Upstream/WordPress
1
0
Fork 0
mirror of https://github.com/WordPress/WordPress.git synced 2024-11-02 16:59:35 +01:00
Code Issues Projects Releases Wiki Activity
21,519 Commits 50 Branches 747 Tags 785 MiB
5c533c9b27
Commit Graph

80 Commits

Author SHA1 Message Date
Ryan Boren
cc5ed3a485 Change all core API to expect unslashed rather than slashed arguments. 
The exceptions to this are update_post_meta() and add_post_meta() which are often used by plugins in POST handlers and will continue accepting slashed data for now.

Introduce wp_upate_post_meta() and wp_add_post_meta() as unslashed alternatives to update_post_meta() and add_post_meta(). These functions could become methods in WP_Post so don't use them too heavily yet.

Remove all escape() calls from wp_xmlrpc_server. Now that core expects unslashed data this is no longer needed.

Remove addslashes(), addslashes_gpc(), add_magic_quotes() calls on data being prepared for handoff to core functions that until now expected slashed data. Adding slashes in no longer necessary.

Introduce wp_unslash() and use to it remove slashes from GPCS data before using it in core API. Almost every instance of stripslashes() in core should now be wp_unslash(). In the future (a release or three) when GPCS is no longer slashed, wp_unslash() will stop stripping slashes and simply return what is passed. At this point wp_unslash() calls can be removed from core.

Introduce wp_slash() for slashing GPCS data. This will also turn into a noop once GPCS is no longer slashed. wp_slash() should almost never be used. It is mainly of use in unit tests.

Plugins should use wp_unslash() on data being passed to core API.

Plugins should no longer slash data being passed to core. So when you get_post() and then wp_insert_post() the post data from get_post() no longer needs addslashes(). Most plugins were not bothering with this. They will magically start doing the right thing. Unfortunately, those few souls who did it properly will now have to avoid calling addslashes() for 3.6 and newer.

Use wp_kses_post() and wp_kses_data(), which expect unslashed data, instead of wp_filter_post_kses() and wp_filter_kses(), which expect slashed data. Filters are no longer passed slashed data.

Remove many no longer necessary calls to $wpdb->escape() and esc_sql().

In wp_get_referer() and wp_get_original_referer(), return unslashed data.

Remove old stripslashes() calls from WP_Widget::update() handlers. These haven't been necessary since WP_Widget.

Switch several queries over to prepare().

Expect something to break.

Props alexkingorg
see #21767


git-svn-id: http://core.svn.wordpress.org/trunk@23416 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-02-14 22:51:06 +00:00
Sergey Biryukov
7a77f47f55 Use correct escaping function. fixes #23334. 
git-svn-id: http://core.svn.wordpress.org/trunk@23413 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-02-14 05:52:23 +00:00
Ryan Boren
d4abd95449 Scope button classes so they can be used on the frontend without interfering with theme styles. 
Props helenyhou, koopersmith
fixes #22644


git-svn-id: http://core.svn.wordpress.org/trunk@22948 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2012-11-30 13:40:59 +00:00
Andrew Nacin
0816e433b2 Larger buttons for the DB upgrade screens. see #21598. 
git-svn-id: http://core.svn.wordpress.org/trunk@22424 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2012-11-07 18:38:17 +00:00
Ryan Boren
0794b91606 Use retina logo in install, upgrade, setup-config, repair, and confirmation screens. 
Props kopepasah, SergeyBiryukov
fixes #22375


