WordPress.org
Get WordPress

Make WordPress Core

Ticket #18030: edit.diff

File edit.diff, 2.1 KB (added by niallkennedy, 14 years ago)

Define a response of 403 when calling wp_die() after a capability check fails.

  • wp-admin/edit.php

     
    2020
    2121$post_type_object = get_post_type_object( $post_type );
    2222
    23 if ( !current_user_can($post_type_object->cap->edit_posts) )
    24         wp_die(__('Cheatin’ uh?'));
     23if ( ! current_user_can( $post_type_object->cap->edit_posts ) )
     24        wp_die( __('Cheatin’ uh?'), '', array( 'response' => 403 ) );
    2525
    2626$wp_list_table = _get_list_table('WP_Posts_List_Table');
    2727$pagenum = $wp_list_table->get_pagenum();
     
    7777                case 'trash':
    7878                        $trashed = 0;
    7979                        foreach( (array) $post_ids as $post_id ) {
    80                                 if ( !current_user_can($post_type_object->cap->delete_post, $post_id) )
    81                                         wp_die( __('You are not allowed to move this item to the Trash.') );
     80                                if ( ! current_user_can( $post_type_object->cap->delete_post, $post_id ) )
     81                                        wp_die( __('You are not allowed to move this item to the Trash.'), '', array( 'response' => 403 ) );
    8282
    8383                                if ( !wp_trash_post($post_id) )
    8484                                        wp_die( __('Error in moving to Trash.') );
     
    9090                case 'untrash':
    9191                        $untrashed = 0;
    9292                        foreach( (array) $post_ids as $post_id ) {
    93                                 if ( !current_user_can($post_type_object->cap->delete_post, $post_id) )
    94                                         wp_die( __('You are not allowed to restore this item from the Trash.') );
     93                                if ( ! current_user_can( $post_type_object->cap->delete_post, $post_id ) )
     94                                        wp_die( __('You are not allowed to restore this item from the Trash.'), '', array( 'response' => 403 ) );
    9595
    9696                                if ( !wp_untrash_post($post_id) )
    9797                                        wp_die( __('Error in restoring from Trash.') );
     
    105105                        foreach( (array) $post_ids as $post_id ) {
    106106                                $post_del = & get_post($post_id);
    107107
    108                                 if ( !current_user_can($post_type_object->cap->delete_post, $post_id) )
    109                                         wp_die( __('You are not allowed to delete this item.') );
     108                                if ( ! current_user_can( $post_type_object->cap->delete_post, $post_id ) )
     109                                        wp_die( __('You are not allowed to delete this item.'), '', array( 'response' => 403 ) );
    110110
    111111                                if ( $post_del->post_type == 'attachment' ) {
    112112                                        if ( ! wp_delete_attachment($post_id) )