WordPress.org
Get WordPress

Make WordPress Core

Ticket #63137: 63137.6.patch

File 63137.6.patch, 4.3 KB (added by viralsampat, 5 months ago)

I have checked above mentioned issue and founds few files. Here, I have added its patch.

  • src/wp-admin/edit-comments.php 

    diff --git src/wp-admin/edit-comments.php src/wp-admin/edit-comments.php
index 8a004b5226..4a8f0eb831 100644
    if ( $doaction ) { 
    3030                 */
    3131                global $wpdb;
    3232
    33                 $comment_status = wp_unslash( $_REQUEST['comment_status'] );
    34                 $delete_time    = wp_unslash( $_REQUEST['pagegen_timestamp'] );
     33                $comment_status = isset( $_REQUEST['comment_status'] ) ? wp_unslash( $_REQUEST['comment_status'] ) : '';
     34                $delete_time    = isset( $_REQUEST['pagegen_timestamp'] ) ? wp_unslash( $_REQUEST['pagegen_timestamp'] ) : '';
    3535                $comment_ids    = $wpdb->get_col(
    3636                        $wpdb->prepare(
    3737                                "SELECT comment_ID FROM $wpdb->comments
    if ( $doaction ) { 
    150150        wp_safe_redirect( $redirect_to );
    151151        exit;
    152152} elseif ( ! empty( $_GET['_wp_http_referer'] ) ) {
    153         wp_redirect( remove_query_arg( array( '_wp_http_referer', '_wpnonce' ), wp_unslash( $_SERVER['REQUEST_URI'] ) ) );
    154         exit;
     153
     154        // Check REQUEST URI is set and not empty.
     155        if( isset( $_SERVER['REQUEST_URI'] ) && ! empty( $_SERVER['REQUEST_URI'] ) ) {
     156                wp_redirect( remove_query_arg( array( '_wp_http_referer', '_wpnonce' ), wp_unslash( $_SERVER['REQUEST_URI'] ) ) );
     157                exit;
     158        }
    155159}
    156160
    157161$wp_list_table->prepare_items();

  • src/wp-admin/load-styles.php 

    diff --git src/wp-admin/load-styles.php src/wp-admin/load-styles.php
index 3bdfcc7a22..5152773a56 100644
    require ABSPATH . WPINC . '/global-styles-and-settings.php'; 
    2929require ABSPATH . WPINC . '/script-loader.php';
    3030require ABSPATH . WPINC . '/version.php';
    3131
    32 $protocol = $_SERVER['SERVER_PROTOCOL'];
    33 if ( ! in_array( $protocol, array( 'HTTP/1.1', 'HTTP/2', 'HTTP/2.0', 'HTTP/3' ), true ) ) {
    34         $protocol = 'HTTP/1.0';
     32// Check SERVER_PROTOCOL isset and not empty.
     33if ( isset( $_SERVER['SERVER_PROTOCOL'] ) && ! empty( $_SERVER['SERVER_PROTOCOL'] ) ) {
     34        if ( ! in_array( $protocol, array( 'HTTP/1.1', 'HTTP/2', 'HTTP/2.0', 'HTTP/3' ), true ) ) {
     35                $protocol = 'HTTP/1.0';
     36        }
     37}
     38
     39// Check Get Load Parameter isset and not empty.
     40if ( ! isset( $_GET['load'] ) || empty( $_GET['load'] ) ) {
     41        $load = $_GET['load'];
    3542}
    3643
    37 $load = $_GET['load'];
    3844if ( is_array( $load ) ) {
    3945        ksort( $load );
    4046        $load = implode( '', $load );

  • src/wp-includes/class-wp-customize-manager.php 

    diff --git src/wp-includes/class-wp-customize-manager.php src/wp-includes/class-wp-customize-manager.php
index 51c88ef5fc..4b721279b8 100644
    final class WP_Customize_Manager { 
    45754575         * @return bool Whether the user agent is iOS.
    45764576         */
    45774577        public function is_ios() {
    4578                 return wp_is_mobile() && preg_match( '/iPad|iPod|iPhone/', $_SERVER['HTTP_USER_AGENT'] );
     4578                // Check HTTP_USER_AGENT isset and not empty.
     4579                if( isset( $_SERVER['HTTP_USER_AGENT'] ) && ! empty( $_SERVER['HTTP_USER_AGENT'] ) ) {
     4580                        return wp_is_mobile() && preg_match( '/iPad|iPod|iPhone/', $_SERVER['HTTP_USER_AGENT'] );
     4581                } else {
     4582                        // If HTTP_USER_AGENT is not set, assume not iOS.
     4583                        return false;
     4584                }
    45794585        }
    45804586
    45814587        /**

  • src/wp-includes/vars.php 

    diff --git src/wp-includes/vars.php src/wp-includes/vars.php
index 22496330c3..1f5f01995e 100644
    global $pagenow, 
    2828if ( is_admin() ) {
    2929        // wp-admin pages are checked more carefully.
    3030        if ( is_network_admin() ) {
    31                 preg_match( '#/wp-admin/network/?(.*?)$#i', $_SERVER['PHP_SELF'], $self_matches );
     31
     32                // Check PHP_SELF isset before using it.
     33                if( isset( $_SERVER['PHP_SELF'] ) && ! empty( $_SERVER['PHP_SELF'] ) ) {
     34                        preg_match( '#/wp-admin/network/?(.*?)$#i', $_SERVER['PHP_SELF'], $self_matches );
     35                }
    3236        } elseif ( is_user_admin() ) {
    33                 preg_match( '#/wp-admin/user/?(.*?)$#i', $_SERVER['PHP_SELF'], $self_matches );
     37                // Check PHP_SELF isset before using it.
     38                if( isset( $_SERVER['PHP_SELF'] ) && ! empty( $_SERVER['PHP_SELF'] ) ) {
     39                        preg_match( '#/wp-admin/user/?(.*?)$#i', $_SERVER['PHP_SELF'], $self_matches );
     40                }
    3441        } else {
    35                 preg_match( '#/wp-admin/?(.*?)$#i', $_SERVER['PHP_SELF'], $self_matches );
     42                // Check PHP_SELF isset before using it.
     43                if( isset( $_SERVER['PHP_SELF'] ) && ! empty( $_SERVER['PHP_SELF'] ) ) {
     44                        preg_match( '#/wp-admin/?(.*?)$#i', $_SERVER['PHP_SELF'], $self_matches );
     45                }
    3646        }
    3747
    3848        $pagenow = ! empty( $self_matches[1] ) ? $self_matches[1] : '';