Make WordPress Core

Ticket #54182: 54182.2.diff

File 54182.2.diff, 23.8 KB (added by yagniksangani, 3 years ago)

New Diff File : Added wp_unslash() function for $_REQUESTaction? where needed in files

  • src/wp-admin/admin-ajax.php

    diff --git a/src/wp-admin/admin-ajax.php b/src/wp-admin/admin-ajax.php
    index 087a11993d..6901226ffb 100644
    a b add_action( 'wp_ajax_nopriv_generate-password', 'wp_ajax_nopriv_generate_passwor 
    168168
    169169add_action( 'wp_ajax_nopriv_heartbeat', 'wp_ajax_nopriv_heartbeat', 1 );
    170170
    171 $action = ( isset( $_REQUEST['action'] ) ) ? $_REQUEST['action'] : '';
     171$action = ( isset( $_REQUEST['action'] ) ) ? wp_unslash( $_REQUEST['action'] ) : '';
    172172
    173173if ( is_user_logged_in() ) {
    174174        // If no action is registered, return a Bad Request response.
  • src/wp-admin/admin-post.php

    diff --git a/src/wp-admin/admin-post.php b/src/wp-admin/admin-post.php
    index 803a00652c..13b32ddf26 100644
    a b nocache_headers(); 
    2929/** This action is documented in wp-admin/admin.php */
    3030do_action( 'admin_init' );
    3131
    32 $action = empty( $_REQUEST['action'] ) ? '' : $_REQUEST['action'];
     32$action = empty( $_REQUEST['action'] ) ? '' : wp_unslash( $_REQUEST['action'] );
    3333
    3434if ( ! is_user_logged_in() ) {
    3535        if ( empty( $action ) ) {
  • src/wp-admin/admin.php

    diff --git a/src/wp-admin/admin.php b/src/wp-admin/admin.php
    index d06890259e..8a6e700ec8 100644
    a b if ( isset( $plugin_page ) ) { 
    406406}
    407407
    408408if ( ! empty( $_REQUEST['action'] ) ) {
    409         $action = $_REQUEST['action'];
     409        $action = wp_unslash( $_REQUEST['action'] );
    410410
    411411        /**
    412412         * Fires when an 'action' request variable is sent.
  • src/wp-admin/async-upload.php

    diff --git a/src/wp-admin/async-upload.php b/src/wp-admin/async-upload.php
    index d152673f69..b799a28209 100644
    a b  
    66 * @subpackage Administration
    77 */
    88
    9 if ( isset( $_REQUEST['action'] ) && 'upload-attachment' === $_REQUEST['action'] ) {
     9if ( isset( $_REQUEST['action'] ) && 'upload-attachment' === wp_unslash( $_REQUEST['action'] ) ) {
    1010        define( 'DOING_AJAX', true );
    1111}
    1212
    require_once ABSPATH . 'wp-admin/admin.php'; 
    2424
    2525header( 'Content-Type: text/plain; charset=' . get_option( 'blog_charset' ) );
    2626
    27 if ( isset( $_REQUEST['action'] ) && 'upload-attachment' === $_REQUEST['action'] ) {
     27if ( isset( $_REQUEST['action'] ) && 'upload-attachment' === wp_unslash( $_REQUEST['action'] ) ) {
    2828        require ABSPATH . 'wp-admin/includes/ajax-actions.php';
    2929
    3030        send_nosniff_header();
  • src/wp-admin/authorize-application.php

    diff --git a/src/wp-admin/authorize-application.php b/src/wp-admin/authorize-application.php
    index d4104297ef..1d56b47e7d 100644
    a b require_once ABSPATH . 'wp-admin/admin-header.php'; 
    225225
    226226                                <div class="form-field">
    227227                                        <label for="app_name"><?php _e( 'New Application Password Name' ); ?></label>
    228                                         <input type="text" id="app_name" name="app_name" value="<?php echo esc_attr( $app_name ); ?>" required />
     228                                        <input type="text" id="app_name" name="app_name" value="<?php echo esc_attr( $app_name ); ?>" placeholder="<?php esc_attr_e( 'WordPress App on My Phone' ); ?>" required />
    229229                                </div>
    230230
    231231                                <?php
  • src/wp-admin/edit-comments.php

