Commit Graph

207 Commits

Author SHA1 Message Date
Ryan Boren
09d2c65970 Always wp_unslash() the return of wp_get_referer().
see #21767


git-svn-id: http://core.svn.wordpress.org/trunk@23570 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-01 17:20:32 +00:00
Ryan Boren
43a7e695e9 Revert 23416, 23419, 23445 except for wp_reset_vars() changes. We are going a different direction with the slashing cleanup, so resetting to a clean slate. see #21767
git-svn-id: http://core.svn.wordpress.org/trunk@23554 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-01 16:28:40 +00:00
Andrew Nacin
83e0ce2ac1 Remove unused variables reset by wp_reset_vars(). Many of these haven't been used since b2. see #21767.
git-svn-id: http://core.svn.wordpress.org/trunk@23445 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-02-16 18:28:41 +00:00
Ryan Boren
cc5ed3a485 Change all core API to expect unslashed rather than slashed arguments.
The exceptions to this are update_post_meta() and add_post_meta() which are often used by plugins in POST handlers and will continue accepting slashed data for now.

Introduce wp_upate_post_meta() and wp_add_post_meta() as unslashed alternatives to update_post_meta() and add_post_meta(). These functions could become methods in WP_Post so don't use them too heavily yet.

Remove all escape() calls from wp_xmlrpc_server. Now that core expects unslashed data this is no longer needed.

Remove addslashes(), addslashes_gpc(), add_magic_quotes() calls on data being prepared for handoff to core functions that until now expected slashed data. Adding slashes in no longer necessary.

Introduce wp_unslash() and use to it remove slashes from GPCS data before using it in core API. Almost every instance of stripslashes() in core should now be wp_unslash(). In the future (a release or three) when GPCS is no longer slashed, wp_unslash() will stop stripping slashes and simply return what is passed. At this point wp_unslash() calls can be removed from core.

Introduce wp_slash() for slashing GPCS data. This will also turn into a noop once GPCS is no longer slashed. wp_slash() should almost never be used. It is mainly of use in unit tests.

Plugins should use wp_unslash() on data being passed to core API.

Plugins should no longer slash data being passed to core. So when you get_post() and then wp_insert_post() the post data from get_post() no longer needs addslashes(). Most plugins were not bothering with this. They will magically start doing the right thing. Unfortunately, those few souls who did it properly will now have to avoid calling addslashes() for 3.6 and newer.

Use wp_kses_post() and wp_kses_data(), which expect unslashed data, instead of wp_filter_post_kses() and wp_filter_kses(), which expect slashed data. Filters are no longer passed slashed data.

Remove many no longer necessary calls to $wpdb->escape() and esc_sql().

In wp_get_referer() and wp_get_original_referer(), return unslashed data.

Remove old stripslashes() calls from WP_Widget::update() handlers. These haven't been necessary since WP_Widget.

Switch several queries over to prepare().

Expect something to break.

Props alexkingorg
see #21767


git-svn-id: http://core.svn.wordpress.org/trunk@23416 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-02-14 22:51:06 +00:00
Sergey Biryukov
e9eb36face Only show "There is a pending change of your e-mail..." message on the current user's profile page. fixes #23146.
git-svn-id: http://core.svn.wordpress.org/trunk@23364 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-02-01 01:50:19 +00:00
Andrew Nacin
fa76d11e93 As wp_dropdown_roles() only prints editable roles, ensure that the
"selected" role passed into it on the user-edit screen is editable.

props johnjamesjacoby. see #22361.



