Commit Graph

58 Commits

Author SHA1 Message Date
Ryan Boren cc5ed3a485 Change all core API to expect unslashed rather than slashed arguments.
The exceptions to this are update_post_meta() and add_post_meta() which are often used by plugins in POST handlers and will continue accepting slashed data for now.

Introduce wp_upate_post_meta() and wp_add_post_meta() as unslashed alternatives to update_post_meta() and add_post_meta(). These functions could become methods in WP_Post so don't use them too heavily yet.

Remove all escape() calls from wp_xmlrpc_server. Now that core expects unslashed data this is no longer needed.

Remove addslashes(), addslashes_gpc(), add_magic_quotes() calls on data being prepared for handoff to core functions that until now expected slashed data. Adding slashes in no longer necessary.

Introduce wp_unslash() and use to it remove slashes from GPCS data before using it in core API. Almost every instance of stripslashes() in core should now be wp_unslash(). In the future (a release or three) when GPCS is no longer slashed, wp_unslash() will stop stripping slashes and simply return what is passed. At this point wp_unslash() calls can be removed from core.

Introduce wp_slash() for slashing GPCS data. This will also turn into a noop once GPCS is no longer slashed. wp_slash() should almost never be used. It is mainly of use in unit tests.

Plugins should use wp_unslash() on data being passed to core API.

Plugins should no longer slash data being passed to core. So when you get_post() and then wp_insert_post() the post data from get_post() no longer needs addslashes(). Most plugins were not bothering with this. They will magically start doing the right thing. Unfortunately, those few souls who did it properly will now have to avoid calling addslashes() for 3.6 and newer.

Use wp_kses_post() and wp_kses_data(), which expect unslashed data, instead of wp_filter_post_kses() and wp_filter_kses(), which expect slashed data. Filters are no longer passed slashed data.

Remove many no longer necessary calls to $wpdb->escape() and esc_sql().

In wp_get_referer() and wp_get_original_referer(), return unslashed data.

Remove old stripslashes() calls from WP_Widget::update() handlers. These haven't been necessary since WP_Widget.

Switch several queries over to prepare().

Expect something to break.

