Commit Graph

130 Commits

Author SHA1 Message Date
Aaron Jorbin
71cf332e65 Replace usages of basename() with wp_basename() in order to support multibyte filenames
This is focused on the pieces of code that touch media files and the tests that support them. `basename` isn't multibyte compatible out of the box. See http://php.net/basename and https://bugs.php.net/bug.php?id=62119.

See #43170.
Props Viper007Bond.

Built from https://develop.svn.wordpress.org/trunk@44785


git-svn-id: http://core.svn.wordpress.org/trunk@44617 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-03-01 20:58:52 +00:00
Drew Jaynes
92aa2f9e92 Docs: Fix a few minor inline documentation typos in a variety of files and contexts.
Props ramizmanked.
Fixes #45463.

Built from https://develop.svn.wordpress.org/trunk@44331


git-svn-id: http://core.svn.wordpress.org/trunk@44161 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-12-19 07:42:49 +00:00
Gary Pendergast
56c162fbc9 Coding Standards: Upgrade WPCS to 1.0.0
WPCS 1.0.0 includes a bunch of new auto-fixers, which drops the number of coding standards issues across WordPress significantly. Prior to running the auto-fixers, there were 15,312 issues detected. With this commit, we now drop to 4,769 issues.

This change includes three notable additions:
- Multiline function calls must now put each parameter on a new line.
- Auto-formatting files is now part of the `grunt precommit` script. 
- Auto-fixable coding standards issues will now cause Travis failures.

Fixes #44600.


Built from https://develop.svn.wordpress.org/trunk@43571


git-svn-id: http://core.svn.wordpress.org/trunk@43400 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-08-17 01:51:36 +00:00
Gary Pendergast
aaf99e6913 Code is Poetry.
WordPress' code just... wasn't.
This is now dealt with.

Props jrf, pento, netweb, GaryJ, jdgrimes, westonruter, Greg Sherwood from PHPCS, and everyone who's ever contributed to WPCS and PHPCS.
Fixes #41057.


Built from https://develop.svn.wordpress.org/trunk@42343


git-svn-id: http://core.svn.wordpress.org/trunk@42172 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-30 23:11:00 +00:00
Drew Jaynes
1a28ec87e1 Docs: Remove @access notations from method DocBlocks in wp-admin/* classes.
Prior to about 2013, many class methods lacked even access modifiers which made the `@access` notations that much more useful. Now that we've gotten to a point where the codebase is more mature from a maintenance perspective and we can finally remove these notations. Notable exceptions to this change include standalone functions notated as private as well as some classes still considered to represent "private" APIs.

See #41452.

Built from https://develop.svn.wordpress.org/trunk@41161


git-svn-id: http://core.svn.wordpress.org/trunk@41001 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-07-27 00:40:43 +00:00
Sergey Biryukov
5734818e35 Docs: Add @access entries for $admin_header_callback and $admin_image_div_callback properties in Custom_Image_Header and Custom_Background.
Props rushabh4486.
Fixes #41377.
Built from https://develop.svn.wordpress.org/trunk@41100


git-svn-id: http://core.svn.wordpress.org/trunk@40940 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-07-20 11:54:43 +00:00
Drew Jaynes
1d95dcfa2c Docs: Remove superfluous @package WordPress and @subpackage notations used outside of file headers in a variety of core files.
Per the inline documentation standards for PHP, there should only be one `@package` and/or `@subpackage` notation per file, and only in the file header.

See #41017.

Built from https://develop.svn.wordpress.org/trunk@40988


git-svn-id: http://core.svn.wordpress.org/trunk@40838 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-07-01 16:58:42 +00:00
Weston Ruter
a86496aea4 Customize: Improve custom background properties UI.
Introduces new control for managing the background position. Adds control for setting the `background-size`.

Props cdog, celloexpressions, grapplerulrich, MikeHansenMe, FolioVision, afercia, helen, melchoyce, karmatosed, westonruter, Kelderic, sebastian.pisula.
Fixes #22058.

Built from https://develop.svn.wordpress.org/trunk@38948


git-svn-id: http://core.svn.wordpress.org/trunk@38891 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-26 06:52:29 +00:00
Andrea Fercia
25a882fc08 Accessibility: Remove target=_blank from the old custom background/header help tabs links.
Stop taking control of users' browsers.

Props rianrietveld.
Fixes #38141. See #23432.

