Commit Graph

47 Commits

Author SHA1 Message Date
Sergey Biryukov
ac5e918526 Escape the output in wp_ajax_upload_attachment().
Merges [45936] to the 4.7 branch.
Props whyisjake, sstoqnov.
Built from https://develop.svn.wordpress.org/branches/4.7@45947


git-svn-id: http://core.svn.wordpress.org/branches/4.7@45758 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2019-09-04 16:35:47 +00:00
Dominik Schilling
25e66e4f1e Text Changes: Unify permission error messages.
The new format looks like "Sorry, you are not allowed to <action>.". This provides a consistent experience for all error messages related to missing permissions. It also reduces the number of similar strings and allows translators to provide a consistent style in their language.

Props ramiy, Presskopp.
Fixes #34521.
Built from https://develop.svn.wordpress.org/trunk@37914


git-svn-id: http://core.svn.wordpress.org/trunk@37855 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-29 15:16:29 +00:00
Drew Jaynes
c3055cc190 Docs: Standardize hook docs in wp-admin/* to use third-person singular verbs per the inline documentation standards for PHP.
See #36913.

Built from https://develop.svn.wordpress.org/trunk@37488


git-svn-id: http://core.svn.wordpress.org/trunk@37456 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-05-22 18:01:30 +00:00
Helen Hou-Sandí
48befcf361 Superglobals: Revert [34059] until further notice.
see #33837.

Built from https://develop.svn.wordpress.org/trunk@34265


git-svn-id: http://core.svn.wordpress.org/trunk@34229 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-17 12:33:26 +00:00
Scott Taylor
191400f9e6 Don't ever use the guid value when retrieving URLs for media, use wp_get_attachment_url(). Use get_attached_file() for path to file.
Fixes #33386.

Built from https://develop.svn.wordpress.org/trunk@34163


git-svn-id: http://core.svn.wordpress.org/trunk@34131 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-15 02:50:25 +00:00
Scott Taylor
cd7c0f0b0d Introduce wp_validate_action( $action = '' ), a helper function that checks $_REQUEST for action and returns it, or empty string if not present. If $action is passed, it checks to make sure they match before returning it, or an empty string. Strings are always returned to avoid returning multiple types.
Implementing this removes 27 uses of direct superglobal access in the admin.

For more reading:
https://codeclimate.com/github/WordPress/WordPress/wp-admin/edit-comments.php

See #33837.

Built from https://develop.svn.wordpress.org/trunk@34059


git-svn-id: http://core.svn.wordpress.org/trunk@34027 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-11 21:08:26 +00:00
Sergey Biryukov
32b5726fd4 Merge two similar strings.
props pavelevap.
fixes #33643.
Built from https://develop.svn.wordpress.org/trunk@33842


git-svn-id: http://core.svn.wordpress.org/trunk@33810 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-01 13:46:24 +00:00
Scott Taylor
8af2dbc671 Correct punctuation/case for inline comment in async-upload.php
Props chriscct7.
Fixes #33408.

Built from https://develop.svn.wordpress.org/trunk@33640


git-svn-id: http://core.svn.wordpress.org/trunk@33607 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-08-18 23:35:25 +00:00
Dion Hulse
3cec3655e9 Prevent IE9 and lower displaying the download file dialogue when attempting to upload using the html4 Plupload handler.
The HTML4 Plupload handler uses a hidden iframe to POST the upload form,
Unfortunately Internet Explorer 9 doesn't support the `application/json` 
content-type which `wp_send_json_success()` and requires `text/html` instead.

This partially reverts [30354], keeping the better error messages.

Fixes #31037 for trunk.

Built from https://develop.svn.wordpress.org/trunk@31429


git-svn-id: http://core.svn.wordpress.org/trunk@31410 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-02-12 01:15:29 +00:00
Drew Jaynes
2faf449f51 Docs Formatting: Backtick-escape inline code for all dynamic hook docs in wp-admin/*.
Also includes some changes to move hook docs to directly precede hook lines. This is necessary to prevent DocBlock-matching confusion when core is parsed.

Affects DocBlocks for the following hooks:
* `wp_ajax_ . $_REQUEST['action']`
* `wp_ajax_nopriv_ . $_REQUEST['action']`
* `admin_footer- . $GLOBALS['hook_suffix']`
* `admin_head-$hook_suffix`
* `admin_post_nopriv_{$action}`
* `admin_post_{$action}`
* `load-  . $page_hook`
* `load- . $plugin_page`
* `load-importer- . $importer`
* `load- . $pagenow`
* `admin_action_ . $_REQUEST['action']`
* `async_upload_{$type}`
* `add_meta_boxes_ . $post_type`
* `{$taxonomy}_pre_edit_form`
* `{$taxonomy}_term_edit_form_tag`
* `{$taxonomy}_edit_form_fields`
* `{$taxonomy}_edit_form`
* `after-{$taxonomy}-table`
* `{$taxonomy}_pre_add_form`
* `{$taxonomy}_term_new_form_tag`
* `{$taxonomy}_add_form_fields`
* `{$taxonomy}_add_form`
* `media_upload_$type`
* `media_upload_$tab`
* `install_plugins_pre_$tab`
* `install_plugins_$tab`
* `install_themes_pre_{$tab}`
* `install_themes_{$tab}`
* `update-core-custom_{$action}`
* `update-custom_{$action}`
* `user_{$name}_label`

See #30552.