Props alexkingorg
see #21767


git-svn-id: http://core.svn.wordpress.org/trunk@23416 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-02-14 22:51:06 +00:00
ryan e3b46b25d3 Lose EOF ?>. Clean up EOF newlines. fixes #12307
git-svn-id: http://svn.automattic.com/wordpress/trunk@19712 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-01-08 17:01:11 +00:00
nacin 8bcc5969dc Spelling and grammar fun. Fixes #11875 props cnorris23
git-svn-id: http://svn.automattic.com/wordpress/trunk@13382 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-02-24 20:13:23 +00:00
westi f05ee1844f Switch to passing arrays instead of query strings to functions. Fixes #6647 props filosofo and hakre.
git-svn-id: http://svn.automattic.com/wordpress/trunk@12657 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-01-08 08:34:39 +00:00
azaozz c3f7df6b24 Fix notices and phpdoc, props hakre, fixes #10758
git-svn-id: http://svn.automattic.com/wordpress/trunk@12284 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-11-26 11:29:54 +00:00
ryan 144618f797 Strip commas and spaces from charset. Props Jose Carlos Norte
git-svn-id: http://svn.automattic.com/wordpress/trunk@12032 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-10-14 16:21:28 +00:00
ryan a6a1522a8d File file level phpdoc from jacobsantos. see #7037
git-svn-id: http://svn.automattic.com/wordpress/trunk@7991 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-05-25 15:50:15 +00:00
ryan 5b8113578d Allow wp-config.php to exist one level up from WordPress root directory. Props sambauers. fixes #6933
git-svn-id: http://svn.automattic.com/wordpress/trunk@7971 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-05-21 05:59:27 +00:00
ryan 248a0c06e2 Prepare DB queries in more places. Props filosofo. see #6644
git-svn-id: http://svn.automattic.com/wordpress/trunk@7645 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-04-14 16:13:25 +00:00
ryan 121fca1624 Drop trackbacks that request UTF-7
git-svn-id: http://svn.automattic.com/wordpress/trunk@7559 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-03-28 06:51:19 +00:00
ryan 6e181bb941 Multi-byte character safe excerpting from nbachiyski. fixes #6077
git-svn-id: http://svn.automattic.com/wordpress/trunk@7140 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-03-03 21:05:23 +00:00
ryan 25788ba179 Add filters to comments_open() and pings_open(). Props tellyworth. fixes #5761
git-svn-id: http://svn.automattic.com/wordpress/trunk@6716 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-02-04 20:27:45 +00:00
markjaquith 5897a90fd7 Consistently include wp-config.php. fixes #3349
git-svn-id: http://svn.automattic.com/wordpress/trunk@5843 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2007-08-03 00:45:06 +00:00
matt 7602d17899 (int)er the dragon.
git-svn-id: http://svn.automattic.com/wordpress/trunk@5087 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2007-03-23 00:59:21 +00:00
ryan 858ba5eaa8 Remove redundant check. Props Mittineague. fixes #3665
git-svn-id: http://svn.automattic.com/wordpress/trunk@4801 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2007-01-25 02:03:55 +00:00
markjaquith b7371396c3 Delay Trackback data escaping until after mb_convert_encoding(). Props to Stefan Esser.
git-svn-id: http://svn.automattic.com/wordpress/trunk@4676 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2007-01-05 05:45:46 +00:00
ryan 9f534ebae6 Remove trailing spaces and convert spaces to tabs. Props Nazgul. fixes #986
git-svn-id: http://svn.automattic.com/wordpress/trunk@4495 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2006-11-19 07:56:05 +00:00
ryan 849a0d29d7 Use get_option instead of get_settings. Just 'cause.
git-svn-id: http://svn.automattic.com/wordpress/trunk@4144 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2006-08-30 21:46:31 +00:00
ryan efcb63ad21 s/URI/URL/. Props Nazgul. fixes #2666
git-svn-id: http://svn.automattic.com/wordpress/trunk@4133 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2006-08-30 16:40:17 +00:00
ryan ff19f4b5a5 Use wp_redirect().
git-svn-id: http://svn.automattic.com/wordpress/trunk@3928 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2006-06-27 05:38:56 +00:00
ryan b64e33619d Use mb_strcut instead of mb_substr. fixes #2163
git-svn-id: http://svn.automattic.com/wordpress/trunk@3369 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2005-12-28 01:06:57 +00:00
ryan 60006e43f2 Use mb_substr for trackback titles. Props zet. fixes #1474
git-svn-id: http://svn.automattic.com/wordpress/trunk@3107 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2005-11-16 09:38:54 +00:00
matt f3c4d80b5e Cut international trackbacks, fixes #1647
git-svn-id: http://svn.automattic.com/wordpress/trunk@3081 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2005-11-14 10:14:43 +00:00
ryan 1baf503d64 Break blog header up into functional chunks. Stick it all in a WP class for now. Make wp() the front door. Move template/theme loader code into template-loader.php. Clean up feed file loadup. Modularize.
git-svn-id: http://svn.automattic.com/wordpress/trunk@2627 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2005-06-10 23:15:13 +00:00
matt d877c39976 Better charset audo-detection - http://mosquito.wordpress.org/view.php?id=788
git-svn-id: http://svn.automattic.com/wordpress/trunk@2563 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2005-04-20 22:06:28 +00:00
