Commit Graph

467 Commits

Author SHA1 Message Date
Ryan Boren
a6c8efadb9 Change all core API to expect unslashed rather than slashed arguments.
The exceptions to this are update_post_meta() and add_post_meta() which are often used by plugins in POST handlers and will continue accepting slashed data for now.

Introduce wp_upate_post_meta() and wp_add_post_meta() as unslashed alternatives to update_post_meta() and add_post_meta(). These functions could become methods in WP_Post so don't use them too heavily yet.

Remove all escape() calls from wp_xmlrpc_server. Now that core expects unslashed data this is no longer needed.

Remove addslashes(), addslashes_gpc(), add_magic_quotes() calls on data being prepared for handoff to core functions that until now expected slashed data. Adding slashes in no longer necessary.

Introduce wp_unslash() and use to it remove slashes from GPCS data before using it in core API. Almost every instance of stripslashes() in core should now be wp_unslash(). In the future (a release or three) when GPCS is no longer slashed, wp_unslash() will stop stripping slashes and simply return what is passed. At this point wp_unslash() calls can be removed from core.

Introduce wp_slash() for slashing GPCS data. This will also turn into a noop once GPCS is no longer slashed. wp_slash() should almost never be used. It is mainly of use in unit tests.

Plugins should use wp_unslash() on data being passed to core API.

Plugins should no longer slash data being passed to core. So when you get_post() and then wp_insert_post() the post data from get_post() no longer needs addslashes(). Most plugins were not bothering with this. They will magically start doing the right thing. Unfortunately, those few souls who did it properly will now have to avoid calling addslashes() for 3.6 and newer.

Use wp_kses_post() and wp_kses_data(), which expect unslashed data, instead of wp_filter_post_kses() and wp_filter_kses(), which expect slashed data. Filters are no longer passed slashed data.

Remove many no longer necessary calls to $wpdb->escape() and esc_sql().

In wp_get_referer() and wp_get_original_referer(), return unslashed data.

Remove old stripslashes() calls from WP_Widget::update() handlers. These haven't been necessary since WP_Widget.

Switch several queries over to prepare().

Expect something to break.

Props alexkingorg
see #21767


git-svn-id: https://develop.svn.wordpress.org/trunk@23416 602fd350-edb4-49c9-b593-d223f7449a82
2013-02-14 22:51:06 +00:00
Helen Hou-Sandi
1303e7377a its <=> it's in documentation, along with a rogue the, The, and looses. props trepmal. fixes #22665.
git-svn-id: https://develop.svn.wordpress.org/trunk@23191 602fd350-edb4-49c9-b593-d223f7449a82
2012-12-20 15:55:32 +00:00
Andrew Nacin
628778d7c1 Account for taxonomies tied to specific kinds of attachments when setting up post types for a taxonomy query.
props jondavidjohn. see #21290.



git-svn-id: https://develop.svn.wordpress.org/trunk@22718 602fd350-edb4-49c9-b593-d223f7449a82
2012-11-20 17:33:21 +00:00
Ryan Boren
6d8bce688f Pinking shears
git-svn-id: https://develop.svn.wordpress.org/trunk@22634 602fd350-edb4-49c9-b593-d223f7449a82
2012-11-17 15:11:29 +00:00
Ryan Boren
8b4612f97a If $this->posts is empty, don't do stuff to it.
Props wonderboymusic
fixes #22061


git-svn-id: https://develop.svn.wordpress.org/trunk@22465 602fd350-edb4-49c9-b593-d223f7449a82
2012-11-08 13:52:40 +00:00
Andrew Nacin
a2082dcf2b Don't call get_term_by() in get_queried_object() if we have no terms. props wonderboymusic. fixes #21967.
git-svn-id: https://develop.svn.wordpress.org/trunk@22450 602fd350-edb4-49c9-b593-d223f7449a82
2012-11-07 22:09:05 +00:00
Ryan Boren
b21172a14a Don't assign wp_the_query to wp_query by reference. Removing the ref avoids accidentally stomping wp_the_query.
Props scribu, wpmuguru
fixes #22125


git-svn-id: https://develop.svn.wordpress.org/trunk@22434 602fd350-edb4-49c9-b593-d223f7449a82
2012-11-07 20:03:28 +00:00
Andrew Nacin
d34180efc2 Remove single-argument calls to wpdb:prepare(), which are invalid as nothing is being prepared. see #22262.
git-svn-id: https://develop.svn.wordpress.org/trunk@22428 602fd350-edb4-49c9-b593-d223f7449a82
2012-11-07 19:28:08 +00:00
Ryan Boren
361ecbb452 If posts is an empty array, bail from set_found_posts(). If posts is null or otherwise empty proceed through set_found_posts(). This accommodates caching plugins such as Advanced Post Cache that force posts to be empty for later population but still require the found_posts_query filter to run.
fixes #14426


