Commit Graph

306 Commits

Author SHA1 Message Date
Ryan Boren
a6c8efadb9 Change all core API to expect unslashed rather than slashed arguments.
The exceptions to this are update_post_meta() and add_post_meta() which are often used by plugins in POST handlers and will continue accepting slashed data for now.

Introduce wp_upate_post_meta() and wp_add_post_meta() as unslashed alternatives to update_post_meta() and add_post_meta(). These functions could become methods in WP_Post so don't use them too heavily yet.

Remove all escape() calls from wp_xmlrpc_server. Now that core expects unslashed data this is no longer needed.

Remove addslashes(), addslashes_gpc(), add_magic_quotes() calls on data being prepared for handoff to core functions that until now expected slashed data. Adding slashes in no longer necessary.

Introduce wp_unslash() and use to it remove slashes from GPCS data before using it in core API. Almost every instance of stripslashes() in core should now be wp_unslash(). In the future (a release or three) when GPCS is no longer slashed, wp_unslash() will stop stripping slashes and simply return what is passed. At this point wp_unslash() calls can be removed from core.

Introduce wp_slash() for slashing GPCS data. This will also turn into a noop once GPCS is no longer slashed. wp_slash() should almost never be used. It is mainly of use in unit tests.

Plugins should use wp_unslash() on data being passed to core API.

Plugins should no longer slash data being passed to core. So when you get_post() and then wp_insert_post() the post data from get_post() no longer needs addslashes(). Most plugins were not bothering with this. They will magically start doing the right thing. Unfortunately, those few souls who did it properly will now have to avoid calling addslashes() for 3.6 and newer.

Use wp_kses_post() and wp_kses_data(), which expect unslashed data, instead of wp_filter_post_kses() and wp_filter_kses(), which expect slashed data. Filters are no longer passed slashed data.

Remove many no longer necessary calls to $wpdb->escape() and esc_sql().

In wp_get_referer() and wp_get_original_referer(), return unslashed data.

Remove old stripslashes() calls from WP_Widget::update() handlers. These haven't been necessary since WP_Widget.

Switch several queries over to prepare().

Expect something to break.

Props alexkingorg
see #21767


git-svn-id: https://develop.svn.wordpress.org/trunk@23416 602fd350-edb4-49c9-b593-d223f7449a82
2013-02-14 22:51:06 +00:00
Sergey Biryukov
b0e067cd0a Simplify the logic for printing "Lost your password?" link. props ktdreyer. fixes #16498.
git-svn-id: https://develop.svn.wordpress.org/trunk@23336 602fd350-edb4-49c9-b593-d223f7449a82
2013-01-23 02:08:44 +00:00
Ryan Boren
c53137f535 Scope button classes so they can be used on the frontend without interfering with theme styles.
Props helenyhou, koopersmith
fixes #22644


git-svn-id: https://develop.svn.wordpress.org/trunk@22948 602fd350-edb4-49c9-b593-d223f7449a82
2012-11-30 13:40:59 +00:00
Andrew Nacin
aeabe30d20 Revert type="email" on the registration form to avoid validation issues. see #22183.
git-svn-id: https://develop.svn.wordpress.org/trunk@22413 602fd350-edb4-49c9-b593-d223f7449a82
2012-11-07 07:47:52 +00:00
Andrew Ozz
108c09fdd3 Buttons: slightly bolder :focus styles, make the "Log In" button '.button-large', props lessbloat, see #21598
git-svn-id: https://develop.svn.wordpress.org/trunk@22288 602fd350-edb4-49c9-b593-d223f7449a82
2012-10-24 01:27:56 +00:00
Ryan Boren
8d5ca186c2 Consolidate some strings. Props pavelevap, SergeyBiryukov. see #21728
git-svn-id: https://develop.svn.wordpress.org/trunk@22124 602fd350-edb4-49c9-b593-d223f7449a82
2012-10-05 19:04:34 +00:00
Andrew Nacin
9d9eb25e2a Add a login_body_class filter to login_header(). fixes #21133.
git-svn-id: https://develop.svn.wordpress.org/trunk@22000 602fd350-edb4-49c9-b593-d223f7449a82
2012-09-25 09:13:06 +00:00
Andrew Nacin
774a12be83 Introduce constants to allow for easier expression of time periods in seconds. Adds MINUTE_IN_SECONDS, HOUR_IN_SECONDS, DAY_IN_SECONDS, WEEK_IN_SECONDS, YEAR_IN_SECONDS. props nbachiyski, SergeyBiryukov. fixes #20987.
git-svn-id: https://develop.svn.wordpress.org/trunk@21996 602fd350-edb4-49c9-b593-d223f7449a82
2012-09-25 05:26:19 +00:00
Peter Westwood
588886c634 Passwords: Make it possible for plugins to enforce extra password strength / validity rules during the reset process.
Adds a filter in the password reset process so that a plugin can enforce particular password rules on users to compliment the existing filtering in the Profile modification process.
Fixes #21778.


git-svn-id: https://develop.svn.wordpress.org/trunk@21923 602fd350-edb4-49c9-b593-d223f7449a82
2012-09-20 11:01:29 +00:00
Andrew Nacin
ee88036c08 Use network_site_url() for wp-signup.php. props markjaquith. see #19796.
git-svn-id: https://develop.svn.wordpress.org/trunk@21813 602fd350-edb4-49c9-b593-d223f7449a82
2012-09-11 12:27:25 +00:00
Ryan Boren
92ea34f6a2 Use set_url_scheme(). Props johnbillion, MarcusPope. see #19037 #20759
git-svn-id: https://develop.svn.wordpress.org/trunk@21664 602fd350-edb4-49c9-b593-d223f7449a82
2012-08-30 13:33:00 +00:00
Ryan Boren
a6015df392 Use admin_url() instead of get_edit_user_link() in wp-login.php since cookies are not yet set. Props SergeyBiryukov. fixes #14787
git-svn-id: https://develop.svn.wordpress.org/trunk@21507 602fd350-edb4-49c9-b593-d223f7449a82
2012-08-14 19:10:37 +00:00
Ryan Boren
d2774833b2 Introduce get_edit_user_link(). Props scribu, georgestephanis, johnbillion. fixes #14787 see #20307
git-svn-id: https://develop.svn.wordpress.org/trunk@21364 602fd350-edb4-49c9-b593-d223f7449a82
2012-07-30 18:30:03 +00:00
Andrew Ozz
6e6b727315 Remove nearly all tabindex attributes from the admin, leaving them only where absolutely necessary (for now that's only the toolbar).
Add tabindex="-1" for the menu images links to avoid double tab stops there when the menu is expanded.

Fix/add auto-focus on the first input fields on the Add/Edit Post, all taxonomy, all edit taxonomy, Log In and Edit Comment screens.

See #21340.

git-svn-id: https://develop.svn.wordpress.org/trunk@21311 602fd350-edb4-49c9-b593-d223f7449a82
2012-07-24 00:15:15 +00:00
Andrew Nacin
de52076568 Only obey the RELOCATE move flag if it evaluates to true. props TomAuger, JustinSainton, fixes #20636.
git-svn-id: https://develop.svn.wordpress.org/trunk@21251 602fd350-edb4-49c9-b593-d223f7449a82
2012-07-09 19:32:09 +00:00
Andrew Nacin
26f8f3e504 Refresh nonces in the customizer. props koopersmith. see #20876.
git-svn-id: https://develop.svn.wordpress.org/trunk@21135 602fd350-edb4-49c9-b593-d223f7449a82
2012-06-26 18:48:18 +00:00
Ryan Boren
ab8deebae3 Customizer: Gravefully handle cookie expipration. Prompt for log in in the preview. Props ocean90, koopersmith, nacin. fixes #20876
git-svn-id: https://develop.svn.wordpress.org/trunk@21031 602fd350-edb4-49c9-b593-d223f7449a82
2012-06-08 19:22:11 +00:00
Andrew Nacin
90e5ed949b When auth_redirect() detects a logged out user and the target
page was about.php?updated, then issue a message welcoming them.

This is to prevent it from being so jolting if you are taken to
the login screen after an update.

In WordPress 3.4, the changes to wp_salt() provide for extra
security, but will cause a log-out for any installs without 8
unique keys and salts in wp-config.php (with some exceptions).
Properly re-issuing cookies, even for the logged in user, is
not easily doable via admin/includes/update-core.php, as that
file is included long after the headers are sent.

see #19599.



