Superglobals: Revert [34059] until further notice.
see #33837. git-svn-id: https://develop.svn.wordpress.org/trunk@34265 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
parent
8c65cfc7f4
commit
3531c0bc10
@ -28,7 +28,7 @@ nocache_headers();
|
|||||||
/** This action is documented in wp-admin/admin.php */
|
/** This action is documented in wp-admin/admin.php */
|
||||||
do_action( 'admin_init' );
|
do_action( 'admin_init' );
|
||||||
|
|
||||||
$action = wp_validate_action();
|
$action = empty( $_REQUEST['action'] ) ? '' : $_REQUEST['action'];
|
||||||
|
|
||||||
if ( ! wp_validate_auth_cookie() ) {
|
if ( ! wp_validate_auth_cookie() ) {
|
||||||
if ( empty( $action ) ) {
|
if ( empty( $action ) ) {
|
||||||
|
@ -358,16 +358,14 @@ if ( isset($plugin_page) ) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
$_action = wp_validate_action();
|
if ( ! empty( $_REQUEST['action'] ) ) {
|
||||||
if ( ! empty( $_action ) ) {
|
|
||||||
/**
|
/**
|
||||||
* Fires when an 'action' request variable is sent.
|
* Fires when an 'action' request variable is sent.
|
||||||
*
|
*
|
||||||
* The dynamic portion of the hook name, `$_action`,
|
* The dynamic portion of the hook name, `$_REQUEST['action']`,
|
||||||
* refers to the action derived from the `GET` or `POST` request.
|
* refers to the action derived from the `GET` or `POST` request.
|
||||||
*
|
*
|
||||||
* @since 2.6.0
|
* @since 2.6.0
|
||||||
*/
|
*/
|
||||||
do_action( 'admin_action_' . $_action );
|
do_action( 'admin_action_' . $_REQUEST['action'] );
|
||||||
}
|
}
|
||||||
unset( $_action );
|
|
||||||
|
@ -6,7 +6,6 @@
|
|||||||
* @subpackage Administration
|
* @subpackage Administration
|
||||||
*/
|
*/
|
||||||
|
|
||||||
// `wp_validate_action()` isn't loaded yet
|
|
||||||
if ( isset( $_REQUEST['action'] ) && 'upload-attachment' === $_REQUEST['action'] ) {
|
if ( isset( $_REQUEST['action'] ) && 'upload-attachment' === $_REQUEST['action'] ) {
|
||||||
define( 'DOING_AJAX', true );
|
define( 'DOING_AJAX', true );
|
||||||
}
|
}
|
||||||
@ -20,7 +19,7 @@ if ( defined('ABSPATH') )
|
|||||||
else
|
else
|
||||||
require_once( dirname( dirname( __FILE__ ) ) . '/wp-load.php' );
|
require_once( dirname( dirname( __FILE__ ) ) . '/wp-load.php' );
|
||||||
|
|
||||||
if ( ! wp_validate_action( 'upload-attachment' ) ) {
|
if ( ! ( isset( $_REQUEST['action'] ) && 'upload-attachment' == $_REQUEST['action'] ) ) {
|
||||||
// Flash often fails to send cookies with the POST or upload, so we need to pass it in GET or POST instead
|
// Flash often fails to send cookies with the POST or upload, so we need to pass it in GET or POST instead
|
||||||
if ( is_ssl() && empty($_COOKIE[SECURE_AUTH_COOKIE]) && !empty($_REQUEST['auth_cookie']) )
|
if ( is_ssl() && empty($_COOKIE[SECURE_AUTH_COOKIE]) && !empty($_REQUEST['auth_cookie']) )
|
||||||
$_COOKIE[SECURE_AUTH_COOKIE] = $_REQUEST['auth_cookie'];
|
$_COOKIE[SECURE_AUTH_COOKIE] = $_REQUEST['auth_cookie'];
|
||||||
@ -35,7 +34,7 @@ require_once( ABSPATH . 'wp-admin/admin.php' );
|
|||||||
|
|
||||||
header( 'Content-Type: text/html; charset=' . get_option( 'blog_charset' ) );
|
header( 'Content-Type: text/html; charset=' . get_option( 'blog_charset' ) );
|
||||||
|
|
||||||
if ( wp_validate_action( 'upload-attachment' ) ) {
|
if ( isset( $_REQUEST['action'] ) && 'upload-attachment' === $_REQUEST['action'] ) {
|
||||||
include( ABSPATH . 'wp-admin/includes/ajax-actions.php' );
|
include( ABSPATH . 'wp-admin/includes/ajax-actions.php' );
|
||||||
|
|
