Switch to a 403 response code in places where it is more appropriate than a 500 due to permissions errors.
Fixes #10551 Props nacin git-svn-id: https://develop.svn.wordpress.org/trunk@30356 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
John Blackbourn
parent
b68026bbfb
commit
4e1e4745ff
@ -739,7 +739,7 @@ wp_nonce_field( 'custom-header-options', '_wpnonce-custom-header-options' ); ?>
|
||||
public function step_2() {
|
||||
check_admin_referer('custom-header-upload', '_wpnonce-custom-header-upload');
|
||||
if ( ! current_theme_supports( 'custom-header', 'uploads' ) )
|
||||
wp_die( __( 'Cheatin’ uh?' ) );
|
||||
wp_die( __( 'Cheatin’ uh?' ), 403 );
|
||||
|
||||
if ( empty( $_POST ) && isset( $_GET['file'] ) ) {
|
||||
$attachment_id = absint( $_GET['file'] );
|
||||
@ -890,10 +890,10 @@ wp_nonce_field( 'custom-header-options', '_wpnonce-custom-header-options' ); ?>
|
||||
check_admin_referer( 'custom-header-crop-image' );
|
||||
|
||||
if ( ! current_theme_supports( 'custom-header', 'uploads' ) )
|
||||
wp_die( __( 'Cheatin’ uh?' ) );
|
||||
wp_die( __( 'Cheatin’ uh?' ), 403 );
|
||||
|
||||
if ( ! empty( $_POST['skip-cropping'] ) && ! ( current_theme_supports( 'custom-header', 'flex-height' ) || current_theme_supports( 'custom-header', 'flex-width' ) ) )
|
||||
wp_die( __( 'Cheatin’ uh?' ) );
|
||||
wp_die( __( 'Cheatin’ uh?' ), 403 );
|
||||
|
||||
if ( $_POST['oitar'] > 1 ) {
|
||||
$_POST['x1'] = $_POST['x1'] * $_POST['oitar'];
|
||||
|
||||
@ -13,7 +13,7 @@ define( 'IFRAME_REQUEST', true );
|
||||
require_once( dirname( __FILE__ ) . '/admin.php' );
|
||||
|
||||
if ( ! current_user_can( 'customize' ) ) {
|
||||
wp_die( __( 'Cheatin’ uh?' ) );
|
||||
wp_die( __( 'Cheatin’ uh?' ), 403 );
|
||||
}
|
||||
|
||||
wp_reset_vars( array( 'url', 'return' ) );
|
||||
|
||||
@ -9,7 +9,7 @@
|
||||
/** WordPress Administration Bootstrap */
|
||||
require_once( dirname( __FILE__ ) . '/admin.php' );
|
||||
if ( !current_user_can('edit_posts') )
|
||||
wp_die(__('Cheatin’ uh?'));
|
||||
wp_die( __( 'Cheatin’ uh?' ), 403 );
|
||||
|
||||
$wp_list_table = _get_list_table('WP_Comments_List_Table');
|
||||
$pagenum = $wp_list_table->get_pagenum();
|
||||
|
||||
@ -18,7 +18,7 @@ if ( ! $tax )
|
||||
wp_die( __( 'Invalid taxonomy' ) );
|
||||
|
||||
if ( ! current_user_can( $tax->cap->manage_terms ) )
|
||||
wp_die( __( 'Cheatin’ uh?' ) );
|
||||
wp_die( __( 'Cheatin’ uh?' ), 403 );
|
||||
|
||||
$wp_list_table = _get_list_table('WP_Terms_List_Table');
|
||||
$pagenum = $wp_list_table->get_pagenum();
|
||||
@ -47,7 +47,7 @@ case 'add-tag':
|
||||
check_admin_referer( 'add-tag', '_wpnonce_add-tag' );
|
||||
|
||||
if ( !current_user_can( $tax->cap->edit_terms ) )
|
||||
wp_die( __( 'Cheatin’ uh?' ) );
|
||||
wp_die( __( 'Cheatin’ uh?' ), 403 );
|
||||
|
||||
