Commit Graph

55 Commits

Author SHA1 Message Date
Ryan Boren 4088ca8723 Use wp_unslash() instead of stripslashes() and stripslashes_deep(). Use wp_slash() instead of add_magic_quotes().
see #21767


git-svn-id: https://develop.svn.wordpress.org/trunk@23563 602fd350-edb4-49c9-b593-d223f7449a82
2013-03-01 17:00:25 +00:00
Ryan Boren c363aea627 Revert 23416, 23419, 23445 except for wp_reset_vars() changes. We are going a different direction with the slashing cleanup, so resetting to a clean slate. see #21767
git-svn-id: https://develop.svn.wordpress.org/trunk@23554 602fd350-edb4-49c9-b593-d223f7449a82
2013-03-01 16:28:40 +00:00
Ryan Boren a6c8efadb9 Change all core API to expect unslashed rather than slashed arguments.
The exceptions to this are update_post_meta() and add_post_meta() which are often used by plugins in POST handlers and will continue accepting slashed data for now.

Introduce wp_upate_post_meta() and wp_add_post_meta() as unslashed alternatives to update_post_meta() and add_post_meta(). These functions could become methods in WP_Post so don't use them too heavily yet.

Remove all escape() calls from wp_xmlrpc_server. Now that core expects unslashed data this is no longer needed.

Remove addslashes(), addslashes_gpc(), add_magic_quotes() calls on data being prepared for handoff to core functions that until now expected slashed data. Adding slashes in no longer necessary.

Introduce wp_unslash() and use to it remove slashes from GPCS data before using it in core API. Almost every instance of stripslashes() in core should now be wp_unslash(). In the future (a release or three) when GPCS is no longer slashed, wp_unslash() will stop stripping slashes and simply return what is passed. At this point wp_unslash() calls can be removed from core.

Introduce wp_slash() for slashing GPCS data. This will also turn into a noop once GPCS is no longer slashed. wp_slash() should almost never be used. It is mainly of use in unit tests.

Plugins should use wp_unslash() on data being passed to core API.

Plugins should no longer slash data being passed to core. So when you get_post() and then wp_insert_post() the post data from get_post() no longer needs addslashes(). Most plugins were not bothering with this. They will magically start doing the right thing. Unfortunately, those few souls who did it properly will now have to avoid calling addslashes() for 3.6 and newer.

Use wp_kses_post() and wp_kses_data(), which expect unslashed data, instead of wp_filter_post_kses() and wp_filter_kses(), which expect slashed data. Filters are no longer passed slashed data.

Remove many no longer necessary calls to $wpdb->escape() and esc_sql().

In wp_get_referer() and wp_get_original_referer(), return unslashed data.

Remove old stripslashes() calls from WP_Widget::update() handlers. These haven't been necessary since WP_Widget.

Switch several queries over to prepare().

Expect something to break.

Props alexkingorg
see #21767


git-svn-id: https://develop.svn.wordpress.org/trunk@23416 602fd350-edb4-49c9-b593-d223f7449a82
2013-02-14 22:51:06 +00:00
Andrew Nacin f2b148799a Retina/span spinner cleanup. Restores CSS classes no longer used by core. props lessbloat. fixes #21456.
git-svn-id: https://develop.svn.wordpress.org/trunk@22167 602fd350-edb4-49c9-b593-d223f7449a82
2012-10-10 20:34:19 +00:00
Andrew Nacin e82d5080b8 New HiDPI spinner. Uses clean <span class="spinner"></span> markup.
Be on the lookout for weirdness.
props lessbloat. see #21456.



git-svn-id: https://develop.svn.wordpress.org/trunk@22019 602fd350-edb4-49c9-b593-d223f7449a82
2012-09-26 19:57:44 +00:00
Ryan Boren 7c52a19a5a Reduce reliance on global variables in the list tables. Allow passing a screen ID to the list tables so that ajax handlers can set the needed screen.
Props nacin
fixes #21871