||||||
send_nosniff_header();
|
send_nosniff_header();
|
||||||
|
@ -153,8 +153,7 @@ class WP_Terms_List_Table extends WP_List_Table {
|
|||||||
* @return string
|
* @return string
|
||||||
*/
|
*/
|
||||||
public function current_action() {
|
public function current_action() {
|
||||||
$action = wp_validate_action();
|
if ( isset( $_REQUEST['action'] ) && isset( $_REQUEST['delete_tags'] ) && ( 'delete' == $_REQUEST['action'] || 'delete' == $_REQUEST['action2'] ) )
|
||||||
if ( $action && isset( $_REQUEST['delete_tags'] ) && ( 'delete' == $action || 'delete' == $_REQUEST['action2'] ) )
|
|
||||||
return 'bulk-delete';
|
return 'bulk-delete';
|
||||||
|
|
||||||
return parent::current_action();
|
return parent::current_action();
|
||||||
|
@ -53,7 +53,7 @@ if ( ! can_edit_network( $details->site_id ) ) {
|
|||||||
$parsed_scheme = parse_url( $details->siteurl, PHP_URL_SCHEME );
|
$parsed_scheme = parse_url( $details->siteurl, PHP_URL_SCHEME );
|
||||||
$is_main_site = is_main_site( $id );
|
$is_main_site = is_main_site( $id );
|
||||||
|
|
||||||
if ( wp_validate_action( 'update-site' ) ) {
|
if ( isset( $_REQUEST['action'] ) && 'update-site' == $_REQUEST['action'] ) {
|
||||||
check_admin_referer( 'edit-site' );
|
check_admin_referer( 'edit-site' );
|
||||||
|
|
||||||
switch_to_blog( $id );
|
switch_to_blog( $id );
|
||||||
|
@ -33,7 +33,7 @@ get_current_screen()->set_help_sidebar(
|
|||||||
'<p>' . __('<a href="https://wordpress.org/support/forum/multisite/" target="_blank">Support Forums</a>') . '</p>'
|
'<p>' . __('<a href="https://wordpress.org/support/forum/multisite/" target="_blank">Support Forums</a>') . '</p>'
|
||||||
);
|
);
|
||||||
|
|
||||||
if ( wp_validate_action( 'add-site' ) ) {
|
if ( isset($_REQUEST['action']) && 'add-site' == $_REQUEST['action'] ) {
|
||||||
check_admin_referer( 'add-blog', '_wpnonce_add-blog' );
|
check_admin_referer( 'add-blog', '_wpnonce_add-blog' );
|
||||||
|
|
||||||
if ( ! is_array( $_POST['blog'] ) )
|
if ( ! is_array( $_POST['blog'] ) )
|
||||||
|
@ -48,7 +48,7 @@ if ( !can_edit_network( $details->site_id ) )
|
|||||||
|
|
||||||
$is_main_site = is_main_site( $id );
|
$is_main_site = is_main_site( $id );
|
||||||
|
|
||||||
if ( wp_validate_action( 'update-site' ) && is_array( $_POST['option'] ) ) {
|
if ( isset($_REQUEST['action']) && 'update-site' == $_REQUEST['action'] && is_array( $_POST['option'] ) ) {
|
||||||
check_admin_referer( 'edit-site' );
|
check_admin_referer( 'edit-site' );
|
||||||
|
|
||||||
switch_to_blog( $id );
|
switch_to_blog( $id );
|
||||||
|
@ -30,7 +30,7 @@ get_current_screen()->set_help_sidebar(
|
|||||||
'<p>' . __('<a href="https://wordpress.org/support/forum/multisite/" target="_blank">Support Forums</a>') . '</p>'
|
'<p>' . __('<a href="https://wordpress.org/support/forum/multisite/" target="_blank">Support Forums</a>') . '</p>'
|
||||||
);
|
);
|
||||||
|
|
||||||
if ( wp_validate_action( 'add-user' ) ) {
|
if ( isset($_REQUEST['action']) && 'add-user' == $_REQUEST['action'] ) {
|
||||||
check_admin_referer( 'add-user', '_wpnonce_add-user' );
|
check_admin_referer( 'add-user', '_wpnonce_add-user' );
|
||||||
|
|
||||||
if ( ! current_user_can( 'manage_network_users' ) )
|
if ( ! current_user_can( 'manage_network_users' ) )
|
||||||
|
@ -174,12 +174,11 @@ get_current_screen()->set_help_sidebar(
|
|||||||
|
|
||||||
require_once( ABSPATH . 'wp-admin/admin-header.php' );
|
require_once( ABSPATH . 'wp-admin/admin-header.php' );
|
||||||
|
|
||||||
