diff --git a/src/wp-admin/admin-post.php b/src/wp-admin/admin-post.php
index 8202f7ee98..cb92699efd 100644
--- a/src/wp-admin/admin-post.php
+++ b/src/wp-admin/admin-post.php
@@ -28,7 +28,7 @@ nocache_headers();
/** This action is documented in wp-admin/admin.php */
do_action( 'admin_init' );
-$action = wp_validate_action();
+$action = empty( $_REQUEST['action'] ) ? '' : $_REQUEST['action'];
if ( ! wp_validate_auth_cookie() ) {
if ( empty( $action ) ) {
diff --git a/src/wp-admin/admin.php b/src/wp-admin/admin.php
index 1729232e10..d3e58d2549 100644
--- a/src/wp-admin/admin.php
+++ b/src/wp-admin/admin.php
@@ -358,16 +358,14 @@ if ( isset($plugin_page) ) {
}
}
-$_action = wp_validate_action();
-if ( ! empty( $_action ) ) {
+if ( ! empty( $_REQUEST['action'] ) ) {
/**
* Fires when an 'action' request variable is sent.
*
- * The dynamic portion of the hook name, `$_action`,
+ * The dynamic portion of the hook name, `$_REQUEST['action']`,
* refers to the action derived from the `GET` or `POST` request.
*
* @since 2.6.0
*/
- do_action( 'admin_action_' . $_action );
+ do_action( 'admin_action_' . $_REQUEST['action'] );
}
-unset( $_action );
diff --git a/src/wp-admin/async-upload.php b/src/wp-admin/async-upload.php
index 0a3c420845..371a65d305 100644
--- a/src/wp-admin/async-upload.php
+++ b/src/wp-admin/async-upload.php
@@ -6,7 +6,6 @@
* @subpackage Administration
*/
-// `wp_validate_action()` isn't loaded yet
if ( isset( $_REQUEST['action'] ) && 'upload-attachment' === $_REQUEST['action'] ) {
define( 'DOING_AJAX', true );
}
@@ -20,7 +19,7 @@ if ( defined('ABSPATH') )
else
require_once( dirname( dirname( __FILE__ ) ) . '/wp-load.php' );
-if ( ! wp_validate_action( 'upload-attachment' ) ) {
+if ( ! ( isset( $_REQUEST['action'] ) && 'upload-attachment' == $_REQUEST['action'] ) ) {
// Flash often fails to send cookies with the POST or upload, so we need to pass it in GET or POST instead
if ( is_ssl() && empty($_COOKIE[SECURE_AUTH_COOKIE]) && !empty($_REQUEST['auth_cookie']) )
$_COOKIE[SECURE_AUTH_COOKIE] = $_REQUEST['auth_cookie'];
@@ -35,7 +34,7 @@ require_once( ABSPATH . 'wp-admin/admin.php' );
header( 'Content-Type: text/html; charset=' . get_option( 'blog_charset' ) );
-if ( wp_validate_action( 'upload-attachment' ) ) {
+if ( isset( $_REQUEST['action'] ) && 'upload-attachment' === $_REQUEST['action'] ) {
include( ABSPATH . 'wp-admin/includes/ajax-actions.php' );
send_nosniff_header();
diff --git a/src/wp-admin/includes/class-wp-terms-list-table.php b/src/wp-admin/includes/class-wp-terms-list-table.php
index 644db74647..11bdb7a40e 100644
--- a/src/wp-admin/includes/class-wp-terms-list-table.php
+++ b/src/wp-admin/includes/class-wp-terms-list-table.php
@@ -153,8 +153,7 @@ class WP_Terms_List_Table extends WP_List_Table {
* @return string
*/
public function current_action() {
- $action = wp_validate_action();
- if ( $action && isset( $_REQUEST['delete_tags'] ) && ( 'delete' == $action || 'delete' == $_REQUEST['action2'] ) )
+ if ( isset( $_REQUEST['action'] ) && isset( $_REQUEST['delete_tags'] ) && ( 'delete' == $_REQUEST['action'] || 'delete' == $_REQUEST['action2'] ) )
return 'bulk-delete';
return parent::current_action();
diff --git a/src/wp-admin/network/site-info.php b/src/wp-admin/network/site-info.php
index 9048129370..a4ee7bb6b2 100644
--- a/src/wp-admin/network/site-info.php
+++ b/src/wp-admin/network/site-info.php
@@ -53,7 +53,7 @@ if ( ! can_edit_network( $details->site_id ) ) {
$parsed_scheme = parse_url( $details->siteurl, PHP_URL_SCHEME );
$is_main_site = is_main_site( $id );
-if ( wp_validate_action( 'update-site' ) ) {
+if ( isset( $_REQUEST['action'] ) && 'update-site' == $_REQUEST['action'] ) {
check_admin_referer( 'edit-site' );
switch_to_blog( $id );
diff --git a/src/wp-admin/network/site-new.php b/src/wp-admin/network/site-new.php
index 18088b7a3b..665f2abc40 100644
--- a/src/wp-admin/network/site-new.php
+++ b/src/wp-admin/network/site-new.php
@@ -33,7 +33,7 @@ get_current_screen()->set_help_sidebar(
'' . __('Support Forums') . '
'
);
-if ( wp_validate_action( 'add-site' ) ) {
+if ( isset($_REQUEST['action']) && 'add-site' == $_REQUEST['action'] ) {
check_admin_referer( 'add-blog', '_wpnonce_add-blog' );
if ( ! is_array( $_POST['blog'] ) )
diff --git a/src/wp-admin/network/site-settings.php b/src/wp-admin/network/site-settings.php
index f32fc65816..d2699986b9 100644
--- a/src/wp-admin/network/site-settings.php
+++ b/src/wp-admin/network/site-settings.php
@@ -48,7 +48,7 @@ if ( !can_edit_network( $details->site_id ) )
$is_main_site = is_main_site( $id );
-if ( wp_validate_action( 'update-site' ) && is_array( $_POST['option'] ) ) {
+if ( isset($_REQUEST['action']) && 'update-site' == $_REQUEST['action'] && is_array( $_POST['option'] ) ) {
check_admin_referer( 'edit-site' );
switch_to_blog( $id );
diff --git a/src/wp-admin/network/user-new.php b/src/wp-admin/network/user-new.php
index 6af8744b29..24d38027ed 100644
--- a/src/wp-admin/network/user-new.php
+++ b/src/wp-admin/network/user-new.php
@@ -30,7 +30,7 @@ get_current_screen()->set_help_sidebar(
'' . __('Support Forums') . '
'
);
-if ( wp_validate_action( 'add-user' ) ) {
+if ( isset($_REQUEST['action']) && 'add-user' == $_REQUEST['action'] ) {
check_admin_referer( 'add-user', '_wpnonce_add-user' );
if ( ! current_user_can( 'manage_network_users' ) )
diff --git a/src/wp-admin/network/users.php b/src/wp-admin/network/users.php
index 0c85aaaad9..767e03c55f 100644
--- a/src/wp-admin/network/users.php
+++ b/src/wp-admin/network/users.php
@@ -174,12 +174,11 @@ get_current_screen()->set_help_sidebar(
require_once( ABSPATH . 'wp-admin/admin-header.php' );
-$action = wp_validate_action();
-if ( isset( $_REQUEST['updated'] ) && $_REQUEST['updated'] == 'true' && ! empty( $action ) ) {
+if ( isset( $_REQUEST['updated'] ) && $_REQUEST['updated'] == 'true' && ! empty( $_REQUEST['action'] ) ) {
?>