diff --git a/src/wp-admin/includes/ajax-actions.php b/src/wp-admin/includes/ajax-actions.php
index 83b682634b..03919ec9ce 100644
a
|
b
|
function _wp_ajax_delete_comment_response( $comment_id, $delta = -1 ) { |
588 | 588 | * @access private |
589 | 589 | */ |
590 | 590 | function _wp_ajax_add_hierarchical_term() { |
591 | | $action = $_POST['action']; |
| 591 | $action = isset( $_POST['action'] ) ? sanitize_text_field( $_POST['action'] ) : ''; |
592 | 592 | $taxonomy = get_taxonomy( substr( $action, 4 ) ); |
593 | 593 | check_ajax_referer( $action, '_ajax_nonce-add-' . $taxonomy->name ); |
594 | 594 | |
… |
… |
function _wp_ajax_add_hierarchical_term() { |
596 | 596 | wp_die( -1 ); |
597 | 597 | } |
598 | 598 | |
599 | | $names = explode( ',', $_POST[ 'new' . $taxonomy->name ] ); |
| 599 | $names = isset( $_POST[ 'new' . $taxonomy->name ] ) ? explode( ',', sanitize_text_field( $_POST[ 'new' . $taxonomy->name ] ) ) : array(); |
600 | 600 | $parent = isset( $_POST[ 'new' . $taxonomy->name . '_parent' ] ) ? (int) $_POST[ 'new' . $taxonomy->name . '_parent' ] : 0; |
601 | 601 | |
602 | 602 | if ( 0 > $parent ) { |
… |
… |
function _wp_ajax_add_hierarchical_term() { |
606 | 606 | if ( 'category' === $taxonomy->name ) { |
607 | 607 | $post_category = isset( $_POST['post_category'] ) ? (array) $_POST['post_category'] : array(); |
608 | 608 | } else { |
609 | | $post_category = ( isset( $_POST['tax_input'] ) && isset( $_POST['tax_input'][ $taxonomy->name ] ) ) ? (array) $_POST['tax_input'][ $taxonomy->name ] : array(); |
| 609 | $post_category = isset( $_POST['tax_input'][ $taxonomy->name ] ) ? (array) $_POST['tax_input'][ $taxonomy->name ] : array(); |
610 | 610 | } |
611 | 611 | |
612 | | $checked_categories = array_map( 'absint', (array) $post_category ); |
| 612 | $checked_categories = array_map( 'absint', $post_category ); |
613 | 613 | $popular_ids = wp_popular_terms_checklist( $taxonomy->name, 0, 10, false ); |
614 | 614 | |
615 | 615 | foreach ( $names as $cat_name ) { |