$action = wp_validate_action();
|
if ( isset( $_REQUEST['updated'] ) && $_REQUEST['updated'] == 'true' && ! empty( $_REQUEST['action'] ) ) {
|
||||||
if ( isset( $_REQUEST['updated'] ) && $_REQUEST['updated'] == 'true' && ! empty( $action ) ) {
|
|
||||||
?>
|
?>
|
||||||
<div id="message" class="updated notice is-dismissible"><p>
|
<div id="message" class="updated notice is-dismissible"><p>
|
||||||
<?php
|
<?php
|
||||||
switch ( $action ) {
|
switch ( $_REQUEST['action'] ) {
|
||||||
case 'delete':
|
case 'delete':
|
||||||
_e( 'User deleted.' );
|
_e( 'User deleted.' );
|
||||||
break;
|
break;
|
||||||
|
@ -17,7 +17,7 @@ include_once( ABSPATH . 'wp-admin/includes/class-wp-upgrader.php' );
|
|||||||
if ( isset($_GET['action']) ) {
|
if ( isset($_GET['action']) ) {
|
||||||
$plugin = isset($_REQUEST['plugin']) ? trim($_REQUEST['plugin']) : '';
|
$plugin = isset($_REQUEST['plugin']) ? trim($_REQUEST['plugin']) : '';
|
||||||
$theme = isset($_REQUEST['theme']) ? urldecode($_REQUEST['theme']) : '';
|
$theme = isset($_REQUEST['theme']) ? urldecode($_REQUEST['theme']) : '';
|
||||||
$action = wp_validate_action();
|
$action = isset($_REQUEST['action']) ? $_REQUEST['action'] : '';
|
||||||
|
|
||||||
if ( 'update-selected' == $action ) {
|
if ( 'update-selected' == $action ) {
|
||||||
if ( ! current_user_can( 'update_plugins' ) )
|
if ( ! current_user_can( 'update_plugins' ) )
|
||||||
|
@ -29,7 +29,7 @@ if ( is_multisite() ) {
|
|||||||
add_filter( 'wpmu_signup_user_notification_email', 'admin_created_user_email' );
|
add_filter( 'wpmu_signup_user_notification_email', 'admin_created_user_email' );
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( wp_validate_action( 'adduser' ) ) {
|
if ( isset($_REQUEST['action']) && 'adduser' == $_REQUEST['action'] ) {
|
||||||
check_admin_referer( 'add-user', '_wpnonce_add-user' );
|
check_admin_referer( 'add-user', '_wpnonce_add-user' );
|
||||||
|
|
||||||
$user_details = null;
|
$user_details = null;
|
||||||
@ -101,7 +101,7 @@ Please click the following link to confirm the invite:
|
|||||||
}
|
}
|
||||||
wp_redirect( $redirect );
|
wp_redirect( $redirect );
|
||||||
die();
|
die();
|
||||||
} elseif ( wp_validate_action( 'createuser' ) ) {
|
} elseif ( isset($_REQUEST['action']) && 'createuser' == $_REQUEST['action'] ) {
|
||||||
check_admin_referer( 'create-user', '_wpnonce_create-user' );
|
check_admin_referer( 'create-user', '_wpnonce_create-user' );
|
||||||
|
|
||||||
if ( ! current_user_can( 'create_users' ) ) {
|
if ( ! current_user_can( 'create_users' ) ) {
|
||||||
|
@ -4990,26 +4990,3 @@ function wp_post_preview_js() {
|
|||||||
</script>
|
</script>
|
||||||
<?php
|
<?php
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* Retrieve and, optionally, validate, an `action` query var
|
|
||||||
*
|
|
||||||
* @since 4.4.0
|
|
||||||
*
|
|
||||||
* @param string $action Optional. Action to validate.
|
|
||||||
* @return string Empty string if there is no action in the request or it doesn't
|
|
||||||
* match the passed `$action`. Returns the [passed `$action` or
|
|
||||||
* request action on succcess.
|
|
||||||
*/
|
|
||||||
function wp_validate_action( $action = '' ) {
|
|
||||||
$r = $_REQUEST;
|
|
||||||
if ( ! isset( $r['action'] ) ) {
|
|
||||||
return '';
|
|
||||||
}
|
|
||||||
|
|
||||||
if ( ! empty( $action ) ) {
|
|
||||||
return $action === $r['action'] ? $action : '';
|
|
||||||
}
|
|
||||||
|
|
||||||
return $r['action'];
|
|
||||||
}
|
|
Loading…
Reference in New Issue
Block a user