Changeset 44059
- Timestamp:
- 12/13/2018 01:43:52 AM (5 years ago)
- Location:
- branches/4.5
- Files:
-
- 6 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/4.5
-
branches/4.5/src/wp-activate.php
r44029 r44059 27 27 $result = null; 28 28 29 if ( ! empty( $_GET['key'] ) ) { 29 if ( isset( $_GET['key'] ) && isset( $_POST['key'] ) && $_GET['key'] !== $_POST['key'] ) { 30 wp_die( __( 'A key value mismatch has been detected. Please follow the link provided in your activation email.' ), __( 'An error occurred during the activation' ), 400 ); 31 } elseif ( ! empty( $_GET['key'] ) ) { 30 32 $key = $_GET['key']; 31 33 } elseif ( ! empty( $_POST['key'] ) ) { -
branches/4.5/src/wp-admin/includes/class-wp-screen.php
r39763 r44059 291 291 switch ( $base ) { 292 292 case 'post' : 293 if ( isset( $_GET['post'] ) ) 293 if ( isset( $_GET['post'] ) && isset( $_POST['post_ID'] ) && (int) $_GET['post'] !== (int) $_POST['post_ID'] ) 294 wp_die( __( 'A post ID mismatch has been detected.' ), __( 'Sorry, you are not allowed to edit this item.' ), 400 ); 295 elseif ( isset( $_GET['post'] ) ) 294 296 $post_id = (int) $_GET['post']; 295 297 elseif ( isset( $_POST['post_ID'] ) ) -
branches/4.5/src/wp-admin/post.php
r35282 r44059 17 17 wp_reset_vars( array( 'action' ) ); 18 18 19 if ( isset( $_GET['post'] ) ) 19 if ( isset( $_GET['post'] ) && isset( $_POST['post_ID'] ) && (int) $_GET['post'] !== (int) $_POST['post_ID'] ) 20 wp_die( __( 'A post ID mismatch has been detected.' ), __( 'Sorry, you are not allowed to edit this item.' ), 400 ); 21 elseif ( isset( $_GET['post'] ) ) 20 22 $post_id = $post_ID = (int) $_GET['post']; 21 23 elseif ( isset( $_POST['post_ID'] ) ) … … 37 39 $post_type = $post->post_type; 38 40 $post_type_object = get_post_type_object( $post_type ); 41 } 42 43 if ( isset( $_POST['post_type'] ) && $post && $post_type !== $_POST['post_type'] ) { 44 wp_die( __( 'A post type mismatch has been detected.' ), __( 'Sorry, you are not allowed to edit this item.' ), 400 ); 39 45 } 40 46 -
branches/4.5/src/wp-includes/class-wp.php
r36900 r44059 302 302 if ( isset( $this->extra_query_vars[$wpvar] ) ) 303 303 $this->query_vars[$wpvar] = $this->extra_query_vars[$wpvar]; 304 elseif ( isset( $_GET[ $wpvar ] ) && isset( $_POST[ $wpvar ] ) && $_GET[ $wpvar ] !== $_POST[ $wpvar ] ) 305 wp_die( __( 'A variable mismatch has been detected.' ), __( 'Sorry, you are not allowed to view this item.' ), 400 ); 304 306 elseif ( isset( $_POST[$wpvar] ) ) 305 307 $this->query_vars[$wpvar] = $_POST[$wpvar]; -
branches/4.5/src/wp-includes/ms-deprecated.php
r36725 r44059 271 271 272 272 $ref = ''; 273 if ( isset( $_GET['ref'] ) ) 274 $ref = $_GET['ref']; 275 if ( isset( $_POST['ref'] ) ) 276 $ref = $_POST['ref']; 273 if ( isset( $_GET['ref'] ) && isset( $_POST['ref'] ) && $_GET['ref'] !== $_POST['ref'] ) { 274 wp_die( __( 'A variable mismatch has been detected.' ), __( 'Sorry, you are not allowed to view this item.' ), 400 ); 275 } elseif ( isset( $_POST['ref'] ) ) { 276 $ref = $_POST[ 'ref' ]; 277 } elseif ( isset( $_GET['ref'] ) ) { 278 $ref = $_GET[ 'ref' ]; 279 } 277 280 278 281 if ( $ref ) { … … 287 290 288 291 $url = wpmu_admin_redirect_add_updated_param( $url ); 289 if ( isset( $_GET['redirect'] ) ) { 292 if ( isset( $_GET['redirect'] ) && isset( $_POST['redirect'] ) && $_GET['redirect'] !== $_POST['redirect'] ) { 293 wp_die( __( 'A variable mismatch has been detected.' ), __( 'Sorry, you are not allowed to view this item.' ), 400 ); 294 } elseif ( isset( $_GET['redirect'] ) ) { 290 295 if ( substr( $_GET['redirect'], 0, 2 ) == 's_' ) 291 296 $url .= '&action=blogs&s='. esc_html( substr( $_GET['redirect'], 2 ) );
Note: See TracChangeset
for help on using the changeset viewer.