Commit Graph

372 Commits

Author SHA1 Message Date
Andrew Nacin
37442d3066 Deprecate wpdb::escape() in favor of wpdb::prepare() and esc_sql(). fixes #24774.
git-svn-id: https://develop.svn.wordpress.org/trunk@24718 602fd350-edb4-49c9-b593-d223f7449a82
2013-07-16 17:44:42 +00:00
Andrew Nacin
3a408ff249 Move get_url_in_content() out of post-formats.php. see #24202.
git-svn-id: https://develop.svn.wordpress.org/trunk@24683 602fd350-edb4-49c9-b593-d223f7449a82
2013-07-12 19:38:37 +00:00
Andrew Nacin
49596ff2c1 Skip protocol checking in esc_url() when we are dealing with a relative URL. Prevents munging of colons in paths and query strings, when present in a protocol-relative URL.
props SergeyBiryukov.
fixes #21974.



git-svn-id: https://develop.svn.wordpress.org/trunk@24642 602fd350-edb4-49c9-b593-d223f7449a82
2013-07-10 13:45:22 +00:00
Andrew Nacin
77238aa5ee Expand human_time_diff() from minutes/hours/days to also include weeks/months/years. Fix off-by-one issue.
props SergeyBiryukov, westi.
fixes #9272.



git-svn-id: https://develop.svn.wordpress.org/trunk@24582 602fd350-edb4-49c9-b593-d223f7449a82
2013-07-08 13:00:34 +00:00
Sergey Biryukov
fbc2a6ca6d PHPDoc fixes and additions. fixes #24616.
git-svn-id: https://develop.svn.wordpress.org/trunk@24490 602fd350-edb4-49c9-b593-d223f7449a82
2013-06-21 12:45:11 +00:00
Andrew Nacin
ea92deb1bb Fix storage of illegal_names. Add an upgrade routine to fix bad values.
props SergeyBiryukov.
see #23418.
for trunk.



git-svn-id: https://develop.svn.wordpress.org/trunk@24448 602fd350-edb4-49c9-b593-d223f7449a82
2013-06-19 22:06:42 +00:00
Mark Jaquith
5cd3b7c3ab Improve regular expressions by using a backreference to match right quote of quote pair when matching attributes.
props kovshenin. see #24225.

git-svn-id: https://develop.svn.wordpress.org/trunk@24241 602fd350-edb4-49c9-b593-d223f7449a82
2013-05-10 22:54:33 +00:00
Sergey Biryukov
2b1420456d Fix typos in phpdoc. props TheLastCicada. fixes #24302.
git-svn-id: https://develop.svn.wordpress.org/trunk@24229 602fd350-edb4-49c9-b593-d223f7449a82
2013-05-10 01:39:30 +00:00
Sergey Biryukov
7cf933b2c9 * Pass ellipsis as a parameter to wp_html_excerpt() instead of appending it manually.
* Consolidate the logic to avoid appending ellipsis if the entire string is shown.
* Show ellipsis after truncated filenames and post titles.

props solarissmoke, bpetty, SergeyBiryukov. fixes #11446.

git-svn-id: https://develop.svn.wordpress.org/trunk@24214 602fd350-edb4-49c9-b593-d223f7449a82
2013-05-09 00:22:02 +00:00
Sergey Biryukov
bb2a27be5b Use ellipsis instead of three dots. props tjsingleton, jordie23, wojtek.szkutnik, DrewAPicture, SergeyBiryukov. see #8714.
git-svn-id: https://develop.svn.wordpress.org/trunk@24207 602fd350-edb4-49c9-b593-d223f7449a82
2013-05-08 21:27:31 +00:00
Andrew Nacin
12e7328690 Variables passed by reference do not need to be set first.
props kovshenin.
see #24222.



git-svn-id: https://develop.svn.wordpress.org/trunk@24129 602fd350-edb4-49c9-b593-d223f7449a82
2013-04-29 14:48:31 +00:00
Andrew Nacin
2958875d6c Improve the performance of backslashit() by avoiding regular expressions. backslashit() is used heavily in date_i18n().
props jbutkus.
fixes #22286.