$ret = wp_insert_term( $_POST['tag-name'], $taxonomy, $_POST );
|
||||
$location = 'edit-tags.php?taxonomy=' . $taxonomy;
|
||||
@ -83,7 +83,7 @@ case 'delete':
|
||||
check_admin_referer( 'delete-tag_' . $tag_ID );
|
||||
|
||||
if ( !current_user_can( $tax->cap->delete_terms ) )
|
||||
wp_die( __( 'Cheatin’ uh?' ) );
|
||||
wp_die( __( 'Cheatin’ uh?' ), 403 );
|
||||
|
||||
wp_delete_term( $tag_ID, $taxonomy );
|
||||
|
||||
@ -95,7 +95,7 @@ case 'bulk-delete':
|
||||
check_admin_referer( 'bulk-tags' );
|
||||
|
||||
if ( !current_user_can( $tax->cap->delete_terms ) )
|
||||
wp_die( __( 'Cheatin’ uh?' ) );
|
||||
wp_die( __( 'Cheatin’ uh?' ), 403 );
|
||||
|
||||
$tags = (array) $_REQUEST['delete_tags'];
|
||||
foreach ( $tags as $tag_ID ) {
|
||||
@ -133,7 +133,7 @@ case 'editedtag':
|
||||
check_admin_referer( 'update-tag_' . $tag_ID );
|
||||
|
||||
if ( !current_user_can( $tax->cap->edit_terms ) )
|
||||
wp_die( __( 'Cheatin’ uh?' ) );
|
||||
wp_die( __( 'Cheatin’ uh?' ), 403 );
|
||||
|
||||
$tag = get_term( $tag_ID, $taxonomy );
|
||||
if ( ! $tag )
|
||||
|
||||
@ -25,7 +25,7 @@ if ( ! $post_type_object )
|
||||
wp_die( __( 'Invalid post type' ) );
|
||||
|
||||
if ( ! current_user_can( $post_type_object->cap->edit_posts ) )
|
||||
wp_die( __( 'Cheatin’ uh?' ) );
|
||||
wp_die( __( 'Cheatin’ uh?' ), 403 );
|
||||
|
||||
$wp_list_table = _get_list_table('WP_Posts_List_Table');
|
||||
$pagenum = $wp_list_table->get_pagenum();
|
||||
|
||||
@ -27,7 +27,7 @@ function add_link() {
|
||||
*/
|
||||
function edit_link( $link_id = 0 ) {
|
||||
if ( !current_user_can( 'manage_links' ) )
|
||||
wp_die( __( 'Cheatin’ uh?' ) );
|
||||
wp_die( __( 'Cheatin’ uh?' ), 403 );
|
||||
|
||||
$_POST['link_url'] = esc_html( $_POST['link_url'] );
|
||||
$_POST['link_url'] = esc_url($_POST['link_url']);
|
||||
|
||||
@ -32,10 +32,10 @@ $post_id = isset($post_id)? (int) $post_id : 0;
|
||||
|
||||
// Require an ID for the edit screen.
|
||||
if ( isset($action) && $action == 'edit' && !$ID )
|
||||
wp_die( __( 'Cheatin’ uh?' ) );
|
||||
wp_die( __( 'Cheatin’ uh?' ), 403 );
|
||||
|
||||
if ( ! empty( $_REQUEST['post_id'] ) && ! current_user_can( 'edit_post' , $_REQUEST['post_id'] ) )
|
||||
wp_die( __( 'Cheatin’ uh?' ) );
|
||||
wp_die( __( 'Cheatin’ uh?' ), 403 );
|
||||
|
||||
// Upload type: image, video, file, ..?
|
||||
if ( isset($_GET['type']) ) {
|
||||
|
||||
@ -20,7 +20,7 @@ if ( ! current_theme_supports( 'menus' ) && ! current_theme_supports( 'widgets'
|
||||
|
||||
// Permissions Check
|
||||
if ( ! current_user_can('edit_theme_options') )
|
||||
wp_die( __( 'Cheatin’ uh?' ) );
|
||||
wp_die( __( 'Cheatin’ uh?' ), 403 );
|
||||
|
||||
wp_enqueue_script( 'nav-menu' );
|
||||
|
||||
|
||||
@ -133,7 +133,7 @@ if ( $action ) {
|
||||
|
||||
// If the user doesn't already belong to the blog, bail.
