Commit Graph

269 Commits

Author SHA1 Message Date
Scott Taylor
daa4b531e8 Fix several esoteric errors related to AJAX unit tests for comments:
* `wp_ajax_get_comments()` relies on the `$post_id` global - even though `$_POST['p']` is passed to every action in the test methods. If `$post_id` is still lingering in between tests and doesn't match `p` in the request, the cap check might pass while the queries for comments will blow up. I added `unset( $GLOBALS['post_id'] )` to `Tests_Ajax_GetComments::setUp()`.
* If the global `$post_id` is empty, but `$_REQUEST['p']` is not, `$post_id` is now set to `absint( $_REQUEST['p'] )` and sanity-checked in `wp_ajax_get_comments()`.
* `map_meta_cap()` always assumes that `get_comment()` succeeds when checking for the `edit_comment` cap. It doesn't. I added sanity checks in a few places where it will break early if `get_post()` or `get_comment()` are empty.
* `wp_update_comment()` always assumes `get_comment()` succeeds. It doesn't. I added a check for empty.

All AJAX unit tests run and pass in debug mode. All general unit tests pass against these changes.

Fixes #25282.


Built from https://develop.svn.wordpress.org/trunk@25438


git-svn-id: http://core.svn.wordpress.org/trunk@25360 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-09-14 18:36:09 +00:00
Scott Taylor
a563a5b2fa Replace the ancient phpfreaks.com RegEx to extract urls to ping with a more robust matcher. URLs with commas and things like & were not being pinged. The new matcher even works for most IDN URLs. Adds unit tests.
Fixes #9064.


Built from https://develop.svn.wordpress.org/trunk@25313


git-svn-id: http://core.svn.wordpress.org/trunk@25275 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-09-10 03:18:08 +00:00
Andrew Nacin
41f1cd687b WP_Date_Query.
props Viper007Bond.
see #18694.

Built from https://develop.svn.wordpress.org/trunk@25139


git-svn-id: http://core.svn.wordpress.org/trunk@25119 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-08-27 16:39:09 +00:00
Andrew Nacin
4493b8c97a Return 1 from get_comment_pages_count() when pagination is disabled.
props obenland.
fixes #17778.

Built from https://develop.svn.wordpress.org/trunk@25126


git-svn-id: http://core.svn.wordpress.org/trunk@25106 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-08-26 18:52:08 +00:00
Andrew Nacin
6bb179d880 Remove redundant sentence in the docblock of get_comment(). props jdgrimes, fixes #24904.
git-svn-id: http://core.svn.wordpress.org/trunk@24984 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-08-05 22:08:17 +00:00
Andrew Nacin
21a1fe8d4b Use wp_safe_remote_request() and friends instead of reject_unsafe_urls = true.
fixes #24646.



git-svn-id: http://core.svn.wordpress.org/trunk@24917 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-07-31 06:52:13 +00:00
Andrew Nacin
8d65dc2469 Use wp_slash() in places where we improperly used the DB API instead. see #21767.
git-svn-id: http://core.svn.wordpress.org/trunk@24713 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-07-16 14:19:03 +00:00
Sergey Biryukov
58c364947f PHPDoc fixes and additions. fixes #24616.
git-svn-id: http://core.svn.wordpress.org/trunk@24490 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-06-21 12:45:11 +00:00
Andrew Nacin
96ee267343 Better validation of the URL used in core HTTP requests.
git-svn-id: http://core.svn.wordpress.org/trunk@24480 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-06-21 06:07:47 +00:00
Ryan Boren
a2b4bc456f * Introduce wp_parse_post_content() and use it in setup_postdata(), get_the_content(), and get_the_remaining_content().
* Add a post ID argument to the_content(), get_the_content(), the_remaining_content(), and get_the_remaining_content().
* Pass the post ID to the the_content filter.
* Remove the format_pages global.
* Declare format_content and split_content as vars in WP_Post.
* phpdoc for the the_content filter that documents the new ID argument and denotes it as not-so-portable.

