diff --git a/src/wp-admin/admin-ajax.php b/src/wp-admin/admin-ajax.php index 087a11993d..6901226ffb 100644 --- a/src/wp-admin/admin-ajax.php +++ b/src/wp-admin/admin-ajax.php @@ -168,7 +168,7 @@ add_action( 'wp_ajax_nopriv_generate-password', 'wp_ajax_nopriv_generate_passwor add_action( 'wp_ajax_nopriv_heartbeat', 'wp_ajax_nopriv_heartbeat', 1 ); -$action = ( isset( $_REQUEST['action'] ) ) ? $_REQUEST['action'] : ''; +$action = ( isset( $_REQUEST['action'] ) ) ? wp_unslash( $_REQUEST['action'] ) : ''; if ( is_user_logged_in() ) { // If no action is registered, return a Bad Request response. diff --git a/src/wp-admin/admin-post.php b/src/wp-admin/admin-post.php index 803a00652c..13b32ddf26 100644 --- a/src/wp-admin/admin-post.php +++ b/src/wp-admin/admin-post.php @@ -29,7 +29,7 @@ nocache_headers(); /** This action is documented in wp-admin/admin.php */ do_action( 'admin_init' ); -$action = empty( $_REQUEST['action'] ) ? '' : $_REQUEST['action']; +$action = empty( $_REQUEST['action'] ) ? '' : wp_unslash( $_REQUEST['action'] ); if ( ! is_user_logged_in() ) { if ( empty( $action ) ) { diff --git a/src/wp-admin/admin.php b/src/wp-admin/admin.php index d06890259e..8a6e700ec8 100644 --- a/src/wp-admin/admin.php +++ b/src/wp-admin/admin.php @@ -406,7 +406,7 @@ if ( isset( $plugin_page ) ) { } if ( ! empty( $_REQUEST['action'] ) ) { - $action = $_REQUEST['action']; + $action = wp_unslash( $_REQUEST['action'] ); /** * Fires when an 'action' request variable is sent. diff --git a/src/wp-admin/async-upload.php b/src/wp-admin/async-upload.php index d152673f69..b799a28209 100644 --- a/src/wp-admin/async-upload.php +++ b/src/wp-admin/async-upload.php @@ -6,7 +6,7 @@ * @subpackage Administration */ -if ( isset( $_REQUEST['action'] ) && 'upload-attachment' === $_REQUEST['action'] ) { +if ( isset( $_REQUEST['action'] ) && 'upload-attachment' === wp_unslash( $_REQUEST['action'] ) ) { define( 'DOING_AJAX', true ); } @@ -24,7 +24,7 @@ require_once ABSPATH . 'wp-admin/admin.php'; header( 'Content-Type: text/plain; charset=' . get_option( 'blog_charset' ) ); -if ( isset( $_REQUEST['action'] ) && 'upload-attachment' === $_REQUEST['action'] ) { +if ( isset( $_REQUEST['action'] ) && 'upload-attachment' === wp_unslash( $_REQUEST['action'] ) ) { require ABSPATH . 'wp-admin/includes/ajax-actions.php'; send_nosniff_header(); diff --git a/src/wp-admin/authorize-application.php b/src/wp-admin/authorize-application.php index d4104297ef..1d56b47e7d 100644 --- a/src/wp-admin/authorize-application.php +++ b/src/wp-admin/authorize-application.php @@ -225,7 +225,7 @@ require_once ABSPATH . 'wp-admin/admin-header.php';
- +
get_col( $wpdb->prepare( "SELECT comment_ID FROM $wpdb->comments WHERE comment_approved = %s AND %s > comment_date_gmt", $comment_status, $delete_time ) ); $doaction = 'delete'; } elseif ( isset( $_REQUEST['delete_comments'] ) ) { - $comment_ids = $_REQUEST['delete_comments']; - $doaction = $_REQUEST['action']; + $comment_ids = wp_unslash( $_REQUEST['delete_comments'] ); + $doaction = wp_unslash( $_REQUEST['action'] ); } elseif ( isset( $_REQUEST['ids'] ) ) { $comment_ids = array_map( 'absint', explode( ',', $_REQUEST['ids'] ) ); } elseif ( wp_get_referer() ) { diff --git a/src/wp-admin/includes/class-wp-list-table.php b/src/wp-admin/includes/class-wp-list-table.php index 2cae7f695a..e65ca0cf16 100644 --- a/src/wp-admin/includes/class-wp-list-table.php +++ b/src/wp-admin/includes/class-wp-list-table.php @@ -527,7 +527,7 @@ class WP_List_Table { } if ( isset( $_REQUEST['action'] ) && -1 != $_REQUEST['action'] ) { - return $_REQUEST['action']; + return wp_unslash( $_REQUEST['action'] ); } return false; diff --git