Commit Graph

325 Commits

Author SHA1 Message Date
Andrew Nacin 12882f9848 Ensure the referer functions operate completely on unslashed data: wp_referer_field(), wp_original_referer_field(), wp_get_referer(), wp_get_original_referer().
Use wp_slash() instead of addslashes().

see #21767.



git-svn-id: https://develop.svn.wordpress.org/trunk@23578 602fd350-edb4-49c9-b593-d223f7449a82
2013-03-01 17:58:43 +00:00
Ryan Boren 436b32ef62 Use wp_unslash() instead of stripslashes() and stripslashes_deep(). Use wp_slash() instead of add_magic_quotes().
git-svn-id: https://develop.svn.wordpress.org/trunk@23567 602fd350-edb4-49c9-b593-d223f7449a82
2013-03-01 17:14:09 +00:00
Ryan Boren 4088ca8723 Use wp_unslash() instead of stripslashes() and stripslashes_deep(). Use wp_slash() instead of add_magic_quotes().
see #21767


git-svn-id: https://develop.svn.wordpress.org/trunk@23563 602fd350-edb4-49c9-b593-d223f7449a82
2013-03-01 17:00:25 +00:00
Ryan Boren c363aea627 Revert 23416, 23419, 23445 except for wp_reset_vars() changes. We are going a different direction with the slashing cleanup, so resetting to a clean slate. see #21767
git-svn-id: https://develop.svn.wordpress.org/trunk@23554 602fd350-edb4-49c9-b593-d223f7449a82
2013-03-01 16:28:40 +00:00
Ryan Boren a6c8efadb9 Change all core API to expect unslashed rather than slashed arguments.
The exceptions to this are update_post_meta() and add_post_meta() which are often used by plugins in POST handlers and will continue accepting slashed data for now.

Introduce wp_upate_post_meta() and wp_add_post_meta() as unslashed alternatives to update_post_meta() and add_post_meta(). These functions could become methods in WP_Post so don't use them too heavily yet.

Remove all escape() calls from wp_xmlrpc_server. Now that core expects unslashed data this is no longer needed.

Remove addslashes(), addslashes_gpc(), add_magic_quotes() calls on data being prepared for handoff to core functions that until now expected slashed data. Adding slashes in no longer necessary.

Introduce wp_unslash() and use to it remove slashes from GPCS data before using it in core API. Almost every instance of stripslashes() in core should now be wp_unslash(). In the future (a release or three) when GPCS is no longer slashed, wp_unslash() will stop stripping slashes and simply return what is passed. At this point wp_unslash() calls can be removed from core.

Introduce wp_slash() for slashing GPCS data. This will also turn into a noop once GPCS is no longer slashed. wp_slash() should almost never be used. It is mainly of use in unit tests.

Plugins should use wp_unslash() on data being passed to core API.

Plugins should no longer slash data being passed to core. So when you get_post() and then wp_insert_post() the post data from get_post() no longer needs addslashes(). Most plugins were not bothering with this. They will magically start doing the right thing. Unfortunately, those few souls who did it properly will now have to avoid calling addslashes() for 3.6 and newer.

Use wp_kses_post() and wp_kses_data(), which expect unslashed data, instead of wp_filter_post_kses() and wp_filter_kses(), which expect slashed data. Filters are no longer passed slashed data.

Remove many no longer necessary calls to $wpdb->escape() and esc_sql().

In wp_get_referer() and wp_get_original_referer(), return unslashed data.

Remove old stripslashes() calls from WP_Widget::update() handlers. These haven't been necessary since WP_Widget.

Switch several queries over to prepare().

Expect something to break.

