Commit Graph

1182 Commits

Author SHA1 Message Date
Andrew Nacin
12882f9848 Ensure the referer functions operate completely on unslashed data: wp_referer_field(), wp_original_referer_field(), wp_get_referer(), wp_get_original_referer().
Use wp_slash() instead of addslashes().

see #21767.



git-svn-id: https://develop.svn.wordpress.org/trunk@23578 602fd350-edb4-49c9-b593-d223f7449a82
2013-03-01 17:58:43 +00:00
Ryan Boren
37fae23001 Always wp_unslash() the return of wp_get_referer().
see #21767


git-svn-id: https://develop.svn.wordpress.org/trunk@23570 602fd350-edb4-49c9-b593-d223f7449a82
2013-03-01 17:20:32 +00:00
Ryan Boren
c363aea627 Revert 23416, 23419, 23445 except for wp_reset_vars() changes. We are going a different direction with the slashing cleanup, so resetting to a clean slate. see #21767
git-svn-id: https://develop.svn.wordpress.org/trunk@23554 602fd350-edb4-49c9-b593-d223f7449a82
2013-03-01 16:28:40 +00:00
Andrew Ozz
da3d4313b4 Logged out warnings: restructure the PHP code (no need for a class), props nacin, see #23295
git-svn-id: https://develop.svn.wordpress.org/trunk@23543 602fd350-edb4-49c9-b593-d223f7449a82
2013-03-01 01:55:33 +00:00
Andrew Nacin
2d2bb70ec2 Allow nonce name to be passed to wp_nonce_url(), as allowed by wp_nonce_field(). props MatthewRuddy, fixes #22423.
git-svn-id: https://develop.svn.wordpress.org/trunk@23519 602fd350-edb4-49c9-b593-d223f7449a82
2013-02-28 18:08:53 +00:00
Andrew Ozz
780ee565aa Improved logged out warnings, first run, props mintindeed, see #23295
git-svn-id: https://develop.svn.wordpress.org/trunk@23504 602fd350-edb4-49c9-b593-d223f7449a82
2013-02-28 08:57:17 +00:00
Sergey Biryukov
2950f848d4 Fix typos in phpdoc. props markmcwilliams. fixes #23481.
git-svn-id: https://develop.svn.wordpress.org/trunk@23434 602fd350-edb4-49c9-b593-d223f7449a82
2013-02-15 18:59:56 +00:00
Mark Jaquith
1dc5d1c401 Update our Windows media file MIME types to the official Microsoft-recommended ones.
props niallkennedy, wonderboymusic. fixes #14253

git-svn-id: https://develop.svn.wordpress.org/trunk@23422 602fd350-edb4-49c9-b593-d223f7449a82
2013-02-15 16:12:40 +00:00
Ryan Boren
a6c8efadb9 Change all core API to expect unslashed rather than slashed arguments.
The exceptions to this are update_post_meta() and add_post_meta() which are often used by plugins in POST handlers and will continue accepting slashed data for now.

Introduce wp_upate_post_meta() and wp_add_post_meta() as unslashed alternatives to update_post_meta() and add_post_meta(). These functions could become methods in WP_Post so don't use them too heavily yet.

Remove all escape() calls from wp_xmlrpc_server. Now that core expects unslashed data this is no longer needed.

Remove addslashes(), addslashes_gpc(), add_magic_quotes() calls on data being prepared for handoff to core functions that until now expected slashed data. Adding slashes in no longer necessary.

Introduce wp_unslash() and use to it remove slashes from GPCS data before using it in core API. Almost every instance of stripslashes() in core should now be wp_unslash(). In the future (a release or three) when GPCS is no longer slashed, wp_unslash() will stop stripping slashes and simply return what is passed. At this point wp_unslash() calls can be removed from core.

Introduce wp_slash() for slashing GPCS data. This will also turn into a noop once GPCS is no longer slashed. wp_slash() should almost never be used. It is mainly of use in unit tests.

Plugins should use wp_unslash() on data being passed to core API.

Plugins should no longer slash data being passed to core. So when you get_post() and then wp_insert_post() the post data from get_post() no longer needs addslashes(). Most plugins were not bothering with this. They will magically start doing the right thing. Unfortunately, those few souls who did it properly will now have to avoid calling addslashes() for 3.6 and newer.

Use wp_kses_post() and wp_kses_data(), which expect unslashed data, instead of wp_filter_post_kses() and wp_filter_kses(), which expect slashed data. Filters are no longer passed slashed data.

