Changeset 31658 for trunk/src/wp-admin/network/users.php

Timestamp:

03/07/2015 05:59:17 AM (10 years ago)

Author:

jeremyfelt

Message:

Return HTTP status code 403 in network admin when access is forbidden.

When the error message "You do not have permission to access this page" is used in network admin screens, return an HTTP status code of 403 to match. Previously: [30356] and [31300].

Props yo-l1982.

Fixes #31422.

File:

• trunk/src/wp-admin/network/users.php (modified) (5 diffs)

trunk/src/wp-admin/network/users.php

@@ -15 +15 @@
 
 if ( ! current_user_can( 'manage_network_users' ) )
-    wp_die( __( 'You do not have permission to access this page.' ) );
+    wp_die( __( 'You do not have permission to access this page.' ), '', array( 'response' => 403 ) );
 
 function confirm_delete_users( $users ) {
@@ -124 +124 @@
         case 'deleteuser':
             if ( ! current_user_can( 'manage_network_users' ) )
-                wp_die( __( 'You do not have permission to access this page.' ) );
+                wp_die( __( 'You do not have permission to access this page.' ), '', array( 'response' => 403 ) );
 
             check_admin_referer( 'deleteuser' );
@@ -145 +145 @@
         case 'allusers':
             if ( !current_user_can( 'manage_network_users' ) )
-                wp_die( __( 'You do not have permission to access this page.' ) );
+                wp_die( __( 'You do not have permission to access this page.' ), '', array( 'response' => 403 ) );
 
             if ( ( isset( $_POST['action']) || isset($_POST['action2'] ) ) && isset( $_POST['allusers'] ) ) {
@@ -158 +158 @@
                             case 'delete':
                                 if ( ! current_user_can( 'delete_users' ) )
-                                    wp_die( __( 'You do not have permission to access this page.' ) );
+                                    wp_die( __( 'You do not have permission to access this page.' ), '', array( 'response' => 403 ) );
                                 $title = __( 'Users' );
                                 $parent_file = 'users.php';
@@ -207 +207 @@
             check_admin_referer( 'ms-users-delete' );
             if ( ! ( current_user_can( 'manage_network_users' ) && current_user_can( 'delete_users' ) ) )
-                wp_die( __( 'You do not have permission to access this page.' ) );
+                wp_die( __( 'You do not have permission to access this page.' ), '', array( 'response' => 403 ) );
 
             if ( ! empty( $_POST['blog'] ) && is_array( $_POST['blog'] ) ) {