WordPress.org

Make WordPress Core

Ticket #10551: 10551.diff

File 10551.diff, 14.9 KB (added by nacin, 7 years ago)
  • src/wp-admin/custom-header.php

     
    736736        public function step_2() {
    737737                check_admin_referer('custom-header-upload', '_wpnonce-custom-header-upload');
    738738                if ( ! current_theme_supports( 'custom-header', 'uploads' ) )
    739                         wp_die( __( 'Cheatin’ uh?' ) );
     739                        wp_die( __( 'Cheatin’ uh?' ), 403 );
    740740
    741741                if ( empty( $_POST ) && isset( $_GET['file'] ) ) {
    742742                        $attachment_id = absint( $_GET['file'] );
     
    888888                check_admin_referer( 'custom-header-crop-image' );
    889889
    890890                if ( ! current_theme_supports( 'custom-header', 'uploads' ) )
    891                         wp_die( __( 'Cheatin’ uh?' ) );
     891                        wp_die( __( 'Cheatin’ uh?' ), 403 );
    892892
    893893                if ( ! empty( $_POST['skip-cropping'] ) && ! ( current_theme_supports( 'custom-header', 'flex-height' ) || current_theme_supports( 'custom-header', 'flex-width' ) ) )
    894                         wp_die( __( 'Cheatin’ uh?' ) );
     894                        wp_die( __( 'Cheatin’ uh?' ), 403 );
    895895
    896896                if ( $_POST['oitar'] > 1 ) {
    897897                        $_POST['x1'] = $_POST['x1'] * $_POST['oitar'];
  • src/wp-admin/customize.php

     
    1313require_once( dirname( __FILE__ ) . '/admin.php' );
    1414
    1515if ( ! current_user_can( 'customize' ) ) {
    16         wp_die( __( 'Cheatin’ uh?' ) );
     16        wp_die( __( 'Cheatin’ uh?' ), 403 );
    1717}
    1818
    1919wp_reset_vars( array( 'url', 'return' ) );
  • src/wp-admin/edit-comments.php

     
    99/** WordPress Administration Bootstrap */
    1010require_once( dirname( __FILE__ ) . '/admin.php' );
    1111if ( !current_user_can('edit_posts') )
    12         wp_die(__('Cheatin’ uh?'));
     12        wp_die( __( 'Cheatin’ uh?' ), 403 );
    1313
    1414$wp_list_table = _get_list_table('WP_Comments_List_Table');
    1515$pagenum = $wp_list_table->get_pagenum();
  • src/wp-admin/edit-tags.php

     
    1818        wp_die( __( 'Invalid taxonomy' ) );
    1919
    2020if ( ! current_user_can( $tax->cap->manage_terms ) )
    21         wp_die( __( 'Cheatin’ uh?' ) );
     21        wp_die( __( 'Cheatin’ uh?' ), 403 );
    2222
    2323$wp_list_table = _get_list_table('WP_Terms_List_Table');
    2424$pagenum = $wp_list_table->get_pagenum();
     
    4747        check_admin_referer( 'add-tag', '_wpnonce_add-tag' );
    4848
    4949        if ( !current_user_can( $tax->cap->edit_terms ) )
    50                 wp_die( __( 'Cheatin’ uh?' ) );
     50                wp_die( __( 'Cheatin’ uh?' ), 403 );
    5151
    5252        $ret = wp_insert_term( $_POST['tag-name'], $taxonomy, $_POST );
    5353        $location = 'edit-tags.php?taxonomy=' . $taxonomy;
     
    8383        check_admin_referer( 'delete-tag_' . $tag_ID );
    8484
    8585        if ( !current_user_can( $tax->cap->delete_terms ) )
    86                 wp_die( __( 'Cheatin’ uh?' ) );
     86                wp_die( __( 'Cheatin’ uh?' ), 403 );
    8787
    8888        wp_delete_term( $tag_ID, $taxonomy );
    8989
     
    9595        check_admin_referer( 'bulk-tags' );
    9696
    9797        if ( !current_user_can( $tax->cap->delete_terms ) )
    98                 wp_die( __( 'Cheatin’ uh?' ) );
     98                wp_die( __( 'Cheatin’ uh?' ), 403 );
    9999
    100100        $tags = (array) $_REQUEST['delete_tags'];
    101101        foreach ( $tags as $tag_ID ) {
     
