Commit Graph

218 Commits

Author SHA1 Message Date
Felix Arntz
f6ebc1a80c Role/Capability: Introduce capabilities dedicated to installing and updating language files.
The new meta capabilities are called `install_languages` and `update_languages`. Prior to this change, there were no proper capability checks applied. Instead only the filesystem and related constants were checked, and for actual permissions a rather vague fallback was used where a user needed to have at least one of the other updating capabilities. In addition to being generally more verbose, the new capabilities make it possible for example to allow a user to update languages, but nothing else. By default they fall back to the original way of how they were handled.

Props johnbillion, flixos90.
Fixes #39677.

Built from https://develop.svn.wordpress.org/trunk@41268


git-svn-id: http://core.svn.wordpress.org/trunk@41108 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-08-18 18:31:44 +00:00
John Blackbourn
b52e37f9bf Options, Meta APIs: Require a confirmation link in an email to be clicked when an admin attempts to change the site admin email address.
This adds this previously Multisite-only functionality to single site installations too. This change prevents accidental or erroneous email address changes from potentially locking users out of their site.

Props MatheusGimenez, johnbillion

Fixes #39118

Built from https://develop.svn.wordpress.org/trunk@41254


git-svn-id: http://core.svn.wordpress.org/trunk@41094 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-08-14 20:13:43 +00:00
Felix Arntz
6e5cd6d397 Multisite: Replace is_super_admin() with manage_network_options in wp-admin/options.php.
Props sathyapulse.
Fixes #39200. See #37616.

Built from https://develop.svn.wordpress.org/trunk@39933


git-svn-id: http://core.svn.wordpress.org/trunk@39870 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-20 17:39:41 +00:00
Sergey Biryukov
ead8c38f38 Docs: Add variable to @param entry for whitelist_options filter.
Props keesiemeijer.
Fixes #39477.
Built from https://develop.svn.wordpress.org/trunk@39708


git-svn-id: http://core.svn.wordpress.org/trunk@39648 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-06 21:57:42 +00:00
Sergey Biryukov
b1ed607578 Text Changes: Merge and clarify some permission error strings in the admin.
See #38857.
Built from https://develop.svn.wordpress.org/trunk@39308


git-svn-id: http://core.svn.wordpress.org/trunk@39248 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-19 01:38:31 +00:00
Dominik Schilling
89cab4e197 I18N: Show "Settings saved." in the correct language after switching the site language.
This simplifies the logic by comparing `get_user_locale()` before and after an settings update.

Props swissspidy, ocean90.
See #29783, #29281.
Fixes #38482.
Built from https://develop.svn.wordpress.org/trunk@39122


git-svn-id: http://core.svn.wordpress.org/trunk@39062 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-04 17:09:31 +00:00
Pascal Birchler
4a88d55054 I18N: Introduce a user-specific language setting.
By enabling the user to select their preferred locale when editing the profile, we allow for greater personalization of the WordPress admin and therefore a better user experience.

The back end will be displayed in the user's individual locale while the locale used on the front end equals the one set for the whole site. If the user didn't specify a locale, the site's locale will be used as a fallback. The new `locale` property of the `WP_User` class can be used to retrieve the user's locale setting.

Props ocean90, ipm-frommen, swissspidy.
Fixes #29783.
Built from https://develop.svn.wordpress.org/trunk@38705


git-svn-id: http://core.svn.wordpress.org/trunk@38648 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-03 07:04:29 +00:00
Dominik Schilling
f8e7680cd6 Multisite: Use hash_equals() when comparing hashes to mitigate timing attacks.
Fixes #37324.
Built from https://develop.svn.wordpress.org/trunk@38032


git-svn-id: http://core.svn.wordpress.org/trunk@37973 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-10 19:43:28 +00:00
Jeremy Felt
24804144de Multisite: Add a nonce to the "Cancel" URL when changing a site's admin email.
Props scottbasgaard.
Fixes #36954.

