Make WordPress Core

Opened 10 years ago

Closed 10 years ago

Last modified 10 years ago

#31422 closed defect (bug) (fixed)

Permission errors should not return 500 server error.

Reported by: yo-l1982's profile yo-l1982 Owned by: jeremyfelt's profile jeremyfelt
Milestone: 4.2 Priority: normal
Severity: normal Version: 4.2
Component: Networks and Sites Keywords: has-patch
Focuses: multisite Cc:

Description

In network-installs, permission denied errors send an 500 server error.
Should be 403.

This status code can be confusing when load balancers captures server errors to hide from users but nothing gets logged in error logs.

Attachments (1)

network-500-error.patch (7.7 KB) - added by yo-l1982 10 years ago.
Patch for this issue.

Download all attachments as: .zip

Change History (4)

@yo-l1982
10 years ago

Patch for this issue.

#1 @SergeyBiryukov
10 years ago

  • Keywords has-patch added
  • Milestone changed from Awaiting Review to 4.2

Makes sense, see [30356] and [31300].

#2 @jeremyfelt
10 years ago

  • Owner set to jeremyfelt
  • Resolution set to fixed
  • Status changed from new to closed

In 31658:

Return HTTP status code 403 in network admin when access is forbidden.

When the error message "You do not have permission to access this page" is used in network admin screens, return an HTTP status code of 403 to match. Previously: [30356] and [31300].

Props yo-l1982.

Fixes #31422.

#3 @nacin
10 years ago

In 32152:

Update wp_die() calls modified in [31658] to use shorthand calling style.

see #31422.

Note: See TracTickets for help on using tickets.