-
diff --git a/src/wp-admin/comment.php b/src/wp-admin/comment.php
index c2eca11ec3..7942021b0d 100644
a
|
b
|
require_once( dirname( __FILE__ ) . '/admin.php' ); |
12 | 12 | $parent_file = 'edit-comments.php'; |
13 | 13 | $submenu_file = 'edit-comments.php'; |
14 | 14 | |
15 | | /** |
16 | | * @global string $action |
17 | | */ |
18 | | global $action; |
19 | | wp_reset_vars( array('action') ); |
| 15 | $action = wp_assign_request_var('action'); |
20 | 16 | |
21 | 17 | if ( isset( $_POST['deletecomment'] ) ) |
22 | 18 | $action = 'deletecomment'; |
-
diff --git a/src/wp-admin/customize.php b/src/wp-admin/customize.php
index f1bf8aa9a1..d27d822f31 100644
a
|
b
|
if ( $wp_customize->changeset_post_id() ) { |
45 | 45 | } |
46 | 46 | |
47 | 47 | |
48 | | wp_reset_vars( array( 'url', 'return', 'autofocus' ) ); |
| 48 | $url = wp_assign_request_var('url'); |
49 | 49 | if ( ! empty( $url ) ) { |
50 | 50 | $wp_customize->set_preview_url( wp_unslash( $url ) ); |
51 | 51 | } |
| 52 | |
| 53 | $return = wp_assign_request_var('return'); |
52 | 54 | if ( ! empty( $return ) ) { |
53 | 55 | $wp_customize->set_return_url( wp_unslash( $return ) ); |
54 | 56 | } |
| 57 | |
| 58 | $autofocus = wp_assign_request_var('autofocus'); |
55 | 59 | if ( ! empty( $autofocus ) && is_array( $autofocus ) ) { |
56 | 60 | $wp_customize->set_autofocus( wp_unslash( $autofocus ) ); |
57 | 61 | } |
-
diff --git a/src/wp-admin/edit-tag-form.php b/src/wp-admin/edit-tag-form.php
index e3fb222bc9..bfae308d6d 100644
a
|
b
|
if ( 'category' == $taxonomy ) { |
44 | 44 | do_action( 'edit_tag_form_pre', $tag ); |
45 | 45 | } |
46 | 46 | |
47 | | /** |
48 | | * Use with caution, see https://codex.wordpress.org/Function_Reference/wp_reset_vars |
49 | | */ |
50 | | wp_reset_vars( array( 'wp_http_referer' ) ); |
| 47 | $wp_http_referer = wp_assign_request_var('wp_http_referer'); |
51 | 48 | |
52 | 49 | $wp_http_referer = remove_query_arg( array( 'action', 'message', 'tag_ID' ), $wp_http_referer ); |
53 | 50 | |
-
diff --git a/src/wp-admin/includes/class-wp-links-list-table.php b/src/wp-admin/includes/class-wp-links-list-table.php
index 222d6dfc2d..7561edc4d4 100644
a
|
b
|
class WP_Links_List_Table extends WP_List_Table { |
44 | 44 | |
45 | 45 | /** |
46 | 46 | * |
47 | | * @global int $cat_id |
48 | | * @global string $s |
49 | | * @global string $orderby |
50 | | * @global string $order |
51 | 47 | */ |
52 | 48 | public function prepare_items() { |
53 | | global $cat_id, $s, $orderby, $order; |
54 | | |
55 | | wp_reset_vars( array( 'action', 'cat_id', 'link_id', 'orderby', 'order', 's' ) ); |
| 49 | $cat_id = wp_assign_request_var('cat_id'); |
| 50 | $s = wp_assign_request_var('s'); |
| 51 | $orderby = wp_assign_request_var('orderby'); |
| 52 | $order = wp_assign_request_var('order'); |
56 | 53 | |
57 | 54 | $args = array( 'hide_invisible' => 0, 'hide_empty' => 0 ); |
58 | 55 | |
-
diff --git a/src/wp-admin/includes/class-wp-ms-themes-list-table.php b/src/wp-admin/includes/class-wp-ms-themes-list-table.php
index 0f3865a985..9ef783f311 100644
a
|
b
|
class WP_MS_Themes_List_Table extends WP_List_Table { |
80 | 80 | * @global string $status |
81 | 81 | * @global array $totals |
82 | 82 | * @global int $page |
83 | | * @global string $orderby |
84 | | * @global string $order |
85 | | * @global string $s |
86 | 83 | */ |
87 | 84 | public function prepare_items() { |
