Ticket #10551: 10551.diff
File 10551.diff, 14.9 KB (added by , 10 years ago) |
---|
-
src/wp-admin/custom-header.php
736 736 public function step_2() { 737 737 check_admin_referer('custom-header-upload', '_wpnonce-custom-header-upload'); 738 738 if ( ! current_theme_supports( 'custom-header', 'uploads' ) ) 739 wp_die( __( 'Cheatin’ uh?' ) );739 wp_die( __( 'Cheatin’ uh?' ), 403 ); 740 740 741 741 if ( empty( $_POST ) && isset( $_GET['file'] ) ) { 742 742 $attachment_id = absint( $_GET['file'] ); … … 888 888 check_admin_referer( 'custom-header-crop-image' ); 889 889 890 890 if ( ! current_theme_supports( 'custom-header', 'uploads' ) ) 891 wp_die( __( 'Cheatin’ uh?' ) );891 wp_die( __( 'Cheatin’ uh?' ), 403 ); 892 892 893 893 if ( ! empty( $_POST['skip-cropping'] ) && ! ( current_theme_supports( 'custom-header', 'flex-height' ) || current_theme_supports( 'custom-header', 'flex-width' ) ) ) 894 wp_die( __( 'Cheatin’ uh?' ) );894 wp_die( __( 'Cheatin’ uh?' ), 403 ); 895 895 896 896 if ( $_POST['oitar'] > 1 ) { 897 897 $_POST['x1'] = $_POST['x1'] * $_POST['oitar']; -
src/wp-admin/customize.php
13 13 require_once( dirname( __FILE__ ) . '/admin.php' ); 14 14 15 15 if ( ! current_user_can( 'customize' ) ) { 16 wp_die( __( 'Cheatin’ uh?' ) );16 wp_die( __( 'Cheatin’ uh?' ), 403 ); 17 17 } 18 18 19 19 wp_reset_vars( array( 'url', 'return' ) ); -
src/wp-admin/edit-comments.php
9 9 /** WordPress Administration Bootstrap */ 10 10 require_once( dirname( __FILE__ ) . '/admin.php' ); 11 11 if ( !current_user_can('edit_posts') ) 12 wp_die( __('Cheatin’ uh?'));12 wp_die( __( 'Cheatin’ uh?' ), 403 ); 13 13 14 14 $wp_list_table = _get_list_table('WP_Comments_List_Table'); 15 15 $pagenum = $wp_list_table->get_pagenum(); -
src/wp-admin/edit-tags.php
18 18 wp_die( __( 'Invalid taxonomy' ) ); 19 19 20 20 if ( ! current_user_can( $tax->cap->manage_terms ) ) 21 wp_die( __( 'Cheatin’ uh?' ) );21 wp_die( __( 'Cheatin’ uh?' ), 403 ); 22 22 23 23 $wp_list_table = _get_list_table('WP_Terms_List_Table'); 24 24 $pagenum = $wp_list_table->get_pagenum(); … … 47 47 check_admin_referer( 'add-tag', '_wpnonce_add-tag' ); 48 48 49 49 if ( !current_user_can( $tax->cap->edit_terms ) ) 50 wp_die( __( 'Cheatin’ uh?' ) );50 wp_die( __( 'Cheatin’ uh?' ), 403 ); 51 51 52 52 $ret = wp_insert_term( $_POST['tag-name'], $taxonomy, $_POST ); 53 53 $location = 'edit-tags.php?taxonomy=' . $taxonomy; … … 83 83 check_admin_referer( 'delete-tag_' . $tag_ID ); 84 84 85 85 if ( !current_user_can( $tax->cap->delete_terms ) ) 86 wp_die( __( 'Cheatin’ uh?' ) );86 wp_die( __( 'Cheatin’ uh?' ), 403 ); 87 87 88 88 wp_delete_term( $tag_ID, $taxonomy ); 89 89 … … 95 95 check_admin_referer( 'bulk-tags' ); 96 96 97 97 if ( !current_user_can( $tax->cap->delete_terms ) ) 98 wp_die( __( 'Cheatin’ uh?' ) );98 wp_die( __( 'Cheatin’ uh?' ), 403 ); 99 99 100 100 $tags = (array) $_REQUEST['delete_tags']; 101 101 foreach ( $tags as $tag_ID ) { … … 133 133 check_admin_referer( 'update-tag_' . $tag_ID ); 134 134 135 135 if ( !current_user_can( $tax->cap->edit_terms ) ) 136 wp_die( __( 'Cheatin’ uh?' ) );136 wp_die( __( 'Cheatin’ uh?' ), 403 ); 137 137 138 138 $tag = get_term( $tag_ID, $taxonomy ); 139 139 if ( ! $tag ) -
