WordPress.org

Make WordPress Core

Ticket #18474: 18474.diff

File 18474.diff, 1006 bytes (added by kurtpayne, 10 years ago)

Patch to detect truncated POST requests

  • wp-includes/pluggable.php

     
    844844        $adminurl = strtolower(admin_url());
    845845        $referer = strtolower(wp_get_referer());
    846846        $result = isset($_REQUEST[$query_arg]) ? wp_verify_nonce($_REQUEST[$query_arg], $action) : false;
     847
     848        // Detect errors caused by truncated posts
     849        // If the file was uploaded, but exceeds the file upload limit, then it will be handled elsewhere
     850        // but if the post was too big, then it won't be decoded properly and the nonce won't come through
     851        // so it will be caught here
     852        if ( 'POST' == $_SERVER['REQUEST_METHOD'] && empty($_POST) && $_SERVER['CONTENT_LENGTH'] > 0 )
     853                wp_die(__( 'The request exceeds the <code>post_max_size</code> directive in <code>php.ini</code>.' ));
     854
    847855        if ( !$result && !(-1 == $action && strpos($referer, $adminurl) === 0) ) {
    848856                wp_nonce_ays($action);
    849857                die();