    133133        check_admin_referer( 'update-tag_' . $tag_ID );
    134134
    135135        if ( !current_user_can( $tax->cap->edit_terms ) )
    136                 wp_die( __( 'Cheatin’ uh?' ) );
     136                wp_die( __( 'Cheatin’ uh?' ), 403 );
    137137
    138138        $tag = get_term( $tag_ID, $taxonomy );
    139139        if ( ! $tag )
  • src/wp-admin/edit.php

     
    2525        wp_die( __( 'Invalid post type' ) );
    2626
    2727if ( ! current_user_can( $post_type_object->cap->edit_posts ) )
    28         wp_die( __( 'Cheatin’ uh?' ) );
     28        wp_die( __( 'Cheatin’ uh?' ), 403 );
    2929
    3030$wp_list_table = _get_list_table('WP_Posts_List_Table');
    3131$pagenum = $wp_list_table->get_pagenum();
  • src/wp-admin/includes/bookmark.php

     
    2727 */
    2828function edit_link( $link_id = 0 ) {
    2929        if ( !current_user_can( 'manage_links' ) )
    30                 wp_die( __( 'Cheatin’ uh?' ) );
     30                wp_die( __( 'Cheatin’ uh?' ), 403 );
    3131
    3232        $_POST['link_url'] = esc_html( $_POST['link_url'] );
    3333        $_POST['link_url'] = esc_url($_POST['link_url']);
  • src/wp-admin/media-upload.php

     
    3232
    3333// Require an ID for the edit screen.
    3434if ( isset($action) && $action == 'edit' && !$ID )
    35         wp_die( __( 'Cheatin’ uh?' ) );
     35        wp_die( __( 'Cheatin’ uh?' ), 403 );
    3636
    3737        if ( ! empty( $_REQUEST['post_id'] ) && ! current_user_can( 'edit_post' , $_REQUEST['post_id'] ) )
    38                 wp_die( __( 'Cheatin’ uh?' ) );
     38                wp_die( __( 'Cheatin’ uh?' ), 403 );
    3939
    4040        // Upload type: image, video, file, ..?
    4141        if ( isset($_GET['type']) ) {
  • src/wp-admin/nav-menus.php

     
    2020
    2121// Permissions Check
    2222if ( ! current_user_can('edit_theme_options') )
    23         wp_die( __( 'Cheatin’ uh?' ) );
     23        wp_die( __( 'Cheatin’ uh?' ), 403 );
    2424
    2525wp_enqueue_script( 'nav-menu' );
    2626
  • src/wp-admin/network/site-users.php

     
    133133
    134134                                        // If the user doesn't already belong to the blog, bail.
    135135                                        if ( !is_user_member_of_blog( $user_id ) )
    136                                                 wp_die(__('Cheatin’ uh?'));
     136                                                wp_die( __( 'Cheatin’ uh?' ), 403 );
    137137
    138138                                        $user = get_userdata( $user_id );
    139139                                        $user->set_role( $_REQUEST['new_role'] );
  • src/wp-admin/options.php

     
    4545}
    4646
    4747if ( !current_user_can( $capability ) )
    48         wp_die(__('Cheatin’ uh?'));
     48        wp_die( __( 'Cheatin’ uh?' ), 403 );
    4949
    5050// Handle admin email change requests
    5151if ( is_multisite() ) {
     
    6969}
    7070
    7171if ( is_multisite() && !is_super_admin() && 'update' != $action )
    72         wp_die(__('Cheatin’ uh?'));
     72        wp_die( __( 'Cheatin’ uh?' ), 403 );
    7373
    7474$whitelist_options = array(
    7575        'general' => array( 'blogname', 'blogdescription', 'gmt_offset', 'date_format', 'time_format', 'start_of_week', 'timezone_string', 'WPLANG' ),
  • src/wp-admin/post-new.php