git-svn-id: https://develop.svn.wordpress.org/trunk@24051 602fd350-edb4-49c9-b593-d223f7449a82
2013-04-22 20:01:57 +00:00
Sergey Biryukov
6b040372c1 Remove duplicate array key. props tivnet. fixes #24021.
git-svn-id: https://develop.svn.wordpress.org/trunk@23948 602fd350-edb4-49c9-b593-d223f7449a82
2013-04-10 15:55:53 +00:00
Peter Westwood
6c937208e7 Formatting: Pass the blog charset to htmlspecialchars so that we don't eat non-UTF8 strings in PHP 5.4
Fixes #23688


git-svn-id: https://develop.svn.wordpress.org/trunk@23685 602fd350-edb4-49c9-b593-d223f7449a82
2013-03-13 15:24:38 +00:00
Andrew Nacin
ddb81178b7 Properly handle timezones in get_date_from_gmt() rather than relying on the implicit gmt_offset. This offset is only good for the current time, rather than the passed time, which causes problems when converting a DST date when DST is not in effect, or vice versa.
Update get_gmt_from_date() to make these functions match in formatting, as they are complementary and just reverse a few operations.

props scholesmafia
Tests: [1233/tests]

fixes #20328.



git-svn-id: https://develop.svn.wordpress.org/trunk@23618 602fd350-edb4-49c9-b593-d223f7449a82
2013-03-05 16:14:14 +00:00
Ryan Boren
b78520da15 Use wp_unslash() instead of stripslashes() and stripslashes_deep(). Use wp_slash() instead of add_magic_quotes().
see #WP21767


git-svn-id: https://develop.svn.wordpress.org/trunk@23591 602fd350-edb4-49c9-b593-d223f7449a82
2013-03-03 16:30:38 +00:00
Ryan Boren
85782c3e39 Introduce wp_slash() and wp_unslash(). This will be used to cleanup the myriad calls to addslashes*, add_magic_quotes, stripslashes*. see #21767
git-svn-id: https://develop.svn.wordpress.org/trunk@23555 602fd350-edb4-49c9-b593-d223f7449a82
2013-03-01 16:34:48 +00:00
Ryan Boren
c363aea627 Revert 23416, 23419, 23445 except for wp_reset_vars() changes. We are going a different direction with the slashing cleanup, so resetting to a clean slate. see #21767
git-svn-id: https://develop.svn.wordpress.org/trunk@23554 602fd350-edb4-49c9-b593-d223f7449a82
2013-03-01 16:28:40 +00:00
Andrew Nacin
e1b603bbc3 Move revisions/autosave and post format functions from wp-includes/post.php into revision.php and post-formats.php.
git-svn-id: https://develop.svn.wordpress.org/trunk@23466 602fd350-edb4-49c9-b593-d223f7449a82
2013-02-21 21:24:34 +00:00
Helen Hou-Sandi
351438ebe1 Output fallbacks / theme compat for post format metadata.
* Currently handles link, quote, image, gallery, audio, and video formats.
* `add_theme_support()` for a given post format is now an indicator that the theme handles format-specific metadata.
* If no support for a given format is defined, fallback output will be generated and hooked onto the_content if a post has metadata for that format.
* Fallbacks attempt to be smart about not duplicating data already appearing in the post content itself. Gallery is particularly liberal, looking for any instance of the gallery shortcode in the content, not just an exact match to the gallery shortcode defined in the format-specific meta.
* Compat output defaults to being wrapped in a `div` with a class of `post-format-content`.

Theme authors: please test and evaluate, keeping in mind that the goal is to support user expectations of not losing format-specific data they've entered in the admin when viewing the front-end of their site.

props wonderboymusic, beaulebens, helen. see #23347.


git-svn-id: https://develop.svn.wordpress.org/trunk@23450 602fd350-edb4-49c9-b593-d223f7449a82
2013-02-18 19:22:58 +00:00
Sergey Biryukov
2950f848d4 Fix typos in phpdoc. props markmcwilliams. fixes #23481.
git-svn-id: https://develop.svn.wordpress.org/trunk@23434 602fd350-edb4-49c9-b593-d223f7449a82
2013-02-15 18:59:56 +00:00
Ryan Boren
a6c8efadb9 Change all core API to expect unslashed rather than slashed arguments.
The exceptions to this are update_post_meta() and add_post_meta() which are often used by plugins in POST handlers and will continue accepting slashed data for now.

