Commit Graph

301 Commits

Author SHA1 Message Date
John Blackbourn
60ff3a61f9 Conditionally set the the secure flag on the test cookie, post password cookie, settings cookies, and comment author cookies depending on whether the front end and/or admin area are served over https. Fixes #28427
Built from https://develop.svn.wordpress.org/trunk@28895


git-svn-id: http://core.svn.wordpress.org/trunk@28694 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-06-29 13:25:16 +00:00
Scott Taylor
e5e8a83cf4 Don't use variable variables in WP_Comment_Query::query().
See #27881.

Built from https://develop.svn.wordpress.org/trunk@28738


git-svn-id: http://core.svn.wordpress.org/trunk@28552 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-06-11 17:58:14 +00:00
Scott Taylor
5219bbbbc9 In WP_Comment_Query::get_search_sql(), don't double-like-escape.
Props miqrogroove.
See #10041.

Built from https://develop.svn.wordpress.org/trunk@28720


git-svn-id: http://core.svn.wordpress.org/trunk@28534 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-06-10 02:20:16 +00:00
Scott Taylor
05eeb16e30 Replace all uses of like_escape() with $wpdb->esc_like().
Props miqrogroove.
See #10041.

Built from https://develop.svn.wordpress.org/trunk@28712


git-svn-id: http://core.svn.wordpress.org/trunk@28528 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-06-10 00:44:15 +00:00
Sergey Biryukov
02657dcd66 wp_insert_comment() and wp_new_comment() should check if the comment was successfully inserted into the database.
props pento.
fixes #28254.
Built from https://develop.svn.wordpress.org/trunk@28672


git-svn-id: http://core.svn.wordpress.org/trunk@28490 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-06-05 04:38:14 +00:00
Drew Jaynes
3724252959 Ensure $post_id is documented as optional where applicable.
See #28388.

Built from https://develop.svn.wordpress.org/trunk@28654


git-svn-id: http://core.svn.wordpress.org/trunk@28472 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-06-03 04:44:16 +00:00
Scott Taylor
40fab485aa Add missing access modifiers to methods in WP_Comment_Query. Add a magic __call() method for BC.
See #27881, #22234.

Built from https://develop.svn.wordpress.org/trunk@28519


git-svn-id: http://core.svn.wordpress.org/trunk@28345 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-19 06:19:14 +00:00
Scott Taylor
a39aecc9b1 The cache key for comments in WP_Comment_Query::query() needs to do wp_array_slice_assoc( $this->query_vars, array_keys( $defaults ) ) instead of compact( array_keys( $defaults ) ). The latter assumes all of those variables are still floating around.
See #22400.


Built from https://develop.svn.wordpress.org/trunk@28460


git-svn-id: http://core.svn.wordpress.org/trunk@28287 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-16 21:09:14 +00:00
Scott Taylor
0aafc8f874 (ACTUALLY) Eliminate use of extract() in WP_Comment_Query::query().
See #22400.

Built from https://develop.svn.wordpress.org/trunk@28459


git-svn-id: http://core.svn.wordpress.org/trunk@28286 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-16 20:52:14 +00:00
Scott Taylor
4f57a231c5 Eliminate use of extract() in WP_Comment_Query::query().
See #22400.

Built from https://develop.svn.wordpress.org/trunk@28458


git-svn-id: http://core.svn.wordpress.org/trunk@28285 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-16 19:33:14 +00:00
Scott Taylor
14ba67c38d Eliminate use of extract() in wp_insert_comment().
See #22400.

Built from https://develop.svn.wordpress.org/trunk@28457


git-svn-id: http://core.svn.wordpress.org/trunk@28284 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-16 18:52:16 +00:00
Scott Taylor
2a3548fe70 Eliminate use of extract() in wp_allow_comment().
See #22400.

