Commit Graph

64 Commits

Author SHA1 Message Date
Ryan Boren
b78520da15 Use wp_unslash() instead of stripslashes() and stripslashes_deep(). Use wp_slash() instead of add_magic_quotes().
see #WP21767


git-svn-id: https://develop.svn.wordpress.org/trunk@23591 602fd350-edb4-49c9-b593-d223f7449a82
2013-03-03 16:30:38 +00:00
Ryan Boren
c363aea627 Revert 23416, 23419, 23445 except for wp_reset_vars() changes. We are going a different direction with the slashing cleanup, so resetting to a clean slate. see #21767
git-svn-id: https://develop.svn.wordpress.org/trunk@23554 602fd350-edb4-49c9-b593-d223f7449a82
2013-03-01 16:28:40 +00:00
Ryan Boren
a6c8efadb9 Change all core API to expect unslashed rather than slashed arguments.
The exceptions to this are update_post_meta() and add_post_meta() which are often used by plugins in POST handlers and will continue accepting slashed data for now.

Introduce wp_upate_post_meta() and wp_add_post_meta() as unslashed alternatives to update_post_meta() and add_post_meta(). These functions could become methods in WP_Post so don't use them too heavily yet.

Remove all escape() calls from wp_xmlrpc_server. Now that core expects unslashed data this is no longer needed.

Remove addslashes(), addslashes_gpc(), add_magic_quotes() calls on data being prepared for handoff to core functions that until now expected slashed data. Adding slashes in no longer necessary.

Introduce wp_unslash() and use to it remove slashes from GPCS data before using it in core API. Almost every instance of stripslashes() in core should now be wp_unslash(). In the future (a release or three) when GPCS is no longer slashed, wp_unslash() will stop stripping slashes and simply return what is passed. At this point wp_unslash() calls can be removed from core.

Introduce wp_slash() for slashing GPCS data. This will also turn into a noop once GPCS is no longer slashed. wp_slash() should almost never be used. It is mainly of use in unit tests.

Plugins should use wp_unslash() on data being passed to core API.

Plugins should no longer slash data being passed to core. So when you get_post() and then wp_insert_post() the post data from get_post() no longer needs addslashes(). Most plugins were not bothering with this. They will magically start doing the right thing. Unfortunately, those few souls who did it properly will now have to avoid calling addslashes() for 3.6 and newer.

Use wp_kses_post() and wp_kses_data(), which expect unslashed data, instead of wp_filter_post_kses() and wp_filter_kses(), which expect slashed data. Filters are no longer passed slashed data.

Remove many no longer necessary calls to $wpdb->escape() and esc_sql().

In wp_get_referer() and wp_get_original_referer(), return unslashed data.

Remove old stripslashes() calls from WP_Widget::update() handlers. These haven't been necessary since WP_Widget.

Switch several queries over to prepare().

Expect something to break.

Props alexkingorg
see #21767


git-svn-id: https://develop.svn.wordpress.org/trunk@23416 602fd350-edb4-49c9-b593-d223f7449a82
2013-02-14 22:51:06 +00:00
Mark Jaquith
b7b4a12cfd Defer the meta_id-fetching query until after comparison of the previous value, so that redundant calls to update_metadata() can bail without making that query. props nacin. fixes #22191
git-svn-id: https://develop.svn.wordpress.org/trunk@22231 602fd350-edb4-49c9-b593-d223f7449a82
2012-10-15 05:51:38 +00:00
Ryan Boren
381583c21f Improve performance of WP_Meta_Query when doing OR queries on meta keys. Props joehoyle, SergeyBiryukov. fixes #19729
git-svn-id: https://develop.svn.wordpress.org/trunk@22103 602fd350-edb4-49c9-b593-d223f7449a82
2012-10-03 12:35:06 +00:00
Andrew Nacin
9fd4c1cb9b Add NOT EXISTS to meta queries, allowing you to query for the non-existence of a meta key.
You could already use EXISTS by omitting a value to check.

