Make WordPress Core

Changeset 30356


Ignore:
Timestamp:
11/16/2014 06:15:29 AM (10 years ago)
Author:
johnbillion
Message:

Switch to a 403 response code in places where it is more appropriate than a 500 due to permissions errors.

Fixes #10551
Props nacin

Location:
trunk/src
Files:
17 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/custom-header.php

    r30327 r30356  
    740740        check_admin_referer('custom-header-upload', '_wpnonce-custom-header-upload');
    741741        if ( ! current_theme_supports( 'custom-header', 'uploads' ) )
    742             wp_die( __( 'Cheatin’ uh?' ) );
     742            wp_die( __( 'Cheatin’ uh?' ), 403 );
    743743
    744744        if ( empty( $_POST ) && isset( $_GET['file'] ) ) {
     
    891891
    892892        if ( ! current_theme_supports( 'custom-header', 'uploads' ) )
    893             wp_die( __( 'Cheatin’ uh?' ) );
     893            wp_die( __( 'Cheatin’ uh?' ), 403 );
    894894
    895895        if ( ! empty( $_POST['skip-cropping'] ) && ! ( current_theme_supports( 'custom-header', 'flex-height' ) || current_theme_supports( 'custom-header', 'flex-width' ) ) )
    896             wp_die( __( 'Cheatin’ uh?' ) );
     896            wp_die( __( 'Cheatin’ uh?' ), 403 );
    897897
    898898        if ( $_POST['oitar'] > 1 ) {
  • trunk/src/wp-admin/customize.php

    r30306 r30356  
    1414
    1515if ( ! current_user_can( 'customize' ) ) {
    16     wp_die( __( 'Cheatin’ uh?' ) );
     16    wp_die( __( 'Cheatin’ uh?' ), 403 );
    1717}
    1818
  • trunk/src/wp-admin/edit-comments.php

    r27774 r30356  
    1010require_once( dirname( __FILE__ ) . '/admin.php' );
    1111if ( !current_user_can('edit_posts') )
    12     wp_die(__('Cheatin’ uh?'));
     12    wp_die( __( 'Cheatin’ uh?' ), 403 );
    1313
    1414$wp_list_table = _get_list_table('WP_Comments_List_Table');
  • trunk/src/wp-admin/edit-tags.php

    r29821 r30356  
    1919
    2020if ( ! current_user_can( $tax->cap->manage_terms ) )
    21     wp_die( __( 'Cheatin’ uh?' ) );
     21    wp_die( __( 'Cheatin’ uh?' ), 403 );
    2222
    2323$wp_list_table = _get_list_table('WP_Terms_List_Table');
     
    4848
    4949    if ( !current_user_can( $tax->cap->edit_terms ) )
    50         wp_die( __( 'Cheatin’ uh?' ) );
     50        wp_die( __( 'Cheatin’ uh?' ), 403 );
    5151
    5252    $ret = wp_insert_term( $_POST['tag-name'], $taxonomy, $_POST );
     
    8484
    8585    if ( !current_user_can( $tax->cap->delete_terms ) )
    86         wp_die( __( 'Cheatin’ uh?' ) );
     86        wp_die( __( 'Cheatin’ uh?' ), 403 );
    8787
    8888    wp_delete_term( $tag_ID, $taxonomy );
     
    9696
    9797    if ( !current_user_can( $tax->cap->delete_terms ) )
    98         wp_die( __( 'Cheatin’ uh?' ) );
     98        wp_die( __( 'Cheatin’ uh?' ), 403 );
    9999
    100100    $tags = (array) $_REQUEST['delete_tags'];
     
