Commit Graph

133 Commits

Author SHA1 Message Date
Ryan Boren
cc5ed3a485 Change all core API to expect unslashed rather than slashed arguments.
The exceptions to this are update_post_meta() and add_post_meta() which are often used by plugins in POST handlers and will continue accepting slashed data for now.

Introduce wp_upate_post_meta() and wp_add_post_meta() as unslashed alternatives to update_post_meta() and add_post_meta(). These functions could become methods in WP_Post so don't use them too heavily yet.

Remove all escape() calls from wp_xmlrpc_server. Now that core expects unslashed data this is no longer needed.

Remove addslashes(), addslashes_gpc(), add_magic_quotes() calls on data being prepared for handoff to core functions that until now expected slashed data. Adding slashes in no longer necessary.

Introduce wp_unslash() and use to it remove slashes from GPCS data before using it in core API. Almost every instance of stripslashes() in core should now be wp_unslash(). In the future (a release or three) when GPCS is no longer slashed, wp_unslash() will stop stripping slashes and simply return what is passed. At this point wp_unslash() calls can be removed from core.

Introduce wp_slash() for slashing GPCS data. This will also turn into a noop once GPCS is no longer slashed. wp_slash() should almost never be used. It is mainly of use in unit tests.

Plugins should use wp_unslash() on data being passed to core API.

Plugins should no longer slash data being passed to core. So when you get_post() and then wp_insert_post() the post data from get_post() no longer needs addslashes(). Most plugins were not bothering with this. They will magically start doing the right thing. Unfortunately, those few souls who did it properly will now have to avoid calling addslashes() for 3.6 and newer.

Use wp_kses_post() and wp_kses_data(), which expect unslashed data, instead of wp_filter_post_kses() and wp_filter_kses(), which expect slashed data. Filters are no longer passed slashed data.

Remove many no longer necessary calls to $wpdb->escape() and esc_sql().

In wp_get_referer() and wp_get_original_referer(), return unslashed data.

Remove old stripslashes() calls from WP_Widget::update() handlers. These haven't been necessary since WP_Widget.

Switch several queries over to prepare().

Expect something to break.

Props alexkingorg
see #21767


git-svn-id: http://core.svn.wordpress.org/trunk@23416 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-02-14 22:51:06 +00:00
Sergey Biryukov
8e32770793 Define the variable before using it. fixes #23181.
git-svn-id: http://core.svn.wordpress.org/trunk@23337 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-01-23 03:00:20 +00:00
Andrew Nacin
9bba27f4e5 Fix various typos and omissions across a number of help tabs. props DrewAPicture, Ipstenu. see #22451.
git-svn-id: http://core.svn.wordpress.org/trunk@22812 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-11-22 08:45:15 +00:00
Andrew Nacin
dfb844b64b Remove legacy media uploader bits from custom-header.php and custom-background.php. see #22186, #21390.
git-svn-id: http://core.svn.wordpress.org/trunk@22778 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-11-21 17:44:49 +00:00
Andrew Nacin
83eeb80dfb Custom Header: Remove Farbtastic-era "Reset Text Color" button. Show default color when JS is disabled. props DrewAPicture. fixes #22461.
git-svn-id: http://core.svn.wordpress.org/trunk@22695 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-11-20 01:53:59 +00:00
Andrew Nacin
e14ff50cfb Don't allow non-image uploads for custom headers and backgrounds. props kovshenin. fixes #22149.
git-svn-id: http://core.svn.wordpress.org/trunk@22521 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-11-10 05:36:37 +00:00
Andrew Nacin
2d13e264a4 URLs should be esc_url(), not esc_attr().
git-svn-id: http://core.svn.wordpress.org/trunk@22520 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-11-10 05:30:51 +00:00
Daryl Koopersmith
9af37358a9 Integrate media with the custom header page. fixes #21820, see #21390.
git-svn-id: http://core.svn.wordpress.org/trunk@22505 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-11-09 11:59:05 +00:00
Ryan Boren
b8140cf35e Update help text for color picker in custom header and background screens.
Props DrewAPicture
fixes #22393


git-svn-id: http://core.svn.wordpress.org/trunk@22470 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-11-08 19:32:49 +00:00
Ryan Boren
1534fe4978 Don't show "Skip Cropping, Publish Image as Is" button for themes that do not support headers with flexible width or height. Forces too small images to be scaled to fit in the absence of flex support.
Props MadtownLems, kobenland
fixes #21100


