Upstream/WordPress
1
0
Fork 0
mirror of https://github.com/WordPress/WordPress.git synced 2024-09-12 23:58:14 +02:00
Code Issues Projects Releases Wiki Activity
21,588 Commits 49 Branches 747 Tags 865 MiB
7b47322e22
Commit Graph

3850 Commits

Author SHA1 Message Date
Andrew Nacin
7b47322e22 Ensure the referer functions operate completely on unslashed data: wp_referer_field(), wp_original_referer_field(), wp_get_referer(), wp_get_original_referer(). 
Use wp_slash() instead of addslashes().

see #21767.



git-svn-id: http://core.svn.wordpress.org/trunk@23578 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-03-01 17:58:43 +00:00
Andrew Nacin
76c03073d9 Remove an unslash in the deprecated WP_User_Search, as search_term is already unslashed in the constructor. see #21767. 
git-svn-id: http://core.svn.wordpress.org/trunk@23577 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-03-01 17:57:49 +00:00
Andrew Nacin
237f810852 Unslash early, directly on the superglobal. see #21767. 
git-svn-id: http://core.svn.wordpress.org/trunk@23576 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-03-01 17:57:08 +00:00
Andrew Nacin
4e06d41b9f Assume that url_shorten() receives unslashed data, as it does in core usage. see #21767. 
git-svn-id: http://core.svn.wordpress.org/trunk@23575 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-03-01 17:56:31 +00:00
Ryan Boren
f3a83744e9 Use wp_unslash() instead of stripslashes() and stripslashes_deep(). Use wp_slash() instead of add_magic_quotes(). 
git-svn-id: http://core.svn.wordpress.org/trunk@23567 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-03-01 17:14:09 +00:00
Ryan Boren
68b11a7c8f Use prepare instead of escape. 
see #21767


git-svn-id: http://core.svn.wordpress.org/trunk@23564 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-03-01 17:01:01 +00:00
Ryan Boren
5f809d1d22 Use wp_unslash() instead of stripslashes() and stripslashes_deep(). Use wp_slash() instead of add_magic_quotes(). 
see #21767


git-svn-id: http://core.svn.wordpress.org/trunk@23563 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-03-01 17:00:25 +00:00
Sergey Biryukov
4aca3c1e89 Consistently apply 'preview_post_link' filter. fixes #19378. 
git-svn-id: http://core.svn.wordpress.org/trunk@23560 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-03-01 16:46:25 +00:00
Ryan Boren
43a7e695e9 Revert 23416, 23419, 23445 except for wp_reset_vars() changes. We are going a different direction with the slashing cleanup, so resetting to a clean slate. see #21767 
git-svn-id: http://core.svn.wordpress.org/trunk@23554 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-03-01 16:28:40 +00:00
Sergey Biryukov
0bb47182a4 Remove redundant esc_url() call. props pauldewouters. fixes #23643. 
git-svn-id: http://core.svn.wordpress.org/trunk@23553 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-03-01 16:27:03 +00:00
Andrew Nacin
401e88e387 Ignore protected meta keys in meta_form(). see #18786. 
git-svn-id: http://core.svn.wordpress.org/trunk@23534 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-02-28 19:51:29 +00:00
Andrew Nacin
afd9cbced9 Make Twenty Thirteen the default theme. 
Has the added benefit of ensuring the WordPress Beta Tester plugin allows updates of Twenty Thirteen.

props JustinSainton.
fixes #23573.



git-svn-id: http://core.svn.wordpress.org/trunk@23529 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-02-28 19:01:07 +00:00
Peter Westwood
5c533c9b27 Revisions: Fix up some half renamed variables that break the view and display a mismash of split and combined views. See #23497 props adamsilverstein. 
git-svn-id: http://core.svn.wordpress.org/trunk@23509 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-02-28 16:48:33 +00:00
Peter Westwood
5133b4990b Revisions: Fix up some bugs I introduced while reviewing the mega revisions patch - when comparing two historical revisions only one half of the diff would load 
See #23497 props adamsilverstein.


git-svn-id: http://core.svn.wordpress.org/trunk@23508 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-02-28 16:10:45 +00:00
Peter Westwood
9bd192fab3 Revisions: First pass an implementing a new UI/UX for reviewing the revisions of posts. See #23497 props adamsilverstein for the initial patch. 
This implements a new revisions ui using Backbone and preserves all the old methods of "integration" so the change should be transparent to plugins using revisi
ons with CPTs.

