Make WordPress Core


Ignore:
Timestamp:
06/25/2017 06:45:33 PM (7 years ago)
Author:
johnbillion
Message:

Users: Use more appropriate HTTP status codes for errors relating to user management.

Also re-uses one error message string.

Props tuanmh

Fixes #40230

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/users.php

    r39943 r40940  
    9595
    9696    if ( ! current_user_can( 'promote_users' ) )
    97         wp_die( __( 'Sorry, you are not allowed to edit this user.' ) );
     97        wp_die( __( 'Sorry, you are not allowed to edit this user.' ), 403 );
    9898
    9999    if ( empty($_REQUEST['users']) ) {
     
    111111
    112112    if ( ! $role || empty( $editable_roles[ $role ] ) ) {
    113         wp_die( __( 'Sorry, you are not allowed to give users that role.' ) );
     113        wp_die( __( 'Sorry, you are not allowed to give users that role.' ), 403 );
    114114    }
    115115
     
    120120
    121121        if ( ! current_user_can('promote_user', $id) )
    122             wp_die(__('Sorry, you are not allowed to edit this user.'));
     122            wp_die( __( 'Sorry, you are not allowed to edit this user.' ), 403 );
    123123        // The new role of the current user must also have the promote_users cap or be a multisite super admin
    124124        if ( $id == $current_user->ID && ! $wp_roles->role_objects[ $role ]->has_cap('promote_users')
     
    146146case 'dodelete':
    147147    if ( is_multisite() )
    148         wp_die( __('User deletion is not allowed from this screen.') );
     148        wp_die( __('User deletion is not allowed from this screen.'), 400 );
    149149
    150150    check_admin_referer('delete-users');
     
    165165
    166166    if ( ! current_user_can( 'delete_users' ) )
    167         wp_die(__('Sorry, you are not allowed to delete users.'));
     167        wp_die( __( 'Sorry, you are not allowed to delete users.' ), 403 );
    168168
    169169    $update = 'del';
     
    172172    foreach ( $userids as $id ) {
    173173        if ( ! current_user_can( 'delete_user', $id ) )
    174             wp_die(__( 'Sorry, you are not allowed to delete that user.' ) );
     174            wp_die( __( 'Sorry, you are not allowed to delete that user.' ), 403 );
    175175
    176176        if ( $id == $current_user->ID ) {
     
    195195case 'delete':
    196196    if ( is_multisite() )
    197         wp_die( __('User deletion is not allowed from this screen.') );
     197        wp_die( __('User deletion is not allowed from this screen.'), 400 );
    198198
    199199    check_admin_referer('bulk-users');
     
    307307
    308308    if ( ! is_multisite() )
    309         wp_die( __( 'You can’t remove users.' ) );
     309        wp_die( __( 'You can’t remove users.' ), 400 );
    310310
    311311    if ( empty($_REQUEST['users']) ) {
     
    315315
    316316    if ( ! current_user_can( 'remove_users' ) )
    317         wp_die( __( 'Sorry, you are not allowed to remove users.' ) );
     317        wp_die( __( 'Sorry, you are not allowed to remove users.' ), 403 );
    318318
    319319    $userids = $_REQUEST['users'];
     
    338338
    339339    if ( ! is_multisite() )
    340         wp_die( __( 'You can’t remove users.' ) );
     340        wp_die( __( 'You can’t remove users.' ), 400 );
    341341
    342342    if ( empty($_REQUEST['users']) && empty($_REQUEST['user']) ) {
Note: See TracChangeset for help on using the changeset viewer.