Commit Graph

64 Commits

Author SHA1 Message Date
Ryan Boren
15a06a35ab Use wp_unslash() instead of stripslashes() and stripslashes_deep(). Use wp_slash() instead of add_magic_quotes().
see #WP21767


git-svn-id: http://core.svn.wordpress.org/trunk@23591 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-03 16:30:38 +00:00
Ryan Boren
43a7e695e9 Revert 23416, 23419, 23445 except for wp_reset_vars() changes. We are going a different direction with the slashing cleanup, so resetting to a clean slate. see #21767
git-svn-id: http://core.svn.wordpress.org/trunk@23554 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-01 16:28:40 +00:00
Ryan Boren
cc5ed3a485 Change all core API to expect unslashed rather than slashed arguments.
The exceptions to this are update_post_meta() and add_post_meta() which are often used by plugins in POST handlers and will continue accepting slashed data for now.

Introduce wp_upate_post_meta() and wp_add_post_meta() as unslashed alternatives to update_post_meta() and add_post_meta(). These functions could become methods in WP_Post so don't use them too heavily yet.

Remove all escape() calls from wp_xmlrpc_server. Now that core expects unslashed data this is no longer needed.

Remove addslashes(), addslashes_gpc(), add_magic_quotes() calls on data being prepared for handoff to core functions that until now expected slashed data. Adding slashes in no longer necessary.

Introduce wp_unslash() and use to it remove slashes from GPCS data before using it in core API. Almost every instance of stripslashes() in core should now be wp_unslash(). In the future (a release or three) when GPCS is no longer slashed, wp_unslash() will stop stripping slashes and simply return what is passed. At this point wp_unslash() calls can be removed from core.

Introduce wp_slash() for slashing GPCS data. This will also turn into a noop once GPCS is no longer slashed. wp_slash() should almost never be used. It is mainly of use in unit tests.

Plugins should use wp_unslash() on data being passed to core API.

Plugins should no longer slash data being passed to core. So when you get_post() and then wp_insert_post() the post data from get_post() no longer needs addslashes(). Most plugins were not bothering with this. They will magically start doing the right thing. Unfortunately, those few souls who did it properly will now have to avoid calling addslashes() for 3.6 and newer.

Use wp_kses_post() and wp_kses_data(), which expect unslashed data, instead of wp_filter_post_kses() and wp_filter_kses(), which expect slashed data. Filters are no longer passed slashed data.

Remove many no longer necessary calls to $wpdb->escape() and esc_sql().

In wp_get_referer() and wp_get_original_referer(), return unslashed data.

Remove old stripslashes() calls from WP_Widget::update() handlers. These haven't been necessary since WP_Widget.

Switch several queries over to prepare().

Expect something to break.

Props alexkingorg
see #21767


git-svn-id: http://core.svn.wordpress.org/trunk@23416 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-02-14 22:51:06 +00:00
Mark Jaquith
cd250fa7df Defer the meta_id-fetching query until after comparison of the previous value, so that redundant calls to update_metadata() can bail without making that query. props nacin. fixes #22191
git-svn-id: http://core.svn.wordpress.org/trunk@22231 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-10-15 05:51:38 +00:00
Ryan Boren
778ba1c1b2 Improve performance of WP_Meta_Query when doing OR queries on meta keys. Props joehoyle, SergeyBiryukov. fixes #19729
git-svn-id: http://core.svn.wordpress.org/trunk@22103 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-10-03 12:35:06 +00:00
nacin
aebd57c588 Add NOT EXISTS to meta queries, allowing you to query for the non-existence of a meta key.
You could already use EXISTS by omitting a value to check.

