Commit Graph

259 Commits

Author SHA1 Message Date
Ryan Boren
cc5ed3a485 Change all core API to expect unslashed rather than slashed arguments.
The exceptions to this are update_post_meta() and add_post_meta() which are often used by plugins in POST handlers and will continue accepting slashed data for now.

Introduce wp_upate_post_meta() and wp_add_post_meta() as unslashed alternatives to update_post_meta() and add_post_meta(). These functions could become methods in WP_Post so don't use them too heavily yet.

Remove all escape() calls from wp_xmlrpc_server. Now that core expects unslashed data this is no longer needed.

Remove addslashes(), addslashes_gpc(), add_magic_quotes() calls on data being prepared for handoff to core functions that until now expected slashed data. Adding slashes in no longer necessary.

Introduce wp_unslash() and use to it remove slashes from GPCS data before using it in core API. Almost every instance of stripslashes() in core should now be wp_unslash(). In the future (a release or three) when GPCS is no longer slashed, wp_unslash() will stop stripping slashes and simply return what is passed. At this point wp_unslash() calls can be removed from core.

Introduce wp_slash() for slashing GPCS data. This will also turn into a noop once GPCS is no longer slashed. wp_slash() should almost never be used. It is mainly of use in unit tests.

Plugins should use wp_unslash() on data being passed to core API.

Plugins should no longer slash data being passed to core. So when you get_post() and then wp_insert_post() the post data from get_post() no longer needs addslashes(). Most plugins were not bothering with this. They will magically start doing the right thing. Unfortunately, those few souls who did it properly will now have to avoid calling addslashes() for 3.6 and newer.

Use wp_kses_post() and wp_kses_data(), which expect unslashed data, instead of wp_filter_post_kses() and wp_filter_kses(), which expect slashed data. Filters are no longer passed slashed data.

Remove many no longer necessary calls to $wpdb->escape() and esc_sql().

In wp_get_referer() and wp_get_original_referer(), return unslashed data.

Remove old stripslashes() calls from WP_Widget::update() handlers. These haven't been necessary since WP_Widget.

Switch several queries over to prepare().

Expect something to break.

Props alexkingorg
see #21767


git-svn-id: http://core.svn.wordpress.org/trunk@23416 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-02-14 22:51:06 +00:00
Ryan Boren
06ee370814 Pinking shears
git-svn-id: http://core.svn.wordpress.org/trunk@22634 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-11-17 15:11:29 +00:00
Andrew Nacin
9beec00613 Sanity checks in get_body_class() to ensure we are operating on the type of queried object that we expect. props wonderboymusic. fixes #17662.
git-svn-id: http://core.svn.wordpress.org/trunk@22451 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-11-07 22:12:44 +00:00
Ryan Boren
77518e9c71 Objects no longer need to be explicitly passed by ref to call_user_func*() to be callable. Props wonderboymusic. fixes #21865
git-svn-id: http://core.svn.wordpress.org/trunk@22118 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-10-04 20:00:16 +00:00
Andrew Nacin
830e30031a Add no-customize-support to the body classes when the toolbar is showing. Allows for 'Customize' to be hidden when JS is disabled. props obenland, DrewAPicture. fixes #20896.
git-svn-id: http://core.svn.wordpress.org/trunk@22107 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-10-03 20:54:54 +00:00
Andrew Nacin
7d7498f7ab Don't output the {$post_type} post class in the admin, to avoid clashes with admin CSS. props c3mdigital. fixes #21203.
git-svn-id: http://core.svn.wordpress.org/trunk@21848 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-09-14 18:57:11 +00:00
Ryan Boren
249453b396 phpdoc fixes and additions for post-template.php. Props c3mdigital. fixes #21220
git-svn-id: http://core.svn.wordpress.org/trunk@21799 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-09-10 20:04:33 +00:00
Ryan Boren
d61f2d464c Restore in get_the_excerpt(). Props c3mdigital. fixes #21797
git-svn-id: http://core.svn.wordpress.org/trunk@21767 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-09-05 19:54:08 +00:00
Ryan Boren
cfb35a9d85 Use get_post() instead of global $post.
Make the $post argument to get_post() optional, defaulting to the current post in The Loop.

Props nacin
see #21309


git-svn-id: http://core.svn.wordpress.org/trunk@21735 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-09-04 16:29:28 +00:00
Ryan Boren
f56d8278bb Remove return ref from all calls to get_post()
Return WP_Post from get_default_post_to_edit()
Replace all calls to get_page() with get_post()
see #21309