    diff --git a/src/wp-admin/edit-comments.php b/src/wp-admin/edit-comments.php
    index f54d0abd8f..0622fcf76d 100644
    a b if ( $doaction ) { 
    3030                $comment_ids    = $wpdb->get_col( $wpdb->prepare( "SELECT comment_ID FROM $wpdb->comments WHERE comment_approved = %s AND %s > comment_date_gmt", $comment_status, $delete_time ) );
    3131                $doaction       = 'delete';
    3232        } elseif ( isset( $_REQUEST['delete_comments'] ) ) {
    33                 $comment_ids = $_REQUEST['delete_comments'];
    34                 $doaction    = $_REQUEST['action'];
     33                $comment_ids = wp_unslash( $_REQUEST['delete_comments'] );
     34                $doaction    = wp_unslash( $_REQUEST['action'] );
    3535        } elseif ( isset( $_REQUEST['ids'] ) ) {
    3636                $comment_ids = array_map( 'absint', explode( ',', $_REQUEST['ids'] ) );
    3737        } elseif ( wp_get_referer() ) {
  • src/wp-admin/includes/class-wp-list-table.php

    diff --git a/src/wp-admin/includes/class-wp-list-table.php b/src/wp-admin/includes/class-wp-list-table.php
    index 2cae7f695a..e65ca0cf16 100644
    a b class WP_List_Table { 
    527527                }
    528528
    529529                if ( isset( $_REQUEST['action'] ) && -1 != $_REQUEST['action'] ) {
    530                         return $_REQUEST['action'];
     530                        return wp_unslash( $_REQUEST['action'] );
    531531                }
    532532
    533533                return false;
  • src/wp-admin/includes/class-wp-terms-list-table.php

    diff --git a/src/wp-admin/includes/class-wp-terms-list-table.php b/src/wp-admin/includes/class-wp-terms-list-table.php
    index e905749088..ea39722319 100644
    a b class WP_Terms_List_Table extends WP_List_Table { 
    171171         * @return string
    172172         */
    173173        public function current_action() {
    174                 if ( isset( $_REQUEST['action'] ) && isset( $_REQUEST['delete_tags'] ) && 'delete' === $_REQUEST['action'] ) {
     174                if ( isset( $_REQUEST['action'] ) && isset( $_REQUEST['delete_tags'] ) && 'delete' === wp_unslash( $_REQUEST['action'] ) ) {
    175175                        return 'bulk-delete';
    176176                }
    177177
  • src/wp-admin/nav-menus.php

    diff --git a/src/wp-admin/nav-menus.php b/src/wp-admin/nav-menus.php
    index d340fb6b67..3ea73c7019 100644
    a b $menu_locations = get_nav_menu_locations(); 
    4949$num_locations  = count( array_keys( $locations ) );
    5050
    5151// Allowed actions: add, update, delete.
    52 $action = isset( $_REQUEST['action'] ) ? $_REQUEST['action'] : 'edit';
     52$action = isset( $_REQUEST['action'] ) ? wp_unslash( $_REQUEST['action'] ) : 'edit';
    5353
    5454/*
    5555 * If a JSON blob of navigation menu data is found, expand it and inject it
  • src/wp-admin/network/site-info.php

    diff --git a/src/wp-admin/network/site-info.php b/src/wp-admin/network/site-info.php
    index b99f35ab20..3da72f5eb7 100644
    a b if ( ! can_edit_network( $details->site_id ) ) { 
    3535$parsed_scheme = parse_url( $details->siteurl, PHP_URL_SCHEME );
    3636$is_main_site  = is_main_site( $id );
    3737
    38 if ( isset( $_REQUEST['action'] ) && 'update-site' === $_REQUEST['action'] ) {
     38if ( isset( $_REQUEST['action'] ) && 'update-site' === wp_unslash( $_REQUEST['action'] ) ) {
    3939        check_admin_referer( 'edit-site' );
    4040
    4141        switch_to_blog( $id );
  • src/wp-admin/network/site-new.php