props georgestephanis, scribu
fixes #18158



git-svn-id: http://core.svn.wordpress.org/trunk@21185 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-06-29 19:59:29 +00:00
nacin
c7cf0927fc Use the metadata API rather than raw queries and direct do_action calls. see #20417.
git-svn-id: http://svn.automattic.com/wordpress/trunk@20435 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-04-11 20:02:39 +00:00
nacin
0730535015 Introduce $wpdb->delete(). props justindgivens, scribu. fixes #18948.
git-svn-id: http://svn.automattic.com/wordpress/trunk@20287 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-03-24 15:24:31 +00:00
ryan
e3b46b25d3 Lose EOF ?>. Clean up EOF newlines. fixes #12307
git-svn-id: http://svn.automattic.com/wordpress/trunk@19712 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-01-08 17:01:11 +00:00
ryan
07ff8b216b Use one space, not two, after trailing punctuation. fixes #19537
git-svn-id: http://svn.automattic.com/wordpress/trunk@19593 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-12-13 23:45:31 +00:00
ryan
62afab8db3 Pinking shears
git-svn-id: http://svn.automattic.com/wordpress/trunk@19054 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-10-24 19:13:23 +00:00
duck_
d5232043ce Fix back compat issues with delete_postmeta and deleted_postmeta actions as these should be passed the meta ID. Fixes #18825.
git-svn-id: http://svn.automattic.com/wordpress/trunk@18835 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-09-30 15:19:32 +00:00
duck_
fda510aca1 Automatically set 'compare' => 'IN' in WP_Meta_Query::get_sql() when the meta value is an array. Props ldebrouwer, SergeyBiryukov. Fixes #16829.
git-svn-id: http://svn.automattic.com/wordpress/trunk@18825 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-09-29 22:10:56 +00:00
nacin
1066f1addb Pass unslashed values from update_metadata() to add_metadata(). fixes #17343.
git-svn-id: http://svn.automattic.com/wordpress/trunk@18816 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-09-29 19:37:58 +00:00
nacin
cb21513a15 Fix docs for get_meta_sql(). First arg cannot be optional. props duck_, fixes #18717.
git-svn-id: http://svn.automattic.com/wordpress/trunk@18789 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-09-27 05:13:07 +00:00
ryan
0f06334e11 Introduce metadata_exists(), WP_User::get_data_by(), WP_User::get(), WP_User::has_prop(). Don't fill user objects with meta. Eliminate data duplication in cache and memory. Props scribu. see #15458
git-svn-id: http://svn.automattic.com/wordpress/trunk@18597 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-08-24 19:32:59 +00:00
ryan
24d480d088 Turn delete_meta() , get_post_meta_by_id(), update_meta(), delete_post_meta_by_key() into wrappers around the metadata API. Add back compat *_postmeta actions to metadata API. Props jgadbois. see #18196
git-svn-id: http://svn.automattic.com/wordpress/trunk@18500 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-08-03 16:48:37 +00:00
ryan
cd801aad2d update_metadata_by_mid() and delete_metadata_by_mid(). Props kovshenin. see #18195
git-svn-id: http://svn.automattic.com/wordpress/trunk@18494 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-08-01 17:01:54 +00:00
ryan
4ad0954961 Introduce register_meta(), get_metadata_by_mid(), and *_post_meta capabilities. fixes #17850
git-svn-id: http://svn.automattic.com/wordpress/trunk@18445 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-07-20 22:04:35 +00:00
nacin
2571545ec0 @since s/3.2/3.2.0/
git-svn-id: http://svn.automattic.com/wordpress/trunk@18268 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-06-11 04:40:18 +00:00
ryan
daa14c36f9 Bring out the pinking shears.
git-svn-id: http://svn.automattic.com/wordpress/trunk@18254 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-06-10 23:01:45 +00:00
ryan
4da684cf9a Update @since
git-svn-id: http://svn.automattic.com/wordpress/trunk@18032 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-05-25 15:47:17 +00:00
ryan
81a5f821fb Sanitize guid on save and display. Sanitize mime type on save. Don't allow changing mime type via edit form handlers. Protect hidden meta.
git-svn-id: http://svn.automattic.com/wordpress/trunk@17994 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-05-22 23:19:42 +00:00
dd32
911af51915 Properly handle querying for meta by value without a key as well as those with invalid parameters. Props scribu. See #17264
git-svn-id: http://svn.automattic.com/wordpress/trunk@17746 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-04-28 15:02:16 +00:00
ryan
0667ceb3be Introduce WP_Meta_Query and relation support. Props scribu, greuben. fixes #17165 #17011
git-svn-id: http://svn.automattic.com/wordpress/trunk@17699 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-04-25 17:27:35 +00:00
ryan
686c35340b Allow querying empty meta values. Props scribu. fixes #15292
git-svn-id: http://svn.automattic.com/wordpress/trunk@17674 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-04-21 18:13:03 +00:00
ryan
238dff4948 Avoid var name conflict in _get_meta_sql(). Fixes type var passed to get_meta_sql filter. Props Rahe, nacin. fixes #16825 for trunk