git-svn-id: https://develop.svn.wordpress.org/trunk@21914 602fd350-edb4-49c9-b593-d223f7449a82
2012-09-19 12:43:31 +00:00
Andrew Nacin 533217f3ba Indicate on themes.php when a theme is a child that requires a parent theme. fixes #17944.
git-svn-id: https://develop.svn.wordpress.org/trunk@21816 602fd350-edb4-49c9-b593-d223f7449a82
2012-09-11 19:12:37 +00:00
Ryan Boren 653e3b3ae6 Change the number of themes shown per page in themes.php from 999 to 36 so that infinite scroll engages. 36 was chosen to match the per page limit for theme-install.php
git-svn-id: https://develop.svn.wordpress.org/trunk@21768 602fd350-edb4-49c9-b593-d223f7449a82
2012-09-05 20:33:34 +00:00
Andrew Nacin 2951df0632 Always URL-encode a stylesheet directory value before using it in a URL. These situations are saved by wp_nonce_url(), but we should not depend on that. see #21749, for trunk only.
git-svn-id: https://develop.svn.wordpress.org/trunk@21755 602fd350-edb4-49c9-b593-d223f7449a82
2012-09-04 22:35:12 +00:00
Andrew Nacin a064f74572 Fix old-school Preview links when a theme directory contains spaces. Fix the theme-editor.php link from MS themes screens when a theme directory contains spaces. see #21749.
git-svn-id: https://develop.svn.wordpress.org/trunk@21752 602fd350-edb4-49c9-b593-d223f7449a82
2012-09-04 22:25:25 +00:00
Andrew Nacin b502460093 Remove paths to where theme files are located from theme details on themes.php. props lessbloat, see #17944.
git-svn-id: https://develop.svn.wordpress.org/trunk@21650 602fd350-edb4-49c9-b593-d223f7449a82
2012-08-28 18:48:50 +00:00
Andrew Ozz 6e6b727315 Remove nearly all tabindex attributes from the admin, leaving them only where absolutely necessary (for now that's only the toolbar).
Add tabindex="-1" for the menu images links to avoid double tab stops there when the menu is expanded.

Fix/add auto-focus on the first input fields on the Add/Edit Post, all taxonomy, all edit taxonomy, Log In and Edit Comment screens.

See #21340.

git-svn-id: https://develop.svn.wordpress.org/trunk@21311 602fd350-edb4-49c9-b593-d223f7449a82
2012-07-24 00:15:15 +00:00
Andrew Nacin 7996c82427 Theme Customizer: Block non-existent or non-allowed themes, unless the non-allowed theme is the active theme. Support a user having edit_theme_options xor switch_themes. fixes #20852.
git-svn-id: https://develop.svn.wordpress.org/trunk@21010 602fd350-edb4-49c9-b593-d223f7449a82
2012-06-06 20:34:24 +00:00
Ryan Boren 74b9335d43 'Live Preview' instead of 'Customize' for the customizer links in the theme browser. see #19910
git-svn-id: https://develop.svn.wordpress.org/trunk@20827 602fd350-edb4-49c9-b593-d223f7449a82
2012-05-18 16:27:24 +00:00
Daryl Koopersmith e5a53305a2 Theme Customizer: Remove unused 'template' argument from wp_customize_url. see #19910.
git-svn-id: https://develop.svn.wordpress.org/trunk@20520 602fd350-edb4-49c9-b593-d223f7449a82
2012-04-18 20:57:06 +00:00
Andrew Nacin 266a785f77 Theme Customizer: Stick to wp_customize_url() instead of wp_customize_href(). Switch argument order so it is stylesheet-template. (Template is hypothetically optional, but the function will not support that.) see #19910.
Move to ->display('Name'), as ->get('Name') is a raw, untranslated version of the header.



git-svn-id: https://develop.svn.wordpress.org/trunk@20477 602fd350-edb4-49c9-b593-d223f7449a82
2012-04-16 14:36:47 +00:00
Daryl Koopersmith a43958baeb Theme Customizer: Allow the customize iframe to be accessed directly (with full feature support). see #19910.
* Move the 'Return to Manage Themes' and 'Collapse Sidebar' actions from themes.php to customize-controls.php.
* Create a postMessage connection between themes.php and customize-controls.php.
* Allow the theme customizer to be accessed directly (independent of themes.php and the customize loader).
* Add wp_customize_href() and wp_customize_url().
* Remove wp_customize_loader(). To include the loader, use wp_enqueue_script( 'customize-loader' ).
* The theme customizer now requires postMessage browser support.
* Add .hide-if-customize and .hide-if-no-customize CSS classes.
* Clean up customize-preview.js.