props georgestephanis, scribu
fixes #18158



git-svn-id: https://develop.svn.wordpress.org/trunk@21185 602fd350-edb4-49c9-b593-d223f7449a82
2012-06-29 19:59:29 +00:00
Andrew Nacin
1909f3fbeb Use the metadata API rather than raw queries and direct do_action calls. see #20417.
git-svn-id: https://develop.svn.wordpress.org/trunk@20435 602fd350-edb4-49c9-b593-d223f7449a82
2012-04-11 20:02:39 +00:00
Andrew Nacin
54a6a40533 Introduce $wpdb->delete(). props justindgivens, scribu. fixes #18948.
git-svn-id: https://develop.svn.wordpress.org/trunk@20287 602fd350-edb4-49c9-b593-d223f7449a82
2012-03-24 15:24:31 +00:00
Ryan Boren
2b186b0c45 Lose EOF ?>. Clean up EOF newlines. fixes #12307
git-svn-id: https://develop.svn.wordpress.org/trunk@19712 602fd350-edb4-49c9-b593-d223f7449a82
2012-01-08 17:01:11 +00:00
Ryan Boren
676ba7043e Use one space, not two, after trailing punctuation. fixes #19537
git-svn-id: https://develop.svn.wordpress.org/trunk@19593 602fd350-edb4-49c9-b593-d223f7449a82
2011-12-13 23:45:31 +00:00
Ryan Boren
fd10e500e4 Pinking shears
git-svn-id: https://develop.svn.wordpress.org/trunk@19054 602fd350-edb4-49c9-b593-d223f7449a82
2011-10-24 19:13:23 +00:00
Jon Cave
4219b8b03f Fix back compat issues with delete_postmeta and deleted_postmeta actions as these should be passed the meta ID. Fixes #18825.
git-svn-id: https://develop.svn.wordpress.org/trunk@18835 602fd350-edb4-49c9-b593-d223f7449a82
2011-09-30 15:19:32 +00:00
Jon Cave
55609b863e Automatically set 'compare' => 'IN' in WP_Meta_Query::get_sql() when the meta value is an array. Props ldebrouwer, SergeyBiryukov. Fixes #16829.
git-svn-id: https://develop.svn.wordpress.org/trunk@18825 602fd350-edb4-49c9-b593-d223f7449a82
2011-09-29 22:10:56 +00:00
Andrew Nacin
32ba775ad7 Pass unslashed values from update_metadata() to add_metadata(). fixes #17343.
git-svn-id: https://develop.svn.wordpress.org/trunk@18816 602fd350-edb4-49c9-b593-d223f7449a82
2011-09-29 19:37:58 +00:00
Andrew Nacin
e0889f848c Fix docs for get_meta_sql(). First arg cannot be optional. props duck_, fixes #18717.
git-svn-id: https://develop.svn.wordpress.org/trunk@18789 602fd350-edb4-49c9-b593-d223f7449a82
2011-09-27 05:13:07 +00:00
Ryan Boren
1d3e616495 Introduce metadata_exists(), WP_User::get_data_by(), WP_User::get(), WP_User::has_prop(). Don't fill user objects with meta. Eliminate data duplication in cache and memory. Props scribu. see #15458
git-svn-id: https://develop.svn.wordpress.org/trunk@18597 602fd350-edb4-49c9-b593-d223f7449a82
2011-08-24 19:32:59 +00:00
Ryan Boren
dbb0b7c8d6 Turn delete_meta() , get_post_meta_by_id(), update_meta(), delete_post_meta_by_key() into wrappers around the metadata API. Add back compat *_postmeta actions to metadata API. Props jgadbois. see #18196
git-svn-id: https://develop.svn.wordpress.org/trunk@18500 602fd350-edb4-49c9-b593-d223f7449a82
2011-08-03 16:48:37 +00:00
Ryan Boren
0ac95fd5a6 update_metadata_by_mid() and delete_metadata_by_mid(). Props kovshenin. see #18195
git-svn-id: https://develop.svn.wordpress.org/trunk@18494 602fd350-edb4-49c9-b593-d223f7449a82
2011-08-01 17:01:54 +00:00
Ryan Boren
6b5d8397b0 Introduce register_meta(), get_metadata_by_mid(), and *_post_meta capabilities. fixes #17850
git-svn-id: https://develop.svn.wordpress.org/trunk@18445 602fd350-edb4-49c9-b593-d223f7449a82
2011-07-20 22:04:35 +00:00
