WordPress.org

Make WordPress Core

Ticket #33837: 33837.string.diff

File 33837.string.diff, 2.3 KB (added by kitchin, 4 years ago)

More stringy. Not tested.

  • src/wp-admin/admin.php

     
    359359}
    360360
    361361$_action = wp_validate_action();
    362 if ( ! empty( $_action ) ) {
     362if ( $_action ) {
    363363        /**
    364364         * Fires when an 'action' request variable is sent.
    365365         *
  • src/wp-admin/network/users.php

     
    174174
    175175require_once( ABSPATH . 'wp-admin/admin-header.php' );
    176176
    177 $action = wp_validate_action();
    178 if ( isset( $_REQUEST['updated'] ) && $_REQUEST['updated'] == 'true' && ! empty( $action ) ) {
     177$_action = wp_validate_action();
     178if ( isset( $_REQUEST['updated'] ) && $_REQUEST['updated'] == 'true' && $_action ) {
    179179        ?>
    180180        <div id="message" class="updated notice is-dismissible"><p>
    181181                <?php
    182                 switch ( $action ) {
     182                switch ( $_action ) {
    183183                        case 'delete':
    184184                                _e( 'User deleted.' );
    185185                        break;
     
    200200        </p></div>
    201201        <?php
    202202}
     203unset( $_action );
    203204        ?>
    204205<div class="wrap">
    205206        <h1><?php esc_html_e( 'Users' );
  • src/wp-includes/functions.php

     
    49884988 *
    49894989 * @param string $action Optional. Action to validate.
    49904990 * @return string Empty string if there is no action in the request or it doesn't
    4991  *                match the passed `$action`. Returns the [passed `$action` or
    4992  *                request action on succcess.
     4991 *                match the passed `$action`. Returns the passed `$action` or
     4992 *                request action on success.
    49934993 */
    49944994function wp_validate_action( $action = '' ) {
    4995         $r = $_REQUEST;
    4996         if ( ! isset( $r['action'] ) ) {
     4995        if ( ! is_string( $action ) || ! isset( $_REQUEST['action'] ) ) {
    49974996                return '';
    49984997        }
    49994998
    5000         if ( ! empty( $action ) ) {
    5001                 return $action === $r['action'] ? $action : '';
     4999        $raw = $_REQUEST['action'];
     5000
     5001        if ( $action ) {
     5002                return $action === $raw ? $action : '';
    50025003        }
    50035004
    5004         return $r['action'];
     5005        return is_string( $raw ) ? $raw : '';
    50055006}
     5007 No newline at end of file