git-svn-id: http://svn.automattic.com/wordpress/trunk@17530 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-03-22 20:35:47 +00:00
nacin
f508173dc0 get_meta_sql should be private. see #14645.
git-svn-id: http://svn.automattic.com/wordpress/trunk@17170 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-12-29 19:31:35 +00:00
ryan
eb9fa27602 Add 'who' arg to wp_dropdown_users() and get_users(). Add' hide_if_only_one_author' argument to get_users(). Query only authors (user level greater than 0) when who => author is passed. Query only authors for author meta box and quick edit dropdowns. Props scribu. fixes #15871
git-svn-id: http://svn.automattic.com/wordpress/trunk@17088 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-12-20 17:25:39 +00:00
ryan
2cc6b2e7ff phpdoc notation fixes. Props demetris. fixes #15852
git-svn-id: http://svn.automattic.com/wordpress/trunk@17009 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-12-16 22:46:13 +00:00
nacin
899f0e115d Allow actual DB fields in WP_User_Query orderby. props duck, see #15816.
git-svn-id: http://svn.automattic.com/wordpress/trunk@16953 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-12-15 16:51:38 +00:00
ryan
21650c59bc Meta data caching improvements. Props mdawaffe. see #15545
git-svn-id: http://svn.automattic.com/wordpress/trunk@16596 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-26 21:35:26 +00:00
ryan
01a32c0af0 Use wp_cache_add() instead of wp_cache_set() in update_meta_cache(). fixes #15452
git-svn-id: http://svn.automattic.com/wordpress/trunk@16437 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-17 18:25:42 +00:00
scribu
8cf88a2e84 Minor get_meta_sql() cleanup. See #9124
git-svn-id: http://svn.automattic.com/wordpress/trunk@16410 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-17 00:27:34 +00:00
scribu
40b2c5b6c5 Kill WP_Object_Query. See #15032
git-svn-id: http://svn.automattic.com/wordpress/trunk@16353 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-13 18:32:43 +00:00
scribu
8885e4f78e Add context to get_meta_sql(). See #15018
git-svn-id: http://svn.automattic.com/wordpress/trunk@16286 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-11 10:06:05 +00:00
scribu
db1d9369eb Make get_meta_sql() a standalone function. See #15032
git-svn-id: http://svn.automattic.com/wordpress/trunk@16266 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-09 23:22:13 +00:00
scribu
8a95232377 Fix inconsistencies in metadata filters. Props sc0ttkclark. See #14766
git-svn-id: http://svn.automattic.com/wordpress/trunk@16017 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-10-27 17:45:08 +00:00
scribu
f7bb6febeb Add filters to *_metadata() functions. Props sc0ttkclark. Fixes #14766
git-svn-id: http://svn.automattic.com/wordpress/trunk@15983 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-10-26 19:11:27 +00:00
ryan
2e486e7b10 Actions for adding and deleting meta. Props wojtek.szkutnik mitchoyoshitaka. fixes #14173
git-svn-id: http://svn.automattic.com/wordpress/trunk@15917 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-10-22 19:18:33 +00:00
nacin
5a20c05d27 Phpdoc argument/@param cleanups. props duck_, see #14783.
git-svn-id: http://svn.automattic.com/wordpress/trunk@15590 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-09-07 11:21:11 +00:00
ryan
3a5154435e Perform strict equality comparison. Props shawnparker. fixes #13350 for 3.1
git-svn-id: http://svn.automattic.com/wordpress/trunk@15389 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-07-12 15:28:31 +00:00
ryan
b2150816f8 Don't update meta data when the new value matches the old value. fixes #13350
git-svn-id: http://svn.automattic.com/wordpress/trunk@14564 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-05-11 17:35:07 +00:00
nacin
4e6574f0ac Revert patch for expecting unslashed data in the metadata API. Had snuck in with [14546]. see #12416.
git-svn-id: http://svn.automattic.com/wordpress/trunk@14547 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-05-10 20:51:58 +00:00
nacin
d91623d3d0 Fix double-tabbing in get_dropins.
git-svn-id: http://svn.automattic.com/wordpress/trunk@14546 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-05-10 20:41:14 +00:00
ryan
e1fe1b138e Pass unserializeds value to meta actions.
git-svn-id: http://svn.automattic.com/wordpress/trunk@14308 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-04-29 19:26:40 +00:00
ryan
4939a7610a clean_user_cache() instead of direct cache delete.
git-svn-id: http://svn.automattic.com/wordpress/trunk@14305 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-04-29 18:32:01 +00:00
ryan
ec46abfe29 Reset the global current_user object when the current user is changed.
git-svn-id: http://svn.automattic.com/wordpress/trunk@14302 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-04-29 18:24:18 +00:00
ryan
41a9873022 Clear the users cache when updating user metadata. fixes #13075
git-svn-id: http://svn.automattic.com/wordpress/trunk@14179 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-04-21 18:25:03 +00:00
dd32
5fc388aa29 Fix Metadata deletion. See #12414 for trunk
git-svn-id: http://svn.automattic.com/wordpress/trunk@13496 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-02-28 10:07:55 +00:00