    diff --git a/src/wp-admin/network/site-new.php b/src/wp-admin/network/site-new.php
    index ac466db9a9..bf4326512a 100644
    a b get_current_screen()->set_help_sidebar( 
    3333        '<p>' . __( '<a href="https://wordpress.org/support/forum/multisite/">Support Forums</a>' ) . '</p>'
    3434);
    3535
    36 if ( isset( $_REQUEST['action'] ) && 'add-site' === $_REQUEST['action'] ) {
     36if ( isset( $_REQUEST['action'] ) && 'add-site' === wp_unslash( $_REQUEST['action'] ) ) {
    3737        check_admin_referer( 'add-blog', '_wpnonce_add-blog' );
    3838
    3939        if ( ! is_array( $_POST['blog'] ) ) {
  • src/wp-admin/network/site-settings.php

    diff --git a/src/wp-admin/network/site-settings.php b/src/wp-admin/network/site-settings.php
    index b669a5103f..9f4f8e4cd7 100644
    a b if ( ! can_edit_network( $details->site_id ) ) { 
    3434
    3535$is_main_site = is_main_site( $id );
    3636
    37 if ( isset( $_REQUEST['action'] ) && 'update-site' === $_REQUEST['action'] && is_array( $_POST['option'] ) ) {
     37if ( isset( $_REQUEST['action'] ) && 'update-site' === wp_unslash( $_REQUEST['action'] ) && is_array( $_POST['option'] ) ) {
    3838        check_admin_referer( 'edit-site' );
    3939
    4040        switch_to_blog( $id );
  • src/wp-admin/network/user-new.php

    diff --git a/src/wp-admin/network/user-new.php b/src/wp-admin/network/user-new.php
    index c881dff2ac..17e0a44531 100644
    a b get_current_screen()->set_help_sidebar( 
    3030        '<p>' . __( '<a href="https://wordpress.org/support/forum/multisite/">Support Forums</a>' ) . '</p>'
    3131);
    3232
    33 if ( isset( $_REQUEST['action'] ) && 'add-user' === $_REQUEST['action'] ) {
     33if ( isset( $_REQUEST['action'] ) && 'add-user' === wp_unslash( $_REQUEST['action'] ) ) {
    3434        check_admin_referer( 'add-user', '_wpnonce_add-user' );
    3535
    3636        if ( ! current_user_can( 'manage_network_users' ) ) {
  • src/wp-admin/update.php

    diff --git a/src/wp-admin/update.php b/src/wp-admin/update.php
    index a4a2abf8db..165476bad7 100644
    a b wp_enqueue_script( 'wp-a11y' ); 
    2222if ( isset( $_GET['action'] ) ) {
    2323        $plugin = isset( $_REQUEST['plugin'] ) ? trim( $_REQUEST['plugin'] ) : '';
    2424        $theme  = isset( $_REQUEST['theme'] ) ? urldecode( $_REQUEST['theme'] ) : '';
    25         $action = isset( $_REQUEST['action'] ) ? $_REQUEST['action'] : '';
     25        $action = isset( $_REQUEST['action'] ) ? wp_unslash( $_REQUEST['action'] ) : '';
    2626
    2727        if ( 'update-selected' === $action ) {
    2828                if ( ! current_user_can( 'update_plugins' ) ) {
  • src/wp-admin/user-edit.php

    diff --git a/src/wp-admin/user-edit.php b/src/wp-admin/user-edit.php
    index 30bc5c8e46..9485aab20f 100644
    a b endif; 
    767767                        <div class="create-application-password form-wrap">
    768768                                <div class="form-field">
    769769                                        <label for="new_application_password_name"><?php _e( 'New Application Password Name' ); ?></label>
    770                                         <input type="text" size="30" id="new_application_password_name" name="new_application_password_name" class="input" aria-required="true" aria-describedby="new_application_password_name_desc" />
     770                                        <input type="text" size="30" id="new_application_password_name" name="new_application_password_name" placeholder="<?php esc_attr_e( 'WordPress App on My Phone' ); ?>" class="input" aria-required="true" aria-describedby="new_application_password_name_desc" />
    771771                                        <p class="description" id="new_application_password_name_desc"><?php _e( 'Required to create an Application Password, but not to update the user.' ); ?></p>
    772772                                </div>
    773773
  • src/wp-admin/user-new.php

