Commit Graph

107 Commits

Author SHA1 Message Date
Ryan Boren
5f809d1d22 Use wp_unslash() instead of stripslashes() and stripslashes_deep(). Use wp_slash() instead of add_magic_quotes().
see #21767


git-svn-id: http://core.svn.wordpress.org/trunk@23563 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-01 17:00:25 +00:00
Ryan Boren
43a7e695e9 Revert 23416, 23419, 23445 except for wp_reset_vars() changes. We are going a different direction with the slashing cleanup, so resetting to a clean slate. see #21767
git-svn-id: http://core.svn.wordpress.org/trunk@23554 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-01 16:28:40 +00:00
Ryan Boren
cc5ed3a485 Change all core API to expect unslashed rather than slashed arguments.
The exceptions to this are update_post_meta() and add_post_meta() which are often used by plugins in POST handlers and will continue accepting slashed data for now.

Introduce wp_upate_post_meta() and wp_add_post_meta() as unslashed alternatives to update_post_meta() and add_post_meta(). These functions could become methods in WP_Post so don't use them too heavily yet.

Remove all escape() calls from wp_xmlrpc_server. Now that core expects unslashed data this is no longer needed.

Remove addslashes(), addslashes_gpc(), add_magic_quotes() calls on data being prepared for handoff to core functions that until now expected slashed data. Adding slashes in no longer necessary.

Introduce wp_unslash() and use to it remove slashes from GPCS data before using it in core API. Almost every instance of stripslashes() in core should now be wp_unslash(). In the future (a release or three) when GPCS is no longer slashed, wp_unslash() will stop stripping slashes and simply return what is passed. At this point wp_unslash() calls can be removed from core.

Introduce wp_slash() for slashing GPCS data. This will also turn into a noop once GPCS is no longer slashed. wp_slash() should almost never be used. It is mainly of use in unit tests.

Plugins should use wp_unslash() on data being passed to core API.

Plugins should no longer slash data being passed to core. So when you get_post() and then wp_insert_post() the post data from get_post() no longer needs addslashes(). Most plugins were not bothering with this. They will magically start doing the right thing. Unfortunately, those few souls who did it properly will now have to avoid calling addslashes() for 3.6 and newer.

Use wp_kses_post() and wp_kses_data(), which expect unslashed data, instead of wp_filter_post_kses() and wp_filter_kses(), which expect slashed data. Filters are no longer passed slashed data.

Remove many no longer necessary calls to $wpdb->escape() and esc_sql().

In wp_get_referer() and wp_get_original_referer(), return unslashed data.

Remove old stripslashes() calls from WP_Widget::update() handlers. These haven't been necessary since WP_Widget.

Switch several queries over to prepare().

Expect something to break.

Props alexkingorg
see #21767


git-svn-id: http://core.svn.wordpress.org/trunk@23416 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-02-14 22:51:06 +00:00
Helen Hou-Sandí
b1f1579604 its <=> it's in documentation, along with a rogue the, The, and looses. props trepmal. fixes #22665.
git-svn-id: http://core.svn.wordpress.org/trunk@23191 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-12-20 15:55:32 +00:00
Andrew Nacin
1acd8b556f New HiDPI spinner. Uses clean <span class="spinner"></span> markup.
Be on the lookout for weirdness.
props lessbloat. see #21456.



git-svn-id: http://core.svn.wordpress.org/trunk@22019 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-09-26 19:57:44 +00:00
Andrew Nacin
fb36abe6b7 Always URL-encode a stylesheet directory value before using it in a URL. These situations are saved by wp_nonce_url(), but we should not depend on that. see #21749, for trunk only.
git-svn-id: http://core.svn.wordpress.org/trunk@21755 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-09-04 22:35:12 +00:00
Andrew Nacin
d476c22aa1 Fix old-school Preview links when a theme directory contains spaces. Fix the theme-editor.php link from MS themes screens when a theme directory contains spaces. see #21749.
git-svn-id: http://core.svn.wordpress.org/trunk@21752 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-09-04 22:25:25 +00:00
markjaquith
09f66013f5 Do not display an error message when a plugin or theme being updated is found to already be up to date. Note the fact, and call it success. props solarissmoke. fixes #19752
git-svn-id: http://core.svn.wordpress.org/trunk@21236 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-07-09 03:40:32 +00:00
nacin
b43393e9db Cap checks for links in the upgrader, for plugins. fixes #19824.
git-svn-id: http://core.svn.wordpress.org/trunk@21197 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-06-30 12:19:13 +00:00
nacin
fffff45c25 Cap checks in the upgrader so we do not show links the user cannot access. props linuxologos for the initial patch. see #19824.
Also fixes a rare fatal error when theme_info is not set when updating a theme that is already up to date.



git-svn-id: http://core.svn.wordpress.org/trunk@21195 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-06-30 12:08:18 +00:00
nacin
3a215028ea Allow switch_theme() to take a single $stylesheet argument.
It now effectively has two function definitions:
function switch_theme( $stylesheet )
function switch_theme( $template, $stylesheet )

fixes #21075.



