Ticket #42790: 42790.diff
File 42790.diff, 1.0 KB (added by , 7 years ago) |
---|
-
src/wp-includes/rest-api.php
241 241 * @since 4.4.0 242 242 * 243 243 * @global WP $wp Current WordPress environment instance. 244 * @global WP_User|null $user Current WordPress User. 244 245 */ 245 246 function rest_api_loaded() { 246 247 if ( empty( $GLOBALS['wp']->query_vars['rest_route'] ) ) { … … 255 256 */ 256 257 define( 'REST_REQUEST', true ); 257 258 259 // Determine the user that the request should be run under (if any). 260 if ( isset( $_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW'] ) ) { 261 // We are explicitly only accepting HTTP Basic Auth for HTTPS requests. 262 if ( ! is_ssl() ) { 263 wp_send_json_error( __( 'HTTP Basic Auth is unavailable for non-HTTPS requests.' ), 403 ); 264 die(); 265 } 266 $GLOBALS['user'] = wp_authenticate( $_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW'] ); 267 } 268 258 269 // Initialize the server. 259 270 $server = rest_get_server(); 260 271