Wordpress/wp-admin/includes
Ryan Boren a6c8efadb9 Change all core API to expect unslashed rather than slashed arguments.
The exceptions to this are update_post_meta() and add_post_meta() which are often used by plugins in POST handlers and will continue accepting slashed data for now.

Introduce wp_upate_post_meta() and wp_add_post_meta() as unslashed alternatives to update_post_meta() and add_post_meta(). These functions could become methods in WP_Post so don't use them too heavily yet.

Remove all escape() calls from wp_xmlrpc_server. Now that core expects unslashed data this is no longer needed.

Remove addslashes(), addslashes_gpc(), add_magic_quotes() calls on data being prepared for handoff to core functions that until now expected slashed data. Adding slashes in no longer necessary.

Introduce wp_unslash() and use to it remove slashes from GPCS data before using it in core API. Almost every instance of stripslashes() in core should now be wp_unslash(). In the future (a release or three) when GPCS is no longer slashed, wp_unslash() will stop stripping slashes and simply return what is passed. At this point wp_unslash() calls can be removed from core.

Introduce wp_slash() for slashing GPCS data. This will also turn into a noop once GPCS is no longer slashed. wp_slash() should almost never be used. It is mainly of use in unit tests.

Plugins should use wp_unslash() on data being passed to core API.

Plugins should no longer slash data being passed to core. So when you get_post() and then wp_insert_post() the post data from get_post() no longer needs addslashes(). Most plugins were not bothering with this. They will magically start doing the right thing. Unfortunately, those few souls who did it properly will now have to avoid calling addslashes() for 3.6 and newer.

Use wp_kses_post() and wp_kses_data(), which expect unslashed data, instead of wp_filter_post_kses() and wp_filter_kses(), which expect slashed data. Filters are no longer passed slashed data.

Remove many no longer necessary calls to $wpdb->escape() and esc_sql().

In wp_get_referer() and wp_get_original_referer(), return unslashed data.

Remove old stripslashes() calls from WP_Widget::update() handlers. These haven't been necessary since WP_Widget.

Switch several queries over to prepare().

Expect something to break.

