Superglobals: Revert [34059] until further notice.

see #33837.


git-svn-id: https://develop.svn.wordpress.org/trunk@34265 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Helen Hou-Sandi 2015-09-17 12:32:20 +00:00
parent 8c65cfc7f4
commit 3531c0bc10
12 changed files with 16 additions and 44 deletions

View File

@ -28,7 +28,7 @@ nocache_headers();
/** This action is documented in wp-admin/admin.php */ /** This action is documented in wp-admin/admin.php */
do_action( 'admin_init' ); do_action( 'admin_init' );
$action = wp_validate_action(); $action = empty( $_REQUEST['action'] ) ? '' : $_REQUEST['action'];
if ( ! wp_validate_auth_cookie() ) { if ( ! wp_validate_auth_cookie() ) {
if ( empty( $action ) ) { if ( empty( $action ) ) {

View File

@ -358,16 +358,14 @@ if ( isset($plugin_page) ) {
} }
} }
$_action = wp_validate_action(); if ( ! empty( $_REQUEST['action'] ) ) {
if ( ! empty( $_action ) ) {
/** /**
* Fires when an 'action' request variable is sent. * Fires when an 'action' request variable is sent.
* *
* The dynamic portion of the hook name, `$_action`, * The dynamic portion of the hook name, `$_REQUEST['action']`,
* refers to the action derived from the `GET` or `POST` request. * refers to the action derived from the `GET` or `POST` request.
* *
* @since 2.6.0 * @since 2.6.0
*/ */
do_action( 'admin_action_' . $_action ); do_action( 'admin_action_' . $_REQUEST['action'] );
} }
unset( $_action );

View File

@ -6,7 +6,6 @@
* @subpackage Administration * @subpackage Administration
*/ */
// `wp_validate_action()` isn't loaded yet
if ( isset( $_REQUEST['action'] ) && 'upload-attachment' === $_REQUEST['action'] ) { if ( isset( $_REQUEST['action'] ) && 'upload-attachment' === $_REQUEST['action'] ) {
define( 'DOING_AJAX', true ); define( 'DOING_AJAX', true );
} }
@ -20,7 +19,7 @@ if ( defined('ABSPATH') )
else else
require_once( dirname( dirname( __FILE__ ) ) . '/wp-load.php' ); require_once( dirname( dirname( __FILE__ ) ) . '/wp-load.php' );
if ( ! wp_validate_action( 'upload-attachment' ) ) { if ( ! ( isset( $_REQUEST['action'] ) && 'upload-attachment' == $_REQUEST['action'] ) ) {
// Flash often fails to send cookies with the POST or upload, so we need to pass it in GET or POST instead // Flash often fails to send cookies with the POST or upload, so we need to pass it in GET or POST instead
if ( is_ssl() && empty($_COOKIE[SECURE_AUTH_COOKIE]) && !empty($_REQUEST['auth_cookie']) ) if ( is_ssl() && empty($_COOKIE[SECURE_AUTH_COOKIE]) && !empty($_REQUEST['auth_cookie']) )
$_COOKIE[SECURE_AUTH_COOKIE] = $_REQUEST['auth_cookie']; $_COOKIE[SECURE_AUTH_COOKIE] = $_REQUEST['auth_cookie'];
@ -35,7 +34,7 @@ require_once( ABSPATH . 'wp-admin/admin.php' );
header( 'Content-Type: text/html; charset=' . get_option( 'blog_charset' ) ); header( 'Content-Type: text/html; charset=' . get_option( 'blog_charset' ) );
if ( wp_validate_action( 'upload-attachment' ) ) { if ( isset( $_REQUEST['action'] ) && 'upload-attachment' === $_REQUEST['action'] ) {
include( ABSPATH . 'wp-admin/includes/ajax-actions.php' ); include( ABSPATH . 'wp-admin/includes/ajax-actions.php' );
send_nosniff_header(); send_nosniff_header();

View File

@ -153,8 +153,7 @@ class WP_Terms_List_Table extends WP_List_Table {
* @return string * @return string
*/ */
public function current_action() { public function current_action() {
$action = wp_validate_action(); if ( isset( $_REQUEST['action'] ) && isset( $_REQUEST['delete_tags'] ) && ( 'delete' == $_REQUEST['action'] || 'delete' == $_REQUEST['action2'] ) )
if ( $action && isset( $_REQUEST['delete_tags'] ) && ( 'delete' == $action || 'delete' == $_REQUEST['action2'] ) )
return 'bulk-delete'; return 'bulk-delete';
return parent::current_action(); return parent::current_action();

View File

@ -53,7 +53,7 @@ if ( ! can_edit_network( $details->site_id ) ) {
$parsed_scheme = parse_url( $details->siteurl, PHP_URL_SCHEME ); $parsed_scheme = parse_url( $details->siteurl, PHP_URL_SCHEME );
$is_main_site = is_main_site( $id ); $is_main_site = is_main_site( $id );
if ( wp_validate_action( 'update-site' ) ) { if ( isset( $_REQUEST['action'] ) && 'update-site' == $_REQUEST['action'] ) {
check_admin_referer( 'edit-site' ); check_admin_referer( 'edit-site' );
switch_to_blog( $id ); switch_to_blog( $id );