Built from https://develop.svn.wordpress.org/trunk@28437


git-svn-id: http://core.svn.wordpress.org/trunk@28264 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-15 18:10:15 +00:00
Scott Taylor
a15d498d1a Eliminate the use of extract() in wp_update_comment(). All unit tests pass.
See #22400.

Built from https://develop.svn.wordpress.org/trunk@28427


git-svn-id: http://core.svn.wordpress.org/trunk@28254 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-15 06:37:15 +00:00
Scott Taylor
7eeafa3537 In wp_set_comment_status(), the default case returns, so no default value for $status is needed.
See #27882.


Built from https://develop.svn.wordpress.org/trunk@28324


git-svn-id: http://core.svn.wordpress.org/trunk@28152 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-06 21:17:15 +00:00
Drew Jaynes
8161668689 Ensure the wp_set_comment_status action hook is only documented once.
See #26869.

Built from https://develop.svn.wordpress.org/trunk@28214


git-svn-id: http://core.svn.wordpress.org/trunk@28044 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-04-25 06:55:14 +00:00
Andrew Nacin
d24a109288 Revert [27115] and let cache backends handle the stripping of spaces in cache keys as necessary.
microtime() returns greater precision than microtime(true).

see #27000, #23448, #26903, #14485.

Built from https://develop.svn.wordpress.org/trunk@27300


git-svn-id: http://core.svn.wordpress.org/trunk@27153 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-02-26 22:05:13 +00:00
Drew Jaynes
cb8951b0b3 Remove all @package and @subpackage PHPDoc tags not at the file- or class-levels in core.
See #27200.

Built from https://develop.svn.wordpress.org/trunk@27262


git-svn-id: http://core.svn.wordpress.org/trunk@27119 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-02-25 17:14:14 +00:00
Andrew Nacin
7387504854 Allow user_id to be an array of IDs in WP_Comment_Query.
props mordauk.
fixes #27064.

Built from https://develop.svn.wordpress.org/trunk@27258


git-svn-id: http://core.svn.wordpress.org/trunk@27115 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-02-25 16:35:13 +00:00
Sergey Biryukov
ab8847316c Correct return values for update_metadata() and related functions.
fixes #21864.
Built from https://develop.svn.wordpress.org/trunk@27191


git-svn-id: http://core.svn.wordpress.org/trunk@27050 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-02-18 21:36:14 +00:00
Andrew Nacin
084a7b50cd Use a float for last_changed microtime cache values.
microtime() by default returns a string with a space, which isn't allowed for keys in some cache backends.

props _jameslee, drozdz.
fixes #27000. see #23448.

Built from https://develop.svn.wordpress.org/trunk@27115


git-svn-id: http://core.svn.wordpress.org/trunk@26982 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-02-07 08:14:12 +00:00
Scott Taylor
a6b3bced06 get_comment(), wp_get_post_revision(), and get_term() all used to return by reference. Because of this, $null was set to null so the return value would be a variable where applicable. This has not been necessary since [21792], so the $nulls have been removed.
Props toszcze.
Fixes #24768.


Built from https://develop.svn.wordpress.org/trunk@27057


git-svn-id: http://core.svn.wordpress.org/trunk@26930 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-01-29 06:46:12 +00:00
Scott Taylor
ad211ca06a Add Unit Tests for get_comment_pages_count(). Fix a notice caused when $wp_query->comments is not set in that function.
Props mdbitz, markjaquith.
Fixes #20633.


Built from https://develop.svn.wordpress.org/trunk@27055


git-svn-id: http://core.svn.wordpress.org/trunk@26928 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-01-29 05:17:12 +00:00
Drew Jaynes
1f5f0fcd33 Remove some @uses references to apply_filters and do_action rendered redundant by hook documentation.
Built from https://develop.svn.wordpress.org/trunk@26867


git-svn-id: http://core.svn.wordpress.org/trunk@26753 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-12-24 16:43:14 +00:00
Sergey Biryukov
16373e224d Correct @since values. see #25522.
Built from https://develop.svn.wordpress.org/trunk@26492


git-svn-id: http://core.svn.wordpress.org/trunk@26386 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-12-01 01:25:10 +00:00
Drew Jaynes
e6d92061a1 Inline documentation for hooks in wp-includes/comment.php.
comment.php, a.k.a. "lots 'o hooks".