    diff --git a/src/wp-admin/user-new.php b/src/wp-admin/user-new.php
    index 26da6a0ec4..10ab185e44 100644
    a b if ( is_multisite() ) { 
    2929        add_filter( 'wpmu_signup_user_notification_email', 'admin_created_user_email' );
    3030}
    3131
    32 if ( isset( $_REQUEST['action'] ) && 'adduser' === $_REQUEST['action'] ) {
     32if ( isset( $_REQUEST['action'] ) && 'adduser' === wp_unslash( $_REQUEST['action'] ) ) {
    3333        check_admin_referer( 'add-user', '_wpnonce_add-user' );
    3434
    3535        $user_details = null;
    Please click the following link to confirm the invite: 
    174174        }
    175175        wp_redirect( $redirect );
    176176        die();
    177 } elseif ( isset( $_REQUEST['action'] ) && 'createuser' === $_REQUEST['action'] ) {
     177} elseif ( isset( $_REQUEST['action'] ) && 'createuser' === wp_unslash( $_REQUEST['action'] ) ) {
    178178        check_admin_referer( 'create-user', '_wpnonce_create-user' );
    179179
    180180        if ( ! current_user_can( 'create_users' ) ) {
  • src/wp-content/themes/twentytwenty/classes/class-twentytwenty-non-latin-languages.php

    diff --git a/src/wp-content/themes/twentytwenty/classes/class-twentytwenty-non-latin-languages.php b/src/wp-content/themes/twentytwenty/classes/class-twentytwenty-non-latin-languages.php
    index 0c4951ef48..a0845a4a70 100644
    a b if ( ! class_exists( 'TwentyTwenty_Non_Latin_Languages' ) ) { 
    118118                        $elements = apply_filters(
    119119                                'twentytwenty_get_localized_font_family_elements',
    120120                                array(
    121                                         'front-end'      => array( 'body', 'input', 'textarea', 'button', '.button', '.faux-button', '.wp-block-button__link', '.wp-block-file__button', '.has-drop-cap:not(:focus)::first-letter', '.entry-content .wp-block-archives', '.entry-content .wp-block-categories', '.entry-content .wp-block-cover-image', '.entry-content .wp-block-latest-comments', '.entry-content .wp-block-latest-posts', '.entry-content .wp-block-pullquote', '.entry-content .wp-block-quote.is-large', '.entry-content .wp-block-quote.is-style-large', '.entry-content .wp-block-archives *', '.entry-content .wp-block-categories *', '.entry-content .wp-block-latest-posts *', '.entry-content .wp-block-latest-comments *', '.entry-content p', '.entry-content ol', '.entry-content ul', '.entry-content dl', '.entry-content dt', '.entry-content cite', '.entry-content figcaption', '.entry-content .wp-caption-text', '.comment-content p', '.comment-content ol', '.comment-content ul', '.comment-content dl', '.comment-content dt', '.comment-content cite', '.comment-content figcaption', '.comment-content .wp-caption-text', '.widget_text p', '.widget_text ol', '.widget_text ul', '.widget_text dl', '.widget_text dt', '.widget-content .rssSummary', '.widget-content cite', '.widget-content figcaption', '.widget-content .wp-caption-text' ),
     121                                        'front-end'      => array( 'body', 'input', 'textarea', 'button', '.button', '.faux-button', '.wp-block-button__link', '.wp-block-file__button', '.has-drop-cap:not(:focus)::first-letter', '.has-drop-cap:not(:focus)::first-letter', '.entry-content .wp-block-archives', '.entry-content .wp-block-categories', '.entry-content .wp-block-cover-image', '.entry-content .wp-block-latest-comments', '.entry-content .wp-block-latest-posts', '.entry-content .wp-block-pullquote', '.entry-content .wp-block-quote.is-large', '.entry-content .wp-block-quote.is-style-large', '.entry-content .wp-block-archives *', '.entry-content .wp-block-categories *', '.entry-content .wp-block-latest-posts *', '.entry-content .wp-block-latest-comments *', '.entry-content p', '.entry-content ol', '.entry-content ul', '.entry-content dl', '.entry-content dt', '.entry-content cite', '.entry-content figcaption', '.entry-content .wp-caption-text', '.comment-content p', '.comment-content ol', '.comment-content ul', '.comment-content dl', '.comment-content dt', '.comment-content cite', '.comment-content figcaption', '.comment-content .wp-caption-text', '.widget_text p', '.widget_text ol', '.widget_text ul', '.widget_text dl', '.widget_text dt', '.widget-content .rssSummary', '.widget-content cite', '.widget-content figcaption', '.widget-content .wp-caption-text' ),
    122122                                        'block-editor'   => array( '.editor-styles-wrapper > *', '.editor-styles-wrapper p', '.editor-styles-wrapper ol', '.editor-styles-wrapper ul', '.editor-styles-wrapper dl', '.editor-styles-wrapper dt', '.editor-post-title__block .editor-post-title__input', '.editor-styles-wrapper .wp-block h1', '.editor-styles-wrapper .wp-block h2', '.editor-styles-wrapper .wp-block h3', '.editor-styles-wrapper .wp-block h4', '.editor-styles-wrapper .wp-block h5', '.editor-styles-wrapper .wp-block h6', '.editor-styles-wrapper .has-drop-cap:not(:focus)::first-letter', '.editor-styles-wrapper cite', '.editor-styles-wrapper figcaption', '.editor-styles-wrapper .wp-caption-text' ),
    123123                                        'classic-editor' => array( 'body#tinymce.wp-editor', 'body#tinymce.wp-editor p', 'body#tinymce.wp-editor ol', 'body#tinymce.wp-editor ul', 'body#tinymce.wp-editor dl', 'body#tinymce.wp-editor dt', 'body#tinymce.wp-editor figcaption', 'body#tinymce.wp-editor .wp-caption-text', 'body#tinymce.wp-editor .wp-caption-dd', 'body#tinymce.wp-editor cite', 'body#tinymce.wp-editor table' ),
    124124                                )
  • src/wp-content/themes/twentytwentyone/inc/template-functions.php

