Commit Graph

187 Commits

Author SHA1 Message Date
Ryan Boren 436b32ef62 Use wp_unslash() instead of stripslashes() and stripslashes_deep(). Use wp_slash() instead of add_magic_quotes().
git-svn-id: https://develop.svn.wordpress.org/trunk@23567 602fd350-edb4-49c9-b593-d223f7449a82
2013-03-01 17:14:09 +00:00
Ryan Boren c363aea627 Revert 23416, 23419, 23445 except for wp_reset_vars() changes. We are going a different direction with the slashing cleanup, so resetting to a clean slate. see #21767
git-svn-id: https://develop.svn.wordpress.org/trunk@23554 602fd350-edb4-49c9-b593-d223f7449a82
2013-03-01 16:28:40 +00:00
Ryan Boren a6c8efadb9 Change all core API to expect unslashed rather than slashed arguments.
The exceptions to this are update_post_meta() and add_post_meta() which are often used by plugins in POST handlers and will continue accepting slashed data for now.

Introduce wp_upate_post_meta() and wp_add_post_meta() as unslashed alternatives to update_post_meta() and add_post_meta(). These functions could become methods in WP_Post so don't use them too heavily yet.

Remove all escape() calls from wp_xmlrpc_server. Now that core expects unslashed data this is no longer needed.

Remove addslashes(), addslashes_gpc(), add_magic_quotes() calls on data being prepared for handoff to core functions that until now expected slashed data. Adding slashes in no longer necessary.

Introduce wp_unslash() and use to it remove slashes from GPCS data before using it in core API. Almost every instance of stripslashes() in core should now be wp_unslash(). In the future (a release or three) when GPCS is no longer slashed, wp_unslash() will stop stripping slashes and simply return what is passed. At this point wp_unslash() calls can be removed from core.

Introduce wp_slash() for slashing GPCS data. This will also turn into a noop once GPCS is no longer slashed. wp_slash() should almost never be used. It is mainly of use in unit tests.

Plugins should use wp_unslash() on data being passed to core API.

Plugins should no longer slash data being passed to core. So when you get_post() and then wp_insert_post() the post data from get_post() no longer needs addslashes(). Most plugins were not bothering with this. They will magically start doing the right thing. Unfortunately, those few souls who did it properly will now have to avoid calling addslashes() for 3.6 and newer.

Use wp_kses_post() and wp_kses_data(), which expect unslashed data, instead of wp_filter_post_kses() and wp_filter_kses(), which expect slashed data. Filters are no longer passed slashed data.

Remove many no longer necessary calls to $wpdb->escape() and esc_sql().

In wp_get_referer() and wp_get_original_referer(), return unslashed data.

Remove old stripslashes() calls from WP_Widget::update() handlers. These haven't been necessary since WP_Widget.

Switch several queries over to prepare().

Expect something to break.

Props alexkingorg
see #21767


git-svn-id: https://develop.svn.wordpress.org/trunk@23416 602fd350-edb4-49c9-b593-d223f7449a82
2013-02-14 22:51:06 +00:00
Sergey Biryukov 16e16c7ee4 Use correct escaping function. fixes #23334.
git-svn-id: https://develop.svn.wordpress.org/trunk@23413 602fd350-edb4-49c9-b593-d223f7449a82
2013-02-14 05:52:23 +00:00
Ryan Boren c53137f535 Scope button classes so they can be used on the frontend without interfering with theme styles.
Props helenyhou, koopersmith
fixes #22644


git-svn-id: https://develop.svn.wordpress.org/trunk@22948 602fd350-edb4-49c9-b593-d223f7449a82
2012-11-30 13:40:59 +00:00
Ryan Boren 6d8bce688f Pinking shears
git-svn-id: https://develop.svn.wordpress.org/trunk@22634 602fd350-edb4-49c9-b593-d223f7449a82
2012-11-17 15:11:29 +00:00
Ryan Boren 46d017a331 Use retina logo in install, upgrade, setup-config, repair, and confirmation screens.
Props kopepasah, SergeyBiryukov
fixes #22375


