Changeset 44048
- Timestamp:
- 12/13/2018 01:25:03 AM (6 years ago)
- Location:
- trunk/src
- Files:
-
- 5 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/wp-activate.php
r44021 r44048 27 27 $result = null; 28 28 29 if ( ! empty( $_GET['key'] ) ) { 29 if ( isset( $_GET['key'] ) && isset( $_POST['key'] ) && $_GET['key'] !== $_POST['key'] ) { 30 wp_die( __( 'A key value mismatch has been detected. Please follow the link provided in your activation email.' ), __( 'An error occurred during the activation' ), 400 ); 31 } elseif ( ! empty( $_GET['key'] ) ) { 30 32 $key = $_GET['key']; 31 33 } elseif ( ! empty( $_POST['key'] ) ) { -
trunk/src/wp-admin/includes/class-wp-screen.php
r43571 r44048 273 273 switch ( $base ) { 274 274 case 'post': 275 if ( isset( $_GET['post'] ) ) { 275 if ( isset( $_GET['post'] ) && isset( $_POST['post_ID'] ) && (int) $_GET['post'] !== (int) $_POST['post_ID'] ) { 276 wp_die( __( 'A post ID mismatch has been detected.' ), __( 'Sorry, you are not allowed to edit this item.' ), 400 ); 277 } elseif ( isset( $_GET['post'] ) ) { 276 278 $post_id = (int) $_GET['post']; 277 279 } elseif ( isset( $_POST['post_ID'] ) ) { -
trunk/src/wp-admin/post.php
r43571 r44048 17 17 wp_reset_vars( array( 'action' ) ); 18 18 19 if ( isset( $_GET['post'] ) ) { 19 if ( isset( $_GET['post'] ) && isset( $_POST['post_ID'] ) && (int) $_GET['post'] !== (int) $_POST['post_ID'] ) { 20 wp_die( __( 'A post ID mismatch has been detected.' ), __( 'Sorry, you are not allowed to edit this item.' ), 400 ); 21 } elseif ( isset( $_GET['post'] ) ) { 20 22 $post_id = $post_ID = (int) $_GET['post']; 21 23 } elseif ( isset( $_POST['post_ID'] ) ) { … … 39 41 $post_type = $post->post_type; 40 42 $post_type_object = get_post_type_object( $post_type ); 43 } 44 45 if ( isset( $_POST['post_type'] ) && $post && $post_type !== $_POST['post_type'] ) { 46 wp_die( __( 'A post type mismatch has been detected.' ), __( 'Sorry, you are not allowed to edit this item.' ), 400 ); 41 47 } 42 48 -
trunk/src/wp-includes/class-wp.php
r42876 r44048 296 296 if ( isset( $this->extra_query_vars[ $wpvar ] ) ) { 297 297 $this->query_vars[ $wpvar ] = $this->extra_query_vars[ $wpvar ]; 298 } elseif ( isset( $_GET[ $wpvar ] ) && isset( $_POST[ $wpvar ] ) && $_GET[ $wpvar ] !== $_POST[ $wpvar ] ) { 299 wp_die( __( 'A variable mismatch has been detected.' ), __( 'Sorry, you are not allowed to view this item.' ), 400 ); 298 300 } elseif ( isset( $_POST[ $wpvar ] ) ) { 299 301 $this->query_vars[ $wpvar ] = $_POST[ $wpvar ]; -
trunk/src/wp-includes/ms-deprecated.php
r43654 r44048 272 272 273 273 $ref = ''; 274 if ( isset( $_GET['ref'] ) ) 275 $ref = $_GET['ref']; 276 if ( isset( $_POST['ref'] ) ) 277 $ref = $_POST['ref']; 274 if ( isset( $_GET['ref'] ) && isset( $_POST['ref'] ) && $_GET['ref'] !== $_POST['ref'] ) { 275 wp_die( __( 'A variable mismatch has been detected.' ), __( 'Sorry, you are not allowed to view this item.' ), 400 ); 276 } elseif ( isset( $_POST['ref'] ) ) { 277 $ref = $_POST[ 'ref' ]; 278 } elseif ( isset( $_GET['ref'] ) ) { 279 $ref = $_GET[ 'ref' ]; 280 } 278 281 279 282 if ( $ref ) { … … 288 291 289 292 $url = wpmu_admin_redirect_add_updated_param( $url ); 290 if ( isset( $_GET['redirect'] ) ) { 293 if ( isset( $_GET['redirect'] ) && isset( $_POST['redirect'] ) && $_GET['redirect'] !== $_POST['redirect'] ) { 294 wp_die( __( 'A variable mismatch has been detected.' ), __( 'Sorry, you are not allowed to view this item.' ), 400 ); 295 } elseif ( isset( $_GET['redirect'] ) ) { 291 296 if ( substr( $_GET['redirect'], 0, 2 ) == 's_' ) 292 297 $url .= '&action=blogs&s='. esc_html( substr( $_GET['redirect'], 2 ) );
Note: See TracChangeset
for help on using the changeset viewer.