Andrew Nacin
96ee267343
Better validation of the URL used in core HTTP requests.
...
git-svn-id: http://core.svn.wordpress.org/trunk@24480 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-06-21 06:07:47 +00:00
Andrew Nacin
be01fce99f
Show a relative path in an upload error message.
...
git-svn-id: http://core.svn.wordpress.org/trunk@24463 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-06-21 02:29:26 +00:00
Ryan Boren
469d1a3099
Escape form action urls with esc_url() rather than esc_attr().
...
Props SergeyBiryukov
fixes #23266
git-svn-id: http://core.svn.wordpress.org/trunk@23739 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-18 14:01:25 +00:00
Sergey Biryukov
28248c1b08
Make get_home_path() return consistent slashes. fixes #23175 .
...
git-svn-id: http://core.svn.wordpress.org/trunk@23669 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-12 11:04:14 +00:00
Ryan Boren
5f809d1d22
Use wp_unslash() instead of stripslashes() and stripslashes_deep(). Use wp_slash() instead of add_magic_quotes().
...
see #21767
git-svn-id: http://core.svn.wordpress.org/trunk@23563 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-01 17:00:25 +00:00
Ryan Boren
43a7e695e9
Revert 23416, 23419, 23445 except for wp_reset_vars() changes. We are going a different direction with the slashing cleanup, so resetting to a clean slate. see #21767
...
git-svn-id: http://core.svn.wordpress.org/trunk@23554 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-01 16:28:40 +00:00
Ryan Boren
cc5ed3a485
Change all core API to expect unslashed rather than slashed arguments.
...
The exceptions to this are update_post_meta() and add_post_meta() which are often used by plugins in POST handlers and will continue accepting slashed data for now.
Introduce wp_upate_post_meta() and wp_add_post_meta() as unslashed alternatives to update_post_meta() and add_post_meta(). These functions could become methods in WP_Post so don't use them too heavily yet.
Remove all escape() calls from wp_xmlrpc_server. Now that core expects unslashed data this is no longer needed.
Remove addslashes(), addslashes_gpc(), add_magic_quotes() calls on data being prepared for handoff to core functions that until now expected slashed data. Adding slashes in no longer necessary.
Introduce wp_unslash() and use to it remove slashes from GPCS data before using it in core API. Almost every instance of stripslashes() in core should now be wp_unslash(). In the future (a release or three) when GPCS is no longer slashed, wp_unslash() will stop stripping slashes and simply return what is passed. At this point wp_unslash() calls can be removed from core.
Introduce wp_slash() for slashing GPCS data. This will also turn into a noop once GPCS is no longer slashed. wp_slash() should almost never be used. It is mainly of use in unit tests.
Plugins should use wp_unslash() on data being passed to core API.
Plugins should no longer slash data being passed to core. So when you get_post() and then wp_insert_post() the post data from get_post() no longer needs addslashes(). Most plugins were not bothering with this. They will magically start doing the right thing. Unfortunately, those few souls who did it properly will now have to avoid calling addslashes() for 3.6 and newer.
Use wp_kses_post() and wp_kses_data(), which expect unslashed data, instead of wp_filter_post_kses() and wp_filter_kses(), which expect slashed data. Filters are no longer passed slashed data.
Remove many no longer necessary calls to $wpdb->escape() and esc_sql().
In wp_get_referer() and wp_get_original_referer(), return unslashed data.
Remove old stripslashes() calls from WP_Widget::update() handlers. These haven't been necessary since WP_Widget.
Switch several queries over to prepare().
Expect something to break.
Props alexkingorg
see #21767
git-svn-id: http://core.svn.wordpress.org/trunk@23416 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-02-14 22:51:06 +00:00
Helen Hou-Sandí
b1f1579604
its <=> it's in documentation, along with a rogue the, The, and looses. props trepmal. fixes #22665 .
...
git-svn-id: http://core.svn.wordpress.org/trunk@23191 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-12-20 15:55:32 +00:00
Dion Hulse
bcbfb232f7
Correct get_home_path() for cases where WordPress is installed in a subdirectory called /wp/, previously it would match on /wp-admin instead of /wp causing an incorrect return path. Props SergeyBiryukov. Fixes #20449
...
git-svn-id: http://core.svn.wordpress.org/trunk@22800 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-11-21 22:39:59 +00:00
Andrew Nacin
4cbc20ada1
Pass the post date to wp_upload_dir() during sideloads, just as we do uploads. Ensures that sideloaded images make it into the right uploads directory.