git-svn-id: https://develop.svn.wordpress.org/trunk@22419 602fd350-edb4-49c9-b593-d223f7449a82
2012-11-07 17:34:22 +00:00
Andrew Ozz 2d6b896243 Buttons: make install.css depend on buttons.css (so button styles are always loaded), see #21598
git-svn-id: https://develop.svn.wordpress.org/trunk@22327 602fd350-edb4-49c9-b593-d223f7449a82
2012-10-30 16:28:13 +00:00
Andrew Ozz c71700c7b4 Buttons:
- Update the install/initial configuration/repair screens buttons, props DrewAPicture
- Fix the welcome screen buttons and fine-tune the buttons css, props lessbloat

fixes #21598


git-svn-id: https://develop.svn.wordpress.org/trunk@22314 602fd350-edb4-49c9-b593-d223f7449a82
2012-10-26 19:40:39 +00:00
Ryan Boren 8c50f982ea Pinking shears
git-svn-id: https://develop.svn.wordpress.org/trunk@20715 602fd350-edb4-49c9-b593-d223f7449a82
2012-05-03 16:41:59 +00:00
Andrew Nacin fcf7cda3c6 A more resilient check for the base table prefix. see #19970.
git-svn-id: https://develop.svn.wordpress.org/trunk@20700 602fd350-edb4-49c9-b593-d223f7449a82
2012-05-02 20:38:58 +00:00
Andrew Nacin 6b46997aa1 Issue an error during the WordPress install process if wp-config.php is configured with an empty database table prefix, which is not supported.
props SergeyBiryukov.
fixes #19970.