Remove many no longer necessary calls to $wpdb->escape() and esc_sql().

In wp_get_referer() and wp_get_original_referer(), return unslashed data.

Remove old stripslashes() calls from WP_Widget::update() handlers. These haven't been necessary since WP_Widget.

Switch several queries over to prepare().

Expect something to break.

Props alexkingorg
see #21767


git-svn-id: https://develop.svn.wordpress.org/trunk@23416 602fd350-edb4-49c9-b593-d223f7449a82
2013-02-14 22:51:06 +00:00
Sergey Biryukov
142c4ee92b Use correct escaping function. props jkudish. fixes #20771.
git-svn-id: https://develop.svn.wordpress.org/trunk@23411 602fd350-edb4-49c9-b593-d223f7449a82
2013-02-14 05:12:23 +00:00
Ryan Boren
006d5940cd Try not to send Last-Modified, even with an empty value. Some servers interpret an empty value as the epoch.
Props nacin, slene, SergeyBiryukov, andy
see #23021 for trunk


git-svn-id: https://develop.svn.wordpress.org/trunk@23267 602fd350-edb4-49c9-b593-d223f7449a82
2013-01-04 19:51:31 +00:00
Dion Hulse
6e405b1831 Correct an incorrect PHPDoc s/@see/@link/ introduced in r23254. See #22900
git-svn-id: https://develop.svn.wordpress.org/trunk@23256 602fd350-edb4-49c9-b593-d223f7449a82
2013-01-03 08:05:48 +00:00
Dion Hulse
80bc158edd HTTP API: Introduce wp_is_writable() to wrap win_is_writable() and is_writable() to work around PHP Windows ACL issues. See #22900 for trunk
git-svn-id: https://develop.svn.wordpress.org/trunk@23255 602fd350-edb4-49c9-b593-d223f7449a82
2013-01-03 08:04:11 +00:00
Dion Hulse
b558464d2d Clarify the Documentation in win_is_writable() and move an inline comment to the Docblock, reduces confusion about what the function actually does. See #22900
git-svn-id: https://develop.svn.wordpress.org/trunk@23254 602fd350-edb4-49c9-b593-d223f7449a82
2013-01-03 07:56:38 +00:00
Mark Jaquith
7533dbadfe Add .webm (video/webm) to wp_get_mime_types(). props wonderboymusic. fixes #14659
git-svn-id: https://develop.svn.wordpress.org/trunk@23229 602fd350-edb4-49c9-b593-d223f7449a82
2012-12-29 18:07:23 +00:00
Ryan Boren
608e95019d Properly set the base URL for the main site when ms-files rewriting is enabled for MU-era installs.
Props nacin
fixes #22702


git-svn-id: https://develop.svn.wordpress.org/trunk@23002 602fd350-edb4-49c9-b593-d223f7449a82
2012-12-03 22:24:06 +00:00
Mark Jaquith
961a962a3c Remove trailing slashes from UPLOADS before trying a str_replace() in wp_upload_dir(). props jbrinley. fixes #22469
* In 3.4.x, both $url and UPLOADS had trailing slashes
* Due to refactoring, $url is no longer expected to have a trailing slash
* Because of the mismatch, the str_replace() was not working, resulting in an incorrectly verbose upload dir URL

git-svn-id: https://develop.svn.wordpress.org/trunk@22736 602fd350-edb4-49c9-b593-d223f7449a82
2012-11-21 07:08:38 +00:00
Ryan Boren
6d8bce688f Pinking shears
git-svn-id: https://develop.svn.wordpress.org/trunk@22634 602fd350-edb4-49c9-b593-d223f7449a82
2012-11-17 15:11:29 +00:00
Andrew Nacin
9c33c30f5b Account for unfiltered_upload cap in wp_upload_bits(). see #21292.
git-svn-id: https://develop.svn.wordpress.org/trunk@22471 602fd350-edb4-49c9-b593-d223f7449a82
2012-11-08 20:41:34 +00:00
Dion Hulse
499f18d2c2 Prevent an issue on windows systems which can cause the temporary directory from get_temp_dir() from returning a path containing \/. Props to SergeyBiryukov for the initial patch. Fixes #20778
git-svn-id: https://develop.svn.wordpress.org/trunk@22331 602fd350-edb4-49c9-b593-d223f7449a82
2012-10-30 20:58:35 +00:00
Andrew Ozz
c71700c7b4 Buttons:
- Update the install/initial configuration/repair screens buttons, props DrewAPicture
- Fix the welcome screen buttons and fine-tune the buttons css, props lessbloat