git-svn-id: https://develop.svn.wordpress.org/trunk@20476 602fd350-edb4-49c9-b593-d223f7449a82
2012-04-16 14:02:28 +00:00
Daryl Koopersmith 68ce88b380 Theme list table style improvements. Make 'delete' link red and separate from other actions. New action separators. see #20403.
git-svn-id: https://develop.svn.wordpress.org/trunk@20455 602fd350-edb4-49c9-b593-d223f7449a82
2012-04-12 21:10:40 +00:00
Daryl Koopersmith 98f37d532d Theme browsing UX improvements. see #20403.
* On manage/install themes pages, moved author under theme name.
* On manage themes page, moved version number to details.

git-svn-id: https://develop.svn.wordpress.org/trunk@20414 602fd350-edb4-49c9-b593-d223f7449a82
2012-04-10 00:15:13 +00:00
Daryl Koopersmith 31caea7b9b Theme Customizer: Improve the customize loader and themes list table markup. see #19910.
* Use event delegation for triggering the customize loader (so we play nicely with infinite scroll).
* Use data attributes on .load-customize links instead of parsing the href.
* Properly translate the 'Customize' string instead of injecting the replacement with JS.

git-svn-id: https://develop.svn.wordpress.org/trunk@20352 602fd350-edb4-49c9-b593-d223f7449a82
2012-04-04 21:02:29 +00:00
Daryl Koopersmith 90a115e4b4 Partially revert [20100]. The list_args JS variable cannot be extended due to its use as an argument in fetch-list. see #19815.
We should reattempt extending the args created in WP_List_Table, but will need to deprecate the current list_args to do so.

Also, infinite scroll on themes pages is no longer broken. Go team.

git-svn-id: https://develop.svn.wordpress.org/trunk@20104 602fd350-edb4-49c9-b593-d223f7449a82
2012-03-03 02:40:43 +00:00
Andrew Nacin b6b4d37fcb Allow WP_List_Table::_js_vars() to take an array of additional args to add. Allows us to have a single variable printing data when child classes need more data. Also, fix compact() call in [20094]. see #19815.
git-svn-id: https://develop.svn.wordpress.org/trunk@20100 602fd350-edb4-49c9-b593-d223f7449a82
2012-03-02 23:06:31 +00:00
Andrew Nacin 43209998c6 Output themes and theme-install infinite scrolling args in JS, rather than parsing query strings. props DH-Shredder, helenyhou. Make WP_Theme_Install_List_Table extend WP_Themes_List_Table. Doesn't help much yet, but we should be able to dry things up further. see #19815.
git-svn-id: https://develop.svn.wordpress.org/trunk@20094 602fd350-edb4-49c9-b593-d223f7449a82
2012-03-02 22:09:26 +00:00
Andrew Nacin eee4414129 Remove debug cruft.
git-svn-id: https://develop.svn.wordpress.org/trunk@20068 602fd350-edb4-49c9-b593-d223f7449a82
2012-03-02 00:13:05 +00:00
Andrew Nacin 12aa35e6aa Remove theme tags from the themes.php UI. They just take up room and are redundant with the feature filter. The installer already does not show tags. props DH-Shredder, fixes #20147.
git-svn-id: https://develop.svn.wordpress.org/trunk@20065 602fd350-edb4-49c9-b593-d223f7449a82
2012-03-01 23:58:10 +00:00
Andrew Nacin cc503e4315 In WP_Themes_List_Table, don't perform unnecessary sanitization on search terms or filter features. We only use these for case-insensitive comparison. see #19815.
git-svn-id: https://develop.svn.wordpress.org/trunk@20048 602fd350-edb4-49c9-b593-d223f7449a82
2012-02-29 22:19:18 +00:00
Andrew Nacin 47db4344b9 Have WP_Theme::get_screenshot() default to an absolute URI. Allow 'relative' to be requested. see #20103, see #19816.
git-svn-id: https://develop.svn.wordpress.org/trunk@20043 602fd350-edb4-49c9-b593-d223f7449a82
2012-02-29 20:31:56 +00:00
Andrew Nacin 53a209a4ee Introduce WP_Theme, wp_get_themes(), and wp_get_theme() to replace get_themes(), get_theme(), get_theme_data(), current_theme_info(), and others.
* Getters and Helpers: Introduces a series of methods to allow for easy generation of headers for display, and other theme metadata, including page templates.
 * Screenshots: Handles support for multiple screenshots. (see # Additional screenshots must be PNG and start with screenshot-2.png, and be sequential to be counted. see #19816.
 * Error Handling: Broken themes have a WP_Error object attached to them.
 * Caching: Introduces a wp_cache_themes_persistently filter (also in [20020]) to enable persistent caching of all filesystem and sanitization operations normally handled by WP_Theme (and formerly get_file_data() and get_themes()). Themes are cached individually and across five different cache keys for different data pieces.
 * Compatibility: A WP_Theme object is backwards compatible with a theme's array formerly returned by get_themes() and get_theme(), and an stdClass object formerly returned by current_theme_info().
 * i18n/L10n: Theme headers are now localizable with proper Text Domain and Domain Path headers, like plugins. (Language packs may remove the requirement for headers.) For page templates, see #6007 (not fixed yet, but will be easy now). For headers, fixes #15858.
 * PHP and CSS files: New methods that fetch a list of theme files (for the theme editor) only on demand, rather than only loading them into memory. fixes #11214.

