Ticket #38073: 38073.2.patch

src/wp-admin/comment.php

@@ -12 +12 @@
 $parent_file = 'edit-comments.php';
 $submenu_file = 'edit-comments.php';
 
-/**
- * @global string $action
- */
-global $action;
-wp_reset_vars( array('action') );
+$action = wp_assign_request_var('action');
 
 if ( isset( $_POST['deletecomment'] ) )
         $action = 'deletecomment';

src/wp-admin/customize.php

@@ -45 +45 @@
 }
 
 
-wp_reset_vars( array( 'url', 'return', 'autofocus' ) );
+$url = wp_assign_request_var('url');
 if ( ! empty( $url ) ) {
         $wp_customize->set_preview_url( wp_unslash( $url ) );
 }
+
+$return = wp_assign_request_var('return');
 if ( ! empty( $return ) ) {
         $wp_customize->set_return_url( wp_unslash( $return ) );
 }
+
+$autofocus = wp_assign_request_var('autofocus');
 if ( ! empty( $autofocus ) && is_array( $autofocus ) ) {
         $wp_customize->set_autofocus( wp_unslash( $autofocus ) );
 }

src/wp-admin/edit-tag-form.php

@@ -44 +44 @@
         do_action( 'edit_tag_form_pre', $tag );
 }
 
-/**
- * Use with caution, see https://codex.wordpress.org/Function_Reference/wp_reset_vars
- */
-wp_reset_vars( array( 'wp_http_referer' ) );
+$wp_http_referer = wp_assign_request_var('wp_http_referer');
 
 $wp_http_referer = remove_query_arg( array( 'action', 'message', 'tag_ID' ), $wp_http_referer );
 

src/wp-admin/includes/class-wp-links-list-table.php

@@ -44 +44 @@
 
         /**
          *
-         * @global int    $cat_id
-         * @global string $s
-         * @global string $orderby
-         * @global string $order
          */
         public function prepare_items() {
-                global $cat_id, $s, $orderby, $order;
-
-                wp_reset_vars( array( 'action', 'cat_id', 'link_id', 'orderby', 'order', 's' ) );
+                $cat_id = wp_assign_request_var('cat_id');
+                $s = wp_assign_request_var('s');
+                $orderby = wp_assign_request_var('orderby');
+                $order = wp_assign_request_var('order');
 
                 $args = array( 'hide_invisible' => 0, 'hide_empty' => 0 );
 

src/wp-admin/includes/class-wp-ms-themes-list-table.php

@@ -80 +80 @@
          * @global string $status
          * @global array $totals
          * @global int $page
-         * @global string $orderby
-         * @global string $order
-         * @global string $s
          */
         public function prepare_items() {
-                global $status, $totals, $page, $orderby, $order, $s;
+                global $status, $totals, $page;
 
-                wp_reset_vars( array( 'orderby', 'order', 's' ) );
+                $orderby = wp_assign_request_var('orderby');
+                $order = wp_assign_request_var('order');
+                $s = wp_assign_request_var('s');
 
                 $themes = array(
                         /**

src/wp-admin/includes/class-wp-plugin-install-list-table.php

@@ -65 +65 @@
         /**
          *
          * @global array  $tabs
-         * @global string $tab
          * @global int    $paged
          * @global string $type
          * @global string $term
@@ -73 +72 @@
         public function prepare_items() {
                 include( ABSPATH . 'wp-admin/includes/plugin-install.php' );
 
-                global $tabs, $tab, $paged, $type, $term;
+                global $tabs, $paged, $type, $term;
 
-                wp_reset_vars( array( 'tab' ) );
+                $tab = wp_assign_request_var('tab');
 
                 $paged = $this->get_pagenum();
 

src/wp-admin/includes/class-wp-plugins-list-table.php

@@ -68 +68 @@
          * @global array  $plugins
          * @global array  $totals
          * @global int    $page
-         * @global string $orderby
-         * @global string $order
          * @global string $s
          */
         public function prepare_items() {
-                global $status, $plugins, $totals, $page, $orderby, $order, $s;
+                global $status, $plugins, $totals, $page, $s;
 
-                wp_reset_vars( array( 'orderby', 'order' ) );
+                $orderby = wp_assign_request_var('orderby');
+                $order = wp_assign_request_var('order');
 
                 /**
                  * Filters the full array of plugins to list in the Plugins list table.

src/wp-admin/includes/class-wp-theme-install-list-table.php

@@ -30 +30 @@
         /**
          *
          * @global array  $tabs
-         * @global string $tab
          * @global int    $paged
          * @global string $type
          * @global array  $theme_field_defaults
@@ -38 +37 @@
         public function prepare_items() {
                 include( ABSPATH . 'wp-admin/includes/theme-install.php' );
 
-                global $tabs, $tab, $paged, $type, $theme_field_defaults;
-                wp_reset_vars( array( 'tab' ) );
+                global $tabs, $paged, $type, $theme_field_defaults;
+
+                $tab = wp_assign_request_var('tab');
 
