NOTREADY [PR] Use WordPress core APIs rather than direct SQL

[jeremyfelt]

This is not yet complete, but I wanted to share progress to make sure that @mansj is on board with the approach. We should avoid using direct SQL statements as much as possible and use other methods available to us.

• Uses get_post() for single queries in popup.php and upload.php
• Uses wp_update_post() to update individual attachments
• Uses get_post_meta() and update_post_meta() to update meta information.
• Uses admin_url() rather than get_bloginfo("wp_url"), which allows us to drop FORCE_SSL_ADMIN
• Uses wp_safe_redirect() to ensure safe local redirects

I'm in progress on using WP_Query() to search for existing content.

[mansj]

This is a good idea, as are your other commits. If you would let me know when you are finished I'll merge them into the next release.