Introduce wp_upate_post_meta() and wp_add_post_meta() as unslashed alternatives to update_post_meta() and add_post_meta(). These functions could become methods in WP_Post so don't use them too heavily yet.

Remove all escape() calls from wp_xmlrpc_server. Now that core expects unslashed data this is no longer needed.

Remove addslashes(), addslashes_gpc(), add_magic_quotes() calls on data being prepared for handoff to core functions that until now expected slashed data. Adding slashes in no longer necessary.

Introduce wp_unslash() and use to it remove slashes from GPCS data before using it in core API. Almost every instance of stripslashes() in core should now be wp_unslash(). In the future (a release or three) when GPCS is no longer slashed, wp_unslash() will stop stripping slashes and simply return what is passed. At this point wp_unslash() calls can be removed from core.

Introduce wp_slash() for slashing GPCS data. This will also turn into a noop once GPCS is no longer slashed. wp_slash() should almost never be used. It is mainly of use in unit tests.

Plugins should use wp_unslash() on data being passed to core API.

Plugins should no longer slash data being passed to core. So when you get_post() and then wp_insert_post() the post data from get_post() no longer needs addslashes(). Most plugins were not bothering with this. They will magically start doing the right thing. Unfortunately, those few souls who did it properly will now have to avoid calling addslashes() for 3.6 and newer.

Use wp_kses_post() and wp_kses_data(), which expect unslashed data, instead of wp_filter_post_kses() and wp_filter_kses(), which expect slashed data. Filters are no longer passed slashed data.

Remove many no longer necessary calls to $wpdb->escape() and esc_sql().

In wp_get_referer() and wp_get_original_referer(), return unslashed data.

Remove old stripslashes() calls from WP_Widget::update() handlers. These haven't been necessary since WP_Widget.

Switch several queries over to prepare().

Expect something to break.

Props alexkingorg
see #21767


git-svn-id: https://develop.svn.wordpress.org/trunk@23416 602fd350-edb4-49c9-b593-d223f7449a82
2013-02-14 22:51:06 +00:00
Sergey Biryukov
ce72d762f8 Correct the documentation for balanceTags(). Remove unnecessary boolean inversion. props TobiasBg. fixes #22537.
git-svn-id: https://develop.svn.wordpress.org/trunk@23368 602fd350-edb4-49c9-b593-d223f7449a82
2013-02-01 22:20:06 +00:00
Sergey Biryukov
78b83d3fc1 PHPDoc fixes and additions. props bananastalktome, DrewAPicture. fixes #23313.
git-svn-id: https://develop.svn.wordpress.org/trunk@23365 602fd350-edb4-49c9-b593-d223f7449a82
2013-02-01 18:07:08 +00:00
Sergey Biryukov
98cbf77a95 Use digraphs for German umlauts in remove_accents(). props SergeyBiryukov, ocean90. fixes #3782.
git-svn-id: https://develop.svn.wordpress.org/trunk@23361 602fd350-edb4-49c9-b593-d223f7449a82
2013-01-31 01:55:09 +00:00
Andrew Ozz
f8a254ec56 Autop: <samp> is not a block tag, props toscho, fixes #18807
git-svn-id: https://develop.svn.wordpress.org/trunk@23327 602fd350-edb4-49c9-b593-d223f7449a82
2013-01-22 19:05:21 +00:00
Andrew Nacin
f0e451a30f Treat URL schemes as case insensitive when sanitizing them in esc_url().
props mdawaffe.
fixes #23187.
tests: [1184/tests]



