Ryan Boren
a6c8efadb9
Change all core API to expect unslashed rather than slashed arguments.
...
The exceptions to this are update_post_meta() and add_post_meta() which are often used by plugins in POST handlers and will continue accepting slashed data for now.
Introduce wp_upate_post_meta() and wp_add_post_meta() as unslashed alternatives to update_post_meta() and add_post_meta(). These functions could become methods in WP_Post so don't use them too heavily yet.
Remove all escape() calls from wp_xmlrpc_server. Now that core expects unslashed data this is no longer needed.
Remove addslashes(), addslashes_gpc(), add_magic_quotes() calls on data being prepared for handoff to core functions that until now expected slashed data. Adding slashes in no longer necessary.
Introduce wp_unslash() and use to it remove slashes from GPCS data before using it in core API. Almost every instance of stripslashes() in core should now be wp_unslash(). In the future (a release or three) when GPCS is no longer slashed, wp_unslash() will stop stripping slashes and simply return what is passed. At this point wp_unslash() calls can be removed from core.
Introduce wp_slash() for slashing GPCS data. This will also turn into a noop once GPCS is no longer slashed. wp_slash() should almost never be used. It is mainly of use in unit tests.
Plugins should use wp_unslash() on data being passed to core API.
Plugins should no longer slash data being passed to core. So when you get_post() and then wp_insert_post() the post data from get_post() no longer needs addslashes(). Most plugins were not bothering with this. They will magically start doing the right thing. Unfortunately, those few souls who did it properly will now have to avoid calling addslashes() for 3.6 and newer.
Use wp_kses_post() and wp_kses_data(), which expect unslashed data, instead of wp_filter_post_kses() and wp_filter_kses(), which expect slashed data. Filters are no longer passed slashed data.
Remove many no longer necessary calls to $wpdb->escape() and esc_sql().
In wp_get_referer() and wp_get_original_referer(), return unslashed data.
Remove old stripslashes() calls from WP_Widget::update() handlers. These haven't been necessary since WP_Widget.
Switch several queries over to prepare().
Expect something to break.
Props alexkingorg
see #21767
git-svn-id: https://develop.svn.wordpress.org/trunk@23416 602fd350-edb4-49c9-b593-d223f7449a82
2013-02-14 22:51:06 +00:00
Ryan Boren
1daab2358b
Use wp_safe_redirect(). No need to allow offsite redirects.
...
git-svn-id: https://develop.svn.wordpress.org/trunk@20425 602fd350-edb4-49c9-b593-d223f7449a82
2012-04-10 17:21:17 +00:00
Ryan Boren
6f9ceb2326
Introduce WP_User::exists(). see #20372
...
git-svn-id: https://develop.svn.wordpress.org/trunk@20378 602fd350-edb4-49c9-b593-d223f7449a82
2012-04-06 19:18:45 +00:00
Ryan Boren
2b186b0c45
Lose EOF ?>. Clean up EOF newlines. fixes #12307
...
git-svn-id: https://develop.svn.wordpress.org/trunk@19712 602fd350-edb4-49c9-b593-d223f7449a82
2012-01-08 17:01:11 +00:00
Peter Westwood
ef0a93fea9
Make it possible for commenter cookies to be disabled if someone wants to by setting them on an action instead of always. Fixes #17976 props SergeyBiryukov and pishmishy .
...
git-svn-id: https://develop.svn.wordpress.org/trunk@19622 602fd350-edb4-49c9-b593-d223f7449a82
2011-12-21 10:57:42 +00:00
Mark Jaquith
a3bdf19206
Be more consistent with ERROR: messages. fixes #15887
...
git-svn-id: https://develop.svn.wordpress.org/trunk@18841 602fd350-edb4-49c9-b593-d223f7449a82
2011-09-30 17:18:35 +00:00
Andrew Nacin
3ebb27ae3e
Always exit after wp_redirect. props filosofo, fixes #15518 .
...
git-svn-id: https://develop.svn.wordpress.org/trunk@16847 602fd350-edb4-49c9-b593-d223f7449a82
2010-12-09 18:02:54 +00:00
Andrew Nacin
161b1af64e
Allow comments on private posts to proceed past the comment_on_draft action and exit branch. We handle whether the commenter has the appropriate caps further down. fixes #13276 .
