--- a/wp/wp-admin/load-scripts.php Tue Oct 22 16:11:46 2019 +0200
+++ b/wp/wp-admin/load-scripts.php Tue Dec 15 13:49:49 2020 +0100
@@ -9,13 +9,19 @@
/** Set ABSPATH for execution */
if ( ! defined( 'ABSPATH' ) ) {
- define( 'ABSPATH', dirname( dirname( __FILE__ ) ) . '/' );
+ define( 'ABSPATH', dirname( __DIR__ ) . '/' );
}
define( 'WPINC', 'wp-includes' );
+$protocol = $_SERVER['SERVER_PROTOCOL'];
+if ( ! in_array( $protocol, array( 'HTTP/1.1', 'HTTP/2', 'HTTP/2.0' ), true ) ) {
+ $protocol = 'HTTP/1.0';
+}
+
$load = $_GET['load'];
if ( is_array( $load ) ) {
+ ksort( $load );
$load = implode( '', $load );
}
@@ -23,14 +29,15 @@
$load = array_unique( explode( ',', $load ) );
if ( empty( $load ) ) {
+ header( "$protocol 400 Bad Request" );
exit;
}
-require( ABSPATH . 'wp-admin/includes/noop.php' );
-require( ABSPATH . WPINC . '/script-loader.php' );
-require( ABSPATH . WPINC . '/version.php' );
+require ABSPATH . 'wp-admin/includes/noop.php';
+require ABSPATH . WPINC . '/script-loader.php';
+require ABSPATH . WPINC . '/version.php';
-$expires_offset = 31536000; // 1 year
+$expires_offset = 31536000; // 1 year.
$out = '';
$wp_scripts = new WP_Scripts();
@@ -39,12 +46,8 @@
wp_default_packages_scripts( $wp_scripts );
if ( isset( $_SERVER['HTTP_IF_NONE_MATCH'] ) && stripslashes( $_SERVER['HTTP_IF_NONE_MATCH'] ) === $wp_version ) {
- $protocol = $_SERVER['SERVER_PROTOCOL'];
- if ( ! in_array( $protocol, array( 'HTTP/1.1', 'HTTP/2', 'HTTP/2.0' ) ) ) {
- $protocol = 'HTTP/1.0';
- }
header( "$protocol 304 Not Modified" );
- exit();
+ exit;
}
foreach ( $load as $handle ) {