Changeset 34265

Timestamp:

09/17/2015 12:32:20 PM (10 years ago)

Author:

helen

Message:

Superglobals: Revert [34059] until further notice.

see #33837.

Location:

trunk/src

Files:

• wp-admin/admin-post.php (modified) (1 diff)
• wp-admin/admin.php (modified) (1 diff)
• wp-admin/async-upload.php (modified) (3 diffs)
• wp-admin/includes/class-wp-terms-list-table.php (modified) (1 diff)
• wp-admin/network/site-info.php (modified) (1 diff)
• wp-admin/network/site-new.php (modified) (1 diff)
• wp-admin/network/site-settings.php (modified) (1 diff)
• wp-admin/network/user-new.php (modified) (1 diff)
• wp-admin/network/users.php (modified) (1 diff)
• wp-admin/update.php (modified) (1 diff)
• wp-admin/user-new.php (modified) (2 diffs)
• wp-includes/functions.php (modified) (1 diff)

trunk/src/wp-admin/admin-post.php

@@ -29 +29 @@
 do_action( 'admin_init' );
 
-$action = wp_validate_action();
+$action = empty( $_REQUEST['action'] ) ? '' : $_REQUEST['action'];
 
 if ( ! wp_validate_auth_cookie() ) {

trunk/src/wp-admin/admin.php

@@ -359 +359 @@
 }
 
-$_action = wp_validate_action();
-if ( ! empty( $_action ) ) {
+if ( ! empty( $_REQUEST['action'] ) ) {
     /**
      * Fires when an 'action' request variable is sent.
      *
-     * The dynamic portion of the hook name, `$_action`,
+     * The dynamic portion of the hook name, `$_REQUEST['action']`,
      * refers to the action derived from the `GET` or `POST` request.
      *
      * @since 2.6.0
      */
-    do_action( 'admin_action_' . $_action );
-}
-unset( $_action );
+    do_action( 'admin_action_' . $_REQUEST['action'] );
+}

trunk/src/wp-admin/async-upload.php

@@ -7 +7 @@
  */
 
-// `wp_validate_action()` isn't loaded yet
 if ( isset( $_REQUEST['action'] ) && 'upload-attachment' === $_REQUEST['action'] ) {
     define( 'DOING_AJAX', true );
@@ -21 +20 @@
     require_once( dirname( dirname( __FILE__ ) ) . '/wp-load.php' );
 
-if ( ! wp_validate_action( 'upload-attachment' ) ) {
+if ( ! ( isset( $_REQUEST['action'] ) && 'upload-attachment' == $_REQUEST['action'] ) ) {
     // Flash often fails to send cookies with the POST or upload, so we need to pass it in GET or POST instead
     if ( is_ssl() && empty($_COOKIE[SECURE_AUTH_COOKIE]) && !empty($_REQUEST['auth_cookie']) )
@@ -36 +35 @@
 header( 'Content-Type: text/html; charset=' . get_option( 'blog_charset' ) );
 
-if ( wp_validate_action( 'upload-attachment' ) ) {
+if ( isset( $_REQUEST['action'] ) && 'upload-attachment' === $_REQUEST['action'] ) {
     include( ABSPATH . 'wp-admin/includes/ajax-actions.php' );
 

trunk/src/wp-admin/includes/class-wp-terms-list-table.php

@@ -154 +154 @@
      */
     public function current_action() {
-        $action = wp_validate_action();
-        if ( $action && isset( $_REQUEST['delete_tags'] ) && ( 'delete' == $action || 'delete' == $_REQUEST['action2'] ) )
+        if ( isset( $_REQUEST['action'] ) && isset( $_REQUEST['delete_tags'] ) && ( 'delete' == $_REQUEST['action'] || 'delete' == $_REQUEST['action2'] ) )
             return 'bulk-delete';
 

trunk/src/wp-admin/network/site-info.php

@@ -54 +54 @@
 $is_main_site = is_main_site( $id );
 