...
git-svn-id: https://develop.svn.wordpress.org/trunk@14473 602fd350-edb4-49c9-b593-d223f7449a82
2010-05-06 15:38:40 +00:00
Ryan Boren
2e60fb8e0e
Register 'inherit' as a post status. Check the parent post status when commenting on attachments.
...
git-svn-id: https://develop.svn.wordpress.org/trunk@14086 602fd350-edb4-49c9-b593-d223f7449a82
2010-04-14 14:07:48 +00:00
Ryan Boren
561dd7050a
Deny commenting on any post with a non-public status. see #9674
...
git-svn-id: https://develop.svn.wordpress.org/trunk@13200 602fd350-edb4-49c9-b593-d223f7449a82
2010-02-18 20:08:35 +00:00
Ryan Boren
866c3021d4
Block comments for future posts and password protected posts (when password not provided). Props filosofo. fixes #11810 for trunk
...
git-svn-id: https://develop.svn.wordpress.org/trunk@12647 602fd350-edb4-49c9-b593-d223f7449a82
2010-01-07 19:37:16 +00:00
Ryan Boren
42e6256e10
Accept either user_id or user_ID. Remove user_id global. see #11271 #11222
...
git-svn-id: https://develop.svn.wordpress.org/trunk@12300 602fd350-edb4-49c9-b593-d223f7449a82
2009-12-01 02:06:02 +00:00
Andrew Ozz
387ac8c9b5
Fix notices and phpdoc, props hakre, fixes #10758
...
git-svn-id: https://develop.svn.wordpress.org/trunk@12284 602fd350-edb4-49c9-b593-d223f7449a82
2009-11-26 11:29:54 +00:00
Ryan Boren
27db8a8161
Standardize on user_id instead of user_ID when passing comment data. fixes #11222
...
git-svn-id: https://develop.svn.wordpress.org/trunk@12267 602fd350-edb4-49c9-b593-d223f7449a82
2009-11-23 21:04:11 +00:00
Ryan Boren
bc7e8e284b
Trash comments when trashing a post. see #11073
...
git-svn-id: https://develop.svn.wordpress.org/trunk@12148 602fd350-edb4-49c9-b593-d223f7449a82
2009-11-05 21:03:09 +00:00
Mark Jaquith
ba1c3bdd5b
Deprecate sanitize_url() and clean_url() in favor of esc_url_raw() and esc_url()
...
git-svn-id: https://develop.svn.wordpress.org/trunk@11383 602fd350-edb4-49c9-b593-d223f7449a82
2009-05-18 16:00:33 +00:00
Peter Westwood
79a1dd8466
Add 'pre_comment_on_post' action to allow early denial by spam plugin. Fixes #8343 .
...
git-svn-id: https://develop.svn.wordpress.org/trunk@11248 602fd350-edb4-49c9-b593-d223f7449a82
2009-05-10 07:11:12 +00:00
Peter Westwood
5926a70719
Allow a plugin to vary the comment cookie lifetime (or even remove the cookies altogether). Fixes #4996 .
...
git-svn-id: https://develop.svn.wordpress.org/trunk@11223 602fd350-edb4-49c9-b593-d223f7449a82
2009-05-06 20:58:46 +00:00
Ryan Boren
6a301a48c4
Require user to be logged in to comment on private posts. Props tott. see #8997
...
git-svn-id: https://develop.svn.wordpress.org/trunk@10684 602fd350-edb4-49c9-b593-d223f7449a82
2009-03-02 22:42:22 +00:00
Mark Jaquith
03792b2e62
Handle blank display_name for commenters. props mrmist. fixes #7494
...
git-svn-id: https://develop.svn.wordpress.org/trunk@9781 602fd350-edb4-49c9-b593-d223f7449a82
2008-11-19 06:58:44 +00:00
Ryan Boren
0623c49a93
Notice fixes from Viper007Bond. see #7509
...
git-svn-id: https://develop.svn.wordpress.org/trunk@9515 602fd350-edb4-49c9-b593-d223f7449a82
2008-11-04 20:16:54 +00:00
Ryan Boren
9f54a77081
Redirect back to correct comment page after replying. Props Viper007Bond. fixes #8055
...
