Changeset 58069
- Timestamp:
- 05/01/2024 05:59:05 PM (5 months ago)
- Location:
- trunk/src/wp-admin
- Files:
-
- 22 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/wp-admin/admin-post.php
r52813 r58069 30 30 do_action( 'admin_init' ); 31 31 32 $action = ! empty( $_REQUEST['action'] ) ? $_REQUEST['action']: '';32 $action = ! empty( $_REQUEST['action'] ) ? sanitize_text_field( $_REQUEST['action'] ) : ''; 33 33 34 34 // Reject invalid parameters. -
trunk/src/wp-admin/comment.php
r56570 r58069 17 17 */ 18 18 global $action; 19 wp_reset_vars( array( 'action' ) ); 19 20 $action = ! empty( $_REQUEST['action'] ) ? sanitize_text_field( $_REQUEST['action'] ) : ''; 20 21 21 22 if ( isset( $_POST['deletecomment'] ) ) { -
trunk/src/wp-admin/customize.php
r55917 r58069 85 85 } 86 86 87 88 wp_reset_vars( array( 'url', 'return', 'autofocus' ) ); 87 $url = ! empty( $_REQUEST['url'] ) ? sanitize_text_field( $_REQUEST['url'] ) : ''; 88 $return = ! empty( $_REQUEST['return'] ) ? sanitize_text_field( $_REQUEST['return'] ) : ''; 89 $autofocus = ! empty( $_REQUEST['autofocus'] ) ? sanitize_text_field( $_REQUEST['autofocus'] ) : ''; 90 89 91 if ( ! empty( $url ) ) { 90 92 $wp_customize->set_preview_url( wp_unslash( $url ) ); -
trunk/src/wp-admin/edit-tag-form.php
r56570 r58069 45 45 } 46 46 47 /** 48 * Use with caution, see https://developer.wordpress.org/reference/functions/wp_reset_vars/ 49 */ 50 wp_reset_vars( array( 'wp_http_referer' ) ); 51 47 $wp_http_referer = ! empty( $_REQUEST['wp_http_referer'] ) ? sanitize_text_field( $_REQUEST['wp_http_referer'] ) : ''; 52 48 $wp_http_referer = remove_query_arg( array( 'action', 'message', 'tag_ID' ), $wp_http_referer ); 53 49 -
trunk/src/wp-admin/includes/class-wp-links-list-table.php
r56665 r58069 51 51 global $cat_id, $s, $orderby, $order; 52 52 53 wp_reset_vars( array( 'action', 'cat_id', 'link_id', 'orderby', 'order', 's' ) ); 53 $cat_id = ! empty( $_REQUEST['cat_id'] ) ? absint( $_REQUEST['cat_id'] ) : 0; 54 $orderby = ! empty( $_REQUEST['orderby'] ) ? sanitize_text_field( $_REQUEST['orderby'] ) : ''; 55 $order = ! empty( $_REQUEST['order'] ) ? sanitize_text_field( $_REQUEST['order'] ) : ''; 56 $s = ! empty( $_REQUEST['s'] ) ? sanitize_text_field( $_REQUEST['s'] ) : ''; 54 57 55 58 $args = array( -
trunk/src/wp-admin/includes/class-wp-ms-themes-list-table.php
r56665 r58069 100 100 global $status, $totals, $page, $orderby, $order, $s; 101 101 102 wp_reset_vars( array( 'orderby', 'order', 's' ) ); 102 $orderby = ! empty( $_REQUEST['orderby'] ) ? sanitize_text_field( $_REQUEST['orderby'] ) : ''; 103 $order = ! empty( $_REQUEST['order'] ) ? sanitize_text_field( $_REQUEST['order'] ) : ''; 104 $s = ! empty( $_REQUEST['s'] ) ? sanitize_text_field( $_REQUEST['s'] ) : ''; 103 105 104 106 $themes = array( -
trunk/src/wp-admin/includes/class-wp-plugin-install-list-table.php
r57776 r58069 93 93 global $tabs, $tab, $paged, $type, $term; 94 94 95 wp_reset_vars( array( 'tab' ) );95 $tab = ! empty( $_REQUEST['tab'] ) ? sanitize_text_field( $_REQUEST['tab'] ) : ''; 96 96 97 97 $paged = $this->get_pagenum(); -
