WordPress.org

Make WordPress Core

Changeset 34265


Ignore:
Timestamp:
09/17/2015 12:32:20 PM (4 years ago)
Author:
helen
Message:

Superglobals: Revert [34059] until further notice.

see #33837.

Location:
trunk/src
Files:
12 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/admin-post.php

    r34059 r34265  
    2929do_action( 'admin_init' );
    3030
    31 $action = wp_validate_action();
     31$action = empty( $_REQUEST['action'] ) ? '' : $_REQUEST['action'];
    3232
    3333if ( ! wp_validate_auth_cookie() ) {
  • trunk/src/wp-admin/admin.php

    r34059 r34265  
    359359}
    360360
    361 $_action = wp_validate_action();
    362 if ( ! empty( $_action ) ) {
     361if ( ! empty( $_REQUEST['action'] ) ) {
    363362    /**
    364363     * Fires when an 'action' request variable is sent.
    365364     *
    366      * The dynamic portion of the hook name, `$_action`,
     365     * The dynamic portion of the hook name, `$_REQUEST['action']`,
    367366     * refers to the action derived from the `GET` or `POST` request.
    368367     *
    369368     * @since 2.6.0
    370369     */
    371     do_action( 'admin_action_' . $_action );
    372 }
    373 unset( $_action );
     370    do_action( 'admin_action_' . $_REQUEST['action'] );
     371}
  • trunk/src/wp-admin/async-upload.php

    r34163 r34265  
    77 */
    88
    9 // `wp_validate_action()` isn't loaded yet
    109if ( isset( $_REQUEST['action'] ) && 'upload-attachment' === $_REQUEST['action'] ) {
    1110    define( 'DOING_AJAX', true );
     
    2120    require_once( dirname( dirname( __FILE__ ) ) . '/wp-load.php' );
    2221
    23 if ( ! wp_validate_action( 'upload-attachment' ) ) {
     22if ( ! ( isset( $_REQUEST['action'] ) && 'upload-attachment' == $_REQUEST['action'] ) ) {
    2423    // Flash often fails to send cookies with the POST or upload, so we need to pass it in GET or POST instead
    2524    if ( is_ssl() && empty($_COOKIE[SECURE_AUTH_COOKIE]) && !empty($_REQUEST['auth_cookie']) )
     
    3635header( 'Content-Type: text/html; charset=' . get_option( 'blog_charset' ) );
    3736
    38 if ( wp_validate_action( 'upload-attachment' ) ) {
     37if ( isset( $_REQUEST['action'] ) && 'upload-attachment' === $_REQUEST['action'] ) {
    3938    include( ABSPATH . 'wp-admin/includes/ajax-actions.php' );
    4039
  • trunk/src/wp-admin/includes/class-wp-terms-list-table.php

    r34202 r34265  
    154154     */
    155155    public function current_action() {
    156         $action = wp_validate_action();
    157         if ( $action && isset( $_REQUEST['delete_tags'] ) && ( 'delete' == $action || 'delete' == $_REQUEST['action2'] ) )
     156        if ( isset( $_REQUEST['action'] ) && isset( $_REQUEST['delete_tags'] ) && ( 'delete' == $_REQUEST['action'] || 'delete' == $_REQUEST['action2'] ) )
    158157            return 'bulk-delete';
    159158
  • trunk/src/wp-admin/network/site-info.php

    r34059 r34265  
    5454$is_main_site = is_main_site( $id );
    5555
    56 if ( wp_validate_action( 'update-site' ) ) {
     56if ( isset( $_REQUEST['action'] ) && 'update-site' == $_REQUEST['action'] ) {
    5757    check_admin_referer( 'edit-site' );
    5858
  • trunk/src/wp-admin/network/site-new.php