git-svn-id: http://core.svn.wordpress.org/trunk@22468 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-11-08 19:11:46 +00:00
Andrew Nacin
f466722928 Proper button heights on the custom header and background pages. props johnbillion. fixes #22385.
git-svn-id: http://core.svn.wordpress.org/trunk@22462 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-11-08 01:51:05 +00:00
Andrew Nacin
b9b9ebeeae Forms with the class .wp-upload-form will now have their submit button disabled until a file is selected. props kovshenin, helenyhou, lessbloat, SergeyBiryukov, tommcfarlin. fixes #20855.
git-svn-id: http://core.svn.wordpress.org/trunk@22459 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-11-07 23:54:03 +00:00
Andrew Nacin
0b6cf76853 New color picker, props mattwiebe. see #21206.
Replaces Farbtastic. May change further in response to user testing.



git-svn-id: http://core.svn.wordpress.org/trunk@22030 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-09-27 01:57:38 +00:00
Andrew Nacin
c1b0670c2d Updates and fixes to the new button styles. By default, buttons are now the same size as they were in 3.4. Then there is a smaller button (designed for minor elements) and a larger button (designed for things like Publish and Save Changes). Better focus styles. props lessbloat. see #21598.
git-svn-id: http://core.svn.wordpress.org/trunk@21944 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-09-21 19:34:23 +00:00
Ryan Boren
77fdb14c2c Fix display issues in the custom header screen when height is not specified. Use get_header_image() instead of header_image() so that esc_url() can do its job. Props JarretC, SergeyBiryukov, georgestephanis. fixes #21130 #21433
git-svn-id: http://core.svn.wordpress.org/trunk@21508 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-08-14 19:24:36 +00:00
Ryan Boren
076868e109 Better instruction text on custom header screen. Props jane, JustinSainton fixes #20992
git-svn-id: http://core.svn.wordpress.org/trunk@21502 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-08-14 18:32:26 +00:00
ryan
808ce796ae * Introduce remove_header_image(), reset_header_image(), set_header_image(), and get_header_image_data() for Custom_Image_Header.
* Handle all set/get of header theme mod through these methods.
* Use these methods in the customizer.

Props kovshenin, nacin, SergeyBiryukov, koopersmith.
fixes #20871


git-svn-id: http://core.svn.wordpress.org/trunk@21037 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-06-10 00:32:19 +00:00
ryan
23104564f0 Check context before adding media upload filters. Props SergeyBiryukov. fixes #20819
git-svn-id: http://core.svn.wordpress.org/trunk@21009 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-06-06 16:48:53 +00:00
ryan
82122d2ba8 Don't show mime type filter links when choosing an image header from the media library. Props SergeyBiryukov, georgestephanis. fixes #20819
git-svn-id: http://core.svn.wordpress.org/trunk@20982 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-06-04 14:37:57 +00:00
ryan
e6e9f59761 Update custom header help text to reflect recent UI changes. Props SergeyBiryukov, rasheed. fixes #20827
git-svn-id: http://core.svn.wordpress.org/trunk@20981 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-06-04 14:13:20 +00:00
ryan
9f9ae83e87 Make the Skip Cropping button secondary. Props SergeyBiryukov, nacin. fixes #20815
git-svn-id: http://core.svn.wordpress.org/trunk@20980 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-06-02 16:57:10 +00:00
nacin
b545454ceb When the current image is the default image, don't show buttons to restore to that image, for both custom headers and backgrounds. props mfields, SergeyBiryukov. fixes #20763.
git-svn-id: http://core.svn.wordpress.org/trunk@20966 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-05-30 21:58:27 +00:00
ryan
c0339644ea Shears of vigorous pinking.
git-svn-id: http://core.svn.wordpress.org/trunk@20944 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-05-27 16:25:43 +00:00
nacin
92423061e4 Move from 'Upload Image' to 'Select Image' as this section now includes choosing an image from the media library. see #20737.
git-svn-id: http://core.svn.wordpress.org/trunk@20885 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-05-24 21:07:39 +00:00
ryan
4cad786961 Improve appearance of "choose from library" link for headers and backgrounds. Props SergeyBiryukov, sabreuse. see #20737
git-svn-id: http://core.svn.wordpress.org/trunk@20884 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-05-24 21:03:38 +00:00
ryan
17f9635a45 Feature pointers for choosing an image from the library on the custom header and background pages. see #20554
git-svn-id: http://core.svn.wordpress.org/trunk@20839 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-05-21 20:34:20 +00:00
ryan
15b9961b52 set_url_scheme() for header and background image srcs. see #20702
git-svn-id: http://core.svn.wordpress.org/trunk@20830 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-05-18 20:22:57 +00:00
ryan
a6894d0b59 Create a new attachment and make a copy of the image when selecting an image from the image library. This prevents orphaning the header if the original attachment is deleted. This also prevents stomping of meta.
Add a button to skip cropping.