...
props solarisssmoke, fixes #16777 .
git-svn-id: http://core.svn.wordpress.org/trunk@22105 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-10-03 18:49:37 +00:00
ryan
2417e42fe5
Improved phpdoc for file.php. Props tommcfarlin. fixes #21328
...
git-svn-id: http://core.svn.wordpress.org/trunk@21350 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-07-26 15:08:30 +00:00
dd32
509b845abc
Make get_home_path() work in more cases by being case insensitive and sanitzing Windows paths. In some cases (such as differing case of hostnames or paths in the site/home options, or when SCRIPT_FILENAME contains forward slashes) the function was failing to return the correct path, and would instead return /. Props to SergeyBiryukov for the initial patch. Fixes #20449 Fixes #10447
...
git-svn-id: http://core.svn.wordpress.org/trunk@21224 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-07-06 13:54:15 +00:00
nacin
23abe58a59
Rewrite theme-editor.php to use the new WP_Theme API. see #20103 .
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@20313 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-03-29 03:00:38 +00:00
dd32
86577f34ea
Fix a small typo.
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@20070 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-03-02 11:00:51 +00:00
duck_
bb94e702f8
Drop image resizing code from wp_handle_upload(). Fixes #19800 .
...
This code stops wp_handle_upload() from reporting errors when the upload couldn't be moved to its final local and it was a non-JS fallback that is unused.
git-svn-id: http://svn.automattic.com/wordpress/trunk@20019 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-02-28 20:02:43 +00:00
ryan
e3b46b25d3
Lose EOF ?>. Clean up EOF newlines. fixes #12307
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@19712 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-01-08 17:01:11 +00:00
dd32
e15f5275a8
Fix edge case in get_home_path() where the incorrect path may be returned. Props ptahdunbar. Fixes #18768
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@19697 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-01-06 13:46:22 +00:00
ryan
340e93324c
Remove extraneous spaces. Props kenan3008, dimadin. fixes #19501 #19433
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@19596 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-12-14 17:36:38 +00:00
ryan
07ff8b216b
Use one space, not two, after trailing punctuation. fixes #19537
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@19593 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-12-13 23:45:31 +00:00
azaozz
331b242bcd
Revert [19223] and only stop showing the checkbox, props nacin, see #19174
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@19225 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-11-08 22:34:09 +00:00
azaozz
623220187a
Remove the Resize files checkbox for now (revisit in 3.4), fixes #19174
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@19223 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-11-08 22:23:40 +00:00
ryan
62afab8db3
Pinking shears
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@19054 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-10-24 19:13:23 +00:00
markjaquith
37e23be4ed
Be more consistent with ERROR: messages. fixes #15887
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@18841 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-09-30 17:18:35 +00:00
duck_
c1d1590171
Fix typos in documentation (wp-admin/). See #18560 .
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@18632 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-09-03 14:18:10 +00:00
azaozz
9a65f6e237
Fix handling of resizing images after upload, props ocean90, see #18206
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@18517 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-08-06 21:04:15 +00:00
azaozz
91a8720fff
Pluploader take 1, props jacobwg, see #18206
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@18482 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-07-29 08:59:35 +00:00
ryan
a117773fc8
Typo fix. Props kawauso. fixes #18177
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@18447 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-07-21 17:46:01 +00:00
markjaquith
029a8d1bef
Remove code formatting from uploaded file size error messages, for now. props JohnONolan. fixes #17674
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@18193 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-06-08 16:27:57 +00:00
nacin
da2732c7de
Use wp_remote_retrieve_* helper functions instead of the raw HTTP response array. props aaroncampbell, fixes #17416 .
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@17928 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-05-14 19:45:07 +00:00
westi
80f4e83a8c
Introduce WP_MAX_MEMORY_LIMIT constant for the high memory limit we set when image processing and unzipping.
...
