Introduce wp_validate_action( $action = '' ), a helper function that checks $_REQUEST for action and returns it, or empty string if not present. If $action is passed, it checks to make sure they match before returning it, or an empty string. Strings are always returned to avoid returning multiple types.

Implementing this removes 27 uses of direct superglobal access in the admin. For more reading: https://codeclimate.com/github/WordPress/WordPress/wp-admin/edit-comments.php See #33837. Built from https://develop.svn.wordpress.org/trunk@34059 git-svn-id: http://core.svn.wordpress.org/trunk@34027 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-11 21:08:26 +00:00
parent d6f26e4c7c
commit cd7c0f0b0d
13 changed files with 45 additions and 17 deletions
--- a/wp-admin/network/user-new.php
+++ b/wp-admin/network/user-new.php
@@ -30,7 +30,7 @@ get_current_screen()->set_help_sidebar(
 	'<p>' . __('<a href="https://wordpress.org/support/forum/multisite/" target="_blank">Support Forums</a>') . '</p>'
 );

-if ( isset($_REQUEST['action']) && 'add-user' == $_REQUEST['action'] ) {
+if ( wp_validate_action( 'add-user' ) ) {
 	check_admin_referer( 'add-user', '_wpnonce_add-user' );

 	if ( ! current_user_can( 'manage_network_users' ) )