Make WordPress Core


Ignore:
Timestamp:
02/07/2019 04:11:23 AM (6 years ago)
Author:
pento
Message:

Admin: Re-add some validation from [44048] that was accidentally removed in [44165].

Props david.binda.
See #45037.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/post.php

    r44565 r44726  
    1717wp_reset_vars( array( 'action' ) );
    1818
    19 if ( isset( $_GET['post'] ) ) {
     19if ( isset( $_GET['post'] ) && isset( $_POST['post_ID'] ) && (int) $_GET['post'] !== (int) $_POST['post_ID'] ) {
     20    wp_die( __( 'A post ID mismatch has been detected.' ), __( 'Sorry, you are not allowed to edit this item.' ), 400 );
     21} elseif ( isset( $_GET['post'] ) ) {
    2022    $post_id = $post_ID = (int) $_GET['post'];
    2123} elseif ( isset( $_POST['post_ID'] ) ) {
     
    3941    $post_type        = $post->post_type;
    4042    $post_type_object = get_post_type_object( $post_type );
     43}
     44
     45if ( isset( $_POST['post_type'] ) && $post && $post_type !== $_POST['post_type'] ) {
     46    wp_die( __( 'A post type mismatch has been detected.' ), __( 'Sorry, you are not allowed to edit this item.' ), 400 );
    4147}
    4248
Note: See TracChangeset for help on using the changeset viewer.