Ticket #44590: 44590.patch
File 44590.patch, 2.6 KB (added by , 6 years ago) |
---|
-
wp-admin/includes/user.php
642 642 * @access private 643 643 */ 644 644 function _wp_personal_data_handle_actions() { 645 if ( isset( $_POST['privacy_action_email_retry'] ) ) { // WPCS: input var ok.645 if ( isset( $_POST['privacy_action_email_retry'] ) ) { 646 646 check_admin_referer( 'bulk-privacy_requests' ); 647 647 648 $request_id = absint( current( array_keys( (array) wp_unslash( $_POST['privacy_action_email_retry'] ) ) ) ); // WPCS: input var ok, sanitization ok.648 $request_id = absint( current( array_keys( (array) wp_unslash( $_POST['privacy_action_email_retry'] ) ) ) ); 649 649 $result = _wp_privacy_resend_request( $request_id ); 650 650 651 651 if ( is_wp_error( $result ) ) { … … 664 664 ); 665 665 } 666 666 } elseif ( isset( $_POST['action'] ) ) { 667 $action = isset( $_POST['action'] ) ? sanitize_key( wp_unslash( $_POST['action'] ) ) : ''; // WPCS: input var ok, CSRF ok.667 $action = isset( $_POST['action'] ) ? sanitize_key( wp_unslash( $_POST['action'] ) ) : ''; 668 668 669 669 switch ( $action ) { 670 670 case 'add_export_personal_data_request': … … 671 671 case 'add_remove_personal_data_request': 672 672 check_admin_referer( 'personal-data-request' ); 673 673 674 if ( ! isset( $_POST['type_of_action'], $_POST['username_or_email_to_export'] ) ) { // WPCS: input var ok.674 if ( ! isset( $_POST['type_of_action'], $_POST['username_or_email_to_export'] ) ) { 675 675 add_settings_error( 676 676 'action_type', 677 677 'action_type', … … 679 679 'error' 680 680 ); 681 681 } 682 $action_type = sanitize_text_field( wp_unslash( $_POST['type_of_action'] ) ); // WPCS: input var ok.683 $username_or_email_address = sanitize_text_field( wp_unslash( $_POST['username_or_email_to_export'] ) ); // WPCS: input var ok.682 $action_type = sanitize_text_field( wp_unslash( $_POST['type_of_action'] ) ); 683 $username_or_email_address = sanitize_text_field( wp_unslash( $_POST['username_or_email_to_export'] ) ); 684 684 $email_address = ''; 685 685 686 686 if ( ! in_array( $action_type, _wp_privacy_action_request_types(), true ) ) { … … 1161 1161 */ 1162 1162 public function process_bulk_action() { 1163 1163 $action = $this->current_action(); 1164 $request_ids = isset( $_REQUEST['request_id'] ) ? wp_parse_id_list( wp_unslash( $_REQUEST['request_id'] ) ) : array(); // WPCS: input var ok, CSRF ok. 1164 $request_ids = isset( $_REQUEST['request_id'] ) ? wp_parse_id_list( wp_unslash( $_REQUEST['request_id'] ) ) : array(); 1165 1165 1166 $count = 0; 1166 1167 1167 1168 if ( $request_ids ) {