src/wp-admin/edit.php
25 25 wp_die( __( 'Invalid post type' ) ); 26 26 27 27 if ( ! current_user_can( $post_type_object->cap->edit_posts ) ) 28 wp_die( __( 'Cheatin’ uh?' ) );28 wp_die( __( 'Cheatin’ uh?' ), 403 ); 29 29 30 30 $wp_list_table = _get_list_table('WP_Posts_List_Table'); 31 31 $pagenum = $wp_list_table->get_pagenum(); -
src/wp-admin/includes/bookmark.php
27 27 */ 28 28 function edit_link( $link_id = 0 ) { 29 29 if ( !current_user_can( 'manage_links' ) ) 30 wp_die( __( 'Cheatin’ uh?' ) );30 wp_die( __( 'Cheatin’ uh?' ), 403 ); 31 31 32 32 $_POST['link_url'] = esc_html( $_POST['link_url'] ); 33 33 $_POST['link_url'] = esc_url($_POST['link_url']); -
src/wp-admin/media-upload.php
32 32 33 33 // Require an ID for the edit screen. 34 34 if ( isset($action) && $action == 'edit' && !$ID ) 35 wp_die( __( 'Cheatin’ uh?' ) );35 wp_die( __( 'Cheatin’ uh?' ), 403 ); 36 36 37 37 if ( ! empty( $_REQUEST['post_id'] ) && ! current_user_can( 'edit_post' , $_REQUEST['post_id'] ) ) 38 wp_die( __( 'Cheatin’ uh?' ) );38 wp_die( __( 'Cheatin’ uh?' ), 403 ); 39 39 40 40 // Upload type: image, video, file, ..? 41 41 if ( isset($_GET['type']) ) { -
src/wp-admin/nav-menus.php
20 20 21 21 // Permissions Check 22 22 if ( ! current_user_can('edit_theme_options') ) 23 wp_die( __( 'Cheatin’ uh?' ) );23 wp_die( __( 'Cheatin’ uh?' ), 403 ); 24 24 25 25 wp_enqueue_script( 'nav-menu' ); 26 26 -
src/wp-admin/network/site-users.php
133 133 134 134 // If the user doesn't already belong to the blog, bail. 135 135 if ( !is_user_member_of_blog( $user_id ) ) 136 wp_die( __('Cheatin’ uh?'));136 wp_die( __( 'Cheatin’ uh?' ), 403 ); 137 137 138 138 $user = get_userdata( $user_id ); 139 139 $user->set_role( $_REQUEST['new_role'] ); -
src/wp-admin/options.php
45 45 } 46 46 47 47 if ( !current_user_can( $capability ) ) 48 wp_die( __('Cheatin’ uh?'));48 wp_die( __( 'Cheatin’ uh?' ), 403 ); 49 49 50 50 // Handle admin email change requests 51 51 if ( is_multisite() ) { … … 69 69 } 70 70 71 71 if ( is_multisite() && !is_super_admin() && 'update' != $action ) 72 wp_die( __('Cheatin’ uh?'));72 wp_die( __( 'Cheatin’ uh?' ), 403 ); 73 73 74 74 $whitelist_options = array( 75 75 'general' => array( 'blogname', 'blogdescription', 'gmt_offset', 'date_format', 'time_format', 'start_of_week', 'timezone_string', 'WPLANG' ), -
src/wp-admin/post-new.php
48 48 $editing = true; 49 49 50 50 if ( ! current_user_can( $post_type_object->cap->edit_posts ) || ! current_user_can( $post_type_object->cap->create_posts ) ) 51 wp_die( __( 'Cheatin’ uh?' ) );51 wp_die( __( 'Cheatin’ uh?' ), 403 ); 52 52 53 53 // Schedule auto-draft cleanup 54 54 if ( ! wp_next_scheduled( 'wp_scheduled_auto_draft_delete' ) ) -
src/wp-admin/press-this.php
14 14 header('Content-Type: ' . get_option('html_type') . '; charset=' . get_option('blog_charset')); 15 15 16 16 if ( ! current_user_can( 'edit_posts' ) || ! current_user_can( get_post_type_object( 'post' )->cap->create_posts ) ) 17 wp_die( __( 'Cheatin’ uh?' ) );17 wp_die( __( 'Cheatin’ uh?' ), 403 ); 18 18 19 19 /** 20 20 * Press It form handler. -
