Introduce wp_validate_action( $action = '' ), a helper function that checks $_REQUEST for action and returns it, or empty string if not present. If $action is passed, it checks to make sure they match before returning it, or an empty string. Strings are always returned to avoid returning multiple types.

Implementing this removes 27 uses of direct superglobal access in the admin. For more reading: https://codeclimate.com/github/WordPress/WordPress/wp-admin/edit-comments.php See #33837. git-svn-id: https://develop.svn.wordpress.org/trunk@34059 602fd350-edb4-49c9-b593-d223f7449a82
2026-06-28 14:20:15 +00:00 · 2015-09-11 21:07:45 +00:00
parent 9805723e3d
commit 33953cb392
12 changed files with 44 additions and 16 deletions
--- a/src/wp-admin/admin.php
+++ b/src/wp-admin/admin.php
@@ -358,14 +358,16 @@ if ( isset($plugin_page) ) {
 	}
 }

-if ( ! empty( $_REQUEST['action'] ) ) {
+$_action = wp_validate_action();
+if ( ! empty( $_action ) ) {
 	/**
 	 * Fires when an 'action' request variable is sent.
 	 *
-	 * The dynamic portion of the hook name, `$_REQUEST['action']`,
+	 * The dynamic portion of the hook name, `$_action`,
 	 * refers to the action derived from the `GET` or `POST` request.
 	 *
 	 * @since 2.6.0
 	 */
-	do_action( 'admin_action_' . $_REQUEST['action'] );
+	do_action( 'admin_action_' . $_action );
 }
+unset( $_action );