WordPress.org

Make WordPress Core


Ignore:
Timestamp:
12/13/2018 01:29:42 AM (10 months ago)
Author:
peterwilsoncc
Message:

Multisite: Validate activation links.

Merges [44048] to the 5.0 branch.

Location:
branches/5.0
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • branches/5.0

  • branches/5.0/src/wp-activate.php

    r44022 r44050  
    2727$result = null;
    2828
    29 if ( ! empty( $_GET['key'] ) ) {
     29if ( isset( $_GET['key'] ) && isset( $_POST['key'] ) && $_GET['key'] !== $_POST['key'] ) {
     30    wp_die( __( 'A key value mismatch has been detected. Please follow the link provided in your activation email.' ), __( 'An error occurred during the activation' ), 400 );
     31} elseif ( ! empty( $_GET['key'] ) ) {
    3032    $key = $_GET['key'];
    3133} elseif ( ! empty( $_POST['key'] ) ) {
Note: See TracChangeset for help on using the changeset viewer.