Andrew Nacin
a657a1986c @since s/3.2/3.2.0/
git-svn-id: https://develop.svn.wordpress.org/trunk@18268 602fd350-edb4-49c9-b593-d223f7449a82
2011-06-11 04:40:18 +00:00
Ryan Boren
46d96c7704 Bring out the pinking shears.
git-svn-id: https://develop.svn.wordpress.org/trunk@18254 602fd350-edb4-49c9-b593-d223f7449a82
2011-06-10 23:01:45 +00:00
Ryan Boren
640eed5f4a Update @since
git-svn-id: https://develop.svn.wordpress.org/trunk@18032 602fd350-edb4-49c9-b593-d223f7449a82
2011-05-25 15:47:17 +00:00
Ryan Boren
57b6c9aeda Sanitize guid on save and display. Sanitize mime type on save. Don't allow changing mime type via edit form handlers. Protect hidden meta.
git-svn-id: https://develop.svn.wordpress.org/trunk@17994 602fd350-edb4-49c9-b593-d223f7449a82
2011-05-22 23:19:42 +00:00
Dion Hulse
4259cd6a27 Properly handle querying for meta by value without a key as well as those with invalid parameters. Props scribu. See #17264
git-svn-id: https://develop.svn.wordpress.org/trunk@17746 602fd350-edb4-49c9-b593-d223f7449a82
2011-04-28 15:02:16 +00:00
Ryan Boren
96fe89727e Introduce WP_Meta_Query and relation support. Props scribu, greuben. fixes #17165 #17011
git-svn-id: https://develop.svn.wordpress.org/trunk@17699 602fd350-edb4-49c9-b593-d223f7449a82
2011-04-25 17:27:35 +00:00
Ryan Boren
d328751ee7 Allow querying empty meta values. Props scribu. fixes #15292
git-svn-id: https://develop.svn.wordpress.org/trunk@17674 602fd350-edb4-49c9-b593-d223f7449a82
2011-04-21 18:13:03 +00:00
Ryan Boren
42e432bd94 Avoid var name conflict in _get_meta_sql(). Fixes type var passed to get_meta_sql filter. Props Rahe, nacin. fixes #16825 for trunk
git-svn-id: https://develop.svn.wordpress.org/trunk@17530 602fd350-edb4-49c9-b593-d223f7449a82
2011-03-22 20:35:47 +00:00
Andrew Nacin
68692f0565 get_meta_sql should be private. see #14645.
git-svn-id: https://develop.svn.wordpress.org/trunk@17170 602fd350-edb4-49c9-b593-d223f7449a82
2010-12-29 19:31:35 +00:00
Ryan Boren
aca2b86eaf Add 'who' arg to wp_dropdown_users() and get_users(). Add' hide_if_only_one_author' argument to get_users(). Query only authors (user level greater than 0) when who => author is passed. Query only authors for author meta box and quick edit dropdowns. Props scribu. fixes #15871
git-svn-id: https://develop.svn.wordpress.org/trunk@17088 602fd350-edb4-49c9-b593-d223f7449a82
2010-12-20 17:25:39 +00:00
Ryan Boren
748f5f0154 phpdoc notation fixes. Props demetris. fixes #15852
git-svn-id: https://develop.svn.wordpress.org/trunk@17009 602fd350-edb4-49c9-b593-d223f7449a82
2010-12-16 22:46:13 +00:00
Andrew Nacin
598bb9952a Allow actual DB fields in WP_User_Query orderby. props duck, see #15816.
git-svn-id: https://develop.svn.wordpress.org/trunk@16953 602fd350-edb4-49c9-b593-d223f7449a82
2010-12-15 16:51:38 +00:00
Ryan Boren
8bf835d944 Meta data caching improvements. Props mdawaffe. see #15545
git-svn-id: https://develop.svn.wordpress.org/trunk@16596 602fd350-edb4-49c9-b593-d223f7449a82
2010-11-26 21:35:26 +00:00
Ryan Boren
f721e075e6 Use wp_cache_add() instead of wp_cache_set() in update_meta_cache(). fixes #15452
git-svn-id: https://develop.svn.wordpress.org/trunk@16437 602fd350-edb4-49c9-b593-d223f7449a82
2010-11-17 18:25:42 +00:00
scribu
a4cd0df78c Minor get_meta_sql() cleanup. See #9124
git-svn-id: https://develop.svn.wordpress.org/trunk@16410 602fd350-edb4-49c9-b593-d223f7449a82
