WordPress.org

Make WordPress Core


Ignore:
Timestamp:
12/13/2018 01:38:24 AM (3 years ago)
Author:
peterwilsoncc
Message:

Multisite: Validate activation links.

Merges [44048] to the 4.7 branch.

Location:
branches/4.7
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • branches/4.7

  • branches/4.7/src/wp-includes/class-wp.php

    r38925 r44054  
    303303            if ( isset( $this->extra_query_vars[$wpvar] ) )
    304304                $this->query_vars[$wpvar] = $this->extra_query_vars[$wpvar];
     305            elseif ( isset( $_GET[ $wpvar ] ) && isset( $_POST[ $wpvar ] ) && $_GET[ $wpvar ] !== $_POST[ $wpvar ] )
     306                wp_die( __( 'A variable mismatch has been detected.' ), __( 'Sorry, you are not allowed to view this item.' ), 400 );
    305307            elseif ( isset( $_POST[$wpvar] ) )
    306308                $this->query_vars[$wpvar] = $_POST[$wpvar];
Note: See TracChangeset for help on using the changeset viewer.