     
    4848$editing = true;
    4949
    5050if ( ! current_user_can( $post_type_object->cap->edit_posts ) || ! current_user_can( $post_type_object->cap->create_posts ) )
    51         wp_die( __( 'Cheatin’ uh?' ) );
     51        wp_die( __( 'Cheatin’ uh?' ), 403 );
    5252
    5353// Schedule auto-draft cleanup
    5454if ( ! wp_next_scheduled( 'wp_scheduled_auto_draft_delete' ) )
  • src/wp-admin/press-this.php

     
    1414header('Content-Type: ' . get_option('html_type') . '; charset=' . get_option('blog_charset'));
    1515
    1616if ( ! current_user_can( 'edit_posts' ) || ! current_user_can( get_post_type_object( 'post' )->cap->create_posts ) )
    17         wp_die( __( 'Cheatin’ uh?' ) );
     17        wp_die( __( 'Cheatin’ uh?' ), 403 );
    1818
    1919/**
    2020 * Press It form handler.
  • src/wp-admin/themes.php

     
    1010require_once( dirname( __FILE__ ) . '/admin.php' );
    1111
    1212if ( !current_user_can('switch_themes') && !current_user_can('edit_theme_options') )
    13         wp_die( __( 'Cheatin’ uh?' ) );
     13        wp_die( __( 'Cheatin’ uh?' ), 403 );
    1414
    1515if ( current_user_can( 'switch_themes' ) && isset($_GET['action'] ) ) {
    1616        if ( 'activate' == $_GET['action'] ) {
     
    1717                check_admin_referer('switch-theme_' . $_GET['stylesheet']);
    1818                $theme = wp_get_theme( $_GET['stylesheet'] );
    1919                if ( ! $theme->exists() || ! $theme->is_allowed() )
    20                         wp_die( __( 'Cheatin’ uh?' ) );
     20                        wp_die( __( 'Cheatin’ uh?' ), 403 );
    2121                switch_theme( $theme->get_stylesheet() );
    2222                wp_redirect( admin_url('themes.php?activated=true') );
    2323                exit;
     
    2525                check_admin_referer('delete-theme_' . $_GET['stylesheet']);
    2626                $theme = wp_get_theme( $_GET['stylesheet'] );
    2727                if ( !current_user_can('delete_themes') || ! $theme->exists() )
    28                         wp_die( __( 'Cheatin’ uh?' ) );
     28                        wp_die( __( 'Cheatin’ uh?' ), 403 );
    2929                delete_theme($_GET['stylesheet']);
    3030                wp_redirect( admin_url('themes.php?deleted=true') );
    3131                exit;
  • src/wp-admin/user-new.php

     
    1111
    1212if ( is_multisite() ) {
    1313        if ( ! current_user_can( 'create_users' ) && ! current_user_can( 'promote_users' ) )
    14                 wp_die( __( 'Cheatin’ uh?' ) );
     14                wp_die( __( 'Cheatin’ uh?' ), 403 );
    1515} elseif ( ! current_user_can( 'create_users' ) ) {
    16         wp_die( __( 'Cheatin’ uh?' ) );
     16        wp_die( __( 'Cheatin’ uh?' ), 403 );
    1717}
    1818
    1919if ( is_multisite() ) {
     
    5858        }
    5959
    6060        if ( ! current_user_can('promote_user', $user_details->ID) )
    61                 wp_die(__('Cheatin’ uh?'));
     61                wp_die( __( 'Cheatin’ uh?' ), 403 );
    6262
    6363        // Adding an existing user to this blog
    6464        $new_user_email = $user_details->user_email;
     
    9595        check_admin_referer( 'create-user', '_wpnonce_create-user' );
    9696
    9797        if ( ! current_user_can('create_users') )
    98                 wp_die(__('Cheatin’ uh?'));
     98                wp_die( __( 'Cheatin’ uh?' ), 403 );
    9999
    100100        if ( ! is_multisite() ) {
    101101                $user_id = edit_user();
  • src/wp-admin/users.php

     
    1010require_once( dirname( __FILE__ ) . '/admin.php' );
    1111
    1212if ( ! current_user_can( 'list_users' ) )
    13         wp_die( __( 'Cheatin’ uh?' ) );
     13        wp_die( __( 'Cheatin’ uh?' ), 403 );
    1414
    1515$wp_list_table = _get_list_table('WP_Users_List_Table');
    1616$pagenum = $wp_list_table->get_pagenum();
     