git-svn-id: https://develop.svn.wordpress.org/trunk@23303 602fd350-edb4-49c9-b593-d223f7449a82
2013-01-17 15:07:32 +00:00
Peter Westwood
d927271553 Tighten our braces. Fixes #23118 props evansolomon.
git-svn-id: https://develop.svn.wordpress.org/trunk@23265 602fd350-edb4-49c9-b593-d223f7449a82
2013-01-04 10:13:51 +00:00
Helen Hou-Sandi
c43802b342 s/Santizes/Sanitizes/ in phpdoc for sanitize_html_class(). props cais. fixes #22890.
git-svn-id: https://develop.svn.wordpress.org/trunk@23189 602fd350-edb4-49c9-b593-d223f7449a82
2012-12-20 15:40:37 +00:00
Andrew Nacin
59bb81f264 Remove additional acute accents from permalink slugs via sanitize_title_with_dashes(). props SergeyBiryukov. fixes #22395.
git-svn-id: https://develop.svn.wordpress.org/trunk@23176 602fd350-edb4-49c9-b593-d223f7449a82
2012-12-13 09:59:28 +00:00
Andrew Nacin
34985fbc7a Revert page on front changes. Reverts [22127] [22129] [22135] [22136]. see #16379.
git-svn-id: https://develop.svn.wordpress.org/trunk@22653 602fd350-edb4-49c9-b593-d223f7449a82
2012-11-19 01:28:32 +00:00
Andrew Nacin
e25ee1e3e6 Avoid an uncaught exception in get_gmt_from_date(). The return value is imperfect - date( $format, 0 ) - but better than a fatal error. props wonderboymusic. fixes #20942.
git-svn-id: https://develop.svn.wordpress.org/trunk@22435 602fd350-edb4-49c9-b593-d223f7449a82
2012-11-07 20:07:41 +00:00
Jon Cave
397efc640f Update shortcode regular expression commentary. See #17657.
git-svn-id: https://develop.svn.wordpress.org/trunk@22401 602fd350-edb4-49c9-b593-d223f7449a82
2012-11-06 14:47:33 +00:00
Ryan Boren
24a69e1602 Allow hyphens in shortcode names.
Props kovshenin, solarissmoke, aaroncampbell
fixes #17657


git-svn-id: https://develop.svn.wordpress.org/trunk@22382 602fd350-edb4-49c9-b593-d223f7449a82
2012-11-05 22:27:36 +00:00
Ryan Boren
d76c931269 Fix wp_basename() for Windows by replacing %5C with /.
Props SergeyBiryukov
fixes #22138


git-svn-id: https://develop.svn.wordpress.org/trunk@22310 602fd350-edb4-49c9-b593-d223f7449a82
2012-10-25 22:31:17 +00:00
Ryan Boren
e033812490 Pass each url in ping_sites through esc_url_raw() upin save. This ensures the urls have a valid protocol and avoids "Unable to parse URL" warning in WP_Http. Props SergeyBiryukov. fixes #21966
git-svn-id: https://develop.svn.wordpress.org/trunk@22255 602fd350-edb4-49c9-b593-d223f7449a82
2012-10-17 17:44:40 +00:00
Andrew Nacin
bbd97dc498 Set show_on_front to 'posts' when no value is set. This occurs when the show_on_front checkbox is left unchecked and then sent through options.php. fixes #22131.
git-svn-id: https://develop.svn.wordpress.org/trunk@22135 602fd350-edb4-49c9-b593-d223f7449a82
2012-10-08 18:41:19 +00:00
Andrew Nacin
ff88489bdc Remove the 'Size of the post box' (default_post_edit_rows) option. This will instead be handled by a user cookie tracking the resizing of both TinyMCE and the main textarea. see #21718.
git-svn-id: https://develop.svn.wordpress.org/trunk@22006 602fd350-edb4-49c9-b593-d223f7449a82
2012-09-26 03:17:28 +00:00
Andrew Nacin
84ca011876 Always attempt to embed URLs in content, removing the Auto-embeds (autoembed_urls) option.
Remove the UI for setting the default width and height for embeds. Width was confusing as it
was blank by default (inheriting the content width from the theme, or 500px). The height is
now calculated as 1.5x the content width, or 1000px, whichever is smaller.