Props swissspidy for the initial patch. Props danieldudzic, kpdesign, and DrewAPicture.
Fixes #25522.

Built from https://develop.svn.wordpress.org/trunk@26491


git-svn-id: http://core.svn.wordpress.org/trunk@26385 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-12-01 01:12:11 +00:00
Drew Jaynes
223a2c7138 Inline documentation for the following filter hooks in wp-includes/pluggable.php:
* `comment_notification_recipients`
* `comment_notification_notify_author`

Also removes some generic `@uses` tags from various related doc blocks.

Props markjaquith.
Fixes #25699.

Built from https://develop.svn.wordpress.org/trunk@26388


git-svn-id: http://core.svn.wordpress.org/trunk@26288 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-11-26 04:10:09 +00:00
Mark Jaquith
c2cdbf9648 Fix comment_notification_recipients filter behavior so that it is still respected even on comments left by the post author
The code was bailing on this-is-a-comment-on-your-own-post detection, ignoring additional recipients. Now:

* Logic check is done within `wp_notify_postauthor()`
* Logic check is overridable via `comment_notification_notify_author` filter (default still false)
* The code doesn't bail on comment-on-own-post detection, but just removes the author from the array
* The code instead now bails if the recipients list is empty, so `comment_notification_recipients` works properly

props ethitter.
fixes #25699

Built from https://develop.svn.wordpress.org/trunk@26367


git-svn-id: http://core.svn.wordpress.org/trunk@26268 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-11-25 01:47:10 +00:00
Peter Westwood
bca9252522 Deprecate the second argument for wp_notify_postauthor because it is unecessary. Fixes #17862 props scribu and wonderboymusic.
Built from https://develop.svn.wordpress.org/trunk@26358


git-svn-id: http://core.svn.wordpress.org/trunk@26259 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-11-24 16:26:10 +00:00
Sergey Biryukov
8d659b278c Fix docblock formatting. fixes #25893.
Built from https://develop.svn.wordpress.org/trunk@26081


git-svn-id: http://core.svn.wordpress.org/trunk@26001 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-11-11 13:32:10 +00:00
Andrew Nacin
5361a8abca Spell out duplicate hook locations.
props DrewAPicture.
fixes #25658.

Built from https://develop.svn.wordpress.org/trunk@25868


git-svn-id: http://core.svn.wordpress.org/trunk@25868 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-10-24 22:59:20 +00:00
Andrew Nacin
8ae8e01b67 Remove the old wp_auto_updates_maybe_update cron event. Schedule the new wp_maybe_auto_update event at 7 a.m. and 7 p.m. in the site's timezone.
see #27704.

Built from https://develop.svn.wordpress.org/trunk@25825


git-svn-id: http://core.svn.wordpress.org/trunk@25825 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-10-24 22:53:14 +00:00
Andrew Nacin
74488bdcb0 Spell out duplicate hook locations.
props DrewAPicture.
fixes #25658.

Built from https://develop.svn.wordpress.org/trunk@25868


git-svn-id: http://core.svn.wordpress.org/trunk@25780 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-10-22 17:22:11 +00:00
Scott Taylor
daa4b531e8 Fix several esoteric errors related to AJAX unit tests for comments:
* `wp_ajax_get_comments()` relies on the `$post_id` global - even though `$_POST['p']` is passed to every action in the test methods. If `$post_id` is still lingering in between tests and doesn't match `p` in the request, the cap check might pass while the queries for comments will blow up. I added `unset( $GLOBALS['post_id'] )` to `Tests_Ajax_GetComments::setUp()`.
* If the global `$post_id` is empty, but `$_REQUEST['p']` is not, `$post_id` is now set to `absint( $_REQUEST['p'] )` and sanity-checked in `wp_ajax_get_comments()`.
* `map_meta_cap()` always assumes that `get_comment()` succeeds when checking for the `edit_comment` cap. It doesn't. I added sanity checks in a few places where it will break early if `get_post()` or `get_comment()` are empty.
* `wp_update_comment()` always assumes `get_comment()` succeeds. It doesn't. I added a check for empty.

