Make WordPress Core

Ticket #40230: permission_messages_status_code.diff

File permission_messages_status_code.diff, 4.8 KB (added by tuanmh, 7 years ago)
  • src/wp-admin/includes/user.php

     
    5959                // If the new role isn't editable by the logged-in user die with error
    6060                $editable_roles = get_editable_roles();
    6161                if ( ! empty( $new_role ) && empty( $editable_roles[$new_role] ) )
    62                         wp_die(__('You can’t give users that role.'));
     62                        wp_die( __( 'Sorry, you are not allowed to give users that role.' ), 403 );
    6363        }
    6464
    6565        if ( isset( $_POST['email'] ))
  • src/wp-admin/network/site-users.php

     
    1111require_once( dirname( __FILE__ ) . '/admin.php' );
    1212
    1313if ( ! current_user_can('manage_sites') )
    14         wp_die(__('Sorry, you are not allowed to edit this site.'));
     14        wp_die( __( 'Sorry, you are not allowed to edit this site.' ), 403 );
    1515
    1616$wp_list_table = _get_list_table('WP_Users_List_Table');
    1717$wp_list_table->prepare_items();
     
    115115
    116116                case 'remove':
    117117                        if ( ! current_user_can( 'remove_users' ) ) {
    118                                 wp_die( __( 'Sorry, you are not allowed to remove users.' ) );
     118                                wp_die( __( 'Sorry, you are not allowed to remove users.' ), 403 );
    119119                        }
    120120
    121121                        check_admin_referer( 'bulk-users' );
     
    139139                        check_admin_referer( 'bulk-users' );
    140140                        $editable_roles = get_editable_roles();
    141141                        if ( empty( $editable_roles[ $_REQUEST['new_role'] ] ) ) {
    142                                 wp_die( __( 'Sorry, you are not allowed to give users that role.' ) );
     142                                wp_die( __( 'Sorry, you are not allowed to give users that role.' ), 403 );
    143143                        }
    144144
    145145                        if ( isset( $_REQUEST['users'] ) ) {
  • src/wp-admin/users.php

     
    9494        check_admin_referer('bulk-users');
    9595
    9696        if ( ! current_user_can( 'promote_users' ) )
    97                 wp_die( __( 'Sorry, you are not allowed to edit this user.' ) );
     97                wp_die( __( 'Sorry, you are not allowed to edit this user.' ), 403 );
    9898
    9999        if ( empty($_REQUEST['users']) ) {
    100100                wp_redirect($redirect);
     
    110110        }
    111111
    112112        if ( ! $role || empty( $editable_roles[ $role ] ) ) {
    113                 wp_die( __( 'Sorry, you are not allowed to give users that role.' ) );
     113                wp_die( __( 'Sorry, you are not allowed to give users that role.' ), 403 );
    114114        }
    115115
    116116        $userids = $_REQUEST['users'];
     
    119119                $id = (int) $id;
    120120
    121121                if ( ! current_user_can('promote_user', $id) )
    122                         wp_die(__('Sorry, you are not allowed to edit this user.'));
     122                        wp_die( __( 'Sorry, you are not allowed to edit this user.' ), 403 );
    123123                // The new role of the current user must also have the promote_users cap or be a multisite super admin
    124124                if ( $id == $current_user->ID && ! $wp_roles->role_objects[ $role ]->has_cap('promote_users')
    125125                        && ! ( is_multisite() && current_user_can( 'manage_network_users' ) ) ) {
     
    145145
    146146case 'dodelete':
    147147        if ( is_multisite() )
    148                 wp_die( __('User deletion is not allowed from this screen.') );
     148                wp_die( __('User deletion is not allowed from this screen.'), 400 );
    149149
    150150        check_admin_referer('delete-users');
    151151
     
    164164        }
    165165
    166166        if ( ! current_user_can( 'delete_users' ) )
    167                 wp_die(__('Sorry, you are not allowed to delete users.'));
     167                wp_die( __( 'Sorry, you are not allowed to delete users.' ), 403 );
    168168
    169169        $update = 'del';
    170170        $delete_count = 0;
     
    171171
    172172        foreach ( $userids as $id ) {
    173173                if ( ! current_user_can( 'delete_user', $id ) )
    174                         wp_die(__( 'Sorry, you are not allowed to delete that user.' ) );
     174                        wp_die( __( 'Sorry, you are not allowed to delete that user.' ), 403 );
    175175
    176176                if ( $id == $current_user->ID ) {
    177177                        $update = 'err_admin_del';
     
    194194
    195195case 'delete':
    196196        if ( is_multisite() )
    197                 wp_die( __('User deletion is not allowed from this screen.') );
     197                wp_die( __('User deletion is not allowed from this screen.'), 400 );
    198198
    199199        check_admin_referer('bulk-users');
    200200
     
    306306        check_admin_referer('remove-users');
    307307
    308308        if ( ! is_multisite() )
    309                 wp_die( __( 'You can’t remove users.' ) );
     309                wp_die( __( 'You can’t remove users.' ), 400 );
    310310
    311311        if ( empty($_REQUEST['users']) ) {
    312312                wp_redirect($redirect);
     
    314314        }
    315315
    316316        if ( ! current_user_can( 'remove_users' ) )
    317                 wp_die( __( 'Sorry, you are not allowed to remove users.' ) );
     317                wp_die( __( 'Sorry, you are not allowed to remove users.' ), 403 );
    318318
    319319        $userids = $_REQUEST['users'];
    320320
     
    337337        check_admin_referer('bulk-users');
    338338
    339339        if ( ! is_multisite() )
    340                 wp_die( __( 'You can’t remove users.' ) );
     340                wp_die( __( 'You can’t remove users.' ), 400 );
    341341
    342342        if ( empty($_REQUEST['users']) && empty($_REQUEST['user']) ) {
    343343                wp_redirect($redirect);