Commit Graph

359 Commits

Author SHA1 Message Date
Peter Westwood
6c937208e7 Formatting: Pass the blog charset to htmlspecialchars so that we don't eat non-UTF8 strings in PHP 5.4
Fixes #23688


git-svn-id: https://develop.svn.wordpress.org/trunk@23685 602fd350-edb4-49c9-b593-d223f7449a82
2013-03-13 15:24:38 +00:00
Andrew Nacin
ddb81178b7 Properly handle timezones in get_date_from_gmt() rather than relying on the implicit gmt_offset. This offset is only good for the current time, rather than the passed time, which causes problems when converting a DST date when DST is not in effect, or vice versa.
Update get_gmt_from_date() to make these functions match in formatting, as they are complementary and just reverse a few operations.

props scholesmafia
Tests: [1233/tests]

fixes #20328.



git-svn-id: https://develop.svn.wordpress.org/trunk@23618 602fd350-edb4-49c9-b593-d223f7449a82
2013-03-05 16:14:14 +00:00
Ryan Boren
b78520da15 Use wp_unslash() instead of stripslashes() and stripslashes_deep(). Use wp_slash() instead of add_magic_quotes().
see #WP21767


git-svn-id: https://develop.svn.wordpress.org/trunk@23591 602fd350-edb4-49c9-b593-d223f7449a82
2013-03-03 16:30:38 +00:00
Ryan Boren
85782c3e39 Introduce wp_slash() and wp_unslash(). This will be used to cleanup the myriad calls to addslashes*, add_magic_quotes, stripslashes*. see #21767
git-svn-id: https://develop.svn.wordpress.org/trunk@23555 602fd350-edb4-49c9-b593-d223f7449a82
2013-03-01 16:34:48 +00:00
Ryan Boren
c363aea627 Revert 23416, 23419, 23445 except for wp_reset_vars() changes. We are going a different direction with the slashing cleanup, so resetting to a clean slate. see #21767
git-svn-id: https://develop.svn.wordpress.org/trunk@23554 602fd350-edb4-49c9-b593-d223f7449a82
2013-03-01 16:28:40 +00:00
Andrew Nacin
e1b603bbc3 Move revisions/autosave and post format functions from wp-includes/post.php into revision.php and post-formats.php.
git-svn-id: https://develop.svn.wordpress.org/trunk@23466 602fd350-edb4-49c9-b593-d223f7449a82
2013-02-21 21:24:34 +00:00
Helen Hou-Sandi
351438ebe1 Output fallbacks / theme compat for post format metadata.
* Currently handles link, quote, image, gallery, audio, and video formats.
* `add_theme_support()` for a given post format is now an indicator that the theme handles format-specific metadata.
* If no support for a given format is defined, fallback output will be generated and hooked onto the_content if a post has metadata for that format.
* Fallbacks attempt to be smart about not duplicating data already appearing in the post content itself. Gallery is particularly liberal, looking for any instance of the gallery shortcode in the content, not just an exact match to the gallery shortcode defined in the format-specific meta.
* Compat output defaults to being wrapped in a `div` with a class of `post-format-content`.

Theme authors: please test and evaluate, keeping in mind that the goal is to support user expectations of not losing format-specific data they've entered in the admin when viewing the front-end of their site.

props wonderboymusic, beaulebens, helen. see #23347.


git-svn-id: https://develop.svn.wordpress.org/trunk@23450 602fd350-edb4-49c9-b593-d223f7449a82
2013-02-18 19:22:58 +00:00
Sergey Biryukov
2950f848d4 Fix typos in phpdoc. props markmcwilliams. fixes #23481.
git-svn-id: https://develop.svn.wordpress.org/trunk@23434 602fd350-edb4-49c9-b593-d223f7449a82
2013-02-15 18:59:56 +00:00
Ryan Boren
a6c8efadb9 Change all core API to expect unslashed rather than slashed arguments.
The exceptions to this are update_post_meta() and add_post_meta() which are often used by plugins in POST handlers and will continue accepting slashed data for now.