    diff --git a/src/wp-content/themes/twentytwentyone/inc/template-functions.php b/src/wp-content/themes/twentytwentyone/inc/template-functions.php
    index 2bee7d6f95..839a77a368 100644
    a b function twenty_twenty_one_get_non_latin_css( $type = 'front-end' ) { 
    315315        $elements = apply_filters(
    316316                'twenty_twenty_one_get_localized_font_family_elements',
    317317                array(
    318                         'front-end'      => array( 'body', 'input', 'textarea', 'button', '.button', '.faux-button', '.wp-block-button__link', '.wp-block-file__button', '.has-drop-cap:not(:focus)::first-letter', '.entry-content .wp-block-archives', '.entry-content .wp-block-categories', '.entry-content .wp-block-cover-image', '.entry-content .wp-block-latest-comments', '.entry-content .wp-block-latest-posts', '.entry-content .wp-block-pullquote', '.entry-content .wp-block-quote.is-large', '.entry-content .wp-block-quote.is-style-large', '.entry-content .wp-block-archives *', '.entry-content .wp-block-categories *', '.entry-content .wp-block-latest-posts *', '.entry-content .wp-block-latest-comments *', '.entry-content p', '.entry-content ol', '.entry-content ul', '.entry-content dl', '.entry-content dt', '.entry-content cite', '.entry-content figcaption', '.entry-content .wp-caption-text', '.comment-content p', '.comment-content ol', '.comment-content ul', '.comment-content dl', '.comment-content dt', '.comment-content cite', '.comment-content figcaption', '.comment-content .wp-caption-text', '.widget_text p', '.widget_text ol', '.widget_text ul', '.widget_text dl', '.widget_text dt', '.widget-content .rssSummary', '.widget-content cite', '.widget-content figcaption', '.widget-content .wp-caption-text' ),
     318                        'front-end'      => array( 'body', 'input', 'textarea', 'button', '.button', '.faux-button', '.wp-block-button__link', '.wp-block-file__button', '.has-drop-cap:not(:focus)::first-letter', '.has-drop-cap:not(:focus)::first-letter', '.entry-content .wp-block-archives', '.entry-content .wp-block-categories', '.entry-content .wp-block-cover-image', '.entry-content .wp-block-latest-comments', '.entry-content .wp-block-latest-posts', '.entry-content .wp-block-pullquote', '.entry-content .wp-block-quote.is-large', '.entry-content .wp-block-quote.is-style-large', '.entry-content .wp-block-archives *', '.entry-content .wp-block-categories *', '.entry-content .wp-block-latest-posts *', '.entry-content .wp-block-latest-comments *', '.entry-content p', '.entry-content ol', '.entry-content ul', '.entry-content dl', '.entry-content dt', '.entry-content cite', '.entry-content figcaption', '.entry-content .wp-caption-text', '.comment-content p', '.comment-content ol', '.comment-content ul', '.comment-content dl', '.comment-content dt', '.comment-content cite', '.comment-content figcaption', '.comment-content .wp-caption-text', '.widget_text p', '.widget_text ol', '.widget_text ul', '.widget_text dl', '.widget_text dt', '.widget-content .rssSummary', '.widget-content cite', '.widget-content figcaption', '.widget-content .wp-caption-text' ),
    319319                        'block-editor'   => array( '.editor-styles-wrapper > *', '.editor-styles-wrapper p', '.editor-styles-wrapper ol', '.editor-styles-wrapper ul', '.editor-styles-wrapper dl', '.editor-styles-wrapper dt', '.editor-post-title__block .editor-post-title__input', '.editor-styles-wrapper .wp-block h1', '.editor-styles-wrapper .wp-block h2', '.editor-styles-wrapper .wp-block h3', '.editor-styles-wrapper .wp-block h4', '.editor-styles-wrapper .wp-block h5', '.editor-styles-wrapper .wp-block h6', '.editor-styles-wrapper .has-drop-cap:not(:focus)::first-letter', '.editor-styles-wrapper cite', '.editor-styles-wrapper figcaption', '.editor-styles-wrapper .wp-caption-text' ),
    320320                        'classic-editor' => array( 'body#tinymce.wp-editor', 'body#tinymce.wp-editor p', 'body#tinymce.wp-editor ol', 'body#tinymce.wp-editor ul', 'body#tinymce.wp-editor dl', 'body#tinymce.wp-editor dt', 'body#tinymce.wp-editor figcaption', 'body#tinymce.wp-editor .wp-caption-text', 'body#tinymce.wp-editor .wp-caption-dd', 'body#tinymce.wp-editor cite', 'body#tinymce.wp-editor table' ),
    321321                )
  • src/wp-includes/class-http.php

