Networks and Sites: Sanitize key parameter in `wp-activate.php`.

Props khushipatel15. Fixes #63320. git-svn-id: https://develop.svn.wordpress.org/trunk@60204 602fd350-edb4-49c9-b593-d223f7449a82
author: Felix Arntz <flixos90@git.wordpress.org> 2025-04-28 21:10:55 +0000
committer: Felix Arntz <flixos90@git.wordpress.org> 2025-04-28 21:10:55 +0000
commit: 843e4860dd90f47b668567b851b34cd8f3dd8f65 (patch)
tree: c0372666208738081caa4e0b80fda7a582447d0d /src
parent: d985e8fb677d7df7a8a8bf8077eca06a4f2b8195 (diff)
download: wordpress-843e4860dd90f47b668567b851b34cd8f3dd8f65.tar.gz
wordpress-843e4860dd90f47b668567b851b34cd8f3dd8f65.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/src/wp-activate.php b/src/wp-activate.php
index 5dc602337b..f4fd8d76c3 100644
--- a/src/wp-activate.php
+++ b/src/wp-activate.php
@@ -29,9 +29,9 @@ $result = null;
 if ( isset( $_GET['key'] ) && isset( $_POST['key'] ) && $_GET['key'] !== $_POST['key'] ) {
 	wp_die( __( 'A key value mismatch has been detected. Please follow the link provided in your activation email.' ), __( 'An error occurred during the activation' ), 400 );
 } elseif ( ! empty( $_GET['key'] ) ) {
-	$key = $_GET['key'];
+	$key = sanitize_text_field( $_GET['key'] );
 } elseif ( ! empty( $_POST['key'] ) ) {
-	$key = $_POST['key'];
+	$key = sanitize_text_field( $_POST['key'] );
 }
 
 if ( $key ) {
author	Felix Arntz <flixos90@git.wordpress.org>	2025-04-28 21:10:55 +0000
committer	Felix Arntz <flixos90@git.wordpress.org>	2025-04-28 21:10:55 +0000
commit	843e4860dd90f47b668567b851b34cd8f3dd8f65 (patch)
tree	c0372666208738081caa4e0b80fda7a582447d0d /src
parent	d985e8fb677d7df7a8a8bf8077eca06a4f2b8195 (diff)
download	wordpress-843e4860dd90f47b668567b851b34cd8f3dd8f65.tar.gz wordpress-843e4860dd90f47b668567b851b34cd8f3dd8f65.zip