Upstream/WordPress
1
0
Fork 0
mirror of https://github.com/WordPress/WordPress.git synced 2024-06-27 15:24:59 +02:00
Code Issues Projects Releases Wiki Activity
22,216 Commits 49 Branches 744 Tags 927 MiB
633a6fb400
Commit Graph

325 Commits

Author SHA1 Message Date
Andrew Nacin
7b47322e22 Ensure the referer functions operate completely on unslashed data: wp_referer_field(), wp_original_referer_field(), wp_get_referer(), wp_get_original_referer(). 
Use wp_slash() instead of addslashes().

see #21767.



git-svn-id: http://core.svn.wordpress.org/trunk@23578 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-03-01 17:58:43 +00:00
Ryan Boren
f3a83744e9 Use wp_unslash() instead of stripslashes() and stripslashes_deep(). Use wp_slash() instead of add_magic_quotes(). 
git-svn-id: http://core.svn.wordpress.org/trunk@23567 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-03-01 17:14:09 +00:00
Ryan Boren
5f809d1d22 Use wp_unslash() instead of stripslashes() and stripslashes_deep(). Use wp_slash() instead of add_magic_quotes(). 
see #21767


git-svn-id: http://core.svn.wordpress.org/trunk@23563 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-03-01 17:00:25 +00:00
Ryan Boren
43a7e695e9 Revert 23416, 23419, 23445 except for wp_reset_vars() changes. We are going a different direction with the slashing cleanup, so resetting to a clean slate. see #21767 
git-svn-id: http://core.svn.wordpress.org/trunk@23554 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-03-01 16:28:40 +00:00
Ryan Boren
cc5ed3a485 Change all core API to expect unslashed rather than slashed arguments. 
The exceptions to this are update_post_meta() and add_post_meta() which are often used by plugins in POST handlers and will continue accepting slashed data for now.

Introduce wp_upate_post_meta() and wp_add_post_meta() as unslashed alternatives to update_post_meta() and add_post_meta(). These functions could become methods in WP_Post so don't use them too heavily yet.

Remove all escape() calls from wp_xmlrpc_server. Now that core expects unslashed data this is no longer needed.

Remove addslashes(), addslashes_gpc(), add_magic_quotes() calls on data being prepared for handoff to core functions that until now expected slashed data. Adding slashes in no longer necessary.

Introduce wp_unslash() and use to it remove slashes from GPCS data before using it in core API. Almost every instance of stripslashes() in core should now be wp_unslash(). In the future (a release or three) when GPCS is no longer slashed, wp_unslash() will stop stripping slashes and simply return what is passed. At this point wp_unslash() calls can be removed from core.

Introduce wp_slash() for slashing GPCS data. This will also turn into a noop once GPCS is no longer slashed. wp_slash() should almost never be used. It is mainly of use in unit tests.

Plugins should use wp_unslash() on data being passed to core API.

Plugins should no longer slash data being passed to core. So when you get_post() and then wp_insert_post() the post data from get_post() no longer needs addslashes(). Most plugins were not bothering with this. They will magically start doing the right thing. Unfortunately, those few souls who did it properly will now have to avoid calling addslashes() for 3.6 and newer.

Use wp_kses_post() and wp_kses_data(), which expect unslashed data, instead of wp_filter_post_kses() and wp_filter_kses(), which expect slashed data. Filters are no longer passed slashed data.

Remove many no longer necessary calls to $wpdb->escape() and esc_sql().

In wp_get_referer() and wp_get_original_referer(), return unslashed data.

Remove old stripslashes() calls from WP_Widget::update() handlers. These haven't been necessary since WP_Widget.

Switch several queries over to prepare().

Expect something to break.