This is the first pass and so there are a number of things still to be resolved, more details in the ticket. Feedback welcomed.


git-svn-id: http://core.svn.wordpress.org/trunk@23506 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-02-28 15:14:34 +00:00
Sergey Biryukov
ccd6e6aeec Don't override filtered screen options on Widgets screen. props bradyvercher. fixes #23239. 
git-svn-id: http://core.svn.wordpress.org/trunk@23503 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-02-28 07:40:11 +00:00
Andrew Ozz
9a827a485e Post locks: use heartbeat to dynamically update locked posts on the Posts screen, first run, see #23312 
git-svn-id: http://core.svn.wordpress.org/trunk@23487 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-02-25 23:17:10 +00:00
Sergey Biryukov
5777e5a949 Rename 'no_tagcloud' taxonomy label to 'not_found', for consistency with the post type label of the same key. fixes #23597. 
git-svn-id: http://core.svn.wordpress.org/trunk@23484 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-02-25 19:39:38 +00:00
Sergey Biryukov
bf1ca6b9ca Move 'no_tagcloud' argument to the taxonomy labels object. props DrewAPicture for initial patch. fixes #23597. 
git-svn-id: http://core.svn.wordpress.org/trunk@23483 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-02-25 18:35:05 +00:00
Andrew Ozz
9c2ebc4c60 Heartbeat API: add nopriv actions, add JS 'heartbeat-send' event, see #23216 
git-svn-id: http://core.svn.wordpress.org/trunk@23481 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-02-25 02:32:22 +00:00
Sergey Biryukov
b5c34dc411 Fix typo in phpdoc. see #17515. 
git-svn-id: http://core.svn.wordpress.org/trunk@23457 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-02-19 23:40:03 +00:00
Helen Hou-Sandí
ad85d07189 Edit screen UI for post formats: a first run for functionality. 
* Adds a very basic tabbed interface for selecting a post format (requires JS).
* Extra fields, which are post meta, are shown/hidden based on the selected format.
* Introduce a helper function for retrieving formats-specific metadata: `get_post_format_meta()`.
* Image selection uses the media modal, although without filtering or from URL support at the moment.

props rachelbaker, wonderboymusic, aaroncampbell, helen. see #19570.


git-svn-id: http://core.svn.wordpress.org/trunk@23449 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-02-18 19:11:24 +00:00
Andrew Nacin
83e0ce2ac1 Remove unused variables reset by wp_reset_vars(). Many of these haven't been used since b2. see #21767. 
git-svn-id: http://core.svn.wordpress.org/trunk@23445 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-02-16 18:28:41 +00:00
Mark Jaquith
52c46736df Improve the UX of the Nav Menus screen. Kill the tabs, and change to a 
dropdown, unless you have zero or one menus (which is the most common),
in which case you jump right into editing your sole menu.

Do assignment to location using checkboxes in the main menu editing
section instead of the backwards menu => location assignment in a
random meta box.

More to come, but this gets us started.

props lessbloat, DrewAPicture, jkudish. see #23119

git-svn-id: http://core.svn.wordpress.org/trunk@23441 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-02-16 04:53:59 +00:00
Sergey Biryukov
bc2ff9d342 Deprecate wp_convert_bytes_to_hr() in favor of size_format(). props F J Kaiser. fixes #19067. 
git-svn-id: http://core.svn.wordpress.org/trunk@23439 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-02-16 03:07:56 +00:00
Sergey Biryukov
6bcd1665eb Add missing inline descriptions. see #19067. 
git-svn-id: http://core.svn.wordpress.org/trunk@23437 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-02-16 02:52:57 +00:00
Sergey Biryukov
34862544fe Correct return value for comment_exists(). fixes #20494. 
git-svn-id: http://core.svn.wordpress.org/trunk@23433 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-02-15 18:49:07 +00:00
Sergey Biryukov
2312092aad Allow filtering attachments by Author name in Media Library. props greuben. fixes #16044. 
git-svn-id: http://core.svn.wordpress.org/trunk@23430 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-02-15 17:33:28 +00:00
Mark Jaquith
d48d025403 "LGPL License" is redundant. 
props wonderboymusic, jakub.tyrcha. fixes #15585

git-svn-id: http://core.svn.wordpress.org/trunk@23425 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-02-15 16:26:46 +00:00
Ryan Boren
cc5ed3a485 Change all core API to expect unslashed rather than slashed arguments. 
The exceptions to this are update_post_meta() and add_post_meta() which are often used by plugins in POST handlers and will continue accepting slashed data for now.

