Changeset 44050 for branches/5.0
- Timestamp:
- 12/13/2018 01:29:42 AM (6 years ago)
- Location:
- branches/5.0
- Files:
-
- 6 edited
-
. (modified) (1 prop)
-
src/wp-activate.php (modified) (1 diff)
-
src/wp-admin/includes/class-wp-screen.php (modified) (1 diff)
-
src/wp-admin/post.php (modified) (2 diffs)
-
src/wp-includes/class-wp.php (modified) (1 diff)
-
src/wp-includes/ms-deprecated.php (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
-
branches/5.0
-
branches/5.0/src/wp-activate.php
r44022 r44050 27 27 $result = null; 28 28 29 if ( ! empty( $_GET['key'] ) ) { 29 if ( isset( $_GET['key'] ) && isset( $_POST['key'] ) && $_GET['key'] !== $_POST['key'] ) { 30 wp_die( __( 'A key value mismatch has been detected. Please follow the link provided in your activation email.' ), __( 'An error occurred during the activation' ), 400 ); 31 } elseif ( ! empty( $_GET['key'] ) ) { 30 32 $key = $_GET['key']; 31 33 } elseif ( ! empty( $_POST['key'] ) ) { -
branches/5.0/src/wp-admin/includes/class-wp-screen.php
r43807 r44050 279 279 switch ( $base ) { 280 280 case 'post' : 281 if ( isset( $_GET['post'] ) ) 281 if ( isset( $_GET['post'] ) && isset( $_POST['post_ID'] ) && (int) $_GET['post'] !== (int) $_POST['post_ID'] ) 282 wp_die( __( 'A post ID mismatch has been detected.' ), __( 'Sorry, you are not allowed to edit this item.' ), 400 ); 283 elseif ( isset( $_GET['post'] ) ) 282 284 $post_id = (int) $_GET['post']; 283 285 elseif ( isset( $_POST['post_ID'] ) ) -
branches/5.0/src/wp-admin/post.php
r44047 r44050 17 17 wp_reset_vars( array( 'action' ) ); 18 18 19 if ( isset( $_GET['post'] ) ) 19 if ( isset( $_GET['post'] ) && isset( $_POST['post_ID'] ) && (int) $_GET['post'] !== (int) $_POST['post_ID'] ) 20 wp_die( __( 'A post ID mismatch has been detected.' ), __( 'Sorry, you are not allowed to edit this item.' ), 400 ); 21 elseif ( isset( $_GET['post'] ) ) 20 22 $post_id = $post_ID = (int) $_GET['post']; 21 23 elseif ( isset( $_POST['post_ID'] ) ) … … 37 39 $post_type = $post->post_type; 38 40 $post_type_object = get_post_type_object( $post_type ); 41 } 42 43 if ( isset( $_POST['post_type'] ) && $post && $post_type !== $_POST['post_type'] ) { 44 wp_die( __( 'A post type mismatch has been detected.' ), __( 'Sorry, you are not allowed to edit this item.' ), 400 ); 39 45 } 40 46 -
branches/5.0/src/wp-includes/class-wp.php
r41686 r44050 290 290 if ( isset( $this->extra_query_vars[$wpvar] ) ) 291 291 $this->query_vars[$wpvar] = $this->extra_query_vars[$wpvar]; 292 elseif ( isset( $_GET[ $wpvar ] ) && isset( $_POST[ $wpvar ] ) && $_GET[ $wpvar ] !== $_POST[ $wpvar ] ) 293 wp_die( __( 'A variable mismatch has been detected.' ), __( 'Sorry, you are not allowed to view this item.' ), 400 ); 292 294 elseif ( isset( $_POST[$wpvar] ) ) 293 295 $this->query_vars[$wpvar] = $_POST[$wpvar]; -
branches/5.0/src/wp-includes/ms-deprecated.php
r41714 r44050 272 272 273 273 $ref = ''; 274 if ( isset( $_GET['ref'] ) ) 275 $ref = $_GET['ref']; 276 if ( isset( $_POST['ref'] ) ) 277 $ref = $_POST['ref']; 274 if ( isset( $_GET['ref'] ) && isset( $_POST['ref'] ) && $_GET['ref'] !== $_POST['ref'] ) { 275 wp_die( __( 'A variable mismatch has been detected.' ), __( 'Sorry, you are not allowed to view this item.' ), 400 ); 276 } elseif ( isset( $_POST['ref'] ) ) { 277 $ref = $_POST[ 'ref' ]; 278 } elseif ( isset( $_GET['ref'] ) ) { 279 $ref = $_GET[ 'ref' ]; 280 } 278 281 279 282 if ( $ref ) { … … 288 291 289 292 $url = wpmu_admin_redirect_add_updated_param( $url ); 290 if ( isset( $_GET['redirect'] ) ) { 293 if ( isset( $_GET['redirect'] ) && isset( $_POST['redirect'] ) && $_GET['redirect'] !== $_POST['redirect'] ) { 294 wp_die( __( 'A variable mismatch has been detected.' ), __( 'Sorry, you are not allowed to view this item.' ), 400 ); 295 } elseif ( isset( $_GET['redirect'] ) ) { 291 296 if ( substr( $_GET['redirect'], 0, 2 ) == 's_' ) 292 297 $url .= '&action=blogs&s='. esc_html( substr( $_GET['redirect'], 2 ) );
Note: See TracChangeset
for help on using the changeset viewer.