trunk/src/wp-admin/includes/class-wp-plugins-list-table.php
r57769 r58069 91 91 global $status, $plugins, $totals, $page, $orderby, $order, $s; 92 92 93 wp_reset_vars( array( 'orderby', 'order' ) ); 93 $orderby = ! empty( $_REQUEST['orderby'] ) ? sanitize_text_field( $_REQUEST['orderby'] ) : ''; 94 $order = ! empty( $_REQUEST['order'] ) ? sanitize_text_field( $_REQUEST['order'] ) : ''; 94 95 95 96 /** -
trunk/src/wp-admin/includes/class-wp-theme-install-list-table.php
r57714 r58069 37 37 38 38 global $tabs, $tab, $paged, $type, $theme_field_defaults; 39 wp_reset_vars( array( 'tab' ) ); 39 40 $tab = ! empty( $_REQUEST['tab'] ) ? sanitize_text_field( $_REQUEST['tab'] ) : ''; 40 41 41 42 $search_terms = array(); -
trunk/src/wp-admin/includes/misc.php
r57985 r58069 576 576 } 577 577 578 579 578 /** 580 579 * Resets global variables based on $_GET and $_POST. -
trunk/src/wp-admin/link-add.php
r51475 r58069 18 18 $parent_file = 'link-manager.php'; 19 19 20 wp_reset_vars( array( 'action', 'cat_id', 'link_id' ) ); 20 $action = ! empty( $_REQUEST['action'] ) ? sanitize_text_field( $_REQUEST['action'] ) : ''; 21 $cat_id = ! empty( $_REQUEST['cat_id'] ) ? absint( $_REQUEST['cat_id'] ) : 0; 22 $link_id = ! empty( $_REQUEST['link_id'] ) ? absint( $_REQUEST['link_id'] ) : 0; 21 23 22 24 wp_enqueue_script( 'link' ); -
trunk/src/wp-admin/link.php
r56549 r58069 13 13 require_once __DIR__ . '/admin.php'; 14 14 15 wp_reset_vars( array( 'action', 'cat_id', 'link_id' ) ); 15 $action = ! empty( $_REQUEST['action'] ) ? sanitize_text_field( $_REQUEST['action'] ) : ''; 16 $cat_id = ! empty( $_REQUEST['cat_id'] ) ? absint( $_REQUEST['cat_id'] ) : 0; 17 $link_id = ! empty( $_REQUEST['link_id'] ) ? absint( $_REQUEST['link_id'] ) : 0; 16 18 17 19 if ( ! current_user_can( 'manage_links' ) ) { -
trunk/src/wp-admin/media.php
r55943 r58069 16 16 $submenu_file = 'upload.php'; 17 17 18 wp_reset_vars( array( 'action' ) );18 $action = ! empty( $_REQUEST['action'] ) ? sanitize_text_field( $_REQUEST['action'] ) : ''; 19 19 20 20 switch ( $action ) { -
trunk/src/wp-admin/options-head.php
r45818 r58069 9 9 */ 10 10 11 wp_reset_vars( array( 'action' ) );11 $action = ! empty( $_REQUEST['action'] ) ? sanitize_text_field( $_REQUEST['action'] ) : ''; 12 12 13 13 if ( isset( $_GET['updated'] ) && isset( $_GET['page'] ) ) { -
trunk/src/wp-admin/options.php
r57602 r58069 24 24 $parent_file = 'options-general.php'; 25 25 26 wp_reset_vars( array( 'action', 'option_page' ) ); 26 $action = ! empty( $_REQUEST['action'] ) ? sanitize_text_field( $_REQUEST['action'] ) : ''; 27 $option_page = ! empty( $_REQUEST['option_page'] ) ? sanitize_text_field( $_REQUEST['option_page'] ) : ''; 27 28 28 29 $capability = 'manage_options'; -
trunk/src/wp-admin/post.php
r55988 r58069 15 15 $submenu_file = 'edit.php'; 16 16 17 wp_reset_vars( array( 'action' ) );17 $action = ! empty( $_REQUEST['action'] ) ? sanitize_text_field( $_REQUEST['action'] ) : ''; 18 18 19 19 if ( isset( $_GET['post'] ) && isset( $_POST['post_ID'] ) && (int) $_GET['post'] !== (int) $_POST['post_ID'] ) { -
