From 2d02bb13d137b8366d670711951b3d93e3b9292f Mon Sep 17 00:00:00 2001
From: Andrew Ozz <azaozz@git.wordpress.org>
Date: Tue, 28 May 2019 02:42:24 +0000
Subject: [PATCH] Script loader: prevent sorting of the `load` array in the
 query string when passing the script handles to load-scripts.php and
 load-styles.php.

Fixes #45346 #26886.

git-svn-id: https://develop.svn.wordpress.org/trunk@45456 602fd350-edb4-49c9-b593-d223f7449a82
---
 src/wp-admin/load-scripts.php     |  1 +
 src/wp-admin/load-styles.php      |  2 ++
 src/wp-includes/script-loader.php | 16 ++++++++++++----
 3 files changed, 15 insertions(+), 4 deletions(-)

diff --git a/src/wp-admin/load-scripts.php b/src/wp-admin/load-scripts.php
index b2e63b4394..f0a7efe76d 100644
--- a/src/wp-admin/load-scripts.php
+++ b/src/wp-admin/load-scripts.php
@@ -16,6 +16,7 @@ define( 'WPINC', 'wp-includes' );
 
 $load = $_GET['load'];
 if ( is_array( $load ) ) {
+	ksort( $load );
 	$load = implode( '', $load );
 }
 
diff --git a/src/wp-admin/load-styles.php b/src/wp-admin/load-styles.php
index d6c5afc330..7ba0ce3247 100644
--- a/src/wp-admin/load-styles.php
+++ b/src/wp-admin/load-styles.php
@@ -20,8 +20,10 @@ require( ABSPATH . WPINC . '/version.php' );
 
 $load = $_GET['load'];
 if ( is_array( $load ) ) {
+	ksort( $load );
 	$load = implode( '', $load );
 }
+
 $load = preg_replace( '/[^a-z0-9,_-]+/i', '', $load );
 $load = array_unique( explode( ',', $load ) );
 
diff --git a/src/wp-includes/script-loader.php b/src/wp-includes/script-loader.php
index f600fc5fb9..3de6291a03 100644
--- a/src/wp-includes/script-loader.php
+++ b/src/wp-includes/script-loader.php
@@ -2461,9 +2461,13 @@ function _print_scripts() {
 		}
 
 		$concat = str_split( $concat, 128 );
-		$concat = 'load%5B%5D=' . implode( '&load%5B%5D=', $concat );
+		$concatenated = '';
 
-		$src = $wp_scripts->base_url . "/wp-admin/load-scripts.php?c={$zip}&" . $concat . '&ver=' . $wp_scripts->default_version;
+		foreach ( $concat as $key => $chunk ) {
+			$concatenated .= "&load%5Bchunk_{$key}%5D={$chunk}";
+		}
+
+		$src = $wp_scripts->base_url . "/wp-admin/load-scripts.php?c={$zip}" . $concatenated . '&ver=' . $wp_scripts->default_version;
 		echo "<script type='text/javascript' src='" . esc_attr( $src ) . "'></script>\n";
 	}
 
@@ -2631,9 +2635,13 @@ function _print_styles() {
 		$ver = $wp_styles->default_version;
 
 		$concat = str_split( $concat, 128 );
-		$concat = 'load%5B%5D=' . implode( '&load%5B%5D=', $concat );
+		$concatenated = '';
 
-		$href = $wp_styles->base_url . "/wp-admin/load-styles.php?c={$zip}&dir={$dir}&" . $concat . '&ver=' . $ver;
+		foreach ( $concat as $key => $chunk ) {
+			$concatenated .= "&load%5Bchunk_{$key}%5D={$chunk}";
+		}
+
+		$href = $wp_styles->base_url . "/wp-admin/load-styles.php?c={$zip}&dir={$dir}" . $concatenated . '&ver=' . $ver;
 		echo "<link rel='stylesheet' href='" . esc_attr( $href ) . "' type='text/css' media='all' />\n";
 
 		if ( ! empty( $wp_styles->print_code ) ) {