    134134
    135135    if ( !current_user_can( $tax->cap->edit_terms ) )
    136         wp_die( __( 'Cheatin’ uh?' ) );
     136        wp_die( __( 'Cheatin’ uh?' ), 403 );
    137137
    138138    $tag = get_term( $tag_ID, $taxonomy );
  • trunk/src/wp-admin/edit.php

    r30155 r30356  
    2626
    2727if ( ! current_user_can( $post_type_object->cap->edit_posts ) )
    28     wp_die( __( 'Cheatin’ uh?' ) );
     28    wp_die( __( 'Cheatin’ uh?' ), 403 );
    2929
    3030$wp_list_table = _get_list_table('WP_Posts_List_Table');
  • trunk/src/wp-admin/includes/bookmark.php

    r30203 r30356  
    2828function edit_link( $link_id = 0 ) {
    2929    if ( !current_user_can( 'manage_links' ) )
    30         wp_die( __( 'Cheatin’ uh?' ) );
     30        wp_die( __( 'Cheatin’ uh?' ), 403 );
    3131
    3232    $_POST['link_url'] = esc_html( $_POST['link_url'] );
  • trunk/src/wp-admin/media-upload.php

    r29206 r30356  
    3333// Require an ID for the edit screen.
    3434if ( isset($action) && $action == 'edit' && !$ID )
    35     wp_die( __( 'Cheatin’ uh?' ) );
     35    wp_die( __( 'Cheatin’ uh?' ), 403 );
    3636
    3737    if ( ! empty( $_REQUEST['post_id'] ) && ! current_user_can( 'edit_post' , $_REQUEST['post_id'] ) )
    38         wp_die( __( 'Cheatin’ uh?' ) );
     38        wp_die( __( 'Cheatin’ uh?' ), 403 );
    3939
    4040    // Upload type: image, video, file, ..?
  • trunk/src/wp-admin/nav-menus.php

    r29900 r30356  
    2121// Permissions Check
    2222if ( ! current_user_can('edit_theme_options') )
    23     wp_die( __( 'Cheatin’ uh?' ) );
     23    wp_die( __( 'Cheatin’ uh?' ), 403 );
    2424
    2525wp_enqueue_script( 'nav-menu' );
  • trunk/src/wp-admin/network/site-users.php

    r28497 r30356  
    134134                    // If the user doesn't already belong to the blog, bail.
    135135                    if ( !is_user_member_of_blog( $user_id ) )
    136                         wp_die(__('Cheatin’ uh?'));
     136                        wp_die( __( 'Cheatin’ uh?' ), 403 );
    137137
    138138                    $user = get_userdata( $user_id );
  • trunk/src/wp-admin/options.php

    r30335 r30356  
    4646
    4747if ( !current_user_can( $capability ) )
    48     wp_die(__('Cheatin’ uh?'));
     48    wp_die( __( 'Cheatin’ uh?' ), 403 );
    4949
    5050// Handle admin email change requests
     
    7070
    7171if ( is_multisite() && !is_super_admin() && 'update' != $action )
    72     wp_die(__('Cheatin’ uh?'));
     72    wp_die( __( 'Cheatin’ uh?' ), 403 );
    7373
    7474$whitelist_options = array(
  • trunk/src/wp-admin/post-new.php

    r29300 r30356  
    4949
    5050if ( ! current_user_can( $post_type_object->cap->edit_posts ) || ! current_user_can( $post_type_object->cap->create_posts ) )
    51     wp_die( __( 'Cheatin’ uh?' ) );
     51    wp_die( __( 'Cheatin’ uh?' ), 403 );
    5252
    5353// Schedule auto-draft cleanup
  • trunk/src/wp-admin/press-this.php

    r29961 r30356  
    1515
    1616if ( ! current_user_can( 'edit_posts' ) || ! current_user_can( get_post_type_object( 'post' )->cap->create_posts ) )
    17     wp_die( __( 'Cheatin’ uh?' ) );
     17    wp_die( __( 'Cheatin’ uh?' ), 403 );
    1818
    1919/**
  • trunk/src/wp-admin/themes.php

    r29961 r30356  
    1111
    1212if ( !current_user_can('switch_themes') && !current_user_can('edit_theme_options') )
    13     wp_die( __( 'Cheatin’ uh?' ) );
     13    wp_die( __( 'Cheatin’ uh?' ), 403 );
    1414
    1515if ( current_user_can( 'switch_themes' ) && isset($_GET['action'] ) ) {
     