fixes #21598


git-svn-id: https://develop.svn.wordpress.org/trunk@22314 602fd350-edb4-49c9-b593-d223f7449a82
2012-10-26 19:40:39 +00:00
Andrew Nacin
8e674037bc Avoid 'headers already sent' messages for header_remove() the same way we currently do with header(). props ryan. fixes #22258.
git-svn-id: https://develop.svn.wordpress.org/trunk@22303 602fd350-edb4-49c9-b593-d223f7449a82
2012-10-25 20:38:55 +00:00
Andrew Nacin
08dafbce51 Do not issue a Last-Modified header when issuing no-cache headers to avoid aggressive (webkit) caching. Serve a blank header when header_remove() is not available (PHP < 5.3). props andy. fixes #22258.
git-svn-id: https://develop.svn.wordpress.org/trunk@22283 602fd350-edb4-49c9-b593-d223f7449a82
2012-10-23 15:45:44 +00:00
Ryan Boren
abd1718828 A more generic message for wp_upload_dir(). Props nacin. fixes #21796
git-svn-id: https://develop.svn.wordpress.org/trunk@22276 602fd350-edb4-49c9-b593-d223f7449a82
2012-10-23 13:49:00 +00:00
Andrew Nacin
217c37b516 Have wp_upload_dir() account for blog switching, ms-files rewriting, and the UPLOADS constant properly. This type of logic needs a lot of code comments.
Prevents wp_upload_dir() from obeying the UPLOADS constant when ms-files rewriting is enabled and a blog is switched.

Reverts [22106] thanks to [22108].

see #19235.



git-svn-id: https://develop.svn.wordpress.org/trunk@22222 602fd350-edb4-49c9-b593-d223f7449a82
2012-10-12 22:05:02 +00:00
Ryan Boren
1b3f54d73d Reduce use of global. Use get_blog_details() instead. fixes #22090
git-svn-id: https://develop.svn.wordpress.org/trunk@22108 602fd350-edb4-49c9-b593-d223f7449a82
2012-10-04 12:40:09 +00:00
Andrew Nacin
cce2ddd29c Pass the current blog id to is_main_site() in wp_upload_dir(), because is_main_site() without arguments does not respond correctly on switch. see #19235.
git-svn-id: https://develop.svn.wordpress.org/trunk@22106 602fd350-edb4-49c9-b593-d223f7449a82
2012-10-03 18:57:36 +00:00
Ryan Boren
7790af3154 Introduce WP_Image_Editor, WP_Image_Editor_Imagick, and WP_Image_Editor_GD. Abstracts image editing API and adds support for ImageMagick.
Props DH-Shredder, kurtpayne, markoheijnen
see #6821


git-svn-id: https://develop.svn.wordpress.org/trunk@22094 602fd350-edb4-49c9-b593-d223f7449a82
2012-10-01 20:59:06 +00:00
Dion Hulse
693fccb99c Silence a PHP Warning in Safe Mode from get_temp_dir(). Props ocean90. Fixes #20778
git-svn-id: https://develop.svn.wordpress.org/trunk@22082 602fd350-edb4-49c9-b593-d223f7449a82
2012-09-29 01:22:25 +00:00
Andrew Nacin
53cbfca362 If a pre-3.0 (MU era) network disables ms-files manually, they don't need /sites/ in their wp-content/uploads directory. see #19235.
git-svn-id: https://develop.svn.wordpress.org/trunk@22038 602fd350-edb4-49c9-b593-d223f7449a82
2012-09-27 04:56:58 +00:00
Dion Hulse
45d9a3e5f7 Move win_is_writable() from wp-admin/includes to wp-includes so that it's always available for get_temp_dir(). Fixes #20778
git-svn-id: https://develop.svn.wordpress.org/trunk@22009 602fd350-edb4-49c9-b593-d223f7449a82
2012-09-26 05:08:26 +00:00
Dion Hulse
2e9dc20515 Rearrange the order that we check for temporary directories in get_temp_dir(). This change causes us to use System temporary directories in preference to WP_CONTENT_DIR, for better windows compatibility, we use win_is_writable() as well. Props simonwheatley and kurtpayne for initial patches, See #20778
git-svn-id: https://develop.svn.wordpress.org/trunk@22008 602fd350-edb4-49c9-b593-d223f7449a82
2012-09-26 05:02:58 +00:00
Andrew Nacin
774a12be83 Introduce constants to allow for easier expression of time periods in seconds. Adds MINUTE_IN_SECONDS, HOUR_IN_SECONDS, DAY_IN_SECONDS, WEEK_IN_SECONDS, YEAR_IN_SECONDS. props nbachiyski, SergeyBiryukov. fixes #20987.
git-svn-id: https://develop.svn.wordpress.org/trunk@21996 602fd350-edb4-49c9-b593-d223f7449a82
2012-09-25 05:26:19 +00:00
Peter Westwood
d86f9f140f Posting: Improve the invalid date protection code based on feedback from nacin.
* Introduce a wp_checkdate() function with a single filter to centralise the code that validates dates.
 * Improve the error message
 * Correctly handle the return value of wp_insert_post which is not always a WP_Error on failure