Built from https://develop.svn.wordpress.org/trunk@38719


git-svn-id: http://core.svn.wordpress.org/trunk@38662 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-04 06:57:30 +00:00
Andrea Fercia
eeefec932f Administration: Improve the usage of the button CSS classes.
Introduces some consistency in the usage of the button CSS classes, fixes the
focus style for accessibility and responsiveness of the buttons.

- Adds the `button` class to all primary buttons make them responsive
- Removes all `secondary-button` classes and replaces it with button when needed. `button-secondary` shouldn't be used and exists just for backward compatibility reasons
- Replaces classes inside `submit_button()` with a shorthand for some buttons, and use an empty string for the default `button` class. Passing `button` is unnecessary
- Adjusts `get_submit_button()` to remove empty items

Props iseulde, dimchik, chris_d2d, mhowell, afercia.
Fixes #27314, #37138, #37448.

Built from https://develop.svn.wordpress.org/trunk@38672


git-svn-id: http://core.svn.wordpress.org/trunk@38615 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-09-28 19:54:28 +00:00
Drew Jaynes
6c7148943b Docs: Standardize capitalization of Ajax throughout core documentation per the core spelling guide.
Ajax, while considered an acronym for Asynchronous JavaScript and XML, is most commonly capitalized only in the first character.

Part props ocean90.
See #32246.

Built from https://develop.svn.wordpress.org/trunk@38028


git-svn-id: http://core.svn.wordpress.org/trunk@37969 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-10 00:51:30 +00:00
John Blackbourn
aa35e473f7 callback is not a valid type in PHP, PSR-5, or phpDocumentor. callable should be used instead.
Fixes #34032

Built from https://develop.svn.wordpress.org/trunk@34566


git-svn-id: http://core.svn.wordpress.org/trunk@34530 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-25 23:58:25 +00:00
Drew Jaynes
caf3df03bc Docs: Add a summary, version, and @access tag to the property DocBlock for Custom_Background->updated.
See [13765] for where the property was initially introduced.
See [30186] for where the property was actually declared.

Props brentvr.
See #30224. See #32246.

Built from https://develop.svn.wordpress.org/trunk@34490


git-svn-id: http://core.svn.wordpress.org/trunk@34454 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-24 13:34:24 +00:00
Konstantin Obenland
7dc1d06e64 Proper heading for admin screens.
First step towards restoring a good heading structure in wp-admin.
The previous `<h1>` contained the site title and a link to the front page and was removed with the toolbar refactoring in 3.2.

Props joedolson, afercia.
Fixes #31650.


Built from https://develop.svn.wordpress.org/trunk@32974


git-svn-id: http://core.svn.wordpress.org/trunk@32945 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-06-27 15:41:25 +00:00
Scott Taylor
f61501f57f The query-attachments AJAX action immediately errors out if the user doesn't have the upload_files cap. As such, the Customizer shouldn't show buttons that launch the media modal when the user doesn't have the proper permissions to query attachments.
See #32654.

Built from https://develop.svn.wordpress.org/trunk@32913


git-svn-id: http://core.svn.wordpress.org/trunk@32884 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-06-23 18:20:27 +00:00
Scott Taylor
ab66fc95bc Fix some malformed doc blocks in Custom_Background.
See #32444.

Built from https://develop.svn.wordpress.org/trunk@32734


git-svn-id: http://core.svn.wordpress.org/trunk@32705 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-06-12 18:25:25 +00:00
Scott Taylor
c6a4512b1b Add missing doc blocks to wp-admin/includes/*.
Fix some egregious uses of tabbing.
Some functions can simply return `apply_filters(...)` instead of setting a variable that is immediately returned.

See #32444.

Built from https://develop.svn.wordpress.org/trunk@32654


git-svn-id: http://core.svn.wordpress.org/trunk@32624 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-29 20:17:26 +00:00
Dominik Schilling
64fc7294b6 Use HTTPS URLs for codex.wordpress.org.
see #27115.
Built from https://develop.svn.wordpress.org/trunk@32116


git-svn-id: http://core.svn.wordpress.org/trunk@32095 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-12 21:29:32 +00:00
Scott Taylor
7f8b548df1 In HTML5, the action attribute is no longer required. Remove this attribute when empty.
The admin HTML is served with the HTML5 doctype.

"The action and formaction content attributes, if specified, must have a value that is a valid non-empty URL potentially surrounded by spaces." 
http://www.w3.org/html/wg/drafts/html/master/forms.html#attr-fs-action

Props voldemortensen.
Fixes #30126.

