This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | /** |
||
3 | * Edit tag form for inclusion in administration panels. |
||
4 | * |
||
5 | * @package WordPress |
||
6 | * @subpackage Administration |
||
7 | */ |
||
8 | |||
9 | // don't load directly |
||
10 | if ( ! defined( 'ABSPATH' ) ) { |
||
11 | die( '-1' ); |
||
12 | } |
||
13 | |||
14 | // Back compat hooks |
||
15 | if ( 'category' == $taxonomy ) { |
||
16 | /** |
||
17 | * Fires before the Edit Category form. |
||
18 | * |
||
19 | * @since 2.1.0 |
||
20 | * @deprecated 3.0.0 Use {$taxonomy}_pre_edit_form instead. |
||
21 | * |
||
22 | * @param object $tag Current category term object. |
||
23 | */ |
||
24 | do_action( 'edit_category_form_pre', $tag ); |
||
25 | } elseif ( 'link_category' == $taxonomy ) { |
||
26 | /** |
||
27 | * Fires before the Edit Link Category form. |
||
28 | * |
||
29 | * @since 2.3.0 |
||
30 | * @deprecated 3.0.0 Use {$taxonomy}_pre_edit_form instead. |
||
31 | * |
||
32 | * @param object $tag Current link category term object. |
||
33 | */ |
||
34 | do_action( 'edit_link_category_form_pre', $tag ); |
||
35 | } else { |
||
36 | /** |
||
37 | * Fires before the Edit Tag form. |
||
38 | * |
||
39 | * @since 2.5.0 |
||
40 | * @deprecated 3.0.0 Use {$taxonomy}_pre_edit_form instead. |
||
41 | * |
||
42 | * @param object $tag Current tag term object. |
||
43 | */ |
||
44 | do_action( 'edit_tag_form_pre', $tag ); |
||
45 | } |
||
46 | |||
47 | /** |
||
48 | * Use with caution, see https://codex.wordpress.org/Function_Reference/wp_reset_vars |
||
49 | */ |
||
50 | wp_reset_vars( array( 'wp_http_referer' ) ); |
||
51 | |||
52 | $wp_http_referer = remove_query_arg( array( 'action', 'message', 'tag_ID' ), $wp_http_referer ); |
||
53 | |||
54 | /** Also used by Edit Tags */ |
||
55 | require_once( ABSPATH . 'wp-admin/includes/edit-tag-messages.php' ); |
||
56 | |||
57 | /** |
||
58 | * Fires before the Edit Term form for all taxonomies. |
||
59 | * |
||
60 | * The dynamic portion of the hook name, `$taxonomy`, refers to |
||
61 | * the taxonomy slug. |
||
62 | * |
||
63 | * @since 3.0.0 |
||
64 | * |
||
65 | * @param object $tag Current taxonomy term object. |
||
66 | * @param string $taxonomy Current $taxonomy slug. |
||
67 | */ |
||
68 | do_action( "{$taxonomy}_pre_edit_form", $tag, $taxonomy ); ?> |
||
69 | |||
70 | <div class="wrap"> |
||
71 | <h1><?php echo $tax->labels->edit_item; ?></h1> |
||
72 | |||
73 | <?php if ( $message ) : ?> |
||
74 | <div id="message" class="updated"> |
||
75 | <p><strong><?php echo $message; ?></strong></p> |
||
76 | <?php if ( $wp_http_referer ) { ?> |
||
77 | <p><a href="<?php echo esc_url( $wp_http_referer ); ?>"><?php |
||
0 ignored issues
–
show
|
|||
78 | /* translators: %s: taxonomy name */ |
||
79 | printf( _x( '← Back to %s', 'admin screen' ), $tax->labels->name ); |
||
80 | ?></a></p> |
||
81 | <?php } else { ?> |
||
82 | <p><a href="<?php echo esc_url( wp_get_referer() ); ?>"><?php |
||
0 ignored issues
–
show
|
|||
83 | /* translators: %s: taxonomy name */ |
||
84 | printf( _x( '← Back to %s', 'admin screen' ), $tax->labels->name ); |
||
85 | ?></a></p> |
||
86 | <?php } ?> |
||
87 | </div> |
||
88 | <?php endif; ?> |
||
89 | |||
90 | <div id="ajax-response"></div> |
||
91 | |||
92 | <form name="edittag" id="edittag" method="post" action="edit-tags.php" class="validate" |
||
93 | <?php |
||
94 | /** |
||
95 | * Fires inside the Edit Term form tag. |
||
96 | * |
||
97 | * The dynamic portion of the hook name, `$taxonomy`, refers to |
||
98 | * the taxonomy slug. |
||
99 | * |
||
100 | * @since 3.7.0 |
||
101 | */ |
||
102 | do_action( "{$taxonomy}_term_edit_form_tag" ); |
||
103 | ?>> |
||
104 | <input type="hidden" name="action" value="editedtag"/> |
||
105 | <input type="hidden" name="tag_ID" value="<?php echo esc_attr( $tag_ID ) ?>"/> |
||