Functions deprecated:
 * get_themes(), get_allowed_themes() and get_broken_themes() -- use wp_get_themes()
 * get_theme() and current_theme_info() -- use wp_get_theme()
 * get_site_allowed_themes() -- use WP_Theme::get_allowed_on_network()
 * wpmu_get_blog_allowedthemes() -- use WP_theme::get_allowed_on_site()

see also [20016], [20018], [20019], [20020], [20021], [20022], [20025], [20026], [20027]. also fixes #19244.

see #20103.



git-svn-id: https://develop.svn.wordpress.org/trunk@20029 602fd350-edb4-49c9-b593-d223f7449a82
2012-02-28 21:24:44 +00:00
Andrew Nacin f0c5c18d81 Faster theme searching. Only calculate what is necessary -- if the theme doesn't have all of the features, bail. If a word matches a tag or header, jump to the next word, we don't care how many times it matches. see #20103.
git-svn-id: https://develop.svn.wordpress.org/trunk@20027 602fd350-edb4-49c9-b593-d223f7449a82
2012-02-28 20:51:19 +00:00
Andrew Nacin 3924c4aab5 Don't sanitize theme tags while trying to search through them, as it is unnecessary. It is also very expensive -- 50% of the pageload for a search was spent sanitizing tags. see #20103.
git-svn-id: https://develop.svn.wordpress.org/trunk@20026 602fd350-edb4-49c9-b593-d223f7449a82
2012-02-28 20:41:53 +00:00
Andrew Nacin 7327a30867 Preserve keys when splitting themes up for pagination. props Utkarsh. fixes #15306.
git-svn-id: https://develop.svn.wordpress.org/trunk@19980 602fd350-edb4-49c9-b593-d223f7449a82
2012-02-23 14:42:01 +00:00
Ryan Boren 1597835e12 Infinite scroll for themes.php and theme-install.php. Bump per page limit for themes.php to 999. Props helenyhou, DH-Shredder. see #19815
git-svn-id: https://develop.svn.wordpress.org/trunk@19887 602fd350-edb4-49c9-b593-d223f7449a82
2012-02-09 17:20:26 +00:00
Ryan Boren f8dc7fe757 Hide theme details by default. Props helenyhou, DH-Shredder. fixes #19853
git-svn-id: https://develop.svn.wordpress.org/trunk@19840 602fd350-edb4-49c9-b593-d223f7449a82
2012-02-06 20:54:01 +00:00
Andrew Nacin b3b0fa681d Use home_url() rather than get_option() + is_ssl(). props ocean90, fixes #19942.
git-svn-id: https://develop.svn.wordpress.org/trunk@19811 602fd350-edb4-49c9-b593-d223f7449a82
2012-02-01 22:31:35 +00:00
Ryan Boren 2b186b0c45 Lose EOF ?>. Clean up EOF newlines. fixes #12307
git-svn-id: https://develop.svn.wordpress.org/trunk@19712 602fd350-edb4-49c9-b593-d223f7449a82
2012-01-08 17:01:11 +00:00
Ryan Boren 676ba7043e Use one space, not two, after trailing punctuation. fixes #19537
git-svn-id: https://develop.svn.wordpress.org/trunk@19593 602fd350-edb4-49c9-b593-d223f7449a82
2011-12-13 23:45:31 +00:00
Andrew Ozz aea659a859 Responsive themes screen, props helenyhou, see #18198
git-svn-id: https://develop.svn.wordpress.org/trunk@18673 602fd350-edb4-49c9-b593-d223f7449a82
2011-09-15 04:26:26 +00:00
Dion Hulse 912ede4176 Ensure all theme searching is done case-insensitive. Props solarissmoke for initial path. Fixes #17059