Props alexkingorg
see #21767


git-svn-id: https://develop.svn.wordpress.org/trunk@23416 602fd350-edb4-49c9-b593-d223f7449a82
2013-02-14 22:51:06 +00:00
Ryan Boren 323143dedd Improve the contextual help for the comment bubble in the 'In Response To' column. Props lessbloat. fixes #19788
git-svn-id: https://develop.svn.wordpress.org/trunk@22275 602fd350-edb4-49c9-b593-d223f7449a82
2012-10-23 13:37:18 +00:00
Andrew Nacin de9b7f6ec2 Convert a bulleted list to paragraphs in the Moderating Comments help tab. props pavelevap, see #19788.
git-svn-id: https://develop.svn.wordpress.org/trunk@19806 602fd350-edb4-49c9-b593-d223f7449a82
2012-02-01 14:45:19 +00:00
Ryan Boren ae0d5be06c Best practice, use wp_safe_redirect() when dealing with referrers. Props nacin.
git-svn-id: https://develop.svn.wordpress.org/trunk@19579 602fd350-edb4-49c9-b593-d223f7449a82
2011-12-10 18:26:48 +00:00
Ryan Boren 6610e321e7 Pinking shears
git-svn-id: https://develop.svn.wordpress.org/trunk@19528 602fd350-edb4-49c9-b593-d223f7449a82
2011-12-01 04:51:35 +00:00
Andrew Nacin bc0f0de8a0 Help tweaks for comments, media, edit.php, update-core.php. props jane, see #19020.
git-svn-id: https://develop.svn.wordpress.org/trunk@19511 602fd350-edb4-49c9-b593-d223f7449a82
2011-12-01 01:33:26 +00:00
Ryan Boren 4ae0813953 Help tabs. Props chexee. see #19020
git-svn-id: https://develop.svn.wordpress.org/trunk@19445 602fd350-edb4-49c9-b593-d223f7449a82
2011-11-24 00:21:39 +00:00
Andrew Nacin 33ee9a7d04 s/add_help_sidebar/set_help_sidebar/g and introduce screen->remove_help_tab($id) and screen->remove_help_tabs(). see #19020, #18785.
git-svn-id: https://develop.svn.wordpress.org/trunk@19119 602fd350-edb4-49c9-b593-d223f7449a82
2011-11-02 20:14:10 +00:00
Ryan Boren db63861af8 Use add_help_sidebar(). see #19020
git-svn-id: https://develop.svn.wordpress.org/trunk@19111 602fd350-edb4-49c9-b593-d223f7449a82
2011-11-02 03:12:37 +00:00
Andrew Nacin 2efff75050 Revert [18861], [18862], [18864], [18874], [18879], and [18880]. see #18785.
git-svn-id: https://develop.svn.wordpress.org/trunk@18911 602fd350-edb4-49c9-b593-d223f7449a82
2011-10-07 04:57:12 +00:00
Andrew Ozz 98554b4bb6 Use add_option() method, introduce add_option_context() method for adding specific text above the screen options, see #18690
git-svn-id: https://develop.svn.wordpress.org/trunk@18867 602fd350-edb4-49c9-b593-d223f7449a82
2011-10-03 04:00:57 +00:00
Andrew Ozz d0d3855285 Add screen_options with contextual content, see #18690
git-svn-id: https://develop.svn.wordpress.org/trunk@18864 602fd350-edb4-49c9-b593-d223f7449a82
2011-10-02 06:59:36 +00:00
Peter Westwood 7fa99c4253 Help Tab text updatates. Fixes #17312 prop dougwrites.
git-svn-id: https://develop.svn.wordpress.org/trunk@18092 602fd350-edb4-49c9-b593-d223f7449a82
2011-06-01 15:37:04 +00:00
Ryan Boren 376b0a0477 Fix broken help link. Props SergeyBiryukov. fixes #17265
git-svn-id: https://develop.svn.wordpress.org/trunk@17919 602fd350-edb4-49c9-b593-d223f7449a82
2011-05-13 19:08:09 +00:00
Mark Jaquith 4f8b646e03 Centralize pagination bound exceeding redirects for list tables. props garyc40. props johnjamesjacoby. fixes #16208
git-svn-id: https://develop.svn.wordpress.org/trunk@17900 602fd350-edb4-49c9-b593-d223f7449a82
2011-05-12 06:09:42 +00:00
Andrew Nacin f504e221e1 Switch from Panel/SubPanel to Screen in inline documentation and Codex links. props michaelh, fixes #17265.
git-svn-id: https://develop.svn.wordpress.org/trunk@17748 602fd350-edb4-49c9-b593-d223f7449a82
2011-04-28 15:24:49 +00:00
Ryan Boren 2d0150b6de From post back to get. Props SergeyBiryukov. fixes #16335
git-svn-id: https://develop.svn.wordpress.org/trunk@17345 602fd350-edb4-49c9-b593-d223f7449a82
2011-01-22 01:31:21 +00:00
Andrew Nacin 2b4674a3b4 Remove AJAX from list tables. first pass. see #16262.
git-svn-id: https://develop.svn.wordpress.org/trunk@17322 602fd350-edb4-49c9-b593-d223f7449a82
2011-01-16 21:47:24 +00:00
Andrew Nacin 71b24d4577 Revert [17270], [17273], see #16166, see #16262.
