Ticket #33837: 33837.string.diff
| File 33837.string.diff, 2.3 KB (added by , 8 years ago) |
|---|
-
src/wp-admin/admin.php
359 359 } 360 360 361 361 $_action = wp_validate_action(); 362 if ( ! empty( $_action )) {362 if ( $_action ) { 363 363 /** 364 364 * Fires when an 'action' request variable is sent. 365 365 * -
src/wp-admin/network/users.php
174 174 175 175 require_once( ABSPATH . 'wp-admin/admin-header.php' ); 176 176 177 $ action = wp_validate_action();178 if ( isset( $_REQUEST['updated'] ) && $_REQUEST['updated'] == 'true' && ! empty( $action )) {177 $_action = wp_validate_action(); 178 if ( isset( $_REQUEST['updated'] ) && $_REQUEST['updated'] == 'true' && $_action ) { 179 179 ?> 180 180 <div id="message" class="updated notice is-dismissible"><p> 181 181 <?php 182 switch ( $ action ) {182 switch ( $_action ) { 183 183 case 'delete': 184 184 _e( 'User deleted.' ); 185 185 break; … … 200 200 </p></div> 201 201 <?php 202 202 } 203 unset( $_action ); 203 204 ?> 204 205 <div class="wrap"> 205 206 <h1><?php esc_html_e( 'Users' ); -
src/wp-includes/functions.php
4988 4988 * 4989 4989 * @param string $action Optional. Action to validate. 4990 4990 * @return string Empty string if there is no action in the request or it doesn't 4991 * match the passed `$action`. Returns the [passed `$action` or4992 * request action on succ cess.4991 * match the passed `$action`. Returns the passed `$action` or 4992 * request action on success. 4993 4993 */ 4994 4994 function wp_validate_action( $action = '' ) { 4995 $r = $_REQUEST; 4996 if ( ! isset( $r['action'] ) ) { 4995 if ( ! is_string( $action ) || ! isset( $_REQUEST['action'] ) ) { 4997 4996 return ''; 4998 4997 } 4999 4998 5000 if ( ! empty( $action ) ) { 5001 return $action === $r['action'] ? $action : ''; 4999 $raw = $_REQUEST['action']; 5000 5001 if ( $action ) { 5002 return $action === $raw ? $action : ''; 5002 5003 } 5003 5004 5004 return $r['action'];5005 return is_string( $raw ) ? $raw : ''; 5005 5006 } 5007 No newline at end of file