Upstream
/
WordPress
mirror of https://github.com/WordPress/WordPress.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
21,604 Commits 48 Branches 719 Tags 907 MiB
Commit Graph

310 Commits

Author SHA1 Message Date
Ryan Boren 315bfb019a Use wp_unslash() instead of stripslashes() and stripslashes_deep(). Use wp_slash() instead of add_magic_quotes(). 
see #21767


git-svn-id: http://core.svn.wordpress.org/trunk@23594 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-03-03 21:11:40 +00:00
Sergey Biryukov ed830a979b Consistently apply 'register' filter. props wonderboymusic for initial patch. fixes #14406. 
git-svn-id: http://core.svn.wordpress.org/trunk@23558 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-03-01 16:43:18 +00:00
Ryan Boren 43a7e695e9 Revert 23416, 23419, 23445 except for wp_reset_vars() changes. We are going a different direction with the slashing cleanup, so resetting to a clean slate. see #21767 
git-svn-id: http://core.svn.wordpress.org/trunk@23554 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-03-01 16:28:40 +00:00
Andrew Ozz 0910d5755e Improved logged out warnings, first run, props mintindeed, see #23295 
git-svn-id: http://core.svn.wordpress.org/trunk@23504 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-02-28 08:57:17 +00:00
Ryan Boren cc5ed3a485 Change all core API to expect unslashed rather than slashed arguments. 
The exceptions to this are update_post_meta() and add_post_meta() which are often used by plugins in POST handlers and will continue accepting slashed data for now.

Introduce wp_upate_post_meta() and wp_add_post_meta() as unslashed alternatives to update_post_meta() and add_post_meta(). These functions could become methods in WP_Post so don't use them too heavily yet.

Remove all escape() calls from wp_xmlrpc_server. Now that core expects unslashed data this is no longer needed.

Remove addslashes(), addslashes_gpc(), add_magic_quotes() calls on data being prepared for handoff to core functions that until now expected slashed data. Adding slashes in no longer necessary.

Introduce wp_unslash() and use to it remove slashes from GPCS data before using it in core API. Almost every instance of stripslashes() in core should now be wp_unslash(). In the future (a release or three) when GPCS is no longer slashed, wp_unslash() will stop stripping slashes and simply return what is passed. At this point wp_unslash() calls can be removed from core.

Introduce wp_slash() for slashing GPCS data. This will also turn into a noop once GPCS is no longer slashed. wp_slash() should almost never be used. It is mainly of use in unit tests.

Plugins should use wp_unslash() on data being passed to core API.

Plugins should no longer slash data being passed to core. So when you get_post() and then wp_insert_post() the post data from get_post() no longer needs addslashes(). Most plugins were not bothering with this. They will magically start doing the right thing. Unfortunately, those few souls who did it properly will now have to avoid calling addslashes() for 3.6 and newer.

Use wp_kses_post() and wp_kses_data(), which expect unslashed data, instead of wp_filter_post_kses() and wp_filter_kses(), which expect slashed data. Filters are no longer passed slashed data.

Remove many no longer necessary calls to $wpdb->escape() and esc_sql().

In wp_get_referer() and wp_get_original_referer(), return unslashed data.

Remove old stripslashes() calls from WP_Widget::update() handlers. These haven't been necessary since WP_Widget.

Switch several queries over to prepare().

Expect something to break.