Props SergeyBiryukov
Fixes #20657 #20667


git-svn-id: http://core.svn.wordpress.org/trunk@20806 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-05-16 17:47:55 +00:00
ryan
a0f07732d4 Check wp_crop_image() for a false return value. Don't delete original image if crop not sucessful. Don't delete the original image when wp_crop_image() returns it untouched. Prevents deletion of header image when no cropping is done to the originally uploaded image. Props SergeyBiryukov, westi. fixes #20657
git-svn-id: http://core.svn.wordpress.org/trunk@20769 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-05-11 16:15:15 +00:00
duck_
ae9ce57153 Fix typo in Custom Header contextual help. Props klagraff. Fixes #20518.
git-svn-id: http://core.svn.wordpress.org/trunk@20768 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-05-11 07:12:20 +00:00
ryan
7e3010ef46 Use correct translation function. Props kobenland, SergeyBiryukov. fixes #20646
git-svn-id: http://core.svn.wordpress.org/trunk@20757 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-05-09 21:13:22 +00:00
ryan
9dfe713b5a Don't concatenate translated strings. see #20518
git-svn-id: http://core.svn.wordpress.org/trunk@20719 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-05-03 22:00:25 +00:00
ryan
1e54f64be5 Custom header contextual help updates. Props TomAuger. see #20518
git-svn-id: http://core.svn.wordpress.org/trunk@20718 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-05-03 21:54:50 +00:00
nacin
15b661ecab Make admin-head-callback optional for custom headers. Reverts part of [20684]. fixes #20603.
git-svn-id: http://core.svn.wordpress.org/trunk@20712 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-05-03 13:30:55 +00:00
ryan
61ffb70037 Don't convert png to jpg when cropping a header. Prevents stomping transparency. Props SergeyBiryukov, kovshenin. fixes #20555
git-svn-id: http://core.svn.wordpress.org/trunk@20706 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-05-02 21:35:56 +00:00
ryan
a7f2d67f6d Make choosing a header image from the media library play nicely with file replication plugins that do not guarantee images will be retained in the local filesystem.
* When passing an attachment ID to wp_crop_image(), use load_image_to_edit() to fetch the image via a url fopen when the image does not exist in the filesystem.
* Move load_image_to_edit() to wp-admin/includes/image.php so that it is always available for admin pages loads.
* Fallback to the height and width stored in the attachment meta when the image no longer exists in the filesystem.

see #19840


git-svn-id: http://svn.automattic.com/wordpress/trunk@20384 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-04-06 20:47:24 +00:00
ryan
d3134e2688 Allow selecting custom header and background images from the media library. Props aaroncampbell, sabreuse, greuben. fixes #19840
git-svn-id: http://svn.automattic.com/wordpress/trunk@20358 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-04-05 00:20:28 +00:00
nacin
59b84a01ea Properly intercept the main form being submitted when checking for the display-header-text checkbox. see #18887.
git-svn-id: http://svn.automattic.com/wordpress/trunk@20243 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-03-21 20:55:58 +00:00
nacin
22863bd9c3 Use display_header_text() in custom-header.php. Rework the UI to be a 'Show header text' checkbox (rather than radio buttons). Remove lame 'blank' hack for no-JS -- checkboxes work without JS. Move 'Select a Color' to a link like it is for custom background. Nearby code cleanup. see #18887.
git-svn-id: http://svn.automattic.com/wordpress/trunk@20241 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-03-21 19:10:13 +00:00
nacin
6593186cb7 Introduce new registration methods for custom headers and custom backgrounds. Backwards compatible, but old methods will be deprecated. see #20249. see #17242.
Custom header: Use add_theme_support('custom-header', $args) instead of add_custom_image_header(). Deprecates all use of constants.
 * HEADER_TEXTCOLOR is now (string) 'default-text-color'.
 * NO_HEADER_TEXT is nowi ! (bool) 'header-text'.
 * HEADER_IMAGE_WIDTH (and _HEIGHT) are now (int) 'width' and 'height'.
 * HEADER_IMAGE is now (string) 'default-image'.
 * The 3.4 arguments 'suggested-width' and 'suggested-height' are now just 'width' and 'height' (they are "suggested" when flex-width and flex-height are set).
 * Callback arguments for add_custom_image_header() can now be passed to add_theme_support().

