Make WordPress Core


Ignore:
Timestamp:
06/17/2019 06:36:28 PM (5 years ago)
Author:
SergeyBiryukov
Message:

Bootstrap/Load: Return a 403 error code when the recovery mode cookie is invalid or expired, or the exit recovery mode nonce check failed.

Props david.binda, spacedmonkey.
Fixes #47479.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/class-wp-recovery-mode.php

    r45268 r45544  
    240240
    241241        if ( ! isset( $_GET['_wpnonce'] ) || ! wp_verify_nonce( $_GET['_wpnonce'], self::EXIT_ACTION ) ) {
    242             wp_die( __( 'Exit recovery mode link expired.' ) );
     242            wp_die( __( 'Exit recovery mode link expired.' ), 403 );
    243243        }
    244244
     
    273273            $this->cookie_service->clear_cookie();
    274274
    275             wp_die( $validated, '' );
     275            $validated->add_data( array( 'status' => 403 ) );
     276            wp_die( $validated );
    276277        }
    277278
     
    280281            $this->cookie_service->clear_cookie();
    281282
    282             wp_die( $session_id, '' );
     283            $session_id->add_data( array( 'status' => 403 ) );
     284            wp_die( $session_id );
    283285        }
    284286
Note: See TracChangeset for help on using the changeset viewer.