Built from https://develop.svn.wordpress.org/trunk@38006


git-svn-id: http://core.svn.wordpress.org/trunk@37947 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-07 17:13:27 +00:00
Sergey Biryukov
139387b7e5 Docs: Use 3-digit, x.x.x-style semantic versioning for _doing_it_wrong(), _deprecated_function(), _deprecated_argument(), and _deprecated_file() throughout core.
Props metodiew.
Fixes #36495.
Built from https://develop.svn.wordpress.org/trunk@37985


git-svn-id: http://core.svn.wordpress.org/trunk@37926 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-06 12:40:29 +00:00
Dominik Schilling
25e66e4f1e Text Changes: Unify permission error messages.
The new format looks like "Sorry, you are not allowed to <action>.". This provides a consistent experience for all error messages related to missing permissions. It also reduces the number of similar strings and allows translators to provide a consistent style in their language.

Props ramiy, Presskopp.
Fixes #34521.
Built from https://develop.svn.wordpress.org/trunk@37914


git-svn-id: http://core.svn.wordpress.org/trunk@37855 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-29 15:16:29 +00:00
Drew Jaynes
c3055cc190 Docs: Standardize hook docs in wp-admin/* to use third-person singular verbs per the inline documentation standards for PHP.
See #36913.

Built from https://develop.svn.wordpress.org/trunk@37488


git-svn-id: http://core.svn.wordpress.org/trunk@37456 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-05-22 18:01:30 +00:00
Joe McGill
bdfd58c8cf Media: Remove medium_large size from $whitelist_options['media'] in options.php.
The `medium_large_size_w` and `medium_large_size_h` options were added to the
$whitelist_options['media'] in options.php in [35479], which causes both options
to be set to `0` when the media settings are changed. When this occurs, the
medium_large image size will no longer be created when an image is uploaded.

Since these options aren't meant to be updated via the settings UI, they can be
safely removed from the whitelist.

Fixes #36531.

Built from https://develop.svn.wordpress.org/trunk@37435


git-svn-id: http://core.svn.wordpress.org/trunk@37401 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-05-15 22:38:29 +00:00
Dominik Schilling
c25efe2d52 Revert [35336] and [35337].
See #28344.
Built from https://develop.svn.wordpress.org/trunk@35685


git-svn-id: http://core.svn.wordpress.org/trunk@35649 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-18 20:30:25 +00:00
Scott Taylor
d8eacd51d8 Media: add a new image size, medium_large. Bumps db version to add new options.
Adds unit tests.

Props DH-Shredder, joemcgill, azaozz.
Fixes #34196.

Built from https://develop.svn.wordpress.org/trunk@35479


git-svn-id: http://core.svn.wordpress.org/trunk@35443 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-31 20:50:25 +00:00
Dominik Schilling
253646fcd1 Options: Hide the week starts on setting for installs that have the default setting already.
The default setting is the value of `$wp_locale->start_of_week` which holds the value per locale, see [35336].

Props swissspidy, ocean90.
Fixes #28344.
Built from https://develop.svn.wordpress.org/trunk@35337


git-svn-id: http://core.svn.wordpress.org/trunk@35303 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-21 17:39:25 +00:00
Boone Gorges
3eab09a694 Don't force comment pagination.
[34561] instituted the policy of forcing pagination for comments. This strategy
was intended to avert problems when 'page_comments' is set to 0 - as it is by
default - and the number of comments on a given post rises into the hundreds or
thousands. By forcing pagination in all cases, we ensured that WordPress would
not time out by processing unwieldy numbers of comments on a given pageload.

The strategy proves problematic, however, because comment permalinks are
generated using the page of the comment. Forcing pagination for posts that
were not previously paginated would change the URL of all comments that do not
appear on the default comment page.

This changeset reintroduces the 'page_comments' setting and its corresponding
checkbox on Settings > Discussion. A number of tests, which were written after
[34561], are modified to work now that 'page_comments' will, once again, be
disabled by default.

See #8071.
Built from https://develop.svn.wordpress.org/trunk@35331


git-svn-id: http://core.svn.wordpress.org/trunk@35297 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-21 16:26:42 +00:00
Jeremy Felt
9926983b66 Revert [34778], continue using _site_option() for the current network.
The `_network_option()` parameter order will be changing to accept `$network_id` first. The `_site_option()` functions will remain in use throughout core as our way of retrieving a network option for the current network.

See #28290.