                 $search_terms = array();
                 $search_string = '';

src/wp-admin/includes/misc.php

@@ -315 +315 @@
 }
 
 /**
+ * Return $_POST[ $var ] or $_GET[ $var ] value.
+ *
+ * This functions returns $_POST[ $var ] or $_GET[ $var ] value in this order
+ * if they are not empty, otherwise it returns an empty string.
+ *
+ * @since 4.8.0
+ *
+ * @param  string $var The key of the array for getting value to return.
+ *
+ * @return mixed $_POST[ $var ] or $_GET[ $var ] value or an empty string.
+ */
+function wp_assign_request_var( $var ) {
+        if ( empty( $_POST[ $var ] ) ) {
+                if ( empty( $_GET[ $var ] ) ) {
+                        return '';
+                } else {
+                        return $_GET[ $var ];
+                }
+        } else {
+                return $_POST[ $var ];
+        }
+}
+
+/**
  * Displays the given administration message.
  *
  * @since 2.1.0

src/wp-admin/link-add.php

@@ -15 +15 @@
 $title = __('Add New Link');
 $parent_file = 'link-manager.php';
 
-wp_reset_vars( array('action', 'cat_id', 'link_id' ) );
+$action = wp_assign_request_var('action');
+$cat_id = wp_assign_request_var('cat_id');
+$link_id = wp_assign_request_var('link_id');
 
 wp_enqueue_script('link');
 wp_enqueue_script('xfn');

src/wp-admin/link.php

@@ -12 +12 @@
 /** Load WordPress Administration Bootstrap */
 require_once( dirname( __FILE__ ) . '/admin.php' );
 
-wp_reset_vars( array( 'action', 'cat_id', 'link_id' ) );
+$action = wp_assign_request_var('action');
+$cat_id = wp_assign_request_var('cat_id');
+$link_id = wp_assign_request_var('link_id');
 
 if ( ! current_user_can('manage_links') )
         wp_link_manager_disabled_message();

src/wp-admin/media.php

@@ -12 +12 @@
 $parent_file = 'upload.php';
 $submenu_file = 'upload.php';
 
-wp_reset_vars(array('action'));
+$action = wp_assign_request_var('action');
 
 switch ( $action ) {
 case 'editattachment' :

src/wp-admin/options-head.php

@@ -8 +8 @@
  * @subpackage Administration
  */
 
-wp_reset_vars( array( 'action' ) );
+$action = wp_assign_request_var('action');
 
 if ( isset( $_GET['updated'] ) && isset( $_GET['page'] ) ) {
         // For back-compat with plugins that don't use the Settings API and just set updated=1 in the redirect.

src/wp-admin/options.php

@@ -22 +22 @@
 $this_file = 'options.php';
 $parent_file = 'options-general.php';
 
-wp_reset_vars(array('action', 'option_page'));
+$action = wp_assign_request_var('action');
+$option_page = wp_assign_request_var('option_page');
 
 $capability = 'manage_options';
 

src/wp-admin/post.php

@@ -14 +14 @@
 $parent_file = 'edit.php';
 $submenu_file = 'edit.php';
 
-wp_reset_vars( array( 'action' ) );
+$action = wp_assign_request_var('action');
 
 if ( isset( $_GET['post'] ) )
         $post_id = $post_ID = (int) $_GET['post'];

src/wp-admin/revision.php

@@ -20 +20 @@
 
 require ABSPATH . 'wp-admin/includes/revision.php';
 
-wp_reset_vars( array( 'revision', 'action', 'from', 'to' ) );
+$revision = wp_assign_request_var('revision');
+$action = wp_assign_request_var('action');
+$from = wp_assign_request_var('from');
+$to = wp_assign_request_var('to');
 
 $revision_id = absint( $revision );
 

src/wp-admin/theme-editor.php

@@ -43 +43 @@
         '<p>' . __('<a href="https://wordpress.org/support/">Support Forums</a>') . '</p>'
 );
 
-wp_reset_vars( array( 'action', 'error', 'file', 'theme' ) );
+$action = wp_assign_request_var('action');
+$error = wp_assign_request_var('error');
+$file = wp_assign_request_var('file');
+$theme = wp_assign_request_var('theme');
 
 if ( $theme ) {
         $stylesheet = $theme;

src/wp-admin/theme-install.php

@@ -10 +10 @@
 require_once( dirname( __FILE__ ) . '/admin.php' );
 require( ABSPATH . 'wp-admin/includes/theme-install.php' );
 
-wp_reset_vars( array( 'tab' ) );
+$tab = wp_assign_request_var('tab');
 
 if ( ! current_user_can('install_themes') )
         wp_die( __( 'Sorry, you are not allowed to install themes on this site.' ) );

src/wp-admin/themes.php

@@ -124 +124 @@
 } else {
         $themes = wp_prepare_themes_for_js( array( wp_get_theme() ) );
 }
-wp_reset_vars( array( 'theme', 'search' ) );
+$theme = wp_assign_request_var('theme');
+$search = wp_assign_request_var('search');
 
 wp_localize_script( 'theme', '_wpThemeSettings', array(
         'themes'   => $themes,

src/wp-admin/user-edit.php

@@ -9 +9 @@
 /** WordPress Administration Bootstrap */
 require_once( dirname( __FILE__ ) . '/admin.php' );
 
-wp_reset_vars( array( 'action', 'user_id', 'wp_http_referer' ) );
+$action = wp_assign_request_var('action');
+$user_id = wp_assign_request_var('user_id');
+$wp_http_referer = wp_assign_request_var('wp_http_referer');
 
 $user_id = (int) $user_id;
 $current_user = wp_get_current_user();