src/wp-admin/themes.php
10 10 require_once( dirname( __FILE__ ) . '/admin.php' ); 11 11 12 12 if ( !current_user_can('switch_themes') && !current_user_can('edit_theme_options') ) 13 wp_die( __( 'Cheatin’ uh?' ) );13 wp_die( __( 'Cheatin’ uh?' ), 403 ); 14 14 15 15 if ( current_user_can( 'switch_themes' ) && isset($_GET['action'] ) ) { 16 16 if ( 'activate' == $_GET['action'] ) { … … 17 17 check_admin_referer('switch-theme_' . $_GET['stylesheet']); 18 18 $theme = wp_get_theme( $_GET['stylesheet'] ); 19 19 if ( ! $theme->exists() || ! $theme->is_allowed() ) 20 wp_die( __( 'Cheatin’ uh?' ) );20 wp_die( __( 'Cheatin’ uh?' ), 403 ); 21 21 switch_theme( $theme->get_stylesheet() ); 22 22 wp_redirect( admin_url('themes.php?activated=true') ); 23 23 exit; … … 25 25 check_admin_referer('delete-theme_' . $_GET['stylesheet']); 26 26 $theme = wp_get_theme( $_GET['stylesheet'] ); 27 27 if ( !current_user_can('delete_themes') || ! $theme->exists() ) 28 wp_die( __( 'Cheatin’ uh?' ) );28 wp_die( __( 'Cheatin’ uh?' ), 403 ); 29 29 delete_theme($_GET['stylesheet']); 30 30 wp_redirect( admin_url('themes.php?deleted=true') ); 31 31 exit; -
src/wp-admin/user-new.php
11 11 12 12 if ( is_multisite() ) { 13 13 if ( ! current_user_can( 'create_users' ) && ! current_user_can( 'promote_users' ) ) 14 wp_die( __( 'Cheatin’ uh?' ) );14 wp_die( __( 'Cheatin’ uh?' ), 403 ); 15 15 } elseif ( ! current_user_can( 'create_users' ) ) { 16 wp_die( __( 'Cheatin’ uh?' ) );16 wp_die( __( 'Cheatin’ uh?' ), 403 ); 17 17 } 18 18 19 19 if ( is_multisite() ) { … … 58 58 } 59 59 60 60 if ( ! current_user_can('promote_user', $user_details->ID) ) 61 wp_die( __('Cheatin’ uh?'));61 wp_die( __( 'Cheatin’ uh?' ), 403 ); 62 62 63 63 // Adding an existing user to this blog 64 64 $new_user_email = $user_details->user_email; … … 95 95 check_admin_referer( 'create-user', '_wpnonce_create-user' ); 96 96 97 97 if ( ! current_user_can('create_users') ) 98 wp_die( __('Cheatin’ uh?'));98 wp_die( __( 'Cheatin’ uh?' ), 403 ); 99 99 100 100 if ( ! is_multisite() ) { 101 101 $user_id = edit_user(); -
src/wp-admin/users.php
10 10 require_once( dirname( __FILE__ ) . '/admin.php' ); 11 11 12 12 if ( ! current_user_can( 'list_users' ) ) 13 wp_die( __( 'Cheatin’ uh?' ) );13 wp_die( __( 'Cheatin’ uh?' ), 403 ); 14 14 15 15 $wp_list_table = _get_list_table('WP_Users_List_Table'); 16 16 $pagenum = $wp_list_table->get_pagenum(); … … 128 128 129 129 // If the user doesn't already belong to the blog, bail. 130 130 if ( is_multisite() && !is_user_member_of_blog( $id ) ) 131 wp_die( __('Cheatin’ uh?'));131 wp_die( __( 'Cheatin’ uh?' ), 403 ); 132 132 133 133 $user = get_userdata( $id ); 134 134 $user->set_role($_REQUEST['new_role']); -
src/wp-admin/widgets.php
13 13 require_once(ABSPATH . 'wp-admin/includes/widgets.php'); 14 14 15 15 if ( ! current_user_can('edit_theme_options') ) 16 wp_die( __( 'Cheatin’ uh?' ) );16 wp_die( __( 'Cheatin’ uh?' ), 403 ); 17 17 18 18 $widgets_access = get_user_setting( 'widgets_access' ); 19 19 if ( isset($_GET['widgets-access']) ) { -
