WordPress.org

Make WordPress Core

Ticket #18474: 18474.diff

File 18474.diff, 1006 bytes (added by kurtpayne, 3 years ago)

Patch to detect truncated POST requests

  • wp-includes/pluggable.php

     
    844844        $adminurl = strtolower(admin_url()); 
    845845        $referer = strtolower(wp_get_referer()); 
    846846        $result = isset($_REQUEST[$query_arg]) ? wp_verify_nonce($_REQUEST[$query_arg], $action) : false; 
     847 
     848        // Detect errors caused by truncated posts 
     849        // If the file was uploaded, but exceeds the file upload limit, then it will be handled elsewhere 
     850        // but if the post was too big, then it won't be decoded properly and the nonce won't come through 
     851        // so it will be caught here 
     852        if ( 'POST' == $_SERVER['REQUEST_METHOD'] && empty($_POST) && $_SERVER['CONTENT_LENGTH'] > 0 ) 
     853                wp_die(__( 'The request exceeds the <code>post_max_size</code> directive in <code>php.ini</code>.' )); 
     854 
    847855        if ( !$result && !(-1 == $action && strpos($referer, $adminurl) === 0) ) { 
    848856                wp_nonce_ays($action); 
    849857                die();