Props alexkingorg
see #21767


git-svn-id: http://core.svn.wordpress.org/trunk@23416 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-02-14 22:51:06 +00:00
Sergey Biryukov 94e5df7d3e Simplify the logic for printing "Lost your password?" link. props ktdreyer. fixes #16498. 
git-svn-id: http://core.svn.wordpress.org/trunk@23336 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-01-23 02:08:44 +00:00
Ryan Boren d4abd95449 Scope button classes so they can be used on the frontend without interfering with theme styles. 
Props helenyhou, koopersmith
fixes #22644


git-svn-id: http://core.svn.wordpress.org/trunk@22948 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2012-11-30 13:40:59 +00:00
Andrew Nacin 10b381a047 Revert type="email" on the registration form to avoid validation issues. see #22183. 
git-svn-id: http://core.svn.wordpress.org/trunk@22413 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2012-11-07 07:47:52 +00:00
Andrew Ozz 8c4d96b05a Buttons: slightly bolder :focus styles, make the "Log In" button '.button-large', props lessbloat, see #21598 
git-svn-id: http://core.svn.wordpress.org/trunk@22288 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2012-10-24 01:27:56 +00:00
Ryan Boren 51920e1858 Consolidate some strings. Props pavelevap, SergeyBiryukov. see #21728 
git-svn-id: http://core.svn.wordpress.org/trunk@22124 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2012-10-05 19:04:34 +00:00
Andrew Nacin 71d750b450 Add a login_body_class filter to login_header(). fixes #21133. 
git-svn-id: http://core.svn.wordpress.org/trunk@22000 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2012-09-25 09:13:06 +00:00
Andrew Nacin 557d9313a7 Introduce constants to allow for easier expression of time periods in seconds. Adds MINUTE_IN_SECONDS, HOUR_IN_SECONDS, DAY_IN_SECONDS, WEEK_IN_SECONDS, YEAR_IN_SECONDS. props nbachiyski, SergeyBiryukov. fixes #20987. 
git-svn-id: http://core.svn.wordpress.org/trunk@21996 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2012-09-25 05:26:19 +00:00
Peter Westwood e1b861e1cb Passwords: Make it possible for plugins to enforce extra password strength / validity rules during the reset process. 
Adds a filter in the password reset process so that a plugin can enforce particular password rules on users to compliment the existing filtering in the Profile modification process.
Fixes #21778.


git-svn-id: http://core.svn.wordpress.org/trunk@21923 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2012-09-20 11:01:29 +00:00
Andrew Nacin 87c947a987 Use network_site_url() for wp-signup.php. props markjaquith. see #19796. 
git-svn-id: http://core.svn.wordpress.org/trunk@21813 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2012-09-11 12:27:25 +00:00
Ryan Boren c55cf716da Use set_url_scheme(). Props johnbillion, MarcusPope. see #19037 #20759 
git-svn-id: http://core.svn.wordpress.org/trunk@21664 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2012-08-30 13:33:00 +00:00
Ryan Boren 8eb21fd381 Use admin_url() instead of get_edit_user_link() in wp-login.php since cookies are not yet set. Props SergeyBiryukov. fixes #14787 
git-svn-id: http://core.svn.wordpress.org/trunk@21507 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2012-08-14 19:10:37 +00:00
ryan 7b49ad8493 Introduce get_edit_user_link(). Props scribu, georgestephanis, johnbillion. fixes #14787 see #20307 
git-svn-id: http://core.svn.wordpress.org/trunk@21364 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2012-07-30 18:30:03 +00:00
azaozz 34535097b7 Remove nearly all tabindex attributes from the admin, leaving them only where absolutely necessary (for now that's only the toolbar). 
Add tabindex="-1" for the menu images links to avoid double tab stops there when the menu is expanded.

Fix/add auto-focus on the first input fields on the Add/Edit Post, all taxonomy, all edit taxonomy, Log In and Edit Comment screens.

See #21340.

git-svn-id: http://core.svn.wordpress.org/trunk@21311 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2012-07-24 00:15:15 +00:00
nacin 489f6828d8 Only obey the RELOCATE move flag if it evaluates to true. props TomAuger, JustinSainton, fixes #20636. 
git-svn-id: http://core.svn.wordpress.org/trunk@21251 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2012-07-09 19:32:09 +00:00
nacin 69112517ed Refresh nonces in the customizer. props koopersmith. see #20876. 
git-svn-id: http://core.svn.wordpress.org/trunk@21135 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2012-06-26 18:48:18 +00:00
ryan 9115435213 Customizer: Gravefully handle cookie expipration. Prompt for log in in the preview. Props ocean90, koopersmith, nacin. fixes #20876 
git-svn-id: http://core.svn.wordpress.org/trunk@21031 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2012-06-08 19:22:11 +00:00
nacin 9f97ddf45c When auth_redirect() detects a logged out user and the target 
page was about.php?updated, then issue a message welcoming them.

