Commit Graph

75 Commits

Author SHA1 Message Date
Andrew Nacin 08687bc804 More robust escaping in the plugin/theme upgrader.
git-svn-id: https://develop.svn.wordpress.org/trunk@24474 602fd350-edb4-49c9-b593-d223f7449a82
2013-06-21 05:54:40 +00:00
Ryan Boren c363aea627 Revert 23416, 23419, 23445 except for wp_reset_vars() changes. We are going a different direction with the slashing cleanup, so resetting to a clean slate. see #21767
git-svn-id: https://develop.svn.wordpress.org/trunk@23554 602fd350-edb4-49c9-b593-d223f7449a82
2013-03-01 16:28:40 +00:00
Ryan Boren a6c8efadb9 Change all core API to expect unslashed rather than slashed arguments.
The exceptions to this are update_post_meta() and add_post_meta() which are often used by plugins in POST handlers and will continue accepting slashed data for now.

Introduce wp_upate_post_meta() and wp_add_post_meta() as unslashed alternatives to update_post_meta() and add_post_meta(). These functions could become methods in WP_Post so don't use them too heavily yet.

Remove all escape() calls from wp_xmlrpc_server. Now that core expects unslashed data this is no longer needed.

Remove addslashes(), addslashes_gpc(), add_magic_quotes() calls on data being prepared for handoff to core functions that until now expected slashed data. Adding slashes in no longer necessary.

Introduce wp_unslash() and use to it remove slashes from GPCS data before using it in core API. Almost every instance of stripslashes() in core should now be wp_unslash(). In the future (a release or three) when GPCS is no longer slashed, wp_unslash() will stop stripping slashes and simply return what is passed. At this point wp_unslash() calls can be removed from core.

Introduce wp_slash() for slashing GPCS data. This will also turn into a noop once GPCS is no longer slashed. wp_slash() should almost never be used. It is mainly of use in unit tests.

Plugins should use wp_unslash() on data being passed to core API.

Plugins should no longer slash data being passed to core. So when you get_post() and then wp_insert_post() the post data from get_post() no longer needs addslashes(). Most plugins were not bothering with this. They will magically start doing the right thing. Unfortunately, those few souls who did it properly will now have to avoid calling addslashes() for 3.6 and newer.

Use wp_kses_post() and wp_kses_data(), which expect unslashed data, instead of wp_filter_post_kses() and wp_filter_kses(), which expect slashed data. Filters are no longer passed slashed data.

Remove many no longer necessary calls to $wpdb->escape() and esc_sql().

In wp_get_referer() and wp_get_original_referer(), return unslashed data.

Remove old stripslashes() calls from WP_Widget::update() handlers. These haven't been necessary since WP_Widget.

Switch several queries over to prepare().

Expect something to break.

Props alexkingorg
see #21767


git-svn-id: https://develop.svn.wordpress.org/trunk@23416 602fd350-edb4-49c9-b593-d223f7449a82
2013-02-14 22:51:06 +00:00
Andrew Nacin 496ae7b83f Merge some strings. props pavelevap. fixes #22306.
git-svn-id: https://develop.svn.wordpress.org/trunk@22430 602fd350-edb4-49c9-b593-d223f7449a82
2012-11-07 19:37:54 +00:00
Daryl Koopersmith a43958baeb Theme Customizer: Allow the customize iframe to be accessed directly (with full feature support). see #19910.
* Move the 'Return to Manage Themes' and 'Collapse Sidebar' actions from themes.php to customize-controls.php.
* Create a postMessage connection between themes.php and customize-controls.php.
* Allow the theme customizer to be accessed directly (independent of themes.php and the customize loader).
* Add wp_customize_href() and wp_customize_url().
* Remove wp_customize_loader(). To include the loader, use wp_enqueue_script( 'customize-loader' ).
* The theme customizer now requires postMessage browser support.
* Add .hide-if-customize and .hide-if-no-customize CSS classes.
* Clean up customize-preview.js.

git-svn-id: https://develop.svn.wordpress.org/trunk@20476 602fd350-edb4-49c9-b593-d223f7449a82
2012-04-16 14:02:28 +00:00
Daryl Koopersmith 955ca76116 Replace all instances of thickbox theme preview with the theme customizer. fixes #20404.
* Use theme customizer in theme install/update screens.
* Separate the customize loader from the customizer. Use wp_customize_loader() to include the loader script and markup.
* Deprecated: wp-admin/js/theme-preview.js is now no longer used by core.