Built from https://develop.svn.wordpress.org/trunk@31200


git-svn-id: http://core.svn.wordpress.org/trunk@31181 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-16 04:16:24 +00:00
Scott Taylor
61f5cc459e In Custom_Background:
* In [28481], `$admin_header_callback` and `$admin_image_div_callback` were set to `private` based on their erroneous `@param` value
* `$admin_header_callback` and `$admin_image_div_callback` are used as hook callbacks - as such, they must be `public`
* In [28521] and [28524], magic methods were added for back-compat
* Currently, there are 2 properties marked `private`, `$page` and `$updated` - `$page` is never used and `$updated` was added by me in [30186] during 4.1

Set `$admin_header_callback` and `$admin_image_div_callback` to `public`.
Remove the `$page` property - it duplicated the `$page` local var and is referenced/used nowhere.
Remove the magic methods - they were beyond overkill and rendered moot by the above changes.

See #30891.

Built from https://develop.svn.wordpress.org/trunk@31133


git-svn-id: http://core.svn.wordpress.org/trunk@31114 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-10 21:59:22 +00:00
Scott Taylor
aaae4e9df0 Since get_theme_mod() returns false on failure, $background_image_thumb can be set to it and checked instead of calling get_background_image() 3 times in Custom_Background->admin_page().
See #30799.

Built from https://develop.svn.wordpress.org/trunk@31129


git-svn-id: http://core.svn.wordpress.org/trunk@31110 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-10 20:44:22 +00:00
Scott Taylor
da99d29a59 Adding a @return annotation to constructors is generally not recommended as a constructor does not have a meaningful return value - anything that is returned is discarded.
See #30799.

Built from https://develop.svn.wordpress.org/trunk@31125


git-svn-id: http://core.svn.wordpress.org/trunk@31106 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-10 06:13:22 +00:00
Scott Taylor
709698a579 In Custom_Background and Custom_Header:
* In `->init()`, don't check `current_user_can()` since `add_theme_page()` will return `false` immediately if the cap check fails. 
* Bail if `add_theme_page()` returns `false`
* `wp_check_filetype_and_ext()` doesn't need a 3rd param, it already defaults to `null`. Passing `false` would fail a strict check.

See #30799.

Built from https://develop.svn.wordpress.org/trunk@31116


git-svn-id: http://core.svn.wordpress.org/trunk@31097 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-09 21:07:22 +00:00
Dominik Schilling
fcb00b75e2 Customizer: Add _wp_attachment_is_custom_background meta to uploaded background images.
Adds `$type` property to `WP_Customize_Background_Image_Control` (PHP) and introduces `wp.customize.BackgroundControl` (JS).

see #30707.
Built from https://develop.svn.wordpress.org/trunk@30885


git-svn-id: http://core.svn.wordpress.org/trunk@30873 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-12-15 23:28:23 +00:00
Dominik Schilling
15df631e76 Make notices added in [30459] less ugly.
see #25569, #25571, [30505].
Built from https://develop.svn.wordpress.org/trunk@30657


git-svn-id: http://core.svn.wordpress.org/trunk@30647 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-30 12:21:22 +00:00
Dominik Schilling
cffba3c1ba Customizer: Use deep-links for Backgrounds, Headers, and Widgets.
Replace links in admin menu and toolbar to Custom Background/Header screen with deep-links to the Customizer section.
On the Widgets screen display a link to the Customizer widgets panel.

props topher1kenobe, rzen, celloexpressions, westonruter
fixes #25569, #25571, #28032.
Built from https://develop.svn.wordpress.org/trunk@30459


git-svn-id: http://core.svn.wordpress.org/trunk@30450 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-20 15:29:23 +00:00
Dominik Schilling
120cb5e6ef Improve keyboard accessibility on Custom Header and Custom Background screen.
props florianziegler.
fixes #29289.
Built from https://develop.svn.wordpress.org/trunk@30327


git-svn-id: http://core.svn.wordpress.org/trunk@30326 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-13 12:00:57 +00:00
Scott Taylor
a14a4fc9a5 In Custom_Background, declare $updated as a property.
See #30224.

Built from https://develop.svn.wordpress.org/trunk@30186


git-svn-id: http://core.svn.wordpress.org/trunk@30186 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-03 05:08:22 +00:00
Drew Jaynes
a8583d5f19 Fix some words that aren't words.
See #28885.