This is to prevent it from being so jolting if you are taken to
the login screen after an update.

In WordPress 3.4, the changes to wp_salt() provide for extra
security, but will cause a log-out for any installs without 8
unique keys and salts in wp-config.php (with some exceptions).
Properly re-issuing cookies, even for the logged in user, is
not easily doable via admin/includes/update-core.php, as that
file is included long after the headers are sent.

see #19599.



git-svn-id: http://core.svn.wordpress.org/trunk@20887 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2012-05-24 21:22:09 +00:00
azaozz 000b7a9313 Move mobile devices CSS from wp-login.php to wp-admin.css, props SergeyBiryukov, fixes #19673 
git-svn-id: http://svn.automattic.com/wordpress/trunk@20430 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2012-04-11 01:45:01 +00:00
azaozz 1d12cd07b0 Introduce wp_is_mobile() and use it instead of $is_iphone global, see #20014 
git-svn-id: http://svn.automattic.com/wordpress/trunk@20417 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2012-04-10 01:19:30 +00:00
ryan 0dfe24e69b Set post password cookies via an action in wp-login.php. Retire wp-pass.php (one less root file). Obey login ssl preferences for post password form submission. Props SergeyBiryukov. fixes #19798 
git-svn-id: http://svn.automattic.com/wordpress/trunk@19925 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2012-02-14 18:29:22 +00:00
nacin e41d7ad161 Translate http://wordpress.org/ for the wp-login.php header image URL. Clean up. props zeo, fixes #19364. 
git-svn-id: http://svn.automattic.com/wordpress/trunk@19783 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2012-01-29 18:47:41 +00:00
ryan e3b46b25d3 Lose EOF ?>. Clean up EOF newlines. fixes #12307 
git-svn-id: http://svn.automattic.com/wordpress/trunk@19712 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2012-01-08 17:01:11 +00:00
nacin ed9d705b83 Use home URL, not siteurl, in the password reset email. fixes #19767. 
git-svn-id: http://svn.automattic.com/wordpress/trunk@19705 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2012-01-07 18:54:08 +00:00
duck_ 65b840b565 Fix mistakes in parameter documentation and add some missing param docs. See #19756. 
git-svn-id: http://svn.automattic.com/wordpress/trunk@19702 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2012-01-06 18:31:43 +00:00
ryan 83b131f8e3 User lowercase true, false, null instead of uppercase. Props c3mdigital, mfields. fixes #16302 
git-svn-id: http://svn.automattic.com/wordpress/trunk@19687 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2012-01-05 20:50:54 +00:00
ryan 07ff8b216b Use one space, not two, after trailing punctuation. fixes #19537 
git-svn-id: http://svn.automattic.com/wordpress/trunk@19593 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2011-12-13 23:45:31 +00:00
azaozz 4cd52de33b Align login box, messages, navigation links and header image on the login screen, props SergeyBiryukov and helenyhou, fixes #19331 
git-svn-id: http://svn.automattic.com/wordpress/trunk@19414 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2011-11-23 07:03:00 +00:00
ryan 45ddf08e07 Introduce wp_no_robots(). Call it for pages that should never be indexed, regardless of blog privacy settings. Props nacin. fixes #19251 
git-svn-id: http://svn.automattic.com/wordpress/trunk@19304 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2011-11-15 20:44:48 +00:00
nacin 065e4cba61 Use wp_login_url() where possible in wp-login.php. props ramiy for initial patch. Escape with a tin foil hat. fixes #19199. 
git-svn-id: http://svn.automattic.com/wordpress/trunk@19281 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2011-11-14 21:08:33 +00:00
