mirror of
https://github.com/WordPress/WordPress.git
synced 2024-10-30 07:20:01 +01:00
d2fb0bd81e
The way `wp_reset_vars()` sets global variables based on `$_POST` and `$_GET` values makes code hard to understand and maintain. It also makes it easy to forget to sanitize input. This change removes the few places where `wp_reset_vars()` is used in the admin to explicitly use `$_REQUEST` and sanitize any input. Props swissspidy, audrasjb, davideferre, killua99, weijland, voldemortensen. Fixes #38073. Built from https://develop.svn.wordpress.org/trunk@58069 git-svn-id: http://core.svn.wordpress.org/trunk@57534 1a063a9b-81f0-0310-95a4-ce76da25c4cd
36 lines
819 B
PHP
36 lines
819 B
PHP
<?php
|
|
/**
|
|
* Media management action handler.
|
|
*
|
|
* This file is deprecated, use 'wp-admin/upload.php' instead.
|
|
*
|
|
* @deprecated 6.3.0
|
|
* @package WordPress
|
|
* @subpackage Administration
|
|
*/
|
|
|
|
/** Load WordPress Administration Bootstrap. */
|
|
require_once __DIR__ . '/admin.php';
|
|
|
|
$parent_file = 'upload.php';
|
|
$submenu_file = 'upload.php';
|
|
|
|
$action = ! empty( $_REQUEST['action'] ) ? sanitize_text_field( $_REQUEST['action'] ) : '';
|
|
|
|
switch ( $action ) {
|
|
case 'editattachment':
|
|
case 'edit':
|
|
if ( empty( $_GET['attachment_id'] ) ) {
|
|
wp_redirect( admin_url( 'upload.php?error=deprecated' ) );
|
|
exit;
|
|
}
|
|
$att_id = (int) $_GET['attachment_id'];
|
|
|
|
wp_redirect( admin_url( "upload.php?item={$att_id}&error=deprecated" ) );
|
|
exit;
|
|
|
|
default:
|
|
wp_redirect( admin_url( 'upload.php?error=deprecated' ) );
|
|
exit;
|
|
}
|