Commit Graph

132 Commits

Author SHA1 Message Date
Andrew Nacin
7b47322e22 Ensure the referer functions operate completely on unslashed data: wp_referer_field(), wp_original_referer_field(), wp_get_referer(), wp_get_original_referer().
Use wp_slash() instead of addslashes().

see #21767.



git-svn-id: http://core.svn.wordpress.org/trunk@23578 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-01 17:58:43 +00:00
Ryan Boren
5f809d1d22 Use wp_unslash() instead of stripslashes() and stripslashes_deep(). Use wp_slash() instead of add_magic_quotes().
see #21767


git-svn-id: http://core.svn.wordpress.org/trunk@23563 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-01 17:00:25 +00:00
Ryan Boren
43a7e695e9 Revert 23416, 23419, 23445 except for wp_reset_vars() changes. We are going a different direction with the slashing cleanup, so resetting to a clean slate. see #21767
git-svn-id: http://core.svn.wordpress.org/trunk@23554 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-01 16:28:40 +00:00
Ryan Boren
cc5ed3a485 Change all core API to expect unslashed rather than slashed arguments.
The exceptions to this are update_post_meta() and add_post_meta() which are often used by plugins in POST handlers and will continue accepting slashed data for now.

Introduce wp_upate_post_meta() and wp_add_post_meta() as unslashed alternatives to update_post_meta() and add_post_meta(). These functions could become methods in WP_Post so don't use them too heavily yet.

Remove all escape() calls from wp_xmlrpc_server. Now that core expects unslashed data this is no longer needed.

Remove addslashes(), addslashes_gpc(), add_magic_quotes() calls on data being prepared for handoff to core functions that until now expected slashed data. Adding slashes in no longer necessary.

Introduce wp_unslash() and use to it remove slashes from GPCS data before using it in core API. Almost every instance of stripslashes() in core should now be wp_unslash(). In the future (a release or three) when GPCS is no longer slashed, wp_unslash() will stop stripping slashes and simply return what is passed. At this point wp_unslash() calls can be removed from core.

Introduce wp_slash() for slashing GPCS data. This will also turn into a noop once GPCS is no longer slashed. wp_slash() should almost never be used. It is mainly of use in unit tests.

Plugins should use wp_unslash() on data being passed to core API.

Plugins should no longer slash data being passed to core. So when you get_post() and then wp_insert_post() the post data from get_post() no longer needs addslashes(). Most plugins were not bothering with this. They will magically start doing the right thing. Unfortunately, those few souls who did it properly will now have to avoid calling addslashes() for 3.6 and newer.

Use wp_kses_post() and wp_kses_data(), which expect unslashed data, instead of wp_filter_post_kses() and wp_filter_kses(), which expect slashed data. Filters are no longer passed slashed data.

Remove many no longer necessary calls to $wpdb->escape() and esc_sql().

In wp_get_referer() and wp_get_original_referer(), return unslashed data.

Remove old stripslashes() calls from WP_Widget::update() handlers. These haven't been necessary since WP_Widget.

Switch several queries over to prepare().

Expect something to break.

Props alexkingorg
see #21767


git-svn-id: http://core.svn.wordpress.org/trunk@23416 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-02-14 22:51:06 +00:00
azaozz
34535097b7 Remove nearly all tabindex attributes from the admin, leaving them only where absolutely necessary (for now that's only the toolbar).
Add tabindex="-1" for the menu images links to avoid double tab stops there when the menu is expanded.

Fix/add auto-focus on the first input fields on the Add/Edit Post, all taxonomy, all edit taxonomy, Log In and Edit Comment screens.

See #21340.