Fixes #17180


git-svn-id: https://develop.svn.wordpress.org/trunk@21922 602fd350-edb4-49c9-b593-d223f7449a82
2012-09-20 10:46:50 +00:00
Andrew Nacin
9447d32ef4 Simplify protocol stripping in add_query_arg() by avoiding a regular expression. Don't cast a known array to an array. fixes #21332.
git-svn-id: https://develop.svn.wordpress.org/trunk@21865 602fd350-edb4-49c9-b593-d223f7449a82
2012-09-16 16:16:26 +00:00
Andrew Nacin
c6fa13adc9 Add xmpp to allowed protocols. props ethitter, fixes #21604.
git-svn-id: https://develop.svn.wordpress.org/trunk@21826 602fd350-edb4-49c9-b593-d223f7449a82
2012-09-12 15:47:34 +00:00
Andrew Nacin
5d3c3fcfba Don't show Appearance > Widgets if the theme has no sidebars defined. props SergeyBiryukov for the initial patch. fixes #21761.
git-svn-id: https://develop.svn.wordpress.org/trunk@21825 602fd350-edb4-49c9-b593-d223f7449a82
2012-09-12 02:16:46 +00:00
Andrew Nacin
7f29924c6a Remove ms-files.php rewriting from WordPress multisite. fixes #19235.
Keep existing networks compatible with a ms_files_rewriting network option.



git-svn-id: https://develop.svn.wordpress.org/trunk@21823 602fd350-edb4-49c9-b593-d223f7449a82
2012-09-11 22:22:20 +00:00
Andrew Nacin
c1eaaf31b8 Always return upload directory information from wp_upload_dir(), even if there is an error. Append the error to the array. see #19235.
git-svn-id: https://develop.svn.wordpress.org/trunk@21822 602fd350-edb4-49c9-b593-d223f7449a82
2012-09-11 22:06:49 +00:00
Andrew Nacin
dfac91464f Remove AtomPub from core.
* Will be replaced with http://wordpress.org/extend/plugins/atom-publishing-protocol/.
 * Introduces an action, xmlrpc_rsd_apis, to add APIs to xmlrpc.php?rsd.
 * Introduces support for 'error' being 403 and 50x in class-wp.php.
 * Removes 'Remote Publishing' from Writing Settings (see [21804]). Keeps the remote_publishing settings section.

DB version is bumped to generate the new wp-app rewrite rule and remove the old enable_app option.

props wonderboymusic.
fixes #21509.



git-svn-id: https://develop.svn.wordpress.org/trunk@21818 602fd350-edb4-49c9-b593-d223f7449a82
2012-09-11 20:11:39 +00:00
Ryan Boren
fdc3e8caee Don't use set_url_scheme() in wp_guess_url(). wp_guess_url() is used during install before set_url_scheme() is loaded. Props SergeyBiryukov. fixes #20759
git-svn-id: https://develop.svn.wordpress.org/trunk@21797 602fd350-edb4-49c9-b593-d223f7449a82
2012-09-10 19:37:08 +00:00
Andrew Nacin
215be466c3 Add get-attachment and query-attachments Ajax handlers. props koopersmith. see #21390.
git-svn-id: https://develop.svn.wordpress.org/trunk@21681 602fd350-edb4-49c9-b593-d223f7449a82
2012-08-31 02:58:51 +00:00
Andrew Nacin
0599fd010f Introduce wp_send_json() to json-encode a variable, print it, and die, for Ajax requests. Effectively replaces WP_Ajax_Response, which was an XML-based response.
Introduce wp_send_json_success() and wp_send_json_error(), which will allow us to fire appropriate done() or fail() callbacks in JS.

