WordPress.org

Make WordPress Core

Ticket #44108: 44108.diff

File 44108.diff, 2.8 KB (added by compilenix, 14 months ago)
  • wp-admin/load-scripts.php

    diff --git wp-admin/load-scripts.php wp-admin/load-scripts.php
    index 8a0ee3c17f..a2e9ed04d4 100644
    if ( ! defined( 'ABSPATH' ) ) { 
    1414
    1515define( 'WPINC', 'wp-includes' );
    1616
    17 $load = $_GET['load'];
    18 if ( is_array( $load ) ) {
    19         $load = implode( '', $load );
    20 }
    21 
    22 $load = preg_replace( '/[^a-z0-9,_-]+/i', '', $load );
    23 $load = array_unique( explode( ',', $load ) );
    24 
    25 if ( empty( $load ) ) {
    26         exit;
    27 }
    28 
    2917require( ABSPATH . 'wp-admin/includes/noop.php' );
    3018require( ABSPATH . WPINC . '/script-loader.php' );
    3119require( ABSPATH . WPINC . '/version.php' );
    if ( isset( $_SERVER['HTTP_IF_NONE_MATCH'] ) && stripslashes( $_SERVER['HTTP_IF_ 
    4735        exit();
    4836}
    4937
     38$load =  isset( $_GET['load'] ) ? $_GET['load'] : null;
     39if ( $load === null || ! is_array( $load ) || ( is_array( $load ) && count( $load ) === 0 ) ) {
     40        header( "HTTP/1.1 400 Bad Request" );
     41        exit();
     42}
     43
     44if ( is_array( $load ) ) {
     45        $load = implode( '', $load );
     46}
     47$load = preg_replace( '/[^a-z0-9,_-]+/i', '', $load );
     48$load = array_unique( explode( ',', $load ) );
     49$load = array_filter( $load );
     50
     51if ( count( $load ) === 0 ) {
     52        header( "HTTP/1.1 400 Bad Request" );
     53        exit();
     54}
     55
    5056foreach ( $load as $handle ) {
    5157        if ( ! array_key_exists( $handle, $wp_scripts->registered ) ) {
    5258                continue;
  • wp-admin/load-styles.php

    diff --git wp-admin/load-styles.php wp-admin/load-styles.php
    index 82dacef60a..73dc7d7fc9 100644
    require( ABSPATH . 'wp-admin/includes/noop.php' ); 
    1818require( ABSPATH . WPINC . '/script-loader.php' );
    1919require( ABSPATH . WPINC . '/version.php' );
    2020
    21 $load = $_GET['load'];
    22 if ( is_array( $load ) ) {
    23         $load = implode( '', $load );
    24 }
    25 $load = preg_replace( '/[^a-z0-9,_-]+/i', '', $load );
    26 $load = array_unique( explode( ',', $load ) );
    27 
    28 if ( empty( $load ) ) {
    29         exit;
    30 }
    31 
    3221$compress       = ( isset( $_GET['c'] ) && $_GET['c'] );
    3322$force_gzip     = ( $compress && 'gzip' == $_GET['c'] );
    3423$rtl            = ( isset( $_GET['dir'] ) && 'rtl' == $_GET['dir'] );
    if ( isset( $_SERVER['HTTP_IF_NONE_MATCH'] ) && stripslashes( $_SERVER['HTTP_IF_ 
    4736        exit();
    4837}
    4938
     39$load =  isset( $_GET['load'] ) ? $_GET['load'] : null;
     40if ( $load === null || ! is_array( $load ) || ( is_array( $load ) && count( $load ) === 0 ) ) {
     41        header( "HTTP/1.1 400 Bad Request" );
     42        exit();
     43}
     44
     45if ( is_array( $load ) ) {
     46        $load = implode( '', $load );
     47}
     48$load = preg_replace( '/[^a-z0-9,_-]+/i', '', $load );
     49$load = array_unique( explode( ',', $load ) );
     50$load = array_filter( $load );
     51
     52if ( count( $load ) === 0 ) {
     53        header( "HTTP/1.1 400 Bad Request" );
     54        exit();
     55}
     56
    5057foreach ( $load as $handle ) {
    5158        if ( ! array_key_exists( $handle, $wp_styles->registered ) ) {
    5259                continue;