    128128
    129129                // If the user doesn't already belong to the blog, bail.
    130130                if ( is_multisite() && !is_user_member_of_blog( $id ) )
    131                         wp_die(__('Cheatin’ uh?'));
     131                        wp_die( __( 'Cheatin’ uh?' ), 403 );
    132132
    133133                $user = get_userdata( $id );
    134134                $user->set_role($_REQUEST['new_role']);
  • src/wp-admin/widgets.php

     
    1313require_once(ABSPATH . 'wp-admin/includes/widgets.php');
    1414
    1515if ( ! current_user_can('edit_theme_options') )
    16         wp_die( __( 'Cheatin’ uh?' ));
     16        wp_die( __( 'Cheatin’ uh?' ), 403 );
    1717
    1818$widgets_access = get_user_setting( 'widgets_access' );
    1919if ( isset($_GET['widgets-access']) ) {
  • src/wp-includes/functions.php

     
    23132313 * @param string $action The nonce action.
    23142314 */
    23152315function wp_nonce_ays( $action ) {
    2316         $title = __( 'WordPress Failure Notice' );
    23172316        if ( 'log-out' == $action ) {
    23182317                $html = sprintf( __( 'You are attempting to log out of %s' ), get_bloginfo( 'name' ) ) . '</p><p>';
    23192318                $redirect_to = isset( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : '';
     
    23242323                        $html .= "</p><p><a href='" . esc_url( remove_query_arg( 'updated', wp_get_referer() ) ) . "'>" . __( 'Please try again.' ) . "</a>";
    23252324        }
    23262325
    2327         wp_die( $html, $title, array('response' => 403) );
     2326        wp_die( $html, __( 'WordPress Failure Notice' ), 403 );
    23282327}
    23292328
    23302329/**
     
    23322331 *
    23332332 * This function complements the die() PHP function. The difference is that
    23342333 * HTML will be displayed to the user. It is recommended to use this function
    2335  * only, when the execution should not continue any further. It is not
     2334 * only when the execution should not continue any further. It is not
    23362335 * recommended to call this function very often and try to handle as many errors
    2337  * as possible silently.
     2336 * as possible silently or more gracefully.
    23382337 *
     2338 * As a shorthand, the desired HTTP response code may be passed as an integer to
     2339 * the $args parameter or the $title parameter (the default title would apply).
     2340 *
    23392341 * @since 2.0.4
    23402342 *
    2341  * @param string       $message Optional. Error message. Default empty.
    2342  * @param string       $title   Optional. Error title. Default empty.
    2343  * @param string|array $args    Optional. Arguments to control behavior. Default empty array.
     2343 * @param string|WP_Error   $message Optional. Error message. Default empty.
     2344 *                                   If this is a WP_Error object, the error's messages are used.
     2345 * @param string            $title   Optional. Error title. Default is a generic title.
     2346 *                                   If $message is a WP_Error object, error data with the key
     2347 *                                   'title' may be used to specify the title.
     2348 * @param string|array|int  $args {
     2349 *     Optional. Arguments to control behavior. Default empty array.
     2350 *     If $args is an integer, then it is treated as the response code.
     2351 *
     2352 *     @type int    $response       The HTTP response code. Default 500.
     2353 *     @type bool   $back_link      Whether to include a link to go back. Default false.
     2354 *     @type string $text_direction The text direction. Defaults to the value of is_rtl().
     2355 *                                  Accepts 'rtl'. This is only useful internally, when WordPress
     2356 *                                  is still loading and the site's locale is not set up yet.
     2357 * }
    23442358 */
    23452359function wp_die( $message = '', $title = '', $args = array() ) {
     2360
     2361        if ( is_int( $args ) ) {
     2362                $args = array( 'response' => $args );
     2363        } elseif ( is_int( $title ) ) {
     2364                $args = array( 'response' => $title );
     2365                $title = '';
     2366        }
     2367
    23462368        if ( defined( 'DOING_AJAX' ) && DOING_AJAX ) {
    23472369                /**
    23482370                 * Filter callback for killing WordPress execution for AJAX requests.