a/src/wp-admin/includes/class-wp-terms-list-table.php b/src/wp-admin/includes/class-wp-terms-list-table.php index e905749088..ea39722319 100644 --- a/src/wp-admin/includes/class-wp-terms-list-table.php +++ b/src/wp-admin/includes/class-wp-terms-list-table.php @@ -171,7 +171,7 @@ class WP_Terms_List_Table extends WP_List_Table { * @return string */ public function current_action() { - if ( isset( $_REQUEST['action'] ) && isset( $_REQUEST['delete_tags'] ) && 'delete' === $_REQUEST['action'] ) { + if ( isset( $_REQUEST['action'] ) && isset( $_REQUEST['delete_tags'] ) && 'delete' === wp_unslash( $_REQUEST['action'] ) ) { return 'bulk-delete'; } diff --git a/src/wp-admin/nav-menus.php b/src/wp-admin/nav-menus.php index d340fb6b67..3ea73c7019 100644 --- a/src/wp-admin/nav-menus.php +++ b/src/wp-admin/nav-menus.php @@ -49,7 +49,7 @@ $menu_locations = get_nav_menu_locations(); $num_locations = count( array_keys( $locations ) ); // Allowed actions: add, update, delete. -$action = isset( $_REQUEST['action'] ) ? $_REQUEST['action'] : 'edit'; +$action = isset( $_REQUEST['action'] ) ? wp_unslash( $_REQUEST['action'] ) : 'edit'; /* * If a JSON blob of navigation menu data is found, expand it and inject it diff --git a/src/wp-admin/network/site-info.php b/src/wp-admin/network/site-info.php index b99f35ab20..3da72f5eb7 100644 --- a/src/wp-admin/network/site-info.php +++ b/src/wp-admin/network/site-info.php @@ -35,7 +35,7 @@ if ( ! can_edit_network( $details->site_id ) ) { $parsed_scheme = parse_url( $details->siteurl, PHP_URL_SCHEME ); $is_main_site = is_main_site( $id ); -if ( isset( $_REQUEST['action'] ) && 'update-site' === $_REQUEST['action'] ) { +if ( isset( $_REQUEST['action'] ) && 'update-site' === wp_unslash( $_REQUEST['action'] ) ) { check_admin_referer( 'edit-site' ); switch_to_blog( $id ); diff --git a/src/wp-admin/network/site-new.php b/src/wp-admin/network/site-new.php index ac466db9a9..bf4326512a 100644 --- a/src/wp-admin/network/site-new.php +++ b/src/wp-admin/network/site-new.php @@ -33,7 +33,7 @@ get_current_screen()->set_help_sidebar( '

' . __( 'Support Forums' ) . '

' ); -if ( isset( $_REQUEST['action'] ) && 'add-site' === $_REQUEST['action'] ) { +if ( isset( $_REQUEST['action'] ) && 'add-site' === wp_unslash( $_REQUEST['action'] ) ) { check_admin_referer( 'add-blog', '_wpnonce_add-blog' ); if ( ! is_array( $_POST['blog'] ) ) { diff --git a/src/wp-admin/network/site-settings.php b/src/wp-admin/network/site-settings.php index b669a5103f..9f4f8e4cd7 100644 --- a/src/wp-admin/network/site-settings.php +++ b/src/wp-admin/network/site-settings.php @@ -34,7 +34,7 @@ if ( ! can_edit_network( $details->site_id ) ) { $is_main_site = is_main_site( $id ); -if ( isset( $_REQUEST['action'] ) && 'update-site' === $_REQUEST['action'] && is_array( $_POST['option'] ) ) { +if ( isset( $_REQUEST['action'] ) && 'update-site' === wp_unslash( $_REQUEST['action'] ) && is_array( $_POST['option'] ) ) { check_admin_referer( 'edit-site' ); switch_to_blog( $id ); diff --git a/src/wp-admin/network/user-new.php b/src/wp-admin/network/user-new.php index c881dff2ac..17e0a44531 100644 --- a/src/wp-admin/network/user-new.php +++ b/src/wp-admin/network/user-new.php @@ -30,7 +30,7 @@ get_current_screen()->set_help_sidebar( '

' . __( 'Support Forums' ) . '