git-svn-id: http://core.svn.wordpress.org/trunk@21131 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-06-26 05:21:04 +00:00
nacin
222425a917 Introduce wp_clean_themes_cache() for upgrades and testing. fixes #20954.
git-svn-id: http://core.svn.wordpress.org/trunk@21080 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-06-14 14:24:25 +00:00
ryan
21436ed8b9 Force a theme directory scan after installing and upgrading themes. Props nacin. fixes #20919
git-svn-id: http://core.svn.wordpress.org/trunk@21064 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-06-12 15:59:53 +00:00
ryan
bbb1494919 Use the stylesheet rather than the template to create the network enable theme nonce. Fix network enable redirect following theme installation. Props duck_, nacin. fixes #20916
git-svn-id: http://core.svn.wordpress.org/trunk@21062 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-06-12 15:31:25 +00:00
nacin
551f88dbcb Use the proper value for the switch-theme nonce in the upgrader. Fixes child theme activation after install. props duck_. fixes #20914.
git-svn-id: http://core.svn.wordpress.org/trunk@21061 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-06-12 14:36:24 +00:00
ryan
d00954f12e Post theme upgrade/install tweaks.
* Add title attributes to Live Preview links.
* Show Customize instead of Live Preview after upgrading current theme.
* Hide activate and preview links after theme upgrade when in the network admin.

Props SergeyBiryukov
fixes #20784


git-svn-id: http://core.svn.wordpress.org/trunk@20958 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-05-30 18:55:20 +00:00
ryan
03daf400c5 "Live Preview" rather than "Customize" after installing/upgrading a theme. Props SergeyBiryukov. fixes #20784
git-svn-id: http://core.svn.wordpress.org/trunk@20957 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-05-30 17:15:57 +00:00
ryan
28d2b205d8 Remove activate/deactivate messages from plugin upgrades. Props toppa. fixes #17833
git-svn-id: http://core.svn.wordpress.org/trunk@20786 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-05-14 17:24:44 +00:00
koopersmith
1c102d3180 Add quote to fix 'Customize' link after new theme install on Chrome. props DH-Shredder, see #19910.
git-svn-id: http://core.svn.wordpress.org/trunk@20695 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-05-02 20:22:02 +00:00
nacin
0af650a02c Check if update_core() exists before calling it in Core_Upgrader. If not, issue an error message that the copy failed likely due to disk space. fixes #19883.
git-svn-id: http://svn.automattic.com/wordpress/trunk@20619 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-04-27 18:57:59 +00:00
koopersmith
73246fa076 Theme Customizer: Remove unused 'template' argument from wp_customize_url. see #19910.
git-svn-id: http://svn.automattic.com/wordpress/trunk@20520 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-04-18 20:57:06 +00:00
nacin
aab399efbc Theme Customizer: Stick to wp_customize_url() instead of wp_customize_href(). Switch argument order so it is stylesheet-template. (Template is hypothetically optional, but the function will not support that.) see #19910.
Move to ->display('Name'), as ->get('Name') is a raw, untranslated version of the header.



git-svn-id: http://svn.automattic.com/wordpress/trunk@20477 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-04-16 14:36:47 +00:00
koopersmith
a5dacf7da5 Theme Customizer: Allow the customize iframe to be accessed directly (with full feature support). see #19910.
* Move the 'Return to Manage Themes' and 'Collapse Sidebar' actions from themes.php to customize-controls.php.
* Create a postMessage connection between themes.php and customize-controls.php.
* Allow the theme customizer to be accessed directly (independent of themes.php and the customize loader).
* Add wp_customize_href() and wp_customize_url().
* Remove wp_customize_loader(). To include the loader, use wp_enqueue_script( 'customize-loader' ).
* The theme customizer now requires postMessage browser support.
* Add .hide-if-customize and .hide-if-no-customize CSS classes.
* Clean up customize-preview.js.

git-svn-id: http://svn.automattic.com/wordpress/trunk@20476 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-04-16 14:02:28 +00:00
koopersmith
c2fb0c425b Replace all instances of thickbox theme preview with the theme customizer. fixes #20404.
* Use theme customizer in theme install/update screens.
* Separate the customize loader from the customizer. Use wp_customize_loader() to include the loader script and markup.
* Deprecated: wp-admin/js/theme-preview.js is now no longer used by core.

