Context Navigation

← Previous Change
Next Change →

customize.php

Timestamp:

05/01/2024 05:59:05 PM (13 months ago)

Author:

swissspidy

Message:

General: Remove any usage of wp_reset_vars().

The way wp_reset_vars() sets global variables based on $_POST and $_GET values makes code hard to understand and maintain. It also makes it easy to forget to sanitize input.

This change removes the few places where wp_reset_vars() is used in the admin to explicitly use $_REQUEST and sanitize any input.

Props swissspidy, audrasjb, davideferre, killua99, weijland, voldemortensen.
Fixes #38073.

File:

: 1 edited

trunk/src/wp-admin/customize.php (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed

trunk/src/wp-admin/customize.php

-                      r55917
+                      r58069
+}
+wp_reset_vars( array( 'url', 'return', 'autofocus' ) );
+$url       = ! empty( $_REQUEST['url'] ) ? sanitize_text_field( $_REQUEST['url'] ) : '';
+$return    = ! empty( $_REQUEST['return'] ) ? sanitize_text_field( $_REQUEST['return'] ) : '';
+$autofocus = ! empty( $_REQUEST['autofocus'] ) ? sanitize_text_field( $_REQUEST['autofocus'] ) : '';
 if ( ! empty( $url ) ) {
     $wp_customize->set_preview_url( wp_unslash( $url ) );

Note: See TracChangeset for help on using the changeset viewer.

Trac UI Preferences

Make WordPress Core

Context Navigation

Changeset 58069 for trunk/src/wp-admin/customize.php

Legend:

trunk/src/wp-admin/customize.php

Download in other formats: