Commit Graph

44 Commits

Author SHA1 Message Date
Ryan Boren
5f809d1d22 Use wp_unslash() instead of stripslashes() and stripslashes_deep(). Use wp_slash() instead of add_magic_quotes().
see #21767


git-svn-id: http://core.svn.wordpress.org/trunk@23563 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-01 17:00:25 +00:00
Ryan Boren
43a7e695e9 Revert 23416, 23419, 23445 except for wp_reset_vars() changes. We are going a different direction with the slashing cleanup, so resetting to a clean slate. see #21767
git-svn-id: http://core.svn.wordpress.org/trunk@23554 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-01 16:28:40 +00:00
Ryan Boren
cc5ed3a485 Change all core API to expect unslashed rather than slashed arguments.
The exceptions to this are update_post_meta() and add_post_meta() which are often used by plugins in POST handlers and will continue accepting slashed data for now.

Introduce wp_upate_post_meta() and wp_add_post_meta() as unslashed alternatives to update_post_meta() and add_post_meta(). These functions could become methods in WP_Post so don't use them too heavily yet.

Remove all escape() calls from wp_xmlrpc_server. Now that core expects unslashed data this is no longer needed.

Remove addslashes(), addslashes_gpc(), add_magic_quotes() calls on data being prepared for handoff to core functions that until now expected slashed data. Adding slashes in no longer necessary.

Introduce wp_unslash() and use to it remove slashes from GPCS data before using it in core API. Almost every instance of stripslashes() in core should now be wp_unslash(). In the future (a release or three) when GPCS is no longer slashed, wp_unslash() will stop stripping slashes and simply return what is passed. At this point wp_unslash() calls can be removed from core.

Introduce wp_slash() for slashing GPCS data. This will also turn into a noop once GPCS is no longer slashed. wp_slash() should almost never be used. It is mainly of use in unit tests.

Plugins should use wp_unslash() on data being passed to core API.

Plugins should no longer slash data being passed to core. So when you get_post() and then wp_insert_post() the post data from get_post() no longer needs addslashes(). Most plugins were not bothering with this. They will magically start doing the right thing. Unfortunately, those few souls who did it properly will now have to avoid calling addslashes() for 3.6 and newer.

Use wp_kses_post() and wp_kses_data(), which expect unslashed data, instead of wp_filter_post_kses() and wp_filter_kses(), which expect slashed data. Filters are no longer passed slashed data.

Remove many no longer necessary calls to $wpdb->escape() and esc_sql().

In wp_get_referer() and wp_get_original_referer(), return unslashed data.

Remove old stripslashes() calls from WP_Widget::update() handlers. These haven't been necessary since WP_Widget.

Switch several queries over to prepare().

Expect something to break.

Props alexkingorg
see #21767


git-svn-id: http://core.svn.wordpress.org/trunk@23416 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-02-14 22:51:06 +00:00
Andrew Nacin
1acd8b556f New HiDPI spinner. Uses clean <span class="spinner"></span> markup.
Be on the lookout for weirdness.
props lessbloat. see #21456.



git-svn-id: http://core.svn.wordpress.org/trunk@22019 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-09-26 19:57:44 +00:00
Andrew Nacin
33af30eb7f Use the regular post type UI for editing single media items (attachments).
* Attachments now go through post.php, edit_post(), the like, and have show_ui set to true.
 * Taxonomies attached to the media library now appear in the admin menu (if show_ui).
 * Editing, cropping, uploading, etc. is still very rough, but mostly functional.

API-wise:
 * New function: get_taxonomies_for_attachments(). Like get_taxonomies(), for taxonomies specifically registered against attachments.
 * Brings taxonomy support from the posts list table to the media list table. Expect them to converge soon.
 * wp_insert_attachment() now handles taxonomies like wp_insert_post(). Also expect them to converge soon.
 * New edit_form_after_title hook.

props helenyhou, ocean90. see #21391.