Introduce wp_upate_post_meta() and wp_add_post_meta() as unslashed alternatives to update_post_meta() and add_post_meta(). These functions could become methods in WP_Post so don't use them too heavily yet.

Remove all escape() calls from wp_xmlrpc_server. Now that core expects unslashed data this is no longer needed.

Remove addslashes(), addslashes_gpc(), add_magic_quotes() calls on data being prepared for handoff to core functions that until now expected slashed data. Adding slashes in no longer necessary.

Introduce wp_unslash() and use to it remove slashes from GPCS data before using it in core API. Almost every instance of stripslashes() in core should now be wp_unslash(). In the future (a release or three) when GPCS is no longer slashed, wp_unslash() will stop stripping slashes and simply return what is passed. At this point wp_unslash() calls can be removed from core.

Introduce wp_slash() for slashing GPCS data. This will also turn into a noop once GPCS is no longer slashed. wp_slash() should almost never be used. It is mainly of use in unit tests.

Plugins should use wp_unslash() on data being passed to core API.

Plugins should no longer slash data being passed to core. So when you get_post() and then wp_insert_post() the post data from get_post() no longer needs addslashes(). Most plugins were not bothering with this. They will magically start doing the right thing. Unfortunately, those few souls who did it properly will now have to avoid calling addslashes() for 3.6 and newer.

Use wp_kses_post() and wp_kses_data(), which expect unslashed data, instead of wp_filter_post_kses() and wp_filter_kses(), which expect slashed data. Filters are no longer passed slashed data.

Remove many no longer necessary calls to $wpdb->escape() and esc_sql().

In wp_get_referer() and wp_get_original_referer(), return unslashed data.

Remove old stripslashes() calls from WP_Widget::update() handlers. These haven't been necessary since WP_Widget.

Switch several queries over to prepare().

Expect something to break.

Props alexkingorg
see #21767


git-svn-id: https://develop.svn.wordpress.org/trunk@23416 602fd350-edb4-49c9-b593-d223f7449a82
2013-02-14 22:51:06 +00:00
Sergey Biryukov
ce72d762f8 Correct the documentation for balanceTags(). Remove unnecessary boolean inversion. props TobiasBg. fixes #22537.
git-svn-id: https://develop.svn.wordpress.org/trunk@23368 602fd350-edb4-49c9-b593-d223f7449a82
2013-02-01 22:20:06 +00:00
Sergey Biryukov
78b83d3fc1 PHPDoc fixes and additions. props bananastalktome, DrewAPicture. fixes #23313.
git-svn-id: https://develop.svn.wordpress.org/trunk@23365 602fd350-edb4-49c9-b593-d223f7449a82
2013-02-01 18:07:08 +00:00
Sergey Biryukov
98cbf77a95 Use digraphs for German umlauts in remove_accents(). props SergeyBiryukov, ocean90. fixes #3782.
git-svn-id: https://develop.svn.wordpress.org/trunk@23361 602fd350-edb4-49c9-b593-d223f7449a82
2013-01-31 01:55:09 +00:00
Andrew Ozz
f8a254ec56 Autop: <samp> is not a block tag, props toscho, fixes #18807
git-svn-id: https://develop.svn.wordpress.org/trunk@23327 602fd350-edb4-49c9-b593-d223f7449a82
2013-01-22 19:05:21 +00:00
Andrew Nacin
f0e451a30f Treat URL schemes as case insensitive when sanitizing them in esc_url().
props mdawaffe.
fixes #23187.
tests: [1184/tests]