git-svn-id: https://develop.svn.wordpress.org/trunk@20419 602fd350-edb4-49c9-b593-d223f7449a82
2012-04-10 02:25:03 +00:00
Andrew Nacin 01be85d9c2 Support child theme installation in the theme installer. props otto42, dd32. fixes #13774.
git-svn-id: https://develop.svn.wordpress.org/trunk@20267 602fd350-edb4-49c9-b593-d223f7449a82
2012-03-23 10:10:06 +00:00
Dion Hulse 06338d1653 Store Plugin/Theme uploads in the Media Library properly. Add Scheduled cleanup +2hrs to clean up any aborted installation attempts. See #18182
git-svn-id: https://develop.svn.wordpress.org/trunk@18617 602fd350-edb4-49c9-b593-d223f7449a82
2011-08-28 08:42:07 +00:00
Dion Hulse 4f8bd53070 Only clean up the uploaded files after a successful (or failed) install. Allows files to persist past the FTP credential screen. See #18182
git-svn-id: https://develop.svn.wordpress.org/trunk@18616 602fd350-edb4-49c9-b593-d223f7449a82
2011-08-28 05:51:38 +00:00
Dion Hulse 9c571521a3 Clean up Plugin/Theme uploads after successfully installing them. Restores pre-3.2 behaviour. See #18182
git-svn-id: https://develop.svn.wordpress.org/trunk@18614 602fd350-edb4-49c9-b593-d223f7449a82
2011-08-28 03:51:35 +00:00
Andrew Nacin 3d84216d69 Remove more E_RECOVERABLE_ERROR checks. props duck_, see #16920.
git-svn-id: https://develop.svn.wordpress.org/trunk@17632 602fd350-edb4-49c9-b593-d223f7449a82
2011-04-12 09:21:13 +00:00
Andrew Nacin acdd0eff66 IFRAME_REQUEST for network/update.php. props duck_, see #15724.
git-svn-id: https://develop.svn.wordpress.org/trunk@16860 602fd350-edb4-49c9-b593-d223f7449a82
2010-12-10 18:25:18 +00:00
Ryan Boren a53a2f0f04 Define IFRAME_REQUEST only for framed requests. Props ocean90. fixes #15721
git-svn-id: https://develop.svn.wordpress.org/trunk@16780 602fd350-edb4-49c9-b593-d223f7449a82
2010-12-07 23:05:27 +00:00
scribu 8c5878f8ec remove redundant require()s in wp-admin/update.php. See #15679
git-svn-id: https://develop.svn.wordpress.org/trunk@16735 602fd350-edb4-49c9-b593-d223f7449a82
2010-12-05 21:12:40 +00:00
scribu 8d2cf2d793 More s/upgrade/update. Props michaelh. See #15656
git-svn-id: https://develop.svn.wordpress.org/trunk@16701 602fd350-edb4-49c9-b593-d223f7449a82
2010-12-03 09:16:28 +00:00
Peter Westwood 1626139659 Remove WP_SHOW_ADMIN_BAR and go off existing and new defines on page type. See #15315
git-svn-id: https://develop.svn.wordpress.org/trunk@16221 602fd350-edb4-49c9-b593-d223f7449a82
2010-11-06 09:41:03 +00:00
scribu 7d80f2e1b3 Don't call activation hooks when upgrading. Props joelhardi for initial patch. See #14915
git-svn-id: https://develop.svn.wordpress.org/trunk@16012 602fd350-edb4-49c9-b593-d223f7449a82
2010-10-27 13:40:14 +00:00
Dion Hulse 82443ce769 Use Absolute URL's & API's in header redirects in more locations. See #14062
git-svn-id: https://develop.svn.wordpress.org/trunk@16008 602fd350-edb4-49c9-b593-d223f7449a82
2010-10-27 10:43:43 +00:00
Ryan Boren 771bf8b862 Add plugin update notifications, plugin install, plugin update to the network admin screen. Props PeteMall. see #15129
git-svn-id: https://develop.svn.wordpress.org/trunk@15867 602fd350-edb4-49c9-b593-d223f7449a82
2010-10-20 14:16:03 +00:00