git-svn-id: https://develop.svn.wordpress.org/trunk@9508 602fd350-edb4-49c9-b593-d223f7449a82
2008-11-04 03:37:30 +00:00
Ryan Boren
00b5111693
Redirect back to correct comment page after replying. Props Viper007Bond. fixes #8055
...
git-svn-id: https://develop.svn.wordpress.org/trunk@9507 602fd350-edb4-49c9-b593-d223f7449a82
2008-11-04 03:31:19 +00:00
Ryan Boren
873a5b075b
Comment paging and sorting from Viper007Bond. see #7927
...
git-svn-id: https://develop.svn.wordpress.org/trunk@9296 602fd350-edb4-49c9-b593-d223f7449a82
2008-10-23 16:08:47 +00:00
Andrew Ozz
3e9d31fc8f
Reply to comments from admin, first run, see #7435
...
git-svn-id: https://develop.svn.wordpress.org/trunk@8720 602fd350-edb4-49c9-b593-d223f7449a82
2008-08-24 06:56:22 +00:00
Peter Westwood
97d67b7f80
Minor phpdoc fixups.
...
git-svn-id: https://develop.svn.wordpress.org/trunk@8149 602fd350-edb4-49c9-b593-d223f7449a82
2008-06-20 20:56:40 +00:00
Ryan Boren
e25996c368
File file level phpdoc from jacobsantos. see #7037
...
git-svn-id: https://develop.svn.wordpress.org/trunk@7991 602fd350-edb4-49c9-b593-d223f7449a82
2008-05-25 15:50:15 +00:00
Ryan Boren
e911cca913
Allow wp-config.php to exist one level up from WordPress root directory. Props sambauers. fixes #6933
...
git-svn-id: https://develop.svn.wordpress.org/trunk@7971 602fd350-edb4-49c9-b593-d223f7449a82
2008-05-21 05:59:27 +00:00
Ryan Boren
fdc05b24f6
Prepare DB queries in more places. Props filosofo. see #6644
...
git-svn-id: https://develop.svn.wordpress.org/trunk@7645 602fd350-edb4-49c9-b593-d223f7449a82
2008-04-14 16:13:25 +00:00
Ryan Boren
40f80710a4
Add filters to comments_open() and pings_open(). Props tellyworth. fixes #5761
...
git-svn-id: https://develop.svn.wordpress.org/trunk@6716 602fd350-edb4-49c9-b593-d223f7449a82
2008-02-04 20:27:45 +00:00
Mark Jaquith
8f31e395de
Update wp-comments-post.php to WP coding conventions. props JeremyVisser. fixes #4573
...
git-svn-id: https://develop.svn.wordpress.org/trunk@5777 602fd350-edb4-49c9-b593-d223f7449a82
2007-07-04 16:12:37 +00:00
Mark Jaquith
0f0788d24d
Introducing post_status="pending". see #4446 and put any initial bug reports on that ticket
...
git-svn-id: https://develop.svn.wordpress.org/trunk@5707 602fd350-edb4-49c9-b593-d223f7449a82
2007-06-14 16:24:28 +00:00
rob1n
12c2ef6be0
Content-Type, not Content-type, as headers are case sensitive. Props foolswisdom and Nazgul. fixes #3545
...
git-svn-id: https://develop.svn.wordpress.org/trunk@5640 602fd350-edb4-49c9-b593-d223f7449a82
2007-06-02 05:21:18 +00:00
Ryan Boren
82a40d63e6
Requesting wp-comments-post.php with GET should return 405. Props Mike Little. fixes #3797
...
git-svn-id: https://develop.svn.wordpress.org/trunk@5128 602fd350-edb4-49c9-b593-d223f7449a82
2007-03-28 17:34:42 +00:00
Matt Mullenweg
d57901d29a
Ryan slays the dragon. (Some of these return WP_Error objects.)
...
git-svn-id: https://develop.svn.wordpress.org/trunk@5089 602fd350-edb4-49c9-b593-d223f7449a82
2007-03-23 02:05:29 +00:00
Matt Mullenweg
b1f6f9a6a8
(int)er the dragon.