Props gcorne, DrewAPicture, duck_, aaroncampbell
see #24330


git-svn-id: http://core.svn.wordpress.org/trunk@24301 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-05-20 11:05:50 +00:00
Ryan Boren
7a1bc5769e Check for empty user agent to avoid notice.
Props sergej.mueller
fixes #22979


git-svn-id: http://core.svn.wordpress.org/trunk@24275 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-05-16 12:06:36 +00:00
Sergey Biryukov
415a5c60da * Pass ellipsis as a parameter to wp_html_excerpt() instead of appending it manually.
* Consolidate the logic to avoid appending ellipsis if the entire string is shown.
* Show ellipsis after truncated filenames and post titles.

props solarissmoke, bpetty, SergeyBiryukov. fixes #11446.

git-svn-id: http://core.svn.wordpress.org/trunk@24214 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-05-09 00:22:02 +00:00
Sergey Biryukov
57c10eadbb Use ellipsis instead of three dots. props tjsingleton, jordie23, wojtek.szkutnik, DrewAPicture, SergeyBiryukov. see #8714.
git-svn-id: http://core.svn.wordpress.org/trunk@24207 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-05-08 21:27:31 +00:00
Ryan Boren
375cb66409 Use prepare() for the duplicate comment query in wp_allow_comment().
see #21767


git-svn-id: http://core.svn.wordpress.org/trunk@23973 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-04-12 13:25:16 +00:00
Ryan Boren
15a06a35ab Use wp_unslash() instead of stripslashes() and stripslashes_deep(). Use wp_slash() instead of add_magic_quotes().
see #WP21767


git-svn-id: http://core.svn.wordpress.org/trunk@23591 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-03 16:30:38 +00:00
Sergey Biryukov
4847fe6efc Make sure the pings are only sent once per URL for a given post. props dllh. fixes #23217.
git-svn-id: http://core.svn.wordpress.org/trunk@23571 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-01 17:39:52 +00:00
Ryan Boren
43a7e695e9 Revert 23416, 23419, 23445 except for wp_reset_vars() changes. We are going a different direction with the slashing cleanup, so resetting to a clean slate. see #21767
git-svn-id: http://core.svn.wordpress.org/trunk@23554 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-01 16:28:40 +00:00
Ryan Boren
cc5ed3a485 Change all core API to expect unslashed rather than slashed arguments.
The exceptions to this are update_post_meta() and add_post_meta() which are often used by plugins in POST handlers and will continue accepting slashed data for now.

Introduce wp_upate_post_meta() and wp_add_post_meta() as unslashed alternatives to update_post_meta() and add_post_meta(). These functions could become methods in WP_Post so don't use them too heavily yet.

Remove all escape() calls from wp_xmlrpc_server. Now that core expects unslashed data this is no longer needed.

Remove addslashes(), addslashes_gpc(), add_magic_quotes() calls on data being prepared for handoff to core functions that until now expected slashed data. Adding slashes in no longer necessary.

Introduce wp_unslash() and use to it remove slashes from GPCS data before using it in core API. Almost every instance of stripslashes() in core should now be wp_unslash(). In the future (a release or three) when GPCS is no longer slashed, wp_unslash() will stop stripping slashes and simply return what is passed. At this point wp_unslash() calls can be removed from core.

Introduce wp_slash() for slashing GPCS data. This will also turn into a noop once GPCS is no longer slashed. wp_slash() should almost never be used. It is mainly of use in unit tests.

Plugins should use wp_unslash() on data being passed to core API.

Plugins should no longer slash data being passed to core. So when you get_post() and then wp_insert_post() the post data from get_post() no longer needs addslashes(). Most plugins were not bothering with this. They will magically start doing the right thing. Unfortunately, those few souls who did it properly will now have to avoid calling addslashes() for 3.6 and newer.

Use wp_kses_post() and wp_kses_data(), which expect unslashed data, instead of wp_filter_post_kses() and wp_filter_kses(), which expect slashed data. Filters are no longer passed slashed data.

Remove many no longer necessary calls to $wpdb->escape() and esc_sql().

In wp_get_referer() and wp_get_original_referer(), return unslashed data.

Remove old stripslashes() calls from WP_Widget::update() handlers. These haven't been necessary since WP_Widget.

Switch several queries over to prepare().