    diff --git a/src/wp-includes/class-http.php b/src/wp-includes/class-http.php
    index d998d30e0d..861d1d0e4b 100644
    a b class WP_Http { 
    881881                $home = parse_url( get_option( 'siteurl' ) );
    882882
    883883                // Don't block requests back to ourselves by default.
    884                 if ( 'localhost' === $check['host'] || ( isset( $home['host'] ) && $home['host'] === $check['host'] ) ) {
     884                if ( 'localhost' === $check['host'] || ( isset( $home['host'] ) && $home['host'] == $check['host'] ) ) {
    885885                        /**
    886886                         * Filters whether to block local HTTP API requests.
    887887                         *
  • src/wp-includes/class-wp-admin-bar.php

    diff --git a/src/wp-includes/class-wp-admin-bar.php b/src/wp-includes/class-wp-admin-bar.php
    index 2d8814e590..7d3470f538 100644
    a b class WP_Admin_Bar { 
    1818        public $user;
    1919
    2020        /**
    21          * @since 3.3.0
    22          *
    2321         * @param string $name
    2422         * @return string|array|void
    2523         */
    class WP_Admin_Bar { 
    3533        }
    3634
    3735        /**
    38          * Initializes the admin bar.
    39          *
    40          * @since 3.1.0
    4136         */
    4237        public function initialize() {
    4338                $this->user = new stdClass;
    class WP_Admin_Bar { 
    8782        }
    8883
    8984        /**
    90          * Adds a node (menu item) to the admin bar menu.
     85         * Add a node (menu item) to the Admin Bar menu.
    9186         *
    9287         * @since 3.3.0
    9388         *
    class WP_Admin_Bar { 
    9893        }
    9994
    10095        /**
    101          * Removes a node from the admin bar.
     96         * Remove a node from the admin bar.
    10297         *
    10398         * @since 3.1.0
    10499         *
    class WP_Admin_Bar { 
    184179        }
    185180
    186181        /**
    187          * @since 3.3.0
    188          *
    189182         * @param array $args
    190183         */
    191184        final protected function _set_node( $args ) {
    class WP_Admin_Bar { 
    195188        /**
    196189         * Gets a node.
    197190         *
    198          * @since 3.3.0
    199          *
    200191         * @param string $id
    201192         * @return object|void Node.
    202193         */
    class WP_Admin_Bar { 
    208199        }
    209200
    210201        /**
    211          * @since 3.3.0
    212          *
    213202         * @param string $id
    214203         * @return object|void
    215204         */
    class WP_Admin_Bar { 
    228217        }
    229218
    230219        /**
    231          * @since 3.3.0
    232          *
    233220         * @return array|void
    234221         */
    235222        final public function get_nodes() {
    class WP_Admin_Bar { 
    245232        }
    246233
    247234        /**
    248          * @since 3.3.0
    249          *
    250235         * @return array|void
    251236         */
    252237        final protected function _get_nodes() {
    class WP_Admin_Bar { 
    258243        }
    259244
    260245        /**
    261          * Adds a group to a toolbar menu node.
     246         * Add a group to a toolbar menu node.
    262247         *
    263248         * Groups can be used to organize toolbar items into distinct sections of a toolbar menu.
    264249         *
    class WP_Admin_Bar { 
