| 1 | Index: wp-includes/pluggable.php |
|---|
| 2 | =================================================================== |
|---|
| 3 | --- wp-includes/pluggable.php (revision 18589) |
|---|
| 4 | +++ wp-includes/pluggable.php (working copy) |
|---|
| 5 | @@ -844,6 +844,14 @@ |
|---|
| 6 | $adminurl = strtolower(admin_url()); |
|---|
| 7 | $referer = strtolower(wp_get_referer()); |
|---|
| 8 | $result = isset($_REQUEST[$query_arg]) ? wp_verify_nonce($_REQUEST[$query_arg], $action) : false; |
|---|
| 9 | + |
|---|
| 10 | + // Detect errors caused by truncated posts |
|---|
| 11 | + // If the file was uploaded, but exceeds the file upload limit, then it will be handled elsewhere |
|---|
| 12 | + // but if the post was too big, then it won't be decoded properly and the nonce won't come through |
|---|
| 13 | + // so it will be caught here |
|---|
| 14 | + if ( 'POST' == $_SERVER['REQUEST_METHOD'] && empty($_POST) && $_SERVER['CONTENT_LENGTH'] > 0 ) |
|---|
| 15 | + wp_die(__( 'The request exceeds the <code>post_max_size</code> directive in <code>php.ini</code>.' )); |
|---|
| 16 | + |
|---|
| 17 | if ( !$result && !(-1 == $action && strpos($referer, $adminurl) === 0) ) { |
|---|
| 18 | wp_nonce_ays($action); |
|---|
| 19 | die(); |
|---|