|
||||
if ( !is_user_member_of_blog( $user_id ) )
|
||||
wp_die(__('Cheatin’ uh?'));
|
||||
wp_die( __( 'Cheatin’ uh?' ), 403 );
|
||||
|
||||
$user = get_userdata( $user_id );
|
||||
$user->set_role( $_REQUEST['new_role'] );
|
||||
|
||||
@ -45,7 +45,7 @@ if ( empty($option_page) ) {
|
||||
}
|
||||
|
||||
if ( !current_user_can( $capability ) )
|
||||
wp_die(__('Cheatin’ uh?'));
|
||||
wp_die( __( 'Cheatin’ uh?' ), 403 );
|
||||
|
||||
// Handle admin email change requests
|
||||
if ( is_multisite() ) {
|
||||
@ -69,7 +69,7 @@ if ( is_multisite() ) {
|
||||
}
|
||||
|
||||
if ( is_multisite() && !is_super_admin() && 'update' != $action )
|
||||
wp_die(__('Cheatin’ uh?'));
|
||||
wp_die( __( 'Cheatin’ uh?' ), 403 );
|
||||
|
||||
$whitelist_options = array(
|
||||
'general' => array( 'blogname', 'blogdescription', 'gmt_offset', 'date_format', 'time_format', 'start_of_week', 'timezone_string', 'WPLANG' ),
|
||||
|
||||
@ -48,7 +48,7 @@ $title = $post_type_object->labels->add_new_item;
|
||||
$editing = true;
|
||||
|
||||
if ( ! current_user_can( $post_type_object->cap->edit_posts ) || ! current_user_can( $post_type_object->cap->create_posts ) )
|
||||
wp_die( __( 'Cheatin’ uh?' ) );
|
||||
wp_die( __( 'Cheatin’ uh?' ), 403 );
|
||||
|
||||
// Schedule auto-draft cleanup
|
||||
if ( ! wp_next_scheduled( 'wp_scheduled_auto_draft_delete' ) )
|
||||
|
||||
@ -14,7 +14,7 @@ require_once( dirname( __FILE__ ) . '/admin.php' );
|
||||
header('Content-Type: ' . get_option('html_type') . '; charset=' . get_option('blog_charset'));
|
||||
|
||||
if ( ! current_user_can( 'edit_posts' ) || ! current_user_can( get_post_type_object( 'post' )->cap->create_posts ) )
|
||||
wp_die( __( 'Cheatin’ uh?' ) );
|
||||
wp_die( __( 'Cheatin’ uh?' ), 403 );
|
||||
|
||||
/**
|
||||
* Press It form handler.
|
||||
|
||||
@ -10,14 +10,14 @@
|
||||
require_once( dirname( __FILE__ ) . '/admin.php' );
|
||||
|
||||
if ( !current_user_can('switch_themes') && !current_user_can('edit_theme_options') )
|
||||
wp_die( __( 'Cheatin’ uh?' ) );
|
||||
wp_die( __( 'Cheatin’ uh?' ), 403 );
|
||||
|
||||
if ( current_user_can( 'switch_themes' ) && isset($_GET['action'] ) ) {
|
||||
if ( 'activate' == $_GET['action'] ) {
|
||||
check_admin_referer('switch-theme_' . $_GET['stylesheet']);
|
||||
$theme = wp_get_theme( $_GET['stylesheet'] );
|
||||
if ( ! $theme->exists() || ! $theme->is_allowed() )
|
||||
wp_die( __( 'Cheatin’ uh?' ) );
|
||||
wp_die( __( 'Cheatin’ uh?' ), 403 );
|
||||
switch_theme( $theme->get_stylesheet() );
|
||||
wp_redirect( admin_url('themes.php?activated=true') );
|
||||
exit;
|
||||
@ -25,7 +25,7 @@ if ( current_user_can( 'switch_themes' ) && isset($_GET['action'] ) ) {
|
||||
check_admin_referer('delete-theme_' . $_GET['stylesheet']);
|
||||
$theme = wp_get_theme( $_GET['stylesheet'] );
|
||||
if ( !current_user_can('delete_themes') || ! $theme->exists() )
|
||||
wp_die( __( 'Cheatin’ uh?' ) );
|
||||
wp_die( __( 'Cheatin’ uh?' ), 403 );
|
||||
delete_theme($_GET['stylesheet']);
|
||||
wp_redirect( admin_url('themes.php?deleted=true') );
|
||||
exit;
|
||||
|
||||
@ -11,9 +11,9 @@ require_once( dirname( __FILE__ ) . '/admin.php' );
