Make WordPress Core


Ignore:
Timestamp:
08/28/2016 05:30:29 PM (8 years ago)
Author:
johnbillion
Message:

Security: Return a 403 instead of a 200 HTTP status when check_ajax_referer() fails.

This is, unfortunately, untestable in the current test suite, even in the AJAX tests.

Fixes #36362

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/pluggable.php

    r38420 r38421  
    11091109    if ( $die && false === $result ) {
    11101110        if ( wp_doing_ajax() ) {
    1111             wp_die( -1 );
     1111            wp_die( -1, 403 );
    11121112        } else {
    11131113            die( '-1' );
Note: See TracChangeset for help on using the changeset viewer.