mirror of
https://github.com/WordPress/WordPress.git
synced 2024-10-30 23:39:42 +01:00
d2fb0bd81e
The way `wp_reset_vars()` sets global variables based on `$_POST` and `$_GET` values makes code hard to understand and maintain. It also makes it easy to forget to sanitize input. This change removes the few places where `wp_reset_vars()` is used in the admin to explicitly use `$_REQUEST` and sanitize any input. Props swissspidy, audrasjb, davideferre, killua99, weijland, voldemortensen. Fixes #38073. Built from https://develop.svn.wordpress.org/trunk@58069 git-svn-id: http://core.svn.wordpress.org/trunk@57534 1a063a9b-81f0-0310-95a4-ce76da25c4cd
19 lines
548 B
PHP
19 lines
548 B
PHP
<?php
|
|
/**
|
|
* WordPress Options Header.
|
|
*
|
|
* Displays updated message, if updated variable is part of the URL query.
|
|
*
|
|
* @package WordPress
|
|
* @subpackage Administration
|
|
*/
|
|
|
|
$action = ! empty( $_REQUEST['action'] ) ? sanitize_text_field( $_REQUEST['action'] ) : '';
|
|
|
|
if ( isset( $_GET['updated'] ) && isset( $_GET['page'] ) ) {
|
|
// For back-compat with plugins that don't use the Settings API and just set updated=1 in the redirect.
|
|
add_settings_error( 'general', 'settings_updated', __( 'Settings saved.' ), 'success' );
|
|
}
|
|
|
|
settings_errors();
|