git-svn-id: http://core.svn.wordpress.org/trunk@22687 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-11-19 19:23:54 +00:00
Ryan Boren
75a9ce4b37 Remove unnecessary label. Props waclawjacek. fixes #17978
git-svn-id: http://core.svn.wordpress.org/trunk@21927 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-09-20 13:59:39 +00:00
Ryan Boren
9e9d4ebd50 Allow granting the network admin email user super admin. Props JustinSainton, garyc40. fixes #16629
git-svn-id: http://core.svn.wordpress.org/trunk@21925 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-09-20 13:50:35 +00:00
Ryan Boren
cbd6a8becd Allow passing stdClass and WP_User to wp_insert_user() and wp_update_user(). Introduce WP_User::to_array(). Eliminate uses of get_object_vars() when passing to wp_*_user(). fixes #21429
git-svn-id: http://core.svn.wordpress.org/trunk@21496 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-08-10 15:36:54 +00:00
ryan
7b49ad8493 Introduce get_edit_user_link(). Props scribu, georgestephanis, johnbillion. fixes #14787 see #20307
git-svn-id: http://core.svn.wordpress.org/trunk@21364 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-07-30 18:30:03 +00:00
nacin
a9ee3b61f5 Remove charset attribute from script elements. props neoxx, fixes #21146.
git-svn-id: http://core.svn.wordpress.org/trunk@21204 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-07-03 13:27:14 +00:00
azaozz
9855eccd45 Do not clear the old values in "Display name publicly as" drop-down on the user profile screen, append new values there when the user changes any of20747 the name fields, fixes #20747
git-svn-id: http://core.svn.wordpress.org/trunk@20964 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-05-30 21:54:33 +00:00
nacin
8c841df86d Revert type="email" (HTML5) as some browsers that do validation on these fields do not work for IDN domains yet. Core does not support these well either, but server-side validation can at least be dealt with by a plugin. see #17863.
git-svn-id: http://svn.automattic.com/wordpress/trunk@20196 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-03-15 18:09:14 +00:00
azaozz
f3b63e4537 Set proper HTML5 input types in the admin, props georgestephanis, fixes #17863
git-svn-id: http://svn.automattic.com/wordpress/trunk@20168 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-03-10 01:23:48 +00:00
ryan
e3b46b25d3 Lose EOF ?>. Clean up EOF newlines. fixes #12307
git-svn-id: http://svn.automattic.com/wordpress/trunk@19712 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-01-08 17:01:11 +00:00
ryan
616c35e71c One newline is enough.
git-svn-id: http://svn.automattic.com/wordpress/trunk@19684 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-01-05 20:10:39 +00:00
ryan
88b1f65116 s/Admin Bar/Toolbar/. Props ocean90. fixes #19461
git-svn-id: http://svn.automattic.com/wordpress/trunk@19569 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-12-08 16:49:16 +00:00
nacin
3d51303ca3 Help tweaks for users, tools. props jane, see #19020.
git-svn-id: http://svn.automattic.com/wordpress/trunk@19509 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-12-01 01:17:14 +00:00
koopersmith
90f4fb3dd5 Update help content for user edit page. props Ipstenu, see #19020.
git-svn-id: http://svn.automattic.com/wordpress/trunk@19459 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-11-28 16:32:33 +00:00
nacin
0f3e2f79bd Show 'Profile updated' for profile.php. props johnbillion, fixes #19053.
git-svn-id: http://svn.automattic.com/wordpress/trunk@19285 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-11-14 22:09:15 +00:00
nacin
bfb98c193e s/add_help_sidebar/set_help_sidebar/g and introduce screen->remove_help_tab($id) and screen->remove_help_tabs(). see #19020, #18785.
git-svn-id: http://svn.automattic.com/wordpress/trunk@19119 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-11-02 20:14:10 +00:00
ryan
3ad1f67958 Use add_help_sidebar(). see #19020
git-svn-id: http://svn.automattic.com/wordpress/trunk@19111 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-11-02 03:12:37 +00:00
ryan
28a6d49c1a Validation fix for user-edit.php. Props sorich87. fixes #18921
git-svn-id: http://svn.automattic.com/wordpress/trunk@18953 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-10-12 19:47:00 +00:00
nacin
2ee655428d Force the admin bar on in the admin as it is now integrated. Removes the second UI option. Leaves out the upgrade routine for now. see #18197.
git-svn-id: http://svn.automattic.com/wordpress/trunk@18700 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-09-17 22:26:01 +00:00
nacin
1fdf0b9430 Add 'Add New' buttons to edit links, edit media, and edit user screens. props sbressler, fixes #17499.
git-svn-id: http://svn.automattic.com/wordpress/trunk@17975 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-05-19 19:52:11 +00:00
nacin
9cb6e158fc Switch from Panel/SubPanel to Screen in inline documentation and Codex links. props michaelh, fixes #17265.
git-svn-id: http://svn.automattic.com/wordpress/trunk@17748 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-04-28 15:24:49 +00:00
ryan
976fbf8505 Back to Authors and Users should say Back to Users. Props SergeyBiryukov. fixes #16054
git-svn-id: http://svn.automattic.com/wordpress/trunk@17657 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-04-18 21:53:15 +00:00
dd32
7c6cf52194 Add missing closing fieldset tag. Props bluntelk. Fixes #17042 for trunk