...
git-svn-id: https://develop.svn.wordpress.org/trunk@5087 602fd350-edb4-49c9-b593-d223f7449a82
2007-03-23 00:59:21 +00:00
Mark Jaquith
096395f366
nonce-protect comments by users with unfiltered_html cap to prevent xsrf/xss. fixes #3973 for trunk
...
git-svn-id: https://develop.svn.wordpress.org/trunk@5039 602fd350-edb4-49c9-b593-d223f7449a82
2007-03-14 23:10:57 +00:00
Mark Jaquith
f8e2216f0e
strip tags from comment author before determining emptiness status. props Nazgul. fixes #3839
...
git-svn-id: https://develop.svn.wordpress.org/trunk@4939 602fd350-edb4-49c9-b593-d223f7449a82
2007-02-25 13:35:16 +00:00
Ryan Boren
8453685dc9
comment_post_redirect and comment_edit_redirect from Mark J. fixes #2590
...
git-svn-id: https://develop.svn.wordpress.org/trunk@4260 602fd350-edb4-49c9-b593-d223f7449a82
2006-09-28 19:16:15 +00:00
Ryan Boren
7e82eef627
Use get_option instead of get_settings. Just 'cause.
...
git-svn-id: https://develop.svn.wordpress.org/trunk@4144 602fd350-edb4-49c9-b593-d223f7449a82
2006-08-30 21:46:31 +00:00
Ryan Boren
4562fd2b74
wp_die() for comment errors. Props filosofo. fixes #1786
...
git-svn-id: https://develop.svn.wordpress.org/trunk@3984 602fd350-edb4-49c9-b593-d223f7449a82
2006-07-05 20:34:19 +00:00
Ryan Boren
f7ee176581
More comment cookie sanitation.
...
git-svn-id: https://develop.svn.wordpress.org/trunk@3577 602fd350-edb4-49c9-b593-d223f7449a82
2006-02-28 09:49:06 +00:00
Ryan Boren
e0feeb161a
Strip all html from comment author name, email, and url.
...
git-svn-id: https://develop.svn.wordpress.org/trunk@3574 602fd350-edb4-49c9-b593-d223f7449a82
2006-02-28 04:22:24 +00:00
Ryan Boren
cd4a8a24c5
current user cleanup
...
git-svn-id: https://develop.svn.wordpress.org/trunk@3566 602fd350-edb4-49c9-b593-d223f7449a82
2006-02-22 19:08:55 +00:00
Ryan Boren
bac53166c4
clean comment author url. fixes #2454
...
git-svn-id: https://develop.svn.wordpress.org/trunk@3542 602fd350-edb4-49c9-b593-d223f7449a82
2006-02-17 01:31:53 +00:00
Matt Mullenweg
be5caf3590
Redirect to permalink instead of referrer. Fixes #1673
...
git-svn-id: https://develop.svn.wordpress.org/trunk@2984 602fd350-edb4-49c9-b593-d223f7449a82
2005-11-05 22:08:56 +00:00
Matt Mullenweg
0c4c22f966
Don't set for logged in users.
...
git-svn-id: https://develop.svn.wordpress.org/trunk@2837 602fd350-edb4-49c9-b593-d223f7449a82
2005-09-05 04:14:29 +00:00
Ryan Boren
b3f7bd726c
Use wpdb->escape instead of addslashes to prepare DB bound data.
...
git-svn-id: https://develop.svn.wordpress.org/trunk@2699 602fd350-edb4-49c9-b593-d223f7449a82
2005-07-05 20:47:22 +00:00
Matt Mullenweg
a2fa5d6a70
Better headers for CGI enviroments
...
git-svn-id: https://develop.svn.wordpress.org/trunk@2623 602fd350-edb4-49c9-b593-d223f7449a82
2005-06-09 00:17:43 +00:00
Matt Mullenweg
423287de0d
Don't accept comments on drafts - http://mosquito.wordpress.org/view.php?id=946
...
git-svn-id: https://develop.svn.wordpress.org/trunk@2580 602fd350-edb4-49c9-b593-d223f7449a82
2005-05-03 07:31:29 +00:00