All AJAX unit tests run and pass in debug mode. All general unit tests pass against these changes.

Fixes #25282.


Built from https://develop.svn.wordpress.org/trunk@25438


git-svn-id: http://core.svn.wordpress.org/trunk@25360 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-09-14 18:36:09 +00:00
Scott Taylor
a563a5b2fa Replace the ancient phpfreaks.com RegEx to extract urls to ping with a more robust matcher. URLs with commas and things like & were not being pinged. The new matcher even works for most IDN URLs. Adds unit tests.
Fixes #9064.


Built from https://develop.svn.wordpress.org/trunk@25313


git-svn-id: http://core.svn.wordpress.org/trunk@25275 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-09-10 03:18:08 +00:00
Andrew Nacin
41f1cd687b WP_Date_Query.
props Viper007Bond.
see #18694.

Built from https://develop.svn.wordpress.org/trunk@25139


git-svn-id: http://core.svn.wordpress.org/trunk@25119 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-08-27 16:39:09 +00:00
Andrew Nacin
4493b8c97a Return 1 from get_comment_pages_count() when pagination is disabled.
props obenland.
fixes #17778.

Built from https://develop.svn.wordpress.org/trunk@25126


git-svn-id: http://core.svn.wordpress.org/trunk@25106 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-08-26 18:52:08 +00:00
Andrew Nacin
6bb179d880 Remove redundant sentence in the docblock of get_comment(). props jdgrimes, fixes #24904.
git-svn-id: http://core.svn.wordpress.org/trunk@24984 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-08-05 22:08:17 +00:00
Andrew Nacin
21a1fe8d4b Use wp_safe_remote_request() and friends instead of reject_unsafe_urls = true.
fixes #24646.



git-svn-id: http://core.svn.wordpress.org/trunk@24917 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-07-31 06:52:13 +00:00
Andrew Nacin
8d65dc2469 Use wp_slash() in places where we improperly used the DB API instead. see #21767.
git-svn-id: http://core.svn.wordpress.org/trunk@24713 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-07-16 14:19:03 +00:00
Sergey Biryukov
58c364947f PHPDoc fixes and additions. fixes #24616.
git-svn-id: http://core.svn.wordpress.org/trunk@24490 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-06-21 12:45:11 +00:00
Andrew Nacin
96ee267343 Better validation of the URL used in core HTTP requests.
git-svn-id: http://core.svn.wordpress.org/trunk@24480 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-06-21 06:07:47 +00:00
Ryan Boren
a2b4bc456f * Introduce wp_parse_post_content() and use it in setup_postdata(), get_the_content(), and get_the_remaining_content().
* Add a post ID argument to the_content(), get_the_content(), the_remaining_content(), and get_the_remaining_content().
* Pass the post ID to the the_content filter.
* Remove the format_pages global.
* Declare format_content and split_content as vars in WP_Post.
* phpdoc for the the_content filter that documents the new ID argument and denotes it as not-so-portable.

