Users: Use more appropriate HTTP status codes for errors relating to user management.

Also re-uses one error message string.

Props tuanmh

Fixes #40230


git-svn-id: https://develop.svn.wordpress.org/trunk@40940 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
John Blackbourn 2017-06-25 18:45:33 +00:00
parent 01efaabfc5
commit d7fc80ca43
3 changed files with 14 additions and 14 deletions

View File

@ -59,7 +59,7 @@ function edit_user( $user_id = 0 ) {
// If the new role isn't editable by the logged-in user die with error // If the new role isn't editable by the logged-in user die with error
$editable_roles = get_editable_roles(); $editable_roles = get_editable_roles();
if ( ! empty( $new_role ) && empty( $editable_roles[$new_role] ) ) if ( ! empty( $new_role ) && empty( $editable_roles[$new_role] ) )
wp_die(__('You can’t give users that role.')); wp_die( __( 'Sorry, you are not allowed to give users that role.' ), 403 );
} }
if ( isset( $_POST['email'] )) if ( isset( $_POST['email'] ))

View File

@ -11,7 +11,7 @@
require_once( dirname( __FILE__ ) . '/admin.php' ); require_once( dirname( __FILE__ ) . '/admin.php' );
if ( ! current_user_can('manage_sites') ) if ( ! current_user_can('manage_sites') )
wp_die(__('Sorry, you are not allowed to edit this site.')); wp_die( __( 'Sorry, you are not allowed to edit this site.' ), 403 );
$wp_list_table = _get_list_table('WP_Users_List_Table'); $wp_list_table = _get_list_table('WP_Users_List_Table');
$wp_list_table->prepare_items(); $wp_list_table->prepare_items();
@ -115,7 +115,7 @@ if ( $action ) {
case 'remove': case 'remove':
if ( ! current_user_can( 'remove_users' ) ) { if ( ! current_user_can( 'remove_users' ) ) {
wp_die( __( 'Sorry, you are not allowed to remove users.' ) ); wp_die( __( 'Sorry, you are not allowed to remove users.' ), 403 );
} }
check_admin_referer( 'bulk-users' ); check_admin_referer( 'bulk-users' );
@ -146,7 +146,7 @@ if ( $action ) {
} }
if ( empty( $editable_roles[ $role ] ) ) { if ( empty( $editable_roles[ $role ] ) ) {
wp_die( __( 'Sorry, you are not allowed to give users that role.' ) ); wp_die( __( 'Sorry, you are not allowed to give users that role.' ), 403 );
} }
if ( isset( $_REQUEST['users'] ) ) { if ( isset( $_REQUEST['users'] ) ) {

View File

@ -94,7 +94,7 @@ case 'promote':
check_admin_referer('bulk-users'); check_admin_referer('bulk-users');
if ( ! current_user_can( 'promote_users' ) ) if ( ! current_user_can( 'promote_users' ) )
wp_die( __( 'Sorry, you are not allowed to edit this user.' ) ); wp_die( __( 'Sorry, you are not allowed to edit this user.' ), 403 );
if ( empty($_REQUEST['users']) ) { if ( empty($_REQUEST['users']) ) {
wp_redirect($redirect); wp_redirect($redirect);
@ -110,7 +110,7 @@ case 'promote':
} }
if ( ! $role || empty( $editable_roles[ $role ] ) ) { if ( ! $role || empty( $editable_roles[ $role ] ) ) {
wp_die( __( 'Sorry, you are not allowed to give users that role.' ) ); wp_die( __( 'Sorry, you are not allowed to give users that role.' ), 403 );
} }
$userids = $_REQUEST['users']; $userids = $_REQUEST['users'];
@ -119,7 +119,7 @@ case 'promote':
$id = (int) $id; $id = (int) $id;
if ( ! current_user_can('promote_user', $id) ) if ( ! current_user_can('promote_user', $id) )
wp_die(__('Sorry, you are not allowed to edit this user.')); wp_die( __( 'Sorry, you are not allowed to edit this user.' ), 403 );
// The new role of the current user must also have the promote_users cap or be a multisite super admin // The new role of the current user must also have the promote_users cap or be a multisite super admin
if ( $id == $current_user->ID && ! $wp_roles->role_objects[ $role ]->has_cap('promote_users') if ( $id == $current_user->ID && ! $wp_roles->role_objects[ $role ]->has_cap('promote_users')
&& ! ( is_multisite() && current_user_can( 'manage_network_users' ) ) ) { && ! ( is_multisite() && current_user_can( 'manage_network_users' ) ) ) {
@ -145,7 +145,7 @@ case 'promote':
case 'dodelete': case 'dodelete':
if ( is_multisite() ) if ( is_multisite() )
wp_die( __('User deletion is not allowed from this screen.') ); wp_die( __('User deletion is not allowed from this screen.'), 400 );
check_admin_referer('delete-users'); check_admin_referer('delete-users');
@ -164,14 +164,14 @@ case 'dodelete':
} }
if ( ! current_user_can( 'delete_users' ) ) if ( ! current_user_can( 'delete_users' ) )
wp_die(__('Sorry, you are not allowed to delete users.')); wp_die( __( 'Sorry, you are not allowed to delete users.' ), 403 );
$update = 'del'; $update = 'del';
$delete_count = 0; $delete_count = 0;
foreach ( $userids as $id ) { foreach ( $userids as $id ) {
if ( ! current_user_can( 'delete_user', $id ) ) if ( ! current_user_can( 'delete_user', $id ) )
wp_die(__( 'Sorry, you are not allowed to delete that user.' ) ); wp_die( __( 'Sorry, you are not allowed to delete that user.' ), 403 );
if ( $id == $current_user->ID ) { if ( $id == $current_user->ID ) {
$update = 'err_admin_del'; $update = 'err_admin_del';
@ -194,7 +194,7 @@ case 'dodelete':
case 'delete': case 'delete':
if ( is_multisite() ) if ( is_multisite() )
wp_die( __('User deletion is not allowed from this screen.') ); wp_die( __('User deletion is not allowed from this screen.'), 400 );
check_admin_referer('bulk-users'); check_admin_referer('bulk-users');
@ -306,7 +306,7 @@ case 'doremove':
check_admin_referer('remove-users'); check_admin_referer('remove-users');
if ( ! is_multisite() ) if ( ! is_multisite() )
wp_die( __( 'You can’t remove users.' ) ); wp_die( __( 'You can’t remove users.' ), 400 );
if ( empty($_REQUEST['users']) ) { if ( empty($_REQUEST['users']) ) {
wp_redirect($redirect); wp_redirect($redirect);
@ -314,7 +314,7 @@ case 'doremove':
} }
if ( ! current_user_can( 'remove_users' ) ) if ( ! current_user_can( 'remove_users' ) )
wp_die( __( 'Sorry, you are not allowed to remove users.' ) ); wp_die( __( 'Sorry, you are not allowed to remove users.' ), 403 );
$userids = $_REQUEST['users']; $userids = $_REQUEST['users'];
@ -337,7 +337,7 @@ case 'remove':
check_admin_referer('bulk-users'); check_admin_referer('bulk-users');
if ( ! is_multisite() ) if ( ! is_multisite() )
wp_die( __( 'You can’t remove users.' ) ); wp_die( __( 'You can’t remove users.' ), 400 );
if ( empty($_REQUEST['users']) && empty($_REQUEST['user']) ) { if ( empty($_REQUEST['users']) && empty($_REQUEST['user']) ) {
wp_redirect($redirect); wp_redirect($redirect);