Changeset 38032
- Timestamp:
- 07/10/2016 07:42:02 PM (8 years ago)
- Location:
- trunk/src/wp-admin
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/wp-admin/ms-delete-site.php
r37914 r38032 17 17 18 18 if ( isset( $_GET['h'] ) && $_GET['h'] != '' && get_option( 'delete_blog_hash' ) != false ) { 19 if ( get_option( 'delete_blog_hash' ) == $_GET['h']) {19 if ( hash_equals( get_option( 'delete_blog_hash' ), $_GET['h'] ) ) { 20 20 wpmu_delete_blog( $wpdb->blogid ); 21 21 wp_die( sprintf( __( 'Thank you for using %s, your site has been deleted. Happy trails to you until we meet again.' ), $current_site->site_name ) ); -
trunk/src/wp-admin/options.php
r38006 r38032 58 58 $new_admin_details = get_option( 'adminhash' ); 59 59 $redirect = 'options-general.php?updated=false'; 60 if ( is_array( $new_admin_details ) && $new_admin_details[ 'hash' ] == $_GET[ 'adminhash' ]&& !empty($new_admin_details[ 'newemail' ]) ) {60 if ( is_array( $new_admin_details ) && hash_equals( $new_admin_details[ 'hash' ], $_GET[ 'adminhash' ] ) && !empty($new_admin_details[ 'newemail' ]) ) { 61 61 update_option( 'admin_email', $new_admin_details[ 'newemail' ] ); 62 62 delete_option( 'adminhash' );
Note: See TracChangeset
for help on using the changeset viewer.