git-svn-id: https://develop.svn.wordpress.org/trunk@20699 602fd350-edb4-49c9-b593-d223f7449a82
2012-05-02 20:37:18 +00:00
Andrew Nacin 5b0664dde5 Int cast a step variable. see #19786. props Caspie.
git-svn-id: https://develop.svn.wordpress.org/trunk@20618 602fd350-edb4-49c9-b593-d223f7449a82
2012-04-27 18:57:08 +00:00
Andrew Nacin 09b4c5d21f Update login-logo.png to use proper color. Copy it over wordpress-logo.png. Make that one canonical, and stop using login-logo.png. Leave it for plugins. props iammattthomas. see #19955.
git-svn-id: https://develop.svn.wordpress.org/trunk@19937 602fd350-edb4-49c9-b593-d223f7449a82
2012-02-17 04:57:56 +00:00
Andrew Nacin 0c59eacb55 Use is_rtl() for html direction when possible. In sites.php, language_attributes() will always exist (MU vestige). When the DB is dead, language_attributes() is worse than a simple is_rtl() check. is_rtl() exists here due to wp_load_translations_early(). see #18180.
git-svn-id: https://develop.svn.wordpress.org/trunk@19862 602fd350-edb4-49c9-b593-d223f7449a82
2012-02-08 06:05:35 +00:00
Andrew Nacin 6a5ea2418a Provide a more WordPress-like context for 'Welcome' on the install screen. see #19698.
git-svn-id: https://develop.svn.wordpress.org/trunk@19808 602fd350-edb4-49c9-b593-d223f7449a82
2012-02-01 14:49:41 +00:00
Andrew Nacin db7ac5be83 Provide contexts for a 'Welcome' string. Sometimes we're saying hello, other times referring to the welcome panel. props pavelevap, fixes #19698.
git-svn-id: https://develop.svn.wordpress.org/trunk@19807 602fd350-edb4-49c9-b593-d223f7449a82
2012-02-01 14:47:49 +00:00
Ryan Boren 939ed92f83 Remove references to specific search engines. fixes #18605
git-svn-id: https://develop.svn.wordpress.org/trunk@19794 602fd350-edb4-49c9-b593-d223f7449a82
2012-01-30 20:51:00 +00:00
Ryan Boren 676ba7043e Use one space, not two, after trailing punctuation. fixes #19537
git-svn-id: https://develop.svn.wordpress.org/trunk@19593 602fd350-edb4-49c9-b593-d223f7449a82
2011-12-13 23:45:31 +00:00
Andrew Ozz 0b8d97f135 Fix styling for the installation screens, props chexee, fixes #18576
git-svn-id: https://develop.svn.wordpress.org/trunk@19297 602fd350-edb4-49c9-b593-d223f7449a82
2011-11-15 15:47:07 +00:00
Andrew Nacin 44a62f0b3b Revert [18817]. Adding the new HTML to setup-config would make translation files stale, and I'd rather i18n that file first (see #18180). fixes #18865, see #16413.
git-svn-id: https://develop.svn.wordpress.org/trunk@18897 602fd350-edb4-49c9-b593-d223f7449a82
2011-10-05 23:42:11 +00:00
Andrew Nacin 4aee3254f3 Kill the tables in install.php. props andrewryno. see #16413.
git-svn-id: https://develop.svn.wordpress.org/trunk@18817 602fd350-edb4-49c9-b593-d223f7449a82
2011-09-29 19:57:36 +00:00
Dion Hulse cb62838943 Mark the install page as rtl for styling purposes. Props SergeyBiryukov. See #18314 and #18180
git-svn-id: https://develop.svn.wordpress.org/trunk@18622 602fd350-edb4-49c9-b593-d223f7449a82
2011-08-30 03:55:40 +00:00
Andrew Nacin c30907963d Use wp_print_scripts() in install.php. Fixes issues with SCRIPT_DEBUG, removes l10n.js reference. fixes #18394.
git-svn-id: https://develop.svn.wordpress.org/trunk@18544 602fd350-edb4-49c9-b593-d223f7449a82
2011-08-13 18:01:26 +00:00
Andrew Ozz 9bcfc3da39 <!DOCTYPE html> for all, fixes #18202
git-svn-id: https://develop.svn.wordpress.org/trunk@18460 602fd350-edb4-49c9-b593-d223f7449a82
2011-07-22 00:25:41 +00:00
Peter Westwood c6b0c233c1 Use the l10n helper js file in the installer. See #15124.
git-svn-id: https://develop.svn.wordpress.org/trunk@16325 602fd350-edb4-49c9-b593-d223f7449a82
2010-11-12 11:44:08 +00:00
Andrew Nacin e2dfe4f5c2 Revert submit_button() for wp-includes, setup-config, install, login, signup. see [16061], see #15064, fixes #15247.
git-svn-id: https://develop.svn.wordpress.org/trunk@16066 602fd350-edb4-49c9-b593-d223f7449a82
2010-10-29 00:31:27 +00:00
Mark Jaquith d65cdf4ba8 Expand submit_button() capabilities. Replace all (or almost all) manual HTML instances in WP. props sbressler. see #15064
git-svn-id: https://develop.svn.wordpress.org/trunk@16061 602fd350-edb4-49c9-b593-d223f7449a82
2010-10-28 21:56:43 +00:00
Peter Westwood b138a1b60a Bring back a seperate js file for the password strength meter and correctly mark it as a dependancy of the user profile code. See #5919.
git-svn-id: https://develop.svn.wordpress.org/trunk@15998 602fd350-edb4-49c9-b593-d223f7449a82
2010-10-27 06:39:20 +00:00
scribu 33077f83fa move password-strength-meter.js into user-profile.js. See #5919