git-svn-id: https://develop.svn.wordpress.org/trunk@17321 602fd350-edb4-49c9-b593-d223f7449a82
2011-01-16 21:34:38 +00:00
Peter Westwood 59ed14ce74 Switch back to GET from REQUEST for these so the non js searches work again. See #14927
git-svn-id: https://develop.svn.wordpress.org/trunk@17307 602fd350-edb4-49c9-b593-d223f7449a82
2011-01-15 02:03:46 +00:00
Andrew Nacin 19122c3516 Keep sorting and paging for bulk actions. props garyc40, see #16166.
git-svn-id: https://develop.svn.wordpress.org/trunk@17270 602fd350-edb4-49c9-b593-d223f7449a82
2011-01-12 17:06:33 +00:00
Andrew Nacin de8fda19e3 Validation fixes. props ocean90, fixes #15287.
git-svn-id: https://develop.svn.wordpress.org/trunk@17129 602fd350-edb4-49c9-b593-d223f7449a82
2010-12-24 14:19:41 +00:00
scribu 0f40bb19cd Introduce WP_List_Table::search_box(). See #15353
git-svn-id: https://develop.svn.wordpress.org/trunk@17006 602fd350-edb4-49c9-b593-d223f7449a82
2010-12-16 20:45:10 +00:00
Andrew Nacin afecafe7ab Remove check_permissions() calls outside of AJAX context. Also only check for switch_themes in check_permissions() for the themes table. see #15326.
git-svn-id: https://develop.svn.wordpress.org/trunk@16990 602fd350-edb4-49c9-b593-d223f7449a82
2010-12-16 08:43:22 +00:00
Ryan Boren 6dc2d07bc4 Pink trailing whites.
git-svn-id: https://develop.svn.wordpress.org/trunk@16900 602fd350-edb4-49c9-b593-d223f7449a82
2010-12-13 21:21:50 +00:00
scribu 3f5f212ffb Don't show search box if there are no items available. See #15353
git-svn-id: https://develop.svn.wordpress.org/trunk@16868 602fd350-edb4-49c9-b593-d223f7449a82
2010-12-10 20:22:34 +00:00
scribu 13055dfc1a Remove unnecessary comments. See #15416
git-svn-id: https://develop.svn.wordpress.org/trunk@16856 602fd350-edb4-49c9-b593-d223f7449a82
2010-12-10 08:55:17 +00:00
scribu 70e3fbe1e8 Redirect to correct page after bulk action for posts and comments. Props garyc40. Fixes #15416
git-svn-id: https://develop.svn.wordpress.org/trunk@16855 602fd350-edb4-49c9-b593-d223f7449a82
2010-12-10 08:49:16 +00:00
scribu 9f5043b6dc Link post title on comments for a single post screen. Fixes #15609
git-svn-id: https://develop.svn.wordpress.org/trunk@16619 602fd350-edb4-49c9-b593-d223f7449a82
2010-11-29 21:23:20 +00:00
scribu 907353550e Get rid of in favor of . Fixes #15607. See #15580
git-svn-id: https://develop.svn.wordpress.org/trunk@16617 602fd350-edb4-49c9-b593-d223f7449a82
2010-11-29 20:15:04 +00:00
scribu ca6171333d Prevent WSOD when no comments selected for bulk action. See #15572
git-svn-id: https://develop.svn.wordpress.org/trunk@16580 602fd350-edb4-49c9-b593-d223f7449a82
2010-11-25 02:05:52 +00:00
Ryan Boren 4b33a0e9c4 Pinking shears
git-svn-id: https://develop.svn.wordpress.org/trunk@16438 602fd350-edb4-49c9-b593-d223f7449a82
2010-11-17 18:47:34 +00:00
Ryan Boren e559ab58a3 Whitespace cleanup in contextual help. Props markmcwilliams. see #15346
git-svn-id: https://develop.svn.wordpress.org/trunk@16333 602fd350-edb4-49c9-b593-d223f7449a82
2010-11-12 20:22:12 +00:00
Ryan Boren 2ac45785a3 Contextual help updates. Props dougwrites. see #15346
git-svn-id: https://develop.svn.wordpress.org/trunk@16326 602fd350-edb4-49c9-b593-d223f7449a82
2010-11-12 15:03:34 +00:00
Peter Westwood 85952766d3 Extra cap checks. See #15326.
git-svn-id: https://develop.svn.wordpress.org/trunk@16222 602fd350-edb4-49c9-b593-d223f7449a82
2010-11-06 10:07:35 +00:00
Peter Westwood 817aa1975c Revert [16171] and [16172] - The class names were fine as they were and the MultiSite classes stand out more with the original naming.
git-svn-id: https://develop.svn.wordpress.org/trunk@16175 602fd350-edb4-49c9-b593-d223f7449a82
2010-11-04 08:07:03 +00:00
scribu d1034ad0d3 complete the renaming. props ocean90. See #14579
git-svn-id: https://develop.svn.wordpress.org/trunk@16172 602fd350-edb4-49c9-b593-d223f7449a82
2010-11-03 22:06:45 +00:00
Peter Westwood c4633bbd54 The big renaming of the list-table class files.
See #14579

