Superglobals: Revert [34059] until further notice.
see #33837. git-svn-id: https://develop.svn.wordpress.org/trunk@34265 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Helen Hou-Sandi
parent
8c65cfc7f4
commit
3531c0bc10
@ -28,7 +28,7 @@ nocache_headers();
|
||||
/** This action is documented in wp-admin/admin.php */
|
||||
do_action( 'admin_init' );
|
||||
|
||||
$action = wp_validate_action();
|
||||
$action = empty( $_REQUEST['action'] ) ? '' : $_REQUEST['action'];
|
||||
|
||||
if ( ! wp_validate_auth_cookie() ) {
|
||||
if ( empty( $action ) ) {
|
||||
|
||||
@ -358,16 +358,14 @@ if ( isset($plugin_page) ) {
|
||||
}
|
||||
}
|
||||
|
||||
$_action = wp_validate_action();
|
||||
if ( ! empty( $_action ) ) {
|
||||
if ( ! empty( $_REQUEST['action'] ) ) {
|
||||
/**
|
||||
* Fires when an 'action' request variable is sent.
|
||||
*
|
||||
* The dynamic portion of the hook name, `$_action`,
|
||||
* The dynamic portion of the hook name, `$_REQUEST['action']`,
|
||||
* refers to the action derived from the `GET` or `POST` request.
|
||||
*
|
||||
* @since 2.6.0
|
||||
*/
|
||||
do_action( 'admin_action_' . $_action );
|
||||
do_action( 'admin_action_' . $_REQUEST['action'] );
|
||||
}
|
||||
unset( $_action );
|
||||
|
||||
@ -6,7 +6,6 @@
|
||||
* @subpackage Administration
|
||||
*/
|
||||
|
||||
// `wp_validate_action()` isn't loaded yet
|
||||
if ( isset( $_REQUEST['action'] ) && 'upload-attachment' === $_REQUEST['action'] ) {
|
||||
define( 'DOING_AJAX', true );
|
||||
}
|
||||
@ -20,7 +19,7 @@ if ( defined('ABSPATH') )
|
||||
else
|
||||
require_once( dirname( dirname( __FILE__ ) ) . '/wp-load.php' );
|
||||
|
||||
if ( ! wp_validate_action( 'upload-attachment' ) ) {
|
||||
if ( ! ( isset( $_REQUEST['action'] ) && 'upload-attachment' == $_REQUEST['action'] ) ) {
|
||||
// Flash often fails to send cookies with the POST or upload, so we need to pass it in GET or POST instead
|
||||
if ( is_ssl() && empty($_COOKIE[SECURE_AUTH_COOKIE]) && !empty($_REQUEST['auth_cookie']) )
|
||||
$_COOKIE[SECURE_AUTH_COOKIE] = $_REQUEST['auth_cookie'];
|
||||
@ -35,7 +34,7 @@ require_once( ABSPATH . 'wp-admin/admin.php' );
|
||||
|
||||
header( 'Content-Type: text/html; charset=' . get_option( 'blog_charset' ) );
|
||||
|
||||
if ( wp_validate_action( 'upload-attachment' ) ) {
|
||||
if ( isset( $_REQUEST['action'] ) && 'upload-attachment' === $_REQUEST['action'] ) {
|
||||
include( ABSPATH . 'wp-admin/includes/ajax-actions.php' );
|
||||
|
||||
send_nosniff_header();
|
||||
|
||||
@ -153,8 +153,7 @@ class WP_Terms_List_Table extends WP_List_Table {
|
||||
* @return string
|
||||
*/
|
||||
public function current_action() {
|
||||
$action = wp_validate_action();
|
||||
if ( $action && isset( $_REQUEST['delete_tags'] ) && ( 'delete' == $action || 'delete' == $_REQUEST['action2'] ) )
|
||||
if ( isset( $_REQUEST['action'] ) && isset( $_REQUEST['delete_tags'] ) && ( 'delete' == $_REQUEST['action'] || 'delete' == $_REQUEST['action2'] ) )
|
||||
return 'bulk-delete';
|
||||
|
||||
return parent::current_action();
|
||||
|
||||
@ -53,7 +53,7 @@ if ( ! can_edit_network( $details->site_id ) ) {
|
||||
$parsed_scheme = parse_url( $details->siteurl, PHP_URL_SCHEME );
|
||||
$is_main_site = is_main_site( $id );
|
||||
|
||||
if ( wp_validate_action( 'update-site' ) ) {
|
||||
if ( isset( $_REQUEST['action'] ) && 'update-site' == $_REQUEST['action'] ) {
|
||||
check_admin_referer( 'edit-site' );
|
||||
|
||||
switch_to_blog( $id );
|
||||
|
||||
@ -33,7 +33,7 @@ get_current_screen()->set_help_sidebar(
|
||||
'<p>' . __('<a href="https://wordpress.org/support/forum/multisite/" target="_blank">Support Forums</a>') . '</p>'
|
||||
);
|
||||
|
||||
if ( wp_validate_action( 'add-site' ) ) {
|
||||
if ( isset($_REQUEST['action']) && 'add-site' == $_REQUEST['action'] ) {
|
||||
check_admin_referer( 'add-blog', '_wpnonce_add-blog' );
|
||||
|
||||
if ( ! is_array( $_POST['blog'] ) )
|
||||
|
||||
@ -48,7 +48,7 @@ if ( !can_edit_network( $details->site_id ) )
|
||||
|
||||
$is_main_site = is_main_site( $id );
|
||||
|
||||
if ( wp_validate_action( 'update-site' ) && is_array( $_POST['option'] ) ) {
|
||||
if ( isset($_REQUEST['action']) && 'update-site' == $_REQUEST['action'] && is_array( $_POST['option'] ) ) {
|
||||
check_admin_referer( 'edit-site' );
|
||||
|
||||
switch_to_blog( $id );
|
||||
|
||||
@ -30,7 +30,7 @@ get_current_screen()->set_help_sidebar(
|
||||
'<p>' . __('<a href="https://wordpress.org/support/forum/multisite/" target="_blank">Support Forums</a>') . '</p>'
|
||||
);
|
||||
|
||||
if ( wp_validate_action( 'add-user' ) ) {
|
||||
if ( isset($_REQUEST['action']) && 'add-user' == $_REQUEST['action'] ) {
|
||||
check_admin_referer( 'add-user', '_wpnonce_add-user' );
|
||||
|
||||
if ( ! current_user_can( 'manage_network_users' ) )
|
||||
|
||||
@ -174,12 +174,11 @@ get_current_screen()->set_help_sidebar(
|
||||
|
||||
require_once( ABSPATH . 'wp-admin/admin-header.php' );
|
||||
|
||||
$action = wp_validate_action();
|
||||
if ( isset( $_REQUEST['updated'] ) && $_REQUEST['updated'] == 'true' && ! empty( $action ) ) {
|
||||
if ( isset( $_REQUEST['updated'] ) && $_REQUEST['updated'] == 'true' && ! empty( $_REQUEST['action'] ) ) {
|
||||
?>
|
||||
<div id="message" class="updated notice is-dismissible"><p>
|
||||
<?php
|
||||
switch ( $action ) {
|
||||
switch ( $_REQUEST['action'] ) {
|
||||
case 'delete':
|
||||
_e( 'User deleted.' );
|
||||
break;
|
||||
|
||||
@ -17,7 +17,7 @@ include_once( ABSPATH . 'wp-admin/includes/class-wp-upgrader.php' );
|
||||
if ( isset($_GET['action']) ) {
|
||||
$plugin = isset($_REQUEST['plugin']) ? trim($_REQUEST['plugin']) : '';
|
||||
$theme = isset($_REQUEST['theme']) ? urldecode($_REQUEST['theme']) : '';
|
||||
$action = wp_validate_action();
|
||||
$action = isset($_REQUEST['action']) ? $_REQUEST['action'] : '';
|
||||
|
||||
if ( 'update-selected' == $action ) {
|
||||
if ( ! current_user_can( 'update_plugins' ) )
|
||||
|
||||
@ -29,7 +29,7 @@ if ( is_multisite() ) {
|
||||
add_filter( 'wpmu_signup_user_notification_email', 'admin_created_user_email' );
|
||||
}
|
||||
|
||||
if ( wp_validate_action( 'adduser' ) ) {
|
||||
if ( isset($_REQUEST['action']) && 'adduser' == $_REQUEST['action'] ) {
|
||||
check_admin_referer( 'add-user', '_wpnonce_add-user' );
|
||||
|
||||
$user_details = null;
|
||||
@ -101,7 +101,7 @@ Please click the following link to confirm the invite:
|
||||
}
|
||||
wp_redirect( $redirect );
|
||||
die();
|
||||
} elseif ( wp_validate_action( 'createuser' ) ) {
|
||||
} elseif ( isset($_REQUEST['action']) && 'createuser' == $_REQUEST['action'] ) {
|
||||
check_admin_referer( 'create-user', '_wpnonce_create-user' );
|
||||
|
||||
if ( ! current_user_can( 'create_users' ) ) {
|
||||
|
||||
@ -4990,26 +4990,3 @@ function wp_post_preview_js() {
|
||||
</script>
|
||||
<?php
|
||||
}
|
||||
|
||||
/**
|
||||
* Retrieve and, optionally, validate, an `action` query var
|
||||
*
|
||||
* @since 4.4.0
|
||||
*
|
||||
* @param string $action Optional. Action to validate.
|
||||
* @return string Empty string if there is no action in the request or it doesn't
|
||||
* match the passed `$action`. Returns the [passed `$action` or
|
||||
* request action on succcess.
|
||||
*/
|
||||
function wp_validate_action( $action = '' ) {
|
||||
$r = $_REQUEST;
|
||||
if ( ! isset( $r['action'] ) ) {
|
||||
return '';
|
||||
}
|
||||
|
||||
if ( ! empty( $action ) ) {
|
||||
return $action === $r['action'] ? $action : '';
|
||||
}
|
||||
|
||||
return $r['action'];
|
||||
}
|
||||
Loading…
Reference in New Issue
Block a user