin
5cb01f0b9b Stop using get_blogaddress_by_domain() when updating the siteurl/homeurl from the network admin.
props jeremyfelt, SergeyBiryukov.
fixes #18242. see #25235.

Built from https://develop.svn.wordpress.org/trunk@25261


git-svn-id: http://core.svn.wordpress.org/trunk@25229 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-09-05 18:49:09 +00:00
Ryan Boren
f3a83744e9 Use wp_unslash() instead of stripslashes() and stripslashes_deep(). Use wp_slash() instead of add_magic_quotes().
git-svn-id: http://core.svn.wordpress.org/trunk@23567 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-01 17:14:09 +00:00
Ryan Boren
43a7e695e9 Revert 23416, 23419, 23445 except for wp_reset_vars() changes. We are going a different direction with the slashing cleanup, so resetting to a clean slate. see #21767
git-svn-id: http://core.svn.wordpress.org/trunk@23554 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-01 16:28:40 +00:00
Ryan Boren
cc5ed3a485 Change all core API to expect unslashed rather than slashed arguments.
The exceptions to this are update_post_meta() and add_post_meta() which are often used by plugins in POST handlers and will continue accepting slashed data for now.

Introduce wp_upate_post_meta() and wp_add_post_meta() as unslashed alternatives to update_post_meta() and add_post_meta(). These functions could become methods in WP_Post so don't use them too heavily yet.

Remove all escape() calls from wp_xmlrpc_server. Now that core expects unslashed data this is no longer needed.

Remove addslashes(), addslashes_gpc(), add_magic_quotes() calls on data being prepared for handoff to core functions that until now expected slashed data. Adding slashes in no longer necessary.

Introduce wp_unslash() and use to it remove slashes from GPCS data before using it in core API. Almost every instance of stripslashes() in core should now be wp_unslash(). In the future (a release or three) when GPCS is no longer slashed, wp_unslash() will stop stripping slashes and simply return what is passed. At this point wp_unslash() calls can be removed from core.

Introduce wp_slash() for slashing GPCS data. This will also turn into a noop once GPCS is no longer slashed. wp_slash() should almost never be used. It is mainly of use in unit tests.

Plugins should use wp_unslash() on data being passed to core API.

Plugins should no longer slash data being passed to core. So when you get_post() and then wp_insert_post() the post data from get_post() no longer needs addslashes(). Most plugins were not bothering with this. They will magically start doing the right thing. Unfortunately, those few souls who did it properly will now have to avoid calling addslashes() for 3.6 and newer.

Use wp_kses_post() and wp_kses_data(), which expect unslashed data, instead of wp_filter_post_kses() and wp_filter_kses(), which expect slashed data. Filters are no longer passed slashed data.

Remove many no longer necessary calls to $wpdb->escape() and esc_sql().

In wp_get_referer() and wp_get_original_referer(), return unslashed data.

Remove old stripslashes() calls from WP_Widget::update() handlers. These haven't been necessary since WP_Widget.

Switch several queries over to prepare().

Expect something to break.

Props alexkingorg
see #21767


git-svn-id: http://core.svn.wordpress.org/trunk@23416 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-02-14 22:51:06 +00:00