From 5aeabd7fbfec49a2e0fa954de9f35a6d54ec7612 Mon Sep 17 00:00:00 2001
From: Gary Pendergast <pento@git.wordpress.org>
Date: Wed, 16 Jan 2019 03:53:42 +0000
Subject: [PATCH] Posts: Set a HTTP 403 error when an incorrect post preview
 nonce is sent.

Props graymouser.
Fixes #43570.



git-svn-id: https://develop.svn.wordpress.org/trunk@44610 602fd350-edb4-49c9-b593-d223f7449a82
---
 src/wp-includes/revision.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/wp-includes/revision.php b/src/wp-includes/revision.php
index 3bf3171379..bef1d0b44b 100644
--- a/src/wp-includes/revision.php
+++ b/src/wp-includes/revision.php
@@ -582,7 +582,7 @@ function _show_post_preview() {
 		$id = (int) $_GET['preview_id'];
 
 		if ( false === wp_verify_nonce( $_GET['preview_nonce'], 'post_preview_' . $id ) ) {
-			wp_die( __( 'Sorry, you are not allowed to preview drafts.' ) );
+			wp_die( __( 'Sorry, you are not allowed to preview drafts.' ), 403 );
 		}
 
 		add_filter( 'the_preview', '_set_preview' );