Commit Graph

189 Commits

Author SHA1 Message Date
Andrew Nacin
21a1fe8d4b Use wp_safe_remote_request() and friends instead of reject_unsafe_urls = true.
fixes #24646.



git-svn-id: http://core.svn.wordpress.org/trunk@24917 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-07-31 06:52:13 +00:00
Andrew Nacin
96ee267343 Better validation of the URL used in core HTTP requests.
git-svn-id: http://core.svn.wordpress.org/trunk@24480 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-06-21 06:07:47 +00:00
Andrew Nacin
be01fce99f Show a relative path in an upload error message.
git-svn-id: http://core.svn.wordpress.org/trunk@24463 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-06-21 02:29:26 +00:00
Ryan Boren
469d1a3099 Escape form action urls with esc_url() rather than esc_attr().
Props SergeyBiryukov
fixes #23266


git-svn-id: http://core.svn.wordpress.org/trunk@23739 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-18 14:01:25 +00:00
Sergey Biryukov
28248c1b08 Make get_home_path() return consistent slashes. fixes #23175.
git-svn-id: http://core.svn.wordpress.org/trunk@23669 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-12 11:04:14 +00:00
Ryan Boren
5f809d1d22 Use wp_unslash() instead of stripslashes() and stripslashes_deep(). Use wp_slash() instead of add_magic_quotes().
see #21767


git-svn-id: http://core.svn.wordpress.org/trunk@23563 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-01 17:00:25 +00:00
Ryan Boren
43a7e695e9 Revert 23416, 23419, 23445 except for wp_reset_vars() changes. We are going a different direction with the slashing cleanup, so resetting to a clean slate. see #21767
git-svn-id: http://core.svn.wordpress.org/trunk@23554 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-01 16:28:40 +00:00
Ryan Boren
cc5ed3a485 Change all core API to expect unslashed rather than slashed arguments.
The exceptions to this are update_post_meta() and add_post_meta() which are often used by plugins in POST handlers and will continue accepting slashed data for now.

Introduce wp_upate_post_meta() and wp_add_post_meta() as unslashed alternatives to update_post_meta() and add_post_meta(). These functions could become methods in WP_Post so don't use them too heavily yet.

Remove all escape() calls from wp_xmlrpc_server. Now that core expects unslashed data this is no longer needed.

Remove addslashes(), addslashes_gpc(), add_magic_quotes() calls on data being prepared for handoff to core functions that until now expected slashed data. Adding slashes in no longer necessary.

Introduce wp_unslash() and use to it remove slashes from GPCS data before using it in core API. Almost every instance of stripslashes() in core should now be wp_unslash(). In the future (a release or three) when GPCS is no longer slashed, wp_unslash() will stop stripping slashes and simply return what is passed. At this point wp_unslash() calls can be removed from core.

Introduce wp_slash() for slashing GPCS data. This will also turn into a noop once GPCS is no longer slashed. wp_slash() should almost never be used. It is mainly of use in unit tests.

Plugins should use wp_unslash() on data being passed to core API.

Plugins should no longer slash data being passed to core. So when you get_post() and then wp_insert_post() the post data from get_post() no longer needs addslashes(). Most plugins were not bothering with this. They will magically start doing the right thing. Unfortunately, those few souls who did it properly will now have to avoid calling addslashes() for 3.6 and newer.

Use wp_kses_post() and wp_kses_data(), which expect unslashed data, instead of wp_filter_post_kses() and wp_filter_kses(), which expect slashed data. Filters are no longer passed slashed data.

Remove many no longer necessary calls to $wpdb->escape() and esc_sql().

In wp_get_referer() and wp_get_original_referer(), return unslashed data.

Remove old stripslashes() calls from WP_Widget::update() handlers. These haven't been necessary since WP_Widget.

Switch several queries over to prepare().

Expect something to break.

Props alexkingorg
see #21767


git-svn-id: http://core.svn.wordpress.org/trunk@23416 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-02-14 22:51:06 +00:00
Helen Hou-Sandí
b1f1579604 its <=> it's in documentation, along with a rogue the, The, and looses. props trepmal. fixes #22665.
git-svn-id: http://core.svn.wordpress.org/trunk@23191 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-12-20 15:55:32 +00:00
Dion Hulse
bcbfb232f7 Correct get_home_path() for cases where WordPress is installed in a subdirectory called /wp/, previously it would match on /wp-admin instead of /wp causing an incorrect return path. Props SergeyBiryukov. Fixes #20449
git-svn-id: http://core.svn.wordpress.org/trunk@22800 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-11-21 22:39:59 +00:00
Andrew Nacin
4cbc20ada1 Pass the post date to wp_upload_dir() during sideloads, just as we do uploads. Ensures that sideloaded images make it into the right uploads directory.
props solarisssmoke, fixes #16777.



