Skip to content

Commit 07c82a2

Browse files
peterwilsonccpeterwilsoncc
committed
Multisite: Validate activation links.
Merges [44048] to the 4.9 branch. git-svn-id: https://develop.svn.wordpress.org/branches/4.9@44051 602fd350-edb4-49c9-b593-d223f7449a82
1 parent 7a7e1ad commit 07c82a2

File tree

5 files changed

+25
-8
lines changed

5 files changed

+25
-8
lines changed

src/wp-activate.php

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -26,7 +26,9 @@
2626
$key = '';
2727
$result = null;
2828

29-
if ( ! empty( $_GET['key'] ) ) {
29+
if ( isset( $_GET['key'] ) && isset( $_POST['key'] ) && $_GET['key'] !== $_POST['key'] ) {
30+
wp_die( __( 'A key value mismatch has been detected. Please follow the link provided in your activation email.' ), __( 'An error occurred during the activation' ), 400 );
31+
} elseif ( ! empty( $_GET['key'] ) ) {
3032
$key = $_GET['key'];
3133
} elseif ( ! empty( $_POST['key'] ) ) {
3234
$key = $_POST['key'];

src/wp-admin/includes/class-wp-screen.php

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -270,7 +270,9 @@ public static function get( $hook_name = '' ) {
270270

271271
switch ( $base ) {
272272
case 'post' :
273-
if ( isset( $_GET['post'] ) )
273+
if ( isset( $_GET['post'] ) && isset( $_POST['post_ID'] ) && (int) $_GET['post'] !== (int) $_POST['post_ID'] )
274+
wp_die( __( 'A post ID mismatch has been detected.' ), __( 'Sorry, you are not allowed to edit this item.' ), 400 );
275+
elseif ( isset( $_GET['post'] ) )
274276
$post_id = (int) $_GET['post'];
275277
elseif ( isset( $_POST['post_ID'] ) )
276278
$post_id = (int) $_POST['post_ID'];

src/wp-admin/post.php

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -16,7 +16,9 @@
1616

1717
wp_reset_vars( array( 'action' ) );
1818

19-
if ( isset( $_GET['post'] ) )
19+
if ( isset( $_GET['post'] ) && isset( $_POST['post_ID'] ) && (int) $_GET['post'] !== (int) $_POST['post_ID'] )
20+
wp_die( __( 'A post ID mismatch has been detected.' ), __( 'Sorry, you are not allowed to edit this item.' ), 400 );
21+
elseif ( isset( $_GET['post'] ) )
2022
$post_id = $post_ID = (int) $_GET['post'];
2123
elseif ( isset( $_POST['post_ID'] ) )
2224
$post_id = $post_ID = (int) $_POST['post_ID'];
@@ -38,6 +40,10 @@
3840
$post_type_object = get_post_type_object( $post_type );
3941
}
4042

43+
if ( isset( $_POST['post_type'] ) && $post && $post_type !== $_POST['post_type'] ) {
44+
wp_die( __( 'A post type mismatch has been detected.' ), __( 'Sorry, you are not allowed to edit this item.' ), 400 );
45+
}
46+
4147
if ( isset( $_POST['deletepost'] ) )
4248
$action = 'delete';
4349
elseif ( isset($_POST['wp-preview']) && 'dopreview' == $_POST['wp-preview'] )

src/wp-includes/class-wp.php

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -289,6 +289,8 @@ public function parse_request($extra_query_vars = '') {
289289
foreach ( $this->public_query_vars as $wpvar ) {
290290
if ( isset( $this->extra_query_vars[$wpvar] ) )
291291
$this->query_vars[$wpvar] = $this->extra_query_vars[$wpvar];
292+
elseif ( isset( $_GET[ $wpvar ] ) && isset( $_POST[ $wpvar ] ) && $_GET[ $wpvar ] !== $_POST[ $wpvar ] )
293+
wp_die( __( 'A variable mismatch has been detected.' ), __( 'Sorry, you are not allowed to view this item.' ), 400 );
292294
elseif ( isset( $_POST[$wpvar] ) )
293295
$this->query_vars[$wpvar] = $_POST[$wpvar];
294296
elseif ( isset( $_GET[$wpvar] ) )

src/wp-includes/ms-deprecated.php

Lines changed: 10 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -271,10 +271,13 @@ function wpmu_admin_do_redirect( $url = '' ) {
271271
_deprecated_function( __FUNCTION__, '3.3.0', 'wp_redirect()' );
272272

273273
$ref = '';
274-
if ( isset( $_GET['ref'] ) )
275-
$ref = $_GET['ref'];
276-
if ( isset( $_POST['ref'] ) )
277-
$ref = $_POST['ref'];
274+
if ( isset( $_GET['ref'] ) && isset( $_POST['ref'] ) && $_GET['ref'] !== $_POST['ref'] ) {
275+
wp_die( __( 'A variable mismatch has been detected.' ), __( 'Sorry, you are not allowed to view this item.' ), 400 );
276+
} elseif ( isset( $_POST['ref'] ) ) {
277+
$ref = $_POST[ 'ref' ];
278+
} elseif ( isset( $_GET['ref'] ) ) {
279+
$ref = $_GET[ 'ref' ];
280+
}
278281

279282
if ( $ref ) {
280283
$ref = wpmu_admin_redirect_add_updated_param( $ref );
@@ -287,7 +290,9 @@ function wpmu_admin_do_redirect( $url = '' ) {
287290
}
288291

289292
$url = wpmu_admin_redirect_add_updated_param( $url );
290-
if ( isset( $_GET['redirect'] ) ) {
293+
if ( isset( $_GET['redirect'] ) && isset( $_POST['redirect'] ) && $_GET['redirect'] !== $_POST['redirect'] ) {
294+
wp_die( __( 'A variable mismatch has been detected.' ), __( 'Sorry, you are not allowed to view this item.' ), 400 );
295+
} elseif ( isset( $_GET['redirect'] ) ) {
291296
if ( substr( $_GET['redirect'], 0, 2 ) == 's_' )
292297
$url .= '&action=blogs&s='. esc_html( substr( $_GET['redirect'], 2 ) );
293298
} elseif ( isset( $_POST['redirect'] ) ) {

0 commit comments

Comments
 (0)