WordPress.org

Make WordPress Core


Ignore:
Timestamp:
12/13/2018 01:25:03 AM (11 months ago)
Author:
peterwilsoncc
Message:

Multisite: Validate activation links.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/includes/class-wp-screen.php

    r43571 r44048  
    273273            switch ( $base ) {
    274274                case 'post':
    275                     if ( isset( $_GET['post'] ) ) {
     275                    if ( isset( $_GET['post'] ) && isset( $_POST['post_ID'] ) && (int) $_GET['post'] !== (int) $_POST['post_ID'] ) {
     276                        wp_die( __( 'A post ID mismatch has been detected.' ), __( 'Sorry, you are not allowed to edit this item.' ), 400 );
     277                    } elseif ( isset( $_GET['post'] ) ) {
    276278                        $post_id = (int) $_GET['post'];
    277279                    } elseif ( isset( $_POST['post_ID'] ) ) {
Note: See TracChangeset for help on using the changeset viewer.