Expect something to break.

Props alexkingorg
see #21767


git-svn-id: http://core.svn.wordpress.org/trunk@23416 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-02-14 22:51:06 +00:00
Ryan Boren
353ef064ea Use microtime() instead of incrementors for last_changed to to avoid race conditions with cache evictions.
Props westi
fixes #23448


git-svn-id: http://core.svn.wordpress.org/trunk@23401 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-02-11 18:08:14 +00:00
Andrew Nacin
411acbdf43 Use correct cache bucket. Fixes copy-paste error in r23320. props kurtpayne. see #23167.
git-svn-id: http://core.svn.wordpress.org/trunk@23341 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-01-24 17:21:55 +00:00
Andrew Nacin
82e9c40482 Validate pingback source URIs. Less verbose errors.
git-svn-id: http://core.svn.wordpress.org/trunk@23329 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-01-22 22:30:08 +00:00
Andrew Nacin
abd37fe4a7 Comment Query: Use $this->query_vars instead of the nonexistent shorthand $q. see #23208.
git-svn-id: http://core.svn.wordpress.org/trunk@23325 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-01-22 16:54:38 +00:00
Ryan Boren
1b2b394a91 Avoid the appearance of a magic number.
Props nacin
see #23167


git-svn-id: http://core.svn.wordpress.org/trunk@23320 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-01-22 15:52:13 +00:00
Ryan Boren
48058dfb99 Explicitly set last_changed to 1 instead of the result of wp_cache_set(). Avoids ambiguity and works with cache backends that return void instead of boolean.
see #23167


git-svn-id: http://core.svn.wordpress.org/trunk@23319 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-01-22 15:46:16 +00:00
Peter Westwood
f683fc7677 Tighten our braces. Fixes #23118 props evansolomon.
git-svn-id: http://core.svn.wordpress.org/trunk@23265 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-01-04 10:13:51 +00:00
Helen Hou-Sandí
b1f1579604 its <=> it's in documentation, along with a rogue the, The, and looses. props trepmal. fixes #22665.
git-svn-id: http://core.svn.wordpress.org/trunk@23191 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-12-20 15:55:32 +00:00
Andrew Nacin
8762f64494 Duplicate comments should be allowed under a different comment parent. props andy. fixes #21609.
git-svn-id: http://core.svn.wordpress.org/trunk@22229 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-10-14 17:06:37 +00:00
Ryan Boren
a9e25d964e If wp_cache_incr() is not available fallback to get()/set(). fixes #22024
git-svn-id: http://core.svn.wordpress.org/trunk@22110 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-10-04 13:25:58 +00:00
Ryan Boren
f1385f2979 Restore the behavior of the 'all' status for comment queries. Props SergeyBiryukov. see #21101
git-svn-id: http://core.svn.wordpress.org/trunk@22090 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-10-01 15:31:40 +00:00
Ryan Boren
b1834eae16 Revert stowaway in [22087]
git-svn-id: http://core.svn.wordpress.org/trunk@22088 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-10-01 14:26:45 +00:00
Ryan Boren
75e64cface Reinit roles and the current user after switching the cache to the new blog in switch_to_blog() and restore_current_blog(). Props joostdekeijzer. fixes #21459
git-svn-id: http://core.svn.wordpress.org/trunk@22087 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-10-01 14:25:31 +00:00
Ryan Boren
65c83c659a Invalidate the WP_Comment_Query:query() cache when comments are added. Switch last_changed to a counter incremented via wp_cache_incr().
fixes #22024


git-svn-id: http://core.svn.wordpress.org/trunk@22080 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-09-28 12:47:31 +00:00
Ryan Boren
996268ff7a Remove debug cruft. Props duck_. fixes #21003
git-svn-id: http://core.svn.wordpress.org/trunk@22079 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-09-28 12:31:39 +00:00
Ryan Boren
75558ab270 Support meta queries in WP_Comment_Query.
Props nikolov.tmw
fixes #21003


git-svn-id: http://core.svn.wordpress.org/trunk@22074 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-09-27 21:53:14 +00:00
Ryan Boren
9f32de9496 Allow get_comments() to query for explicit value of comment_approved.
Props dd32, nbachiyski
fixes #21101