Ensure it is always filterable by plugins as well as configurable in wp-config
Fixes #13847 props hakre
git-svn-id: http://svn.automattic.com/wordpress/trunk@17749 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-04-28 16:25:36 +00:00
dd32
bed23730dc
Handle zip error's in PclZip better. PclZip::extract() returns an array on success, 0 on failure. Fixes #17224
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@17693 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-04-23 14:30:44 +00:00
dd32
9081c7636c
Set the mb_string internal encoding to ISO-8859-1 whilst uncompressing archives using PclZip. Fixes 'PCLZIP_ERR_BAD_FORMAT (-10) : Invalid block size' errors on systems utilising mbstring.func_overload. Fixes #15789
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@17592 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-04-03 12:32:06 +00:00
dd32
5b12ecb83d
Be a party-pooper; No more Akismet Dancing upon upgrade; Respect custom WP_CONTENT_DIR for bundled plugins/theme installation; Respect custom WP_CONTENT_DIR/WP_LANG_DIR for Language files when upgrading; Standardise WP_Filesystem path method returns (They're trailing slash'd). Adds an exclusion list to copy_dir() as well as WP_Filesystem_Base::wp_lang_dir(). See #14484 See #11495
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@17576 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-03-31 13:28:36 +00:00
dd32
00dc7a57d6
First run of introducing Stream-To-File for the WP_HTTP API. Reduces memory consumption during file downloads. Implemented in download_url() for upgraders. Props sivel. See #16236
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@17555 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-03-25 02:42:20 +00:00
dd32
a83a2842ea
Optimisations to WP_Filesystem; Pass known information to called functions. Props aldenta (John Ford) for investigation and patch. See #10913
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@17525 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-03-22 00:04:15 +00:00
nacin
53d0af84b0
Don't esc_html the default error string. props SergeyBiryukov, fixes #16058 .
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@17200 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-01-01 22:14:42 +00:00
nacin
e5b099a459
Add missing translation for 'Page Template' in the theme editor. props SergeyBiryukov, fixes #15933 .
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@17098 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-12-21 14:58:54 +00:00
westi
1bb4914c3a
Allow for the callee of download_url() to specify a different timeout if they want to - maybe they don't want to wait that long.
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@16763 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-12-07 12:45:24 +00:00
nacin
5021403b9d
Add 'Visual Editor RTL Stylesheet' to the list of theme file descriptions. see #15672 .
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@16717 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-12-04 04:22:48 +00:00
markjaquith
ad6e83136d
Improve the wording of the file upload security message. props janeforshort. fixes #13550
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@16577 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-24 20:45:21 +00:00
ryan
847499e531
Pinking shears
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@16438 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-17 18:47:34 +00:00
nacin
d81d7b7f4a
Some escaping
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@16366 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-14 17:33:16 +00:00
markjaquith
fc6e89da45
Expand submit_button() capabilities. Replace all (or almost all) manual HTML instances in WP. props sbressler. see #15064
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@16061 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-10-28 21:56:43 +00:00
nacin
82b1349664
Docs for wp-admin/includes/file.php. props sivel, see #14783 .
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@16024 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-10-27 22:24:06 +00:00
nacin
1dee100f3a
Fix typo. props mrmist, fixes #14571 .
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@15593 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-09-07 15:11:43 +00:00
dd32
fe5e3d0fb6
Do not check to see if parents of folders outside of the Destination folder exist within the Archive extractors, unzip_file() will take care of that area. Fixes #13741
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@15156 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-06-07 11:19:51 +00:00
nacin
3ba9fc235c
More request_filesystem_credentials() string improvements.
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@15130 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-06-03 18:58:41 +00:00
nacin
80437ca9e1
Add missing spaces.
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@15099 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-06-01 21:57:26 +00:00
nacin
09c448f63e
Clarify the connection information requested in request_filesystem_credentials() to reduce confusion surrounding FTP information versus your WordPress login. see #13467 , props jane.
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@15098 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-06-01 20:35:59 +00:00
dd32
92eeafce24
Always fallback to PclZip in the event that ZipArchive does not return true. The PHP Zip extension is hit-and-miss with OSX generated zip files, sometimes 0 will be emitted and extraction will succeed, others it will fail with. Reverts r14346, r14377, partially r14800. See #12637 . See #13491
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@15052 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-05-29 13:16:35 +00:00