Commit Graph

198 Commits

Author SHA1 Message Date
Ryan Boren e737c7120e Use prepare instead of escape.
see #21767


git-svn-id: https://develop.svn.wordpress.org/trunk@23564 602fd350-edb4-49c9-b593-d223f7449a82
2013-03-01 17:01:01 +00:00
Ryan Boren c363aea627 Revert 23416, 23419, 23445 except for wp_reset_vars() changes. We are going a different direction with the slashing cleanup, so resetting to a clean slate. see #21767
git-svn-id: https://develop.svn.wordpress.org/trunk@23554 602fd350-edb4-49c9-b593-d223f7449a82
2013-03-01 16:28:40 +00:00
Ryan Boren a6c8efadb9 Change all core API to expect unslashed rather than slashed arguments.
The exceptions to this are update_post_meta() and add_post_meta() which are often used by plugins in POST handlers and will continue accepting slashed data for now.

Introduce wp_upate_post_meta() and wp_add_post_meta() as unslashed alternatives to update_post_meta() and add_post_meta(). These functions could become methods in WP_Post so don't use them too heavily yet.

Remove all escape() calls from wp_xmlrpc_server. Now that core expects unslashed data this is no longer needed.

Remove addslashes(), addslashes_gpc(), add_magic_quotes() calls on data being prepared for handoff to core functions that until now expected slashed data. Adding slashes in no longer necessary.

Introduce wp_unslash() and use to it remove slashes from GPCS data before using it in core API. Almost every instance of stripslashes() in core should now be wp_unslash(). In the future (a release or three) when GPCS is no longer slashed, wp_unslash() will stop stripping slashes and simply return what is passed. At this point wp_unslash() calls can be removed from core.

Introduce wp_slash() for slashing GPCS data. This will also turn into a noop once GPCS is no longer slashed. wp_slash() should almost never be used. It is mainly of use in unit tests.

Plugins should use wp_unslash() on data being passed to core API.

Plugins should no longer slash data being passed to core. So when you get_post() and then wp_insert_post() the post data from get_post() no longer needs addslashes(). Most plugins were not bothering with this. They will magically start doing the right thing. Unfortunately, those few souls who did it properly will now have to avoid calling addslashes() for 3.6 and newer.

Use wp_kses_post() and wp_kses_data(), which expect unslashed data, instead of wp_filter_post_kses() and wp_filter_kses(), which expect slashed data. Filters are no longer passed slashed data.

Remove many no longer necessary calls to $wpdb->escape() and esc_sql().

In wp_get_referer() and wp_get_original_referer(), return unslashed data.

Remove old stripslashes() calls from WP_Widget::update() handlers. These haven't been necessary since WP_Widget.

Switch several queries over to prepare().

Expect something to break.

Props alexkingorg
see #21767


git-svn-id: https://develop.svn.wordpress.org/trunk@23416 602fd350-edb4-49c9-b593-d223f7449a82
2013-02-14 22:51:06 +00:00
Andrew Nacin ced3c54124 Comment that the add_users capability was never used and has its days numbered. see #16719.
git-svn-id: https://develop.svn.wordpress.org/trunk@22300 602fd350-edb4-49c9-b593-d223f7449a82
2012-10-25 20:18:24 +00:00
Ryan Boren 4cb0404e13 Populate WPLANG site option when setting up a network. Props SergeyBiryukov. fixes #21726
git-svn-id: https://develop.svn.wordpress.org/trunk@22257 602fd350-edb4-49c9-b593-d223f7449a82
2012-10-17 20:29:53 +00:00
Ryan Boren 8cca27df25 In populate_network(), distinguish between upgrading from single to multisite and creating a new network in an existing multisite environment. When creating a new network steps related to setting up the main site must be skipped since the main site is created after populate_network() runs. Further, the global should not be modified since populating a new network does not involve switching to that network and making it current. fixes #22090
git-svn-id: https://develop.svn.wordpress.org/trunk@22240 602fd350-edb4-49c9-b593-d223f7449a82
2012-10-15 21:41:29 +00:00
Andrew Nacin ff88489bdc Remove the 'Size of the post box' (default_post_edit_rows) option. This will instead be handled by a user cookie tracking the resizing of both TinyMCE and the main textarea. see #21718.
git-svn-id: https://develop.svn.wordpress.org/trunk@22006 602fd350-edb4-49c9-b593-d223f7449a82
2012-09-26 03:17:28 +00:00
Andrew Nacin 84ca011876 Always attempt to embed URLs in content, removing the Auto-embeds (autoembed_urls) option.
Remove the UI for setting the default width and height for embeds. Width was confusing as it
was blank by default (inheriting the content width from the theme, or 500px). The height is
now calculated as 1.5x the content width, or 1000px, whichever is smaller.