Props alexkingorg
see #21767


git-svn-id: http://core.svn.wordpress.org/trunk@23416 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-02-14 22:51:06 +00:00
Ryan Boren
837c290ded Improve the contextual help for the comment bubble in the 'In Response To' column. Props lessbloat. fixes #19788 
git-svn-id: http://core.svn.wordpress.org/trunk@22275 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2012-10-23 13:37:18 +00:00
nacin
00db8b7053 Convert a bulleted list to paragraphs in the Moderating Comments help tab. props pavelevap, see #19788. 
git-svn-id: http://svn.automattic.com/wordpress/trunk@19806 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2012-02-01 14:45:19 +00:00
ryan
02a1dd7ccb Best practice, use wp_safe_redirect() when dealing with referrers. Props nacin. 
git-svn-id: http://svn.automattic.com/wordpress/trunk@19579 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2011-12-10 18:26:48 +00:00
ryan
6bba5a265b Pinking shears 
git-svn-id: http://svn.automattic.com/wordpress/trunk@19528 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2011-12-01 04:51:35 +00:00
nacin
c0dcf616c1 Help tweaks for comments, media, edit.php, update-core.php. props jane, see #19020. 
git-svn-id: http://svn.automattic.com/wordpress/trunk@19511 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2011-12-01 01:33:26 +00:00
ryan
efbbab1b3c Help tabs. Props chexee. see #19020 
git-svn-id: http://svn.automattic.com/wordpress/trunk@19445 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2011-11-24 00:21:39 +00:00
nacin
bfb98c193e s/add_help_sidebar/set_help_sidebar/g and introduce screen->remove_help_tab($id) and screen->remove_help_tabs(). see #19020, #18785. 
git-svn-id: http://svn.automattic.com/wordpress/trunk@19119 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2011-11-02 20:14:10 +00:00
ryan
3ad1f67958 Use add_help_sidebar(). see #19020 
git-svn-id: http://svn.automattic.com/wordpress/trunk@19111 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2011-11-02 03:12:37 +00:00
nacin
795ca8d394 Revert [18861], [18862], [18864], [18874], [18879], and [18880]. see #18785. 
git-svn-id: http://svn.automattic.com/wordpress/trunk@18911 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2011-10-07 04:57:12 +00:00
azaozz
bbafdfa0e5 Use add_option() method, introduce add_option_context() method for adding specific text above the screen options, see #18690 
git-svn-id: http://svn.automattic.com/wordpress/trunk@18867 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2011-10-03 04:00:57 +00:00
azaozz
3575537e5f Add screen_options with contextual content, see #18690 
git-svn-id: http://svn.automattic.com/wordpress/trunk@18864 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2011-10-02 06:59:36 +00:00
westi
1443193079 Help Tab text updatates. Fixes #17312 prop dougwrites. 
git-svn-id: http://svn.automattic.com/wordpress/trunk@18092 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2011-06-01 15:37:04 +00:00
ryan
5316894390 Fix broken help link. Props SergeyBiryukov. fixes #17265 
git-svn-id: http://svn.automattic.com/wordpress/trunk@17919 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2011-05-13 19:08:09 +00:00
markjaquith
0e57bd3a37 Centralize pagination bound exceeding redirects for list tables. props garyc40. props johnjamesjacoby. fixes #16208 
git-svn-id: http://svn.automattic.com/wordpress/trunk@17900 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2011-05-12 06:09:42 +00:00
nacin
9cb6e158fc Switch from Panel/SubPanel to Screen in inline documentation and Codex links. props michaelh, fixes #17265. 
git-svn-id: http://svn.automattic.com/wordpress/trunk@17748 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2011-04-28 15:24:49 +00:00
ryan
e9d62d1f01 From post back to get. Props SergeyBiryukov. fixes #16335 
git-svn-id: http://svn.automattic.com/wordpress/trunk@17345 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2011-01-22 01:31:21 +00:00
nacin
37075f7f71 Remove AJAX from list tables. first pass. see #16262. 
git-svn-id: http://svn.automattic.com/wordpress/trunk@17322 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2011-01-16 21:47:24 +00:00
nacin
94eb65baa0 Revert [17270], [17273], see #16166, see #16262. 
git-svn-id: http://svn.automattic.com/wordpress/trunk@17321 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2011-01-16 21:34:38 +00:00
westi
eb9c28f45a Switch back to GET from REQUEST for these so the non js searches work again. See #14927 
git-svn-id: http://svn.automattic.com/wordpress/trunk@17307 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2011-01-15 02:03:46 +00:00
nacin
7c5fd789ac Keep sorting and paging for bulk actions. props garyc40, see #16166. 
git-svn-id: http://svn.automattic.com/wordpress/trunk@17270 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2011-01-12 17:06:33 +00:00
nacin
b0be8cd9f4 Validation fixes. props ocean90, fixes #15287. 
git-svn-id: http://svn.automattic.com/wordpress/trunk@17129 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2010-12-24 14:19:41 +00:00
scribu
cfe09b99e5 Introduce WP_List_Table::search_box(). See #15353 
git-svn-id: http://svn.automattic.com/wordpress/trunk@17006 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2010-12-16 20:45:10 +00:00
nacin
cc08068dba Remove check_permissions() calls outside of AJAX context. Also only check for switch_themes in check_permissions() for the themes table. see #15326. 
git-svn-id: http://svn.automattic.com/wordpress/trunk@16990 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2010-12-16 08:43:22 +00:00
ryan
3949ce12d0 Pink trailing whites. 
git-svn-id: http://svn.automattic.com/wordpress/trunk@16900 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2010-12-13 21:21:50 +00:00
scribu
3f2c0aff8a Don't show search box if there are no items available. See #15353 
git-svn-id: http://svn.automattic.com/wordpress/trunk@16868 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2010-12-10 20:22:34 +00:00
scribu
c3b2eb3c14 Remove unnecessary comments. See #15416 
git-svn-id: http://svn.automattic.com/wordpress/trunk@16856 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2010-12-10 08:55:17 +00:00
scribu
a4f15ae9a8 Redirect to correct page after bulk action for posts and comments. Props garyc40. Fixes #15416 
git-svn-id: http://svn.automattic.com/wordpress/trunk@16855 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2010-12-10 08:49:16 +00:00
scribu
69277a1e7c Link post title on comments for a single post screen. Fixes #15609 
git-svn-id: http://svn.automattic.com/wordpress/trunk@16619 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2010-11-29 21:23:20 +00:00
scribu
6eff593e14 Get rid of in favor of . Fixes #15607. See #15580 
git-svn-id: http://svn.automattic.com/wordpress/trunk@16617 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2010-11-29 20:15:04 +00:00
scribu
37cfa3acde Prevent WSOD when no comments selected for bulk action. See #15572 
git-svn-id: http://svn.automattic.com/wordpress/trunk@16580 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2010-11-25 02:05:52 +00:00
ryan
847499e531 Pinking shears 
git-svn-id: http://svn.automattic.com/wordpress/trunk@16438 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2010-11-17 18:47:34 +00:00
ryan
2bae203166 Whitespace cleanup in contextual help. Props markmcwilliams. see #15346 
git-svn-id: http://svn.automattic.com/wordpress/trunk@16333 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2010-11-12 20:22:12 +00:00
ryan
12d42895ee Contextual help updates. Props dougwrites. see #15346 
git-svn-id: http://svn.automattic.com/wordpress/trunk@16326 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2010-11-12 15:03:34 +00:00
westi
3f5ab5b9bf Extra cap checks. See #15326. 
git-svn-id: http://svn.automattic.com/wordpress/trunk@16222 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2010-11-06 10:07:35 +00:00
westi
5e90c5d1c3 Revert [16171] and [16172] - The class names were fine as they were and the MultiSite classes stand out more with the original naming. 
git-svn-id: http://svn.automattic.com/wordpress/trunk@16175 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2010-11-04 08:07:03 +00:00
scribu
3ded7f7c68 complete the renaming. props ocean90. See #14579 
git-svn-id: http://svn.automattic.com/wordpress/trunk@16172 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2010-11-03 22:06:45 +00:00
westi
ad92d629d6 The big renaming of the list-table class files. 
See #14579