git-svn-id: http://svn.automattic.com/wordpress/trunk@20419 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-04-10 02:25:03 +00:00
nacin
2a29da4d31 Clear WP_Theme caches on update. fixes #20331.
git-svn-id: http://svn.automattic.com/wordpress/trunk@20329 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-03-30 14:46:52 +00:00
nacin
8c46a71af6 Leverage WP_Theme in the upgrader. Remove debug line from [20267]. Stop using get_theme_data() as it will be deprecated. see #13774. see #20103.
git-svn-id: http://svn.automattic.com/wordpress/trunk@20268 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-03-23 10:20:26 +00:00
nacin
98862a975b Support child theme installation in the theme installer. props otto42, dd32. fixes #13774.
git-svn-id: http://svn.automattic.com/wordpress/trunk@20267 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-03-23 10:10:06 +00:00
ryan
616c35e71c One newline is enough.
git-svn-id: http://svn.automattic.com/wordpress/trunk@19684 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-01-05 20:10:39 +00:00
ryan
07ff8b216b Use one space, not two, after trailing punctuation. fixes #19537
git-svn-id: http://svn.automattic.com/wordpress/trunk@19593 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-12-13 23:45:31 +00:00
ryan
872428d60d More specific error strings for failed theme and plugin package uploads. Props dd32. fixes #14999
git-svn-id: http://svn.automattic.com/wordpress/trunk@19246 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-11-10 19:41:44 +00:00
dd32
16697d503e Tabs > Spaces. Props SergeyBiryukov. See #14999
git-svn-id: http://svn.automattic.com/wordpress/trunk@19115 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-11-02 12:16:47 +00:00
dd32
68037f4ac1 Themes not within a subdirectory of the zip need to have the working directory Trailingslashed. See #14999
git-svn-id: http://svn.automattic.com/wordpress/trunk@19057 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-10-25 04:25:52 +00:00
ryan
62afab8db3 Pinking shears
git-svn-id: http://svn.automattic.com/wordpress/trunk@19054 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-10-24 19:13:23 +00:00
duck_
c1d1590171 Fix typos in documentation (wp-admin/). See #18560.
git-svn-id: http://svn.automattic.com/wordpress/trunk@18632 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-09-03 14:18:10 +00:00
dd32
e089db6cf4 First slice of rejecting invalid Plugin and Theme zip uploads (Incompatible file structure, not containing a Plugin/Theme, etc). See #14999
git-svn-id: http://svn.automattic.com/wordpress/trunk@18618 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-08-28 15:02:48 +00:00
dd32
ef278df299 Store Plugin/Theme uploads in the Media Library properly. Add Scheduled cleanup +2hrs to clean up any aborted installation attempts. See #18182
git-svn-id: http://svn.automattic.com/wordpress/trunk@18617 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-08-28 08:42:07 +00:00
dd32
b16b6f8a31 Only clean up the uploaded files after a successful (or failed) install. Allows files to persist past the FTP credential screen. See #18182
git-svn-id: http://svn.automattic.com/wordpress/trunk@18616 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-08-28 05:51:38 +00:00
dd32
ea3a169b6f Clean up Plugin/Theme uploads after successfully installing them. Restores pre-3.2 behaviour. See #18182
git-svn-id: http://svn.automattic.com/wordpress/trunk@18614 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-08-28 03:51:35 +00:00
nacin
0fe8ea2f72 Add 'Network Enable' link after installing a theme in the network admin. props PeteMall, fixes #18468.
git-svn-id: http://svn.automattic.com/wordpress/trunk@18569 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-08-18 22:40:37 +00:00
nacin
97730f64fa Initialize in the Theme_Upgrader class. props mitchoyoshitaka, fixes #18367.
git-svn-id: http://svn.automattic.com/wordpress/trunk@18525 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-08-10 19:26:36 +00:00
nacin
bf9c99e1fa Extra check for partial updates: Make sure the API response matches the current version of WP. see #10611.
git-svn-id: http://svn.automattic.com/wordpress/trunk@18227 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-06-10 06:22:33 +00:00
nacin
493ac83f33 Core support for partial updates. see #10611.
git-svn-id: http://svn.automattic.com/wordpress/trunk@18225 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-06-10 05:47:44 +00:00
ryan
3fc5956921 s/seperator/separator/. Props brandonburke. fixes #17610
git-svn-id: http://svn.automattic.com/wordpress/trunk@18084 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-05-31 19:58:36 +00:00
ryan
04487fc268 Constructor cleanup. Props ocean90. fixes #16768
git-svn-id: http://svn.automattic.com/wordpress/trunk@17771 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-04-29 20:05:12 +00:00
dd32
f4ccdcc188 Do not delete local package files in WP_Upgrader. Props joelhardi. Fixes #14963
git-svn-id: http://svn.automattic.com/wordpress/trunk@17660 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-04-19 05:54:01 +00:00
dd32
65db854b9f Remove debug cruft from [17590]. See #14182
git-svn-id: http://svn.automattic.com/wordpress/trunk@17591 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-04-03 11:55:27 +00:00
dd32
479e64c170 When upgrading plugins|themes, if the new destination folder is different from the previous folder, delete the old folder upon upgrade. Fixes #14182
git-svn-id: http://svn.automattic.com/wordpress/trunk@17590 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-04-03 11:54:07 +00:00
ryan
30462d25ca Mark theme preview iframe as a preview_iframe so that the admin bar doesn't show. Props tetele. fixes #16659 for trunk
git-svn-id: http://svn.automattic.com/wordpress/trunk@17502 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-03-08 21:54:05 +00:00
ryan
587ea006b5 Translations in title attributes require esc_attr().
git-svn-id: http://svn.automattic.com/wordpress/trunk@17102 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-12-21 17:17:58 +00:00
ryan
2eba21d6be Fix return the themes links. Props duck_. fixes #15718
git-svn-id: http://svn.automattic.com/wordpress/trunk@16766 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-12-07 18:01:58 +00:00