Commit Graph

179 Commits

Author SHA1 Message Date
Scott Taylor
42f915273d Improve/update escaping in WP_Widget_Pages.
Props welcher.
See #23012.

Built from https://develop.svn.wordpress.org/trunk@33813


git-svn-id: http://core.svn.wordpress.org/trunk@33781 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-08-30 04:47:22 +00:00
Weston Ruter
bf9d1485ee Customizer: Ensure that all existing menus are shown in the Custom Menu widget's dropdown.
* Ensure that a Custom Menu widget selecting a newly-inserted menu gets updated to use the new menu ID upon Save & Publish.
* Dynamically update the visibility of the Custom Menu widget's "no menus" message when the number of menus changes between 0 and 1+.
* Send all dirty Customized settings in `update-widget` Ajax request and `preview()` them so that the widget update/form callbacks have access to any data dependencies in the current Customizer session (such as newly created unsaved menus).
* Update link in Custom Menu widget to point to Menus panel as opposed to Menus admin page, when in the Customizer.
* Fix an issue with extra space at top immediately after creating new menu.
* Fix doubled `update-widget` Ajax requests when changing select dropdown; prevent initial from being aborted.
* Add missing `wp_get_nav_menus()` hooks to preview Customizer updates/inserts for `nav_menu` settings; includes tests.
* Update `wp_get_nav_menu_object()` to allow a menu object to be passed in (and thus passed through).

Props westonruter, adamsilverstein.
Fixes #32814.

Built from https://develop.svn.wordpress.org/trunk@33488


git-svn-id: http://core.svn.wordpress.org/trunk@33455 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-29 16:03:24 +00:00
Scott Taylor
994881d211 Add a label to the content field in the Text Widget for screen readers.
Props afercia.
Fixes #32736.

Built from https://develop.svn.wordpress.org/trunk@32907


git-svn-id: http://core.svn.wordpress.org/trunk@32878 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-06-22 21:22:26 +00:00
Scott Taylor
c502a281bb After [32656], add @access annotations to methods that have no doc block in wp-includes/*.
Makes it easier to search for no doc blocks via `}[\n\t\r ]+(protected|private|public)`.

See #32444.

Built from https://develop.svn.wordpress.org/trunk@32657


git-svn-id: http://core.svn.wordpress.org/trunk@32627 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-29 21:37:24 +00:00
Scott Taylor
19a3aacc94 Add @static* annotations where they are missing.
Initialize all static vars that are not, most to `null`.

See #32444.

Built from https://develop.svn.wordpress.org/trunk@32650


git-svn-id: http://core.svn.wordpress.org/trunk@32620 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-29 15:43:29 +00:00
Scott Taylor
19b8ef0c92 get_comments() can return int, so a few places need to check if the return value is traversable before passing what is assumed to be an array.
See #32444.

Built from https://develop.svn.wordpress.org/trunk@32600


git-svn-id: http://core.svn.wordpress.org/trunk@32570 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-25 17:59:25 +00:00
Drew Jaynes
4c37f68b79 Fix inline documentation syntax in wp_xmlrpc_server.
See #32246.

Built from https://develop.svn.wordpress.org/trunk@32591


git-svn-id: http://core.svn.wordpress.org/trunk@32561 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-25 06:25:25 +00:00
Dominik Schilling
29907e5f8b Text Widget: Use !empty() for checking if the filter setting is set.
props westonruter.
fixes #31690.
Built from https://develop.svn.wordpress.org/trunk@31886


git-svn-id: http://core.svn.wordpress.org/trunk@31865 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-03-25 17:34:28 +00:00
Sergey Biryukov
c6522e3c93 Add missing labels to Archives and Categories dropdown widgets.
props joedolson, jlevandowski, DrewAPicture, SergeyBiryukov.
fixes #18650.
Built from https://develop.svn.wordpress.org/trunk@31520


git-svn-id: http://core.svn.wordpress.org/trunk@31501 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-02-23 16:32:25 +00:00
Sergey Biryukov
7690d9b1aa Add 'widget_nav_menu_args' filter for Custom Menu widget arguments.
props cyman, DrewAPicture.
fixes #29463.
Built from https://develop.svn.wordpress.org/trunk@31325