88 | | global $status, $totals, $page, $orderby, $order, $s; |
| 85 | global $status, $totals, $page; |
89 | 86 | |
90 | | wp_reset_vars( array( 'orderby', 'order', 's' ) ); |
| 87 | $orderby = wp_assign_request_var('orderby'); |
| 88 | $order = wp_assign_request_var('order'); |
| 89 | $s = wp_assign_request_var('s'); |
91 | 90 | |
92 | 91 | $themes = array( |
93 | 92 | /** |
-
diff --git a/src/wp-admin/includes/class-wp-plugin-install-list-table.php b/src/wp-admin/includes/class-wp-plugin-install-list-table.php
index cd718360cb..65d8f7f0c6 100644
a
|
b
|
class WP_Plugin_Install_List_Table extends WP_List_Table { |
65 | 65 | /** |
66 | 66 | * |
67 | 67 | * @global array $tabs |
68 | | * @global string $tab |
69 | 68 | * @global int $paged |
70 | 69 | * @global string $type |
71 | 70 | * @global string $term |
… |
… |
class WP_Plugin_Install_List_Table extends WP_List_Table { |
73 | 72 | public function prepare_items() { |
74 | 73 | include( ABSPATH . 'wp-admin/includes/plugin-install.php' ); |
75 | 74 | |
76 | | global $tabs, $tab, $paged, $type, $term; |
| 75 | global $tabs, $paged, $type, $term; |
77 | 76 | |
78 | | wp_reset_vars( array( 'tab' ) ); |
| 77 | $tab = wp_assign_request_var('tab'); |
79 | 78 | |
80 | 79 | $paged = $this->get_pagenum(); |
81 | 80 | |
-
diff --git a/src/wp-admin/includes/class-wp-plugins-list-table.php b/src/wp-admin/includes/class-wp-plugins-list-table.php
index 136fbd4c73..fd0a5af3db 100644
a
|
b
|
class WP_Plugins_List_Table extends WP_List_Table { |
68 | 68 | * @global array $plugins |
69 | 69 | * @global array $totals |
70 | 70 | * @global int $page |
71 | | * @global string $orderby |
72 | | * @global string $order |
73 | 71 | * @global string $s |
74 | 72 | */ |
75 | 73 | public function prepare_items() { |
76 | | global $status, $plugins, $totals, $page, $orderby, $order, $s; |
| 74 | global $status, $plugins, $totals, $page, $s; |
77 | 75 | |
78 | | wp_reset_vars( array( 'orderby', 'order' ) ); |
| 76 | $orderby = wp_assign_request_var('orderby'); |
| 77 | $order = wp_assign_request_var('order'); |
79 | 78 | |
80 | 79 | /** |
81 | 80 | * Filters the full array of plugins to list in the Plugins list table. |
-
diff --git a/src/wp-admin/includes/class-wp-theme-install-list-table.php b/src/wp-admin/includes/class-wp-theme-install-list-table.php
index f459d67d1c..ecc3972e53 100644
a
|
b
|
class WP_Theme_Install_List_Table extends WP_Themes_List_Table { |
30 | 30 | /** |
31 | 31 | * |
32 | 32 | * @global array $tabs |
33 | | * @global string $tab |
34 | 33 | * @global int $paged |
35 | 34 | * @global string $type |
36 | 35 | * @global array $theme_field_defaults |
… |
… |
class WP_Theme_Install_List_Table extends WP_Themes_List_Table { |
38 | 37 | public function prepare_items() { |
39 | 38 | include( ABSPATH . 'wp-admin/includes/theme-install.php' ); |
40 | 39 | |
41 | | global $tabs, $tab, $paged, $type, $theme_field_defaults; |
42 | | wp_reset_vars( array( 'tab' ) ); |
| 40 | global $tabs, $paged, $type, $theme_field_defaults; |
| 41 | |
| 42 | $tab = wp_assign_request_var('tab'); |
43 | 43 | |
44 | 44 | $search_terms = array(); |
45 | 45 | $search_string = ''; |
-
diff --git a/src/wp-admin/includes/misc.php b/src/wp-admin/includes/misc.php
index 679b9ac5d6..fda896faff 100644
a
|
b
|
function wp_reset_vars( $vars ) { |
315 | 315 | } |
316 | 316 | |
317 | 317 | /** |
