Superglobals: Revert [34059] until further notice.

see #33837. Built from https://develop.svn.wordpress.org/trunk@34265 git-svn-id: http://core.svn.wordpress.org/trunk@34229 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-17 12:33:26 +00:00 · 2015-09-17 12:33:26 +00:00 · 48befcf361
parent e13d18969f
commit 48befcf361
13 changed files with 17 additions and 45 deletions
--- a/wp-admin/admin-post.php
+++ b/wp-admin/admin-post.php
@ -28,7 +28,7 @@ nocache_headers();
 /** This action is documented in wp-admin/admin.php */
 do_action( 'admin_init' );

-$action = wp_validate_action();
+$action = empty( $_REQUEST['action'] ) ? '' : $_REQUEST['action'];

 if ( ! wp_validate_auth_cookie() ) {
 	if ( empty( $action ) ) {
--- a/wp-admin/admin.php
+++ b/wp-admin/admin.php
@ -358,16 +358,14 @@ if ( isset($plugin_page) ) {
 	}
 }

-$_action = wp_validate_action();
-if ( ! empty( $_action ) ) {
+if ( ! empty( $_REQUEST['action'] ) ) {
 	/**
 	 * Fires when an 'action' request variable is sent.
 	 *
-	 * The dynamic portion of the hook name, `$_action`,
+	 * The dynamic portion of the hook name, `$_REQUEST['action']`,
 	 * refers to the action derived from the `GET` or `POST` request.
 	 *
 	 * @since 2.6.0
 	 */
-	do_action( 'admin_action_' . $_action );
+	do_action( 'admin_action_' . $_REQUEST['action'] );
 }
-unset( $_action );
--- a/wp-admin/async-upload.php
+++ b/wp-admin/async-upload.php
@ -6,7 +6,6 @@
 * @subpackage Administration
 */

-// `wp_validate_action()` isn't loaded yet
 if ( isset( $_REQUEST['action'] ) && 'upload-attachment' === $_REQUEST['action'] ) {
 	define( 'DOING_AJAX', true );
 }
@ -20,7 +19,7 @@ if ( defined('ABSPATH') )
 else
 	require_once( dirname( dirname( __FILE__ ) ) . '/wp-load.php' );

-if ( ! wp_validate_action( 'upload-attachment' ) ) {
+if ( ! ( isset( $_REQUEST['action'] ) && 'upload-attachment' == $_REQUEST['action'] ) ) {
 	// Flash often fails to send cookies with the POST or upload, so we need to pass it in GET or POST instead
 	if ( is_ssl() && empty($_COOKIE[SECURE_AUTH_COOKIE]) && !empty($_REQUEST['auth_cookie']) )
 		$_COOKIE[SECURE_AUTH_COOKIE] = $_REQUEST['auth_cookie'];
@ -35,7 +34,7 @@ require_once( ABSPATH . 'wp-admin/admin.php' );

 header( 'Content-Type: text/html; charset=' . get_option( 'blog_charset' ) );

-if ( wp_validate_action( 'upload-attachment' ) ) {
+if ( isset( $_REQUEST['action'] ) && 'upload-attachment' === $_REQUEST['action'] ) {
 	include( ABSPATH . 'wp-admin/includes/ajax-actions.php' );

 	send_nosniff_header();
--- a/wp-admin/includes/class-wp-terms-list-table.php
+++ b/wp-admin/includes/class-wp-terms-list-table.php
@ -153,8 +153,7 @@ class WP_Terms_List_Table extends WP_List_Table {
 	 * @return string
 	 */
 	public function current_action() {
-		$action = wp_validate_action();
-		if ( $action && isset( $_REQUEST['delete_tags'] ) && ( 'delete' == $action || 'delete' == $_REQUEST['action2'] ) )
+		if ( isset( $_REQUEST['action'] ) && isset( $_REQUEST['delete_tags'] ) && ( 'delete' == $_REQUEST['action'] || 'delete' == $_REQUEST['action2'] ) )
 			return 'bulk-delete';

 		return parent::current_action();
--- a/wp-admin/network/site-info.php
+++ b/wp-admin/network/site-info.php
@ -53,7 +53,7 @@ if ( ! can_edit_network( $details->site_id ) ) {
 $parsed_scheme = parse_url( $details->siteurl, PHP_URL_SCHEME );
 $is_main_site = is_main_site( $id );

-if ( wp_validate_action( 'update-site' ) ) {
+if ( isset( $_REQUEST['action'] ) && 'update-site' == $_REQUEST['action'] ) {
 	check_admin_referer( 'edit-site' );

 	switch_to_blog( $id );
--- a/wp-admin/network/site-new.php
+++ b/wp-admin/network/site-new.php
@ -33,7 +33,7 @@ get_current_screen()->set_help_sidebar(
 	'<p>' . __('<a href="https://wordpress.org/support/forum/multisite/" target="_blank">Support Forums</a>') . '</p>'
 );

