Make WordPress Core

Changeset 45731


Ignore:
Timestamp:
08/03/2019 10:16:23 PM (5 years ago)
Author:
SergeyBiryukov
Message:

Script Loader: Send a 400 Bad Request status code in load-scripts.php and load-styles.php if the required load[] parameter is not set.

Props compilenix.
Fixes #44108.

Location:
trunk/src/wp-admin
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/load-scripts.php

    r45456 r45731  
    1515define( 'WPINC', 'wp-includes' );
    1616
     17$protocol = $_SERVER['SERVER_PROTOCOL'];
     18if ( ! in_array( $protocol, array( 'HTTP/1.1', 'HTTP/2', 'HTTP/2.0' ) ) ) {
     19    $protocol = 'HTTP/1.0';
     20}
     21
    1722$load = $_GET['load'];
    1823if ( is_array( $load ) ) {
     
    2530
    2631if ( empty( $load ) ) {
     32    header( "$protocol 400 Bad Request" );
    2733    exit;
    2834}
     
    4147
    4248if ( isset( $_SERVER['HTTP_IF_NONE_MATCH'] ) && stripslashes( $_SERVER['HTTP_IF_NONE_MATCH'] ) === $wp_version ) {
    43     $protocol = $_SERVER['SERVER_PROTOCOL'];
    44     if ( ! in_array( $protocol, array( 'HTTP/1.1', 'HTTP/2', 'HTTP/2.0' ) ) ) {
    45         $protocol = 'HTTP/1.0';
    46     }
    4749    header( "$protocol 304 Not Modified" );
    4850    exit();
  • trunk/src/wp-admin/load-styles.php

    r45456 r45731  
    1919require( ABSPATH . WPINC . '/version.php' );
    2020
     21$protocol = $_SERVER['SERVER_PROTOCOL'];
     22if ( ! in_array( $protocol, array( 'HTTP/1.1', 'HTTP/2', 'HTTP/2.0' ) ) ) {
     23    $protocol = 'HTTP/1.0';
     24}
     25
    2126$load = $_GET['load'];
    2227if ( is_array( $load ) ) {
     
    2934
    3035if ( empty( $load ) ) {
     36    header( "$protocol 400 Bad Request" );
    3137    exit;
    3238}
     
    4046
    4147if ( isset( $_SERVER['HTTP_IF_NONE_MATCH'] ) && stripslashes( $_SERVER['HTTP_IF_NONE_MATCH'] ) === $wp_version ) {
    42     $protocol = $_SERVER['SERVER_PROTOCOL'];
    43     if ( ! in_array( $protocol, array( 'HTTP/1.1', 'HTTP/2', 'HTTP/2.0' ) ) ) {
    44         $protocol = 'HTTP/1.0';
    45     }
    4648    header( "$protocol 304 Not Modified" );
    4749    exit();
Note: See TracChangeset for help on using the changeset viewer.