git-svn-id: https://develop.svn.wordpress.org/trunk@23303 602fd350-edb4-49c9-b593-d223f7449a82
2013-01-17 15:07:32 +00:00
Peter Westwood
d927271553 Tighten our braces. Fixes #23118 props evansolomon.
git-svn-id: https://develop.svn.wordpress.org/trunk@23265 602fd350-edb4-49c9-b593-d223f7449a82
2013-01-04 10:13:51 +00:00
Helen Hou-Sandi
c43802b342 s/Santizes/Sanitizes/ in phpdoc for sanitize_html_class(). props cais. fixes #22890.
git-svn-id: https://develop.svn.wordpress.org/trunk@23189 602fd350-edb4-49c9-b593-d223f7449a82
2012-12-20 15:40:37 +00:00
Andrew Nacin
59bb81f264 Remove additional acute accents from permalink slugs via sanitize_title_with_dashes(). props SergeyBiryukov. fixes #22395.
git-svn-id: https://develop.svn.wordpress.org/trunk@23176 602fd350-edb4-49c9-b593-d223f7449a82
2012-12-13 09:59:28 +00:00
Andrew Nacin
34985fbc7a Revert page on front changes. Reverts [22127] [22129] [22135] [22136]. see #16379.
git-svn-id: https://develop.svn.wordpress.org/trunk@22653 602fd350-edb4-49c9-b593-d223f7449a82
2012-11-19 01:28:32 +00:00
Andrew Nacin
e25ee1e3e6 Avoid an uncaught exception in get_gmt_from_date(). The return value is imperfect - date( $format, 0 ) - but better than a fatal error. props wonderboymusic. fixes #20942.
git-svn-id: https://develop.svn.wordpress.org/trunk@22435 602fd350-edb4-49c9-b593-d223f7449a82
2012-11-07 20:07:41 +00:00
Jon Cave
397efc640f Update shortcode regular expression commentary. See #17657.
git-svn-id: https://develop.svn.wordpress.org/trunk@22401 602fd350-edb4-49c9-b593-d223f7449a82
2012-11-06 14:47:33 +00:00
Ryan Boren
24a69e1602 Allow hyphens in shortcode names.
Props kovshenin, solarissmoke, aaroncampbell
fixes #17657


git-svn-id: https://develop.svn.wordpress.org/trunk@22382 602fd350-edb4-49c9-b593-d223f7449a82
2012-11-05 22:27:36 +00:00
Ryan Boren
d76c931269 Fix wp_basename() for Windows by replacing %5C with /.
Props SergeyBiryukov
fixes #22138


git-svn-id: https://develop.svn.wordpress.org/trunk@22310 602fd350-edb4-49c9-b593-d223f7449a82
2012-10-25 22:31:17 +00:00
Ryan Boren
e033812490 Pass each url in ping_sites through esc_url_raw() upin save. This ensures the urls have a valid protocol and avoids "Unable to parse URL" warning in WP_Http. Props SergeyBiryukov. fixes #21966
git-svn-id: https://develop.svn.wordpress.org/trunk@22255 602fd350-edb4-49c9-b593-d223f7449a82
2012-10-17 17:44:40 +00:00
Andrew Nacin
bbd97dc498 Set show_on_front to 'posts' when no value is set. This occurs when the show_on_front checkbox is left unchecked and then sent through options.php. fixes #22131.
git-svn-id: https://develop.svn.wordpress.org/trunk@22135 602fd350-edb4-49c9-b593-d223f7449a82
2012-10-08 18:41:19 +00:00
Andrew Nacin
ff88489bdc Remove the 'Size of the post box' (default_post_edit_rows) option. This will instead be handled by a user cookie tracking the resizing of both TinyMCE and the main textarea. see #21718.
git-svn-id: https://develop.svn.wordpress.org/trunk@22006 602fd350-edb4-49c9-b593-d223f7449a82
2012-09-26 03:17:28 +00:00
Andrew Nacin
84ca011876 Always attempt to embed URLs in content, removing the Auto-embeds (autoembed_urls) option.
Remove the UI for setting the default width and height for embeds. Width was confusing as it
was blank by default (inheriting the content width from the theme, or 500px). The height is
now calculated as 1.5x the content width, or 1000px, whichever is smaller.