src/wp-includes/functions.php
2313 2313 * @param string $action The nonce action. 2314 2314 */ 2315 2315 function wp_nonce_ays( $action ) { 2316 $title = __( 'WordPress Failure Notice' );2317 2316 if ( 'log-out' == $action ) { 2318 2317 $html = sprintf( __( 'You are attempting to log out of %s' ), get_bloginfo( 'name' ) ) . '</p><p>'; 2319 2318 $redirect_to = isset( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : ''; … … 2324 2323 $html .= "</p><p><a href='" . esc_url( remove_query_arg( 'updated', wp_get_referer() ) ) . "'>" . __( 'Please try again.' ) . "</a>"; 2325 2324 } 2326 2325 2327 wp_die( $html, $title, array('response' => 403));2326 wp_die( $html, __( 'WordPress Failure Notice' ), 403 ); 2328 2327 } 2329 2328 2330 2329 /** … … 2332 2331 * 2333 2332 * This function complements the die() PHP function. The difference is that 2334 2333 * HTML will be displayed to the user. It is recommended to use this function 2335 * only ,when the execution should not continue any further. It is not2334 * only when the execution should not continue any further. It is not 2336 2335 * recommended to call this function very often and try to handle as many errors 2337 * as possible silently .2336 * as possible silently or more gracefully. 2338 2337 * 2338 * As a shorthand, the desired HTTP response code may be passed as an integer to 2339 * the $args parameter or the $title parameter (the default title would apply). 2340 * 2339 2341 * @since 2.0.4 2340 2342 * 2341 * @param string $message Optional. Error message. Default empty. 2342 * @param string $title Optional. Error title. Default empty. 2343 * @param string|array $args Optional. Arguments to control behavior. Default empty array. 2343 * @param string|WP_Error $message Optional. Error message. Default empty. 2344 * If this is a WP_Error object, the error's messages are used. 2345 * @param string $title Optional. Error title. Default is a generic title. 2346 * If $message is a WP_Error object, error data with the key 2347 * 'title' may be used to specify the title. 2348 * @param string|array|int $args { 2349 * Optional. Arguments to control behavior. Default empty array. 2350 * If $args is an integer, then it is treated as the response code. 2351 * 2352 * @type int $response The HTTP response code. Default 500. 2353 * @type bool $back_link Whether to include a link to go back. Default false. 2354 * @type string $text_direction The text direction. Defaults to the value of is_rtl(). 2355 * Accepts 'rtl'. This is only useful internally, when WordPress 2356 * is still loading and the site's locale is not set up yet. 2357 * } 2344 2358 */ 2345 2359 function wp_die( $message = '', $title = '', $args = array() ) { 2360 2361 if ( is_int( $args ) ) { 2362 $args = array( 'response' => $args ); 2363 } elseif ( is_int( $title ) ) { 2364 $args = array( 'response' => $title ); 2365 $title = ''; 2366 } 2367 2346 2368 if ( defined( 'DOING_AJAX' ) && DOING_AJAX ) { 2347 2369 /** 2348 2370 * Filter callback for killing WordPress execution for AJAX requests.