git-svn-id: http://core.svn.wordpress.org/trunk@31306 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-02-03 02:56:23 +00:00
Sergey Biryukov
eff3b8925b Display correct title in Archives widget if the type of archive was changed using the 'widget_archives_dropdown_args' filter.
props floriansimeth for initial patch.
fixes #31024.
Built from https://develop.svn.wordpress.org/trunk@31241


git-svn-id: http://core.svn.wordpress.org/trunk@31222 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-19 08:26:24 +00:00
Scott Taylor
5eb5afac34 For clarity, initialize some arrays that previously were only assigned via short circuit in loops.
See #30799.

Built from https://develop.svn.wordpress.org/trunk@30982


git-svn-id: http://core.svn.wordpress.org/trunk@30968 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-12-20 22:47:22 +00:00
Drew Jaynes
e7b465046a Cross-reference WP_Comment_Query::query() as the location for finding information on default arguments for WP_Comment_Query.
Also updates the return types on `get_comments()` and `get_approved_comments()`, as an integer can also be returned if the `$count` argument is true.

Fixes #30111.

Built from https://develop.svn.wordpress.org/trunk@30281


git-svn-id: http://core.svn.wordpress.org/trunk@30281 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-08 20:35:22 +00:00
Sergey Biryukov
15a1e0731e Use proper functions for escaped translations.
pros jcastaneda.
fixes #30012.
Built from https://develop.svn.wordpress.org/trunk@29961


git-svn-id: http://core.svn.wordpress.org/trunk@29708 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-10-18 20:11:18 +00:00
Sergey Biryukov
504d4ad5eb Change the default orderby value in wp_get_nav_menus() to 'name'.
props voldemortensen, igmoweb.
fixes #29460.
Built from https://develop.svn.wordpress.org/trunk@29792


git-svn-id: http://core.svn.wordpress.org/trunk@29564 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-09-29 15:45:16 +00:00
Helen Hou-Sandí
23905f1616 Remove remaining title attributes from default-widgets.php, with the exception of the one on the link to WordPress.org. fixes #26552.
Built from https://develop.svn.wordpress.org/trunk@29338


git-svn-id: http://core.svn.wordpress.org/trunk@29118 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-08-01 17:05:16 +00:00
Sergey Biryukov
fdd0756e5a Add a class for get_comment_author_link() in Recent Comments widget.
props DrewAPicture, dannydehaan, 5um17.
fixes #27944.
Built from https://develop.svn.wordpress.org/trunk@29241


git-svn-id: http://core.svn.wordpress.org/trunk@29025 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-07-19 02:44:14 +00:00
Scott Taylor
b930c3a6fe Cleanup wp_widget_rss_form() after [28734]. "$$input used sanitized variables which contained actual values, unlike $inputs[$input] which in that context contains data about which input fields are hidden."
Props kovshenin.
Fixes #27881.

Built from https://develop.svn.wordpress.org/trunk@28787


git-svn-id: http://core.svn.wordpress.org/trunk@28600 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-06-20 17:29:14 +00:00
Scott Taylor
ecf0e4702f Don't use a variable variable in wp_widget_rss_form(). Sidenote: the logic to show hidden fields is bizarre - would result in duplicate fields.
See #27881.

Built from https://develop.svn.wordpress.org/trunk@28734


git-svn-id: http://core.svn.wordpress.org/trunk@28548 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-06-11 16:18:17 +00:00
Sergey Biryukov
f4a6632200 Clean up wp_widget_rss_output():
* Fix appending […] to $summary.
* Use wp_trim_words() instead of wp_html_excerpt().
* Trim $title before checking if it's empty. props UmeshSingla.
* Use correct escaping function for $title.

fixes #28356.
Built from https://develop.svn.wordpress.org/trunk@28586


git-svn-id: http://core.svn.wordpress.org/trunk@28411 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-27 11:08:14 +00:00
Scott Taylor
49af14fde0 WP_Date_Query was only missing one access modifier.
Add access modifier (`public`) to all default widgets' class methods.