-if ( wp_validate_action( 'update-site' ) ) {
+if ( isset( $_REQUEST['action'] ) && 'update-site' == $_REQUEST['action'] ) {
     check_admin_referer( 'edit-site' );
 

trunk/src/wp-admin/network/site-new.php

@@ -34 +34 @@
 );
 
-if ( wp_validate_action( 'add-site' ) ) {
+if ( isset($_REQUEST['action']) && 'add-site' == $_REQUEST['action'] ) {
     check_admin_referer( 'add-blog', '_wpnonce_add-blog' );
 

trunk/src/wp-admin/network/site-settings.php

@@ -49 +49 @@
 $is_main_site = is_main_site( $id );
 
-if ( wp_validate_action( 'update-site' ) && is_array( $_POST['option'] ) ) {
+if ( isset($_REQUEST['action']) && 'update-site' == $_REQUEST['action'] && is_array( $_POST['option'] ) ) {
     check_admin_referer( 'edit-site' );
 

trunk/src/wp-admin/network/user-new.php

@@ -31 +31 @@
 );
 
-if ( wp_validate_action( 'add-user' ) ) {
+if ( isset($_REQUEST['action']) && 'add-user' == $_REQUEST['action'] ) {
     check_admin_referer( 'add-user', '_wpnonce_add-user' );
 

trunk/src/wp-admin/network/users.php

@@ -175 +175 @@
 require_once( ABSPATH . 'wp-admin/admin-header.php' );
 
-$action = wp_validate_action();
-if ( isset( $_REQUEST['updated'] ) && $_REQUEST['updated'] == 'true' && ! empty( $action ) ) {
+if ( isset( $_REQUEST['updated'] ) && $_REQUEST['updated'] == 'true' && ! empty( $_REQUEST['action'] ) ) {
     ?>
     <div id="message" class="updated notice is-dismissible"><p>
         <?php
-        switch ( $action ) {
+        switch ( $_REQUEST['action'] ) {
             case 'delete':
                 _e( 'User deleted.' );

trunk/src/wp-admin/update.php

@@ -18 +18 @@
     $plugin = isset($_REQUEST['plugin']) ? trim($_REQUEST['plugin']) : '';
     $theme = isset($_REQUEST['theme']) ? urldecode($_REQUEST['theme']) : '';
-    $action = wp_validate_action();
+    $action = isset($_REQUEST['action']) ? $_REQUEST['action'] : '';
 
     if ( 'update-selected' == $action ) {

trunk/src/wp-admin/user-new.php

@@ -30 +30 @@
 }
 
-if ( wp_validate_action( 'adduser' ) ) {
+if ( isset($_REQUEST['action']) && 'adduser' == $_REQUEST['action'] ) {
     check_admin_referer( 'add-user', '_wpnonce_add-user' );
 
@@ -102 +102 @@
     wp_redirect( $redirect );
     die();
-} elseif ( wp_validate_action( 'createuser' ) ) {
+} elseif ( isset($_REQUEST['action']) && 'createuser' == $_REQUEST['action'] ) {
     check_admin_referer( 'create-user', '_wpnonce_create-user' );
 

trunk/src/wp-includes/functions.php

@@ -4991 +4991 @@
     <?php
 }
-
-/**
- * Retrieve and, optionally, validate, an `action` query var
- *
- * @since 4.4.0
- *
- * @param string $action Optional. Action to validate.
- * @return string Empty string if there is no action in the request or it doesn't
- *                match the passed `$action`. Returns the [passed `$action` or
- *                request action on succcess.
- */
-function wp_validate_action( $action = '' ) {
-    $r = $_REQUEST;
-    if ( ! isset( $r['action'] ) ) {
-        return '';
-    }
-
-    if ( ! empty( $action ) ) {
-        return $action === $r['action'] ? $action : '';
-    }
-
-    return $r['action'];
-}