Custom background: Use add_theme_support('custom-background, $args) instead of add_custom_background(). Deprecates all use of constants.
 * BACKGROUND_COLOR is now (string) 'default-color'.
 * BACKGROUND_IMAGE is now (string) 'default-image'.
 * Callback arguments for add_custom_background() can now be passed to add_theme_support().

Inheritance: add_theme_support() arguments for custom headers and custom backgrounds is a first-one-wins situation. This is not an unusual paradigm for theming as a child theme (which is included first) overrides a parent theme.
 * Once an argument is explicitly set, it cannot be overridden. You must hook in earlier and set it first.
 * Any argument that is not explicitly set before WP is loaded will inherit the default value for that argument.
 * It is therefore possible for a child theme to pass minimal arguments as long as the parent theme specifies others that may be necessary.
 * Allows for a child theme to alter callbacks for <head> and preview (previously, calling add_custom_image_header more than once broke things).
 * The just-in-time bits ensure that arguments fall back to default values, that the values of all constants are considered (such as one defined after an old add_custom_image_header call), and that all constants are defined (so as to be backwards compatible).

get_theme_support(): Introduce new second argument, which headers and backgrounds leverage to return an argument. current_theme_supports() already supported checking the truthiness of the argument.
 * For example, get_theme_support( 'custom-header', 'width' ) will return the width specified during registration.
 * If you had wanted the default image, use get_theme_support( 'custom-header', 'default-image' ) instead of HEADER_IMAGE. 

Deprecate remove_custom_image_header(), remove_custom_background(). Use remove_theme_support('custom-header'), 'custom-background'.

Deprecate short-lived custom-header-uploads internal support; this is now (bool) 'uploads' for add_theme_support().

New 3.4 functions renamed or removed: Rename get_current_header_data() to get_custom_header(). Remove get_header_image_width() and _height() in favor of get_custom_header()->width and height.



git-svn-id: http://svn.automattic.com/wordpress/trunk@20212 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-03-19 17:12:44 +00:00
nacin
28f421fa6f Return to step 1 on custom-header.php if not POST data is sent. Good for if step=2 or 3 is in the URL and the page is refreshed (otherwise a nonce check fails). see #20249.
git-svn-id: http://svn.automattic.com/wordpress/trunk@20211 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-03-19 14:45:29 +00:00
nacin
d37429e4c7 Remove jQuery Masonry from Appearance > Header until we figure out sporadic issues relating to overlapping images (probably due to lame markup). see #17242.
git-svn-id: http://svn.automattic.com/wordpress/trunk@20206 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-03-16 21:05:00 +00:00
ryan
4f47fe6e31 Introduce jQuery Masonry. Use it to arrange header thumbnails on custom header screen. Props aaroncampbell. fixes #17242
git-svn-id: http://svn.automattic.com/wordpress/trunk@20060 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-03-01 18:57:28 +00:00
ryan
c43ddd7284 Allow flexible sizes for custom header uploads. Round 1. Props aaroncampbell, sabreuse. see #17242
git-svn-id: http://svn.automattic.com/wordpress/trunk@19815 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-02-02 23:35:37 +00:00
ryan
e3b46b25d3 Lose EOF ?>. Clean up EOF newlines. fixes #12307
git-svn-id: http://svn.automattic.com/wordpress/trunk@19712 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-01-08 17:01:11 +00:00
ryan
616c35e71c One newline is enough.
git-svn-id: http://svn.automattic.com/wordpress/trunk@19684 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-01-05 20:10:39 +00:00
ryan
07ff8b216b Use one space, not two, after trailing punctuation. fixes #19537
git-svn-id: http://svn.automattic.com/wordpress/trunk@19593 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-12-13 23:45:31 +00:00
ryan
32915a8574 Fix indent. see #19020
git-svn-id: http://svn.automattic.com/wordpress/trunk@19515 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-12-01 02:28:47 +00:00
ryan
8ace5a6b4c Use WP_Screen::add_help_tab(). see #19020
git-svn-id: http://svn.automattic.com/wordpress/trunk@19514 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-12-01 02:22:07 +00:00
nacin
bfb98c193e s/add_help_sidebar/set_help_sidebar/g and introduce screen->remove_help_tab($id) and screen->remove_help_tabs(). see #19020, #18785.
git-svn-id: http://svn.automattic.com/wordpress/trunk@19119 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-11-02 20:14:10 +00:00