Built from https://develop.svn.wordpress.org/trunk@29454


git-svn-id: http://core.svn.wordpress.org/trunk@29232 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-08-09 19:30:17 +00:00
Drew Jaynes
097dc8ee15 Fix syntax for single- and multi-line comments in wp-admin-directory files.
See #28931.

Built from https://develop.svn.wordpress.org/trunk@29206


git-svn-id: http://core.svn.wordpress.org/trunk@28990 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-07-17 09:14:16 +00:00
Drew Jaynes
3665b5a1a1 Add periods to short descriptions for magic methods added in [28501], [28521], and [28524].
See #22234 and #28885.

Built from https://develop.svn.wordpress.org/trunk@29165


git-svn-id: http://core.svn.wordpress.org/trunk@28949 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-07-14 01:12:14 +00:00
Drew Jaynes
5752274fc2 Fill out inline documentation for magic methods added to the Custom_Background class in [28481], [28521], and [28524].
See #22234 and #28885.

Built from https://develop.svn.wordpress.org/trunk@29149


git-svn-id: http://core.svn.wordpress.org/trunk@28933 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-07-13 23:58:15 +00:00
Scott Taylor
85f73cf458 Classes that have __set() also need __isset() and __unset().
See #27881, #22234.

Built from https://develop.svn.wordpress.org/trunk@28524


git-svn-id: http://core.svn.wordpress.org/trunk@28350 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-19 06:52:14 +00:00
Scott Taylor
821246b4ae Some classes with __get() method also need __set().
See #27881, #22234.

Built from https://develop.svn.wordpress.org/trunk@28521


git-svn-id: http://core.svn.wordpress.org/trunk@28347 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-19 06:31:15 +00:00
Scott Taylor
2e912d3108 Use proper access modifiers and add a magic __get() method to Custom_Background and Custom_Image_Header.
See #27881, #22234.

Built from https://develop.svn.wordpress.org/trunk@28481


git-svn-id: http://core.svn.wordpress.org/trunk@28307 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-18 21:31:16 +00:00
Andrew Nacin
dce0b9adea Use SSL when linking to WordPress.org. see #27115.
Built from https://develop.svn.wordpress.org/trunk@27469


git-svn-id: http://core.svn.wordpress.org/trunk@27314 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-03-08 04:14:15 +00:00
Andrew Ozz
eb1d21d782 Remove all "valign" attributes from tables in wp-admin, props MikeHansenMe, Marventus. Fixes #22712.
Built from https://develop.svn.wordpress.org/trunk@27029


git-svn-id: http://core.svn.wordpress.org/trunk@26905 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-01-24 19:06:15 +00:00
Sergey Biryukov
2f3ebce172 Always show Background Image section heading and the opening table tag on Custom Background screen, to make in consistent with Custom Header and avoid broken markup.
props obenland.
fixes #26731.
Built from https://develop.svn.wordpress.org/trunk@26878


git-svn-id: http://core.svn.wordpress.org/trunk@26761 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-12-29 08:06:11 +00:00
Andrew Nacin
9be4bd5720 Rename the new custom-background arguments passed to add_theme_support().
* background-position becomes default-position-x
 * background-attachment becomes default-attachment
 * background-repeat becomes default-repeat

These are in line with existing default-image and default-color arguments, and also makes the position argument unambiguous and forwards compatible.

fixes #20816.

Built from https://develop.svn.wordpress.org/trunk@26594


git-svn-id: http://core.svn.wordpress.org/trunk@26484 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-12-03 21:36:10 +00:00
Andrew Ozz
8d6059b383 Remove all screen_icon() calls and deprecate the functions, props TobiasBg, fixes #26119
Built from https://develop.svn.wordpress.org/trunk@26518


git-svn-id: http://core.svn.wordpress.org/trunk@26411 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-12-02 03:53:11 +00:00
Jon Cave
fd14a5df71 Allow customisation of theme mod defaults via custom-background theme support.
Give the power to theme authors to select defaults when registering
custom-background support.

Props obenland. Fixes #20816.

Built from https://develop.svn.wordpress.org/trunk@26352


git-svn-id: http://core.svn.wordpress.org/trunk@26253 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-11-24 14:05:10 +00:00
Andrew Nacin
5361a8abca Spell out duplicate hook locations.
props DrewAPicture.
fixes #25658.

Built from https://develop.svn.wordpress.org/trunk@25868


git-svn-id: http://core.svn.wordpress.org/trunk@25868 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-10-24 22:59:20 +00:00
Andrew Nacin
8ae8e01b67 Remove the old wp_auto_updates_maybe_update cron event. Schedule the new wp_maybe_auto_update event at 7 a.m. and 7 p.m. in the site's timezone.
see #27704.

