From b971127bac3bc2740bceb826ce2a02b211ace929 Mon Sep 17 00:00:00 2001 From: Dion Hulse Date: Thu, 15 Aug 2013 06:05:54 +0000 Subject: [PATCH] Remove the usage of @$_GET and @$_POST and just check to see if the indicies are set. Fixes #22429 git-svn-id: https://develop.svn.wordpress.org/trunk@25025 602fd350-edb4-49c9-b593-d223f7449a82 --- src/wp-admin/includes/ajax-actions.php | 9 +++++---- src/wp-admin/includes/media.php | 5 +++-- src/wp-includes/theme.php | 5 ++++- 3 files changed, 12 insertions(+), 7 deletions(-) diff --git a/src/wp-admin/includes/ajax-actions.php b/src/wp-admin/includes/ajax-actions.php index 734409fe1f..82d8abc27f 100644 --- a/src/wp-admin/includes/ajax-actions.php +++ b/src/wp-admin/includes/ajax-actions.php @@ -241,10 +241,11 @@ function wp_ajax_logged_in() { * @return die */ function _wp_ajax_delete_comment_response( $comment_id, $delta = -1 ) { - $total = (int) @$_POST['_total']; - $per_page = (int) @$_POST['_per_page']; - $page = (int) @$_POST['_page']; - $url = esc_url_raw( @$_POST['_url'] ); + $total = isset( $_POST['_total'] ) ? (int) $_POST['_total'] : 0; + $per_page = isset( $_POST['_per_page'] ) ? (int) $_POST['_per_page'] : 0; + $page = isset( $_POST['_page'] ) ? (int) $_POST['_page'] : 0; + $url = isset( $_POST['_url'] ) ? esc_url_raw( $_POST['_url'] ) : ''; + // JS didn't send us everything we need to know. Just die with success message if ( !$total || !$per_page || !$page || !$url ) wp_die( time() ); diff --git a/src/wp-admin/includes/media.php b/src/wp-admin/includes/media.php index 4b6417f861..c37dc0b1c4 100644 --- a/src/wp-admin/includes/media.php +++ b/src/wp-admin/includes/media.php @@ -2077,17 +2077,18 @@ $arc_query = "SELECT DISTINCT YEAR(post_date) AS yyear, MONTH(post_date) AS mmon $arc_result = $wpdb->get_results( $arc_query ); $month_count = count($arc_result); +$selected_month = isset( $_GET['m'] ) ? $_GET['m'] : 0; if ( $month_count && !( 1 == $month_count && 0 == $arc_result[0]->mmonth ) ) { ?>