git-svn-id: http://core.svn.wordpress.org/trunk@22105 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-10-03 18:49:37 +00:00
ryan
2417e42fe5 Improved phpdoc for file.php. Props tommcfarlin. fixes #21328
git-svn-id: http://core.svn.wordpress.org/trunk@21350 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-07-26 15:08:30 +00:00
dd32
509b845abc Make get_home_path() work in more cases by being case insensitive and sanitzing Windows paths. In some cases (such as differing case of hostnames or paths in the site/home options, or when SCRIPT_FILENAME contains forward slashes) the function was failing to return the correct path, and would instead return /. Props to SergeyBiryukov for the initial patch. Fixes #20449 Fixes #10447
git-svn-id: http://core.svn.wordpress.org/trunk@21224 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-07-06 13:54:15 +00:00
nacin
23abe58a59 Rewrite theme-editor.php to use the new WP_Theme API. see #20103.
git-svn-id: http://svn.automattic.com/wordpress/trunk@20313 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-03-29 03:00:38 +00:00
dd32
86577f34ea Fix a small typo.
git-svn-id: http://svn.automattic.com/wordpress/trunk@20070 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-03-02 11:00:51 +00:00
duck_
bb94e702f8 Drop image resizing code from wp_handle_upload(). Fixes #19800.
This code stops wp_handle_upload() from reporting errors when the upload couldn't be moved to its final local and it was a non-JS fallback that is unused.


git-svn-id: http://svn.automattic.com/wordpress/trunk@20019 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-02-28 20:02:43 +00:00
ryan
e3b46b25d3 Lose EOF ?>. Clean up EOF newlines. fixes #12307
git-svn-id: http://svn.automattic.com/wordpress/trunk@19712 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-01-08 17:01:11 +00:00
dd32
e15f5275a8 Fix edge case in get_home_path() where the incorrect path may be returned. Props ptahdunbar. Fixes #18768
git-svn-id: http://svn.automattic.com/wordpress/trunk@19697 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-01-06 13:46:22 +00:00
ryan
340e93324c Remove extraneous spaces. Props kenan3008, dimadin. fixes #19501 #19433
git-svn-id: http://svn.automattic.com/wordpress/trunk@19596 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-12-14 17:36:38 +00:00
ryan
07ff8b216b Use one space, not two, after trailing punctuation. fixes #19537
git-svn-id: http://svn.automattic.com/wordpress/trunk@19593 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-12-13 23:45:31 +00:00
azaozz
331b242bcd Revert [19223] and only stop showing the checkbox, props nacin, see #19174
git-svn-id: http://svn.automattic.com/wordpress/trunk@19225 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-11-08 22:34:09 +00:00
azaozz
623220187a Remove the Resize files checkbox for now (revisit in 3.4), fixes #19174
git-svn-id: http://svn.automattic.com/wordpress/trunk@19223 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-11-08 22:23:40 +00:00
ryan
62afab8db3 Pinking shears
git-svn-id: http://svn.automattic.com/wordpress/trunk@19054 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-10-24 19:13:23 +00:00
markjaquith
37e23be4ed Be more consistent with ERROR: messages. fixes #15887
git-svn-id: http://svn.automattic.com/wordpress/trunk@18841 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-09-30 17:18:35 +00:00
duck_
c1d1590171 Fix typos in documentation (wp-admin/). See #18560.
git-svn-id: http://svn.automattic.com/wordpress/trunk@18632 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-09-03 14:18:10 +00:00
azaozz
9a65f6e237 Fix handling of resizing images after upload, props ocean90, see #18206
git-svn-id: http://svn.automattic.com/wordpress/trunk@18517 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-08-06 21:04:15 +00:00
azaozz
91a8720fff Pluploader take 1, props jacobwg, see #18206
git-svn-id: http://svn.automattic.com/wordpress/trunk@18482 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-07-29 08:59:35 +00:00
ryan
a117773fc8 Typo fix. Props kawauso. fixes #18177
git-svn-id: http://svn.automattic.com/wordpress/trunk@18447 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-07-21 17:46:01 +00:00
markjaquith
029a8d1bef Remove code formatting from uploaded file size error messages, for now. props JohnONolan. fixes #17674
git-svn-id: http://svn.automattic.com/wordpress/trunk@18193 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-06-08 16:27:57 +00:00
nacin
da2732c7de Use wp_remote_retrieve_* helper functions instead of the raw HTTP response array. props aaroncampbell, fixes #17416.
git-svn-id: http://svn.automattic.com/wordpress/trunk@17928 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-05-14 19:45:07 +00:00
westi
80f4e83a8c Introduce WP_MAX_MEMORY_LIMIT constant for the high memory limit we set when image processing and unzipping.
Ensure it is always filterable by plugins as well as configurable in wp-config
Fixes #13847 props hakre


