Commit Graph

68 Commits

Author SHA1 Message Date
Andrew Nacin 40623f1c68 Use sanitize_key() instead of esc_sql() when 'escaping' variable DB field names. see #21767.
git-svn-id: https://develop.svn.wordpress.org/trunk@24714 602fd350-edb4-49c9-b593-d223f7449a82
2013-07-16 14:21:05 +00:00
Sergey Biryukov 4fea95b6ab Avoid an undefined index notice. props DrewAPicture. fixes #22096.
git-svn-id: https://develop.svn.wordpress.org/trunk@24580 602fd350-edb4-49c9-b593-d223f7449a82
2013-07-08 01:49:13 +00:00
Mark Jaquith 12ff8a31c3 Prevent invalid queries in certain empty-array-passing meta_query cases.
fixes #22096. props wonderboymusic.

git-svn-id: https://develop.svn.wordpress.org/trunk@24563 602fd350-edb4-49c9-b593-d223f7449a82
2013-07-05 16:40:46 +00:00
Sergey Biryukov fbc2a6ca6d PHPDoc fixes and additions. fixes #24616.
git-svn-id: https://develop.svn.wordpress.org/trunk@24490 602fd350-edb4-49c9-b593-d223f7449a82
2013-06-21 12:45:11 +00:00
Ryan Boren b78520da15 Use wp_unslash() instead of stripslashes() and stripslashes_deep(). Use wp_slash() instead of add_magic_quotes().
see #WP21767


git-svn-id: https://develop.svn.wordpress.org/trunk@23591 602fd350-edb4-49c9-b593-d223f7449a82
2013-03-03 16:30:38 +00:00
Ryan Boren c363aea627 Revert 23416, 23419, 23445 except for wp_reset_vars() changes. We are going a different direction with the slashing cleanup, so resetting to a clean slate. see #21767
git-svn-id: https://develop.svn.wordpress.org/trunk@23554 602fd350-edb4-49c9-b593-d223f7449a82
2013-03-01 16:28:40 +00:00
Ryan Boren a6c8efadb9 Change all core API to expect unslashed rather than slashed arguments.
The exceptions to this are update_post_meta() and add_post_meta() which are often used by plugins in POST handlers and will continue accepting slashed data for now.

Introduce wp_upate_post_meta() and wp_add_post_meta() as unslashed alternatives to update_post_meta() and add_post_meta(). These functions could become methods in WP_Post so don't use them too heavily yet.

Remove all escape() calls from wp_xmlrpc_server. Now that core expects unslashed data this is no longer needed.

Remove addslashes(), addslashes_gpc(), add_magic_quotes() calls on data being prepared for handoff to core functions that until now expected slashed data. Adding slashes in no longer necessary.

Introduce wp_unslash() and use to it remove slashes from GPCS data before using it in core API. Almost every instance of stripslashes() in core should now be wp_unslash(). In the future (a release or three) when GPCS is no longer slashed, wp_unslash() will stop stripping slashes and simply return what is passed. At this point wp_unslash() calls can be removed from core.

Introduce wp_slash() for slashing GPCS data. This will also turn into a noop once GPCS is no longer slashed. wp_slash() should almost never be used. It is mainly of use in unit tests.

Plugins should use wp_unslash() on data being passed to core API.

Plugins should no longer slash data being passed to core. So when you get_post() and then wp_insert_post() the post data from get_post() no longer needs addslashes(). Most plugins were not bothering with this. They will magically start doing the right thing. Unfortunately, those few souls who did it properly will now have to avoid calling addslashes() for 3.6 and newer.

Use wp_kses_post() and wp_kses_data(), which expect unslashed data, instead of wp_filter_post_kses() and wp_filter_kses(), which expect slashed data. Filters are no longer passed slashed data.

Remove many no longer necessary calls to $wpdb->escape() and esc_sql().

In wp_get_referer() and wp_get_original_referer(), return unslashed data.

Remove old stripslashes() calls from WP_Widget::update() handlers. These haven't been necessary since WP_Widget.

Switch several queries over to prepare().

Expect something to break.

