Ticket #18474: 18474.diff

wp-includes/pluggable.php

@@ -844 +844 @@
         $adminurl = strtolower(admin_url());
         $referer = strtolower(wp_get_referer());
         $result = isset($_REQUEST[$query_arg]) ? wp_verify_nonce($_REQUEST[$query_arg], $action) : false;
+
+        // Detect errors caused by truncated posts
+        // If the file was uploaded, but exceeds the file upload limit, then it will be handled elsewhere
+        // but if the post was too big, then it won't be decoded properly and the nonce won't come through
+        // so it will be caught here
+        if ( 'POST' == $_SERVER['REQUEST_METHOD'] && empty($_POST) && $_SERVER['CONTENT_LENGTH'] > 0 )
+                wp_die(__( 'The request exceeds the <code>post_max_size</code> directive in <code>php.ini</code>.' ));
+
         if ( !$result && !(-1 == $action && strpos($referer, $adminurl) === 0) ) {
                 wp_nonce_ays($action);
                 die();