Ryan Boren 8b610e7c83 Allow turning off the admin bar via WP_SHOW_ADMIN_BAR constant, no_admin_bar() function, or show_admin_bar filter. see #14772
git-svn-id: https://develop.svn.wordpress.org/trunk@15834 602fd350-edb4-49c9-b593-d223f7449a82
2010-10-18 17:58:36 +00:00
Dion Hulse 94487bb9ea Add Importer support to Plugin Install workflow, Offers to Activate Plugin & Run installer, and returning to Imports upon successful Importer Plugin Installation. See #13566
git-svn-id: https://develop.svn.wordpress.org/trunk@14985 602fd350-edb4-49c9-b593-d223f7449a82
2010-05-27 11:04:08 +00:00
Andrew Nacin 63fa3e7f3f Support network-wide plugin re-activation in upgrades and edits. props PeteMall, fixes #13216
git-svn-id: https://develop.svn.wordpress.org/trunk@14348 602fd350-edb4-49c9-b593-d223f7449a82
2010-05-02 22:57:44 +00:00
Andrew Nacin 8800622876 s/blog/site/ in more places. props PeteMall, see #11644.
git-svn-id: https://develop.svn.wordpress.org/trunk@14313 602fd350-edb4-49c9-b593-d223f7449a82
2010-04-30 01:54:32 +00:00
Andrew Nacin ec4f5b83bf Use relative paths when including files, avoiding include_path. fixes #12594, props sorich87.
git-svn-id: https://develop.svn.wordpress.org/trunk@14139 602fd350-edb4-49c9-b593-d223f7449a82
2010-04-18 06:14:45 +00:00
Dion Hulse 85706b7347 Fix a typo in the Theme Bulk upgrader. Fixes upgrading for those using FTP.
git-svn-id: https://develop.svn.wordpress.org/trunk@14017 602fd350-edb4-49c9-b593-d223f7449a82
2010-04-06 11:28:55 +00:00
Dion Hulse 12c0c3d475 Highlight correct submenu for Theme Installs. Fix PHP Notice for unset object properties (requires among others may not be set).
git-svn-id: https://develop.svn.wordpress.org/trunk@13763 602fd350-edb4-49c9-b593-d223f7449a82
2010-03-19 08:03:52 +00:00
Ryan Boren e61755c853 Trim trailing whitespace
git-svn-id: https://develop.svn.wordpress.org/trunk@13733 602fd350-edb4-49c9-b593-d223f7449a82
2010-03-17 16:27:25 +00:00
Dion Hulse 34e135fa81 Bulk Theme Upgrades. See #12528 See #11232 for Bulk UI
git-svn-id: https://develop.svn.wordpress.org/trunk@13686 602fd350-edb4-49c9-b593-d223f7449a82
2010-03-13 03:59:40 +00:00
Dion Hulse 0dbad6d7b5 First scrape at new UI for Bulk plugin upgrades. See #11232
git-svn-id: https://develop.svn.wordpress.org/trunk@13602 602fd350-edb4-49c9-b593-d223f7449a82
2010-03-06 08:39:50 +00:00
Dion Hulse 4997601dd1 Display PHP Start-up Errors/Warnings. Props Denis-de-Bernardy. Fixes #12395.
git-svn-id: https://develop.svn.wordpress.org/trunk@13499 602fd350-edb4-49c9-b593-d223f7449a82
2010-02-28 12:19:09 +00:00
Ryan Boren 2e46e81309 i18n fixes. Props nbachiyski. fixes #11954
git-svn-id: https://develop.svn.wordpress.org/trunk@12789 602fd350-edb4-49c9-b593-d223f7449a82
2010-01-21 21:37:43 +00:00
Ryan Boren e2adfc832a Coding standards, space after if
git-svn-id: https://develop.svn.wordpress.org/trunk@12752 602fd350-edb4-49c9-b593-d223f7449a82
2010-01-18 20:34:48 +00:00
Andrew Ozz c2fa5860cc Do not stop plugin activation due to E_DEPRECATED errors in php 5.3, props Denis-de-Bernardy, fixes #11250
git-svn-id: https://develop.svn.wordpress.org/trunk@12383 602fd350-edb4-49c9-b593-d223f7449a82
2009-12-12 09:20:07 +00:00
Ryan Boren 12c7093645 Trailing whitespace cleanup
git-svn-id: https://develop.svn.wordpress.org/trunk@11013 602fd350-edb4-49c9-b593-d223f7449a82