git-svn-id: http://core.svn.wordpress.org/trunk@22419 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2012-11-07 17:34:22 +00:00
Andrew Nacin
bee6374953 Send nocache_headers() in the admin earlier, on the DB upgrade page. Prevents a potential redirect loop reproduced in Chrome from heavy caching of headers. props mdawaffe. see #21745. 
git-svn-id: http://core.svn.wordpress.org/trunk@21913 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2012-09-19 01:51:40 +00:00
nacin
5ecb56896f Update login-logo.png to use proper color. Copy it over wordpress-logo.png. Make that one canonical, and stop using login-logo.png. Leave it for plugins. props iammattthomas. see #19955. 
git-svn-id: http://svn.automattic.com/wordpress/trunk@19937 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2012-02-17 04:57:56 +00:00
nacin
6ca86ae3a8 Revert [19745]. 
git-svn-id: http://svn.automattic.com/wordpress/trunk@19746 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2012-01-24 22:14:42 +00:00
nacin
bba7742b9f --no-auth-cache 
git-svn-id: http://svn.automattic.com/wordpress/trunk@19745 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2012-01-24 22:12:53 +00:00
ryan
340e93324c Remove extraneous spaces. Props kenan3008, dimadin. fixes #19501 #19433 
git-svn-id: http://svn.automattic.com/wordpress/trunk@19596 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2011-12-14 17:36:38 +00:00
ryan
07ff8b216b Use one space, not two, after trailing punctuation. fixes #19537 
git-svn-id: http://svn.automattic.com/wordpress/trunk@19593 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2011-12-13 23:45:31 +00:00
nacin
6f9612f45c Introduce ->mysql to allow drop-ins to declare themselves as MySQL and therefore allow minimum version checks to still apply. fixes #18176. 
git-svn-id: http://svn.automattic.com/wordpress/trunk@19060 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2011-10-25 05:29:28 +00:00
azaozz
5256d7951f <!DOCTYPE html> for all, fixes #18202 
git-svn-id: http://svn.automattic.com/wordpress/trunk@18460 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2011-07-22 00:25:41 +00:00
ryan
c1a6c13f3a esc_url_raw() when doing urlencode() 
git-svn-id: http://svn.automattic.com/wordpress/trunk@17584 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2011-04-01 19:35:38 +00:00
ryan
05f63a579b s/esc_url_raw/esc_url/. Props duck_. 
git-svn-id: http://svn.automattic.com/wordpress/trunk@17582 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2011-04-01 19:29:06 +00:00
nacin
af5cc65c1c Fix typo. props SergeyBiryukov, fixes #14107. 
git-svn-id: http://svn.automattic.com/wordpress/trunk@16823 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2010-12-08 21:35:08 +00:00
markjaquith
df1887a81a Standardize around "Update" instead of "Upgrade." props RanYanivHartstein. props latz. fixes #14107 
git-svn-id: http://svn.automattic.com/wordpress/trunk@16696 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2010-12-02 21:45:47 +00:00
ryan
3f72e340d6 Update since phpdoc. Props demetris. fixes #15445 
git-svn-id: http://svn.automattic.com/wordpress/trunk@16660 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2010-12-01 19:24:38 +00:00
nacin
7b2f3bd843 Numerous RTL improvements. props ocean90, TECannon. fixes #13663, fixes #13677. 
git-svn-id: http://svn.automattic.com/wordpress/trunk@15146 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2010-06-05 21:04:48 +00:00
nacin
baa6ca4b2c Add links to the codex changelog in update notification strings. props dtoj, see #11739 
git-svn-id: http://svn.automattic.com/wordpress/trunk@13250 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2010-02-20 12:28:10 +00:00
ryan
f7d7bc2dd0 Use cap checks instead of multisite and super admin checks. Add some new caps. Merge cleanup. see #11644. 
git-svn-id: http://svn.automattic.com/wordpress/trunk@12753 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2010-01-18 22:21:36 +00:00
ryan
8760e7da1b Coding standards, space after if 
git-svn-id: http://svn.automattic.com/wordpress/trunk@12752 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2010-01-18 20:34:48 +00:00
dd32
32ac56eaa8 Always set a goback link on upgrade page. Props filosofo. Fixes #10986 
git-svn-id: http://svn.automattic.com/wordpress/trunk@12744 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2010-01-17 07:38:27 +00:00
wpmuguru
9d2762f279 merge wp-admin user, plugins, themes, upgrade , See #11644 
git-svn-id: http://svn.automattic.com/wordpress/trunk@12722 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2010-01-14 02:02:19 +00:00
ryan
166435891c Convert update_themes, update_plugins, update_core, and dismissed_update_core into site transients/plugins. Remove no longer need compat code. 
git-svn-id: http://svn.automattic.com/wordpress/trunk@12673 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2010-01-08 20:49:55 +00:00
ryan
459326c932 Check PHP and MySQL versions in install.php. see #11666 
git-svn-id: http://svn.automattic.com/wordpress/trunk@12577 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2009-12-29 22:07:35 +00:00
ryan
713940a056 Check PHP and MySQL versions in upgrade.php. see #11666 