| 318 | * Return $_POST[ $var ] or $_GET[ $var ] value. |
| 319 | * |
| 320 | * This functions returns $_POST[ $var ] or $_GET[ $var ] value in this order |
| 321 | * if they are not empty, otherwise it returns an empty string. |
| 322 | * |
| 323 | * @since 4.8.0 |
| 324 | * |
| 325 | * @param string $var The key of the array for getting value to return. |
| 326 | * |
| 327 | * @return mixed $_POST[ $var ] or $_GET[ $var ] value or an empty string. |
| 328 | */ |
| 329 | function wp_assign_request_var( $var ) { |
| 330 | if ( empty( $_POST[ $var ] ) ) { |
| 331 | if ( empty( $_GET[ $var ] ) ) { |
| 332 | return ''; |
| 333 | } else { |
| 334 | return $_GET[ $var ]; |
| 335 | } |
| 336 | } else { |
| 337 | return $_POST[ $var ]; |
| 338 | } |
| 339 | } |
| 340 | |
| 341 | /** |
318 | 342 | * Displays the given administration message. |
319 | 343 | * |
320 | 344 | * @since 2.1.0 |
-
diff --git a/src/wp-admin/link-add.php b/src/wp-admin/link-add.php
index 423c6680e5..f6e3704c49 100644
a
|
b
|
if ( ! current_user_can('manage_links') ) |
15 | 15 | $title = __('Add New Link'); |
16 | 16 | $parent_file = 'link-manager.php'; |
17 | 17 | |
18 | | wp_reset_vars( array('action', 'cat_id', 'link_id' ) ); |
| 18 | $action = wp_assign_request_var('action'); |
| 19 | $cat_id = wp_assign_request_var('cat_id'); |
| 20 | $link_id = wp_assign_request_var('link_id'); |
19 | 21 | |
20 | 22 | wp_enqueue_script('link'); |
21 | 23 | wp_enqueue_script('xfn'); |
-
diff --git a/src/wp-admin/link.php b/src/wp-admin/link.php
index bcfe578fb0..1bb4d41f08 100644
a
|
b
|
|
12 | 12 | /** Load WordPress Administration Bootstrap */ |
13 | 13 | require_once( dirname( __FILE__ ) . '/admin.php' ); |
14 | 14 | |
15 | | wp_reset_vars( array( 'action', 'cat_id', 'link_id' ) ); |
| 15 | $action = wp_assign_request_var('action'); |
| 16 | $cat_id = wp_assign_request_var('cat_id'); |
| 17 | $link_id = wp_assign_request_var('link_id'); |
16 | 18 | |
17 | 19 | if ( ! current_user_can('manage_links') ) |
18 | 20 | wp_link_manager_disabled_message(); |
-
diff --git a/src/wp-admin/media.php b/src/wp-admin/media.php
index be3cecad98..d817cbb905 100644
a
|
b
|
require_once( dirname( __FILE__ ) . '/admin.php' ); |
12 | 12 | $parent_file = 'upload.php'; |
13 | 13 | $submenu_file = 'upload.php'; |
14 | 14 | |
15 | | wp_reset_vars(array('action')); |
| 15 | $action = wp_assign_request_var('action'); |
16 | 16 | |
17 | 17 | switch ( $action ) { |
18 | 18 | case 'editattachment' : |
-
diff --git a/src/wp-admin/options-head.php b/src/wp-admin/options-head.php
index bee3ae7e67..9f62499d8a 100644
a
|
b
|
|
8 | 8 | * @subpackage Administration |
9 | 9 | */ |
10 | 10 | |
11 | | wp_reset_vars( array( 'action' ) ); |
| 11 | $action = wp_assign_request_var('action'); |
12 | 12 | |
13 | 13 | if ( isset( $_GET['updated'] ) && isset( $_GET['page'] ) ) { |
14 | 14 | // For back-compat with plugins that don't use the Settings API and just set updated=1 in the redirect. |
-
diff --git a/src/wp-admin/options.php b/src/wp-admin/options.php
index d2e1c0374f..f76077079c 100644
a
|
b
|
$title = __('Settings'); |
22 | 22 | $this_file = 'options.php'; |
23 | 23 | $parent_file = 'options-general.php'; |
24 | 24 | |
25 | | wp_reset_vars(array('action', 'option_page')); |
| 25 | $action = wp_assign_request_var('action'); |
| 26 | $option_page = wp_assign_request_var('option_page'); |
26 | 27 | |
27 | 28 | $capability = 'manage_options'; |
