WordPress.org
Get WordPress

Make WordPress Core

Ticket #63137: 63137.4.patch

File 63137.4.patch, 4.9 KB (added by viralsampat, 7 months ago)

I have checked above mentioned issue and founds few files. Here, I have added its patch.

  • src/wp-admin/includes/ajax-actions.php 

    diff --git src/wp-admin/includes/ajax-actions.php src/wp-admin/includes/ajax-actions.php
index 83b682634b..514493409b 100644
    function wp_ajax_ajax_tag_search() { 
    119119                wp_die( -1 );
    120120        }
    121121
    122         $search = wp_unslash( $_GET['q'] );
     122        $search = isset( $_GET['q'] ) ? wp_unslash( $_GET['q'] ) : '';
    123123
    124124        $comma = _x( ',', 'tag delimiter' );
    125125        if ( ',' !== $comma ) {

  • src/wp-admin/includes/bookmark.php 

    diff --git src/wp-admin/includes/bookmark.php src/wp-admin/includes/bookmark.php
index 03e8b1201c..7849027406 100644
    function edit_link( $link_id = 0 ) { 
    3434                );
    3535        }
    3636
    37         $_POST['link_url']   = esc_url( $_POST['link_url'] );
    38         $_POST['link_name']  = esc_html( $_POST['link_name'] );
    39         $_POST['link_image'] = esc_html( $_POST['link_image'] );
    40         $_POST['link_rss']   = esc_url( $_POST['link_rss'] );
     37        $_POST['link_url']   = isset( $_POST['link_url'] ) ? esc_url( $_POST['link_url'] ) : '';
     38        $_POST['link_name']  = isset( $_POST['link_name'] ) ? esc_html( $_POST['link_name'] ) : '';
     39        $_POST['link_image'] = isset( $_POST['link_image'] ) ? esc_html( $_POST['link_image'] ) : '';
     40        $_POST['link_rss']   = isset( $_POST['link_rss'] ) ? esc_url( $_POST['link_rss'] ) : '';
     41
     42        // If the link is empty, return 0.
    4143        if ( ! isset( $_POST['link_visible'] ) || 'N' !== $_POST['link_visible'] ) {
    4244                $_POST['link_visible'] = 'Y';
    4345        }
    4446
     47        // If the link name is empty, set it to the URL.
    4548        if ( ! empty( $link_id ) ) {
    4649                $_POST['link_id'] = $link_id;
    4750                return wp_update_link( $_POST );

  • src/wp-admin/includes/class-wp-terms-list-table.php 

    diff --git src/wp-admin/includes/class-wp-terms-list-table.php src/wp-admin/includes/class-wp-terms-list-table.php
index c7f34631a9..be61bcc630 100644
    class WP_Terms_List_Table extends WP_List_Table { 
    402402
    403403                $qe_data = get_term( $tag->term_id, $taxonomy, OBJECT, 'edit' );
    404404
    405                 $uri = wp_doing_ajax() ? wp_get_referer() : $_SERVER['REQUEST_URI'];
     405                $uri = wp_doing_ajax() ? wp_get_referer() : ( isset( $_SERVER['REQUEST_URI'] ) ? $_SERVER['REQUEST_URI'] : '' );
    406406
    407407                $edit_link = get_edit_term_link( $tag, $taxonomy, $this->screen->post_type );
    408408
    class WP_Terms_List_Table extends WP_List_Table { 
    473473                $tag = $item;
    474474
    475475                $taxonomy = $this->screen->taxonomy;
    476                 $uri      = wp_doing_ajax() ? wp_get_referer() : $_SERVER['REQUEST_URI'];
     476                $uri      = wp_doing_ajax() ? wp_get_referer() : ( isset( $_SERVER['REQUEST_URI'] ) ? $_SERVER['REQUEST_URI'] : '' );
    477477
    478478                $actions = array();
    479479

  • src/wp-admin/includes/comment.php 

    diff --git src/wp-admin/includes/comment.php src/wp-admin/includes/comment.php
index ffec90c81e..00a5da2da2 100644
    function edit_comment() { 
    8282        }
    8383
    8484        if ( ! empty( $_POST['edit_date'] ) ) {
    85                 $aa = $_POST['aa'];
    86                 $mm = $_POST['mm'];
    87                 $jj = $_POST['jj'];
    88                 $hh = $_POST['hh'];
    89                 $mn = $_POST['mn'];
    90                 $ss = $_POST['ss'];
     85                $aa = isset( $_POST['aa'] ) ? $_POST['aa'] : '';
     86                $mm = isset( $_POST['mm'] ) ? $_POST['mm'] : '';
     87                $jj = isset( $_POST['jj'] ) ? $_POST['jj'] : '';
     88                $hh = isset( $_POST['hh'] ) ? $_POST['hh'] : '';
     89                $mn = isset( $_POST['mn'] ) ? $_POST['mn'] : '';
     90                $ss = isset( $_POST['ss'] ) ? $_POST['ss'] : '';
    9191                $jj = ( $jj > 31 ) ? 31 : $jj;
    9292                $hh = ( $hh > 23 ) ? $hh - 24 : $hh;
    9393                $mn = ( $mn > 59 ) ? $mn - 60 : $mn;

  • src/wp-admin/includes/dashboard.php 

    diff --git src/wp-admin/includes/dashboard.php src/wp-admin/includes/dashboard.php
index b198325f27..08f5bd79c1 100644
    function wp_dashboard_setup() { 
    149149                wp_add_dashboard_widget( $widget_id, $name, $wp_registered_widgets[ $widget_id ]['callback'], $wp_registered_widget_controls[ $widget_id ]['callback'] );
    150150        }
    151151
    152         if ( 'POST' === $_SERVER['REQUEST_METHOD'] && isset( $_POST['widget_id'] ) ) {
     152        if ( ( isset( $_SERVER['REQUEST_METHOD'] ) && 'POST' === $_SERVER['REQUEST_METHOD'] ) && isset( $_POST['widget_id'] ) ) {
    153153                check_admin_referer( 'edit-dashboard-widget_' . $_POST['widget_id'], 'dashboard-widget-nonce' );
    154154                ob_start(); // Hack - but the same hack wp-admin/widgets.php uses.
    155155                wp_dashboard_trigger_widget_control( $_POST['widget_id'] );
    function wp_dashboard_rss_control( $widget_id, $form_inputs = array() ) { 
    12621262
    12631263        $widget_options[ $widget_id ]['number'] = $number;
    12641264
    1265         if ( 'POST' === $_SERVER['REQUEST_METHOD'] && isset( $_POST['widget-rss'][ $number ] ) ) {
     1265        if ( ( isset( $_SERVER['REQUEST_METHOD'] ) && 'POST' === $_SERVER['REQUEST_METHOD'] ) && isset( $_POST['widget-rss'][ $number ] ) ) {
    12661266                $_POST['widget-rss'][ $number ]         = wp_unslash( $_POST['widget-rss'][ $number ] );
    12671267                $widget_options[ $widget_id ]           = wp_widget_rss_process( $_POST['widget-rss'][ $number ] );
    12681268                $widget_options[ $widget_id ]['number'] = $number;