Ticket #40230: permission_messages_status_code.diff
File permission_messages_status_code.diff, 4.8 KB (added by , 7 years ago) |
---|
-
src/wp-admin/includes/user.php
59 59 // If the new role isn't editable by the logged-in user die with error 60 60 $editable_roles = get_editable_roles(); 61 61 if ( ! empty( $new_role ) && empty( $editable_roles[$new_role] ) ) 62 wp_die( __('You can’t give users that role.'));62 wp_die( __( 'Sorry, you are not allowed to give users that role.' ), 403 ); 63 63 } 64 64 65 65 if ( isset( $_POST['email'] )) -
src/wp-admin/network/site-users.php
11 11 require_once( dirname( __FILE__ ) . '/admin.php' ); 12 12 13 13 if ( ! current_user_can('manage_sites') ) 14 wp_die( __('Sorry, you are not allowed to edit this site.'));14 wp_die( __( 'Sorry, you are not allowed to edit this site.' ), 403 ); 15 15 16 16 $wp_list_table = _get_list_table('WP_Users_List_Table'); 17 17 $wp_list_table->prepare_items(); … … 115 115 116 116 case 'remove': 117 117 if ( ! current_user_can( 'remove_users' ) ) { 118 wp_die( __( 'Sorry, you are not allowed to remove users.' ) );118 wp_die( __( 'Sorry, you are not allowed to remove users.' ), 403 ); 119 119 } 120 120 121 121 check_admin_referer( 'bulk-users' ); … … 139 139 check_admin_referer( 'bulk-users' ); 140 140 $editable_roles = get_editable_roles(); 141 141 if ( empty( $editable_roles[ $_REQUEST['new_role'] ] ) ) { 142 wp_die( __( 'Sorry, you are not allowed to give users that role.' ) );142 wp_die( __( 'Sorry, you are not allowed to give users that role.' ), 403 ); 143 143 } 144 144 145 145 if ( isset( $_REQUEST['users'] ) ) { -
src/wp-admin/users.php
94 94 check_admin_referer('bulk-users'); 95 95 96 96 if ( ! current_user_can( 'promote_users' ) ) 97 wp_die( __( 'Sorry, you are not allowed to edit this user.' ) );97 wp_die( __( 'Sorry, you are not allowed to edit this user.' ), 403 ); 98 98 99 99 if ( empty($_REQUEST['users']) ) { 100 100 wp_redirect($redirect); … … 110 110 } 111 111 112 112 if ( ! $role || empty( $editable_roles[ $role ] ) ) { 113 wp_die( __( 'Sorry, you are not allowed to give users that role.' ) );113 wp_die( __( 'Sorry, you are not allowed to give users that role.' ), 403 ); 114 114 } 115 115 116 116 $userids = $_REQUEST['users']; … … 119 119 $id = (int) $id; 120 120 121 121 if ( ! current_user_can('promote_user', $id) ) 122 wp_die( __('Sorry, you are not allowed to edit this user.'));122 wp_die( __( 'Sorry, you are not allowed to edit this user.' ), 403 ); 123 123 // The new role of the current user must also have the promote_users cap or be a multisite super admin 124 124 if ( $id == $current_user->ID && ! $wp_roles->role_objects[ $role ]->has_cap('promote_users') 125 125 && ! ( is_multisite() && current_user_can( 'manage_network_users' ) ) ) { … … 145 145 146 146 case 'dodelete': 147 147 if ( is_multisite() ) 148 wp_die( __('User deletion is not allowed from this screen.') );148 wp_die( __('User deletion is not allowed from this screen.'), 400 ); 149 149 150 150 check_admin_referer('delete-users'); 151 151 … … 164 164 } 165 165 166 166 if ( ! current_user_can( 'delete_users' ) ) 167 wp_die( __('Sorry, you are not allowed to delete users.'));167 wp_die( __( 'Sorry, you are not allowed to delete users.' ), 403 ); 168 168 169 169 $update = 'del'; 170 170 $delete_count = 0; … … 171 171 172 172 foreach ( $userids as $id ) { 173 173 if ( ! current_user_can( 'delete_user', $id ) ) 174 wp_die( __( 'Sorry, you are not allowed to delete that user.' ));174 wp_die( __( 'Sorry, you are not allowed to delete that user.' ), 403 ); 175 175 176 176 if ( $id == $current_user->ID ) { 177 177 $update = 'err_admin_del'; … … 194 194 195 195 case 'delete': 196 196 if ( is_multisite() ) 197 wp_die( __('User deletion is not allowed from this screen.') );197 wp_die( __('User deletion is not allowed from this screen.'), 400 ); 198 198 199 199 check_admin_referer('bulk-users'); 200 200 … … 306 306 check_admin_referer('remove-users'); 307 307 308 308 if ( ! is_multisite() ) 309 wp_die( __( 'You can’t remove users.' ) );309 wp_die( __( 'You can’t remove users.' ), 400 ); 310 310 311 311 if ( empty($_REQUEST['users']) ) { 312 312 wp_redirect($redirect); … … 314 314 } 315 315 316 316 if ( ! current_user_can( 'remove_users' ) ) 317 wp_die( __( 'Sorry, you are not allowed to remove users.' ) );317 wp_die( __( 'Sorry, you are not allowed to remove users.' ), 403 ); 318 318 319 319 $userids = $_REQUEST['users']; 320 320 … … 337 337 check_admin_referer('bulk-users'); 338 338 339 339 if ( ! is_multisite() ) 340 wp_die( __( 'You can’t remove users.' ) );340 wp_die( __( 'You can’t remove users.' ), 400 ); 341 341 342 342 if ( empty($_REQUEST['users']) && empty($_REQUEST['user']) ) { 343 343 wp_redirect($redirect);