Commit Graph

55 Commits

Author SHA1 Message Date
Ryan Boren
5f809d1d22 Use wp_unslash() instead of stripslashes() and stripslashes_deep(). Use wp_slash() instead of add_magic_quotes().
see #21767


git-svn-id: http://core.svn.wordpress.org/trunk@23563 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-01 17:00:25 +00:00
Ryan Boren
43a7e695e9 Revert 23416, 23419, 23445 except for wp_reset_vars() changes. We are going a different direction with the slashing cleanup, so resetting to a clean slate. see #21767
git-svn-id: http://core.svn.wordpress.org/trunk@23554 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-01 16:28:40 +00:00
Ryan Boren
cc5ed3a485 Change all core API to expect unslashed rather than slashed arguments.
The exceptions to this are update_post_meta() and add_post_meta() which are often used by plugins in POST handlers and will continue accepting slashed data for now.

Introduce wp_upate_post_meta() and wp_add_post_meta() as unslashed alternatives to update_post_meta() and add_post_meta(). These functions could become methods in WP_Post so don't use them too heavily yet.

Remove all escape() calls from wp_xmlrpc_server. Now that core expects unslashed data this is no longer needed.

Remove addslashes(), addslashes_gpc(), add_magic_quotes() calls on data being prepared for handoff to core functions that until now expected slashed data. Adding slashes in no longer necessary.

Introduce wp_unslash() and use to it remove slashes from GPCS data before using it in core API. Almost every instance of stripslashes() in core should now be wp_unslash(). In the future (a release or three) when GPCS is no longer slashed, wp_unslash() will stop stripping slashes and simply return what is passed. At this point wp_unslash() calls can be removed from core.

Introduce wp_slash() for slashing GPCS data. This will also turn into a noop once GPCS is no longer slashed. wp_slash() should almost never be used. It is mainly of use in unit tests.

Plugins should use wp_unslash() on data being passed to core API.

Plugins should no longer slash data being passed to core. So when you get_post() and then wp_insert_post() the post data from get_post() no longer needs addslashes(). Most plugins were not bothering with this. They will magically start doing the right thing. Unfortunately, those few souls who did it properly will now have to avoid calling addslashes() for 3.6 and newer.

Use wp_kses_post() and wp_kses_data(), which expect unslashed data, instead of wp_filter_post_kses() and wp_filter_kses(), which expect slashed data. Filters are no longer passed slashed data.

Remove many no longer necessary calls to $wpdb->escape() and esc_sql().

In wp_get_referer() and wp_get_original_referer(), return unslashed data.

Remove old stripslashes() calls from WP_Widget::update() handlers. These haven't been necessary since WP_Widget.

Switch several queries over to prepare().

Expect something to break.

Props alexkingorg
see #21767


git-svn-id: http://core.svn.wordpress.org/trunk@23416 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-02-14 22:51:06 +00:00
Andrew Nacin
4d1bc9bb6d Retina/span spinner cleanup. Restores CSS classes no longer used by core. props lessbloat. fixes #21456.
git-svn-id: http://core.svn.wordpress.org/trunk@22167 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-10-10 20:34:19 +00:00
Andrew Nacin
1acd8b556f New HiDPI spinner. Uses clean <span class="spinner"></span> markup.
Be on the lookout for weirdness.
props lessbloat. see #21456.



git-svn-id: http://core.svn.wordpress.org/trunk@22019 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-09-26 19:57:44 +00:00
Ryan Boren
a3cfe28527 Reduce reliance on global variables in the list tables. Allow passing a screen ID to the list tables so that ajax handlers can set the needed screen.
Props nacin
fixes #21871