trunk/src/wp-admin/revision.php
r56437 r58069 22 22 * @global int $to Optional, required if revision missing. The revision to compare to. 23 23 */ 24 wp_reset_vars( array( 'revision', 'action', 'from', 'to' ) );25 24 26 $revision_id = absint( $revision ); 25 $revision_id = ! empty( $_REQUEST['revision'] ) ? absint( $_REQUEST['revision'] ) : 0; 26 $action = ! empty( $_REQUEST['action'] ) ? sanitize_text_field( $_REQUEST['action'] ) : ''; 27 $from = ! empty( $_REQUEST['from'] ) && is_numeric( $_REQUEST['from'] ) ? absint( $_REQUEST['from'] ) : null; 28 $to = ! empty( $_REQUEST['to'] ) && is_numeric( $_REQUEST['to'] ) ? absint( $_REQUEST['to'] ) : null; 27 29 28 $from = is_numeric( $from ) ? absint( $from ) : null;29 30 if ( ! $revision_id ) { 30 $revision_id = absint( $to );31 $revision_id = $to; 31 32 } 33 32 34 $redirect = 'edit.php'; 33 35 -
trunk/src/wp-admin/site-health.php
r56570 r58069 10 10 require_once __DIR__ . '/admin.php'; 11 11 12 wp_reset_vars( array( 'action' ) );12 $action = ! empty( $_REQUEST['action'] ) ? sanitize_text_field( $_REQUEST['action'] ) : ''; 13 13 14 14 $tabs = array( -
trunk/src/wp-admin/theme-editor.php
r57793 r58069 57 57 ); 58 58 59 wp_reset_vars( array( 'action', 'error', 'file', 'theme' ) ); 59 $action = ! empty( $_REQUEST['action'] ) ? sanitize_text_field( $_REQUEST['action'] ) : ''; 60 $theme = ! empty( $_REQUEST['theme'] ) ? sanitize_text_field( $_REQUEST['theme'] ) : ''; 61 $file = ! empty( $_REQUEST['file'] ) ? sanitize_text_field( $_REQUEST['file'] ) : ''; 62 $error = ! empty( $_REQUEST['error'] ); 60 63 61 64 if ( $theme ) { -
trunk/src/wp-admin/theme-install.php
r56600 r58069 11 11 require ABSPATH . 'wp-admin/includes/theme-install.php'; 12 12 13 wp_reset_vars( array( 'tab' ) );13 $tab = ! empty( $_REQUEST['tab'] ) ? sanitize_text_field( $_REQUEST['tab'] ) : ''; 14 14 15 15 if ( ! current_user_can( 'install_themes' ) ) { -
trunk/src/wp-admin/themes.php
r56800 r58069 216 216 $themes = wp_prepare_themes_for_js( array( wp_get_theme() ) ); 217 217 } 218 wp_reset_vars( array( 'theme', 'search' ) ); 218 219 $theme = ! empty( $_REQUEST['theme'] ) ? sanitize_text_field( $_REQUEST['theme'] ) : ''; 220 $search = ! empty( $_REQUEST['search'] ) ? sanitize_text_field( $_REQUEST['search'] ) : ''; 219 221 220 222 wp_localize_script( -
trunk/src/wp-admin/user-edit.php
r56798 r58069 13 13 require_once ABSPATH . 'wp-admin/includes/translation-install.php'; 14 14 15 wp_reset_vars( array( 'action', 'user_id', 'wp_http_referer' ) ); 16 17 $user_id = (int) $user_id; 15 $action = ! empty( $_REQUEST['action'] ) ? sanitize_text_field( $_REQUEST['action'] ) : ''; 16 $user_id = ! empty( $_REQUEST['user_id'] ) ? absint( $_REQUEST['user_id'] ) : 0; 17 $wp_http_referer = ! empty( $_REQUEST['wp_http_referer'] ) ? sanitize_text_field( $_REQUEST['wp_http_referer'] ) : ''; 18 18 19 $current_user = wp_get_current_user(); 19 20
Note: See TracChangeset
for help on using the changeset viewer.