    1818        $theme = wp_get_theme( $_GET['stylesheet'] );
    1919        if ( ! $theme->exists() || ! $theme->is_allowed() )
    20             wp_die( __( 'Cheatin’ uh?' ) );
     20            wp_die( __( 'Cheatin’ uh?' ), 403 );
    2121        switch_theme( $theme->get_stylesheet() );
    2222        wp_redirect( admin_url('themes.php?activated=true') );
     
    2626        $theme = wp_get_theme( $_GET['stylesheet'] );
    2727        if ( !current_user_can('delete_themes') || ! $theme->exists() )
    28             wp_die( __( 'Cheatin’ uh?' ) );
     28            wp_die( __( 'Cheatin’ uh?' ), 403 );
    2929        delete_theme($_GET['stylesheet']);
    3030        wp_redirect( admin_url('themes.php?deleted=true') );
  • trunk/src/wp-admin/user-new.php

    r30033 r30356  
    1212if ( is_multisite() ) {
    1313    if ( ! current_user_can( 'create_users' ) && ! current_user_can( 'promote_users' ) )
    14         wp_die( __( 'Cheatin’ uh?' ) );
     14        wp_die( __( 'Cheatin’ uh?' ), 403 );
    1515} elseif ( ! current_user_can( 'create_users' ) ) {
    16     wp_die( __( 'Cheatin’ uh?' ) );
     16    wp_die( __( 'Cheatin’ uh?' ), 403 );
    1717}
    1818
     
    5656
    5757    if ( ! current_user_can('promote_user', $user_details->ID) )
    58         wp_die(__('Cheatin’ uh?'));
     58        wp_die( __( 'Cheatin’ uh?' ), 403 );
    5959
    6060    // Adding an existing user to this blog
     
    9393
    9494    if ( ! current_user_can('create_users') )
    95         wp_die(__('Cheatin’ uh?'));
     95        wp_die( __( 'Cheatin’ uh?' ), 403 );
    9696
    9797    if ( ! is_multisite() ) {
  • trunk/src/wp-admin/users.php

    r29707 r30356  
    1111
    1212if ( ! current_user_can( 'list_users' ) )
    13     wp_die( __( 'Cheatin’ uh?' ) );
     13    wp_die( __( 'Cheatin’ uh?' ), 403 );
    1414
    1515$wp_list_table = _get_list_table('WP_Users_List_Table');
     
    129129        // If the user doesn't already belong to the blog, bail.
    130130        if ( is_multisite() && !is_user_member_of_blog( $id ) )
    131             wp_die(__('Cheatin’ uh?'));
     131            wp_die( __( 'Cheatin’ uh?' ), 403 );
    132132
    133133        $user = get_userdata( $id );
  • trunk/src/wp-admin/widgets.php

    r29206 r30356  
    1414
    1515if ( ! current_user_can('edit_theme_options') )
    16     wp_die( __( 'Cheatin’ uh?' ));
     16    wp_die( __( 'Cheatin’ uh?' ), 403 );
    1717
    1818$widgets_access = get_user_setting( 'widgets_access' );
  • trunk/src/wp-includes/functions.php

    r30355 r30356  
    23132313 */
    23142314function wp_nonce_ays( $action ) {
    2315     $title = __( 'WordPress Failure Notice' );
    23162315    if ( 'log-out' == $action ) {
    23172316        $html = sprintf( __( 'You are attempting to log out of %s' ), get_bloginfo( 'name' ) ) . '</p><p>';
     
    23242323    }
    23252324
    2326     wp_die( $html, $title, array('response' => 403) );
     2325    wp_die( $html, __( 'WordPress Failure Notice' ), 403 );
    23272326}
    23282327
Note: See TracChangeset for help on using the changeset viewer.