See #27881, #22234.

Built from https://develop.svn.wordpress.org/trunk@28532


git-svn-id: http://core.svn.wordpress.org/trunk@28358 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-19 17:30:17 +00:00
Scott Taylor
fdaea6b7f2 Eliminate use of extract() in wp_widget_rss_form().
See #22400.

Built from https://develop.svn.wordpress.org/trunk@28449


git-svn-id: http://core.svn.wordpress.org/trunk@28276 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-16 15:38:14 +00:00
Scott Taylor
6e8e30bb1e Eliminate use of extract() in wp_widget_rss_output().
Add `'items' => 0` to `$default_args`. When `0`, the value is set to `10` (the fallback). 
Every other default arg has a default value of `0`.

`items` is expected to always be passed to this function.

See #22400.

Built from https://develop.svn.wordpress.org/trunk@28440


git-svn-id: http://core.svn.wordpress.org/trunk@28267 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-15 19:42:13 +00:00
Scott Taylor
157f811a5e Eliminate use of extract() in WP_Widget_RSS::widget().
See #22400.

Built from https://develop.svn.wordpress.org/trunk@28439


git-svn-id: http://core.svn.wordpress.org/trunk@28266 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-15 19:36:15 +00:00
Scott Taylor
67c51361d6 Eliminate use of extract() in default-widgets.php.
Props rzen, wonderboymusic.

See #22400.

Built from https://develop.svn.wordpress.org/trunk@28433


git-svn-id: http://core.svn.wordpress.org/trunk@28260 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-15 16:33:15 +00:00
Mark Jaquith
a43313fe12 Use '— Select —' instead of '-- Select --' for nav menus. Looks nicer.
see #27878
Built from https://develop.svn.wordpress.org/trunk@28205


git-svn-id: http://core.svn.wordpress.org/trunk@28035 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-04-25 00:35:25 +00:00
Mark Jaquith
8c830cef80 Force users to choose a nav menu in the custom nav menu widget, for a better customizer UX
Before, they had to make a dummy change to get it to render. Now they
are made to choose a nav menu from the dropdown, which feels more
natural.

fixes #27878 for trunk. props westonruter
Built from https://develop.svn.wordpress.org/trunk@28197


git-svn-id: http://core.svn.wordpress.org/trunk@28027 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-04-24 20:45:31 +00:00
Dominik Schilling
77beef348d Recent Posts Widget: Use ob_end_flush() instead of ob_flush().
`ob_end_flush()` flushes the output buffer *and* turns output buffering off, same as `ob_get_flush()`.

props m_i_n.
see #28009 for trunk.

Built from https://develop.svn.wordpress.org/trunk@28195


git-svn-id: http://core.svn.wordpress.org/trunk@28025 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-04-24 19:48:19 +00:00
Dominik Schilling
598907559c WP_Widget: Introduce is_preview() method.
With the Widget Customizer it's possible that previewed widgets can leak data outside of Customizer, when the widget uses the cache API.
The Customizer calls the regular update callback which should already refresh the cache. Since cache additions aren't blocked yet the cache can be filled with preview data.
To prevent this issue `WP_Widget::is_preview()` will return true, when `$wp_customize->is_preview()` returns true. If `is_preview()` is true, cache additions are suspended via `wp_suspend_cache_addition()`. Make sure your object cache drop-in has implemented `wp_suspend_cache_addition()`.

`is_preview()` can/should also be used inside `WP_Widget::widget()`, see WP_Widget_Recent_Posts or WP_Widget_Recent_Comments for examples.

For more info see IRC logs: http://irclogs.wordpress.org/chanlog.php?channel=wordpress-dev&day=2014-04-02&sort=asc#m824279

props westonruter.
fixes #27538.
Built from https://develop.svn.wordpress.org/trunk@27966


git-svn-id: http://core.svn.wordpress.org/trunk@27796 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-04-06 18:48:16 +00:00
Drew Jaynes
e6d9f04bcc Inline documentation for hooks in wp-includes/default-widgets.php.
Props janw.oostendorp and kpdesign.
Fixes #25638.