git-svn-id: http://core.svn.wordpress.org/trunk@21948 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-09-21 22:52:54 +00:00
Ryan Boren
a3cfe28527 Reduce reliance on global variables in the list tables. Allow passing a screen ID to the list tables so that ajax handlers can set the needed screen.
Props nacin
fixes #21871


git-svn-id: http://core.svn.wordpress.org/trunk@21914 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-09-19 12:43:31 +00:00
ryan
73addbbd24 More screen reader text for list table checkboxes and theme install search. Props MikeLittle, SergeyBiryukov. see #21325
git-svn-id: http://core.svn.wordpress.org/trunk@21323 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-07-25 16:18:14 +00:00
ryan
c36145c9aa Add screen reader text to checkboxes in list tables. Props MikeLittle, nacin. see #21325
git-svn-id: http://core.svn.wordpress.org/trunk@21317 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-07-24 18:01:22 +00:00
ryan
e3b46b25d3 Lose EOF ?>. Clean up EOF newlines. fixes #12307
git-svn-id: http://svn.automattic.com/wordpress/trunk@19712 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-01-08 17:01:11 +00:00
ryan
07ff8b216b Use one space, not two, after trailing punctuation. fixes #19537
git-svn-id: http://svn.automattic.com/wordpress/trunk@19593 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-12-13 23:45:31 +00:00
duck_
84b34160fa Go back to $post_type global as get_current_screen()->post_type is empty during add/edit-tag AJAX requests. Fixes #18722.
git-svn-id: http://svn.automattic.com/wordpress/trunk@19415 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-11-23 15:20:45 +00:00
duck_
16cce52b9f Link the posts count on taxonomy list table for non-public taxonomies. Instead check if the post type has show_ui => true as we're linking to the post list table. Fixes #18722.
git-svn-id: http://svn.automattic.com/wordpress/trunk@19383 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-11-21 20:44:48 +00:00
nacin
4c9afe489a Require show_ui rather than public for a taxonomy's parent post type. see #19080.
git-svn-id: http://svn.automattic.com/wordpress/trunk@19089 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-10-29 05:30:57 +00:00
nacin
1a37559654 Fix [16249]. $typenow is considered empty on edit-tags screens, rather than displaying the parent post type. Switch to the $post_type global for now, which is set in the terms list table constructor. see #14886.
git-svn-id: http://svn.automattic.com/wordpress/trunk@19043 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-10-23 17:48:58 +00:00
nacin
43eae59235 Translated strings in attributes require esc_attr(). s/_e/esc_attr_e/g
git-svn-id: http://svn.automattic.com/wordpress/trunk@19028 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-10-20 15:04:46 +00:00
duck_
53f5e8344e Use correct post_type in HTML returned by inline-save-tax AJAX. Fixes #18038.
git-svn-id: http://svn.automattic.com/wordpress/trunk@18771 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-09-24 20:26:51 +00:00
azaozz
12dd9113cb Add context to _e('Name'), props valentinas, fixes #16531
git-svn-id: http://svn.automattic.com/wordpress/trunk@18247 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-06-10 22:13:26 +00:00
nacin
71c2782b1c Admin Bar: Add View Site/Dashboard links, 'View X' links in the admin, 'View' action link for terms. New custom taxonomy string: view_item, defaulting to 'View Tag' and View Category'. fixes #17705.
git-svn-id: http://svn.automattic.com/wordpress/trunk@18194 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-06-08 16:49:27 +00:00
ryan
8192d0dae8 Validation fixes. Props ocean90, peaceablewhale. see #17364
git-svn-id: http://svn.automattic.com/wordpress/trunk@18010 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-05-23 23:33:30 +00:00
ryan
04487fc268 Constructor cleanup. Props ocean90. fixes #16768
git-svn-id: http://svn.automattic.com/wordpress/trunk@17771 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-04-29 20:05:12 +00:00
nacin
385ac2ef74 Use get_column_count() instead of manual logic. props scribu, fixes #16279.
git-svn-id: http://svn.automattic.com/wordpress/trunk@17342 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-01-21 07:39:21 +00:00
nacin
8dc4329246 Properly account for columns shown in the list table display_rows_or_placeholder methods. props garyc40, fixes #16279.
git-svn-id: http://svn.automattic.com/wordpress/trunk@17339 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-01-20 22:19:34 +00:00
nacin
37075f7f71 Remove AJAX from list tables. first pass. see #16262.
git-svn-id: http://svn.automattic.com/wordpress/trunk@17322 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-01-16 21:47:24 +00:00
ryan
85f1feed84 Bring out the shears.
