WordPress.org

Make WordPress Core

Changeset 44048


Ignore:
Timestamp:
12/13/2018 01:25:03 AM (10 months ago)
Author:
peterwilsoncc
Message:

Multisite: Validate activation links.

Location:
trunk/src
Files:
5 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-activate.php

    r44021 r44048  
    2727$result = null;
    2828
    29 if ( ! empty( $_GET['key'] ) ) {
     29if ( isset( $_GET['key'] ) && isset( $_POST['key'] ) && $_GET['key'] !== $_POST['key'] ) {
     30    wp_die( __( 'A key value mismatch has been detected. Please follow the link provided in your activation email.' ), __( 'An error occurred during the activation' ), 400 );
     31} elseif ( ! empty( $_GET['key'] ) ) {
    3032    $key = $_GET['key'];
    3133} elseif ( ! empty( $_POST['key'] ) ) {
  • trunk/src/wp-admin/includes/class-wp-screen.php

    r43571 r44048  
    273273            switch ( $base ) {
    274274                case 'post':
    275                     if ( isset( $_GET['post'] ) ) {
     275                    if ( isset( $_GET['post'] ) && isset( $_POST['post_ID'] ) && (int) $_GET['post'] !== (int) $_POST['post_ID'] ) {
     276                        wp_die( __( 'A post ID mismatch has been detected.' ), __( 'Sorry, you are not allowed to edit this item.' ), 400 );
     277                    } elseif ( isset( $_GET['post'] ) ) {
    276278                        $post_id = (int) $_GET['post'];
    277279                    } elseif ( isset( $_POST['post_ID'] ) ) {
  • trunk/src/wp-admin/post.php

    r43571 r44048  
    1717wp_reset_vars( array( 'action' ) );
    1818
    19 if ( isset( $_GET['post'] ) ) {
     19if ( isset( $_GET['post'] ) && isset( $_POST['post_ID'] ) && (int) $_GET['post'] !== (int) $_POST['post_ID'] ) {
     20    wp_die( __( 'A post ID mismatch has been detected.' ), __( 'Sorry, you are not allowed to edit this item.' ), 400 );
     21} elseif ( isset( $_GET['post'] ) ) {
    2022    $post_id = $post_ID = (int) $_GET['post'];
    2123} elseif ( isset( $_POST['post_ID'] ) ) {
     
    3941    $post_type        = $post->post_type;
    4042    $post_type_object = get_post_type_object( $post_type );
     43}
     44
     45if ( isset( $_POST['post_type'] ) && $post && $post_type !== $_POST['post_type'] ) {
     46    wp_die( __( 'A post type mismatch has been detected.' ), __( 'Sorry, you are not allowed to edit this item.' ), 400 );
    4147}
    4248
  • trunk/src/wp-includes/class-wp.php

    r42876 r44048  
    296296            if ( isset( $this->extra_query_vars[ $wpvar ] ) ) {
    297297                $this->query_vars[ $wpvar ] = $this->extra_query_vars[ $wpvar ];
     298            } elseif ( isset( $_GET[ $wpvar ] ) && isset( $_POST[ $wpvar ] ) && $_GET[ $wpvar ] !== $_POST[ $wpvar ] ) {
     299                wp_die( __( 'A variable mismatch has been detected.' ), __( 'Sorry, you are not allowed to view this item.' ), 400 );
    298300            } elseif ( isset( $_POST[ $wpvar ] ) ) {
    299301                $this->query_vars[ $wpvar ] = $_POST[ $wpvar ];
  • trunk/src/wp-includes/ms-deprecated.php

    r43654 r44048  
    272272
    273273    $ref = '';
    274     if ( isset( $_GET['ref'] ) )
    275         $ref = $_GET['ref'];
    276     if ( isset( $_POST['ref'] ) )
    277         $ref = $_POST['ref'];
     274    if ( isset( $_GET['ref'] ) && isset( $_POST['ref'] ) && $_GET['ref'] !== $_POST['ref'] ) {
     275        wp_die( __( 'A variable mismatch has been detected.' ), __( 'Sorry, you are not allowed to view this item.' ), 400 );
     276    } elseif ( isset( $_POST['ref'] ) ) {
     277        $ref = $_POST[ 'ref' ];
     278    } elseif ( isset( $_GET['ref'] ) ) {
     279        $ref = $_GET[ 'ref' ];
     280    }
    278281
    279282    if ( $ref ) {
     
    288291
    289292    $url = wpmu_admin_redirect_add_updated_param( $url );
    290     if ( isset( $_GET['redirect'] ) ) {
     293    if ( isset( $_GET['redirect'] ) && isset( $_POST['redirect'] ) && $_GET['redirect'] !== $_POST['redirect'] ) {
     294        wp_die( __( 'A variable mismatch has been detected.' ), __( 'Sorry, you are not allowed to view this item.' ), 400 );
     295    } elseif ( isset( $_GET['redirect'] ) ) {
    291296        if ( substr( $_GET['redirect'], 0, 2 ) == 's_' )
    292297            $url .= '&action=blogs&s='. esc_html( substr( $_GET['redirect'], 2 ) );
Note: See TracChangeset for help on using the changeset viewer.