matt 68b4b3c61c Line ending fixes and commenting cleanups from Scott Reilly
git-svn-id: http://svn.automattic.com/wordpress/trunk@2556 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2005-04-20 03:37:23 +00:00
ryan 07730d904d Convert tb_id to int.
git-svn-id: http://svn.automattic.com/wordpress/trunk@2555 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2005-04-20 03:20:31 +00:00
rboren 438753cfdd Make sure trackback template is not double processed.
git-svn-id: http://svn.automattic.com/wordpress/trunk@2305 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2005-02-13 21:25:08 +00:00
saxmatt 31066f320a Don't die before action
git-svn-id: http://svn.automattic.com/wordpress/trunk@2282 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2005-02-12 07:30:21 +00:00
rboren 5bde51754d Generate feed and trackback rules for pages. Bug 742.
git-svn-id: http://svn.automattic.com/wordpress/trunk@2146 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2005-01-25 00:23:57 +00:00
saxmatt 3c34012a6b Don't accept duplicate pings
git-svn-id: http://svn.automattic.com/wordpress/trunk@2080 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2005-01-11 02:56:43 +00:00
saxmatt 65bbec71d0 Comments refactoring and cleanup
git-svn-id: http://svn.automattic.com/wordpress/trunk@1964 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2004-12-16 02:57:05 +00:00
saxmatt c3e1d51c20 Axing htmlspecialchars because it double-encodes-encodes. Better error handling around queries.
git-svn-id: http://svn.automattic.com/wordpress/trunk@1940 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2004-12-12 20:41:19 +00:00
rboren 4926900b83 Perform empty() check on $doing_trackback. Bug 426.
git-svn-id: http://svn.automattic.com/wordpress/trunk@1918 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2004-12-08 01:00:12 +00:00
saxmatt 40a8e6885b Trackback and pingback cleanups.
git-svn-id: http://svn.automattic.com/wordpress/trunk@1794 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2004-10-14 07:26:41 +00:00
saxmatt 551e52ff91 Code cleanup and some fixes from the WP Japan folks.
git-svn-id: http://svn.automattic.com/wordpress/trunk@1734 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2004-10-04 08:03:52 +00:00
michelvaldrighi ee856b3497 moved die() command, fixes bug #309
git-svn-id: http://svn.automattic.com/wordpress/trunk@1708 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2004-09-23 12:27:52 +00:00
michelvaldrighi 00d3d3fec9 fixes for bug #311, by bronski
git-svn-id: http://svn.automattic.com/wordpress/trunk@1705 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2004-09-22 19:44:35 +00:00
rboren 75d974639b Trackback fix ups.
git-svn-id: http://svn.automattic.com/wordpress/trunk@1696 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2004-09-18 22:47:43 +00:00
saxmatt b650b0736a Move trackbacks to new comment function.
git-svn-id: http://svn.automattic.com/wordpress/trunk@1616 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2004-09-07 02:34:12 +00:00
saxmatt ddba48add2 Track and check user agent for comments.
git-svn-id: http://svn.automattic.com/wordpress/trunk@1603 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2004-09-05 01:50:39 +00:00
saxmatt c9136856b5 Massive options cleanup and another step of cleaning up the upgrade/install.
git-svn-id: http://svn.automattic.com/wordpress/trunk@1599 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2004-09-05 00:24:28 +00:00
saxmatt 2d78e31a7d Vanquishing the terror of iso-8859-1.
git-svn-id: http://svn.automattic.com/wordpress/trunk@1575 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2004-08-30 07:16:40 +00:00
rboren 6b12e25d03 Support timestamp permalinks. Make wider use of is_single(). Bug 0000194.
git-svn-id: http://svn.automattic.com/wordpress/trunk@1491 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2004-07-28 02:43:54 +00:00
rboren 44e890f765 index.php now handles feeds and trackbacks.
git-svn-id: http://svn.automattic.com/wordpress/trunk@1376 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2004-05-31 23:35:32 +00:00
saxmatt 25ae03ee65 Giant commit, sorry mailing list people. Move all table names to new $wpdb versions. Works but the whole app needs thorough testing now.
git-svn-id: http://svn.automattic.com/wordpress/trunk@1355 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2004-05-24 08:22:18 +00:00
saxmatt 9945a746ec Timezone fixes, I hope.
git-svn-id: http://svn.automattic.com/wordpress/trunk@1150 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2004-04-24 21:52:24 +00:00
saxmatt 10c6b7ea9c Changed to superglobals, and eliminated $use_cache (since we always do).
git-svn-id: http://svn.automattic.com/wordpress/trunk@1108 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2004-04-20 22:56:47 +00:00
saxmatt 0c1e3856b6 Additional plugin API hooks, extending moderation scheme to more fully cover trackbacks and pingbacks, cleanup of XML-RPC file.
git-svn-id: http://svn.automattic.com/wordpress/trunk@1012 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2004-03-25 20:18:20 +00:00
michelvaldrighi 69efdb90fd now storing trackback times as localtime+gmt
git-svn-id: http://svn.automattic.com/wordpress/trunk@1003 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2004-03-25 02:39:16 +00:00