[wp-trac] [WordPress Trac] #11849: admin-ajax does notices
WordPress Trac
wp-trac at lists.automattic.com
Sun Jan 10 02:07:11 UTC 2010
#11849: admin-ajax does notices
------------------------------+---------------------------------------------
Reporter: hakre | Owner: westi
Type: defect (bug) | Status: new
Priority: normal | Milestone: 3.0
Component: Warnings/Notices | Version: 3.0
Severity: normal | Keywords: has-patch
------------------------------+---------------------------------------------
Comment(by nacin):
Lower down in the file when we check for $_POST, we surround a switch with
an isset.
Here when we check for $_GET (with the patch), if not set it would allow
an "wp_ajax_" action to execute.
Also, when we check for {{{$_REQUEST['action']}}} for nopriv, we check if
it is empty.
We should probably standardize all of them to prevent an empty action from
triggering a hook.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/11849#comment:2>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list