WordPress.org

Make WordPress Core

Opened 5 years ago

Closed 5 years ago

Last modified 5 years ago

#31422 closed defect (bug) (fixed)

Permission errors should not return 500 server error.

Reported by: yo-l1982 Owned by: jeremyfelt
Milestone: 4.2 Priority: normal
Severity: normal Version: 4.2
Component: Networks and Sites Keywords: has-patch
Focuses: multisite Cc:
PR Number:

Description

In network-installs, permission denied errors send an 500 server error.
Should be 403.

This status code can be confusing when load balancers captures server errors to hide from users but nothing gets logged in error logs.

Attachments (1)

network-500-error.patch (7.7 KB) - added by yo-l1982 5 years ago.
Patch for this issue.

Download all attachments as: .zip

Change History (4)

@yo-l1982
5 years ago

Patch for this issue.

#1 @SergeyBiryukov
5 years ago

  • Keywords has-patch added
  • Milestone changed from Awaiting Review to 4.2

Makes sense, see [30356] and [31300].

#2 @jeremyfelt
5 years ago

  • Owner set to jeremyfelt
  • Resolution set to fixed
  • Status changed from new to closed

In 31658:

Return HTTP status code 403 in network admin when access is forbidden.

When the error message "You do not have permission to access this page" is used in network admin screens, return an HTTP status code of 403 to match. Previously: [30356] and [31300].

Props yo-l1982.

Fixes #31422.

#3 @nacin
5 years ago

In 32152:

Update wp_die() calls modified in [31658] to use shorthand calling style.

see #31422.

Note: See TracTickets for help on using tickets.