It's pretty easy to run over the `option_name` length, which causes undefined behaviour when inserting and retrieving options. Increasing the length from `VARCHAR(64)` to `VARCHAR(191)` significantly reduces the risk of this occurring.
Because `option_name` has a `UNIQUE` index, we can only increase it to 191 characters, rather than 255. The index can only use a prefix of 191 characters, so will incorrectly restrict long different strings that have the same prefix, if we make the column longer.
Props scribu, OriginalEXE, khromov, MikeHansenMe, netweb, pento.
Fixes#13310.
Built from https://develop.svn.wordpress.org/trunk@34030
git-svn-id: http://core.svn.wordpress.org/trunk@33999 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When inserting an image into a post, the values in `wp.media.controller.Library` should not default to linking the image when no user settings are present.
The default display setting value for `link` is now `none`. User settings persist and will override or confirm this value based on user actions.
Props liljimmi, janhenckens, eherman24, wonderboymusic.
Fixes#31467.
Built from https://develop.svn.wordpress.org/trunk@33729
git-svn-id: http://core.svn.wordpress.org/trunk@33697 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This is the first big step to supporting arbitrary domains and paths. In this new approach, sites are detected first where possible, then the network is inferred. Allows filtering for arbitrary path segments, smooths out some weirdness, and removes various restrictions. A sunrise plugin could do much of its work by adding filters, if those are even needed.
see #27003.
Built from https://develop.svn.wordpress.org/trunk@27359
git-svn-id: http://core.svn.wordpress.org/trunk@27209 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Reverts [25416], which had all transients being cleared. This leaves much to be desired, but we don't want a core update to be blamed for breaking a site that incorrectly assumes transients aren't transient.
props dartiss, pento.
fixes#20316.
Built from https://develop.svn.wordpress.org/trunk@25838
git-svn-id: http://core.svn.wordpress.org/trunk@25838 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Reverts [25416], which had all transients being cleared. This leaves much to be desired, but we don't want a core update to be blamed for breaking a site that incorrectly assumes transients aren't transient.
props dartiss, pento.
fixes#20316.
Built from https://develop.svn.wordpress.org/trunk@25838
git-svn-id: http://core.svn.wordpress.org/trunk@25750 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The exceptions to this are update_post_meta() and add_post_meta() which are often used by plugins in POST handlers and will continue accepting slashed data for now.
Introduce wp_upate_post_meta() and wp_add_post_meta() as unslashed alternatives to update_post_meta() and add_post_meta(). These functions could become methods in WP_Post so don't use them too heavily yet.
Remove all escape() calls from wp_xmlrpc_server. Now that core expects unslashed data this is no longer needed.
Remove addslashes(), addslashes_gpc(), add_magic_quotes() calls on data being prepared for handoff to core functions that until now expected slashed data. Adding slashes in no longer necessary.
Introduce wp_unslash() and use to it remove slashes from GPCS data before using it in core API. Almost every instance of stripslashes() in core should now be wp_unslash(). In the future (a release or three) when GPCS is no longer slashed, wp_unslash() will stop stripping slashes and simply return what is passed. At this point wp_unslash() calls can be removed from core.
Introduce wp_slash() for slashing GPCS data. This will also turn into a noop once GPCS is no longer slashed. wp_slash() should almost never be used. It is mainly of use in unit tests.
Plugins should use wp_unslash() on data being passed to core API.
Plugins should no longer slash data being passed to core. So when you get_post() and then wp_insert_post() the post data from get_post() no longer needs addslashes(). Most plugins were not bothering with this. They will magically start doing the right thing. Unfortunately, those few souls who did it properly will now have to avoid calling addslashes() for 3.6 and newer.
Use wp_kses_post() and wp_kses_data(), which expect unslashed data, instead of wp_filter_post_kses() and wp_filter_kses(), which expect slashed data. Filters are no longer passed slashed data.
Remove many no longer necessary calls to $wpdb->escape() and esc_sql().
In wp_get_referer() and wp_get_original_referer(), return unslashed data.
Remove old stripslashes() calls from WP_Widget::update() handlers. These haven't been necessary since WP_Widget.
Switch several queries over to prepare().
Expect something to break.
Props alexkingorg
see #21767
git-svn-id: http://core.svn.wordpress.org/trunk@23416 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Remove the UI for setting the default width and height for embeds. Width was confusing as it
was blank by default (inheriting the content width from the theme, or 500px). The height is
now calculated as 1.5x the content width, or 1000px, whichever is smaller.
The [embed] shortcode can still receive manual height and width attributes. This just removes
the global settings.
props wonderboymusic. see #21719.
git-svn-id: http://core.svn.wordpress.org/trunk@21998 1a063a9b-81f0-0310-95a4-ce76da25c4cd
* Will be replaced with http://wordpress.org/extend/plugins/atom-publishing-protocol/.
* Introduces an action, xmlrpc_rsd_apis, to add APIs to xmlrpc.php?rsd.
* Introduces support for 'error' being 403 and 50x in class-wp.php.
* Removes 'Remote Publishing' from Writing Settings (see [21804]). Keeps the remote_publishing settings section.
DB version is bumped to generate the new wp-app rewrite rule and remove the old enable_app option.
props wonderboymusic.
fixes#21509.
git-svn-id: http://core.svn.wordpress.org/trunk@21818 1a063a9b-81f0-0310-95a4-ce76da25c4cd
props markoheijnen for the initial patch.
Introduces a new filter, xmlrpc_enabled.
Respects any current callbacks registered to the pre_option_enable_xmlrpc
and option_enable_xmlrpc filters, for anyone forcing it off via code.
fixes#21509.
git-svn-id: http://core.svn.wordpress.org/trunk@21804 1a063a9b-81f0-0310-95a4-ce76da25c4cd