The [embed] shortcode can still receive manual height and width attributes. This just removes
the global settings.

props wonderboymusic. see #21719.



git-svn-id: https://develop.svn.wordpress.org/trunk@21998 602fd350-edb4-49c9-b593-d223f7449a82
2012-09-25 07:10:09 +00:00
Andrew Nacin
774a12be83 Introduce constants to allow for easier expression of time periods in seconds. Adds MINUTE_IN_SECONDS, HOUR_IN_SECONDS, DAY_IN_SECONDS, WEEK_IN_SECONDS, YEAR_IN_SECONDS. props nbachiyski, SergeyBiryukov. fixes #20987.
git-svn-id: https://develop.svn.wordpress.org/trunk@21996 602fd350-edb4-49c9-b593-d223f7449a82
2012-09-25 05:26:19 +00:00
Andrew Nacin
248b586911 Move sanitization for the multisite illegal_names, limited_email_domains, and banned_email_domains options to sanitize_option(). props wonderboymusic. fixes #21552.
git-svn-id: https://develop.svn.wordpress.org/trunk@21993 602fd350-edb4-49c9-b593-d223f7449a82
2012-09-25 01:54:12 +00:00
Andrew Nacin
5869cbc05a Synchronize block-level elements between the JS and PHP versions of wpautop. props SergeyBiryukov. fixes #18534.
git-svn-id: https://develop.svn.wordpress.org/trunk@21888 602fd350-edb4-49c9-b593-d223f7449a82
2012-09-18 17:32:44 +00:00
Andrew Nacin
326731cdb3 Add Pinyin diacritics to remove_accents(). Remove these diacritics in sanitize_title_with_dashes() on save as well. props bolo1988, SergeyBiryukov. fixes #20772.
git-svn-id: https://develop.svn.wordpress.org/trunk@21859 602fd350-edb4-49c9-b593-d223f7449a82
2012-09-15 20:01:08 +00:00
Andrew Nacin
42a2b4a12f "[ ] Discourage search engines from indexing this site". fixes #16416.
git-svn-id: https://develop.svn.wordpress.org/trunk@21851 602fd350-edb4-49c9-b593-d223f7449a82
2012-09-14 20:26:20 +00:00
Andrew Nacin
8c13f286e3 Use the non-slashing variants of kses functions in sanitize_option() to avoid slash ping pong. fixes #21892.
git-svn-id: https://develop.svn.wordpress.org/trunk@21850 602fd350-edb4-49c9-b593-d223f7449a82
2012-09-14 19:32:53 +00:00
Andrew Nacin
518d14331c When balancing tags, properly close tags that shouldn't be self-closed but are. Support all self-closing tags.
props coffee2code.
fixes #1597.



git-svn-id: https://develop.svn.wordpress.org/trunk@21828 602fd350-edb4-49c9-b593-d223f7449a82
2012-09-13 16:39:06 +00:00
Andrew Nacin
667a94907c Properly delimit URLs by \r, \n, \t *or* a space in sanitize_trackback_urls(). Fixes multiple trackback URL usage. props SergeyBiryukov, fixes #21624 for trunk.
git-svn-id: https://develop.svn.wordpress.org/trunk@21718 602fd350-edb4-49c9-b593-d223f7449a82
2012-09-04 03:36:19 +00:00
Andrew Nacin
6b6bea5e0d Only run stripslashes() in stripslashes_deep() for strings, not other scalar values. props Kawauso, knutsp. props coffee2code for [UT698]. fixes #18026.
git-svn-id: https://develop.svn.wordpress.org/trunk@21292 602fd350-edb4-49c9-b593-d223f7449a82
2012-07-20 15:14:26 +00:00
Andrew Nacin
041b5f7af1 HTML object tags are self-nestable. props coffee2code. fixes #20401.
git-svn-id: https://develop.svn.wordpress.org/trunk@21250 602fd350-edb4-49c9-b593-d223f7449a82
2012-07-09 19:27:44 +00:00
Mark Jaquith
ea8be18c39 Collapse an i18n context to make it more accurate and to make for one less string to translate. props pavelevap. fixes #21137
git-svn-id: https://develop.svn.wordpress.org/trunk@21242 602fd350-edb4-49c9-b593-d223f7449a82
2012-07-09 05:08:43 +00:00
Mark Jaquith
ebcf49cf93 Bunch of PHPDoc corrections and cleanups. props c3mdigital. props SergeyBiryukov. fixes #21149
git-svn-id: https://develop.svn.wordpress.org/trunk@21241 602fd350-edb4-49c9-b593-d223f7449a82
2012-07-09 05:03:53 +00:00
Ryan Boren
b6e23d7269 Shears of vigorous pinking.
git-svn-id: https://develop.svn.wordpress.org/trunk@20944 602fd350-edb4-49c9-b593-d223f7449a82
2012-05-27 16:25:43 +00:00
Peter Westwood
50517b8e53 i18n: Update the word splitting we use when trimming strings to build excerpts so that it has support for a character based mode for locales where character splitting is more approproate like Japan.
See #16079 props tenpura.


