Ticket #63137: 63137.patch
| File 63137.patch, 7.4 KB (added by , 8 weeks ago) |
|---|
-
src/wp-admin/network/site-new.php
diff --git src/wp-admin/network/site-new.php src/wp-admin/network/site-new.php index a3b0919155..55aebfe9aa 100644
get_current_screen()->set_help_sidebar( 36 36 if ( isset( $_REQUEST['action'] ) && 'add-site' === $_REQUEST['action'] ) { 37 37 check_admin_referer( 'add-blog', '_wpnonce_add-blog' ); 38 38 39 if ( ! is_array( $_POST['blog'] ) ) { 39 // Check post blog isset and not empty. 40 if( isset( $_POST['blog'] ) && ! empty( $_POST['blog'] ) ) { 41 if ( ! is_array( $_POST['blog'] ) ) { 42 wp_die( __( 'Cannot create an empty site.' ) ); 43 } 44 } else { 40 45 wp_die( __( 'Cannot create an empty site.' ) ); 41 46 } 42 47 43 $blog = $_POST['blog'];48 $blog = isset( $_POST['blog'] ) ? $_POST['blog'] : ''; 44 49 $domain = ''; 45 50 46 51 $blog['domain'] = trim( $blog['domain'] ); -
src/wp-admin/network/site-settings.php
diff --git src/wp-admin/network/site-settings.php src/wp-admin/network/site-settings.php index adfc95cfa9..7ae4d2e205 100644
if ( isset( $_REQUEST['action'] ) && 'update-site' === $_REQUEST['action'] && is 40 40 switch_to_blog( $id ); 41 41 42 42 $skip_options = array( 'allowedthemes' ); // Don't update these options since they are handled elsewhere in the form. 43 foreach ( (array) $_POST['option'] as $key => $val ) { 44 $key = wp_unslash( $key ); 45 $val = wp_unslash( $val ); 46 if ( 0 === $key || is_array( $val ) || in_array( $key, $skip_options, true ) ) { 47 continue; // Avoids "0 is a protected WP option and may not be modified" error when editing blog options. 43 44 // Check post options isset and not empty. 45 if( isset( $_POST['option'] ) && ! empty( $_POST['option'] ) ) { 46 foreach ( (array) $_POST['option'] as $key => $val ) { 47 $key = wp_unslash( $key ); 48 $val = wp_unslash( $val ); 49 if ( 0 === $key || is_array( $val ) || in_array( $key, $skip_options, true ) ) { 50 continue; // Avoids "0 is a protected WP option and may not be modified" error when editing blog options. 51 } 52 update_option( $key, $val ); 48 53 } 49 update_option( $key, $val );50 54 } 51 55 52 56 /** -
src/wp-admin/network/site-users.php
diff --git src/wp-admin/network/site-users.php src/wp-admin/network/site-users.php index b3041176d3..ef76b165b0 100644
if ( $action ) { 61 61 switch ( $action ) { 62 62 case 'newuser': 63 63 check_admin_referer( 'add-user', '_wpnonce_add-new-user' ); 64 $user = $_POST['user'];64 $user = isset( $_POST['user'] ) ? $_POST['user'] : ''; 65 65 if ( ! is_array( $_POST['user'] ) || empty( $user['username'] ) || empty( $user['email'] ) ) { 66 66 $update = 'err_new'; 67 67 } else { -
src/wp-admin/network/sites.php
diff --git src/wp-admin/network/sites.php src/wp-admin/network/sites.php index 69ee15d95c..e383365c8f 100644
if ( isset( $_GET['action'] ) ) { 82 82 83 83 if ( 'confirm' === $_GET['action'] ) { 84 84 // The action2 parameter contains the action being taken on the site. 85 $site_action = $_GET['action2'];85 $site_action = isset( $_GET['action2'] ) ? $_GET['action2'] : ''; 86 86 87 87 if ( ! array_key_exists( $site_action, $manage_actions ) ) { 88 88 wp_die( __( 'The requested action is not valid.' ) ); … … if ( isset( $_GET['action'] ) ) { 161 161 case 'delete_sites': 162 162 check_admin_referer( 'ms-delete-sites' ); 163 163 164 foreach ( (array) $_POST['site_ids'] as $site_id ) { 165 $site_id = (int) $site_id; 166 167 if ( is_main_site( $site_id ) ) { 168 continue; 169 } 170 171 if ( ! current_user_can( 'delete_site', $site_id ) ) { 172 $site = get_site( $site_id ); 173 $site_address = untrailingslashit( $site->domain . $site->path ); 174 175 wp_die( 176 sprintf( 177 /* translators: %s: Site URL. */ 178 __( 'Sorry, you are not allowed to delete the site %s.' ), 179 $site_address 180 ), 181 403 182 ); 164 // Check post site_ids isset and not empty. 