git-svn-id: http://core.svn.wordpress.org/trunk@21597 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-08-23 20:01:10 +00:00
Ryan Boren
9377523bce Introduce WP_Post class. Clean up ancestors handling. Props scribu, toppa. fixes #10381 see #21309
git-svn-id: http://core.svn.wordpress.org/trunk@21559 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-08-20 19:47:52 +00:00
ryan
fdae8f9b42 Fix some spelling errors. Props thee17. fixes #21191
git-svn-id: http://core.svn.wordpress.org/trunk@21333 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-07-25 18:06:13 +00:00
nacin
70791f60b9 Deprecate sticky_class() in favor of post_class(). props solarissmoke, fixes #16675.
git-svn-id: http://core.svn.wordpress.org/trunk@21253 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-07-09 21:10:59 +00:00
markjaquith
c4205b38a4 Do not store post_excerpt in a temporary variable when we can just return it directly. props niallkennedy. fixes #21041
git-svn-id: http://core.svn.wordpress.org/trunk@21159 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-06-28 19:26:06 +00:00
nacin
4e8f4e57d1 Fix validation issue in get_the_password_form() caused by wpautop(). see #21018 for trunk.
git-svn-id: http://core.svn.wordpress.org/trunk@21124 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-06-26 03:20:51 +00:00
nacin
64b9b4f940 Do not specify background-image: none when a user removes a custom background
on a theme that has a default background image.

The onus is on the theme to omit the default background-image from style.css,
to allow the user to remove the default background image. Or, the theme can
specify a background-image for the body selector, as long as they then zero
it out for body.custom-background, like so:

{{{
body {
	background-image: url( ... );
}
body.custom-background {
	background-image: none;
}
}}}

This allows the theme to be compatible with the custom background feature
but also gracefully degrade if the background feature is disabled.

This is the same behavior as 3.3; setting a default image has simply been
made more prominent in 3.4. Reverts [21013], also parts of [21001].
see #20448 for change and discussion history.

see #20132, which will now be marked as invalid.

Also, per previous changes in #20448, the custom-background class should not
be shown when only a default color is in use.

fixes #20448.



git-svn-id: http://core.svn.wordpress.org/trunk@21054 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-06-11 21:25:05 +00:00
ryan
64e6663569 Fix removing the default background image for themes that hard-code the default in css. Honor the default background image for themes that do not provide a fallback in css.
* <style> will appear if there is a default image registered. This is the same as 3.3.
* If only a default color is registered, it still assumes it is in the stylesheet, and no <style> will appear. This is a change from 3.3.
* <style> will continue to appear as before if there is a custom background color or image. This is the same as 3.3.
* This then allows for a default background image with background-image: none, overriding style.css. This is new.

Props nacin
see #20448


git-svn-id: http://core.svn.wordpress.org/trunk@21001 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-06-05 18:35:31 +00:00
ryan
0f1f59b092 Custom background fixes:
* Specify default background colors for the bundled themes.
* Change the default custom background callback to only operate on saved values, rather than default values.
* Prevent an unsaved default value from overriding a manually modified style.css file.

