Revisions: clean up wp_ajax_revisions_data()

[azaozz]

See #23497. There are inconsistencies in wp_ajax_revisions_data(), mostly when getting/sanitizing the $_GET values.

We would probably need to pass the main post's ID every time and do current_user_can( 'edit_post' ID ). The code an the moment would show all revisions data to any logged in user that has 'view_post' capability. That cap is fine for the main post but not for revisions.

[azaozz]

Also seeing two compare_to=... set in the $_GET when getting the revisions diffs (all requests to admin-ajax.php after the first one).

[ocean90]

23920.2.patch​: Did a small clean up while working on #23901. Merged them with 23920.patch​.

Also seeing two compare_to=... set in the $_GET when getting the revisions diffs (all requests to admin-ajax.php after the first one).

Interesting…

[adamsilverstein]

Replying to ocean90:

23920.2.patch​: Did a small clean up while working on #23901. Merged them with 23920.patch​.

Also seeing two compare_to=... set in the $_GET when getting the revisions diffs (all requests to admin-ajax.php after the first one).

Interesting…

there should only be one compare_to value in the ajax calls! needs investigating.

[SergeyBiryukov]

While we're at it, could we replace $linesadded/$linesdeleted with $lines_added/$lines_deleted (in wp_text_diff_with_count() too), to be more readable and in line with the surrounding variable names?

Same for $alltherevisions vs. $all_the_revisions.

[ocean90]

Replying to SergeyBiryukov:

Sure, done in the upcoming patch.

[azaozz]

Replying to ocean90:

Sure, done in the upcoming patch.

Also see the (int) sanitizing of $right_handle_at and $left_handle_at is not in 23920.2.patch. As far as I see these can only be integers?

[ocean90]

Merged into #23901.