    r34251 r34265  
    3434);
    3535
    36 if ( wp_validate_action( 'add-site' ) ) {
     36if ( isset($_REQUEST['action']) && 'add-site' == $_REQUEST['action'] ) {
    3737    check_admin_referer( 'add-blog', '_wpnonce_add-blog' );
    3838
  • trunk/src/wp-admin/network/site-settings.php

    r34059 r34265  
    4949$is_main_site = is_main_site( $id );
    5050
    51 if ( wp_validate_action( 'update-site' ) && is_array( $_POST['option'] ) ) {
     51if ( isset($_REQUEST['action']) && 'update-site' == $_REQUEST['action'] && is_array( $_POST['option'] ) ) {
    5252    check_admin_referer( 'edit-site' );
    5353
  • trunk/src/wp-admin/network/user-new.php

    r34251 r34265  
    3131);
    3232
    33 if ( wp_validate_action( 'add-user' ) ) {
     33if ( isset($_REQUEST['action']) && 'add-user' == $_REQUEST['action'] ) {
    3434    check_admin_referer( 'add-user', '_wpnonce_add-user' );
    3535
  • trunk/src/wp-admin/network/users.php

    r34059 r34265  
    175175require_once( ABSPATH . 'wp-admin/admin-header.php' );
    176176
    177 $action = wp_validate_action();
    178 if ( isset( $_REQUEST['updated'] ) && $_REQUEST['updated'] == 'true' && ! empty( $action ) ) {
     177if ( isset( $_REQUEST['updated'] ) && $_REQUEST['updated'] == 'true' && ! empty( $_REQUEST['action'] ) ) {
    179178    ?>
    180179    <div id="message" class="updated notice is-dismissible"><p>
    181180        <?php
    182         switch ( $action ) {
     181        switch ( $_REQUEST['action'] ) {
    183182            case 'delete':
    184183                _e( 'User deleted.' );
  • trunk/src/wp-admin/update.php

    r34059 r34265  
    1818    $plugin = isset($_REQUEST['plugin']) ? trim($_REQUEST['plugin']) : '';
    1919    $theme = isset($_REQUEST['theme']) ? urldecode($_REQUEST['theme']) : '';
    20     $action = wp_validate_action();
     20    $action = isset($_REQUEST['action']) ? $_REQUEST['action'] : '';
    2121
    2222    if ( 'update-selected' == $action ) {
  • trunk/src/wp-admin/user-new.php

    r34218 r34265  
    3030}
    3131
    32 if ( wp_validate_action( 'adduser' ) ) {
     32if ( isset($_REQUEST['action']) && 'adduser' == $_REQUEST['action'] ) {
    3333    check_admin_referer( 'add-user', '_wpnonce_add-user' );
    3434
     
    102102    wp_redirect( $redirect );
    103103    die();
    104 } elseif ( wp_validate_action( 'createuser' ) ) {
     104} elseif ( isset($_REQUEST['action']) && 'createuser' == $_REQUEST['action'] ) {
    105105    check_admin_referer( 'create-user', '_wpnonce_create-user' );
    106106
  • trunk/src/wp-includes/functions.php

    r34264 r34265  
    49914991    <?php
    49924992}
    4993 
    4994 /**
    4995  * Retrieve and, optionally, validate, an `action` query var
    4996  *
    4997  * @since 4.4.0
    4998  *
    4999  * @param string $action Optional. Action to validate.
    5000  * @return string Empty string if there is no action in the request or it doesn't
    5001  *                match the passed `$action`. Returns the [passed `$action` or
    5002  *                request action on succcess.
    5003  */
    5004 function wp_validate_action( $action = '' ) {
    5005     $r = $_REQUEST;
    5006     if ( ! isset( $r['action'] ) ) {
    5007         return '';
    5008     }
    5009 
    5010     if ( ! empty( $action ) ) {
    5011         return $action === $r['action'] ? $action : '';
    5012     }
    5013 
    5014     return $r['action'];
    5015 }
Note: See TracChangeset for help on using the changeset viewer.