Props gcorne, DrewAPicture, duck_, aaroncampbell
see #24330


git-svn-id: http://core.svn.wordpress.org/trunk@24301 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-05-20 11:05:50 +00:00
Ryan Boren
7a1bc5769e Check for empty user agent to avoid notice.
Props sergej.mueller
fixes #22979


git-svn-id: http://core.svn.wordpress.org/trunk@24275 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-05-16 12:06:36 +00:00
Sergey Biryukov
415a5c60da * Pass ellipsis as a parameter to wp_html_excerpt() instead of appending it manually.
* Consolidate the logic to avoid appending ellipsis if the entire string is shown.
* Show ellipsis after truncated filenames and post titles.

props solarissmoke, bpetty, SergeyBiryukov. fixes #11446.

git-svn-id: http://core.svn.wordpress.org/trunk@24214 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-05-09 00:22:02 +00:00
Sergey Biryukov
57c10eadbb Use ellipsis instead of three dots. props tjsingleton, jordie23, wojtek.szkutnik, DrewAPicture, SergeyBiryukov. see #8714.
git-svn-id: http://core.svn.wordpress.org/trunk@24207 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-05-08 21:27:31 +00:00
Ryan Boren
375cb66409 Use prepare() for the duplicate comment query in wp_allow_comment().
see #21767


git-svn-id: http://core.svn.wordpress.org/trunk@23973 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-04-12 13:25:16 +00:00
Ryan Boren
15a06a35ab Use wp_unslash() instead of stripslashes() and stripslashes_deep(). Use wp_slash() instead of add_magic_quotes().
see #WP21767


git-svn-id: http://core.svn.wordpress.org/trunk@23591 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-03 16:30:38 +00:00
Sergey Biryukov
4847fe6efc Make sure the pings are only sent once per URL for a given post. props dllh. fixes #23217.
git-svn-id: http://core.svn.wordpress.org/trunk@23571 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-01 17:39:52 +00:00
Ryan Boren
43a7e695e9 Revert 23416, 23419, 23445 except for wp_reset_vars() changes. We are going a different direction with the slashing cleanup, so resetting to a clean slate. see #21767
git-svn-id: http://core.svn.wordpress.org/trunk@23554 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-01 16:28:40 +00:00
Ryan Boren
cc5ed3a485 Change all core API to expect unslashed rather than slashed arguments.
The exceptions to this are update_post_meta() and add_post_meta() which are often used by plugins in POST handlers and will continue accepting slashed data for now.

Introduce wp_upate_post_meta() and wp_add_post_meta() as unslashed alternatives to update_post_meta() and add_post_meta(). These functions could become methods in WP_Post so don't use them too heavily yet.

Remove all escape() calls from wp_xmlrpc_server. Now that core expects unslashed data this is no longer needed.

Remove addslashes(), addslashes_gpc(), add_magic_quotes() calls on data being prepared for handoff to core functions that until now expected slashed data. Adding slashes in no longer necessary.

Introduce wp_unslash() and use to it remove slashes from GPCS data before using it in core API. Almost every instance of stripslashes() in core should now be wp_unslash(). In the future (a release or three) when GPCS is no longer slashed, wp_unslash() will stop stripping slashes and simply return what is passed. At this point wp_unslash() calls can be removed from core.

Introduce wp_slash() for slashing GPCS data. This will also turn into a noop once GPCS is no longer slashed. wp_slash() should almost never be used. It is mainly of use in unit tests.

Plugins should use wp_unslash() on data being passed to core API.

Plugins should no longer slash data being passed to core. So when you get_post() and then wp_insert_post() the post data from get_post() no longer needs addslashes(). Most plugins were not bothering with this. They will magically start doing the right thing. Unfortunately, those few souls who did it properly will now have to avoid calling addslashes() for 3.6 and newer.

Use wp_kses_post() and wp_kses_data(), which expect unslashed data, instead of wp_filter_post_kses() and wp_filter_kses(), which expect slashed data. Filters are no longer passed slashed data.

Remove many no longer necessary calls to $wpdb->escape() and esc_sql().

In wp_get_referer() and wp_get_original_referer(), return unslashed data.

Remove old stripslashes() calls from WP_Widget::update() handlers. These haven't been necessary since WP_Widget.

Switch several queries over to prepare().

Expect something to break.

Props alexkingorg
see #21767


git-svn-id: http://core.svn.wordpress.org/trunk@23416 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-02-14 22:51:06 +00:00