Ryan Boren
43a7e695e9
Revert 23416, 23419, 23445 except for wp_reset_vars() changes. We are going a different direction with the slashing cleanup, so resetting to a clean slate. see #21767
...
git-svn-id: http://core.svn.wordpress.org/trunk@23554 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-01 16:28:40 +00:00
Ryan Boren
cc5ed3a485
Change all core API to expect unslashed rather than slashed arguments.
...
The exceptions to this are update_post_meta() and add_post_meta() which are often used by plugins in POST handlers and will continue accepting slashed data for now.
Introduce wp_upate_post_meta() and wp_add_post_meta() as unslashed alternatives to update_post_meta() and add_post_meta(). These functions could become methods in WP_Post so don't use them too heavily yet.
Remove all escape() calls from wp_xmlrpc_server. Now that core expects unslashed data this is no longer needed.
Remove addslashes(), addslashes_gpc(), add_magic_quotes() calls on data being prepared for handoff to core functions that until now expected slashed data. Adding slashes in no longer necessary.
Introduce wp_unslash() and use to it remove slashes from GPCS data before using it in core API. Almost every instance of stripslashes() in core should now be wp_unslash(). In the future (a release or three) when GPCS is no longer slashed, wp_unslash() will stop stripping slashes and simply return what is passed. At this point wp_unslash() calls can be removed from core.
Introduce wp_slash() for slashing GPCS data. This will also turn into a noop once GPCS is no longer slashed. wp_slash() should almost never be used. It is mainly of use in unit tests.
Plugins should use wp_unslash() on data being passed to core API.
Plugins should no longer slash data being passed to core. So when you get_post() and then wp_insert_post() the post data from get_post() no longer needs addslashes(). Most plugins were not bothering with this. They will magically start doing the right thing. Unfortunately, those few souls who did it properly will now have to avoid calling addslashes() for 3.6 and newer.
Use wp_kses_post() and wp_kses_data(), which expect unslashed data, instead of wp_filter_post_kses() and wp_filter_kses(), which expect slashed data. Filters are no longer passed slashed data.
Remove many no longer necessary calls to $wpdb->escape() and esc_sql().
In wp_get_referer() and wp_get_original_referer(), return unslashed data.
Remove old stripslashes() calls from WP_Widget::update() handlers. These haven't been necessary since WP_Widget.
Switch several queries over to prepare().
Expect something to break.
Props alexkingorg
see #21767
git-svn-id: http://core.svn.wordpress.org/trunk@23416 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-02-14 22:51:06 +00:00
ryan
ab78931b86
Use wp_safe_redirect(). No need to allow offsite redirects.
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@20425 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-04-10 17:21:17 +00:00
ryan
de41bc288b
Introduce WP_User::exists(). see #20372
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@20378 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-04-06 19:18:45 +00:00
ryan
e3b46b25d3
Lose EOF ?>. Clean up EOF newlines. fixes #12307
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@19712 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-01-08 17:01:11 +00:00
westi
c39397033a
Make it possible for commenter cookies to be disabled if someone wants to by setting them on an action instead of always. Fixes #17976 props SergeyBiryukov and pishmishy .
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@19622 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-12-21 10:57:42 +00:00
markjaquith
37e23be4ed
Be more consistent with ERROR: messages. fixes #15887
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@18841 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-09-30 17:18:35 +00:00
nacin
a717edca97
Always exit after wp_redirect. props filosofo, fixes #15518 .
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@16847 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-12-09 18:02:54 +00:00
nacin
970943e636
Allow comments on private posts to proceed past the comment_on_draft action and exit branch. We handle whether the commenter has the appropriate caps further down. fixes #13276 .
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@14473 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-05-06 15:38:40 +00:00
ryan
31c4756a42
Register 'inherit' as a post status. Check the parent post status when commenting on attachments.
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@14086 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-04-14 14:07:48 +00:00
ryan
06249d5aff
Deny commenting on any post with a non-public status. see #9674
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@13200 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-02-18 20:08:35 +00:00
ryan
c0bbf8c1bc
Block comments for future posts and password protected posts (when password not provided). Props filosofo. fixes #11810 for trunk
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@12647 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-01-07 19:37:16 +00:00
ryan
96c363a384
Accept either user_id or user_ID. Remove user_id global. see #11271 #11222
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@12300 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-12-01 02:06:02 +00:00
azaozz
c3f7df6b24
Fix notices and phpdoc, props hakre, fixes #10758
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@12284 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-11-26 11:29:54 +00:00
ryan
cfc8317abe
Standardize on user_id instead of user_ID when passing comment data. fixes #11222
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@12267 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-11-23 21:04:11 +00:00
ryan
33a8043b97
Trash comments when trashing a post. see #11073
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@12148 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-11-05 21:03:09 +00:00
markjaquith
3ebf837ced
Deprecate sanitize_url() and clean_url() in favor of esc_url_raw() and esc_url()
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@11383 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-05-18 16:00:33 +00:00
westi
dc2fb99ce8
Add 'pre_comment_on_post' action to allow early denial by spam plugin. Fixes #8343 .