Props alexkingorg
see #21767


git-svn-id: https://develop.svn.wordpress.org/trunk@23416 602fd350-edb4-49c9-b593-d223f7449a82
2013-02-14 22:51:06 +00:00
Mark Jaquith b7b4a12cfd Defer the meta_id-fetching query until after comparison of the previous value, so that redundant calls to update_metadata() can bail without making that query. props nacin. fixes #22191
git-svn-id: https://develop.svn.wordpress.org/trunk@22231 602fd350-edb4-49c9-b593-d223f7449a82
2012-10-15 05:51:38 +00:00
Ryan Boren 381583c21f Improve performance of WP_Meta_Query when doing OR queries on meta keys. Props joehoyle, SergeyBiryukov. fixes #19729
git-svn-id: https://develop.svn.wordpress.org/trunk@22103 602fd350-edb4-49c9-b593-d223f7449a82
2012-10-03 12:35:06 +00:00
Andrew Nacin 9fd4c1cb9b Add NOT EXISTS to meta queries, allowing you to query for the non-existence of a meta key.
You could already use EXISTS by omitting a value to check.

props georgestephanis, scribu
fixes #18158



git-svn-id: https://develop.svn.wordpress.org/trunk@21185 602fd350-edb4-49c9-b593-d223f7449a82
2012-06-29 19:59:29 +00:00
Andrew Nacin 1909f3fbeb Use the metadata API rather than raw queries and direct do_action calls. see #20417.
git-svn-id: https://develop.svn.wordpress.org/trunk@20435 602fd350-edb4-49c9-b593-d223f7449a82
2012-04-11 20:02:39 +00:00
Andrew Nacin 54a6a40533 Introduce $wpdb->delete(). props justindgivens, scribu. fixes #18948.
git-svn-id: https://develop.svn.wordpress.org/trunk@20287 602fd350-edb4-49c9-b593-d223f7449a82
2012-03-24 15:24:31 +00:00
Ryan Boren 2b186b0c45 Lose EOF ?>. Clean up EOF newlines. fixes #12307
git-svn-id: https://develop.svn.wordpress.org/trunk@19712 602fd350-edb4-49c9-b593-d223f7449a82
2012-01-08 17:01:11 +00:00
Ryan Boren 676ba7043e Use one space, not two, after trailing punctuation. fixes #19537
git-svn-id: https://develop.svn.wordpress.org/trunk@19593 602fd350-edb4-49c9-b593-d223f7449a82
2011-12-13 23:45:31 +00:00
Ryan Boren fd10e500e4 Pinking shears
git-svn-id: https://develop.svn.wordpress.org/trunk@19054 602fd350-edb4-49c9-b593-d223f7449a82
2011-10-24 19:13:23 +00:00
Jon Cave 4219b8b03f Fix back compat issues with delete_postmeta and deleted_postmeta actions as these should be passed the meta ID. Fixes #18825.
git-svn-id: https://develop.svn.wordpress.org/trunk@18835 602fd350-edb4-49c9-b593-d223f7449a82
2011-09-30 15:19:32 +00:00
Jon Cave 55609b863e Automatically set 'compare' => 'IN' in WP_Meta_Query::get_sql() when the meta value is an array. Props ldebrouwer, SergeyBiryukov. Fixes #16829.
git-svn-id: https://develop.svn.wordpress.org/trunk@18825 602fd350-edb4-49c9-b593-d223f7449a82
2011-09-29 22:10:56 +00:00
Andrew Nacin 32ba775ad7 Pass unslashed values from update_metadata() to add_metadata(). fixes #17343.
git-svn-id: https://develop.svn.wordpress.org/trunk@18816 602fd350-edb4-49c9-b593-d223f7449a82
2011-09-29 19:37:58 +00:00
Andrew Nacin e0889f848c Fix docs for get_meta_sql(). First arg cannot be optional. props duck_, fixes #18717.
git-svn-id: https://develop.svn.wordpress.org/trunk@18789 602fd350-edb4-49c9-b593-d223f7449a82
2011-09-27 05:13:07 +00:00
Ryan Boren 1d3e616495 Introduce metadata_exists(), WP_User::get_data_by(), WP_User::get(), WP_User::has_prop(). Don't fill user objects with meta. Eliminate data duplication in cache and memory. Props scribu. see #15458