git-svn-id: https://develop.svn.wordpress.org/trunk@16128 602fd350-edb4-49c9-b593-d223f7449a82
2010-11-01 09:19:50 +00:00
scribu 9142cadca4 Move no_items logic to WP_Comments_Table. See #14579
git-svn-id: https://develop.svn.wordpress.org/trunk@16108 602fd350-edb4-49c9-b593-d223f7449a82
2010-10-31 01:17:00 +00:00
Mark Jaquith d65cdf4ba8 Expand submit_button() capabilities. Replace all (or almost all) manual HTML instances in WP. props sbressler. see #15064
git-svn-id: https://develop.svn.wordpress.org/trunk@16061 602fd350-edb4-49c9-b593-d223f7449a82
2010-10-28 21:56:43 +00:00
Andrew Nacin 49589001bb Commit the rest of [15955]. see #14579.
git-svn-id: https://develop.svn.wordpress.org/trunk@15956 602fd350-edb4-49c9-b593-d223f7449a82
2010-10-25 02:58:25 +00:00
Ryan Boren 9ee8b20f30 First pass of user admin. Network admin and screen cleanups. see #14696
git-svn-id: https://develop.svn.wordpress.org/trunk@15746 602fd350-edb4-49c9-b593-d223f7449a82
2010-10-07 19:34:18 +00:00
Dion Hulse 57af0bf212 Use the correct variable names, Fixes "Empty Spam" comments & "Approve" link. Add a clear to push "No comments found." into place. Fixes #14964
git-svn-id: https://develop.svn.wordpress.org/trunk@15666 602fd350-edb4-49c9-b593-d223f7449a82
2010-09-26 10:02:23 +00:00
scribu 728285edbd Introduce WP_List_Table::current_action() and use throughout admin list screens. See #14579
git-svn-id: https://develop.svn.wordpress.org/trunk@15642 602fd350-edb4-49c9-b593-d223f7449a82
2010-09-22 00:10:39 +00:00
scribu b1def7dad8 Introduce 'edit_comment' meta cap. Fixes #14520
git-svn-id: https://develop.svn.wordpress.org/trunk@15596 602fd350-edb4-49c9-b593-d223f7449a82
2010-09-07 23:35:28 +00:00
scribu 25677d588c introduce WP_List_Table::views(). See #14579
git-svn-id: https://develop.svn.wordpress.org/trunk@15578 602fd350-edb4-49c9-b593-d223f7449a82
2010-09-05 21:26:27 +00:00