Admin: Re-add some validation from [44048] that was accidentally removed in [44165].

Props david.binda.
See #45037.



git-svn-id: https://develop.svn.wordpress.org/trunk@44726 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Gary Pendergast 2019-02-07 04:11:23 +00:00
parent 666d713c1b
commit 17a022e3d0

View File

@ -16,7 +16,9 @@ $submenu_file = 'edit.php';
wp_reset_vars( array( 'action' ) );
if ( isset( $_GET['post'] ) ) {
if ( isset( $_GET['post'] ) && isset( $_POST['post_ID'] ) && (int) $_GET['post'] !== (int) $_POST['post_ID'] ) {
wp_die( __( 'A post ID mismatch has been detected.' ), __( 'Sorry, you are not allowed to edit this item.' ), 400 );
} elseif ( isset( $_GET['post'] ) ) {
$post_id = $post_ID = (int) $_GET['post'];
} elseif ( isset( $_POST['post_ID'] ) ) {
$post_id = $post_ID = (int) $_POST['post_ID'];
@ -40,6 +42,10 @@ if ( $post ) {
$post_type_object = get_post_type_object( $post_type );
}
if ( isset( $_POST['post_type'] ) && $post && $post_type !== $_POST['post_type'] ) {
wp_die( __( 'A post type mismatch has been detected.' ), __( 'Sorry, you are not allowed to edit this item.' ), 400 );
}
if ( isset( $_POST['deletepost'] ) ) {
$action = 'delete';
} elseif ( isset( $_POST['wp-preview'] ) && 'dopreview' == $_POST['wp-preview'] ) {