git-svn-id: https://develop.svn.wordpress.org/trunk@18597 602fd350-edb4-49c9-b593-d223f7449a82
2011-08-24 19:32:59 +00:00
Ryan Boren dbb0b7c8d6 Turn delete_meta() , get_post_meta_by_id(), update_meta(), delete_post_meta_by_key() into wrappers around the metadata API. Add back compat *_postmeta actions to metadata API. Props jgadbois. see #18196
git-svn-id: https://develop.svn.wordpress.org/trunk@18500 602fd350-edb4-49c9-b593-d223f7449a82
2011-08-03 16:48:37 +00:00
Ryan Boren 0ac95fd5a6 update_metadata_by_mid() and delete_metadata_by_mid(). Props kovshenin. see #18195
git-svn-id: https://develop.svn.wordpress.org/trunk@18494 602fd350-edb4-49c9-b593-d223f7449a82
2011-08-01 17:01:54 +00:00
Ryan Boren 6b5d8397b0 Introduce register_meta(), get_metadata_by_mid(), and *_post_meta capabilities. fixes #17850
git-svn-id: https://develop.svn.wordpress.org/trunk@18445 602fd350-edb4-49c9-b593-d223f7449a82
2011-07-20 22:04:35 +00:00
Andrew Nacin a657a1986c @since s/3.2/3.2.0/
git-svn-id: https://develop.svn.wordpress.org/trunk@18268 602fd350-edb4-49c9-b593-d223f7449a82
2011-06-11 04:40:18 +00:00
Ryan Boren 46d96c7704 Bring out the pinking shears.
git-svn-id: https://develop.svn.wordpress.org/trunk@18254 602fd350-edb4-49c9-b593-d223f7449a82
2011-06-10 23:01:45 +00:00
Ryan Boren 640eed5f4a Update @since
git-svn-id: https://develop.svn.wordpress.org/trunk@18032 602fd350-edb4-49c9-b593-d223f7449a82
2011-05-25 15:47:17 +00:00
Ryan Boren 57b6c9aeda Sanitize guid on save and display. Sanitize mime type on save. Don't allow changing mime type via edit form handlers. Protect hidden meta.
git-svn-id: https://develop.svn.wordpress.org/trunk@17994 602fd350-edb4-49c9-b593-d223f7449a82
2011-05-22 23:19:42 +00:00
Dion Hulse 4259cd6a27 Properly handle querying for meta by value without a key as well as those with invalid parameters. Props scribu. See #17264
git-svn-id: https://develop.svn.wordpress.org/trunk@17746 602fd350-edb4-49c9-b593-d223f7449a82
2011-04-28 15:02:16 +00:00
Ryan Boren 96fe89727e Introduce WP_Meta_Query and relation support. Props scribu, greuben. fixes #17165 #17011
git-svn-id: https://develop.svn.wordpress.org/trunk@17699 602fd350-edb4-49c9-b593-d223f7449a82
2011-04-25 17:27:35 +00:00
Ryan Boren d328751ee7 Allow querying empty meta values. Props scribu. fixes #15292
git-svn-id: https://develop.svn.wordpress.org/trunk@17674 602fd350-edb4-49c9-b593-d223f7449a82
2011-04-21 18:13:03 +00:00
Ryan Boren 42e432bd94 Avoid var name conflict in _get_meta_sql(). Fixes type var passed to get_meta_sql filter. Props Rahe, nacin. fixes #16825 for trunk
git-svn-id: https://develop.svn.wordpress.org/trunk@17530 602fd350-edb4-49c9-b593-d223f7449a82
2011-03-22 20:35:47 +00:00
Andrew Nacin 68692f0565 get_meta_sql should be private. see #14645.
git-svn-id: https://develop.svn.wordpress.org/trunk@17170 602fd350-edb4-49c9-b593-d223f7449a82
2010-12-29 19:31:35 +00:00
Ryan Boren aca2b86eaf Add 'who' arg to wp_dropdown_users() and get_users(). Add' hide_if_only_one_author' argument to get_users(). Query only authors (user level greater than 0) when who => author is passed. Query only authors for author meta box and quick edit dropdowns. Props scribu. fixes #15871
git-svn-id: https://develop.svn.wordpress.org/trunk@17088 602fd350-edb4-49c9-b593-d223f7449a82
2010-12-20 17:25:39 +00:00
Ryan Boren 748f5f0154 phpdoc notation fixes. Props demetris. fixes #15852