28 | 29 | |
-
diff --git a/src/wp-admin/post.php b/src/wp-admin/post.php
index cf2bee5790..58cfd2029e 100644
a
|
b
|
require_once( dirname( __FILE__ ) . '/admin.php' ); |
14 | 14 | $parent_file = 'edit.php'; |
15 | 15 | $submenu_file = 'edit.php'; |
16 | 16 | |
17 | | wp_reset_vars( array( 'action' ) ); |
| 17 | $action = wp_assign_request_var('action'); |
18 | 18 | |
19 | 19 | if ( isset( $_GET['post'] ) ) |
20 | 20 | $post_id = $post_ID = (int) $_GET['post']; |
-
diff --git a/src/wp-admin/revision.php b/src/wp-admin/revision.php
index c86f78a451..e1ccd8b1ab 100644
a
|
b
|
require_once( dirname( __FILE__ ) . '/admin.php' ); |
20 | 20 | |
21 | 21 | require ABSPATH . 'wp-admin/includes/revision.php'; |
22 | 22 | |
23 | | wp_reset_vars( array( 'revision', 'action', 'from', 'to' ) ); |
| 23 | $revision = wp_assign_request_var('revision'); |
| 24 | $action = wp_assign_request_var('action'); |
| 25 | $from = wp_assign_request_var('from'); |
| 26 | $to = wp_assign_request_var('to'); |
24 | 27 | |
25 | 28 | $revision_id = absint( $revision ); |
26 | 29 | |
-
diff --git a/src/wp-admin/theme-editor.php b/src/wp-admin/theme-editor.php
index 03b91944ea..f6c56fb471 100644
a
|
b
|
get_current_screen()->set_help_sidebar( |
43 | 43 | '<p>' . __('<a href="https://wordpress.org/support/">Support Forums</a>') . '</p>' |
44 | 44 | ); |
45 | 45 | |
46 | | wp_reset_vars( array( 'action', 'error', 'file', 'theme' ) ); |
| 46 | $action = wp_assign_request_var('action'); |
| 47 | $error = wp_assign_request_var('error'); |
| 48 | $file = wp_assign_request_var('file'); |
| 49 | $theme = wp_assign_request_var('theme'); |
47 | 50 | |
48 | 51 | if ( $theme ) { |
49 | 52 | $stylesheet = $theme; |
-
diff --git a/src/wp-admin/theme-install.php b/src/wp-admin/theme-install.php
index dd9ff500d1..29f1ad608b 100644
a
|
b
|
|
10 | 10 | require_once( dirname( __FILE__ ) . '/admin.php' ); |
11 | 11 | require( ABSPATH . 'wp-admin/includes/theme-install.php' ); |
12 | 12 | |
13 | | wp_reset_vars( array( 'tab' ) ); |
| 13 | $tab = wp_assign_request_var('tab'); |
14 | 14 | |
15 | 15 | if ( ! current_user_can('install_themes') ) |
16 | 16 | wp_die( __( 'Sorry, you are not allowed to install themes on this site.' ) ); |
-
diff --git a/src/wp-admin/themes.php b/src/wp-admin/themes.php
index b73cd166d5..c64ecf5db9 100644
a
|
b
|
if ( current_user_can( 'switch_themes' ) ) { |
124 | 124 | } else { |
125 | 125 | $themes = wp_prepare_themes_for_js( array( wp_get_theme() ) ); |
126 | 126 | } |
127 | | wp_reset_vars( array( 'theme', 'search' ) ); |
| 127 | $theme = wp_assign_request_var('theme'); |
| 128 | $search = wp_assign_request_var('search'); |
128 | 129 | |
129 | 130 | wp_localize_script( 'theme', '_wpThemeSettings', array( |
130 | 131 | 'themes' => $themes, |
-
diff --git a/src/wp-admin/user-edit.php b/src/wp-admin/user-edit.php
index 80cef618e5..2b76f2279d 100644
a
|
b
|
|
9 | 9 | /** WordPress Administration Bootstrap */ |
10 | 10 | require_once( dirname( __FILE__ ) . '/admin.php' ); |
11 | 11 | |
12 | | wp_reset_vars( array( 'action', 'user_id', 'wp_http_referer' ) ); |
| 12 | $action = wp_assign_request_var('action'); |
| 13 | $user_id = wp_assign_request_var('user_id'); |
| 14 | $wp_http_referer = wp_assign_request_var('wp_http_referer'); |
13 | 15 | |
14 | 16 | $user_id = (int) $user_id; |
15 | 17 | $current_user = wp_get_current_user(); |