git-svn-id: http://svn.automattic.com/wordpress/trunk@17228 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-01-06 04:11:14 +00:00
nacin
fea73f0bc5 Restore original argument order for the taxonomy quick_edit_custom_box hook. fixes #15285.
git-svn-id: http://svn.automattic.com/wordpress/trunk@17193 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-12-31 16:34:08 +00:00
ryan
226e983063 Link Links columns to link manager. Props nacin. fixes #15994
git-svn-id: http://svn.automattic.com/wordpress/trunk@17159 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-12-27 16:57:19 +00:00
scribu
01c718f85f Fix notices in quick-edit. See #15285
git-svn-id: http://svn.automattic.com/wordpress/trunk@17027 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-12-17 13:20:17 +00:00
scribu
6bc5c659ce Always show term search box. See #15857
git-svn-id: http://svn.automattic.com/wordpress/trunk@17026 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-12-17 11:41:59 +00:00
scribu
e729294124 Display categories again. Props garyc40. Fixes #15857
git-svn-id: http://svn.automattic.com/wordpress/trunk@17025 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-12-17 11:17:41 +00:00
nacin
a189f21c45 Replace check_permissions() with ajax_user_can(). New method returns true/false to current_user_can(), which we then handle in admin ajax. see #15326.
git-svn-id: http://svn.automattic.com/wordpress/trunk@16992 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-12-16 09:18:28 +00:00
ryan
3949ce12d0 Pink trailing whites.
git-svn-id: http://svn.automattic.com/wordpress/trunk@16900 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-12-13 21:21:50 +00:00
scribu
ba56c58f44 Check correct cap in WP_Terms_List_Table::check_permissions. Props duck_. Fixes #15673
git-svn-id: http://svn.automattic.com/wordpress/trunk@16713 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-12-03 23:18:02 +00:00
scribu
4e87af0b1f Check public flag instead of query_var to decide if counts should be linked. See #15573
git-svn-id: http://svn.automattic.com/wordpress/trunk@16579 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-25 01:39:34 +00:00
scribu
87e98f9f22 Don't link post counts if taxonomy isn't queryable. Fixes #15573
git-svn-id: http://svn.automattic.com/wordpress/trunk@16578 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-24 23:29:13 +00:00
scribu
a41a7b5b5b Introduce WP_List_Table::get_column_count() and take care of update notice <tr>. Props ocean90 for initial patch. Fixes #15318
git-svn-id: http://svn.automattic.com/wordpress/trunk@16368 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-14 18:00:09 +00:00
scribu
03dd41a0d2 Improve hook readability via curly brackets. Props jjj for initial patch. Fixes #15422
git-svn-id: http://svn.automattic.com/wordpress/trunk@16365 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-14 15:50:02 +00:00
nacin
21da8738a2 Default to 'post' in WP_Terms_List_Table. props filosofo, fixes #15351.
git-svn-id: http://svn.automattic.com/wordpress/trunk@16254 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-09 06:38:53 +00:00
nacin
db5af22ed9 Use the name of the corresponding post type in the edit-tags column. TODO, typenow should be accessible from the current_screen object on edit-tags. see #14886 for current_screen, [15664] for previous TODO note.
git-svn-id: http://svn.automattic.com/wordpress/trunk@16249 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-09 00:59:49 +00:00
scribu
3d8f4b6b2e Use get_current_screen() in list table classes. Fixes #15338
git-svn-id: http://svn.automattic.com/wordpress/trunk@16235 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-08 15:43:44 +00:00
scribu
ce7f8c131c Clean up WP_Terms_List_Table::column_default(). See #14579
git-svn-id: http://svn.automattic.com/wordpress/trunk@16214 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-05 22:11:15 +00:00
scribu
c5a9fd309d Default to get_current_screen() in list table classes. See #14579
git-svn-id: http://svn.automattic.com/wordpress/trunk@16182 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-04 15:00:55 +00:00
westi
5e90c5d1c3 Revert [16171] and [16172] - The class names were fine as they were and the MultiSite classes stand out more with the original naming.
git-svn-id: http://svn.automattic.com/wordpress/trunk@16175 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-04 08:07:03 +00:00
scribu
836ec33dca List-table Class Names: Consistency's Revenge. See #14579
git-svn-id: http://svn.automattic.com/wordpress/trunk@16171 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-03 21:09:27 +00:00
westi
ad92d629d6 The big renaming of the list-table class files.
See #14579

git-svn-id: http://svn.automattic.com/wordpress/trunk@16128 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-01 09:19:50 +00:00