git-svn-id: http://svn.automattic.com/wordpress/trunk@17593 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-04-04 08:04:41 +00:00
azaozz
ade138d7ac Fix display of apostrophes in the user's first and last names on the User Profile page, partial props andrewryno, see #17004
git-svn-id: http://svn.automattic.com/wordpress/trunk@17587 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-04-01 20:40:16 +00:00
nacin
51b3f2faf2 Remove cryptic bitwise check. Todo, CPT/supports checks. see #17005.
git-svn-id: http://svn.automattic.com/wordpress/trunk@17574 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-03-31 06:33:20 +00:00
markjaquith
4d39c5894a Remove unused/non-functional code with old-style CSRF checking. see #16499
git-svn-id: http://svn.automattic.com/wordpress/trunk@17381 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-02-03 07:23:05 +00:00
nacin
1b1997583b Err, oops. Put the class on the table row. props yoast, see [17234], see #16004.
git-svn-id: http://svn.automattic.com/wordpress/trunk@17235 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-01-07 16:47:39 +00:00
nacin
d2c179f49e Revert _admin_bar_preferences() and add a class to the table row to allow it to be hidden. Forcing the use of CSS at least attempts to ensure that the developer will recognize that the saving aspect isn't handled. Handle this in the future across all settings screens. Reverts [17161]. fixes #16004.
git-svn-id: http://svn.automattic.com/wordpress/trunk@17234 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-01-07 16:39:18 +00:00
nacin
f15b1ad05d Allow us to return from whence we came. Specify wp_http_referer for user-edit in the network admin, as we may come from network/users or site-users. props PeteMall, SergeyBiryukov, fixes #16053.
git-svn-id: http://svn.automattic.com/wordpress/trunk@17201 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-01-01 22:30:46 +00:00
nacin
a92b6663aa Move the admin bar profile preferences to a hook. fixes #16004.
git-svn-id: http://svn.automattic.com/wordpress/trunk@17161 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-12-28 19:37:11 +00:00
nacin
9009245db5 Tag textareas escaped earlier with textarea_escaped. see #15454.
git-svn-id: http://svn.automattic.com/wordpress/trunk@17141 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-12-25 17:58:01 +00:00
nacin
a50012abc7 Final string tweaks to admin bar preferences. props jane, fixes #15829.
git-svn-id: http://svn.automattic.com/wordpress/trunk@17095 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-12-21 14:45:55 +00:00
nacin
d2b0ef40c8 String changes to admin bar preferences. props jane, see #15829.
git-svn-id: http://svn.automattic.com/wordpress/trunk@17055 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-12-19 05:23:25 +00:00
ryan
58e65d1855 Admin bar visibility prefs. Props duck_. see #15829
git-svn-id: http://svn.automattic.com/wordpress/trunk@17032 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-12-17 21:48:30 +00:00
ryan
d5f81d06f9 Don't show super admin checkbox for the user that has the network admin email address. Props duck_. fixes #14051
git-svn-id: http://svn.automattic.com/wordpress/trunk@16767 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-12-07 18:10:16 +00:00
nacin
ee718e28c0 Don't double-escape user description. see #15454.
git-svn-id: http://svn.automattic.com/wordpress/trunk@16744 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-12-06 08:55:09 +00:00
PeteMall
5e3fd53b7a Ignore role selector in network admin user-edit. See #14435.
git-svn-id: http://svn.automattic.com/wordpress/trunk@16563 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-24 08:06:38 +00:00
nacin
b3b979ce48 Codex links should open in a new window. fixes #14665, props qwertymaniac.
git-svn-id: http://svn.automattic.com/wordpress/trunk@16448 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-18 03:26:03 +00:00
markjaquith
6482610f9a esc_textarea() and application for obvious textarea escaping. props alexkingorg. fixes #15454
git-svn-id: http://svn.automattic.com/wordpress/trunk@16431 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-17 17:12:01 +00:00
ryan
cd8c19d46d Remove role selector from network admin user-edit. Props PeteMall. see #14435
git-svn-id: http://svn.automattic.com/wordpress/trunk@16210 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-05 17:26:32 +00:00
nacin
f5e23028ff Pass user object through _wp_get_user_contactmethods() to the user_contactmethods filter. props aaroncampbell, fixes #15186.
git-svn-id: http://svn.automattic.com/wordpress/trunk@15896 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-10-21 15:42:06 +00:00
scribu
799baf139c Use submit_button() in more places. See #15064
git-svn-id: http://svn.automattic.com/wordpress/trunk@15830 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-10-17 18:24:34 +00:00
scribu
08e984e5e8 move password-strength-meter.js into user-profile.js. See #5919
git-svn-id: http://svn.automattic.com/wordpress/trunk@15780 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-10-12 20:29:19 +00:00
ryan
9c31fd7c70 First pass of user admin. Network admin and screen cleanups. see #14696
git-svn-id: http://svn.automattic.com/wordpress/trunk@15746 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-10-07 19:34:18 +00:00
ryan
21e3f0f7fa Network Admin, first pass. see #14435
git-svn-id: http://svn.automattic.com/wordpress/trunk@15481 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-07-30 20:34:54 +00:00