git-svn-id: https://develop.svn.wordpress.org/trunk@22258 602fd350-edb4-49c9-b593-d223f7449a82
2012-10-17 20:57:23 +00:00
Ryan Boren
10677cdac8 Pass the result of the the_preview filter through get_post() to ensure the post is filtered and of type WP_Post. fixes #22162
git-svn-id: https://develop.svn.wordpress.org/trunk@22244 602fd350-edb4-49c9-b593-d223f7449a82
2012-10-16 13:48:07 +00:00
Ryan Boren
436bdde04c Replace the sanitize loop at the end of WP_Query::get_posts() with an array_map of get_post(). get_post() will ensure each object in the loop is sanitized and is of the type WP_Post. see #22162
git-svn-id: https://develop.svn.wordpress.org/trunk@22238 602fd350-edb4-49c9-b593-d223f7449a82
2012-10-15 20:42:57 +00:00
Ryan Boren
4c29375d2c Convert the object in the posts array to WP_Post only if the posts array is not empty. Some post caching plugins can cause it to be empty. see #21309
git-svn-id: https://develop.svn.wordpress.org/trunk@22011 602fd350-edb4-49c9-b593-d223f7449a82
2012-09-26 12:32:54 +00:00
Ryan Boren
42ca24f54e * Avoid FOUND ROWS when no posts are found
* Set post_count and found_posts for all 'fields' queries.
* Set found_posts to post_count when limits are not used
* Update phpdoc for $found_posts and set_found_posts()

Props SergeyBiryukov, wonderboymusic

fixes #14426



git-svn-id: https://develop.svn.wordpress.org/trunk@21928 602fd350-edb4-49c9-b593-d223f7449a82
2012-09-20 14:55:54 +00:00
Andrew Nacin
fc58815067 Clarify that conditional tags only return true for existing objects, not 404 situations. props SergeyBiryukov, fixes #16312.
git-svn-id: https://develop.svn.wordpress.org/trunk@21890 602fd350-edb4-49c9-b593-d223f7449a82
2012-09-18 17:35:11 +00:00
Andrew Nacin
9b8123711c Split tag names by [\r\n\t ] rather than \s to avoid that character class from eating characters. props rstern, SergeyBiryukov. fixes #21779. see #13413.
git-svn-id: https://develop.svn.wordpress.org/trunk@21862 602fd350-edb4-49c9-b593-d223f7449a82
2012-09-15 20:13:44 +00:00
Andrew Nacin
322919eb1c When doing a taxonomy query, search against the currently registered post types of the queried taxonomies.
Prevents posts of a type no longer assigned to a queried taxonomy from being returned.

props jondavidjohn. fixes #21290.



git-svn-id: https://develop.svn.wordpress.org/trunk@21855 602fd350-edb4-49c9-b593-d223f7449a82
2012-09-15 19:44:51 +00:00
Andrew Nacin
80e56f5a88 Check that the taxonomy matches when calling is_tax() with only a taxonomy argument. props wonderboymusic, see #20590.
git-svn-id: https://develop.svn.wordpress.org/trunk@21836 602fd350-edb4-49c9-b593-d223f7449a82
2012-09-13 17:15:13 +00:00
Ryan Boren
879cb8231b Remove unnecessary return by refs. Props wonderboymusic. fixes #21839
git-svn-id: https://develop.svn.wordpress.org/trunk@21792 602fd350-edb4-49c9-b593-d223f7449a82
2012-09-10 17:00:11 +00:00
Mark Jaquith
c5c65130c9 Allow orderby=post__in, which uses the explicit order you provided in the post__in parameter. fixes #13729. props jakemgold, Otto42.
git-svn-id: https://develop.svn.wordpress.org/trunk@21776 602fd350-edb4-49c9-b593-d223f7449a82
2012-09-06 19:01:21 +00:00
Andrew Ozz
1e7a5ed329 Add menu_order to fill_query_vars(), see #21618
git-svn-id: https://develop.svn.wordpress.org/trunk@21756 602fd350-edb4-49c9-b593-d223f7449a82
2012-09-04 23:18:14 +00:00
Ryan Boren
ca00a01d11 Allow querying by menu_order. Props wonderboymusic. fixes #21618
git-svn-id: https://develop.svn.wordpress.org/trunk@21748 602fd350-edb4-49c9-b593-d223f7449a82
2012-09-04 21:09:27 +00:00
Ryan Boren
9905abe697 Update phpdoc for functions that return WP_Post. Soft deprecate get_page(). see #21309
git-svn-id: https://develop.svn.wordpress.org/trunk@21598 602fd350-edb4-49c9-b593-d223f7449a82
2012-08-23 20:34:41 +00:00
Ryan Boren
de06b81360 Remove return ref from all calls to get_post()
Return WP_Post from get_default_post_to_edit()
Replace all calls to get_page() with get_post()
see #21309


