WordPress.org

Make WordPress Core

Ticket #22429: 22429.diff

File 22429.diff, 2.8 KB (added by dd32, 5 years ago)
  • wp-admin/includes/ajax-actions.php

     
    241241 * @return die
    242242 */
    243243function _wp_ajax_delete_comment_response( $comment_id, $delta = -1 ) {
    244         $total = (int) @$_POST['_total'];
    245         $per_page = (int) @$_POST['_per_page'];
    246         $page = (int) @$_POST['_page'];
    247         $url = esc_url_raw( @$_POST['_url'] );
     244        $total    = isset( $_POST['_total'] )    ? (int) $_POST['_total']    : 0;
     245        $per_page = isset( $_POST['_per_page'] ) ? (int) $_POST['_per_page'] : 0;
     246        $page     = isset( $_POST['_page'] )     ? (int) $_POST['_page']     : 0;
     247        $url      = isset( $_POST['_url'] )      ? esc_url_raw( $_POST['_url'] ) : '';
     248
    248249        // JS didn't send us everything we need to know. Just die with success message
    249250        if ( !$total || !$per_page || !$page || !$url )
    250251                wp_die( time() );
  • wp-admin/includes/media.php

     
    20772077$arc_result = $wpdb->get_results( $arc_query );
    20782078
    20792079$month_count = count($arc_result);
     2080$selected_month = isset( $_GET['m'] ) ? $_GET['m'] : 0;
    20802081
    20812082if ( $month_count && !( 1 == $month_count && 0 == $arc_result[0]->mmonth ) ) { ?>
    20822083<select name='m'>
    2083 <option<?php selected( @$_GET['m'], 0 ); ?> value='0'><?php _e('Show all dates'); ?></option>
     2084<option<?php selected( $selected_month, 0 ); ?> value='0'><?php _e('Show all dates'); ?></option>
    20842085<?php
    20852086foreach ($arc_result as $arc_row) {
    20862087        if ( $arc_row->yyear == 0 )
    20872088                continue;
    20882089        $arc_row->mmonth = zeroise( $arc_row->mmonth, 2 );
    20892090
    2090         if ( isset($_GET['m']) && ( $arc_row->yyear . $arc_row->mmonth == $_GET['m'] ) )
     2091        if ( $arc_row->yyear . $arc_row->mmonth == $selected_month )
    20912092                $default = ' selected="selected"';
    20922093        else
    20932094                $default = '';
  • wp-includes/theme.php

     
    647647        )
    648648                return $matches[1] . "#$matches[2] onclick=$matches[2]return false;" . $matches[4];
    649649
    650         $link = add_query_arg( array( 'preview' => 1, 'template' => $_GET['template'], 'stylesheet' => @$_GET['stylesheet'], 'preview_iframe' => 1 ), $matches[3] );
     650        $stylesheet = isset( $_GET['stylesheet'] ) ? $_GET['stylesheet'] : '';
     651        $template   = isset( $_GET['template'] )   ? $_GET['template']   : '';
     652
     653        $link = add_query_arg( array( 'preview' => 1, 'template' => $template, 'stylesheet' => $stylesheet, 'preview_iframe' => 1 ), $matches[3] );
    651654        if ( 0 === strpos($link, 'preview=1') )
    652655                $link = "?$link";
    653656        return $matches[1] . esc_attr( $link ) . $matches[4];