git-svn-id: http://core.svn.wordpress.org/trunk@21311 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-07-24 00:15:15 +00:00
azaozz
bba9c91990 Responsive columns on the dashboard and write screens, first run, see #20015
git-svn-id: http://svn.automattic.com/wordpress/trunk@20272 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-03-23 21:41:00 +00:00
nacin
8c841df86d Revert type="email" (HTML5) as some browsers that do validation on these fields do not work for IDN domains yet. Core does not support these well either, but server-side validation can at least be dealt with by a plugin. see #17863.
git-svn-id: http://svn.automattic.com/wordpress/trunk@20196 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-03-15 18:09:14 +00:00
azaozz
f3b63e4537 Set proper HTML5 input types in the admin, props georgestephanis, fixes #17863
git-svn-id: http://svn.automattic.com/wordpress/trunk@20168 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-03-10 01:23:48 +00:00
nacin
13be6d8fb9 In miscellaneous publishing actions, use :last-child instead of a separate misc-pub-section-last class to control borders. Allows for sane use of the post_submitbox_misc_actions hook. (Actually uses :first-child for browser compat reasons.) fixes #19604.
git-svn-id: http://svn.automattic.com/wordpress/trunk@20077 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-03-02 19:52:23 +00:00
westi
a1d2e646ab Make sure to echo out the comment_post_ID when building the edit comment form otherwise the post comment counts will get out of sync. Fixes #20108 props dllh.
git-svn-id: http://svn.automattic.com/wordpress/trunk@19981 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-02-23 18:16:46 +00:00
duck_
f17cb006cf Remove extraneous single quote. Props garyc40. Fixes #19801.
git-svn-id: http://svn.automattic.com/wordpress/trunk@19731 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-01-11 23:35:35 +00:00
nacin
d39a1d4b1b Remove dead variables and strings from edit-form-comment. props ocean90, fixes #19481.
git-svn-id: http://svn.automattic.com/wordpress/trunk@19612 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-12-20 21:39:46 +00:00
azaozz
9ca4a9a39a Update Comment -> Update, props ocean90, fixes #19166
git-svn-id: http://svn.automattic.com/wordpress/trunk@19176 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-11-05 18:03:33 +00:00
ryan
d0d8eb2aaf Update meta box functions to handle WP_Screen objects and pass objects instead of IDs to them in core files. Allow passing emptiness to get the current screen. see #18958
git-svn-id: http://svn.automattic.com/wordpress/trunk@19013 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-10-19 21:43:02 +00:00
duck_
c1d1590171 Fix typos in documentation (wp-admin/). See #18560.
git-svn-id: http://svn.automattic.com/wordpress/trunk@18632 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-09-03 14:18:10 +00:00
azaozz
1cdec6ff6e Merge most admin css files, first run, see #18314
git-svn-id: http://svn.automattic.com/wordpress/trunk@18577 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-08-21 03:46:43 +00:00
azaozz
f634dd5af4 Editor API enhancement, first run (still needs some work), see #17144
git-svn-id: http://svn.automattic.com/wordpress/trunk@18498 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-08-03 10:19:00 +00:00
azaozz
96c6667c5c Don't show the Fullscreen button on the comment edit page, see #17136
git-svn-id: http://svn.automattic.com/wordpress/trunk@17966 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-05-19 07:34:54 +00:00
scribu
866c6e1faa submit_button() fixes. Props sbressler. See #15064
git-svn-id: http://svn.automattic.com/wordpress/trunk@16362 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-13 23:49:53 +00:00
markjaquith
fc6e89da45 Expand submit_button() capabilities. Replace all (or almost all) manual HTML instances in WP. props sbressler. see #15064
git-svn-id: http://svn.automattic.com/wordpress/trunk@16061 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-10-28 21:56:43 +00:00
nacin
c6d21e7fbb Introduce _ex(), a hybrid between _e() and _x() -- translate with context, then echo. props westi, see #13395.
git-svn-id: http://svn.automattic.com/wordpress/trunk@14647 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-05-14 21:46:25 +00:00
ryan
e18c1eeb3a add_meta_boxes actions for comment and link forms.
git-svn-id: http://svn.automattic.com/wordpress/trunk@14044 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-04-09 15:17:57 +00:00
azaozz
fb1bb44d60 Remove all instances of "Trash" from the UI when Trash is disabled, replace trash actions with "Delete permanently", props caesarsgrunt, see #4529
git-svn-id: http://svn.automattic.com/wordpress/trunk@12162 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-11-10 10:38:19 +00:00
azaozz
195e473fe4 Fix trashing/untrashing comments when no JS, props caesarsgrunt, see #4529
git-svn-id: http://svn.automattic.com/wordpress/trunk@12113 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-10-27 03:46:31 +00:00
azaozz
be026258fa "Trash" updates, props caesarsgrunt, see #4529
git-svn-id: http://svn.automattic.com/wordpress/trunk@11841 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-08-19 08:35:24 +00:00
azaozz
4105845402 Stop direct loading of files in wp-admin that should only be included, for trunk