The [embed] shortcode can still receive manual height and width attributes. This just removes
the global settings.

props wonderboymusic. see #21719.



git-svn-id: https://develop.svn.wordpress.org/trunk@21998 602fd350-edb4-49c9-b593-d223f7449a82
2012-09-25 07:10:09 +00:00
Andrew Nacin 8d3a9ba45b Disable multisite quotas by default on new installs. props mpvanwinkle77. fixes #21513.
git-svn-id: https://develop.svn.wordpress.org/trunk@21827 602fd350-edb4-49c9-b593-d223f7449a82
2012-09-12 15:48:40 +00:00
Andrew Nacin 7f29924c6a Remove ms-files.php rewriting from WordPress multisite. fixes #19235.
Keep existing networks compatible with a ms_files_rewriting network option.



git-svn-id: https://develop.svn.wordpress.org/trunk@21823 602fd350-edb4-49c9-b593-d223f7449a82
2012-09-11 22:22:20 +00:00
Andrew Nacin dfac91464f Remove AtomPub from core.
* Will be replaced with http://wordpress.org/extend/plugins/atom-publishing-protocol/.
 * Introduces an action, xmlrpc_rsd_apis, to add APIs to xmlrpc.php?rsd.
 * Introduces support for 'error' being 403 and 50x in class-wp.php.
 * Removes 'Remote Publishing' from Writing Settings (see [21804]). Keeps the remote_publishing settings section.

DB version is bumped to generate the new wp-app rewrite rule and remove the old enable_app option.

props wonderboymusic.
fixes #21509.



git-svn-id: https://develop.svn.wordpress.org/trunk@21818 602fd350-edb4-49c9-b593-d223f7449a82
2012-09-11 20:11:39 +00:00
Andrew Nacin 6df2aff40b Turn XML-RPC on and remove the option on the Writing Settings page.
props markoheijnen for the initial patch.

Introduces a new filter, xmlrpc_enabled.

Respects any current callbacks registered to the pre_option_enable_xmlrpc
and option_enable_xmlrpc filters, for anyone forcing it off via code.

fixes #21509.



git-svn-id: https://develop.svn.wordpress.org/trunk@21804 602fd350-edb4-49c9-b593-d223f7449a82
2012-09-11 00:37:31 +00:00
Andrew Nacin 31b1ba5cb1 Wrap the unused options line in populate_options().
git-svn-id: https://develop.svn.wordpress.org/trunk@21803 602fd350-edb4-49c9-b593-d223f7449a82
2012-09-11 00:08:58 +00:00
Ryan Boren 5b6667c43e Initialize to avoid 'Creating default object from empty value' warning in PHP 5.4.4.
git-svn-id: https://develop.svn.wordpress.org/trunk@21647 602fd350-edb4-49c9-b593-d223f7449a82
2012-08-28 18:03:12 +00:00
Andrew Nacin 8cac9d023a Remove unused multisite option 'language'. props wonderboymusic. fixes #21545.
git-svn-id: https://develop.svn.wordpress.org/trunk@21551 602fd350-edb4-49c9-b593-d223f7449a82
2012-08-20 16:43:44 +00:00
Andrew Nacin 9931c1a45d Hide the link manager from the UI on upgrade, if the site has no links. New DB option, link_manager_enabled.
Enforce this by denying the 'manage_links' capability, which hides the All Links, Add New Link, and Link Categories screens. Hide WP_Widget_Links and the UI for the default_link_category as well.