    282267        /**
    283268         * Remove a node.
    284269         *
    285          * @since 3.1.0
    286          *
    287270         * @param string $id The ID of the item.
    288271         */
    289272        public function remove_node( $id ) {
    class WP_Admin_Bar { 
    291274        }
    292275
    293276        /**
    294          * @since 3.3.0
    295          *
    296277         * @param string $id
    297278         */
    298279        final protected function _unset_node( $id ) {
    class WP_Admin_Bar { 
    300281        }
    301282
    302283        /**
    303          * @since 3.1.0
    304284         */
    305285        public function render() {
    306286                $root = $this->_bind();
    class WP_Admin_Bar { 
    310290        }
    311291
    312292        /**
    313          * @since 3.3.0
    314          *
    315293         * @return object|void
    316294         */
    317295        final protected function _bind() {
    class WP_Admin_Bar { 
    448426        }
    449427
    450428        /**
    451          * @since 3.3.0
    452          *
    453429         * @param object $root
    454430         */
    455431        final protected function _render( $root ) {
    class WP_Admin_Bar { 
    481457        }
    482458
    483459        /**
    484          * @since 3.3.0
    485          *
    486460         * @param object $node
    487461         */
    488462        final protected function _render_container( $node ) {
    class WP_Admin_Bar { 
    498472        }
    499473
    500474        /**
    501          * @since 3.3.0
    502          *
    503475         * @param object $node
    504476         */
    505477        final protected function _render_group( $node ) {
    class WP_Admin_Bar { 
    525497        }
    526498
    527499        /**
    528          * @since 3.3.0
    529          *
    530500         * @param object $node
    531501         */
    532502        final protected function _render_item( $node ) {
    class WP_Admin_Bar { 
    626596        }
    627597
    628598        /**
    629          * Adds menus to the admin bar.
    630          *
    631          * @since 3.1.0
    632599         */
    633600        public function add_menus() {
    634601                // User-related, aligned right.
  • src/wp-includes/class-wp-http-ixr-client.php

    diff --git a/src/wp-includes/class-wp-http-ixr-client.php b/src/wp-includes/class-wp-http-ixr-client.php
    index fef16e831d..5de31618fa 100644
    a b class WP_HTTP_IXR_Client extends IXR_Client { 
    9797                        return false;
    9898                }
    9999
    100                 if ( 200 !== wp_remote_retrieve_response_code( $response ) ) {
     100                if ( 200 != wp_remote_retrieve_response_code( $response ) ) {
    101101                        $this->error = new IXR_Error( -32301, 'transport error - HTTP status code was not 200 (' . wp_remote_retrieve_response_code( $response ) . ')' );
    102102                        return false;
    103103                }
  • src/wp-login.php

    diff --git a/src/wp-login.php b/src/wp-login.php
    index 0d030863ed..5c8642d74c 100644
    a b function wp_login_viewport_meta() { 
    364364// Main.
    365365//
    366366
    367 $action = isset( $_REQUEST['action'] ) ? $_REQUEST['action'] : 'login';
     367$action = isset( $_REQUEST['action'] ) ? wp_unslash( $_REQUEST['action'] ) : 'login';
    368368$errors = new WP_Error();
    369369
    370370if ( isset( $_GET['key'] ) ) {