git-svn-id: https://develop.svn.wordpress.org/trunk@17009 602fd350-edb4-49c9-b593-d223f7449a82
2010-12-16 22:46:13 +00:00
Andrew Nacin 598bb9952a Allow actual DB fields in WP_User_Query orderby. props duck, see #15816.
git-svn-id: https://develop.svn.wordpress.org/trunk@16953 602fd350-edb4-49c9-b593-d223f7449a82
2010-12-15 16:51:38 +00:00
Ryan Boren 8bf835d944 Meta data caching improvements. Props mdawaffe. see #15545
git-svn-id: https://develop.svn.wordpress.org/trunk@16596 602fd350-edb4-49c9-b593-d223f7449a82
2010-11-26 21:35:26 +00:00
Ryan Boren f721e075e6 Use wp_cache_add() instead of wp_cache_set() in update_meta_cache(). fixes #15452
git-svn-id: https://develop.svn.wordpress.org/trunk@16437 602fd350-edb4-49c9-b593-d223f7449a82
2010-11-17 18:25:42 +00:00
scribu a4cd0df78c Minor get_meta_sql() cleanup. See #9124
git-svn-id: https://develop.svn.wordpress.org/trunk@16410 602fd350-edb4-49c9-b593-d223f7449a82
2010-11-17 00:27:34 +00:00
scribu a8160ed916 Kill WP_Object_Query. See #15032
git-svn-id: https://develop.svn.wordpress.org/trunk@16353 602fd350-edb4-49c9-b593-d223f7449a82
2010-11-13 18:32:43 +00:00
scribu f337bb1b86 Add context to get_meta_sql(). See #15018
git-svn-id: https://develop.svn.wordpress.org/trunk@16286 602fd350-edb4-49c9-b593-d223f7449a82
2010-11-11 10:06:05 +00:00
scribu c0be4fafcf Make get_meta_sql() a standalone function. See #15032
git-svn-id: https://develop.svn.wordpress.org/trunk@16266 602fd350-edb4-49c9-b593-d223f7449a82
2010-11-09 23:22:13 +00:00
scribu 9cc035e926 Fix inconsistencies in metadata filters. Props sc0ttkclark. See #14766
git-svn-id: https://develop.svn.wordpress.org/trunk@16017 602fd350-edb4-49c9-b593-d223f7449a82
2010-10-27 17:45:08 +00:00
scribu d9abf82f7c Add filters to *_metadata() functions. Props sc0ttkclark. Fixes #14766
git-svn-id: https://develop.svn.wordpress.org/trunk@15983 602fd350-edb4-49c9-b593-d223f7449a82
2010-10-26 19:11:27 +00:00
Ryan Boren fc73604019 Actions for adding and deleting meta. Props wojtek.szkutnik mitchoyoshitaka. fixes #14173
git-svn-id: https://develop.svn.wordpress.org/trunk@15917 602fd350-edb4-49c9-b593-d223f7449a82
2010-10-22 19:18:33 +00:00
Andrew Nacin 9494e4ce7e Phpdoc argument/@param cleanups. props duck_, see #14783.
git-svn-id: https://develop.svn.wordpress.org/trunk@15590 602fd350-edb4-49c9-b593-d223f7449a82
2010-09-07 11:21:11 +00:00
Ryan Boren d079129f86 Perform strict equality comparison. Props shawnparker. fixes #13350 for 3.1
git-svn-id: https://develop.svn.wordpress.org/trunk@15389 602fd350-edb4-49c9-b593-d223f7449a82
2010-07-12 15:28:31 +00:00
Ryan Boren 364194617a Don't update meta data when the new value matches the old value. fixes #13350
git-svn-id: https://develop.svn.wordpress.org/trunk@14564 602fd350-edb4-49c9-b593-d223f7449a82
2010-05-11 17:35:07 +00:00
Andrew Nacin e98ddd7bd6 Revert patch for expecting unslashed data in the metadata API. Had snuck in with [14546]. see #12416.
git-svn-id: https://develop.svn.wordpress.org/trunk@14547 602fd350-edb4-49c9-b593-d223f7449a82
2010-05-10 20:51:58 +00:00
Andrew Nacin 8235a24f35 Fix double-tabbing in get_dropins.
git-svn-id: https://develop.svn.wordpress.org/trunk@14546 602fd350-edb4-49c9-b593-d223f7449a82
2010-05-10 20:41:14 +00:00
Ryan Boren cec049295c Pass unserializeds value to meta actions.
git-svn-id: https://develop.svn.wordpress.org/trunk@14308 602fd350-edb4-49c9-b593-d223f7449a82
2010-04-29 19:26:40 +00:00