git-svn-id: http://svn.automattic.com/wordpress/trunk@16128 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2010-11-01 09:19:50 +00:00
scribu
bb99a95284 Move no_items logic to WP_Comments_Table. See #14579 
git-svn-id: http://svn.automattic.com/wordpress/trunk@16108 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2010-10-31 01:17:00 +00:00
markjaquith
fc6e89da45 Expand submit_button() capabilities. Replace all (or almost all) manual HTML instances in WP. props sbressler. see #15064 
git-svn-id: http://svn.automattic.com/wordpress/trunk@16061 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2010-10-28 21:56:43 +00:00
nacin
48d8763734 Commit the rest of [15955]. see #14579. 
git-svn-id: http://svn.automattic.com/wordpress/trunk@15956 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2010-10-25 02:58:25 +00:00
ryan
9c31fd7c70 First pass of user admin. Network admin and screen cleanups. see #14696 
git-svn-id: http://svn.automattic.com/wordpress/trunk@15746 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2010-10-07 19:34:18 +00:00
dd32
2ed8e66a7c Use the correct variable names, Fixes "Empty Spam" comments & "Approve" link. Add a clear to push "No comments found." into place. Fixes #14964 
git-svn-id: http://svn.automattic.com/wordpress/trunk@15666 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2010-09-26 10:02:23 +00:00
scribu
e975e650cf Introduce WP_List_Table::current_action() and use throughout admin list screens. See #14579 
git-svn-id: http://svn.automattic.com/wordpress/trunk@15642 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2010-09-22 00:10:39 +00:00
scribu
449d62100e Introduce 'edit_comment' meta cap. Fixes #14520 
git-svn-id: http://svn.automattic.com/wordpress/trunk@15596 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2010-09-07 23:35:28 +00:00
scribu
9a9e872597 introduce WP_List_Table::views(). See #14579 
git-svn-id: http://svn.automattic.com/wordpress/trunk@15578 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2010-09-05 21:26:27 +00:00