git-svn-id: https://develop.svn.wordpress.org/trunk@17691 602fd350-edb4-49c9-b593-d223f7449a82
2011-04-23 13:01:52 +00:00
Ryan Boren 451d7d8ffb Pink the whites.
git-svn-id: https://develop.svn.wordpress.org/trunk@17435 602fd350-edb4-49c9-b593-d223f7449a82
2011-02-09 17:35:36 +00:00
Andrew Nacin 2b4674a3b4 Remove AJAX from list tables. first pass. see #16262.
git-svn-id: https://develop.svn.wordpress.org/trunk@17322 602fd350-edb4-49c9-b593-d223f7449a82
2011-01-16 21:47:24 +00:00
Ryan Boren 5844e953a8 Improve presentation when there are no available themes. Props solarissmoke, garyc40. fixes #16196
git-svn-id: https://develop.svn.wordpress.org/trunk@17303 602fd350-edb4-49c9-b593-d223f7449a82
2011-01-15 00:35:29 +00:00
Andrew Nacin 6d0af32ea7 Add nonces to instances where the list table display() method is overridden. see #16188.
git-svn-id: https://develop.svn.wordpress.org/trunk@17262 602fd350-edb4-49c9-b593-d223f7449a82
2011-01-11 22:42:22 +00:00
Ryan Boren 1f3ea01d78 List table spinner. Props scribu. see #15580
git-svn-id: https://develop.svn.wordpress.org/trunk@17090 602fd350-edb4-49c9-b593-d223f7449a82
2010-12-20 18:45:05 +00:00
Peter Westwood e7e3b8fde9 Make note that this is a preview_iframe. See #15856
git-svn-id: https://develop.svn.wordpress.org/trunk@17018 602fd350-edb4-49c9-b593-d223f7449a82
2010-12-17 08:30:33 +00:00
scribu 96e692baed Always display the table, with a placeholder row when there are no items. Fixes #15849
git-svn-id: https://develop.svn.wordpress.org/trunk@17002 602fd350-edb4-49c9-b593-d223f7449a82
2010-12-16 19:05:14 +00:00
Andrew Nacin 266cd3f5df Replace check_permissions() with ajax_user_can(). New method returns true/false to current_user_can(), which we then handle in admin ajax. see #15326.
git-svn-id: https://develop.svn.wordpress.org/trunk@16992 602fd350-edb4-49c9-b593-d223f7449a82
2010-12-16 09:18:28 +00:00
Andrew Nacin afecafe7ab Remove check_permissions() calls outside of AJAX context. Also only check for switch_themes in check_permissions() for the themes table. see #15326.
git-svn-id: https://develop.svn.wordpress.org/trunk@16990 602fd350-edb4-49c9-b593-d223f7449a82
2010-12-16 08:43:22 +00:00
Andrew Nacin 63d7b51d01 Adjust branching and errors in WP_Themes_List_Table::no_items(). fixes #15751.
git-svn-id: https://develop.svn.wordpress.org/trunk@16838 602fd350-edb4-49c9-b593-d223f7449a82
2010-12-09 16:12:04 +00:00
Andrew Nacin 689a65c8e6 Don't reference nonexistent tabs. see #15707.
git-svn-id: https://develop.svn.wordpress.org/trunk@16759 602fd350-edb4-49c9-b593-d223f7449a82
2010-12-06 21:37:35 +00:00
Andrew Nacin 975fb7af21 Don't show theme deletion link in multisite in the site admin. Also, link to proper theme-install when using multisite if there are no themes. see #15707.
git-svn-id: https://develop.svn.wordpress.org/trunk@16756 602fd350-edb4-49c9-b593-d223f7449a82
2010-12-06 20:48:41 +00:00