WordPress.org

Make WordPress Core

Opened 5 years ago

Last modified 2 months ago

#10551 accepted defect (bug)

wp_die() triggers block when using ModSecurity core rule set — at Initial Version

Reported by: cstrosser Owned by: ryan
Milestone: Future Release Priority: low
Severity: normal Version: 2.8.3
Component: Security Keywords: needs-patch dev-feedback westi-likes
Focuses: Cc:

Description

wp_die() causes ModSecurity (using Core Rules), a commonly used Apache plugin, to throw a 406 error, blocking the message from displaying.

This seems to be triggered by the fact that a 500 error is thrown. I went and changed the default status code to 401 (Unauthorized) and it worked like a charm. I just wonder if there is a better fix for this issue... or simply a better status code to use.

Perhaps making a group of functions to make the error codes more focused.

Example:

wp_die_auth( ('You do not have sufficient permissions to access this page.') );

/

  • Exits WordPress with Unauthorized status code. *
  • @see wp_die() */

function wp_die_auth($message, $title = ) {

wp_die( $message, $title, 401 );

}

Change History (0)

Note: See TracTickets for help on using tickets.