' ); -if ( isset( $_REQUEST['action'] ) && 'add-user' === $_REQUEST['action'] ) { +if ( isset( $_REQUEST['action'] ) && 'add-user' === wp_unslash( $_REQUEST['action'] ) ) { check_admin_referer( 'add-user', '_wpnonce_add-user' ); if ( ! current_user_can( 'manage_network_users' ) ) { diff --git a/src/wp-admin/update.php b/src/wp-admin/update.php index a4a2abf8db..165476bad7 100644 --- a/src/wp-admin/update.php +++ b/src/wp-admin/update.php @@ -22,7 +22,7 @@ wp_enqueue_script( 'wp-a11y' ); if ( isset( $_GET['action'] ) ) { $plugin = isset( $_REQUEST['plugin'] ) ? trim( $_REQUEST['plugin'] ) : ''; $theme = isset( $_REQUEST['theme'] ) ? urldecode( $_REQUEST['theme'] ) : ''; - $action = isset( $_REQUEST['action'] ) ? $_REQUEST['action'] : ''; + $action = isset( $_REQUEST['action'] ) ? wp_unslash( $_REQUEST['action'] ) : ''; if ( 'update-selected' === $action ) { if ( ! current_user_can( 'update_plugins' ) ) { diff --git a/src/wp-admin/user-edit.php b/src/wp-admin/user-edit.php index 30bc5c8e46..9485aab20f 100644 --- a/src/wp-admin/user-edit.php +++ b/src/wp-admin/user-edit.php @@ -767,7 +767,7 @@ endif;
- +

diff --git a/src/wp-admin/user-new.php b/src/wp-admin/user-new.php index 26da6a0ec4..10ab185e44 100644 --- a/src/wp-admin/user-new.php +++ b/src/wp-admin/user-new.php @@ -29,7 +29,7 @@ if ( is_multisite() ) { add_filter( 'wpmu_signup_user_notification_email', 'admin_created_user_email' ); } -if ( isset( $_REQUEST['action'] ) && 'adduser' === $_REQUEST['action'] ) { +if ( isset( $_REQUEST['action'] ) && 'adduser' === wp_unslash( $_REQUEST['action'] ) ) { check_admin_referer( 'add-user', '_wpnonce_add-user' ); $user_details = null; @@ -174,7 +174,7 @@ Please click the following link to confirm the invite: } wp_redirect( $redirect ); die(); -} elseif ( isset( $_REQUEST['action'] ) && 'createuser' === $_REQUEST['action'] ) { +} elseif ( isset( $_REQUEST['action'] ) && 'createuser' === wp_unslash( $_REQUEST['action'] ) ) { check_admin_referer( 'create-user', '_wpnonce_create-user' ); if ( ! current_user_can( 'create_users' ) ) { diff --git a/src/wp-content/themes/twentytwenty/classes/class-twentytwenty-non-latin-languages.php b/src/wp-content/themes/twentytwenty/classes/class-twentytwenty-non-latin-languages.php index 0c4951ef48..a0845a4a70 100644 --- a/src/wp-content/themes/twentytwenty/classes/class-twentytwenty-non-latin-languages.php +++ b/src/wp-content/themes/twentytwenty/classes/class-twentytwenty-non-latin-languages.php @@ -118,7 +118,7 @@ if ( ! class_exists( 'TwentyTwenty_Non_Latin_Languages' ) ) { $elements = apply_filters( 'twentytwenty_get_localized_font_family_elements', array( - 'front-end' => array( 'body', 'input', 'textarea', 'button', '.button', '.faux-button', '.wp-block-button__link', '.wp-block-file__button', '.has-drop-cap:not(:focus)::first-letter', '.entry-content .wp-block-archives', '.entry-content .wp-block-categories', '.entry-content .wp-block-cover-image', '.entry-content .wp-block-latest-comments', '.entry-content .wp-block-latest-posts', '.entry-content .wp-block-pullquote', '.entry-content .wp-block-quote.is-large', '.entry-content .wp-block-quote.is-style-large', '.entry-content .wp-block-archives *', '.entry-content .wp-block-categories *', '.entry-content .wp-block-latest-posts *', '.entry-content .wp-block-latest-comments *', '.entry-content p', '.entry-content ol', '.entry-content ul', '.entry-content dl', '.entry-content dt', '.entry-content cite', '.entry-content figcaption', '.entry-content .wp-caption-text', '.comment-content p', '.comment-content ol', '.comment-content ul', '.comment-content dl', '.comment-content dt', '.comment-content cite', '.comment-content figcaption', '.comment-content .wp-caption-text', '.widget_text p', '.widget_text ol', '.widget_text ul', '.widget_text dl', '.widget_text dt', '.widget-content .rssSummary', '.widget-content cite', '.widget-content figcaption', '.widget-content .wp-caption-text' ), + 'front-end' => array( 'body', 'input', 'textarea', 'button', '.button', '.faux-button', '.wp-block-button__link', '.wp-block-file__button', '.has-drop-cap:not(:focus)::first-letter', '.has-drop-cap:not(:focus)::first-letter', '.entry-content .wp-block-archives', '.entry-content .wp-block-categories', '.entry-content .wp-block-cover-image', '.entry-content .wp-block-latest-comments', '.entry-content .wp-block-latest-posts', '.entry-content .wp-block-pullquote', '.entry-content .wp-block-quote.is-large', '.entry-content .wp-block-quote.is-style-large', '.entry-content .wp-block-archives *', '.entry-content .wp-block-categories *', '.entry-content .wp-block-latest-posts *', '.entry-content .wp-block-latest-comments *', '.entry-content p', '.entry-content ol', '.entry-content ul', '.entry-content dl', '.entry-content dt', '.entry-content cite', '.entry-content figcaption', '.entry-content .wp-caption-text', '.comment-content p', '.comment-content ol', '.comment-content ul', '.comment-content dl', '.comment-content dt', '.comment-content cite', '.comment-content figcaption', '.comment-content .wp-caption-text', '.widget_text p', '.widget_text ol', '.widget_text ul', '.widget_text dl', '.widget_text dt', '.widget-content .rssSummary', '.widget-content cite', '.widget-content figcaption', '.widget-content .wp-caption-text' ), 'block-editor' => array( '.editor-styles-wrapper > *', '.editor-styles-wrapper p', '.editor-styles-wrapper ol', '.editor-styles-wrapper ul', '.editor-styles-wrapper dl', '.editor-styles-wrapper dt', '.editor-post-title__block .editor-post-title__input', '.editor-styles-wrapper .wp-block h1', '.editor-styles-wrapper .wp-block h2', '.editor-styles-wrapper .wp-block h3', '.editor-styles-wrapper .wp-block h4', '.editor-styles-wrapper .wp-block h5', '.editor-styles-wrapper .wp-block h6', '.editor-styles-wrapper .has-drop-cap:not(:focus)::first-letter', '.editor-styles-wrapper cite', '.editor-styles-wrapper figcaption', '.editor-styles-wrapper .wp-caption-text' ), 'classic-editor' => array( 'body#tinymce.wp-editor', 'body#tinymce.wp-editor p', 'body#tinymce.wp-editor ol', 'body#tinymce.wp-editor ul', 'body#tinymce.wp-editor dl', 'body#tinymce.wp-editor dt', 'body#tinymce.wp-editor figcaption', 'body#tinymce.wp-editor .wp-caption-text', 'body#tinymce.wp-editor .wp-caption-dd', 'body#tinymce.wp-editor cite', 'body#tinymce.wp-editor table' ), ) diff --git a/src/wp-content/themes/twentytwentyone/inc/template-functions.php b/src/wp-content/themes/twentytwentyone/inc/template-functions.php index 2bee7d6f95..839a77a368 100644 --- a/src/wp-content/themes/twentytwentyone/inc/template-functions.php +++ b/src/wp-content/themes/twentytwentyone/inc/template-functions.php @@ -315,7 +315,7 @@ function twenty_twenty_one_get_non_latin_css( $type = 'front-end' ) { $elements = apply_filters( 'twenty_twenty_one_get_localized_font_family_elements', array( - 'front-end' => array( 'body', 'input', 'textarea', 'button', '.button', '.faux-button', '.wp-block-button__link', '.wp-block-file__button', '.has-drop-cap:not(:focus)::first-letter', '.entry-content .wp-block-archives', '.entry-content .wp-block-categories', '.entry-content .wp-block-cover-image', '.entry-content .wp-block-latest-comments', '.entry-content .wp-block-latest-posts', '.entry-content .wp-block-pullquote', '.entry-content .wp-block-quote.is-large', '.entry-content .wp-block-quote.is-style-large', '.entry-content .wp-block-archives *', '.entry-content .wp-block-categories *', '.entry-content .wp-block-latest-posts *', '.entry-content .wp-block-latest-comments *', '.entry-content p', '.entry-content ol', '.entry-content ul', '.entry-content dl', '.entry-content dt', '.entry-content cite', '.entry-content figcaption', '.entry-content .wp-caption-text', '.comment-content p', '.comment-content ol', '.comment-content