View File

@ -33,7 +33,7 @@ get_current_screen()->set_help_sidebar(
'<p>' . __('<a href="https://wordpress.org/support/forum/multisite/" target="_blank">Support Forums</a>') . '</p>' '<p>' . __('<a href="https://wordpress.org/support/forum/multisite/" target="_blank">Support Forums</a>') . '</p>'
); );
if ( wp_validate_action( 'add-site' ) ) { if ( isset($_REQUEST['action']) && 'add-site' == $_REQUEST['action'] ) {
check_admin_referer( 'add-blog', '_wpnonce_add-blog' ); check_admin_referer( 'add-blog', '_wpnonce_add-blog' );
if ( ! is_array( $_POST['blog'] ) ) if ( ! is_array( $_POST['blog'] ) )

View File

@ -48,7 +48,7 @@ if ( !can_edit_network( $details->site_id ) )
$is_main_site = is_main_site( $id ); $is_main_site = is_main_site( $id );
if ( wp_validate_action( 'update-site' ) && is_array( $_POST['option'] ) ) { if ( isset($_REQUEST['action']) && 'update-site' == $_REQUEST['action'] && is_array( $_POST['option'] ) ) {
check_admin_referer( 'edit-site' ); check_admin_referer( 'edit-site' );
switch_to_blog( $id ); switch_to_blog( $id );

View File

@ -30,7 +30,7 @@ get_current_screen()->set_help_sidebar(
'<p>' . __('<a href="https://wordpress.org/support/forum/multisite/" target="_blank">Support Forums</a>') . '</p>' '<p>' . __('<a href="https://wordpress.org/support/forum/multisite/" target="_blank">Support Forums</a>') . '</p>'
); );
if ( wp_validate_action( 'add-user' ) ) { if ( isset($_REQUEST['action']) && 'add-user' == $_REQUEST['action'] ) {
check_admin_referer( 'add-user', '_wpnonce_add-user' ); check_admin_referer( 'add-user', '_wpnonce_add-user' );
if ( ! current_user_can( 'manage_network_users' ) ) if ( ! current_user_can( 'manage_network_users' ) )

View File

@ -174,12 +174,11 @@ get_current_screen()->set_help_sidebar(
require_once( ABSPATH . 'wp-admin/admin-header.php' ); require_once( ABSPATH . 'wp-admin/admin-header.php' );
$action = wp_validate_action(); if ( isset( $_REQUEST['updated'] ) && $_REQUEST['updated'] == 'true' && ! empty( $_REQUEST['action'] ) ) {
if ( isset( $_REQUEST['updated'] ) && $_REQUEST['updated'] == 'true' && ! empty( $action ) ) {
?> ?>
<div id="message" class="updated notice is-dismissible"><p> <div id="message" class="updated notice is-dismissible"><p>
<?php <?php
switch ( $action ) { switch ( $_REQUEST['action'] ) {
case 'delete': case 'delete':
_e( 'User deleted.' ); _e( 'User deleted.' );
break; break;

View File

@ -17,7 +17,7 @@ include_once( ABSPATH . 'wp-admin/includes/class-wp-upgrader.php' );
if ( isset($_GET['action']) ) { if ( isset($_GET['action']) ) {
$plugin = isset($_REQUEST['plugin']) ? trim($_REQUEST['plugin']) : ''; $plugin = isset($_REQUEST['plugin']) ? trim($_REQUEST['plugin']) : '';
$theme = isset($_REQUEST['theme']) ? urldecode($_REQUEST['theme']) : ''; $theme = isset($_REQUEST['theme']) ? urldecode($_REQUEST['theme']) : '';
$action = wp_validate_action(); $action = isset($_REQUEST['action']) ? $_REQUEST['action'] : '';
if ( 'update-selected' == $action ) { if ( 'update-selected' == $action ) {
if ( ! current_user_can( 'update_plugins' ) ) if ( ! current_user_can( 'update_plugins' ) )

View File

@ -29,7 +29,7 @@ if ( is_multisite() ) {
add_filter( 'wpmu_signup_user_notification_email', 'admin_created_user_email' ); add_filter( 'wpmu_signup_user_notification_email', 'admin_created_user_email' );
} }
if ( wp_validate_action( 'adduser' ) ) { if ( isset($_REQUEST['action']) && 'adduser' == $_REQUEST['action'] ) {
check_admin_referer( 'add-user', '_wpnonce_add-user' ); check_admin_referer( 'add-user', '_wpnonce_add-user' );
$user_details = null; $user_details = null;
@ -101,7 +101,7 @@ Please click the following link to confirm the invite:
} }
wp_redirect( $redirect ); wp_redirect( $redirect );
die(); die();
} elseif ( wp_validate_action( 'createuser' ) ) { } elseif ( isset($_REQUEST['action']) && 'createuser' == $_REQUEST['action'] ) {
check_admin_referer( 'create-user', '_wpnonce_create-user' ); check_admin_referer( 'create-user', '_wpnonce_create-user' );
if ( ! current_user_can( 'create_users' ) ) { if ( ! current_user_can( 'create_users' ) ) {

View File

@ -4990,26 +4990,3 @@ function wp_post_preview_js() {
</script> </script>
<?php <?php
} }
/**
* Retrieve and, optionally, validate, an `action` query var
*
* @since 4.4.0
*
* @param string $action Optional. Action to validate.
* @return string Empty string if there is no action in the request or it doesn't
* match the passed `$action`. Returns the [passed `$action` or
* request action on succcess.
*/
function wp_validate_action( $action = '' ) {
$r = $_REQUEST;
if ( ! isset( $r['action'] ) ) {
return '';
}
if ( ! empty( $action ) ) {
return $action === $r['action'] ? $action : '';
}
return $r['action'];
}