Built from https://develop.svn.wordpress.org/trunk@27697


git-svn-id: http://core.svn.wordpress.org/trunk@27536 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-03-25 08:53:14 +00:00
Andrew Nacin
3ffc6dd559 RSS widgets: Omit the title attribute when the summary is shown.
Trim the title attribute to ensure whitespace isn't rendered.

props SergeyBiryukov.
fixes #26520. see #26552.

Built from https://develop.svn.wordpress.org/trunk@27691


git-svn-id: http://core.svn.wordpress.org/trunk@27530 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-03-24 21:08:15 +00:00
Dominik Schilling
e1fde8d510 In Recent Posts widget set default number to 5.
props afercia.
fixes #27417.
Built from https://develop.svn.wordpress.org/trunk@27561


git-svn-id: http://core.svn.wordpress.org/trunk@27404 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-03-17 17:01:14 +00:00
John Blackbourn
79d274f2f6 Add context and a missing period to widget descriptions. Fixes #26668. Props pavelevap, Hanni
Built from https://develop.svn.wordpress.org/trunk@27412


git-svn-id: http://core.svn.wordpress.org/trunk@27259 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-03-05 17:26:17 +00:00
Andrew Nacin
0c16c0477b Reference https://wordpress.org rather than http://wordpress.org in strings, links, comments, etc.
props Ipstenu, markjaquith.
see #27115.

Built from https://develop.svn.wordpress.org/trunk@27369


git-svn-id: http://core.svn.wordpress.org/trunk@27219 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-03-03 02:34:27 +00:00
Andrew Ozz
db074f8e65 Widgets: improve the help text on the Widgets screen, props siobhan, props Hanni, fixes #26244.
Built from https://develop.svn.wordpress.org/trunk@26505


git-svn-id: http://core.svn.wordpress.org/trunk@26399 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-12-01 18:29:09 +00:00
Andrew Nacin
791e807f08 More dash updates.
* Shuffle around some pixels.
 * Rename some things that weren't caught in [26220].
 * Revert default-widgets.php change from [26144].
props lessbloat.
see #25824.

Built from https://develop.svn.wordpress.org/trunk@26230


git-svn-id: http://core.svn.wordpress.org/trunk@26137 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-11-15 22:23:09 +00:00
Andrew Nacin
809b335f7a Merge the new dashboard design into core.
Merges https://github.com/growthdesigner/wp-dash.

props lessbloat, joen, helen, dbernar1, kraftbj, ryelle, tillkruess, grapplerulrich, markjaquith.
see #25824.

Built from https://develop.svn.wordpress.org/trunk@26144


git-svn-id: http://core.svn.wordpress.org/trunk@26055 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-11-13 22:09:10 +00:00
Andrew Nacin
ce637bdcb3 Remove redundant title attributes.
props sabreuse.
see #24766.

Built from https://develop.svn.wordpress.org/trunk@25675


git-svn-id: http://core.svn.wordpress.org/trunk@25591 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-10-02 22:51:10 +00:00
Scott Taylor
569bcc5dad Use wp_get_nav_menus() instead of get_terms('nav_menu') in WP_Nav_Menu_Widget to preserve use of `wp_get_nav_menus' filter.
Props Frank Klein.
Fixes #25263.


Built from https://develop.svn.wordpress.org/trunk@25332


git-svn-id: http://core.svn.wordpress.org/trunk@25294 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-09-10 23:30:10 +00:00
Sergey Biryukov
05d55a400b Avoid PHP notices when configuring the Incoming Links dashboard widget. fixes #25250.
Built from https://develop.svn.wordpress.org/trunk@25298


git-svn-id: http://core.svn.wordpress.org/trunk@25261 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-09-07 18:17:10 +00:00
Dominik Schilling
79fffba674 Flush the cache in Recent Comments widget on edit_comment. props pento, fixes #24779.
Built from https://develop.svn.wordpress.org/trunk@25049