-if ( wp_validate_action( 'add-site' ) ) {
+if ( isset($_REQUEST['action']) && 'add-site' == $_REQUEST['action'] ) {
 	check_admin_referer( 'add-blog', '_wpnonce_add-blog' );

 	if ( ! is_array( $_POST['blog'] ) )
--- a/wp-admin/network/site-settings.php
+++ b/wp-admin/network/site-settings.php
@ -48,7 +48,7 @@ if ( !can_edit_network( $details->site_id ) )

 $is_main_site = is_main_site( $id );

-if ( wp_validate_action( 'update-site' ) && is_array( $_POST['option'] ) ) {
+if ( isset($_REQUEST['action']) && 'update-site' == $_REQUEST['action'] && is_array( $_POST['option'] ) ) {
 	check_admin_referer( 'edit-site' );

 	switch_to_blog( $id );
--- a/wp-admin/network/user-new.php
+++ b/wp-admin/network/user-new.php
@ -30,7 +30,7 @@ get_current_screen()->set_help_sidebar(
 	'<p>' . __('<a href="https://wordpress.org/support/forum/multisite/" target="_blank">Support Forums</a>') . '</p>'
 );

-if ( wp_validate_action( 'add-user' ) ) {
+if ( isset($_REQUEST['action']) && 'add-user' == $_REQUEST['action'] ) {
 	check_admin_referer( 'add-user', '_wpnonce_add-user' );

 	if ( ! current_user_can( 'manage_network_users' ) )
--- a/wp-admin/network/users.php
+++ b/wp-admin/network/users.php
@ -174,12 +174,11 @@ get_current_screen()->set_help_sidebar(

 require_once( ABSPATH . 'wp-admin/admin-header.php' );

-$action = wp_validate_action();
-if ( isset( $_REQUEST['updated'] ) && $_REQUEST['updated'] == 'true' && ! empty( $action ) ) {
+if ( isset( $_REQUEST['updated'] ) && $_REQUEST['updated'] == 'true' && ! empty( $_REQUEST['action'] ) ) {
 	?>
 	<div id="message" class="updated notice is-dismissible"><p>
 		<?php
-		switch ( $action ) {
+		switch ( $_REQUEST['action'] ) {
 			case 'delete':
 				_e( 'User deleted.' );
 			break;
--- a/wp-admin/update.php
+++ b/wp-admin/update.php
@ -17,7 +17,7 @@ include_once( ABSPATH . 'wp-admin/includes/class-wp-upgrader.php' );
 if ( isset($_GET['action']) ) {
 	$plugin = isset($_REQUEST['plugin']) ? trim($_REQUEST['plugin']) : '';
 	$theme = isset($_REQUEST['theme']) ? urldecode($_REQUEST['theme']) : '';
-	$action = wp_validate_action();
+	$action = isset($_REQUEST['action']) ? $_REQUEST['action'] : '';

 	if ( 'update-selected' == $action ) {
 		if ( ! current_user_can( 'update_plugins' ) )
--- a/wp-admin/user-new.php
+++ b/wp-admin/user-new.php
@ -29,7 +29,7 @@ if ( is_multisite() ) {
 	add_filter( 'wpmu_signup_user_notification_email', 'admin_created_user_email' );
 }

-if ( wp_validate_action( 'adduser' ) ) {
+if ( isset($_REQUEST['action']) && 'adduser' == $_REQUEST['action'] ) {
 	check_admin_referer( 'add-user', '_wpnonce_add-user' );

 	$user_details = null;
@ -101,7 +101,7 @@ Please click the following link to confirm the invite:
 	}
 	wp_redirect( $redirect );
 	die();
-} elseif ( wp_validate_action( 'createuser' ) ) {
+} elseif ( isset($_REQUEST['action']) && 'createuser' == $_REQUEST['action'] ) {
 	check_admin_referer( 'create-user', '_wpnonce_create-user' );

 	if ( ! current_user_can( 'create_users' ) ) {
--- a/wp-includes/functions.php
+++ b/wp-includes/functions.php
@ -4990,26 +4990,3 @@ function wp_post_preview_js() {
 	</script>
 	<?php
 }
-
-/**
- * Retrieve and, optionally, validate, an `action` query var
- *
- * @since 4.4.0
- *
- * @param string $action Optional. Action to validate.
- * @return string Empty string if there is no action in the request or it doesn't
- *                match the passed `$action`. Returns the [passed `$action` or
- *                request action on succcess.
- */
-function wp_validate_action( $action = '' ) {
-	$r = $_REQUEST;
-	if ( ! isset( $r['action'] ) ) {
-		return '';
-	}
-
-	if ( ! empty( $action ) ) {
-		return $action === $r['action'] ? $action : '';
-	}
-
-	return $r['action'];
-}
--- a/wp-includes/version.php
+++ b/wp-includes/version.php
@ -4,7 +4,7 @@
 *
 * @global string $wp_version
 */
-$wp_version = '4.4-alpha-34264';
+$wp_version = '4.4-alpha-34265';

 /**
 * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.