Built from https://develop.svn.wordpress.org/trunk@34912


git-svn-id: http://core.svn.wordpress.org/trunk@34877 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-07 17:11:25 +00:00
Jeremy Felt
54512d64cb MS: Use *_network_option() functions throughout core.
Replaces all uses of `*_site_option()` with the corresponding "network" function.

This excludes one usage in `wp-admin/admin-footer.php` that needs more investigation.

Props spacedmonkey.
See #28290.

Built from https://develop.svn.wordpress.org/trunk@34778


git-svn-id: http://core.svn.wordpress.org/trunk@34743 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-02 19:08:26 +00:00
Boone Gorges
18d6b3c8dc Force comment pagination on single posts.
Previously, the 'page_comments' toggle allowed users to disable comment
pagination. This toggle was only superficial, however. Even with
'page_comments' turned on, `comments_template()` loaded all of a post's
comments into memory, and passed them to `wp_list_comments()` and
`Walker_Comment`, the latter of which produced markup for only the
current page of comments. In other words, it was possible to enable
'page_comments', thereby showing only a subset of a post's comments on a given
page, but all comments continued to be loaded in the background. This technique
scaled poorly. Posts with hundreds or thousands of comments would load slowly,
or not at all, even when the 'comments_per_page' setting was set to a
reasonable number.

Recent changesets have addressed this problem through more efficient tree-
walking, better descendant caching, and more selective queries for top-level
post comments. The current changeset completes the project by addressing the
root issue: that loading a post causes all of its comments to be loaded too.

Here's the breakdown:

* Comment pagination is now forced. Setting 'page_comments' to false leads to evil things when you have many comments. If you want to avoid pagination, set 'comments_per_page' to something high.
* The 'page_comments' setting has been expunged from options-discussion.php, and from places in the codebase where it was referenced. For plugins relying on 'page_comments', we now force the value to `true` with a `pre_option` filter.
* `comments_template()` now queries for an appropriately small number of comments. Usually, this means the `comments_per_page` value.
* To preserve the current (odd) behavior for comment pagination links, some unholy hacks have been inserted into `comments_template()`. The ugliness is insulated in this function for backward compatibility and to minimize collateral damage. A side-effect is that, for certain settings of 'default_comments_page', up to 2x the value of `comments_per_page` might be fetched at a time.
* In support of these changes, a `$format` parameter has been added to `WP_Comment::get_children()`. This param allows you to request a flattened array of comment children, suitable for feeding into `Walker_Comment`.
* `WP_Query` loops are now informed about total available comment counts and comment pages by the `WP_Comment_Query` (`found_comments`, `max_num_pages`), instead of by `Walker_Comment`.

Aside from radical performance improvements in the case of a post with many
comments, this changeset fixes a bug that caused the first page of comments to
be partial (`found_comments` % `comments_per_page`), rather than the last, as
you'd expect.

Props boonebgorges, wonderboymusic.
Fixes #8071.
Built from https://develop.svn.wordpress.org/trunk@34561


git-svn-id: http://core.svn.wordpress.org/trunk@34525 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-25 20:40:25 +00:00
Dominik Schilling
33127a3f59 Don't use <code> in translation strings in wp-admin/options.php.
Props ramiy, wonderboymusic.
Fixes #31861.
Built from https://develop.svn.wordpress.org/trunk@34315


git-svn-id: http://core.svn.wordpress.org/trunk@34279 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-18 20:43:25 +00:00
Sergey Biryukov
a880c5c576 Provide more helpful feedback than just "Cheatin' uh?" for permission errors in wp-admin/options.php.
props ericlewis, kraftbj, lukecarbis, mrmist.
fixes #33674. see #14530.
Built from https://develop.svn.wordpress.org/trunk@33863


git-svn-id: http://core.svn.wordpress.org/trunk@33831 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-02 18:31:21 +00:00
Dominik Schilling
85d7261305 Site icon: Remove option name from $whitelist_options for the general options screen.
The option gets saved in `WP_Site_Icon->set_site_icon()`.

fixes #32859.
Built from https://develop.svn.wordpress.org/trunk@33037


git-svn-id: http://core.svn.wordpress.org/trunk@33008 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-01 21:41:26 +00:00
Konstantin Obenland
c56a8ae0f7 Introducing Site Icon, favicon management for WordPress.
This v1 marries Jetpack's Site Icon module with the Media Modal, reusing code
from the Custom Header admin. For now, the core-provided icons will be limited
to a favicon, an iOS app icon, and a Windows tile icon, leaving `.ico` support
and additional icons to plugins to add.