git-svn-id: http://core.svn.wordpress.org/trunk@21914 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-09-19 12:43:31 +00:00
Andrew Nacin
2676491ceb Indicate on themes.php when a theme is a child that requires a parent theme. fixes #17944.
git-svn-id: http://core.svn.wordpress.org/trunk@21816 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-09-11 19:12:37 +00:00
Ryan Boren
fafbaa51e4 Change the number of themes shown per page in themes.php from 999 to 36 so that infinite scroll engages. 36 was chosen to match the per page limit for theme-install.php
git-svn-id: http://core.svn.wordpress.org/trunk@21768 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-09-05 20:33:34 +00:00
Andrew Nacin
fb36abe6b7 Always URL-encode a stylesheet directory value before using it in a URL. These situations are saved by wp_nonce_url(), but we should not depend on that. see #21749, for trunk only.
git-svn-id: http://core.svn.wordpress.org/trunk@21755 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-09-04 22:35:12 +00:00
Andrew Nacin
d476c22aa1 Fix old-school Preview links when a theme directory contains spaces. Fix the theme-editor.php link from MS themes screens when a theme directory contains spaces. see #21749.
git-svn-id: http://core.svn.wordpress.org/trunk@21752 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-09-04 22:25:25 +00:00
Andrew Nacin
bdec91100c Remove paths to where theme files are located from theme details on themes.php. props lessbloat, see #17944.
git-svn-id: http://core.svn.wordpress.org/trunk@21650 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-08-28 18:48:50 +00:00
azaozz
34535097b7 Remove nearly all tabindex attributes from the admin, leaving them only where absolutely necessary (for now that's only the toolbar).
Add tabindex="-1" for the menu images links to avoid double tab stops there when the menu is expanded.

Fix/add auto-focus on the first input fields on the Add/Edit Post, all taxonomy, all edit taxonomy, Log In and Edit Comment screens.

See #21340.

git-svn-id: http://core.svn.wordpress.org/trunk@21311 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-07-24 00:15:15 +00:00
nacin
98b61d9a17 Theme Customizer: Block non-existent or non-allowed themes, unless the non-allowed theme is the active theme. Support a user having edit_theme_options xor switch_themes. fixes #20852.
git-svn-id: http://core.svn.wordpress.org/trunk@21010 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-06-06 20:34:24 +00:00
ryan
eb09282a9c 'Live Preview' instead of 'Customize' for the customizer links in the theme browser. see #19910
git-svn-id: http://core.svn.wordpress.org/trunk@20827 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-05-18 16:27:24 +00:00
koopersmith
73246fa076 Theme Customizer: Remove unused 'template' argument from wp_customize_url. see #19910.
git-svn-id: http://svn.automattic.com/wordpress/trunk@20520 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-04-18 20:57:06 +00:00
nacin
aab399efbc Theme Customizer: Stick to wp_customize_url() instead of wp_customize_href(). Switch argument order so it is stylesheet-template. (Template is hypothetically optional, but the function will not support that.) see #19910.
Move to ->display('Name'), as ->get('Name') is a raw, untranslated version of the header.



git-svn-id: http://svn.automattic.com/wordpress/trunk@20477 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-04-16 14:36:47 +00:00
koopersmith
a5dacf7da5 Theme Customizer: Allow the customize iframe to be accessed directly (with full feature support). see #19910.
* Move the 'Return to Manage Themes' and 'Collapse Sidebar' actions from themes.php to customize-controls.php.
* Create a postMessage connection between themes.php and customize-controls.php.
* Allow the theme customizer to be accessed directly (independent of themes.php and the customize loader).
* Add wp_customize_href() and wp_customize_url().
* Remove wp_customize_loader(). To include the loader, use wp_enqueue_script( 'customize-loader' ).
* The theme customizer now requires postMessage browser support.
* Add .hide-if-customize and .hide-if-no-customize CSS classes.
* Clean up customize-preview.js.

git-svn-id: http://svn.automattic.com/wordpress/trunk@20476 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-04-16 14:02:28 +00:00
koopersmith
1ec7a95c8b Theme list table style improvements. Make 'delete' link red and separate from other actions. New action separators. see #20403.
git-svn-id: http://svn.automattic.com/wordpress/trunk@20455 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-04-12 21:10:40 +00:00
koopersmith
b909e55294 Theme browsing UX improvements. see #20403.
* On manage/install themes pages, moved author under theme name.
* On manage themes page, moved version number to details.

git-svn-id: http://svn.automattic.com/wordpress/trunk@20414 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-04-10 00:15:13 +00:00
koopersmith
2fd59af7a6 Theme Customizer: Improve the customize loader and themes list table markup. see #19910.
* Use event delegation for triggering the customize loader (so we play nicely with infinite scroll).
* Use data attributes on .load-customize links instead of parsing the href.
* Properly translate the 'Customize' string instead of injecting the replacement with JS.

git-svn-id: http://svn.automattic.com/wordpress/trunk@20352 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-04-04 21:02:29 +00:00
koopersmith
e251ff1c04 Partially revert [20100]. The list_args JS variable cannot be extended due to its use as an argument in fetch-list. see #19815.
We should reattempt extending the args created in WP_List_Table, but will need to deprecate the current list_args to do so.

