Make WordPress Core


Ignore:
Timestamp:
05/01/2024 05:59:05 PM (5 months ago)
Author:
swissspidy
Message:

General: Remove any usage of wp_reset_vars().

The way wp_reset_vars() sets global variables based on $_POST and $_GET values makes code hard to understand and maintain. It also makes it easy to forget to sanitize input.

This change removes the few places where wp_reset_vars() is used in the admin to explicitly use $_REQUEST and sanitize any input.

Props swissspidy, audrasjb, davideferre, killua99, weijland, voldemortensen.
Fixes #38073.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/includes/class-wp-links-list-table.php

    r56665 r58069  
    5151        global $cat_id, $s, $orderby, $order;
    5252
    53         wp_reset_vars( array( 'action', 'cat_id', 'link_id', 'orderby', 'order', 's' ) );
     53        $cat_id  = ! empty( $_REQUEST['cat_id'] ) ? absint( $_REQUEST['cat_id'] ) : 0;
     54        $orderby = ! empty( $_REQUEST['orderby'] ) ? sanitize_text_field( $_REQUEST['orderby'] ) : '';
     55        $order   = ! empty( $_REQUEST['order'] ) ? sanitize_text_field( $_REQUEST['order'] ) : '';
     56        $s       = ! empty( $_REQUEST['s'] ) ? sanitize_text_field( $_REQUEST['s'] ) : '';
    5457
    5558        $args = array(
Note: See TracChangeset for help on using the changeset viewer.