The exceptions to this are update_post_meta() and add_post_meta() which are often used by plugins in POST handlers and will continue accepting slashed data for now.
Introduce wp_upate_post_meta() and wp_add_post_meta() as unslashed alternatives to update_post_meta() and add_post_meta(). These functions could become methods in WP_Post so don't use them too heavily yet.
Remove all escape() calls from wp_xmlrpc_server. Now that core expects unslashed data this is no longer needed.
Remove addslashes(), addslashes_gpc(), add_magic_quotes() calls on data being prepared for handoff to core functions that until now expected slashed data. Adding slashes in no longer necessary.
Introduce wp_unslash() and use to it remove slashes from GPCS data before using it in core API. Almost every instance of stripslashes() in core should now be wp_unslash(). In the future (a release or three) when GPCS is no longer slashed, wp_unslash() will stop stripping slashes and simply return what is passed. At this point wp_unslash() calls can be removed from core.
Introduce wp_slash() for slashing GPCS data. This will also turn into a noop once GPCS is no longer slashed. wp_slash() should almost never be used. It is mainly of use in unit tests.
Plugins should use wp_unslash() on data being passed to core API.
Plugins should no longer slash data being passed to core. So when you get_post() and then wp_insert_post() the post data from get_post() no longer needs addslashes(). Most plugins were not bothering with this. They will magically start doing the right thing. Unfortunately, those few souls who did it properly will now have to avoid calling addslashes() for 3.6 and newer.
Use wp_kses_post() and wp_kses_data(), which expect unslashed data, instead of wp_filter_post_kses() and wp_filter_kses(), which expect slashed data. Filters are no longer passed slashed data.
Remove many no longer necessary calls to $wpdb->escape() and esc_sql().
In wp_get_referer() and wp_get_original_referer(), return unslashed data.
Remove old stripslashes() calls from WP_Widget::update() handlers. These haven't been necessary since WP_Widget.
Switch several queries over to prepare().
Expect something to break.
Props alexkingorg
see #21767
git-svn-id: https://develop.svn.wordpress.org/trunk@23416 602fd350-edb4-49c9-b593-d223f7449a82
In WP_Image_Editor_GD::test(), check for existence of imagerotate if the rotate capability is required.
Props DH-Shredder
fixes#22597
git-svn-id: https://develop.svn.wordpress.org/trunk@22863 602fd350-edb4-49c9-b593-d223f7449a82
* Have wp_get_image_editor() rather than WP_Image_Editor::get_instance(). Having static factory methods would be less confusing if there weren't also static methods tied to individual editor implementations.
* Lazy-load the WP_Image_Editor base class and editor implementations.
* Have WP_Image_Editor_GD::supports_mime_type() actually check which types it supports.
* Deprecate gd_edit_image_support() in favor of wp_image_editor_supports().
props DH-Shredder, scribu, markoheijnen. fixes#22356. see #6821.
git-svn-id: https://develop.svn.wordpress.org/trunk@22817 602fd350-edb4-49c9-b593-d223f7449a82
* Make test() and supports_mime_type() static.
* Add required_methods argument to get_instance(). Allows requesting an implementation that has certain methods/capabilities.
* Whitespace cleanup
Props markoheijnen
see #6821
git-svn-id: https://develop.svn.wordpress.org/trunk@22510 602fd350-edb4-49c9-b593-d223f7449a82
* When passing an attachment ID to wp_crop_image(), use load_image_to_edit() to fetch the image via a url fopen when the image does not exist in the filesystem.
* Move load_image_to_edit() to wp-admin/includes/image.php so that it is always available for admin pages loads.
* Fallback to the height and width stored in the attachment meta when the image no longer exists in the filesystem.
see #19840
git-svn-id: https://develop.svn.wordpress.org/trunk@20384 602fd350-edb4-49c9-b593-d223f7449a82
Mark Jaquith
Ryan Boren
Andrew Nacin
Daryl Koopersmith
Peter Westwood
Dion Hulse
Andrew Ozz