165 if( isset( $_POST['site_ids'] ) && ! empty( $_POST['site_ids'] ) ) { 166 foreach ( (array) $_POST['site_ids'] as $site_id ) { 167 $site_id = (int) $site_id; 168 169 if ( is_main_site( $site_id ) ) { 170 continue; 171 } 172 173 if ( ! current_user_can( 'delete_site', $site_id ) ) { 174 $site = get_site( $site_id ); 175 $site_address = untrailingslashit( $site->domain . $site->path ); 176 177 wp_die( 178 sprintf( 179 /* translators: %s: Site URL. */ 180 __( 'Sorry, you are not allowed to delete the site %s.' ), 181 $site_address 182 ), 183 403 184 ); 185 } 186 187 $updated_action = 'all_delete'; 188 wpmu_delete_blog( $site_id, true ); 183 189 } 184 185 $updated_action = 'all_delete'; 186 wpmu_delete_blog( $site_id, true ); 190 } else { 191 wp_die( __( 'No sites selected.' ) ); 187 192 } 193 188 194 break; 189 195 190 196 case 'allblogs': -
src/wp-admin/network/themes.php
diff --git src/wp-admin/network/themes.php src/wp-admin/network/themes.php index 9794c08f8f..e394f25d71 100644
if ( $action ) { 173 173 <?php else : ?> 174 174 <p><?php _e( 'Are you sure you want to delete these themes?' ); ?></p> 175 175 <?php endif; ?> 176 <form method="post" action="<?php echo esc_url( $_SERVER['REQUEST_URI'] ); ?>" style="display:inline;">176 <form method="post" action="<?php echo isset( $_SERVER['REQUEST_URI'] ) ? esc_url( $_SERVER['REQUEST_URI'] ) : ''; ?>" style="display:inline;"> 177 177 <input type="hidden" name="verify-delete" value="1" /> 178 178 <input type="hidden" name="action" value="delete-selected" /> 179 179 <?php … … if ( $action ) { 220 220 ); 221 221 } 222 222 223 $paged = ( $_REQUEST['paged'] ) ? $_REQUEST['paged'] : 1;223 $paged = isset( $_REQUEST['paged'] ) ? $_REQUEST['paged'] : 1; 224 224 wp_redirect( 225 225 add_query_arg( 226 226 array( … … if ( $action ) { 255 255 $auto_updates = (array) get_site_option( 'auto_update_themes', array() ); 256 256 257 257 if ( 'enable-auto-update' === $action ) { 258 $auto_updates[] = $_GET['theme'];258 $auto_updates[] = isset( $_GET['theme'] ) ? $_GET['theme'] : ''; 259 259 $auto_updates = array_unique( $auto_updates ); 260 260 $referer = add_query_arg( 'enabled-auto-update', 1, $referer ); 261 261 } elseif ( 'disable-auto-update' === $action ) { -
src/wp-admin/network/user-new.php
diff --git src/wp-admin/network/user-new.php src/wp-admin/network/user-new.php index 0f7eba1c2d..810cec5e9c 100644
if ( isset( $_REQUEST['action'] ) && 'add-user' === $_REQUEST['action'] ) { 37 37 wp_die( __( 'Sorry, you are not allowed to access this page.' ), 403 ); 38 38 } 39 39 40 if ( ! is_array( $_POST['user'] ) ) { 40 // Check post user isset and not empty. 41 if( isset( $_POST['user'] ) && ! empty( $_POST['user'] ) ) { 42 if ( ! is_array( $_POST['user'] ) ) { 43 wp_die( __( 'Cannot create an empty user.' ) ); 44 } 45 } else { 41 46 wp_die( __( 'Cannot create an empty user.' ) ); 42 47 } 43 48 44 49 $user = wp_unslash( $_POST['user'] ); 45 50 46 51 $user_details = wpmu_validate_user_signup( $user['username'], $user['email'] ); -
src/wp-admin/network/users.php
diff --git src/wp-admin/network/users.php src/wp-admin/network/users.php index 7ddd5f40a6..764a13ebcb 100644
if ( isset( $_GET['action'] ) ) { 26 26 27 27 check_admin_referer( 'deleteuser' ); 28 28 29 $id = (int) $_GET['id'];29 $id = isset( $_GET['id'] ) ? (int) $_GET['id'] : ''; 30 30 if ( $id > 1 ) { 31 31 $_POST['allusers'] = array( $id ); // confirm_delete_users() can only handle arrays. 32 32