git-svn-id: http://core.svn.wordpress.org/trunk@25036 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-08-17 09:30:09 +00:00
Sergey Biryukov
98d6c31f84 Avoid an undefined index notice in WP_Widget_Recent_Posts::update(). props jrf. fixes #24577.
git-svn-id: http://core.svn.wordpress.org/trunk@24504 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-06-23 08:20:08 +00:00
Sergey Biryukov
633a6fb400 Don't append ellipsis in RSS widget if the entire content is shown. props kovshenin. fixes #21702.
git-svn-id: http://core.svn.wordpress.org/trunk@24213 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-05-08 23:23:05 +00:00
Sergey Biryukov
13c93f4dd5 Simplify logic in WP_Widget_Recent_Posts and WP_Widget_Recent_Comments. fixes #23089.
git-svn-id: http://core.svn.wordpress.org/trunk@23597 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-04 02:14:23 +00:00
Ryan Boren
43a7e695e9 Revert 23416, 23419, 23445 except for wp_reset_vars() changes. We are going a different direction with the slashing cleanup, so resetting to a clean slate. see #21767
git-svn-id: http://core.svn.wordpress.org/trunk@23554 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-01 16:28:40 +00:00
Sergey Biryukov
7b62637af7 Add a missing closing tag. fixes #23510. see #14358.
git-svn-id: http://core.svn.wordpress.org/trunk@23454 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-02-19 02:06:21 +00:00
Sergey Biryukov
6a8a7a76b4 Filter "Powered by WordPress" text in Meta widget. props Viper007Bond, wonderboymusic. fixes #14358.
git-svn-id: http://core.svn.wordpress.org/trunk@23424 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-02-15 16:20:14 +00:00
Ryan Boren
cc5ed3a485 Change all core API to expect unslashed rather than slashed arguments.
The exceptions to this are update_post_meta() and add_post_meta() which are often used by plugins in POST handlers and will continue accepting slashed data for now.

Introduce wp_upate_post_meta() and wp_add_post_meta() as unslashed alternatives to update_post_meta() and add_post_meta(). These functions could become methods in WP_Post so don't use them too heavily yet.

Remove all escape() calls from wp_xmlrpc_server. Now that core expects unslashed data this is no longer needed.

Remove addslashes(), addslashes_gpc(), add_magic_quotes() calls on data being prepared for handoff to core functions that until now expected slashed data. Adding slashes in no longer necessary.

Introduce wp_unslash() and use to it remove slashes from GPCS data before using it in core API. Almost every instance of stripslashes() in core should now be wp_unslash(). In the future (a release or three) when GPCS is no longer slashed, wp_unslash() will stop stripping slashes and simply return what is passed. At this point wp_unslash() calls can be removed from core.

Introduce wp_slash() for slashing GPCS data. This will also turn into a noop once GPCS is no longer slashed. wp_slash() should almost never be used. It is mainly of use in unit tests.

Plugins should use wp_unslash() on data being passed to core API.

Plugins should no longer slash data being passed to core. So when you get_post() and then wp_insert_post() the post data from get_post() no longer needs addslashes(). Most plugins were not bothering with this. They will magically start doing the right thing. Unfortunately, those few souls who did it properly will now have to avoid calling addslashes() for 3.6 and newer.

Use wp_kses_post() and wp_kses_data(), which expect unslashed data, instead of wp_filter_post_kses() and wp_filter_kses(), which expect slashed data. Filters are no longer passed slashed data.

Remove many no longer necessary calls to $wpdb->escape() and esc_sql().

In wp_get_referer() and wp_get_original_referer(), return unslashed data.

Remove old stripslashes() calls from WP_Widget::update() handlers. These haven't been necessary since WP_Widget.

Switch several queries over to prepare().

Expect something to break.

Props alexkingorg
see #21767


git-svn-id: http://core.svn.wordpress.org/trunk@23416 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-02-14 22:51:06 +00:00
Sergey Biryukov
7a77f47f55 Use correct escaping function. fixes #23334.
git-svn-id: http://core.svn.wordpress.org/trunk@23413 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-02-14 05:52:23 +00:00
Andrew Nacin
f2f9551287 Add context to the 'Random' string. It is now used in two places: gallery order and the links widget. props pavelevap, fixes #22724.
git-svn-id: http://core.svn.wordpress.org/trunk@23021 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-12-04 14:49:44 +00:00