mirror of
https://github.com/WordPress/WordPress.git
synced 2024-12-22 00:58:46 +01:00
d2fb0bd81e
The way `wp_reset_vars()` sets global variables based on `$_POST` and `$_GET` values makes code hard to understand and maintain. It also makes it easy to forget to sanitize input. This change removes the few places where `wp_reset_vars()` is used in the admin to explicitly use `$_REQUEST` and sanitize any input. Props swissspidy, audrasjb, davideferre, killua99, weijland, voldemortensen. Fixes #38073. Built from https://develop.svn.wordpress.org/trunk@58069 git-svn-id: http://core.svn.wordpress.org/trunk@57534 1a063a9b-81f0-0310-95a4-ce76da25c4cd
35 lines
938 B
PHP
35 lines
938 B
PHP
<?php
|
|
/**
|
|
* Add Link Administration Screen.
|
|
*
|
|
* @package WordPress
|
|
* @subpackage Administration
|
|
*/
|
|
|
|
/** Load WordPress Administration Bootstrap */
|
|
require_once __DIR__ . '/admin.php';
|
|
|
|
if ( ! current_user_can( 'manage_links' ) ) {
|
|
wp_die( __( 'Sorry, you are not allowed to add links to this site.' ) );
|
|
}
|
|
|
|
// Used in the HTML title tag.
|
|
$title = __( 'Add New Link' );
|
|
$parent_file = 'link-manager.php';
|
|
|
|
$action = ! empty( $_REQUEST['action'] ) ? sanitize_text_field( $_REQUEST['action'] ) : '';
|
|
$cat_id = ! empty( $_REQUEST['cat_id'] ) ? absint( $_REQUEST['cat_id'] ) : 0;
|
|
$link_id = ! empty( $_REQUEST['link_id'] ) ? absint( $_REQUEST['link_id'] ) : 0;
|
|
|
|
wp_enqueue_script( 'link' );
|
|
wp_enqueue_script( 'xfn' );
|
|
|
|
if ( wp_is_mobile() ) {
|
|
wp_enqueue_script( 'jquery-touch-punch' );
|
|
}
|
|
|
|
$link = get_default_link_to_edit();
|
|
require ABSPATH . 'wp-admin/edit-link-form.php';
|
|
|
|
require_once ABSPATH . 'wp-admin/admin-footer.php';
|