props koopersmith. see #21390.



git-svn-id: https://develop.svn.wordpress.org/trunk@21679 602fd350-edb4-49c9-b593-d223f7449a82
2012-08-31 01:56:00 +00:00
Ryan Boren
92ea34f6a2 Use set_url_scheme(). Props johnbillion, MarcusPope. see #19037 #20759
git-svn-id: https://develop.svn.wordpress.org/trunk@21664 602fd350-edb4-49c9-b593-d223f7449a82
2012-08-30 13:33:00 +00:00
Ryan Boren
ee8cf061f8 Introduce wp_get_mime_types() for fetching the complete list of mime types. Remove the static caching of the types so that filters other than the first filter work. Use wp_get_mime_types() in do_enclose(). fixes #21299 #21594
git-svn-id: https://develop.svn.wordpress.org/trunk@21541 602fd350-edb4-49c9-b593-d223f7449a82
2012-08-17 17:25:19 +00:00
Ryan Boren
c4efcb4def Fix MS Office mime types. Group the mime list in get_allowed_mime_types() by type. Props hebbet, markel, SergeyBiryukov. fixes #17117
git-svn-id: https://develop.svn.wordpress.org/trunk@21527 602fd350-edb4-49c9-b593-d223f7449a82
2012-08-15 16:48:36 +00:00
Ryan Boren
20a1def1c0 switch_to_blog() and restore_current_blog() housekeeping.
wp-includes/admin-bar.php:

* Replace get_admin_url() and get_home_url() with admin_url() and home_url() and place them inside a switch/restore. Likewise replace current_user_can_for_blog() with current_user_can(). This avoids doing multiple switch restores.

wp-includes/ms-blogs.php:

* Deprecate the $validate argument to switch_to_blog(). This avoids a not very necessary call to get_blog_details(), possibly saving a few queries.
* Use $_wp_switched and $_wp_switched_stack instead of $switched and $switched_stack to make it less likely these globals will be stomped.
* Use GLOBALS to access blog_id and other globals. I've preferred this style lately since it makes it obvious a global is being used and avoids global blog_id being stomped by a local variable.
* Lose some is_object() checks. wp_get_current_user() always returns an object, for example.
* Call the new WP_Roles::reinit() method.

wp-includes/class-wp-xmlrpc-server.php:

* Replace current_user_can_for_blog() with current_user_can() and move it inside the switch/restore pair. This eliminates a switch/restore.

wp-includes/capabilities.php:

* Use array_keys() instead of $role => $data since $data is unused. I *think* this is a bit faster.
* Introduce WP_Roles::reinit(). This reinitializes WP_Roles and is used after switch_to_blog() has already update the blog ID in the wpdb object. If a global roles array is being used instead of the db, reinit is skipped.
* current_user_can_for_blog() now does a switch/restore. It didn't before meaning it could be reinitializing the user with the wrong role information for the current blog.

wp-includes/ms-settings.php:

* Define $_wp_switched_stack and $_wp_switched. This way switch_to_blog() and restore_current_blog() can rely on it being set.

wp-settings.php:

* Instantiate the WP_Roles global. This was it is always defined during init. To remove the WP_Roles checks from WP_Role and WP_User this would probably have to move before plugins are loaded, which might not be a good thing.

wp-includes/functions.php:

* Update wp_upload_dir() to reference _wp_switched.



git-svn-id: https://develop.svn.wordpress.org/trunk@21485 602fd350-edb4-49c9-b593-d223f7449a82
2012-08-09 16:28:15 +00:00
Ryan Boren
872ba2c28f Call func_get_args() once in add_query_arg(). Props SergeyBiryukov. see #21332
git-svn-id: https://develop.svn.wordpress.org/trunk@21373 602fd350-edb4-49c9-b593-d223f7449a82
2012-07-31 15:28:10 +00:00
Andrew Nacin
6de675bd6a Remove unnecessary error suppression operators from func_get_arg() and func_num_args(). see #21332.
git-svn-id: https://develop.svn.wordpress.org/trunk@21298 602fd350-edb4-49c9-b593-d223f7449a82
2012-07-21 06:07:39 +00:00
Andrew Nacin
96f9446e11 Check if array key exists in wp_list_filter(). props wpsmith. fixes #20929.
git-svn-id: https://develop.svn.wordpress.org/trunk@21184 602fd350-edb4-49c9-b593-d223f7449a82
2012-06-29 19:42:27 +00:00