2010-11-17 00:27:34 +00:00
scribu
a8160ed916 Kill WP_Object_Query. See #15032
git-svn-id: https://develop.svn.wordpress.org/trunk@16353 602fd350-edb4-49c9-b593-d223f7449a82
2010-11-13 18:32:43 +00:00
scribu
f337bb1b86 Add context to get_meta_sql(). See #15018
git-svn-id: https://develop.svn.wordpress.org/trunk@16286 602fd350-edb4-49c9-b593-d223f7449a82
2010-11-11 10:06:05 +00:00
scribu
c0be4fafcf Make get_meta_sql() a standalone function. See #15032
git-svn-id: https://develop.svn.wordpress.org/trunk@16266 602fd350-edb4-49c9-b593-d223f7449a82
2010-11-09 23:22:13 +00:00
scribu
9cc035e926 Fix inconsistencies in metadata filters. Props sc0ttkclark. See #14766
git-svn-id: https://develop.svn.wordpress.org/trunk@16017 602fd350-edb4-49c9-b593-d223f7449a82
2010-10-27 17:45:08 +00:00
scribu
d9abf82f7c Add filters to *_metadata() functions. Props sc0ttkclark. Fixes #14766
git-svn-id: https://develop.svn.wordpress.org/trunk@15983 602fd350-edb4-49c9-b593-d223f7449a82
2010-10-26 19:11:27 +00:00
Ryan Boren
fc73604019 Actions for adding and deleting meta. Props wojtek.szkutnik mitchoyoshitaka. fixes #14173
git-svn-id: https://develop.svn.wordpress.org/trunk@15917 602fd350-edb4-49c9-b593-d223f7449a82
2010-10-22 19:18:33 +00:00
Andrew Nacin
9494e4ce7e Phpdoc argument/@param cleanups. props duck_, see #14783.
git-svn-id: https://develop.svn.wordpress.org/trunk@15590 602fd350-edb4-49c9-b593-d223f7449a82
2010-09-07 11:21:11 +00:00
Ryan Boren
d079129f86 Perform strict equality comparison. Props shawnparker. fixes #13350 for 3.1
git-svn-id: https://develop.svn.wordpress.org/trunk@15389 602fd350-edb4-49c9-b593-d223f7449a82
2010-07-12 15:28:31 +00:00
Ryan Boren
364194617a Don't update meta data when the new value matches the old value. fixes #13350
git-svn-id: https://develop.svn.wordpress.org/trunk@14564 602fd350-edb4-49c9-b593-d223f7449a82
2010-05-11 17:35:07 +00:00
Andrew Nacin
e98ddd7bd6 Revert patch for expecting unslashed data in the metadata API. Had snuck in with [14546]. see #12416.
git-svn-id: https://develop.svn.wordpress.org/trunk@14547 602fd350-edb4-49c9-b593-d223f7449a82
2010-05-10 20:51:58 +00:00
Andrew Nacin
8235a24f35 Fix double-tabbing in get_dropins.
git-svn-id: https://develop.svn.wordpress.org/trunk@14546 602fd350-edb4-49c9-b593-d223f7449a82
2010-05-10 20:41:14 +00:00
Ryan Boren
cec049295c Pass unserializeds value to meta actions.
git-svn-id: https://develop.svn.wordpress.org/trunk@14308 602fd350-edb4-49c9-b593-d223f7449a82
2010-04-29 19:26:40 +00:00
Ryan Boren
93e92e9b32 clean_user_cache() instead of direct cache delete.
git-svn-id: https://develop.svn.wordpress.org/trunk@14305 602fd350-edb4-49c9-b593-d223f7449a82
2010-04-29 18:32:01 +00:00
Ryan Boren
ab27ecda6d Reset the global current_user object when the current user is changed.
git-svn-id: https://develop.svn.wordpress.org/trunk@14302 602fd350-edb4-49c9-b593-d223f7449a82
2010-04-29 18:24:18 +00:00
Ryan Boren
6973ce2f9f Clear the users cache when updating user metadata. fixes #13075
git-svn-id: https://develop.svn.wordpress.org/trunk@14179 602fd350-edb4-49c9-b593-d223f7449a82
2010-04-21 18:25:03 +00:00
Dion Hulse
0f638312f7 Fix Metadata deletion. See #12414 for trunk
git-svn-id: https://develop.svn.wordpress.org/trunk@13496 602fd350-edb4-49c9-b593-d223f7449a82
2010-02-28 10:07:55 +00:00