sergiotarxz
/
Wordpress
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Remove the usage of @$_GET and @$_POST and just check to see if the indicies are set. Fixes #22429 

git-svn-id: https://develop.svn.wordpress.org/trunk@25025 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Dion Hulse 2013-08-15 06:05:54 +00:00
parent 51c3faba5d
commit b971127bac
3 changed files with 12 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/wp-admin/includes/ajax-actions.php
View File

@ -241,10 +241,11 @@ function wp_ajax_logged_in() {
* @return die * @return die
*/ */
function _wp_ajax_delete_comment_response( $comment_id, $delta = -1 ) { function _wp_ajax_delete_comment_response( $comment_id, $delta = -1 ) {
$total = (int) @$_POST['_total']; $total = isset( $_POST['_total'] ) ? (int) $_POST['_total'] : 0;
$per_page = (int) @$_POST['_per_page']; $per_page = isset( $_POST['_per_page'] ) ? (int) $_POST['_per_page'] : 0;
$page = (int) @$_POST['_page']; $page = isset( $_POST['_page'] ) ? (int) $_POST['_page'] : 0;
$url = esc_url_raw( @$_POST['_url'] ); $url = isset( $_POST['_url'] ) ? esc_url_raw( $_POST['_url'] ) : '';
// JS didn't send us everything we need to know. Just die with success message // JS didn't send us everything we need to know. Just die with success message
if ( !$total || !$per_page || !$page || !$url ) if ( !$total || !$per_page || !$page || !$url )
wp_die( time() ); wp_die( time() );

5
src/wp-admin/includes/media.php
View File

@ -2077,17 +2077,18 @@ $arc_query = "SELECT DISTINCT YEAR(post_date) AS yyear, MONTH(post_date) AS mmon
$arc_result = $wpdb->get_results( $arc_query ); $arc_result = $wpdb->get_results( $arc_query );
$month_count = count($arc_result); $month_count = count($arc_result);
$selected_month = isset( $_GET['m'] ) ? $_GET['m'] : 0;
if ( $month_count && !( 1 == $month_count && 0 == $arc_result[0]->mmonth ) ) { ?> if ( $month_count && !( 1 == $month_count && 0 == $arc_result[0]->mmonth ) ) { ?>
<select name='m'> <select name='m'>
<option<?php selected( @$_GET['m'], 0 ); ?> value='0'><?php _e('Show all dates'); ?></option> <option<?php selected( $selected_month, 0 ); ?> value='0'><?php _e('Show all dates'); ?></option>
<?php <?php
foreach ($arc_result as $arc_row) { foreach ($arc_result as $arc_row) {
if ( $arc_row->yyear == 0 ) if ( $arc_row->yyear == 0 )
continue; continue;
$arc_row->mmonth = zeroise( $arc_row->mmonth, 2 ); $arc_row->mmonth = zeroise( $arc_row->mmonth, 2 );
if ( isset($_GET['m']) && ( $arc_row->yyear . $arc_row->mmonth == $_GET['m'] ) ) if ( $arc_row->yyear . $arc_row->mmonth == $selected_month )
$default = ' selected="selected"'; $default = ' selected="selected"';
else else
$default = ''; $default = '';

5
src/wp-includes/theme.php
View File

@ -647,7 +647,10 @@ function preview_theme_ob_filter_callback( $matches ) {
) )
return $matches[1] . "#$matches[2] onclick=$matches[2]return false;" . $matches[4]; return $matches[1] . "#$matches[2] onclick=$matches[2]return false;" . $matches[4];
$link = add_query_arg( array( 'preview' => 1, 'template' => $_GET['template'], 'stylesheet' => @$_GET['stylesheet'], 'preview_iframe' => 1 ), $matches[3] ); $stylesheet = isset( $_GET['stylesheet'] ) ? $_GET['stylesheet'] : '';
$template = isset( $_GET['template'] ) ? $_GET['template'] : '';
$link = add_query_arg( array( 'preview' => 1, 'template' => $template, 'stylesheet' => $stylesheet, 'preview_iframe' => 1 ), $matches[3] );
if ( 0 === strpos($link, 'preview=1') ) if ( 0 === strpos($link, 'preview=1') )
$link = "?$link"; $link = "?$link";
return $matches[1] . esc_attr( $link ) . $matches[4]; return $matches[1] . esc_attr( $link ) . $matches[4];