Convert all references to 'posts and links' when handling reassignment on user deletion to just 'posts'.

see #21307.



git-svn-id: https://develop.svn.wordpress.org/trunk@21501 602fd350-edb4-49c9-b593-d223f7449a82
2012-08-13 16:18:42 +00:00
Andrew Nacin 4218686707 Introduce wpdb::get_charset_collate() to return the DEFAULT CHARACTER SET and COLLATE for use in table schemas.
props simonwheatley, pento. fixes #18451.



git-svn-id: https://develop.svn.wordpress.org/trunk@21471 602fd350-edb4-49c9-b593-d223f7449a82
2012-08-08 06:13:48 +00:00
Andrew Nacin f9a131231d Always return a WP_Theme object from wp_get_theme(). Check \$theme->exists() or \$theme->errors() to confirm the requested theme actually exists. see #20361.
git-svn-id: https://develop.svn.wordpress.org/trunk@20363 602fd350-edb4-49c9-b593-d223f7449a82
2012-04-05 01:05:49 +00:00
Andrew Nacin 47a29d2c26 Ensure we get a theme back from wp_get_theme() before checking ->errors(). see #20103.
git-svn-id: https://develop.svn.wordpress.org/trunk@20331 602fd350-edb4-49c9-b593-d223f7449a82
2012-03-30 16:35:51 +00:00
Andrew Nacin 0459805741 Increase default upload space for sites on a network from 10M to 100M. props andrea_r. fixes #18831.
git-svn-id: https://develop.svn.wordpress.org/trunk@20170 602fd350-edb4-49c9-b593-d223f7449a82
2012-03-10 22:07:17 +00:00
Jon Cave 9e9f4ad923 Use WP_Rewrite::set_permalink_structure instead of plain update_option() in populate_network(). Fixes #20174.
This has the benefit of calling WP_Rewrite::init() which correctly resets the permalink_structure
property of the $wp_rewrite global so that the rewrite rules generated on the next flush are correct.


git-svn-id: https://develop.svn.wordpress.org/trunk@20117 602fd350-edb4-49c9-b593-d223f7449a82
2012-03-05 17:39:26 +00:00
Andrew Nacin 129754ed3d Don't autoload the uninstall_plugins option. fixes #16741.
git-svn-id: https://develop.svn.wordpress.org/trunk@20080 602fd350-edb4-49c9-b593-d223f7449a82
2012-03-02 20:13:35 +00:00
Andrew Nacin 53a209a4ee Introduce WP_Theme, wp_get_themes(), and wp_get_theme() to replace get_themes(), get_theme(), get_theme_data(), current_theme_info(), and others.
* Getters and Helpers: Introduces a series of methods to allow for easy generation of headers for display, and other theme metadata, including page templates.
 * Screenshots: Handles support for multiple screenshots. (see # Additional screenshots must be PNG and start with screenshot-2.png, and be sequential to be counted. see #19816.
 * Error Handling: Broken themes have a WP_Error object attached to them.
 * Caching: Introduces a wp_cache_themes_persistently filter (also in [20020]) to enable persistent caching of all filesystem and sanitization operations normally handled by WP_Theme (and formerly get_file_data() and get_themes()). Themes are cached individually and across five different cache keys for different data pieces.
 * Compatibility: A WP_Theme object is backwards compatible with a theme's array formerly returned by get_themes() and get_theme(), and an stdClass object formerly returned by current_theme_info().
 * i18n/L10n: Theme headers are now localizable with proper Text Domain and Domain Path headers, like plugins. (Language packs may remove the requirement for headers.) For page templates, see #6007 (not fixed yet, but will be easy now). For headers, fixes #15858.
 * PHP and CSS files: New methods that fetch a list of theme files (for the theme editor) only on demand, rather than only loading them into memory. fixes #11214.