git-svn-id: http://svn.automattic.com/wordpress/trunk@11768 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-08-03 00:04:45 +00:00
azaozz
39e4f05a15 Trash status updates for posts, pages, comments and attachments, props caesarsgrunt, see #4529
git-svn-id: http://svn.automattic.com/wordpress/trunk@11749 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-07-30 13:39:34 +00:00
azaozz
174f05ad82 Fix comment author url when editing, fixes #10466 for trunk
git-svn-id: http://svn.automattic.com/wordpress/trunk@11739 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-07-22 22:32:27 +00:00
ryan
19b743e7e2 esc_attr() for comment author email
git-svn-id: http://svn.automattic.com/wordpress/trunk@11727 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-07-20 02:51:14 +00:00
azaozz
8dff8f9f73 Properly escape comment_author_url when displaying, for trunk
git-svn-id: http://svn.automattic.com/wordpress/trunk@11721 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-07-18 23:21:50 +00:00
markjaquith
3ebf837ced Deprecate sanitize_url() and clean_url() in favor of esc_url_raw() and esc_url()
git-svn-id: http://svn.automattic.com/wordpress/trunk@11383 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-05-18 16:00:33 +00:00
markjaquith
d7b015645d esc_js(). Shorter, follows new escaping naming convention.
git-svn-id: http://svn.automattic.com/wordpress/trunk@11245 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-05-09 07:27:22 +00:00
markjaquith
6c2ffddf31 _a(), _ea(), _xa(), attr() are now esc_attr__(), esc_attr_e(), esc_attr_x(), esc_attr() -- still short, but less cryptic. see #9650
git-svn-id: http://svn.automattic.com/wordpress/trunk@11204 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-05-05 19:43:53 +00:00
ryan
942d030b1d No need to attribute_escape a cleaned url. fixes #8587
git-svn-id: http://svn.automattic.com/wordpress/trunk@11127 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-04-29 20:14:39 +00:00
ryan
7587955a22 urlencode referrer. Props hakre. fixes #8587
git-svn-id: http://svn.automattic.com/wordpress/trunk@11120 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-04-29 16:20:14 +00:00
ryan
2d489767bb s/attribute_escape/attr/. see #9650
git-svn-id: http://svn.automattic.com/wordpress/trunk@11109 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-04-28 05:58:45 +00:00
ryan
c2ff1cd44a Some attr escaping. see #9650
git-svn-id: http://svn.automattic.com/wordpress/trunk@11104 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-04-27 23:09:08 +00:00
azaozz
67d841770a Add "code" class to more URL input fields, props johnbillion, fixes #8383
git-svn-id: http://svn.automattic.com/wordpress/trunk@10995 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-04-18 06:47:56 +00:00
azaozz
8c7f6cb6ee Fix flash upload button, right sidebar on write pages in IE6
git-svn-id: http://svn.automattic.com/wordpress/trunk@10865 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-04-04 10:21:43 +00:00
azaozz
3ca8d791a8 Fix right sidebar on edit comment screen
git-svn-id: http://svn.automattic.com/wordpress/trunk@10843 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-03-26 22:22:52 +00:00
azaozz
61ff5addca jQuery 1.3.2 and UI 1.7.1, may still have some regressions, add screen columns setting to the write/edit post/page screen options, fixes #8867
git-svn-id: http://svn.automattic.com/wordpress/trunk@10834 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-03-25 14:29:22 +00:00
ryan
0bf194de3b Use _x() and extracted comments. Props nbachiyski. see #9112
git-svn-id: http://svn.automattic.com/wordpress/trunk@10680 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-03-02 19:20:19 +00:00
ryan
e89192b1a8 Strip trailing whitespace
git-svn-id: http://svn.automattic.com/wordpress/trunk@10150 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-12-09 18:03:31 +00:00
ryan
2349f73659 Fix id typo. Props sivel. fixes #8401
git-svn-id: http://svn.automattic.com/wordpress/trunk@9928 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-11-27 20:44:43 +00:00
azaozz
f0b7562b48 More screen icons and fixes, includes patch by johnconners, fixes #8380
git-svn-id: http://svn.automattic.com/wordpress/trunk@9912 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-11-26 23:35:23 +00:00
westi
61fb6ea540 Give context to more translations to allow for differentiation between plural noun, verb and adjective translations. Fixes #8154 props nbachiyski.
git-svn-id: http://svn.automattic.com/wordpress/trunk@9835 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-11-21 18:16:44 +00:00
markjaquith
af86fe57ca change "Awaiting Moderation" to "Pending" fixes #8184
git-svn-id: http://svn.automattic.com/wordpress/trunk@9656 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-11-13 05:57:07 +00:00
ryan
2bab4e2ec0 Differentiate between plural noun, verb and adjective Spam translations. Props nbachiyski. fixes #8154
git-svn-id: http://svn.automattic.com/wordpress/trunk@9615 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-11-11 19:54:54 +00:00
ryan
81f671bb73 Validation fixes from Simek. fixes #8139
git-svn-id: http://svn.automattic.com/wordpress/trunk@9592 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-11-10 17:49:00 +00:00
markjaquith
de3e6af863 Fix small typo in last commit.
git-svn-id: http://svn.automattic.com/wordpress/trunk@9492 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-11-03 07:07:39 +00:00