Also, infinite scroll on themes pages is no longer broken. Go team.

git-svn-id: http://svn.automattic.com/wordpress/trunk@20104 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-03-03 02:40:43 +00:00
nacin
1fed7c5c11 Allow WP_List_Table::_js_vars() to take an array of additional args to add. Allows us to have a single variable printing data when child classes need more data. Also, fix compact() call in [20094]. see #19815.
git-svn-id: http://svn.automattic.com/wordpress/trunk@20100 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-03-02 23:06:31 +00:00
nacin
05313daa77 Output themes and theme-install infinite scrolling args in JS, rather than parsing query strings. props DH-Shredder, helenyhou. Make WP_Theme_Install_List_Table extend WP_Themes_List_Table. Doesn't help much yet, but we should be able to dry things up further. see #19815.
git-svn-id: http://svn.automattic.com/wordpress/trunk@20094 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-03-02 22:09:26 +00:00
nacin
2b32b9bb8c Remove debug cruft.
git-svn-id: http://svn.automattic.com/wordpress/trunk@20068 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-03-02 00:13:05 +00:00
nacin
f283ed40c6 Remove theme tags from the themes.php UI. They just take up room and are redundant with the feature filter. The installer already does not show tags. props DH-Shredder, fixes #20147.
git-svn-id: http://svn.automattic.com/wordpress/trunk@20065 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-03-01 23:58:10 +00:00
nacin
b1621b75bb In WP_Themes_List_Table, don't perform unnecessary sanitization on search terms or filter features. We only use these for case-insensitive comparison. see #19815.
git-svn-id: http://svn.automattic.com/wordpress/trunk@20048 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-02-29 22:19:18 +00:00
nacin
8ba92a52f8 Have WP_Theme::get_screenshot() default to an absolute URI. Allow 'relative' to be requested. see #20103, see #19816.
git-svn-id: http://svn.automattic.com/wordpress/trunk@20043 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-02-29 20:31:56 +00:00
nacin
d130a63e25 Introduce WP_Theme, wp_get_themes(), and wp_get_theme() to replace get_themes(), get_theme(), get_theme_data(), current_theme_info(), and others.
* Getters and Helpers: Introduces a series of methods to allow for easy generation of headers for display, and other theme metadata, including page templates.
 * Screenshots: Handles support for multiple screenshots. (see # Additional screenshots must be PNG and start with screenshot-2.png, and be sequential to be counted. see #19816.
 * Error Handling: Broken themes have a WP_Error object attached to them.
 * Caching: Introduces a wp_cache_themes_persistently filter (also in [20020]) to enable persistent caching of all filesystem and sanitization operations normally handled by WP_Theme (and formerly get_file_data() and get_themes()). Themes are cached individually and across five different cache keys for different data pieces.
 * Compatibility: A WP_Theme object is backwards compatible with a theme's array formerly returned by get_themes() and get_theme(), and an stdClass object formerly returned by current_theme_info().
 * i18n/L10n: Theme headers are now localizable with proper Text Domain and Domain Path headers, like plugins. (Language packs may remove the requirement for headers.) For page templates, see #6007 (not fixed yet, but will be easy now). For headers, fixes #15858.
 * PHP and CSS files: New methods that fetch a list of theme files (for the theme editor) only on demand, rather than only loading them into memory. fixes #11214.

Functions deprecated:
 * get_themes(), get_allowed_themes() and get_broken_themes() -- use wp_get_themes()
 * get_theme() and current_theme_info() -- use wp_get_theme()
 * get_site_allowed_themes() -- use WP_Theme::get_allowed_on_network()
 * wpmu_get_blog_allowedthemes() -- use WP_theme::get_allowed_on_site()

see also [20016], [20018], [20019], [20020], [20021], [20022], [20025], [20026], [20027]. also fixes #19244.

see #20103.



