Make WordPress Core


Ignore:
Timestamp:
09/11/2015 09:07:45 PM (9 years ago)
Author:
wonderboymusic
Message:

Introduce wp_validate_action( $action = '' ), a helper function that checks $_REQUEST for action and returns it, or empty string if not present. If $action is passed, it checks to make sure they match before returning it, or an empty string. Strings are always returned to avoid returning multiple types.

Implementing this removes 27 uses of direct superglobal access in the admin.

For more reading:
https://codeclimate.com/github/WordPress/WordPress/wp-admin/edit-comments.php

See #33837.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/functions.php

    r33969 r34059  
    49814981    <?php
    49824982}
     4983
     4984/**
     4985 * Retrieve and, optionally, validate, an `action` query var
     4986 *
     4987 * @since 4.4.0
     4988 *
     4989 * @param string $action Optional. Action to validate.
     4990 * @return string Empty string if there is no action in the request or it doesn't
     4991 *                match the passed `$action`. Returns the [passed `$action` or
     4992 *                request action on succcess.
     4993 */
     4994function wp_validate_action( $action = '' ) {
     4995    $r = $_REQUEST;
     4996    if ( ! isset( $r['action'] ) ) {
     4997        return '';
     4998    }
     4999
     5000    if ( ! empty( $action ) ) {
     5001        return $action === $r['action'] ? $action : '';
     5002    }
     5003
     5004    return $r['action'];
     5005}
Note: See TracChangeset for help on using the changeset viewer.