WordPress.org
Get WordPress

Make WordPress Core

Changeset 60204


Ignore:
Timestamp:
04/28/2025 09:10:55 PM (3 months ago)
Author:
flixos90
Message:

Networks and Sites: Sanitize key parameter in wp-activate.php.

Props khushipatel15.
Fixes #63320.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/src/wp-activate.php

    r57625 r60204  
    3030    wp_die( __( 'A key value mismatch has been detected. Please follow the link provided in your activation email.' ), __( 'An error occurred during the activation' ), 400 );
    3131} elseif ( ! empty( $_GET['key'] ) ) {
    32     $key = $_GET['key'];
     32    $key = sanitize_text_field( $_GET['key'] );
    3333} elseif ( ! empty( $_POST['key'] ) ) {
    34     $key = $_POST['key'];
     34    $key = sanitize_text_field( $_POST['key'] );
    3535}
    3636
Note: See TracChangeset for help on using the changeset viewer.