git-svn-id: https://develop.svn.wordpress.org/trunk@21597 602fd350-edb4-49c9-b593-d223f7449a82
2012-08-23 20:01:10 +00:00
Ryan Boren
62b6207685 Use get_posts() to fetch stickies rather than custom bare SQL. Props scribu. see #21309
git-svn-id: https://develop.svn.wordpress.org/trunk@21585 602fd350-edb4-49c9-b593-d223f7449a82
2012-08-22 18:24:23 +00:00
Andrew Nacin
29cfcf3b63 Ensure sticky posts are WP_Post objects. props mdawaffe. see #21309.
git-svn-id: https://develop.svn.wordpress.org/trunk@21569 602fd350-edb4-49c9-b593-d223f7449a82
2012-08-21 04:04:54 +00:00
Ryan Boren
30218d5ea5 Introduce WP_Post class. Clean up ancestors handling. Props scribu, toppa. fixes #10381 see #21309
git-svn-id: https://develop.svn.wordpress.org/trunk@21559 602fd350-edb4-49c9-b593-d223f7449a82
2012-08-20 19:47:52 +00:00
Andrew Nacin
9f9f2bcf13 Use is_main_query() method, rather than the function. Only decode the search query variable if we are executing the main query and it came from the /search/ base, rather than the query string. fixes #13961.
git-svn-id: https://develop.svn.wordpress.org/trunk@21248 602fd350-edb4-49c9-b593-d223f7449a82
2012-07-09 17:28:55 +00:00
Mark Jaquith
0b294b9481 urldecode() search strings that come in from /search/foo. props SergeyBiryukov. fixes #13961
git-svn-id: https://develop.svn.wordpress.org/trunk@21187 602fd350-edb4-49c9-b593-d223f7449a82
2012-06-30 07:47:22 +00:00
Ryan Boren
a0a36d35c9 Pass a post object instead of ID to help preserve ancestors. Props duck_. fixes #18536
git-svn-id: https://develop.svn.wordpress.org/trunk@21073 602fd350-edb4-49c9-b593-d223f7449a82
2012-06-12 23:09:27 +00:00
Ryan Boren
c392250983 Disambiguate menu_order. Props markjaquith. fixes #20711
git-svn-id: https://develop.svn.wordpress.org/trunk@20836 602fd350-edb4-49c9-b593-d223f7449a82
2012-05-21 19:50:58 +00:00
Ryan Boren
3c00653719 Set split_the_query to false if more than 500 rows requested. Props SergeyBiryukov. fixes #20628
git-svn-id: https://develop.svn.wordpress.org/trunk@20756 602fd350-edb4-49c9-b593-d223f7449a82
2012-05-09 17:20:22 +00:00
Ryan Boren
6f90e8abd6 Don't split the main query if there is no limit. This helps avoid extremely long query strings that could cause segfaults. Allow plugins to control splitting via split_the_query filter. see #20628
git-svn-id: https://develop.svn.wordpress.org/trunk@20740 602fd350-edb4-49c9-b593-d223f7449a82
2012-05-08 20:01:47 +00:00
Andrew Nacin
6588a3fa0c No need for by-reference when calculating the queried object in PHP5. props SergeyBiryukov, duck_, fixes #20039.
git-svn-id: https://develop.svn.wordpress.org/trunk@20491 602fd350-edb4-49c9-b593-d223f7449a82
2012-04-17 03:41:07 +00:00
Andrew Nacin
0fe62673e5 Always pass a table alias to wp_post_mime_type_where(). Prevents ambiguous queries when adding joins later on. props benbalter, fixes #20193.
git-svn-id: https://develop.svn.wordpress.org/trunk@20325 602fd350-edb4-49c9-b593-d223f7449a82
2012-03-30 13:08:12 +00:00
Ryan Boren
1a41092158 Call _get_post_ancestors() from get_post_ancestors() if the ancestors property is not set in the post object. Works around situations where ancestors is not set in the cached version of the post object. see #18536
git-svn-id: https://develop.svn.wordpress.org/trunk@20171 602fd350-edb4-49c9-b593-d223f7449a82
2012-03-12 18:23:48 +00:00
Ryan Boren
e6411302f0 Return to apply_filters_ref_array() for back compat with callbacks that specify a ref for the args. Props scribu. see #18536
git-svn-id: https://develop.svn.wordpress.org/trunk@20024 602fd350-edb4-49c9-b593-d223f7449a82