git-svn-id: https://develop.svn.wordpress.org/trunk@20859 602fd350-edb4-49c9-b593-d223f7449a82
2012-05-23 21:04:35 +00:00
Andrew Nacin
b4f82d87b0 Add Vietnamese vowels to remove_accents(). props SergeyBiryukov. fixes #17738.
git-svn-id: https://develop.svn.wordpress.org/trunk@20687 602fd350-edb4-49c9-b593-d223f7449a82
2012-05-02 16:55:16 +00:00
Andrew Nacin
61602af9c1 Add characters to be stripped or replaced in sanitize_title_with_dashes().
* Replace times (multiplication sign) with x.
 * Strip low quotation marks and other curly quotes we don't already deal with.
props SergeyBiryukov. fixes #19820.



git-svn-id: https://develop.svn.wordpress.org/trunk@20686 602fd350-edb4-49c9-b593-d223f7449a82
2012-05-02 16:37:42 +00:00
Mark Jaquith
68616250c5 Ignore this. Just need an un-synced-to-GitHub commit so I can switch to using the new core.svn.wordpress.org URL.
git-svn-id: https://develop.svn.wordpress.org/trunk@20672 602fd350-edb4-49c9-b593-d223f7449a82
2012-05-01 21:05:02 +00:00
Andrew Nacin
0d53bba473 Properly convert two special Z characters in convert_chars(). props Namely, SergeyBiryukov. fixes #20503.
git-svn-id: https://develop.svn.wordpress.org/trunk@20653 602fd350-edb4-49c9-b593-d223f7449a82
2012-04-30 21:20:50 +00:00
Andrew Nacin
ef79a85f78 Run rawurlencode_deep() through the parsed query in canonical. (Introduces rawurlencode_deep().) props toppa for the initial patch. fixes #20143.
git-svn-id: https://develop.svn.wordpress.org/trunk@20611 602fd350-edb4-49c9-b593-d223f7449a82
2012-04-27 15:40:00 +00:00
Jon Cave
c796066fac Recognise protocols other than "http" in _links_add_base(). Props SergeyBiryukov. Fixes #19665.
Previously "https" URLs used in plugin READMEs displayed by install_plugin_information() would have the plugin's extend URL prepended.


git-svn-id: https://develop.svn.wordpress.org/trunk@20466 602fd350-edb4-49c9-b593-d223f7449a82
2012-04-14 19:14:10 +00:00
Ryan Boren
1df5a7cf30 Don't attempt to make links inside attributes clickable. Props duck_ azaozz. fixes #20418
git-svn-id: https://develop.svn.wordpress.org/trunk@20443 602fd350-edb4-49c9-b593-d223f7449a82
2012-04-11 21:14:13 +00:00
Andrew Ozz
f9c3a352a0 Do not process <pre> tags with wpautop, replace them with placeholders, process the rest of the content and then put them back. Part props kurtpayne, see #19855
git-svn-id: https://develop.svn.wordpress.org/trunk@20307 602fd350-edb4-49c9-b593-d223f7449a82
2012-03-28 15:43:31 +00:00
Andrew Nacin
b23fec65b6 <input> is not a block-level element; do not treat it like one in wpautop(). props SergeyBiryukov. props kurtpayne for the unit test. fixes #16456.
git-svn-id: https://develop.svn.wordpress.org/trunk@20078 602fd350-edb4-49c9-b593-d223f7449a82
2012-03-02 19:59:50 +00:00
Andrew Ozz
0fa723245a HTML in image captions, first run, see #18311
git-svn-id: https://develop.svn.wordpress.org/trunk@19982 602fd350-edb4-49c9-b593-d223f7449a82
2012-02-24 01:58:18 +00:00