git-svn-id: http://svn.automattic.com/wordpress/trunk@20029 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-02-28 21:24:44 +00:00
nacin
7959828e48 Faster theme searching. Only calculate what is necessary -- if the theme doesn't have all of the features, bail. If a word matches a tag or header, jump to the next word, we don't care how many times it matches. see #20103.
git-svn-id: http://svn.automattic.com/wordpress/trunk@20027 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-02-28 20:51:19 +00:00
nacin
2a15b783aa Don't sanitize theme tags while trying to search through them, as it is unnecessary. It is also very expensive -- 50% of the pageload for a search was spent sanitizing tags. see #20103.
git-svn-id: http://svn.automattic.com/wordpress/trunk@20026 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-02-28 20:41:53 +00:00
nacin
013b783a05 Preserve keys when splitting themes up for pagination. props Utkarsh. fixes #15306.
git-svn-id: http://svn.automattic.com/wordpress/trunk@19980 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-02-23 14:42:01 +00:00
ryan
723bb1a99c Infinite scroll for themes.php and theme-install.php. Bump per page limit for themes.php to 999. Props helenyhou, DH-Shredder. see #19815
git-svn-id: http://svn.automattic.com/wordpress/trunk@19887 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-02-09 17:20:26 +00:00
ryan
f3a546d0fd Hide theme details by default. Props helenyhou, DH-Shredder. fixes #19853
git-svn-id: http://svn.automattic.com/wordpress/trunk@19840 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-02-06 20:54:01 +00:00
nacin
cbafaaea36 Use home_url() rather than get_option() + is_ssl(). props ocean90, fixes #19942.
git-svn-id: http://svn.automattic.com/wordpress/trunk@19811 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-02-01 22:31:35 +00:00
ryan
e3b46b25d3 Lose EOF ?>. Clean up EOF newlines. fixes #12307
git-svn-id: http://svn.automattic.com/wordpress/trunk@19712 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-01-08 17:01:11 +00:00
ryan
07ff8b216b Use one space, not two, after trailing punctuation. fixes #19537
git-svn-id: http://svn.automattic.com/wordpress/trunk@19593 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-12-13 23:45:31 +00:00
azaozz
bff7722dd1 Responsive themes screen, props helenyhou, see #18198
git-svn-id: http://svn.automattic.com/wordpress/trunk@18673 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-09-15 04:26:26 +00:00
dd32
26cc29597b Ensure all theme searching is done case-insensitive. Props solarissmoke for initial path. Fixes #17059
git-svn-id: http://svn.automattic.com/wordpress/trunk@17691 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-04-23 13:01:52 +00:00
ryan
f63ccddadb Pink the whites.
git-svn-id: http://svn.automattic.com/wordpress/trunk@17435 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-02-09 17:35:36 +00:00
nacin
37075f7f71 Remove AJAX from list tables. first pass. see #16262.
git-svn-id: http://svn.automattic.com/wordpress/trunk@17322 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-01-16 21:47:24 +00:00
ryan
d0e923486b Improve presentation when there are no available themes. Props solarissmoke, garyc40. fixes #16196
git-svn-id: http://svn.automattic.com/wordpress/trunk@17303 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-01-15 00:35:29 +00:00
nacin
f5cdbd1ded Add nonces to instances where the list table display() method is overridden. see #16188.
git-svn-id: http://svn.automattic.com/wordpress/trunk@17262 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-01-11 22:42:22 +00:00
ryan
3bce6d9be9 List table spinner. Props scribu. see #15580
git-svn-id: http://svn.automattic.com/wordpress/trunk@17090 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-12-20 18:45:05 +00:00
westi
4b4e4a02d2 Make note that this is a preview_iframe. See #15856
git-svn-id: http://svn.automattic.com/wordpress/trunk@17018 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-12-17 08:30:33 +00:00
scribu
5fce5c6d14 Always display the table, with a placeholder row when there are no items. Fixes #15849
git-svn-id: http://svn.automattic.com/wordpress/trunk@17002 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-12-16 19:05:14 +00:00
nacin
a189f21c45 Replace check_permissions() with ajax_user_can(). New method returns true/false to current_user_can(), which we then handle in admin ajax. see #15326.
git-svn-id: http://svn.automattic.com/wordpress/trunk@16992 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-12-16 09:18:28 +00:00
nacin
cc08068dba Remove check_permissions() calls outside of AJAX context. Also only check for switch_themes in check_permissions() for the themes table. see #15326.
git-svn-id: http://svn.automattic.com/wordpress/trunk@16990 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-12-16 08:43:22 +00:00
nacin
42407cf411 Adjust branching and errors in WP_Themes_List_Table::no_items(). fixes #15751.
git-svn-id: http://svn.automattic.com/wordpress/trunk@16838 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-12-09 16:12:04 +00:00
nacin
860b23d03e Don't reference nonexistent tabs. see #15707.
git-svn-id: http://svn.automattic.com/wordpress/trunk@16759 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-12-06 21:37:35 +00:00
nacin
bee34b37bc Don't show theme deletion link in multisite in the site admin. Also, link to proper theme-install when using multisite if there are no themes. see #15707.
git-svn-id: http://svn.automattic.com/wordpress/trunk@16756 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-12-06 20:48:41 +00:00