git-svn-id: https://develop.svn.wordpress.org/trunk@20887 602fd350-edb4-49c9-b593-d223f7449a82
2012-05-24 21:22:09 +00:00
Andrew Ozz
c148fb4eb5 Move mobile devices CSS from wp-login.php to wp-admin.css, props SergeyBiryukov, fixes #19673
git-svn-id: https://develop.svn.wordpress.org/trunk@20430 602fd350-edb4-49c9-b593-d223f7449a82
2012-04-11 01:45:01 +00:00
Andrew Ozz
bce0d37a67 Introduce wp_is_mobile() and use it instead of $is_iphone global, see #20014
git-svn-id: https://develop.svn.wordpress.org/trunk@20417 602fd350-edb4-49c9-b593-d223f7449a82
2012-04-10 01:19:30 +00:00
Ryan Boren
ee5aae19ef Set post password cookies via an action in wp-login.php. Retire wp-pass.php (one less root file). Obey login ssl preferences for post password form submission. Props SergeyBiryukov. fixes #19798
git-svn-id: https://develop.svn.wordpress.org/trunk@19925 602fd350-edb4-49c9-b593-d223f7449a82
2012-02-14 18:29:22 +00:00
Andrew Nacin
ef9ea32a3a Translate http://wordpress.org/ for the wp-login.php header image URL. Clean up. props zeo, fixes #19364.
git-svn-id: https://develop.svn.wordpress.org/trunk@19783 602fd350-edb4-49c9-b593-d223f7449a82
2012-01-29 18:47:41 +00:00
Ryan Boren
2b186b0c45 Lose EOF ?>. Clean up EOF newlines. fixes #12307
git-svn-id: https://develop.svn.wordpress.org/trunk@19712 602fd350-edb4-49c9-b593-d223f7449a82
2012-01-08 17:01:11 +00:00
Andrew Nacin
723ed39622 Use home URL, not siteurl, in the password reset email. fixes #19767.
git-svn-id: https://develop.svn.wordpress.org/trunk@19705 602fd350-edb4-49c9-b593-d223f7449a82
2012-01-07 18:54:08 +00:00
Jon Cave
760471a9a8 Fix mistakes in parameter documentation and add some missing param docs. See #19756.
git-svn-id: https://develop.svn.wordpress.org/trunk@19702 602fd350-edb4-49c9-b593-d223f7449a82
2012-01-06 18:31:43 +00:00
Ryan Boren
a8d77cbae9 User lowercase true, false, null instead of uppercase. Props c3mdigital, mfields. fixes #16302
git-svn-id: https://develop.svn.wordpress.org/trunk@19687 602fd350-edb4-49c9-b593-d223f7449a82
2012-01-05 20:50:54 +00:00
Ryan Boren
676ba7043e Use one space, not two, after trailing punctuation. fixes #19537
git-svn-id: https://develop.svn.wordpress.org/trunk@19593 602fd350-edb4-49c9-b593-d223f7449a82
2011-12-13 23:45:31 +00:00
Andrew Ozz
a7170b0b03 Align login box, messages, navigation links and header image on the login screen, props SergeyBiryukov and helenyhou, fixes #19331
git-svn-id: https://develop.svn.wordpress.org/trunk@19414 602fd350-edb4-49c9-b593-d223f7449a82
2011-11-23 07:03:00 +00:00
Ryan Boren
80ee709653 Introduce wp_no_robots(). Call it for pages that should never be indexed, regardless of blog privacy settings. Props nacin. fixes #19251
git-svn-id: https://develop.svn.wordpress.org/trunk@19304 602fd350-edb4-49c9-b593-d223f7449a82
2011-11-15 20:44:48 +00:00
Andrew Nacin
4ccbc50051 Use wp_login_url() where possible in wp-login.php. props ramiy for initial patch. Escape with a tin foil hat. fixes #19199.
git-svn-id: https://develop.svn.wordpress.org/trunk@19281 602fd350-edb4-49c9-b593-d223f7449a82
2011-11-14 21:08:33 +00:00
Andrew Nacin
fc9fcf176e Add 'for' attributes to labels in wp-login.php for extra accessibility. props ppaire, fixes #19178.
git-svn-id: https://develop.svn.wordpress.org/trunk@19189 602fd350-edb4-49c9-b593-d223f7449a82
2011-11-06 20:03:30 +00:00
Andrew Nacin
d0115d9821 Remove CSS for interim-login. see #19120.
git-svn-id: https://develop.svn.wordpress.org/trunk@19124 602fd350-edb4-49c9-b593-d223f7449a82
2011-11-02 22:47:21 +00:00
Ryan Boren
a8973fb429 Avoid warning when user_login not in POST. Props ampt. fixes #18755
git-svn-id: https://develop.svn.wordpress.org/trunk@19056 602fd350-edb4-49c9-b593-d223f7449a82
2011-10-24 21:31:30 +00:00
Andrew Nacin
1287ec492a Translated strings in attributes require esc_attr(). s/_e/esc_attr_e/g