Props obenland, tyxla, flixos90, jancbeck, markjaquith, scruffian.
See #16434.


Built from https://develop.svn.wordpress.org/trunk@32994


git-svn-id: http://core.svn.wordpress.org/trunk@32965 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-06-29 12:58:25 +00:00
Konstantin Obenland
7dc1d06e64 Proper heading for admin screens.
First step towards restoring a good heading structure in wp-admin.
The previous `<h1>` contained the site title and a link to the front page and was removed with the toolbar refactoring in 3.2.

Props joedolson, afercia.
Fixes #31650.


Built from https://develop.svn.wordpress.org/trunk@32974


git-svn-id: http://core.svn.wordpress.org/trunk@32945 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-06-27 15:41:25 +00:00
Gary Pendergast
837fd1ca10 When saving Writing Options, check that the UI is enabled for use_smilies and use_balanceTags before trying to update them.
Fixes #5161.
Fixes #32298.


Built from https://develop.svn.wordpress.org/trunk@32455


git-svn-id: http://core.svn.wordpress.org/trunk@32425 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-08 11:59:26 +00:00
Dominik Schilling
64fc7294b6 Use HTTPS URLs for codex.wordpress.org.
see #27115.
Built from https://develop.svn.wordpress.org/trunk@32116


git-svn-id: http://core.svn.wordpress.org/trunk@32095 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-12 21:29:32 +00:00
John Blackbourn
d88ed475b0 Switch to a 403 response code in places where it is more appropriate than a 500 due to permissions errors.
Fixes #10551
Props nacin

Built from https://develop.svn.wordpress.org/trunk@30356


git-svn-id: http://core.svn.wordpress.org/trunk@30355 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-16 06:16:22 +00:00
Dominik Schilling
8fb6f317ff Site Language: Install translations on the fly.
The language dropdown now includes installed languages and all available translations when the filesystem is writable by WordPress.
Go to wp-admin/options-general.php, select one of the available translations, submit the form and let WordPress handle the rest.
Works for Multisite's Default Language too.

see #29395.
Built from https://develop.svn.wordpress.org/trunk@30335


git-svn-id: http://core.svn.wordpress.org/trunk@30334 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-13 17:01:24 +00:00
Dominik Schilling
d544610681 Language packs: No WPLANG anymore.
* The WPLANG constant is no longer needed. Remove define('WPLANG', ''); from wp-config-sample.php. Populate WPLANG option based on the WPLANG constant. When get_option('WPLANG') is an empty string it will override WPLANG.
* Introduce translations_api() which is available to communicate with the translation API. Move translation install related functions to a new file.
* Replace mu_dropdown_languages() with wp_dropdown_languages(). wp_dropdown_languages() is now populated by the translation API.
* Remove wp_install_load_language() and allow load_default_textdomain() to switch a core translation.

fixes #13069, #15677, #19760, #28730, #29281. 
Built from https://develop.svn.wordpress.org/trunk@29630


git-svn-id: http://core.svn.wordpress.org/trunk@29404 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-08-26 19:59:16 +00:00
Drew Jaynes
097dc8ee15 Fix syntax for single- and multi-line comments in wp-admin-directory files.
See #28931.

Built from https://develop.svn.wordpress.org/trunk@29206


git-svn-id: http://core.svn.wordpress.org/trunk@28990 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-07-17 09:14:16 +00:00
Andrew Nacin
4e2f1bd155 Introduce wp_dropdown_languages() and use it on general settings.
Early rough cut. Obviously not fully implemented.

see #15677.

Built from https://develop.svn.wordpress.org/trunk@29007


git-svn-id: http://core.svn.wordpress.org/trunk@28795 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-07-05 06:19:16 +00:00
Drew Jaynes
add93833c3 Add braces missed while adding docs for the option_page_capability_{$option_page} hook.
See [25372]. See #25229.