Functions deprecated:
 * get_themes(), get_allowed_themes() and get_broken_themes() -- use wp_get_themes()
 * get_theme() and current_theme_info() -- use wp_get_theme()
 * get_site_allowed_themes() -- use WP_Theme::get_allowed_on_network()
 * wpmu_get_blog_allowedthemes() -- use WP_theme::get_allowed_on_site()

see also [20016], [20018], [20019], [20020], [20021], [20022], [20025], [20026], [20027]. also fixes #19244.

see #20103.



git-svn-id: https://develop.svn.wordpress.org/trunk@20029 602fd350-edb4-49c9-b593-d223f7449a82
2012-02-28 21:24:44 +00:00
Jon Cave cafa8dab24 Reduce references to the $wp_rewrite global because it's no longer used or a wrapper function can be used instead. Fixes #14546.#14546.
git-svn-id: https://develop.svn.wordpress.org/trunk@20023 602fd350-edb4-49c9-b593-d223f7449a82
2012-02-28 20:29:33 +00:00
Ryan Boren 6622691fbf Switch post_content_filtered from text to longtext so that it matches post_content. Props ejdanderson. fixes #19387
git-svn-id: https://develop.svn.wordpress.org/trunk@19863 602fd350-edb4-49c9-b593-d223f7449a82
2012-02-08 14:51:18 +00:00
Ryan Boren 52048ffa75 Drop the comment_approved index from the comments table. comment_approved_date_gmt is sufficient. fixes #19935
git-svn-id: https://develop.svn.wordpress.org/trunk@19799 602fd350-edb4-49c9-b593-d223f7449a82
2012-01-31 18:26:07 +00:00
Ryan Boren 3d3073d095 Remove blog_id column from wp_options. Props scribu. fixes #17188
git-svn-id: https://develop.svn.wordpress.org/trunk@19793 602fd350-edb4-49c9-b593-d223f7449a82
2012-01-30 20:47:25 +00:00
Andrew Nacin fd475e222d Use the _x context function. props Mamaduka. see #19601.
git-svn-id: https://develop.svn.wordpress.org/trunk@19788 602fd350-edb4-49c9-b593-d223f7449a82
2012-01-29 23:43:14 +00:00
Andrew Nacin 7ed9b79485 Allow translators to specify a default timezone string OR GMT offset. Stop doing date('Z')/3600 math for default gmt_offset, as since WP 2.9, we set server time to UTC. Server time is unreliable, so no workarounds for now. fixes #19601.
git-svn-id: https://develop.svn.wordpress.org/trunk@19785 602fd350-edb4-49c9-b593-d223f7449a82
2012-01-29 20:04:11 +00:00
Andrew Nacin 75b11699c1 Use the site's locale for the feed language. Provides the same result as language_attributes(). Removes the rss_language option. fixes #13440. see #5517.
git-svn-id: https://develop.svn.wordpress.org/trunk@19784 602fd350-edb4-49c9-b593-d223f7449a82
2012-01-29 19:56:33 +00:00
Andrew Nacin 2bb75d0e27 Offer start_of_week for translation. see #19601.
git-svn-id: https://develop.svn.wordpress.org/trunk@19780 602fd350-edb4-49c9-b593-d223f7449a82
2012-01-29 04:21:53 +00:00
Ryan Boren 2b186b0c45 Lose EOF ?>. Clean up EOF newlines. fixes #12307
git-svn-id: https://develop.svn.wordpress.org/trunk@19712 602fd350-edb4-49c9-b593-d223f7449a82
2012-01-08 17:01:11 +00:00
Ryan Boren 676ba7043e Use one space, not two, after trailing punctuation. fixes #19537
git-svn-id: https://develop.svn.wordpress.org/trunk@19593 602fd350-edb4-49c9-b593-d223f7449a82
2011-12-13 23:45:31 +00:00
Ryan Boren ef187a99f6 Initialize active_sitewide_plugins during network install and upgrade. fixes #19385
git-svn-id: https://develop.svn.wordpress.org/trunk@19470 602fd350-edb4-49c9-b593-d223f7449a82
2011-11-28 20:35:36 +00:00
Mark Jaquith eae2fc5944 Fix "wp_db_current_db_version" typo. see #18693
git-svn-id: https://develop.svn.wordpress.org/trunk@19411 602fd350-edb4-49c9-b593-d223f7449a82
2011-11-22 22:05:42 +00:00