Introduce wp_upate_post_meta() and wp_add_post_meta() as unslashed alternatives to update_post_meta() and add_post_meta(). These functions could become methods in WP_Post so don't use them too heavily yet.

Remove all escape() calls from wp_xmlrpc_server. Now that core expects unslashed data this is no longer needed.

Remove addslashes(), addslashes_gpc(), add_magic_quotes() calls on data being prepared for handoff to core functions that until now expected slashed data. Adding slashes in no longer necessary.

Introduce wp_unslash() and use to it remove slashes from GPCS data before using it in core API. Almost every instance of stripslashes() in core should now be wp_unslash(). In the future (a release or three) when GPCS is no longer slashed, wp_unslash() will stop stripping slashes and simply return what is passed. At this point wp_unslash() calls can be removed from core.

Introduce wp_slash() for slashing GPCS data. This will also turn into a noop once GPCS is no longer slashed. wp_slash() should almost never be used. It is mainly of use in unit tests.

Plugins should use wp_unslash() on data being passed to core API.

Plugins should no longer slash data being passed to core. So when you get_post() and then wp_insert_post() the post data from get_post() no longer needs addslashes(). Most plugins were not bothering with this. They will magically start doing the right thing. Unfortunately, those few souls who did it properly will now have to avoid calling addslashes() for 3.6 and newer.

Use wp_kses_post() and wp_kses_data(), which expect unslashed data, instead of wp_filter_post_kses() and wp_filter_kses(), which expect slashed data. Filters are no longer passed slashed data.

Remove many no longer necessary calls to $wpdb->escape() and esc_sql().

In wp_get_referer() and wp_get_original_referer(), return unslashed data.

Remove old stripslashes() calls from WP_Widget::update() handlers. These haven't been necessary since WP_Widget.

Switch several queries over to prepare().

Expect something to break.

Props alexkingorg
see #21767


git-svn-id: http://core.svn.wordpress.org/trunk@23416 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-02-14 22:51:06 +00:00
Mark Jaquith
00dbfdf89e Document the mysterious seventh parameter of add_meta_box(). 
props wonderboymusic, markjaquith. fixes #17515

git-svn-id: http://core.svn.wordpress.org/trunk@23397 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-02-08 18:37:34 +00:00
Mark Jaquith
ddd1b94184 Link post formats in posts list table. Use a dash for standard, like we do for absence of tags. see #16047 Next: use icons, not text descriptions. 
git-svn-id: http://core.svn.wordpress.org/trunk@23396 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-02-08 18:34:51 +00:00
Mark Jaquith
dab5a6ef7d Fix some tabbing issues on the post editing screen. Add Media no longer skipped when going backwards from content. Save Draft no longer skipped when going forwards from content. 
props adamsilverstein. fixes #23195 and #22933

git-svn-id: http://core.svn.wordpress.org/trunk@23395 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-02-08 18:30:09 +00:00
Helen Hou-Sandí
1c816c795b Open external links to plugin homepages, plugin author homepages, and theme author homepages in a new window/tab. props SergeyBiryukov. fixes #20839. 
git-svn-id: http://core.svn.wordpress.org/trunk@23394 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-02-08 16:20:01 +00:00
Mark Jaquith
2fb915f860 Display post formats in the posts list table. 
props nacin, garyc40, DrewAPicture, wonderboymusic, aaroncampbell.