Built from https://develop.svn.wordpress.org/trunk@28833


git-svn-id: http://core.svn.wordpress.org/trunk@28637 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-06-25 21:48:15 +00:00
Scott Taylor
7415ae10a3 hackificator doesn't like mixed single/double-quoted attributes. These were 2 lingering instances in the admin.
See #27881.

Built from https://develop.svn.wordpress.org/trunk@28530


git-svn-id: http://core.svn.wordpress.org/trunk@28356 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-19 17:10:15 +00:00
Scott Taylor
2f513d3320 Fix some hackificator odds and ends in wp-admin:
* `wp-activate.php` and `wp-admin/themes.php` don't need the closing PHP tag
* Switch single quotes for HTML attribute values to double in a few places
* Convert `include_once file.php` syntax to `include_once( 'file.php' )`
* Add access modifiers to methods/members in: `_WP_List_Table_Compat`, `Walker_Nav_Menu_Edit`, `Walker_Nav_Menu_Checklist`, `WP_Screen`, `Walker_Category_Checklist`
* `edit_user()` doesn't need to import the `$wpdb` global
* `wp_list_widgets()` doesn't need to import the `$sidebars_widgets` global
* switch/endswitch syntax is not supported in Hack
* A `<ul>` in `wp-admin/users.php` is unclosed

See #27881.

Built from https://develop.svn.wordpress.org/trunk@28500


git-svn-id: http://core.svn.wordpress.org/trunk@28326 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-19 05:04:16 +00:00
Drew Jaynes
5e51ea9940 Priority fixes for various existing hook documentation.
Props kpdesign.
See #26869

Built from https://develop.svn.wordpress.org/trunk@28083


git-svn-id: http://core.svn.wordpress.org/trunk@27914 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-04-12 00:01:15 +00:00
Andrew Ozz
8d6059b383 Remove all screen_icon() calls and deprecate the functions, props TobiasBg, fixes #26119
Built from https://develop.svn.wordpress.org/trunk@26518


git-svn-id: http://core.svn.wordpress.org/trunk@26411 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-12-02 03:53:11 +00:00
Andrew Nacin
70fd806759 Revert r25824:25875 from the core.svn.wordpress.org repository.
These commits were accidentally re-synced commits from develop.svn.wordpress.org due to a race condition. Thankfully, the history of this repository matters fairly little. It also happened only for trunk.


git-svn-id: http://core.svn.wordpress.org/trunk@25876 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-10-25 02:29:52 +00:00
Andrew Nacin
8ae8e01b67 Remove the old wp_auto_updates_maybe_update cron event. Schedule the new wp_maybe_auto_update event at 7 a.m. and 7 p.m. in the site's timezone.
see #27704.

Built from https://develop.svn.wordpress.org/trunk@25825


git-svn-id: http://core.svn.wordpress.org/trunk@25825 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-10-24 22:53:14 +00:00
Ryan Boren
b87d4b77e5 Pinking shears
Built from https://develop.svn.wordpress.org/trunk@25880


git-svn-id: http://core.svn.wordpress.org/trunk@25792 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-10-23 14:38:10 +00:00
Andrew Nacin
fd57b239d2 Don't rely on include_path to include files.
Always use dirname() or, once available, ABSPATH.

props ketwaroo, hakre.
fixes #17092.

Built from https://develop.svn.wordpress.org/trunk@25616


git-svn-id: http://core.svn.wordpress.org/trunk@25533 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-09-25 00:18:11 +00:00
Sergey Biryukov
f2391051c7 Inline documentation for hooks in wp-admin/options.php.
props siobhyb.
see #25229.
Built from https://develop.svn.wordpress.org/trunk@25372


git-svn-id: http://core.svn.wordpress.org/trunk@25322 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-09-12 03:44:08 +00:00
Ryan Boren
f3a83744e9 Use wp_unslash() instead of stripslashes() and stripslashes_deep(). Use wp_slash() instead of add_magic_quotes().
git-svn-id: http://core.svn.wordpress.org/trunk@23567 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-01 17:14:09 +00:00
Ryan Boren
43a7e695e9 Revert 23416, 23419, 23445 except for wp_reset_vars() changes. We are going a different direction with the slashing cleanup, so resetting to a clean slate. see #21767
git-svn-id: http://core.svn.wordpress.org/trunk@23554 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-01 16:28:40 +00:00
Ryan Boren
cc5ed3a485 Change all core API to expect unslashed rather than slashed arguments.
The exceptions to this are update_post_meta() and add_post_meta() which are often used by plugins in POST handlers and will continue accepting slashed data for now.