Built from https://develop.svn.wordpress.org/trunk@25825


git-svn-id: http://core.svn.wordpress.org/trunk@25825 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-10-24 22:53:14 +00:00
Andrew Nacin
74488bdcb0 Spell out duplicate hook locations.
props DrewAPicture.
fixes #25658.

Built from https://develop.svn.wordpress.org/trunk@25868


git-svn-id: http://core.svn.wordpress.org/trunk@25780 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-10-22 17:22:11 +00:00
Andrew Nacin
e17beb58f7 Mark the hooks in custom-background.php as duplicates.
* image_size_names_choose should be documented in wp-includes/media.php
 * wp_create_file_in_uploads should be documented in custom-header.php

see #25229.

Built from https://develop.svn.wordpress.org/trunk@25283


git-svn-id: http://core.svn.wordpress.org/trunk@25247 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-09-06 17:05:09 +00:00
Scott Taylor
31f26dc3ce Remove lingering instances of call time pass-by-reference, limited to instances of callable - use $this instead of &$this.
Props jdgrimes.
See #25160.


Built from https://develop.svn.wordpress.org/trunk@25254


git-svn-id: http://core.svn.wordpress.org/trunk@25222 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-09-05 16:34:09 +00:00
Andrew Nacin
043f19b1dc When generating a background image thumbnail URL, escape percent signs for the eventual sprintf() call inside get_theme_mod().
props cfinke.
fixes #21241.



git-svn-id: http://core.svn.wordpress.org/trunk@24630 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-07-10 04:42:03 +00:00
Andrew Nacin
e6afcb4aa2 Context for 'Attachment' when referring to the background image attachment. props xibe, fixes #23433.
git-svn-id: http://core.svn.wordpress.org/trunk@24621 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-07-10 03:07:53 +00:00
Ryan Boren
43a7e695e9 Revert 23416, 23419, 23445 except for wp_reset_vars() changes. We are going a different direction with the slashing cleanup, so resetting to a clean slate. see #21767
git-svn-id: http://core.svn.wordpress.org/trunk@23554 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-01 16:28:40 +00:00
Ryan Boren
cc5ed3a485 Change all core API to expect unslashed rather than slashed arguments.
The exceptions to this are update_post_meta() and add_post_meta() which are often used by plugins in POST handlers and will continue accepting slashed data for now.

Introduce wp_upate_post_meta() and wp_add_post_meta() as unslashed alternatives to update_post_meta() and add_post_meta(). These functions could become methods in WP_Post so don't use them too heavily yet.

Remove all escape() calls from wp_xmlrpc_server. Now that core expects unslashed data this is no longer needed.

Remove addslashes(), addslashes_gpc(), add_magic_quotes() calls on data being prepared for handoff to core functions that until now expected slashed data. Adding slashes in no longer necessary.

Introduce wp_unslash() and use to it remove slashes from GPCS data before using it in core API. Almost every instance of stripslashes() in core should now be wp_unslash(). In the future (a release or three) when GPCS is no longer slashed, wp_unslash() will stop stripping slashes and simply return what is passed. At this point wp_unslash() calls can be removed from core.

Introduce wp_slash() for slashing GPCS data. This will also turn into a noop once GPCS is no longer slashed. wp_slash() should almost never be used. It is mainly of use in unit tests.

Plugins should use wp_unslash() on data being passed to core API.

Plugins should no longer slash data being passed to core. So when you get_post() and then wp_insert_post() the post data from get_post() no longer needs addslashes(). Most plugins were not bothering with this. They will magically start doing the right thing. Unfortunately, those few souls who did it properly will now have to avoid calling addslashes() for 3.6 and newer.

Use wp_kses_post() and wp_kses_data(), which expect unslashed data, instead of wp_filter_post_kses() and wp_filter_kses(), which expect slashed data. Filters are no longer passed slashed data.

Remove many no longer necessary calls to $wpdb->escape() and esc_sql().

In wp_get_referer() and wp_get_original_referer(), return unslashed data.

Remove old stripslashes() calls from WP_Widget::update() handlers. These haven't been necessary since WP_Widget.

Switch several queries over to prepare().

Expect something to break.

Props alexkingorg
see #21767


git-svn-id: http://core.svn.wordpress.org/trunk@23416 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-02-14 22:51:06 +00:00