git-svn-id: http://core.svn.wordpress.org/trunk@22068 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-09-27 18:08:02 +00:00
Andrew Nacin
557d9313a7 Introduce constants to allow for easier expression of time periods in seconds. Adds MINUTE_IN_SECONDS, HOUR_IN_SECONDS, DAY_IN_SECONDS, WEEK_IN_SECONDS, YEAR_IN_SECONDS. props nbachiyski, SergeyBiryukov. fixes #20987.
git-svn-id: http://core.svn.wordpress.org/trunk@21996 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-09-25 05:26:19 +00:00
Ryan Boren
6b0b49c65b Update comment_parent in wp_update_comment(). Props JustinSainton. fixes #21706
git-svn-id: http://core.svn.wordpress.org/trunk@21938 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-09-21 12:57:26 +00:00
Ryan Boren
f483a85676 Remove unnecessary return by refs. Props wonderboymusic. fixes #21839
git-svn-id: http://core.svn.wordpress.org/trunk@21792 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-09-10 17:00:11 +00:00
Ryan Boren
bd94583aaf Use get_post() instead of bare SQL in do_trackbacks(). see #21309
git-svn-id: http://core.svn.wordpress.org/trunk@21599 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-08-23 20:43:47 +00:00
Ryan Boren
f56d8278bb Remove return ref from all calls to get_post()
Return WP_Post from get_default_post_to_edit()
Replace all calls to get_page() with get_post()
see #21309


git-svn-id: http://core.svn.wordpress.org/trunk@21597 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-08-23 20:01:10 +00:00
Peter Westwood
a8ce9af6d8 Comments: Allow the caller of get_comments() to request comments with a specific comment_approved value.
This allows for a custom comment status to be queried directly overriding the status argument.

See #21101 props nbachiyski.


git-svn-id: http://core.svn.wordpress.org/trunk@21570 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-08-21 09:56:16 +00:00
Ryan Boren
dc58551658 Add isset() check to avoid notice. Props c3mdigital. fixes #21512
git-svn-id: http://core.svn.wordpress.org/trunk@21506 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-08-14 19:07:56 +00:00
nacin
7127ed1197 Move most instances of new WP_User to get_userdata(). see #21120.
git-svn-id: http://core.svn.wordpress.org/trunk@21413 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-08-03 01:06:05 +00:00
nacin
9dca2c6876 Remove old code unsetting a few variables in wp-settings.php. fixes #21115.
git-svn-id: http://core.svn.wordpress.org/trunk@21186 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-06-29 20:57:09 +00:00
duck_
1e76fdfb4b Accept a post object in clean_post_cache(). Fixes #20486.
The post_type can then be accessed to properly clean the taxonomy relationships cache.
The full object is useful in situations when an ID might reference a post that has been
removed from the database (e.g. wp_delete_post()).


git-svn-id: http://svn.automattic.com/wordpress/trunk@20569 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-04-23 22:04:35 +00:00
nacin
c7cf0927fc Use the metadata API rather than raw queries and direct do_action calls. see #20417.
git-svn-id: http://svn.automattic.com/wordpress/trunk@20435 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-04-11 20:02:39 +00:00
ryan
baf681233f Pass post_type to clean_post_cache() instead of attempting to fetch a post object since the post may have been deleted.
Props leewillis77
see #19690


git-svn-id: http://svn.automattic.com/wordpress/trunk@20423 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-04-10 16:09:44 +00:00
ryan
de41bc288b Introduce WP_User::exists(). see #20372
git-svn-id: http://svn.automattic.com/wordpress/trunk@20378 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-04-06 19:18:45 +00:00
nacin
0730535015 Introduce $wpdb->delete(). props justindgivens, scribu. fixes #18948.
git-svn-id: http://svn.automattic.com/wordpress/trunk@20287 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-03-24 15:24:31 +00:00
nacin
8199ae99aa Add $post_ID context to the pre_ping filter. props alexkingorg, devesine. fixes #18506.
git-svn-id: http://svn.automattic.com/wordpress/trunk@20127 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-03-06 22:44:44 +00:00