fixes #16047

git-svn-id: http://core.svn.wordpress.org/trunk@23392 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-02-08 16:10:05 +00:00
Andrew Ozz
6c41e93fec Heartbeat API: throttle down when the window looses focus or when the user is inactive, always send 'screen_id', change the interval settings to 'fast' (5sec), 'standard' (15sec) and 'slow' (60sec), the interval can be changed from PHP, see #23216 
git-svn-id: http://core.svn.wordpress.org/trunk@23382 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-02-03 07:03:27 +00:00
Andrew Nacin
55ba72f46e Confirm a user exists before deleting them in wp_delete_user() and wpmu_delete_user(). props scribu, fixes #23067. 
git-svn-id: http://core.svn.wordpress.org/trunk@23380 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-02-02 04:41:02 +00:00
Sergey Biryukov
2967871d34 Return WP_Error from wp_crop_image() if saving has failed. props macbrink. fixes #23325. 
git-svn-id: http://core.svn.wordpress.org/trunk@23374 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-02-02 02:01:59 +00:00
Andrew Nacin
91e3f2b866 Clean up rendering of the title column in the posts list table. Simplify branching. Use get_userdata() rather than get_user_by( 'id' ). Change string to '%s is currently editing'. see #23312. 
git-svn-id: http://core.svn.wordpress.org/trunk@23372 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-02-02 01:54:06 +00:00
Andrew Ozz
0674bbfa8a Posts screen: show when a post is "locked", hide the checkbox, Quick Edit and Trash links, props dh-shredder, see #23312 
git-svn-id: http://core.svn.wordpress.org/trunk@23371 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-02-02 01:31:06 +00:00
Andrew Ozz
98bf511b56 Heartbeat API: first run, see #23216 
git-svn-id: http://core.svn.wordpress.org/trunk@23355 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-01-29 06:15:25 +00:00
Helen Hou-Sandí
28f6c5bcf4 Remove the long-broken and questionably useful [more]/[less] toggle for hierarchical taxonomies in Quick/Bulk Edit. Nobody seems to have noticed in the nearly 3 years it's been broken. fixes #23006 
git-svn-id: http://core.svn.wordpress.org/trunk@23354 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-01-28 22:36:15 +00:00
Sergey Biryukov
72784ad6c2 Consistently use a helper function instead of directly printing the disabled attribute. 
Remove an erroneous esc_attr() call.

fixes #23194.

git-svn-id: http://core.svn.wordpress.org/trunk@23352 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-01-28 03:23:01 +00:00
Sergey Biryukov
3e917ac75f Make sure the post exists before checking its ID. fixes #23026. 
git-svn-id: http://core.svn.wordpress.org/trunk@23351 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-01-28 02:55:06 +00:00
Sergey Biryukov
3d8a1289d2 Add missing inline descriptions. 
props momo360modena, aaronholbrook.
see #20494, fixes #23304.

git-svn-id: http://core.svn.wordpress.org/trunk@23350 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-01-28 02:20:47 +00:00
Sergey Biryukov
428e9baba7 Correct return value for WP_Filesystem_Base::gethchmod(). props bananastalktome. fixes #23121. 
git-svn-id: http://core.svn.wordpress.org/trunk@23349 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-01-28 01:55:39 +00:00
Dion Hulse
33d913220b Core Update: Fix a issue which caused automatic upgrades from 2.7 to 3.5+ to fail. Pre-2.7 WP_Filesystem::wp_content_dir() returned unslashed paths. Introduced in [22227]. See #23177 
git-svn-id: http://core.svn.wordpress.org/trunk@23297 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-01-11 10:16:45 +00:00
Andrew Nacin
1fa8476425 Ensure we wp_die() at the end of an ajax action. see #23055. 
git-svn-id: http://core.svn.wordpress.org/trunk@23293 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-01-07 03:59:44 +00:00
Andrew Nacin
5d980a8e8e Whenever we have compat fields to render, send a dummy menu_order field (which was always sent in 3.4) to ensure an unchecked checkbox can still be processed by attachment_fields_to_save. fixes #22868. 
git-svn-id: http://core.svn.wordpress.org/trunk@23290 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-01-05 03:50:28 +00:00
Peter Westwood
f683fc7677 Tighten our braces. Fixes #23118 props evansolomon. 
git-svn-id: http://core.svn.wordpress.org/trunk@23265 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 2013-01-04 10:13:51 +00:00