2012-02-28 20:37:47 +00:00
Andrew Nacin
e413239e0a Use is_admin WP_Query propery, not is_admin(), when adding protected post statuses to the query. Allows for overriding on the parse_query hook. fixes #20049.
git-svn-id: https://develop.svn.wordpress.org/trunk@19932 602fd350-edb4-49c9-b593-d223f7449a82
2012-02-15 19:58:10 +00:00
Ryan Boren
021c55798e Split the main WP_Query posts query into two queries to avoid temp tables. Leverage cache to avoid second query in persistent cache environments. Props scribu, cheald, prettyboymp. see #18536
git-svn-id: https://develop.svn.wordpress.org/trunk@19918 602fd350-edb4-49c9-b593-d223f7449a82
2012-02-14 15:09:35 +00:00
Andrew Nacin
be343dba2c Use [\r\n\t ], not [\s], to prevent issues with some UTF-8 characters. props SergeyBiryukov, fixes #19033.
git-svn-id: https://develop.svn.wordpress.org/trunk@19866 602fd350-edb4-49c9-b593-d223f7449a82
2012-02-08 15:35:22 +00:00
Ryan Boren
dc3bccda20 Code cleanup in the paging block. Props kawauso. fixes #19773
git-svn-id: https://develop.svn.wordpress.org/trunk@19724 602fd350-edb4-49c9-b593-d223f7449a82
2012-01-09 20:08:57 +00:00
Ryan Boren
2b186b0c45 Lose EOF ?>. Clean up EOF newlines. fixes #12307
git-svn-id: https://develop.svn.wordpress.org/trunk@19712 602fd350-edb4-49c9-b593-d223f7449a82
2012-01-08 17:01:11 +00:00
Ryan Boren
a8d77cbae9 User lowercase true, false, null instead of uppercase. Props c3mdigital, mfields. fixes #16302
git-svn-id: https://develop.svn.wordpress.org/trunk@19687 602fd350-edb4-49c9-b593-d223f7449a82
2012-01-05 20:50:54 +00:00
Ryan Boren
5e76729992 One newline is enough.
git-svn-id: https://develop.svn.wordpress.org/trunk@19684 602fd350-edb4-49c9-b593-d223f7449a82
2012-01-05 20:10:39 +00:00
Andrew Nacin
24a1c0ab4a Fix notice when viewing a post preview logged out. props SergeyBiryukov, fixes #19366.
git-svn-id: https://develop.svn.wordpress.org/trunk@19604 602fd350-edb4-49c9-b593-d223f7449a82
2011-12-20 20:46:06 +00:00
Ryan Boren
676ba7043e Use one space, not two, after trailing punctuation. fixes #19537
git-svn-id: https://develop.svn.wordpress.org/trunk@19593 602fd350-edb4-49c9-b593-d223f7449a82
2011-12-13 23:45:31 +00:00
Dion Hulse
d70ddc49f9 Switch to sanitize_title_for_query() for Query sanitization (allows for pre-3.3 page slugs to be viewable), Don't update page slugs to new slug-types when the slug is not being changed, Don't issue a XHR if the page slug hasn't changed. Group effort props xknown, markjaquith, nacin. See #19292
git-svn-id: https://develop.svn.wordpress.org/trunk@19444 602fd350-edb4-49c9-b593-d223f7449a82
2011-11-24 00:20:21 +00:00
Andrew Nacin
3db76467e8 Remove unused variable. props kawauso, see #18364.
git-svn-id: https://develop.svn.wordpress.org/trunk@19216 602fd350-edb4-49c9-b593-d223f7449a82
2011-11-08 17:53:52 +00:00
Ryan Boren
2e089de79f Compute in_search_post_types only when needed. Props mitchoyoshitaka. fixes #18364
git-svn-id: https://develop.svn.wordpress.org/trunk@19078 602fd350-edb4-49c9-b593-d223f7449a82
2011-10-28 20:03:26 +00:00
Andrew Nacin
90f95e0204 new does not require by reference.
git-svn-id: https://develop.svn.wordpress.org/trunk@18995 602fd350-edb4-49c9-b593-d223f7449a82
2011-10-18 20:20:59 +00:00
Ryan Boren
c3212d522e Avoid refetching a post in get_post() when passed a post object that has already been raw sanitized. Clean up sanitize loop. Props scribu. fixes #18822
git-svn-id: https://develop.svn.wordpress.org/trunk@18846 602fd350-edb4-49c9-b593-d223f7449a82
2011-09-30 19:06:18 +00:00