Mark Jaquith 00fd073cc0 Introduce initial_db_version and leverage it so that pointers only get shown to updated installs, not new 3.3 installs. props nacin. see #18693
git-svn-id: https://develop.svn.wordpress.org/trunk@19410 602fd350-edb4-49c9-b593-d223f7449a82
2011-11-22 21:50:50 +00:00
Ryan Boren 371bb1eb98 Properly handle child themes for WP_DEFAULT_THEME. Props SergeyBiryukov. fixes #18591
git-svn-id: https://develop.svn.wordpress.org/trunk@19249 602fd350-edb4-49c9-b593-d223f7449a82
2011-11-10 21:06:57 +00:00
Dion Hulse 527935e883 Fix Undefined Variable Notices when no charset/collate is set for $wpdb. See #12028
git-svn-id: https://develop.svn.wordpress.org/trunk@18986 602fd350-edb4-49c9-b593-d223f7449a82
2011-10-18 02:48:07 +00:00
Ryan Boren 319d070078 Introduce wp_get_db_schema() for rerieving the various flavors of the WP db schema. Eliminates need to use global. Allows multiple calls to wpmu_create_blog(). see #12028
git-svn-id: https://develop.svn.wordpress.org/trunk@18899 602fd350-edb4-49c9-b593-d223f7449a82
2011-10-06 00:21:24 +00:00
Ryan Boren c8cbea1d66 Syncronize some strings. Props dcowgill, SergeyBiryukov. fixes #17770
git-svn-id: https://develop.svn.wordpress.org/trunk@18878 602fd350-edb4-49c9-b593-d223f7449a82
2011-10-04 16:09:24 +00:00
Ryan Boren eda7d43e85 Deprecate get_userdatabylogin() and get_user_by_email(). Props scribu. fixes #18333
git-svn-id: https://develop.svn.wordpress.org/trunk@18513 602fd350-edb4-49c9-b593-d223f7449a82
2011-08-05 16:57:31 +00:00
Andrew Nacin 02e8db225f Use wp_remote_retrieve_* helper functions instead of the raw HTTP response array. props aaroncampbell, fixes #17416.
git-svn-id: https://develop.svn.wordpress.org/trunk@17928 602fd350-edb4-49c9-b593-d223f7449a82
2011-05-14 19:45:07 +00:00
Mark Jaquith 72608a1197 A few "login" used as a verb fixes. props xibe. fixes #17335
git-svn-id: https://develop.svn.wordpress.org/trunk@17831 602fd350-edb4-49c9-b593-d223f7449a82
2011-05-07 03:26:23 +00:00
Andrew Nacin cc3ed56b35 More room for your content! Increase default post edit rows as the meta boxes are all hidden by default. see #14212.
git-svn-id: https://develop.svn.wordpress.org/trunk@17225 602fd350-edb4-49c9-b593-d223f7449a82
2011-01-06 00:57:24 +00:00
Andrew Nacin f660585656 Allow dfault post format selections. fixes #15882.
git-svn-id: https://develop.svn.wordpress.org/trunk@17056 602fd350-edb4-49c9-b593-d223f7449a82
2010-12-19 05:36:11 +00:00
scribu 48141dcc84 Get only required fields in populate_network(). See #15854
git-svn-id: https://develop.svn.wordpress.org/trunk@17012 602fd350-edb4-49c9-b593-d223f7449a82
2010-12-17 00:11:21 +00:00
Andrew Nacin 8546c6797b Kill what_to_show on upgrade. fixes #9815.
git-svn-id: https://develop.svn.wordpress.org/trunk@16092 602fd350-edb4-49c9-b593-d223f7449a82
2010-10-29 22:39:05 +00:00
scribu 9344ecc8b5 fix wp_getAuthors in xmlrpc.php. See #14572 and [15566]
git-svn-id: https://develop.svn.wordpress.org/trunk@15567 602fd350-edb4-49c9-b593-d223f7449a82
2010-09-05 14:49:52 +00:00
Andrew Nacin 5154f54e0a Tiny code cleanup. intval is used earlier so it is stored properly in the db; we just need true/false.
git-svn-id: https://develop.svn.wordpress.org/trunk@15305 602fd350-edb4-49c9-b593-d223f7449a82
2010-06-23 05:10:45 +00:00
Andrew Nacin 15a13b431b Translate, don't echo. props SergeyBiryukov, fixes #14008 for trunk.
git-svn-id: https://develop.svn.wordpress.org/trunk@15293 602fd350-edb4-49c9-b593-d223f7449a82
2010-06-21 05:36:18 +00:00