The [embed] shortcode can still receive manual height and width attributes. This just removes
the global settings.

props wonderboymusic. see #21719.



git-svn-id: https://develop.svn.wordpress.org/trunk@21998 602fd350-edb4-49c9-b593-d223f7449a82
2012-09-25 07:10:09 +00:00
Andrew Nacin
774a12be83 Introduce constants to allow for easier expression of time periods in seconds. Adds MINUTE_IN_SECONDS, HOUR_IN_SECONDS, DAY_IN_SECONDS, WEEK_IN_SECONDS, YEAR_IN_SECONDS. props nbachiyski, SergeyBiryukov. fixes #20987.
git-svn-id: https://develop.svn.wordpress.org/trunk@21996 602fd350-edb4-49c9-b593-d223f7449a82
2012-09-25 05:26:19 +00:00
Andrew Nacin
248b586911 Move sanitization for the multisite illegal_names, limited_email_domains, and banned_email_domains options to sanitize_option(). props wonderboymusic. fixes #21552.
git-svn-id: https://develop.svn.wordpress.org/trunk@21993 602fd350-edb4-49c9-b593-d223f7449a82
2012-09-25 01:54:12 +00:00
Andrew Nacin
5869cbc05a Synchronize block-level elements between the JS and PHP versions of wpautop. props SergeyBiryukov. fixes #18534.
git-svn-id: https://develop.svn.wordpress.org/trunk@21888 602fd350-edb4-49c9-b593-d223f7449a82
2012-09-18 17:32:44 +00:00
Andrew Nacin
326731cdb3 Add Pinyin diacritics to remove_accents(). Remove these diacritics in sanitize_title_with_dashes() on save as well. props bolo1988, SergeyBiryukov. fixes #20772.
git-svn-id: https://develop.svn.wordpress.org/trunk@21859 602fd350-edb4-49c9-b593-d223f7449a82
2012-09-15 20:01:08 +00:00
Andrew Nacin
42a2b4a12f "[ ] Discourage search engines from indexing this site". fixes #16416.
git-svn-id: https://develop.svn.wordpress.org/trunk@21851 602fd350-edb4-49c9-b593-d223f7449a82
2012-09-14 20:26:20 +00:00
Andrew Nacin
8c13f286e3 Use the non-slashing variants of kses functions in sanitize_option() to avoid slash ping pong. fixes #21892.
git-svn-id: https://develop.svn.wordpress.org/trunk@21850 602fd350-edb4-49c9-b593-d223f7449a82
2012-09-14 19:32:53 +00:00
Andrew Nacin
518d14331c When balancing tags, properly close tags that shouldn't be self-closed but are. Support all self-closing tags.
props coffee2code.
fixes #1597.



git-svn-id: https://develop.svn.wordpress.org/trunk@21828 602fd350-edb4-49c9-b593-d223f7449a82
2012-09-13 16:39:06 +00:00
Andrew Nacin
667a94907c Properly delimit URLs by \r, \n, \t *or* a space in sanitize_trackback_urls(). Fixes multiple trackback URL usage. props SergeyBiryukov, fixes #21624 for trunk.
git-svn-id: https://develop.svn.wordpress.org/trunk@21718 602fd350-edb4-49c9-b593-d223f7449a82
2012-09-04 03:36:19 +00:00
Andrew Nacin
6b6bea5e0d Only run stripslashes() in stripslashes_deep() for strings, not other scalar values. props Kawauso, knutsp. props coffee2code for [UT698]. fixes #18026.
git-svn-id: https://develop.svn.wordpress.org/trunk@21292 602fd350-edb4-49c9-b593-d223f7449a82
2012-07-20 15:14:26 +00:00
Andrew Nacin
041b5f7af1 HTML object tags are self-nestable. props coffee2code. fixes #20401.
git-svn-id: https://develop.svn.wordpress.org/trunk@21250 602fd350-edb4-49c9-b593-d223f7449a82
2012-07-09 19:27:44 +00:00
Mark Jaquith
ea8be18c39 Collapse an i18n context to make it more accurate and to make for one less string to translate. props pavelevap. fixes #21137
git-svn-id: https://develop.svn.wordpress.org/trunk@21242 602fd350-edb4-49c9-b593-d223f7449a82
2012-07-09 05:08:43 +00:00