|
||||
|
||||
if ( is_multisite() ) {
|
||||
if ( ! current_user_can( 'create_users' ) && ! current_user_can( 'promote_users' ) )
|
||||
wp_die( __( 'Cheatin’ uh?' ) );
|
||||
wp_die( __( 'Cheatin’ uh?' ), 403 );
|
||||
} elseif ( ! current_user_can( 'create_users' ) ) {
|
||||
wp_die( __( 'Cheatin’ uh?' ) );
|
||||
wp_die( __( 'Cheatin’ uh?' ), 403 );
|
||||
}
|
||||
|
||||
if ( is_multisite() ) {
|
||||
@ -55,7 +55,7 @@ if ( isset($_REQUEST['action']) && 'adduser' == $_REQUEST['action'] ) {
|
||||
}
|
||||
|
||||
if ( ! current_user_can('promote_user', $user_details->ID) )
|
||||
wp_die(__('Cheatin’ uh?'));
|
||||
wp_die( __( 'Cheatin’ uh?' ), 403 );
|
||||
|
||||
// Adding an existing user to this blog
|
||||
$new_user_email = $user_details->user_email;
|
||||
@ -92,7 +92,7 @@ Please click the following link to confirm the invite:
|
||||
check_admin_referer( 'create-user', '_wpnonce_create-user' );
|
||||
|
||||
if ( ! current_user_can('create_users') )
|
||||
wp_die(__('Cheatin’ uh?'));
|
||||
wp_die( __( 'Cheatin’ uh?' ), 403 );
|
||||
|
||||
if ( ! is_multisite() ) {
|
||||
$user_id = edit_user();
|
||||
|
||||
@ -10,7 +10,7 @@
|
||||
require_once( dirname( __FILE__ ) . '/admin.php' );
|
||||
|
||||
if ( ! current_user_can( 'list_users' ) )
|
||||
wp_die( __( 'Cheatin’ uh?' ) );
|
||||
wp_die( __( 'Cheatin’ uh?' ), 403 );
|
||||
|
||||
$wp_list_table = _get_list_table('WP_Users_List_Table');
|
||||
$pagenum = $wp_list_table->get_pagenum();
|
||||
@ -128,7 +128,7 @@ case 'promote':
|
||||
|
||||
// If the user doesn't already belong to the blog, bail.
|
||||
if ( is_multisite() && !is_user_member_of_blog( $id ) )
|
||||
wp_die(__('Cheatin’ uh?'));
|
||||
wp_die( __( 'Cheatin’ uh?' ), 403 );
|
||||
|
||||
$user = get_userdata( $id );
|
||||
$user->set_role($_REQUEST['new_role']);
|
||||
|
||||
@ -13,7 +13,7 @@ require_once( dirname( __FILE__ ) . '/admin.php' );
|
||||
require_once(ABSPATH . 'wp-admin/includes/widgets.php');
|
||||
|
||||
if ( ! current_user_can('edit_theme_options') )
|
||||
wp_die( __( 'Cheatin’ uh?' ));
|
||||
wp_die( __( 'Cheatin’ uh?' ), 403 );
|
||||
|
||||
$widgets_access = get_user_setting( 'widgets_access' );
|
||||
if ( isset($_GET['widgets-access']) ) {
|
||||
|
||||
@ -2312,7 +2312,6 @@ function get_allowed_mime_types( $user = null ) {
|
||||
* @param string $action The nonce action.
|
||||
*/
|
||||
function wp_nonce_ays( $action ) {
|
||||
$title = __( 'WordPress Failure Notice' );
|
||||
if ( 'log-out' == $action ) {
|
||||
$html = sprintf( __( 'You are attempting to log out of %s' ), get_bloginfo( 'name' ) ) . '</p><p>';
|
||||
$redirect_to = isset( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : '';
|
||||
@ -2323,7 +2322,7 @@ function wp_nonce_ays( $action ) {
|
||||
$html .= "</p><p><a href='" . esc_url( remove_query_arg( 'updated', wp_get_referer() ) ) . "'>" . __( 'Please try again.' ) . "</a>";
|
||||
}
|
||||
|
||||
wp_die( $html, $title, array('response' => 403) );
|
||||
wp_die( $html, __( 'WordPress Failure Notice' ), 403 );
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
Loading…
Reference in New Issue
Block a user