Props alexkingorg
see #21767


git-svn-id: https://develop.svn.wordpress.org/trunk@23416 602fd350-edb4-49c9-b593-d223f7449a82
2013-02-14 22:51:06 +00:00
..
admin.php Load the new admin and network admin mo files, if present. see #19852 2012-01-27 22:19:56 +00:00
ajax-actions.php Change all core API to expect unslashed rather than slashed arguments. 2013-02-14 22:51:06 +00:00
bookmark.php Change all core API to expect unslashed rather than slashed arguments. 2013-02-14 22:51:06 +00:00
class-ftp-pure.php
class-ftp-sockets.php
class-ftp.php WP_Filesystem: PemFTP: Detect dl() being disabled in order to avoid any fatals which may be produced when the Sockets extension is not available. Props to kurtpayne for initial patch, Fixes #20187 2012-03-29 02:15:06 +00:00
class-pclzip.php Associate subdirector of whitespace trims trailing whites with pinking shears. 2009-10-15 20:26:21 +00:00
class-wp-comments-list-table.php Change all core API to expect unslashed rather than slashed arguments. 2013-02-14 22:51:06 +00:00
class-wp-filesystem-base.php Correct return value for WP_Filesystem_Base::gethchmod(). props bananastalktome. fixes #23121. 2013-01-28 01:55:39 +00:00
class-wp-filesystem-direct.php its <=> it's in documentation, along with a rogue the, The, and looses. props trepmal. fixes #22665. 2012-12-20 15:55:32 +00:00
class-wp-filesystem-ftpext.php WP_Filesystem: Return symlinked directory names correctly, previously the FTP extensions would return it as 'source -> dest' instead of simply 'source'. Props kurtpayne. Fixes #17846 2012-07-06 11:39:39 +00:00
class-wp-filesystem-ftpsockets.php its <=> it's in documentation, along with a rogue the, The, and looses. props trepmal. fixes #22665. 2012-12-20 15:55:32 +00:00
class-wp-filesystem-ssh2.php WP_Filesystem_*::mkdir() untrailingslash path consistently, don't waste time attempting to create an "empty" path. See #15575. Props lordandrei and SergeyBiryukov for initial patches. 2011-10-13 10:43:38 +00:00
class-wp-importer.php Reduce use of global. Use get_blog_details() instead. fixes #22090 2012-10-04 12:40:09 +00:00
class-wp-links-list-table.php Updates and fixes to the new button styles. By default, buttons are now the same size as they were in 3.4. Then there is a smaller button (designed for minor elements) and a larger button (designed for things like Publish and Save Changes). Better focus styles. props lessbloat. see #21598. 2012-09-21 19:34:23 +00:00
class-wp-list-table.php its <=> it's in documentation, along with a rogue the, The, and looses. props trepmal. fixes #22665. 2012-12-20 15:55:32 +00:00
class-wp-media-list-table.php Media list table: Fix the categories column, hidden thanks to a typo. props eddiemoya, fixes #22764. see #21240, #21391. 2012-12-05 22:49:51 +00:00
class-wp-ms-sites-list-table.php Change all core API to expect unslashed rather than slashed arguments. 2013-02-14 22:51:06 +00:00
class-wp-ms-themes-list-table.php Change all core API to expect unslashed rather than slashed arguments. 2013-02-14 22:51:06 +00:00
class-wp-ms-users-list-table.php Change all core API to expect unslashed rather than slashed arguments. 2013-02-14 22:51:06 +00:00
class-wp-plugin-install-list-table.php Change all core API to expect unslashed rather than slashed arguments. 2013-02-14 22:51:06 +00:00
class-wp-plugins-list-table.php Change all core API to expect unslashed rather than slashed arguments. 2013-02-14 22:51:06 +00:00
class-wp-posts-list-table.php Link post formats in posts list table. Use a dash for standard, like we do for absence of tags. see #16047 Next: use icons, not text descriptions. 2013-02-08 18:34:51 +00:00
class-wp-terms-list-table.php Change all core API to expect unslashed rather than slashed arguments. 2013-02-14 22:51:06 +00:00
class-wp-theme-install-list-table.php Change all core API to expect unslashed rather than slashed arguments. 2013-02-14 22:51:06 +00:00
class-wp-themes-list-table.php Change all core API to expect unslashed rather than slashed arguments. 2013-02-14 22:51:06 +00:00
class-wp-upgrader.php Change all core API to expect unslashed rather than slashed arguments. 2013-02-14 22:51:06 +00:00
class-wp-users-list-table.php Change all core API to expect unslashed rather than slashed arguments. 2013-02-14 22:51:06 +00:00
comment.php Change all core API to expect unslashed rather than slashed arguments. 2013-02-14 22:51:06 +00:00
continents-cities.php Give continents-cities their own textdomain. Props nbachiyski, Denis-de-Bernardy . fixes #9794 2009-05-14 20:05:25 +00:00
dashboard.php Change all core API to expect unslashed rather than slashed arguments. 2013-02-14 22:51:06 +00:00
deprecated.php Change all core API to expect unslashed rather than slashed arguments. 2013-02-14 22:51:06 +00:00
export.php Export: Ignore auto-drafts when building the list of users for the export file. Fixes #21960. 2012-09-21 21:48:52 +00:00
file.php Change all core API to expect unslashed rather than slashed arguments. 2013-02-14 22:51:06 +00:00
image-edit.php Change all core API to expect unslashed rather than slashed arguments. 2013-02-14 22:51:06 +00:00
image.php Return WP_Error from wp_crop_image() if saving has failed. props macbrink. fixes #23325. 2013-02-02 02:01:59 +00:00
import.php Pull the list of popular importers from WordPress.org. 2012-11-17 07:20:04 +00:00
list-table.php Only pass the current screen to the list table constructor when we have a screen to work with. This is not the case for admin-ajax requests. fixes #22570. 2012-11-26 03:39:29 +00:00
media.php Change all core API to expect unslashed rather than slashed arguments. 2013-02-14 22:51:06 +00:00
menu.php Lose EOF ?>. Clean up EOF newlines. fixes #12307 2012-01-08 17:01:11 +00:00
meta-boxes.php Consistently use a helper function instead of directly printing the disabled attribute. 2013-01-28 03:23:01 +00:00
misc.php Change all core API to expect unslashed rather than slashed arguments. 2013-02-14 22:51:06 +00:00
ms-deprecated.php Remove ms-files.php rewriting from WordPress multisite. fixes #19235. 2012-09-11 22:22:20 +00:00
ms.php Confirm a user exists before deleting them in wp_delete_user() and wpmu_delete_user(). props scribu, fixes #23067. 2013-02-02 04:41:02 +00:00
nav-menu.php Kill use of colons in class names, props SergeyBiryukov, fixes #21152 2012-11-06 01:01:52 +00:00
plugin-install.php Change all core API to expect unslashed rather than slashed arguments. 2013-02-14 22:51:06 +00:00
plugin.php Open external links to plugin homepages, plugin author homepages, and theme author homepages in a new window/tab. props SergeyBiryukov. fixes #20839. 2013-02-08 16:20:01 +00:00
post.php Change all core API to expect unslashed rather than slashed arguments. 2013-02-14 22:51:06 +00:00
schema.php Change all core API to expect unslashed rather than slashed arguments. 2013-02-14 22:51:06 +00:00
screen.php New design and content for the welcome panel. First pass. 2012-09-26 19:44:43 +00:00
taxonomy.php Change all core API to expect unslashed rather than slashed arguments. 2013-02-14 22:51:06 +00:00
template.php Change all core API to expect unslashed rather than slashed arguments. 2013-02-14 22:51:06 +00:00
theme-install.php Change all core API to expect unslashed rather than slashed arguments. 2013-02-14 22:51:06 +00:00
theme.php Tighten our braces. Fixes #23118 props evansolomon. 2013-01-04 10:13:51 +00:00
update-core.php Core Update: Fix a issue which caused automatic upgrades from 2.7 to 3.5+ to fail. Pre-2.7 WP_Filesystem::wp_content_dir() returned unslashed paths. Introduced in [22227]. See #23177 2013-01-11 10:16:45 +00:00
update.php Show the update nag in the network admin. 2012-11-16 21:52:48 +00:00
upgrade.php Change all core API to expect unslashed rather than slashed arguments. 2013-02-14 22:51:06 +00:00
user.php Change all core API to expect unslashed rather than slashed arguments. 2013-02-14 22:51:06 +00:00
widgets.php Revert [22387]. see #14466. see #22374. 2012-11-06 22:36:24 +00:00