diff --git src/wp-admin/edit-comments.php src/wp-admin/edit-comments.php index 8a004b5226..4a8f0eb831 100644 --- src/wp-admin/edit-comments.php +++ src/wp-admin/edit-comments.php @@ -30,8 +30,8 @@ if ( $doaction ) { */ global $wpdb; - $comment_status = wp_unslash( $_REQUEST['comment_status'] ); - $delete_time = wp_unslash( $_REQUEST['pagegen_timestamp'] ); + $comment_status = isset( $_REQUEST['comment_status'] ) ? wp_unslash( $_REQUEST['comment_status'] ) : ''; + $delete_time = isset( $_REQUEST['pagegen_timestamp'] ) ? wp_unslash( $_REQUEST['pagegen_timestamp'] ) : ''; $comment_ids = $wpdb->get_col( $wpdb->prepare( "SELECT comment_ID FROM $wpdb->comments @@ -150,8 +150,12 @@ if ( $doaction ) { wp_safe_redirect( $redirect_to ); exit; } elseif ( ! empty( $_GET['_wp_http_referer'] ) ) { - wp_redirect( remove_query_arg( array( '_wp_http_referer', '_wpnonce' ), wp_unslash( $_SERVER['REQUEST_URI'] ) ) ); - exit; + + // Check REQUEST URI is set and not empty. + if( isset( $_SERVER['REQUEST_URI'] ) && ! empty( $_SERVER['REQUEST_URI'] ) ) { + wp_redirect( remove_query_arg( array( '_wp_http_referer', '_wpnonce' ), wp_unslash( $_SERVER['REQUEST_URI'] ) ) ); + exit; + } } $wp_list_table->prepare_items(); diff --git src/wp-admin/load-styles.php src/wp-admin/load-styles.php index 3bdfcc7a22..5152773a56 100644 --- src/wp-admin/load-styles.php +++ src/wp-admin/load-styles.php @@ -29,12 +29,18 @@ require ABSPATH . WPINC . '/global-styles-and-settings.php'; require ABSPATH . WPINC . '/script-loader.php'; require ABSPATH . WPINC . '/version.php'; -$protocol = $_SERVER['SERVER_PROTOCOL']; -if ( ! in_array( $protocol, array( 'HTTP/1.1', 'HTTP/2', 'HTTP/2.0', 'HTTP/3' ), true ) ) { - $protocol = 'HTTP/1.0'; +// Check SERVER_PROTOCOL isset and not empty. +if ( isset( $_SERVER['SERVER_PROTOCOL'] ) && ! empty( $_SERVER['SERVER_PROTOCOL'] ) ) { + if ( ! in_array( $protocol, array( 'HTTP/1.1', 'HTTP/2', 'HTTP/2.0', 'HTTP/3' ), true ) ) { + $protocol = 'HTTP/1.0'; + } +} + +// Check Get Load Parameter isset and not empty. +if ( ! isset( $_GET['load'] ) || empty( $_GET['load'] ) ) { + $load = $_GET['load']; } -$load = $_GET['load']; if ( is_array( $load ) ) { ksort( $load ); $load = implode( '', $load ); diff --git src/wp-includes/class-wp-customize-manager.php src/wp-includes/class-wp-customize-manager.php index 51c88ef5fc..4b721279b8 100644 --- src/wp-includes/class-wp-customize-manager.php +++ src/wp-includes/class-wp-customize-manager.php @@ -4575,7 +4575,13 @@ final class WP_Customize_Manager { * @return bool Whether the user agent is iOS. */ public function is_ios() { - return wp_is_mobile() && preg_match( '/iPad|iPod|iPhone/', $_SERVER['HTTP_USER_AGENT'] ); + // Check HTTP_USER_AGENT isset and not empty. + if( isset( $_SERVER['HTTP_USER_AGENT'] ) && ! empty( $_SERVER['HTTP_USER_AGENT'] ) ) { + return wp_is_mobile() && preg_match( '/iPad|iPod|iPhone/', $_SERVER['HTTP_USER_AGENT'] ); + } else { + // If HTTP_USER_AGENT is not set, assume not iOS. + return false; + } } /** diff --git src/wp-includes/vars.php src/wp-includes/vars.php index 22496330c3..1f5f01995e 100644 --- src/wp-includes/vars.php +++ src/wp-includes/vars.php @@ -28,11 +28,21 @@ global $pagenow, if ( is_admin() ) { // wp-admin pages are checked more carefully. if ( is_network_admin() ) { - preg_match( '#/wp-admin/network/?(.*?)$#i', $_SERVER['PHP_SELF'], $self_matches ); + + // Check PHP_SELF isset before using it. + if( isset( $_SERVER['PHP_SELF'] ) && ! empty( $_SERVER['PHP_SELF'] ) ) { + preg_match( '#/wp-admin/network/?(.*?)$#i', $_SERVER['PHP_SELF'], $self_matches ); + } } elseif ( is_user_admin() ) { - preg_match( '#/wp-admin/user/?(.*?)$#i', $_SERVER['PHP_SELF'], $self_matches ); + // Check PHP_SELF isset before using it. + if( isset( $_SERVER['PHP_SELF'] ) && ! empty( $_SERVER['PHP_SELF'] ) ) { + preg_match( '#/wp-admin/user/?(.*?)$#i', $_SERVER['PHP_SELF'], $self_matches ); + } } else { - preg_match( '#/wp-admin/?(.*?)$#i', $_SERVER['PHP_SELF'], $self_matches ); + // Check PHP_SELF isset before using it. + if( isset( $_SERVER['PHP_SELF'] ) && ! empty( $_SERVER['PHP_SELF'] ) ) { + preg_match( '#/wp-admin/?(.*?)$#i', $_SERVER['PHP_SELF'], $self_matches ); + } } $pagenow = ! empty( $self_matches[1] ) ? $self_matches[1] : '';