Introduce wp_upate_post_meta() and wp_add_post_meta() as unslashed alternatives to update_post_meta() and add_post_meta(). These functions could become methods in WP_Post so don't use them too heavily yet.

Remove all escape() calls from wp_xmlrpc_server. Now that core expects unslashed data this is no longer needed.

Remove addslashes(), addslashes_gpc(), add_magic_quotes() calls on data being prepared for handoff to core functions that until now expected slashed data. Adding slashes in no longer necessary.

Introduce wp_unslash() and use to it remove slashes from GPCS data before using it in core API. Almost every instance of stripslashes() in core should now be wp_unslash(). In the future (a release or three) when GPCS is no longer slashed, wp_unslash() will stop stripping slashes and simply return what is passed. At this point wp_unslash() calls can be removed from core.

Introduce wp_slash() for slashing GPCS data. This will also turn into a noop once GPCS is no longer slashed. wp_slash() should almost never be used. It is mainly of use in unit tests.

Plugins should use wp_unslash() on data being passed to core API.

Plugins should no longer slash data being passed to core. So when you get_post() and then wp_insert_post() the post data from get_post() no longer needs addslashes(). Most plugins were not bothering with this. They will magically start doing the right thing. Unfortunately, those few souls who did it properly will now have to avoid calling addslashes() for 3.6 and newer.

Use wp_kses_post() and wp_kses_data(), which expect unslashed data, instead of wp_filter_post_kses() and wp_filter_kses(), which expect slashed data. Filters are no longer passed slashed data.

Remove many no longer necessary calls to $wpdb->escape() and esc_sql().

In wp_get_referer() and wp_get_original_referer(), return unslashed data.

Remove old stripslashes() calls from WP_Widget::update() handlers. These haven't been necessary since WP_Widget.

Switch several queries over to prepare().

Expect something to break.

Props alexkingorg
see #21767


git-svn-id: http://core.svn.wordpress.org/trunk@23416 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-02-14 22:51:06 +00:00
Andrew Nacin
97032e08aa Revert page on front changes. Reverts [22127] [22129] [22135] [22136]. see #16379.
git-svn-id: http://core.svn.wordpress.org/trunk@22653 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-11-19 01:28:32 +00:00
Andrew Nacin
1617e5ebdf Move the static front page saving routine to a single sanitize_option() callback for show_on_front. page_on_front and page_for_posts are now manually set by this callback, and not separately by options.php. see #16379.
git-svn-id: http://core.svn.wordpress.org/trunk@22136 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-10-08 21:25:13 +00:00
Andrew Nacin
1009245fa1 Remove the 'Size of the post box' (default_post_edit_rows) option. This will instead be handled by a user cookie tracking the resizing of both TinyMCE and the main textarea. see #21718.
git-svn-id: http://core.svn.wordpress.org/trunk@22006 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-09-26 03:17:28 +00:00
Andrew Nacin
a6c93e2f65 Always attempt to embed URLs in content, removing the Auto-embeds (autoembed_urls) option.
Remove the UI for setting the default width and height for embeds. Width was confusing as it
was blank by default (inheriting the content width from the theme, or 500px). The height is
now calculated as 1.5x the content width, or 1000px, whichever is smaller.

The [embed] shortcode can still receive manual height and width attributes. This just removes
the global settings.

props wonderboymusic. see #21719.



git-svn-id: http://core.svn.wordpress.org/trunk@21998 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-09-25 07:10:09 +00:00
Andrew Nacin
85d25dacc5 Hide upload_path and upload_url_path from the Media Settings screen, assuming they are both set to their default values.
These can be set on options.php, or the UPLOADS constant or the filters in wp_upload_dir() should be used. WordPress should aim to avoid UI options that require filesystem changes as well, not to mention requiring the user to convert between paths and URLs.

fixes #21720.



git-svn-id: http://core.svn.wordpress.org/trunk@21852 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-09-14 21:00:39 +00:00