nacin b6a2aab635 Add 'for' attributes to labels in wp-login.php for extra accessibility. props ppaire, fixes #19178. 
git-svn-id: http://svn.automattic.com/wordpress/trunk@19189 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2011-11-06 20:03:30 +00:00
nacin 13fc52f98f Remove CSS for interim-login. see #19120. 
git-svn-id: http://svn.automattic.com/wordpress/trunk@19124 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2011-11-02 22:47:21 +00:00
ryan b75f3e8f07 Avoid warning when user_login not in POST. Props ampt. fixes #18755 
git-svn-id: http://svn.automattic.com/wordpress/trunk@19056 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2011-10-24 21:31:30 +00:00
nacin 43eae59235 Translated strings in attributes require esc_attr(). s/_e/esc_attr_e/g 
git-svn-id: http://svn.automattic.com/wordpress/trunk@19028 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2011-10-20 15:04:46 +00:00
nacin 92ba22e537 Use wp_lostpassword_url() instead of site_url(wp-login...). Update wp_lostpassword_url() to use network_site_url(). props markoheijnen, fixes #18808. 
git-svn-id: http://svn.automattic.com/wordpress/trunk@19027 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2011-10-20 14:40:11 +00:00
nacin 3ff82a3786 Use input type=email on wp-login registration. props scottconnerly, fixes #18761. 
git-svn-id: http://svn.automattic.com/wordpress/trunk@18763 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2011-09-23 22:48:45 +00:00
azaozz 1cdec6ff6e Merge most admin css files, first run, see #18314 
git-svn-id: http://svn.automattic.com/wordpress/trunk@18577 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2011-08-21 03:46:43 +00:00
ryan ec4ccf2900 Deprecate get_userdatabylogin() and get_user_by_email(). Props scribu. fixes #18333 
git-svn-id: http://svn.automattic.com/wordpress/trunk@18513 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2011-08-05 16:57:31 +00:00
ryan 6c81d023bb Add magic get/set/isset methods to WP_User to avoid data duplication. Standardize on WP_User::ID. Props scribu. see #15458 
git-svn-id: http://svn.automattic.com/wordpress/trunk@18504 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2011-08-04 03:09:27 +00:00
azaozz 5256d7951f <!DOCTYPE html> for all, fixes #18202 
git-svn-id: http://svn.automattic.com/wordpress/trunk@18460 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2011-07-22 00:25:41 +00:00
ryan 4fa8ee19e4 Fix handing of super admins that don't have a blog in get_dashboard_url() and login. Props nacin. fixes #17829 
git-svn-id: http://svn.automattic.com/wordpress/trunk@18328 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2011-06-22 19:45:28 +00:00
koopersmith bc7d8a9dca Refresh login form styles to match admin style refresh. Props iammattthomas. see #17324. 
git-svn-id: http://svn.automattic.com/wordpress/trunk@18223 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2011-06-10 02:37:37 +00:00
nacin e7739ff5f6 Move charset declaration to just inside <head>. props niallkennedy, fixes #17148. 
git-svn-id: http://svn.automattic.com/wordpress/trunk@18206 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2011-06-08 22:22:07 +00:00
nacin 8bb7dfd228 Fix typo in docs. 
git-svn-id: http://svn.automattic.com/wordpress/trunk@17976 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2011-05-20 06:00:45 +00:00
ryan d4abef7def s/login_form/login_init/. Props sorich87. fixes #17411 
git-svn-id: http://svn.automattic.com/wordpress/trunk@17918 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2011-05-13 18:33:20 +00:00
ryan b58636e914 Send X-Frame-Options: SAMEORIGIN for admin and login pages. see #12293 
git-svn-id: http://svn.automattic.com/wordpress/trunk@17826 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2011-05-06 21:28:53 +00:00