git-svn-id: http://svn.automattic.com/wordpress/trunk@17749 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-04-28 16:25:36 +00:00
dd32
bed23730dc Handle zip error's in PclZip better. PclZip::extract() returns an array on success, 0 on failure. Fixes #17224
git-svn-id: http://svn.automattic.com/wordpress/trunk@17693 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-04-23 14:30:44 +00:00
dd32
9081c7636c Set the mb_string internal encoding to ISO-8859-1 whilst uncompressing archives using PclZip. Fixes 'PCLZIP_ERR_BAD_FORMAT (-10) : Invalid block size' errors on systems utilising mbstring.func_overload. Fixes #15789
git-svn-id: http://svn.automattic.com/wordpress/trunk@17592 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-04-03 12:32:06 +00:00
dd32
5b12ecb83d Be a party-pooper; No more Akismet Dancing upon upgrade; Respect custom WP_CONTENT_DIR for bundled plugins/theme installation; Respect custom WP_CONTENT_DIR/WP_LANG_DIR for Language files when upgrading; Standardise WP_Filesystem path method returns (They're trailing slash'd). Adds an exclusion list to copy_dir() as well as WP_Filesystem_Base::wp_lang_dir(). See #14484 See #11495
git-svn-id: http://svn.automattic.com/wordpress/trunk@17576 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-03-31 13:28:36 +00:00
dd32
00dc7a57d6 First run of introducing Stream-To-File for the WP_HTTP API. Reduces memory consumption during file downloads. Implemented in download_url() for upgraders. Props sivel. See #16236
git-svn-id: http://svn.automattic.com/wordpress/trunk@17555 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-03-25 02:42:20 +00:00
dd32
a83a2842ea Optimisations to WP_Filesystem; Pass known information to called functions. Props aldenta (John Ford) for investigation and patch. See #10913
git-svn-id: http://svn.automattic.com/wordpress/trunk@17525 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-03-22 00:04:15 +00:00
nacin
53d0af84b0 Don't esc_html the default error string. props SergeyBiryukov, fixes #16058.
git-svn-id: http://svn.automattic.com/wordpress/trunk@17200 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-01-01 22:14:42 +00:00
nacin
e5b099a459 Add missing translation for 'Page Template' in the theme editor. props SergeyBiryukov, fixes #15933.
git-svn-id: http://svn.automattic.com/wordpress/trunk@17098 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-12-21 14:58:54 +00:00
westi
1bb4914c3a Allow for the callee of download_url() to specify a different timeout if they want to - maybe they don't want to wait that long.
git-svn-id: http://svn.automattic.com/wordpress/trunk@16763 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-12-07 12:45:24 +00:00
nacin
5021403b9d Add 'Visual Editor RTL Stylesheet' to the list of theme file descriptions. see #15672.
git-svn-id: http://svn.automattic.com/wordpress/trunk@16717 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-12-04 04:22:48 +00:00
markjaquith
ad6e83136d Improve the wording of the file upload security message. props janeforshort. fixes #13550
git-svn-id: http://svn.automattic.com/wordpress/trunk@16577 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-24 20:45:21 +00:00
ryan
847499e531 Pinking shears
git-svn-id: http://svn.automattic.com/wordpress/trunk@16438 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-17 18:47:34 +00:00
nacin
d81d7b7f4a Some escaping
git-svn-id: http://svn.automattic.com/wordpress/trunk@16366 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-14 17:33:16 +00:00
markjaquith
fc6e89da45 Expand submit_button() capabilities. Replace all (or almost all) manual HTML instances in WP. props sbressler. see #15064
git-svn-id: http://svn.automattic.com/wordpress/trunk@16061 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-10-28 21:56:43 +00:00
nacin
82b1349664 Docs for wp-admin/includes/file.php. props sivel, see #14783.
git-svn-id: http://svn.automattic.com/wordpress/trunk@16024 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-10-27 22:24:06 +00:00
nacin
1dee100f3a Fix typo. props mrmist, fixes #14571.
git-svn-id: http://svn.automattic.com/wordpress/trunk@15593 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-09-07 15:11:43 +00:00
dd32
fe5e3d0fb6 Do not check to see if parents of folders outside of the Destination folder exist within the Archive extractors, unzip_file() will take care of that area. Fixes #13741
git-svn-id: http://svn.automattic.com/wordpress/trunk@15156 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-06-07 11:19:51 +00:00
nacin
3ba9fc235c More request_filesystem_credentials() string improvements.
git-svn-id: http://svn.automattic.com/wordpress/trunk@15130 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-06-03 18:58:41 +00:00
nacin
80437ca9e1 Add missing spaces.
git-svn-id: http://svn.automattic.com/wordpress/trunk@15099 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-06-01 21:57:26 +00:00
nacin
09c448f63e Clarify the connection information requested in request_filesystem_credentials() to reduce confusion surrounding FTP information versus your WordPress login. see #13467, props jane.
git-svn-id: http://svn.automattic.com/wordpress/trunk@15098 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-06-01 20:35:59 +00:00