106 | <input type="hidden" name="taxonomy" value="<?php echo esc_attr( $taxonomy ) ?>"/> |
||
107 | <?php |
||
108 | wp_original_referer_field( true, 'previous' ); |
||
109 | wp_nonce_field( 'update-tag_' . $tag_ID ); |
||
110 | |||
111 | /** |
||
112 | * Fires at the beginning of the Edit Term form. |
||
113 | * |
||
114 | * At this point, the required hidden fields and nonces have already been output. |
||
115 | * |
||
116 | * The dynamic portion of the hook name, `$taxonomy`, refers to the taxonomy slug. |
||
117 | * |
||
118 | * @since 4.5.0 |
||
119 | * |
||
120 | * @param object $tag Current taxonomy term object. |
||
121 | * @param string $taxonomy Current $taxonomy slug. |
||
122 | */ |
||
123 | do_action( "{$taxonomy}_term_edit_form_top", $tag, $taxonomy ); |
||
124 | ?> |
||
125 | <table class="form-table"> |
||
126 | <tr class="form-field form-required term-name-wrap"> |
||
127 | <th scope="row"><label for="name"><?php _ex( 'Name', 'term name' ); ?></label></th> |
||
128 | <td><input name="name" id="name" type="text" value="<?php if ( isset( $tag->name ) ) echo esc_attr($tag->name); ?>" size="40" aria-required="true" /> |
||
129 | <p class="description"><?php _e('The name is how it appears on your site.'); ?></p></td> |
||
130 | </tr> |
||
131 | <?php if ( !global_terms_enabled() ) { ?> |
||
132 | <tr class="form-field term-slug-wrap"> |
||
133 | <th scope="row"><label for="slug"><?php _e( 'Slug' ); ?></label></th> |
||
134 | <?php |
||
135 | /** |
||
136 | * Filters the editable slug. |
||
137 | * |
||
138 | * Note: This is a multi-use hook in that it is leveraged both for editable |
||
139 | * post URIs and term slugs. |
||
140 | * |
||
141 | * @since 2.6.0 |
||
142 | * @since 4.4.0 The `$tag` parameter was added. |
||
143 | * |
||
144 | * @param string $slug The editable slug. Will be either a term slug or post URI depending |
||
145 | * upon the context in which it is evaluated. |
||
146 | * @param object|WP_Post $tag Term or WP_Post object. |
||
147 | */ |
||
148 | $slug = isset( $tag->slug ) ? apply_filters( 'editable_slug', $tag->slug, $tag ) : ''; |
||
149 | ?> |
||
150 | <td><input name="slug" id="slug" type="text" value="<?php echo esc_attr( $slug ); ?>" size="40" /> |
||
151 | <p class="description"><?php _e('The “slug” is the URL-friendly version of the name. It is usually all lowercase and contains only letters, numbers, and hyphens.'); ?></p></td> |
||
152 | </tr> |
||
153 | <?php } ?> |
||
154 | <?php if ( is_taxonomy_hierarchical($taxonomy) ) : ?> |
||
155 | <tr class="form-field term-parent-wrap"> |
||
156 | <th scope="row"><label for="parent"><?php _ex( 'Parent', 'term parent' ); ?></label></th> |
||
157 | <td> |
||
158 | <?php |
||
159 | $dropdown_args = array( |
||
160 | 'hide_empty' => 0, |
||
161 | 'hide_if_empty' => false, |
||
162 | 'taxonomy' => $taxonomy, |
||
163 | 'name' => 'parent', |
||
164 | 'orderby' => 'name', |
||
165 | 'selected' => $tag->parent, |
||
166 | 'exclude_tree' => $tag->term_id, |
||
167 | 'hierarchical' => true, |
||
168 | 'show_option_none' => __( 'None' ), |
||
169 | ); |
||
170 | |||
171 | /** This filter is documented in wp-admin/edit-tags.php */ |
||
172 | $dropdown_args = apply_filters( 'taxonomy_parent_dropdown_args', $dropdown_args, $taxonomy, 'edit' ); |
||
173 | wp_dropdown_categories( $dropdown_args ); ?> |
||
174 | <?php if ( 'category' == $taxonomy ) : ?> |
||
175 | <p class="description"><?php _e('Categories, unlike tags, can have a hierarchy. You might have a Jazz category, and under that have children categories for Bebop and Big Band. Totally optional.'); ?></p> |
||
176 | <?php endif; ?> |
||
177 | </td> |
||
178 | </tr> |
||
179 | <?php endif; // is_taxonomy_hierarchical() ?> |
||
180 | <tr class="form-field term-description-wrap"> |
||
181 | <th scope="row"><label for="description"><?php _e( 'Description' ); ?></label></th> |