git-svn-id: https://develop.svn.wordpress.org/trunk@19028 602fd350-edb4-49c9-b593-d223f7449a82
2011-10-20 15:04:46 +00:00
Andrew Nacin
6355548ea2 Use wp_lostpassword_url() instead of site_url(wp-login...). Update wp_lostpassword_url() to use network_site_url(). props markoheijnen, fixes #18808.
git-svn-id: https://develop.svn.wordpress.org/trunk@19027 602fd350-edb4-49c9-b593-d223f7449a82
2011-10-20 14:40:11 +00:00
Andrew Nacin
5244f8f5e3 Use input type=email on wp-login registration. props scottconnerly, fixes #18761.
git-svn-id: https://develop.svn.wordpress.org/trunk@18763 602fd350-edb4-49c9-b593-d223f7449a82
2011-09-23 22:48:45 +00:00
Andrew Ozz
dde77fd41b Merge most admin css files, first run, see #18314
git-svn-id: https://develop.svn.wordpress.org/trunk@18577 602fd350-edb4-49c9-b593-d223f7449a82
2011-08-21 03:46:43 +00:00
Ryan Boren
eda7d43e85 Deprecate get_userdatabylogin() and get_user_by_email(). Props scribu. fixes #18333
git-svn-id: https://develop.svn.wordpress.org/trunk@18513 602fd350-edb4-49c9-b593-d223f7449a82
2011-08-05 16:57:31 +00:00
Ryan Boren
8eea785bcb Add magic get/set/isset methods to WP_User to avoid data duplication. Standardize on WP_User::ID. Props scribu. see #15458
git-svn-id: https://develop.svn.wordpress.org/trunk@18504 602fd350-edb4-49c9-b593-d223f7449a82
2011-08-04 03:09:27 +00:00
Andrew Ozz
9bcfc3da39 <!DOCTYPE html> for all, fixes #18202
git-svn-id: https://develop.svn.wordpress.org/trunk@18460 602fd350-edb4-49c9-b593-d223f7449a82
2011-07-22 00:25:41 +00:00
Ryan Boren
a0ae9633d4 Fix handing of super admins that don't have a blog in get_dashboard_url() and login. Props nacin. fixes #17829
git-svn-id: https://develop.svn.wordpress.org/trunk@18328 602fd350-edb4-49c9-b593-d223f7449a82
2011-06-22 19:45:28 +00:00
Daryl Koopersmith
832e86d2e1 Refresh login form styles to match admin style refresh. Props iammattthomas. see #17324.
git-svn-id: https://develop.svn.wordpress.org/trunk@18223 602fd350-edb4-49c9-b593-d223f7449a82
2011-06-10 02:37:37 +00:00
Andrew Nacin
e436332ba7 Move charset declaration to just inside <head>. props niallkennedy, fixes #17148.
git-svn-id: https://develop.svn.wordpress.org/trunk@18206 602fd350-edb4-49c9-b593-d223f7449a82
2011-06-08 22:22:07 +00:00
Andrew Nacin
1d27654a9b Fix typo in docs.
git-svn-id: https://develop.svn.wordpress.org/trunk@17976 602fd350-edb4-49c9-b593-d223f7449a82
2011-05-20 06:00:45 +00:00
Ryan Boren
0d2dfe033e s/login_form/login_init/. Props sorich87. fixes #17411
git-svn-id: https://develop.svn.wordpress.org/trunk@17918 602fd350-edb4-49c9-b593-d223f7449a82
2011-05-13 18:33:20 +00:00
Ryan Boren
535ced5186 Send X-Frame-Options: SAMEORIGIN for admin and login pages. see #12293
git-svn-id: https://develop.svn.wordpress.org/trunk@17826 602fd350-edb4-49c9-b593-d223f7449a82
2011-05-06 21:28:53 +00:00
Mark Jaquith
0cdc6d2e61 Do not attach wp_enqueue_scripts to login_head. New login_enqueue_scripts hook. props nacin. fixes #16586 for trunk
git-svn-id: https://develop.svn.wordpress.org/trunk@17465 602fd350-edb4-49c9-b593-d223f7449a82
2011-02-18 05:10:58 +00:00
Ryan Boren
900cee7dc9 Use get_dashboard_url() to redirect to the active blog if the user doesn't have access to the current blog. fixes #16297
git-svn-id: https://develop.svn.wordpress.org/trunk@17367 602fd350-edb4-49c9-b593-d223f7449a82
2011-01-26 16:35:04 +00:00
Ryan Boren
e6ef3c9d5a Don't try to redirect to user admin for unpriv users unless a site admin redirect was requested. fixes #16297
git-svn-id: https://develop.svn.wordpress.org/trunk@17351 602fd350-edb4-49c9-b593-d223f7449a82
2011-01-22 18:29:43 +00:00
Andrew Nacin
4ab2d68486 Correct user admin redirection checks, and deny access to the user admin when not running multisite. fixes #16297.
git-svn-id: https://develop.svn.wordpress.org/trunk@17332 602fd350-edb4-49c9-b593-d223f7449a82
2011-01-20 03:04:20 +00:00