Changeset 34059 for trunk/src/wp-admin/async-upload.php

Timestamp:

09/11/2015 09:07:45 PM (10 years ago)

Author:

wonderboymusic

Message:

Introduce wp_validate_action( $action = '' ), a helper function that checks $_REQUEST for action and returns it, or empty string if not present. If $action is passed, it checks to make sure they match before returning it, or an empty string. Strings are always returned to avoid returning multiple types.

Implementing this removes 27 uses of direct superglobal access in the admin.

For more reading:
​https://codeclimate.com/github/WordPress/WordPress/wp-admin/edit-comments.php

See #33837.

File:

• trunk/src/wp-admin/async-upload.php (modified) (3 diffs)

trunk/src/wp-admin/async-upload.php

@@ -7 +7 @@
  */
 
+// `wp_validate_action()` isn't loaded yet
 if ( isset( $_REQUEST['action'] ) && 'upload-attachment' === $_REQUEST['action'] ) {
     define( 'DOING_AJAX', true );
@@ -20 +21 @@
     require_once( dirname( dirname( __FILE__ ) ) . '/wp-load.php' );
 
-if ( ! ( isset( $_REQUEST['action'] ) && 'upload-attachment' == $_REQUEST['action'] ) ) {
+if ( ! wp_validate_action( 'upload-attachment' ) ) {
     // Flash often fails to send cookies with the POST or upload, so we need to pass it in GET or POST instead
     if ( is_ssl() && empty($_COOKIE[SECURE_AUTH_COOKIE]) && !empty($_REQUEST['auth_cookie']) )
@@ -35 +36 @@
 header( 'Content-Type: text/html; charset=' . get_option( 'blog_charset' ) );
 
-if ( isset( $_REQUEST['action'] ) && 'upload-attachment' === $_REQUEST['action'] ) {
+if ( wp_validate_action( 'upload-attachment' ) ) {
     include( ABSPATH . 'wp-admin/includes/ajax-actions.php' );