Built from https://develop.svn.wordpress.org/trunk@30649


git-svn-id: http://core.svn.wordpress.org/trunk@30639 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-30 11:42:24 +00:00
John Blackbourn
fd15794b5c Add some specific JSON responses when there are user permission errors for AJAX file uploads. Replace some usage of wp_json_encode() with wp_send_json_*().
See #25849
Props gcorne

Built from https://develop.svn.wordpress.org/trunk@30354


git-svn-id: http://core.svn.wordpress.org/trunk@30353 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-16 05:47:21 +00:00
Scott Taylor
2d1080aed1 Improve wp.Uploader documentation.
Props ericlewis.
See #30260.

Built from https://develop.svn.wordpress.org/trunk@30244


git-svn-id: http://core.svn.wordpress.org/trunk@30244 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-05 19:37:23 +00:00
Dominik Schilling
8ea68677f3 Media Upload: Improve styling of error messages.
props afercia, michalzuber.
fixes #29047.
Built from https://develop.svn.wordpress.org/trunk@29355


git-svn-id: http://core.svn.wordpress.org/trunk@29131 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-08-02 14:14:19 +00:00
Drew Jaynes
097dc8ee15 Fix syntax for single- and multi-line comments in wp-admin-directory files.
See #28931.

Built from https://develop.svn.wordpress.org/trunk@29206


git-svn-id: http://core.svn.wordpress.org/trunk@28990 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-07-17 09:14:16 +00:00
Scott Taylor
b9afafffe3 hackificator complains if you call include 'file.php' without the parens, needs to be include( 'file.php' )
See #27881.

Built from https://develop.svn.wordpress.org/trunk@28479


git-svn-id: http://core.svn.wordpress.org/trunk@28306 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-18 20:52:15 +00:00
Scott Taylor
112ca4e055 Because the WP_ADMIN constant name can be bound in multiple files, all instances should check ! defined first. wp-admin/admin.php already has this check.
See #27881.

Built from https://develop.svn.wordpress.org/trunk@28478


git-svn-id: http://core.svn.wordpress.org/trunk@28305 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-18 20:42:16 +00:00
Dominik Schilling
12334929d7 Fix typo in hook description for async_upload_{$type}.
Built from https://develop.svn.wordpress.org/trunk@27955


git-svn-id: http://core.svn.wordpress.org/trunk@27785 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-04-05 14:12:16 +00:00
Andrew Nacin
5965616aca Define DOING_AJAX earlier in async-upload.php.
props avryl.
fixes #27387. see [22902].

Built from https://develop.svn.wordpress.org/trunk@27558


git-svn-id: http://core.svn.wordpress.org/trunk@27401 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-03-15 19:59:15 +00:00
Drew Jaynes
95bf041b3a Inline documentation for hooks in wp-admin/async-upload.php.
Props rzen for the initial patch.
Fixes #25517.

Built from https://develop.svn.wordpress.org/trunk@25942


git-svn-id: http://core.svn.wordpress.org/trunk@25901 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-10-26 21:41:09 +00:00
Andrew Nacin
fd57b239d2 Don't rely on include_path to include files.
Always use dirname() or, once available, ABSPATH.

props ketwaroo, hakre.
fixes #17092.

Built from https://develop.svn.wordpress.org/trunk@25616


git-svn-id: http://core.svn.wordpress.org/trunk@25533 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-09-25 00:18:11 +00:00
Andrew Nacin
c2db94d10c Use meta caps edit_post, read_post, and delete_post directly, rather than consulting the post type object. map_meta_cap() handles that for us. props markjaquith, kovshenin. fixes #23226.
git-svn-id: http://core.svn.wordpress.org/trunk@24593 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-07-08 20:05:42 +00:00
Sergey Biryukov
415a5c60da * Pass ellipsis as a parameter to wp_html_excerpt() instead of appending it manually.
* Consolidate the logic to avoid appending ellipsis if the entire string is shown.
* Show ellipsis after truncated filenames and post titles.

props solarissmoke, bpetty, SergeyBiryukov. fixes #11446.

git-svn-id: http://core.svn.wordpress.org/trunk@24214 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-05-09 00:22:02 +00:00
Andrew Nacin
7e13a6656c Verify attachment parent during upload.
git-svn-id: http://core.svn.wordpress.org/trunk@22915 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-11-29 02:39:34 +00:00
Ryan Boren
ea0d28db29 Route uploads through async-upload.php instead of admin-ajax.php.
Props nacin, koopersmith
fixes #22622


git-svn-id: http://core.svn.wordpress.org/trunk@22902 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-11-28 20:17:57 +00:00
Andrew Nacin
e276fc44be Have media-new.php return simple rows of basic attachment data, with an 'Edit' link next to each taking them to post.php (in a new window). Not ideal, but this is largely a fallback screen at this point.
This is bolted on to existing code, the vast majority of which is destined to be ripped out in 3.6 once things settle.