Props nacin, kobenland
fixes #20448


git-svn-id: http://core.svn.wordpress.org/trunk@20973 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-06-01 20:31:50 +00:00
ryan
0d99cf31a6 Don't escape anchor text as an attributein wp_get_attachment_link(). Props SergeyBiryukov. fixes #19282
git-svn-id: http://svn.automattic.com/wordpress/trunk@20654 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-04-30 21:22:58 +00:00
ryan
54a1ee90b9 Always show search-results or search-no-results for searches, even archive searches. Props johnbillion. fixes #20435
git-svn-id: http://svn.automattic.com/wordpress/trunk@20595 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-04-25 20:38:40 +00:00
nacin
ae8af5d0dd Introduce get_page_template_slug( $id = null ) to return a page's template (like "showcase.php"). Returns false if post ID is not a page, and an empty string for the default page template. Use the function across core. props billerickson for initial patch. fixes #18750.
git-svn-id: http://svn.automattic.com/wordpress/trunk@20075 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-03-02 18:56:54 +00:00
ryan
0dfe24e69b Set post password cookies via an action in wp-login.php. Retire wp-pass.php (one less root file). Obey login ssl preferences for post password form submission. Props SergeyBiryukov. fixes #19798
git-svn-id: http://svn.automattic.com/wordpress/trunk@19925 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-02-14 18:29:22 +00:00
nacin
1098f33984 Don't create a variable we only use once. props niallkennedy, fixes #19941.
git-svn-id: http://svn.automattic.com/wordpress/trunk@19812 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-02-01 22:33:43 +00:00
ryan
ed8c96636c Hash post password in cookies. fixes #19797
git-svn-id: http://svn.automattic.com/wordpress/trunk@19728 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-01-11 16:42:42 +00:00
ryan
616c35e71c One newline is enough.
git-svn-id: http://svn.automattic.com/wordpress/trunk@19684 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-01-05 20:10:39 +00:00
ryan
fd1393ab7a Clear strict notices for the walkers. fixes #19249
git-svn-id: http://svn.automattic.com/wordpress/trunk@19679 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-01-04 23:03:46 +00:00
ryan
5b9144b12d Use site_url() to link to wp-pass.php. Props dd32. fixes #14748
git-svn-id: http://svn.automattic.com/wordpress/trunk@19677 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-01-04 20:05:39 +00:00
ryan
07ff8b216b Use one space, not two, after trailing punctuation. fixes #19537
git-svn-id: http://svn.automattic.com/wordpress/trunk@19593 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-12-13 23:45:31 +00:00
nacin
f88cdc0668 Pass remaining start_el() arguments to page_css_class. props TheDeadMedic, fixes #17727.
git-svn-id: http://svn.automattic.com/wordpress/trunk@19240 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-11-10 18:35:25 +00:00
nacin
eea7874845 Simplify logic in wp_get_attachment_link(). see #18491.
git-svn-id: http://svn.automattic.com/wordpress/trunk@19212 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-11-08 14:22:42 +00:00
ryan
75e238360a Avoid warning when non-existent ID pass to wp_get_attachment_link(). Tidy formatting of wp_get_attachment_link(). Props SergeyBiryukov, Jayjdk. fixes #18491
git-svn-id: http://svn.automattic.com/wordpress/trunk@19210 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-11-08 14:08:25 +00:00
nacin
91a448be74 Use esc_attr() consistently in wp_dropdown_pages().
git-svn-id: http://svn.automattic.com/wordpress/trunk@19081 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-10-28 22:40:09 +00:00
duck_
abd0c8c231 Correctly document $stripteaser as a boolean flag. Props GaryJ, fixes #18886.
git-svn-id: http://svn.automattic.com/wordpress/trunk@19069 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-10-26 10:15:29 +00:00
markjaquith
37aae9f46f Give custom background CSS more specificity. props GaryJ. fixes #18698
git-svn-id: http://svn.automattic.com/wordpress/trunk@18886 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-10-05 17:20:43 +00:00
nacin
3440dbb182 Add filter for the args into wp_dropdown_pages() in the page attributes box. Give the list_pages filter the context of the post object. fixes #8592 for 3.3.
git-svn-id: http://svn.automattic.com/wordpress/trunk@18818 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-09-29 21:21:15 +00:00
ryan
69a52799a5 Do not output title attributes in the page walker since they match the anchor and are thus superfluous. Props logiclord. fixes #16783
git-svn-id: http://svn.automattic.com/wordpress/trunk@18739 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-09-21 20:04:14 +00:00
dd32
bd5cf872c6 Allow Apostrophes in Post Passwords. $_POST and $_COOKIE are always slashed. Fixes #17145
git-svn-id: http://svn.automattic.com/wordpress/trunk@18712 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-09-19 04:17:26 +00:00
duck_
c8a4ab1b4c Only add the post format body classes when the post type supports post formats. props ocean90. fixes #18228.
git-svn-id: http://svn.automattic.com/wordpress/trunk@18651 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-09-07 20:10:42 +00:00
ryan
4ad0954961 Introduce register_meta(), get_metadata_by_mid(), and *_post_meta capabilities. fixes #17850
git-svn-id: http://svn.automattic.com/wordpress/trunk@18445 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-07-20 22:04:35 +00:00
nacin
6590faa5ba Shears.
git-svn-id: http://svn.automattic.com/wordpress/trunk@18414 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-07-11 05:34:15 +00:00
nacin
6a073f6d47 Restore page-template-default body class. props peterwilsoncc, fixes #18018 for trunk.
git-svn-id: http://svn.automattic.com/wordpress/trunk@18412 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-07-11 05:31:57 +00:00
westi
bb74249c0d Ensure that we always coerce the class list passed to get_body_class to an array even when it is empty. Fixes #17717
git-svn-id: http://svn.automattic.com/wordpress/trunk@18176 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-06-07 08:55:25 +00:00
ryan
47ff74214f Return false from is_page_template() if the template is default. Props johnbillion. fixes #17458
git-svn-id: http://svn.automattic.com/wordpress/trunk@18062 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-05-27 15:24:33 +00:00
nacin
8a0d83bebe Apply esc_html properly in Walker_PageDropdown. fixes #17217.
git-svn-id: http://svn.automattic.com/wordpress/trunk@17683 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-04-22 18:24:57 +00:00
nacin
66befd1f7e Initialize a variable. props boonebgorges, fixes #16977.
git-svn-id: http://svn.automattic.com/wordpress/trunk@17564 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-03-27 19:46:18 +00:00
nacin
ce0ebf0c95 Only add the post format post classes when the post type supports post formats. posts posts posts posts. props iandstewart, fixes #16224.
git-svn-id: http://svn.automattic.com/wordpress/trunk@17292 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-01-13 23:02:24 +00:00
nacin
5c88aa5e8e _get_post_ancestors() in Walker_Page. props layotte, fixes #14329.
git-svn-id: http://svn.automattic.com/wordpress/trunk@16834 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-12-09 12:38:23 +00:00
markjaquith
9edf7af6b4 Another s/default/standard/. see #15582
git-svn-id: http://svn.automattic.com/wordpress/trunk@16693 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-12-02 21:24:41 +00:00
nacin
9134684d84 escape URL in wp_link_pages. fixes #14271.
git-svn-id: http://svn.automattic.com/wordpress/trunk@16539 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-22 23:54:30 +00:00
nacin
b8ce0261df More param fixes, props duck_. see #14783.
git-svn-id: http://svn.automattic.com/wordpress/trunk@16469 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-18 19:12:48 +00:00