git-svn-id: https://develop.svn.wordpress.org/trunk@15780 602fd350-edb4-49c9-b593-d223f7449a82
2010-10-12 20:29:19 +00:00
Peter Westwood e777a1fbf4 Context for the medium password strength string to disabiguate it. Fixes #14431 for trunk props demetris.
git-svn-id: https://develop.svn.wordpress.org/trunk@15475 602fd350-edb4-49c9-b593-d223f7449a82
2010-07-29 20:42:05 +00:00
Dion Hulse f96e44e293 Do not stripslashes() passwords during Install, Matches Login/Updating password handling. Props johanee. See #13654
git-svn-id: https://develop.svn.wordpress.org/trunk@15073 602fd350-edb4-49c9-b593-d223f7449a82
2010-05-31 10:53:02 +00:00
Peter Westwood 41bc31f294 Style the error messages in the installer.
git-svn-id: https://develop.svn.wordpress.org/trunk@14828 602fd350-edb4-49c9-b593-d223f7449a82
2010-05-24 08:18:48 +00:00
Andrew Nacin 2473cefe8f s/blog/site/ in even more places. props PeteMall, see #11644.
git-svn-id: https://develop.svn.wordpress.org/trunk@14315 602fd350-edb4-49c9-b593-d223f7449a82
2010-04-30 03:17:49 +00:00
Andrew Nacin 3114dfddce Poka yoke for username sanitization during install. see #13159.
git-svn-id: https://develop.svn.wordpress.org/trunk@14265 602fd350-edb4-49c9-b593-d223f7449a82
2010-04-28 02:20:32 +00:00
Andrew Nacin da1170a530 Show the sanitized username on install.php completion page. Also add some help text. see #13159.
git-svn-id: https://develop.svn.wordpress.org/trunk@14264 602fd350-edb4-49c9-b593-d223f7449a82
2010-04-28 02:17:19 +00:00
Nikolay Bachiyski 98da786577 Change user name to username for consistency
git-svn-id: https://develop.svn.wordpress.org/trunk@14172 602fd350-edb4-49c9-b593-d223f7449a82
2010-04-20 17:40:08 +00:00
Dion Hulse a999fdc1a6 Add Password Mismatch feedback to the Password Strength Meter. Props dancole. Fixes #12576
git-svn-id: https://develop.svn.wordpress.org/trunk@13900 602fd350-edb4-49c9-b593-d223f7449a82
2010-03-31 08:45:51 +00:00
Andrew Nacin dd306def81 Remove redundant isset() and empty() checks.
git-svn-id: https://develop.svn.wordpress.org/trunk@13770 602fd350-edb4-49c9-b593-d223f7449a82
2010-03-19 21:29:21 +00:00
Andrew Nacin ddc506f01c Remove unnecessary ternary operators such as (expr) ? true : false.
git-svn-id: https://develop.svn.wordpress.org/trunk@13769 602fd350-edb4-49c9-b593-d223f7449a82
2010-03-19 21:15:00 +00:00
Andrew Nacin 22506c9721 install.php password UI cleanup. see #10396
git-svn-id: https://develop.svn.wordpress.org/trunk@13696 602fd350-edb4-49c9-b593-d223f7449a82
2010-03-14 02:30:50 +00:00
Peter Westwood bb7b2b24a8 Make the sanitity check html in the installer more poetic.
git-svn-id: https://develop.svn.wordpress.org/trunk@13670 602fd350-edb4-49c9-b593-d223f7449a82
2010-03-11 20:45:24 +00:00
Dion Hulse 7f001d5aa2 Do not display user specified password during install. Fixes #12479. See #10396 for feedback
git-svn-id: https://develop.svn.wordpress.org/trunk@13592 602fd350-edb4-49c9-b593-d223f7449a82
2010-03-05 12:25:30 +00:00
Andrew Nacin 36da22d334 Add a sanity check in install.php, accounting for whether PHP is running. fixes #11728
git-svn-id: https://develop.svn.wordpress.org/trunk@13428 602fd350-edb4-49c9-b593-d223f7449a82
2010-02-26 06:31:40 +00:00
Andrew Nacin 1c9ff8788f Show "Log In" button on install.php when already installed. fixes #10488 props dancole
git-svn-id: https://develop.svn.wordpress.org/trunk@13356 602fd350-edb4-49c9-b593-d223f7449a82
2010-02-24 01:58:27 +00:00
Andrew Nacin 35eafcfed4 Add links to the codex changelog in update notification strings. props dtoj, see #11739
git-svn-id: https://develop.svn.wordpress.org/trunk@13250 602fd350-edb4-49c9-b593-d223f7449a82
2010-02-20 12:28:10 +00:00
Andrew Nacin fb08796f48 Actually remove stray line ref. [13135]. see #10396
git-svn-id: https://develop.svn.wordpress.org/trunk@13136 602fd350-edb4-49c9-b593-d223f7449a82
2010-02-14 03:28:34 +00:00
Andrew Nacin db5b2edbf6 Manual L10n JS strings in install.php. Remove stray line, see #13134
git-svn-id: https://develop.svn.wordpress.org/trunk@13135 602fd350-edb4-49c9-b593-d223f7449a82
2010-02-14 03:24:25 +00:00
Dion Hulse ae5ba76658 First pass at allowing username/password selection upon install. Includes some extra cleanup of the patch. Props dancole. See #10396
git-svn-id: https://develop.svn.wordpress.org/trunk@13134 602fd350-edb4-49c9-b593-d223f7449a82
2010-02-14 03:07:47 +00:00
Andrew Nacin 4ce1c841cb install.php whitespace cleanup, inline docs, function @sinces, fixes #11491
git-svn-id: https://develop.svn.wordpress.org/trunk@13124 602fd350-edb4-49c9-b593-d223f7449a82
2010-02-13 20:40:42 +00:00