WordPress.org

Make WordPress Core


Ignore:
Timestamp:
12/13/2018 02:02:10 AM (11 months ago)
Author:
peterwilsoncc
Message:

Multisite: Validate activation links.

Merges [44048] to the 3.7 branch.

Location:
branches/3.7
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • branches/3.7

  • branches/3.7/src

  • branches/3.7/src/wp-admin/includes/screen.php

    r39771 r44075  
    464464            switch ( $base ) {
    465465                case 'post' :
    466                     if ( isset( $_GET['post'] ) )
     466                    if ( isset( $_GET['post'] ) && isset( $_POST['post_ID'] ) && (int) $_GET['post'] !== (int) $_POST['post_ID'] )
     467                        wp_die( __( 'A post ID mismatch has been detected.' ), __( 'Sorry, you are not allowed to edit this item.' ), 400 );
     468                    elseif ( isset( $_GET['post'] ) )
    467469                        $post_id = (int) $_GET['post'];
    468470                    elseif ( isset( $_POST['post_ID'] ) )
Note: See TracChangeset for help on using the changeset viewer.