2009-04-20 18:18:39 +00:00
Ryan Boren f09b95e5f5 Install/upgrade cleanups. Props DD32, sivel. see #7875
git-svn-id: https://develop.svn.wordpress.org/trunk@11012 602fd350-edb4-49c9-b593-d223f7449a82
2009-04-20 18:15:08 +00:00
Ryan Boren 603fba4ad4 consolidate plugin/theme/core upgrade/install functions. Props DD32. see #7875
git-svn-id: https://develop.svn.wordpress.org/trunk@11005 602fd350-edb4-49c9-b593-d223f7449a82
2009-04-19 19:36:28 +00:00
Ryan Boren 2b03edd1a6 Fix upgrade theme nonce.
git-svn-id: https://develop.svn.wordpress.org/trunk@10924 602fd350-edb4-49c9-b593-d223f7449a82
2009-04-13 16:26:00 +00:00
Ryan Boren 436520dc92 Add screen icon for plugin upgrade. Props demetris. fixes #9410
git-svn-id: https://develop.svn.wordpress.org/trunk@10850 602fd350-edb4-49c9-b593-d223f7449a82
2009-03-30 16:26:48 +00:00
Ryan Boren baaaa352ba Strip trailing whitespace
git-svn-id: https://develop.svn.wordpress.org/trunk@10150 602fd350-edb4-49c9-b593-d223f7449a82
2008-12-09 18:03:31 +00:00
Mark Jaquith 208c7a2c74 Hide scrollbar on plugin reactivation iframe. fixes #8498
git-svn-id: https://develop.svn.wordpress.org/trunk@10141 602fd350-edb4-49c9-b593-d223f7449a82
2008-12-09 12:08:40 +00:00
Ryan Boren cc11baaae0 Fix menu parents. see #8421
git-svn-id: https://develop.svn.wordpress.org/trunk@9967 602fd350-edb4-49c9-b593-d223f7449a82
2008-11-29 18:09:09 +00:00
Ryan Boren 7e60469f08 More core update to update-core.php. Allow re-installing current version (requires api.wp.org changes)
git-svn-id: https://develop.svn.wordpress.org/trunk@9543 602fd350-edb4-49c9-b593-d223f7449a82
2008-11-06 03:31:41 +00:00
Ryan Boren 769544395d Better i18n support for automatic upgrade. Props nbachiyski. fixes #8023
git-svn-id: https://develop.svn.wordpress.org/trunk@9441 602fd350-edb4-49c9-b593-d223f7449a82
2008-10-31 18:51:06 +00:00
Ryan Boren ea92c4ec2e Update backup link. Props MichaelH . fixes #7899
git-svn-id: https://develop.svn.wordpress.org/trunk@9279 602fd350-edb4-49c9-b593-d223f7449a82
2008-10-22 16:41:01 +00:00
Ryan Boren 0d579c5a62 Link to better codex article for backups. Props MichaelH. see #7899
git-svn-id: https://develop.svn.wordpress.org/trunk@9258 602fd350-edb4-49c9-b593-d223f7449a82
2008-10-20 21:16:07 +00:00
Ryan Boren f747c73435 Link to codex for instructions on backing up the blog instead of suggesting export. see #7899
git-svn-id: https://develop.svn.wordpress.org/trunk@9253 602fd350-edb4-49c9-b593-d223f7449a82
2008-10-20 17:32:45 +00:00
Matt Mullenweg 99926fafae Unsquish text so it doesn't run into each other.
git-svn-id: https://develop.svn.wordpress.org/trunk@9150 602fd350-edb4-49c9-b593-d223f7449a82
2008-10-14 01:33:27 +00:00
Ryan Boren fdd835c97e Plugin install from DD32. see #6015
git-svn-id: https://develop.svn.wordpress.org/trunk@9141 602fd350-edb4-49c9-b593-d223f7449a82
2008-10-13 23:39:56 +00:00
Ryan Boren 41be4ce5f5 Verbage tweak
git-svn-id: https://develop.svn.wordpress.org/trunk@9034 602fd350-edb4-49c9-b593-d223f7449a82
2008-09-29 23:48:48 +00:00
Ryan Boren 7e52e7ee44 Suggest backing up before proceeding with upgrade
git-svn-id: https://develop.svn.wordpress.org/trunk@9033 602fd350-edb4-49c9-b593-d223f7449a82
2008-09-29 23:47:33 +00:00