ul', '.comment-content dl', '.comment-content dt', '.comment-content cite', '.comment-content figcaption', '.comment-content .wp-caption-text', '.widget_text p', '.widget_text ol', '.widget_text ul', '.widget_text dl', '.widget_text dt', '.widget-content .rssSummary', '.widget-content cite', '.widget-content figcaption', '.widget-content .wp-caption-text' ), + 'front-end' => array( 'body', 'input', 'textarea', 'button', '.button', '.faux-button', '.wp-block-button__link', '.wp-block-file__button', '.has-drop-cap:not(:focus)::first-letter', '.has-drop-cap:not(:focus)::first-letter', '.entry-content .wp-block-archives', '.entry-content .wp-block-categories', '.entry-content .wp-block-cover-image', '.entry-content .wp-block-latest-comments', '.entry-content .wp-block-latest-posts', '.entry-content .wp-block-pullquote', '.entry-content .wp-block-quote.is-large', '.entry-content .wp-block-quote.is-style-large', '.entry-content .wp-block-archives *', '.entry-content .wp-block-categories *', '.entry-content .wp-block-latest-posts *', '.entry-content .wp-block-latest-comments *', '.entry-content p', '.entry-content ol', '.entry-content ul', '.entry-content dl', '.entry-content dt', '.entry-content cite', '.entry-content figcaption', '.entry-content .wp-caption-text', '.comment-content p', '.comment-content ol', '.comment-content ul', '.comment-content dl', '.comment-content dt', '.comment-content cite', '.comment-content figcaption', '.comment-content .wp-caption-text', '.widget_text p', '.widget_text ol', '.widget_text ul', '.widget_text dl', '.widget_text dt', '.widget-content .rssSummary', '.widget-content cite', '.widget-content figcaption', '.widget-content .wp-caption-text' ), 'block-editor' => array( '.editor-styles-wrapper > *', '.editor-styles-wrapper p', '.editor-styles-wrapper ol', '.editor-styles-wrapper ul', '.editor-styles-wrapper dl', '.editor-styles-wrapper dt', '.editor-post-title__block .editor-post-title__input', '.editor-styles-wrapper .wp-block h1', '.editor-styles-wrapper .wp-block h2', '.editor-styles-wrapper .wp-block h3', '.editor-styles-wrapper .wp-block h4', '.editor-styles-wrapper .wp-block h5', '.editor-styles-wrapper .wp-block h6', '.editor-styles-wrapper .has-drop-cap:not(:focus)::first-letter', '.editor-styles-wrapper cite', '.editor-styles-wrapper figcaption', '.editor-styles-wrapper .wp-caption-text' ), 'classic-editor' => array( 'body#tinymce.wp-editor', 'body#tinymce.wp-editor p', 'body#tinymce.wp-editor ol', 'body#tinymce.wp-editor ul', 'body#tinymce.wp-editor dl', 'body#tinymce.wp-editor dt', 'body#tinymce.wp-editor figcaption', 'body#tinymce.wp-editor .wp-caption-text', 'body#tinymce.wp-editor .wp-caption-dd', 'body#tinymce.wp-editor cite', 'body#tinymce.wp-editor table' ), ) diff --git a/src/wp-includes/class-http.php b/src/wp-includes/class-http.php index d998d30e0d..861d1d0e4b 100644 --- a/src/wp-includes/class-http.php +++ b/src/wp-includes/class-http.php @@ -881,7 +881,7 @@ class WP_Http { $home = parse_url( get_option( 'siteurl' ) ); // Don't block requests back to ourselves by default. - if ( 'localhost' === $check['host'] || ( isset( $home['host'] ) && $home['host'] === $check['host'] ) ) { + if ( 'localhost' === $check['host'] || ( isset( $home['host'] ) && $home['host'] == $check['host'] ) ) { /** * Filters whether to block local HTTP API requests. * diff --git a/src/wp-includes/class-wp-admin-bar.php b/src/wp-includes/class-wp-admin-bar.php index 2d8814e590..7d3470f538 100644 --- a/src/wp-includes/class-wp-admin-bar.php +++ b/src/wp-includes/class-wp-admin-bar.php @@ -18,8 +18,6 @@ class WP_Admin_Bar { public $user; /** - * @since 3.3.0 - * * @param string $name * @return string|array|void */ @@ -35,9 +33,6 @@ class WP_Admin_Bar { } /** - * Initializes the admin bar. - * - * @since 3.1.0 */ public function initialize() { $this->user = new stdClass; @@ -87,7 +82,7 @@ class WP_Admin_Bar { } /** - * Adds a node (menu item) to the admin bar menu. + * Add a node (menu item) to the Admin Bar menu. * * @since 3.3.0 * @@ -98,7 +93,7 @@ class WP_Admin_Bar { } /** - * Removes a node from the admin bar. + * Remove a node from the admin bar. * * @since 3.1.0 * @@ -184,8 +179,6 @@ class WP_Admin_Bar { } /** - * @since 3.3.0 - * * @param array $args */ final protected function _set_node( $args ) { @@ -195,8 +188,6 @@ class WP_Admin_Bar { /** * Gets a node. * - * @since 3.3.0 - * * @param string $id * @return object|void Node. */ @@ -208,8 +199,6 @@ class WP_Admin_Bar { } /** - * @since 3.3.0 - * * @param string $id * @return object|void */ @@ -228,8 +217,6 @@ class WP_Admin_Bar { } /** - * @since 3.3.0 - * * @return array|void */ final public function get_nodes() { @@ -245,8 +232,6 @@ class WP_Admin_Bar { } /** - * @since 3.3.0 - * * @return array|void */ final protected function _get_nodes() { @@ -258,7 +243,7 @@ class WP_Admin_Bar { } /** - * Adds a group to a toolbar menu node. + * Add a group to a toolbar menu node. * * Groups can be used to organize toolbar items into distinct sections of a toolbar menu. * @@ -282,8 +267,6 @@ class WP_Admin_Bar { /** * Remove a node. * - * @since 3.1.0 - * * @param string $id The ID of the item. */ public function remove_node( $id ) { @@ -291,8 +274,6 @@ class WP_Admin_Bar { } /** - * @since 3.3.0 - * * @param string $id */ final protected function _unset_node( $id ) { @@ -300,7 +281,6 @@ class WP_Admin_Bar { } /** - * @since 3.1.0 */ public function render() { $root = $this->_bind(); @@ -310,8 +290,6 @@ class WP_Admin_Bar { } /** - * @since 3.3.0 - * * @return object|void */ final protected function _bind() { @@ -448,8 +426,6 @@ class WP_Admin_Bar { } /** - * @since 3.3.0 - * * @param object $root */ final protected function _render( $root ) { @@ -481,8 +457,6 @@ class WP_Admin_Bar { } /** - * @since 3.3.0 - * * @param object $node */ final protected function _render_container( $node ) { @@ -498,8 +472,6 @@ class WP_Admin_Bar { } /** - * @since 3.3.0 - * * @param object $node */ final protected function _render_group( $node ) { @@ -525,8 +497,6 @@ class WP_Admin_Bar { } /** - * @since 3.3.0 - * * @param object $node */ final protected function _render_item( $node ) { @@ -626,9 +596,6 @@ class WP_Admin_Bar { } /** - * Adds menus to the admin bar. - * - * @since 3.1.0 */ public function add_menus() { // User-related, aligned right. diff --git a/src/wp-includes/class-wp-http-ixr-client.php b/src/wp-includes/class-wp-http-ixr-client.php index fef16e831d..5de31618fa 100644 --- a/src/wp-includes/class-wp-http-ixr-client.php +++ b/src/wp-includes/class-wp-http-ixr-client.php @@ -97,7 +97,7 @@ class WP_HTTP_IXR_Client extends IXR_Client { return false; } - if ( 200 !== wp_remote_retrieve_response_code( $response ) ) { + if ( 200 != wp_remote_retrieve_response_code( $response ) ) { $this->error = new IXR_Error( -32301, 'transport error - HTTP status code was not 200 (' . wp_remote_retrieve_response_code( $response ) . ')' ); return false; } diff --git a/src/wp-login.php b/src/wp-login.php index 0d030863ed..5c8642d74c 100644 --- a/src/wp-login.php +++ b/src/wp-login.php @@ -364,7 +364,7 @@ function wp_login_viewport_meta() { // Main. // -$action = isset( $_REQUEST['action'] ) ? $_REQUEST['action'] : 'login'; +$action = isset( $_REQUEST['action'] ) ? wp_unslash( $_REQUEST['action'] ) : 'login'; $errors = new WP_Error(); if ( isset( $_GET['key'] ) ) {