see #22083.



git-svn-id: http://core.svn.wordpress.org/trunk@22755 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-11-21 13:05:44 +00:00
ryan
e3b46b25d3 Lose EOF ?>. Clean up EOF newlines. fixes #12307
git-svn-id: http://svn.automattic.com/wordpress/trunk@19712 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-01-08 17:01:11 +00:00
ryan
0358498b0a Use text/html to appease IE < 9. Props azaozz. fixes #19494
git-svn-id: http://svn.automattic.com/wordpress/trunk@19586 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-12-11 00:03:24 +00:00
ryan
3862c4c34c Add cap and type checks to media item fetch. For trunk
git-svn-id: http://svn.automattic.com/wordpress/trunk@17390 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-02-05 18:22:53 +00:00
dd32
0821c7163b Better display handling of error messages during swfupload uploading. Fixes #12225
git-svn-id: http://svn.automattic.com/wordpress/trunk@14816 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-05-23 10:59:52 +00:00
nacin
6ec7cb4540 Use relative paths when including files, avoiding include_path. fixes #12594, props sorich87.
git-svn-id: http://svn.automattic.com/wordpress/trunk@14139 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-04-18 06:14:45 +00:00
ryan
e8c32c03b0 Pass logged_in cookie to async-upload. Props nbachiyski. fixes #10739
git-svn-id: http://svn.automattic.com/wordpress/trunk@11904 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-09-08 15:22:42 +00:00
azaozz
85766ab12e Show "Delete" in Media -> Add New, props mgriepentrog, fixes #7879
git-svn-id: http://svn.automattic.com/wordpress/trunk@11421 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-05-21 01:42:40 +00:00
markjaquith
119b39cec2 deprecate wp_specialchars() in favor of esc_html(). Encode quotes for esc_html() as in esc_attr(), to improve plugin security.
git-svn-id: http://svn.automattic.com/wordpress/trunk@11380 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-05-18 15:11:07 +00:00
ryan
a61bc0ec8a Trailing whitespace cleanup
git-svn-id: http://svn.automattic.com/wordpress/trunk@11013 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-04-20 18:18:39 +00:00
azaozz
f26797d298 Define WP_ADMIN in flash uploader, props hailin, fixes #9368
git-svn-id: http://svn.automattic.com/wordpress/trunk@10827 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-03-20 01:07:35 +00:00
azaozz
65e0cea07b Show file url after upload form media library, props yoavf, fixes #9267
git-svn-id: http://svn.automattic.com/wordpress/trunk@10696 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-03-04 08:22:25 +00:00
ryan
9861eb1a85 Notice fixes from DD32. see #7509
git-svn-id: http://svn.automattic.com/wordpress/trunk@9699 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-11-14 23:01:16 +00:00
azaozz
a6f7c12d48 Upload media from the Media Library page.
git-svn-id: http://svn.automattic.com/wordpress/trunk@8998 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-09-27 08:17:55 +00:00
ryan
175c2b6fb1 WP-Admin File Level Inline Documentation from santosj. see #7496
git-svn-id: http://svn.automattic.com/wordpress/trunk@8618 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-08-11 20:26:31 +00:00
ryan
35b18e5034 Trailing whitespace cleanup
git-svn-id: http://svn.automattic.com/wordpress/trunk@8600 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-08-09 05:36:14 +00:00
ryan
636c562256 SSL fixes. see #7001
git-svn-id: http://svn.automattic.com/wordpress/trunk@8190 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-06-24 22:19:27 +00:00
ryan
5ad5715af7 Add some noncing. Props andy.
git-svn-id: http://svn.automattic.com/wordpress/trunk@8023 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-05-30 20:43:36 +00:00
ryan
a5336482b1 Add charset to async-upload content-type header. Props duncanmc. fixes #6873 for trunk
git-svn-id: http://svn.automattic.com/wordpress/trunk@8021 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-05-30 20:42:28 +00:00
ryan
5b8113578d Allow wp-config.php to exist one level up from WordPress root directory. Props sambauers. fixes #6933
git-svn-id: http://svn.automattic.com/wordpress/trunk@7971 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-05-21 05:59:27 +00:00
ryan
cab4206406 Workaround response truncation by reducing size of response after uploading with flash uploader. Props tellyworth. fixes #6713
git-svn-id: http://svn.automattic.com/wordpress/trunk@7682 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-04-14 23:09:14 +00:00
ryan
b0b5981a77 Add capability check to async-upload. Props xknown. fixes #5848
git-svn-id: http://svn.automattic.com/wordpress/trunk@6830 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-02-13 23:16:11 +00:00
matt
f529123061 First pass at async upload, multi-upload, and gallery feature. Modified names from patch. Hat tip: tellyworth, skeltoac.
git-svn-id: http://svn.automattic.com/wordpress/trunk@6659 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-01-25 19:21:11 +00:00