git-svn-id: http://svn.automattic.com/wordpress/trunk@12575 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2009-12-29 21:56:48 +00:00
ryan
8e3808bce2 Remove trailing whitespace 
git-svn-id: http://svn.automattic.com/wordpress/trunk@11930 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2009-09-14 14:03:32 +00:00
markjaquith
6283b5aaf1 Create wp_validate_redirect(), have the upgrade done link use it. props Westi. fixes #10193 for trunk 
git-svn-id: http://svn.automattic.com/wordpress/trunk@11610 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2009-06-19 19:30:17 +00:00
ryan
d055804c01 Typo fix 
git-svn-id: http://svn.automattic.com/wordpress/trunk@11384 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2009-05-18 16:55:20 +00:00
markjaquith
3ebf837ced Deprecate sanitize_url() and clean_url() in favor of esc_url_raw() and esc_url() 
git-svn-id: http://svn.automattic.com/wordpress/trunk@11383 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2009-05-18 16:00:33 +00:00
ryan
67402127d6 Clear upgrade nag when doing manual upgrade. Props Denis-de-Bernardy. fixes #9139 
git-svn-id: http://svn.automattic.com/wordpress/trunk@11189 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2009-05-05 04:02:49 +00:00
markjaquith
f14080686d elbow room for upgrade.php 
git-svn-id: http://svn.automattic.com/wordpress/trunk@10986 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2009-04-17 08:00:48 +00:00
markjaquith
281d9a19f9 slightly more friendly database upgrade message 
git-svn-id: http://svn.automattic.com/wordpress/trunk@10985 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2009-04-17 07:46:43 +00:00
westi
be92ff6425 Only upgrade if we are installed. Fixes #7627 props pishmishy. 
git-svn-id: http://svn.automattic.com/wordpress/trunk@8763 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2008-08-28 20:55:40 +00:00
ryan
42ceb32c0b Upgrade db with remote post during core update. see #5560 
git-svn-id: http://svn.automattic.com/wordpress/trunk@8759 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2008-08-28 07:09:46 +00:00
westi
7f894ae416 phpdoc for wp-admin. See #7496 props santosj. 
git-svn-id: http://svn.automattic.com/wordpress/trunk@8645 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2008-08-14 06:30:38 +00:00
ryan
0283fc3717 Install styling from azaozz. fixes #7266 
git-svn-id: http://svn.automattic.com/wordpress/trunk@8297 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2008-07-09 04:33:31 +00:00
ryan
68a874a4dd wp_admin_css() improvements. Props mdawaffe. see #7011 
git-svn-id: http://svn.automattic.com/wordpress/trunk@7979 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2008-05-22 00:06:41 +00:00
ryan
5b8113578d Allow wp-config.php to exist one level up from WordPress root directory. Props sambauers. fixes #6933 
git-svn-id: http://svn.automattic.com/wordpress/trunk@7971 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2008-05-21 05:59:27 +00:00
westi
b5903814d4 urlencode the goback url to preserve any parameters. Fixes #5753 props DD32. 
git-svn-id: http://svn.automattic.com/wordpress/trunk@7095 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2008-02-28 21:57:49 +00:00
ryan
4a89a7ee40 Style updates for install from mt. fixes #5946 
git-svn-id: http://svn.automattic.com/wordpress/trunk@6965 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2008-02-21 23:55:11 +00:00
ryan
ad42d0148a Remove raquo from buttons. Props filosofo. fixes #5938 
git-svn-id: http://svn.automattic.com/wordpress/trunk@6943 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2008-02-20 19:30:55 +00:00
ryan
321c310717 Remove trailing whitespace 
git-svn-id: http://svn.automattic.com/wordpress/trunk@6026 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2007-09-03 23:32:58 +00:00
ryan
014915caea Make css cache busting and rtl inclusion uniform across admin. Props mdawaffe. fixes #4830 
git-svn-id: http://svn.automattic.com/wordpress/trunk@5965 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2007-08-28 23:23:38 +00:00
markjaquith
764f50bd3d ABSPATH already has a trailing slash. Props Nazgul. fixes #4607 
git-svn-id: http://svn.automattic.com/wordpress/trunk@5820 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2007-07-27 21:28:01 +00:00
rob1n
fbfafcf27a Update CSS paths. see #4334 
git-svn-id: http://svn.automattic.com/wordpress/trunk@5665 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2007-06-08 00:19:35 +00:00
rob1n
9ce729e656 Content-Type, not Content-type, as headers are case sensitive. Props foolswisdom and Nazgul. fixes #3545 
git-svn-id: http://svn.automattic.com/wordpress/trunk@5640 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2007-06-02 05:21:18 +00:00
ryan
770613e763 Admin includes reorg. see #4334 
git-svn-id: http://svn.automattic.com/wordpress/trunk@5542 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2007-05-25 07:16:21 +00:00
markjaquith
611b037efa use clean_url() instead of attribute_escape() when dealing with src/href to protect against XSS. props xknown. fixes #3986 for trunk. 
git-svn-id: http://svn.automattic.com/wordpress/trunk@5056 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2007-03-17 08:46:59 +00:00