||
182 | <td><textarea name="description" id="description" rows="5" cols="50" class="large-text"><?php echo $tag->description; // textarea_escaped ?></textarea> |
||
183 | <p class="description"><?php _e('The description is not prominent by default; however, some themes may show it.'); ?></p></td> |
||
184 | </tr> |
||
185 | <?php |
||
186 | // Back compat hooks |
||
187 | if ( 'category' == $taxonomy ) { |
||
188 | /** |
||
189 | * Fires after the Edit Category form fields are displayed. |
||
190 | * |
||
191 | * @since 2.9.0 |
||
192 | * @deprecated 3.0.0 Use {$taxonomy}_edit_form_fields instead. |
||
193 | * |
||
194 | * @param object $tag Current category term object. |
||
195 | */ |
||
196 | do_action( 'edit_category_form_fields', $tag ); |
||
197 | } elseif ( 'link_category' == $taxonomy ) { |
||
198 | /** |
||
199 | * Fires after the Edit Link Category form fields are displayed. |
||
200 | * |
||
201 | * @since 2.9.0 |
||
202 | * @deprecated 3.0.0 Use {$taxonomy}_edit_form_fields instead. |
||
203 | * |
||
204 | * @param object $tag Current link category term object. |
||
205 | */ |
||
206 | do_action( 'edit_link_category_form_fields', $tag ); |
||
207 | } else { |
||
208 | /** |
||
209 | * Fires after the Edit Tag form fields are displayed. |
||
210 | * |
||
211 | * @since 2.9.0 |
||
212 | * @deprecated 3.0.0 Use {$taxonomy}_edit_form_fields instead. |
||
213 | * |
||
214 | * @param object $tag Current tag term object. |
||
215 | */ |
||
216 | do_action( 'edit_tag_form_fields', $tag ); |
||
217 | } |
||
218 | /** |
||
219 | * Fires after the Edit Term form fields are displayed. |
||
220 | * |
||
221 | * The dynamic portion of the hook name, `$taxonomy`, refers to |
||
222 | * the taxonomy slug. |
||
223 | * |
||
224 | * @since 3.0.0 |
||
225 | * |
||
226 | * @param object $tag Current taxonomy term object. |
||
227 | * @param string $taxonomy Current taxonomy slug. |
||
228 | */ |
||
229 | do_action( "{$taxonomy}_edit_form_fields", $tag, $taxonomy ); |
||
230 | ?> |
||
231 | </table> |
||
232 | <?php |
||
233 | // Back compat hooks |
||
234 | if ( 'category' == $taxonomy ) { |
||
235 | /** This action is documented in wp-admin/edit-tags.php */ |
||
236 | do_action( 'edit_category_form', $tag ); |
||
237 | } elseif ( 'link_category' == $taxonomy ) { |
||
238 | /** This action is documented in wp-admin/edit-tags.php */ |
||
239 | do_action( 'edit_link_category_form', $tag ); |
||
240 | } else { |
||
241 | /** |
||
242 | * Fires at the end of the Edit Term form. |
||
243 | * |
||
244 | * @since 2.5.0 |
||
245 | * @deprecated 3.0.0 Use {$taxonomy}_edit_form instead. |
||
246 | * |
||
247 | * @param object $tag Current taxonomy term object. |
||
248 | */ |
||
249 | do_action( 'edit_tag_form', $tag ); |
||
250 | } |
||
251 | /** |
||
252 | * Fires at the end of the Edit Term form for all taxonomies. |
||
253 | * |
||
254 | * The dynamic portion of the hook name, `$taxonomy`, refers to the taxonomy slug. |
||
255 | * |
||
256 | * @since 3.0.0 |
||
257 | * |
||
258 | * @param object $tag Current taxonomy term object. |
||
259 | * @param string $taxonomy Current taxonomy slug. |
||
260 | */ |
||
261 | do_action( "{$taxonomy}_edit_form", $tag, $taxonomy ); |
||
262 | |||
263 | submit_button( __('Update') ); |
||
264 | ?> |
||
265 | </form> |
||
266 | </div> |
||
267 | |||
268 | <?php if ( ! wp_is_mobile() ) : ?> |
||
269 | <script type="text/javascript"> |
||
270 | try{document.forms.edittag.name.focus();}catch(e){} |
||
271 | </script> |
||
272 | <?php endif; |
||
273 |
If a method or function can return multiple different values and unless you are sure that you only can receive a single value in this context, we recommend to add an additional type check:
If this a common case that PHP Analyzer should handle natively, please let us know by opening an issue.