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@11248 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-05-10 07:11:12 +00:00
westi
cf2499b616
Allow a plugin to vary the comment cookie lifetime (or even remove the cookies altogether). Fixes #4996 .
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@11223 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-05-06 20:58:46 +00:00
ryan
27ff02e402
Require user to be logged in to comment on private posts. Props tott. see #8997
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@10684 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-03-02 22:42:22 +00:00
markjaquith
93bc9521cd
Handle blank display_name for commenters. props mrmist. fixes #7494
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@9781 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-11-19 06:58:44 +00:00
ryan
fe4c1331fe
Notice fixes from Viper007Bond. see #7509
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@9515 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-11-04 20:16:54 +00:00
ryan
8c67165a93
Redirect back to correct comment page after replying. Props Viper007Bond. fixes #8055
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@9508 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-11-04 03:37:30 +00:00
ryan
71278343c2
Redirect back to correct comment page after replying. Props Viper007Bond. fixes #8055
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@9507 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-11-04 03:31:19 +00:00
ryan
91841f2e3c
Comment paging and sorting from Viper007Bond. see #7927
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@9296 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-10-23 16:08:47 +00:00
azaozz
95fa29a208
Reply to comments from admin, first run, see #7435
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@8720 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-08-24 06:56:22 +00:00
westi
e6e0954dbb
Minor phpdoc fixups.
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@8149 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-06-20 20:56:40 +00:00
ryan
a6a1522a8d
File file level phpdoc from jacobsantos. see #7037
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@7991 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-05-25 15:50:15 +00:00
ryan
5b8113578d
Allow wp-config.php to exist one level up from WordPress root directory. Props sambauers. fixes #6933
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@7971 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-05-21 05:59:27 +00:00
ryan
248a0c06e2
Prepare DB queries in more places. Props filosofo. see #6644
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@7645 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-04-14 16:13:25 +00:00
ryan
25788ba179
Add filters to comments_open() and pings_open(). Props tellyworth. fixes #5761
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@6716 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-02-04 20:27:45 +00:00
markjaquith
c671554b03
Update wp-comments-post.php to WP coding conventions. props JeremyVisser. fixes #4573
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@5777 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2007-07-04 16:12:37 +00:00
markjaquith
7f44512c5d
Introducing post_status="pending". see #4446 and put any initial bug reports on that ticket
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@5707 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2007-06-14 16:24:28 +00:00
rob1n
9ce729e656
Content-Type, not Content-type, as headers are case sensitive. Props foolswisdom and Nazgul. fixes #3545
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@5640 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2007-06-02 05:21:18 +00:00
ryan
0013fcda22
Requesting wp-comments-post.php with GET should return 405. Props Mike Little. fixes #3797
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@5128 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2007-03-28 17:34:42 +00:00
matt
3d21925922
Ryan slays the dragon. (Some of these return WP_Error objects.)
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@5089 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2007-03-23 02:05:29 +00:00
matt
7602d17899
(int)er the dragon.
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@5087 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2007-03-23 00:59:21 +00:00
markjaquith
95df22248d
nonce-protect comments by users with unfiltered_html cap to prevent xsrf/xss. fixes #3973 for trunk
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@5039 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2007-03-14 23:10:57 +00:00
markjaquith
92afb1e407
strip tags from comment author before determining emptiness status. props Nazgul. fixes #3839
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@4939 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2007-02-25 13:35:16 +00:00
ryan
ac455f6df8
comment_post_redirect and comment_edit_redirect from Mark J. fixes #2590
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@4260 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2006-09-28 19:16:15 +00:00
ryan
849a0d29d7
Use get_option instead of get_settings. Just 'cause.
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@4144 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2006-08-30 21:46:31 +00:00
ryan
550ede8d60
wp_die() for comment errors. Props filosofo. fixes #1786
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@3984 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2006-07-05 20:34:19 +00:00
ryan
25c2dcac3c
More comment cookie sanitation.
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@3577 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2006-02-28 09:49:06 +00:00
ryan
672530a9da
Strip all html from comment author name, email, and url.
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@3574 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2006-02-28 04:22:24 +00:00
ryan
5322fc2faa
current user cleanup
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@3566 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2006-02-22 19:08:55 +00:00
ryan
f34023a445
clean comment author url. fixes #2454
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@3542 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2006-02-17 01:31:53 +00:00
matt
140f059191
Redirect to permalink instead of referrer. Fixes #1673
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@2984 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2005-11-05 22:08:56 +00:00
matt
fa38002141
Don't set for logged in users.
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@2837 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2005-09-05 04:14:29 +00:00
ryan
91efba11ad
Use wpdb->escape instead of addslashes to prepare DB bound data.
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@2699 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2005-07-05 20:47:22 +00:00
matt
09adfadae0
Better headers for CGI enviroments
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@2623 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2005-06-09 00:17:43 +00:00