Skip to content

Commit 4e1e474

Browse files
johnbillionjohnbillion
committed
Switch to a 403 response code in places where it is more appropriate than a 500 due to permissions errors.
Fixes WordPress#10551 Props nacin git-svn-id: https://develop.svn.wordpress.org/trunk@30356 602fd350-edb4-49c9-b593-d223f7449a82
1 parent b68026b commit 4e1e474

17 files changed

Lines changed: 31 additions & 32 deletions

src/wp-admin/custom-header.php

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -739,7 +739,7 @@ public function step_1() {
739739
public function step_2() {
740740
check_admin_referer('custom-header-upload', '_wpnonce-custom-header-upload');
741741
if ( ! current_theme_supports( 'custom-header', 'uploads' ) )
742-
wp_die( __( 'Cheatin’ uh?' ) );
742+
wp_die( __( 'Cheatin’ uh?' ), 403 );
743743

744744
if ( empty( $_POST ) && isset( $_GET['file'] ) ) {
745745
$attachment_id = absint( $_GET['file'] );
@@ -890,10 +890,10 @@ public function step_3() {
890890
check_admin_referer( 'custom-header-crop-image' );
891891

892892
if ( ! current_theme_supports( 'custom-header', 'uploads' ) )
893-
wp_die( __( 'Cheatin’ uh?' ) );
893+
wp_die( __( 'Cheatin’ uh?' ), 403 );
894894

895895
if ( ! empty( $_POST['skip-cropping'] ) && ! ( current_theme_supports( 'custom-header', 'flex-height' ) || current_theme_supports( 'custom-header', 'flex-width' ) ) )
896-
wp_die( __( 'Cheatin’ uh?' ) );
896+
wp_die( __( 'Cheatin’ uh?' ), 403 );
897897

898898
if ( $_POST['oitar'] > 1 ) {
899899
$_POST['x1'] = $_POST['x1'] * $_POST['oitar'];

src/wp-admin/customize.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,7 @@
1313
require_once( dirname( __FILE__ ) . '/admin.php' );
1414

1515
if ( ! current_user_can( 'customize' ) ) {
16-
wp_die( __( 'Cheatin’ uh?' ) );
16+
wp_die( __( 'Cheatin’ uh?' ), 403 );
1717
}
1818

1919
wp_reset_vars( array( 'url', 'return' ) );

src/wp-admin/edit-comments.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,7 @@
99
/** WordPress Administration Bootstrap */
1010
require_once( dirname( __FILE__ ) . '/admin.php' );
1111
if ( !current_user_can('edit_posts') )
12-
wp_die(__('Cheatin’ uh?'));
12+
wp_die( __( 'Cheatin’ uh?' ), 403 );
1313

1414
$wp_list_table = _get_list_table('WP_Comments_List_Table');
1515
$pagenum = $wp_list_table->get_pagenum();

src/wp-admin/edit-tags.php

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,7 @@
1818
wp_die( __( 'Invalid taxonomy' ) );
1919

2020
if ( ! current_user_can( $tax->cap->manage_terms ) )
21-
wp_die( __( 'Cheatin’ uh?' ) );
21+
wp_die( __( 'Cheatin’ uh?' ), 403 );
2222

2323
$wp_list_table = _get_list_table('WP_Terms_List_Table');
2424
$pagenum = $wp_list_table->get_pagenum();
@@ -47,7 +47,7 @@
4747
check_admin_referer( 'add-tag', '_wpnonce_add-tag' );
4848

4949
if ( !current_user_can( $tax->cap->edit_terms ) )
50-
wp_die( __( 'Cheatin’ uh?' ) );
50+
wp_die( __( 'Cheatin’ uh?' ), 403 );
5151

5252
$ret = wp_insert_term( $_POST['tag-name'], $taxonomy, $_POST );
5353
$location = 'edit-tags.php?taxonomy=' . $taxonomy;
@@ -83,7 +83,7 @@
8383
check_admin_referer( 'delete-tag_' . $tag_ID );
8484

8585
if ( !current_user_can( $tax->cap->delete_terms ) )
86-
wp_die( __( 'Cheatin’ uh?' ) );
86+
wp_die( __( 'Cheatin’ uh?' ), 403 );
8787

8888
wp_delete_term( $tag_ID, $taxonomy );
8989

@@ -95,7 +95,7 @@
9595
check_admin_referer( 'bulk-tags' );
9696

9797
if ( !current_user_can( $tax->cap->delete_terms ) )
98-
wp_die( __( 'Cheatin’ uh?' ) );
98+
wp_die( __( 'Cheatin’ uh?' ), 403 );
9999

100100
$tags = (array) $_REQUEST['delete_tags'];
101101
foreach ( $tags as $tag_ID ) {
@@ -133,7 +133,7 @@
133133
check_admin_referer( 'update-tag_' . $tag_ID );
134134

135135
if ( !current_user_can( $tax->cap->edit_terms ) )
136-
wp_die( __( 'Cheatin’ uh?' ) );
136+
wp_die( __( 'Cheatin’ uh?' ), 403 );
137137

138138
$tag = get_term( $tag_ID, $taxonomy );
139139
if ( ! $tag )

src/wp-admin/edit.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -25,7 +25,7 @@
2525
wp_die( __( 'Invalid post type' ) );
2626

2727
if ( ! current_user_can( $post_type_object->cap->edit_posts ) )
28-
wp_die( __( 'Cheatin’ uh?' ) );
28+
wp_die( __( 'Cheatin’ uh?' ), 403 );
2929

3030
$wp_list_table = _get_list_table('WP_Posts_List_Table');
3131
$pagenum = $wp_list_table->get_pagenum();

src/wp-admin/includes/bookmark.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -27,7 +27,7 @@ function add_link() {
2727
*/
2828
function edit_link( $link_id = 0 ) {
2929
if ( !current_user_can( 'manage_links' ) )
30-
wp_die( __( 'Cheatin’ uh?' ) );
30+
wp_die( __( 'Cheatin’ uh?' ), 403 );
3131

3232
$_POST['link_url'] = esc_html( $_POST['link_url'] );
3333
$_POST['link_url'] = esc_url($_POST['link_url']);

src/wp-admin/media-upload.php

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -32,10 +32,10 @@
3232

3333
// Require an ID for the edit screen.
3434
if ( isset($action) && $action == 'edit' && !$ID )
35-
wp_die( __( 'Cheatin’ uh?' ) );
35+
wp_die( __( 'Cheatin’ uh?' ), 403 );
3636

3737
if ( ! empty( $_REQUEST['post_id'] ) && ! current_user_can( 'edit_post' , $_REQUEST['post_id'] ) )
38-
wp_die( __( 'Cheatin’ uh?' ) );
38+
wp_die( __( 'Cheatin’ uh?' ), 403 );
3939

4040
// Upload type: image, video, file, ..?
4141
if ( isset($_GET['type']) ) {

src/wp-admin/nav-menus.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -20,7 +20,7 @@
2020

2121
// Permissions Check
2222
if ( ! current_user_can('edit_theme_options') )
23-
wp_die( __( 'Cheatin’ uh?' ) );
23+
wp_die( __( 'Cheatin’ uh?' ), 403 );
2424

2525
wp_enqueue_script( 'nav-menu' );
2626

src/wp-admin/network/site-users.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -133,7 +133,7 @@
133133

134134
// If the user doesn't already belong to the blog, bail.
135135
if ( !is_user_member_of_blog( $user_id ) )
136-
wp_die(__('Cheatin’ uh?'));
136+
wp_die( __( 'Cheatin’ uh?' ), 403 );
137137

138138
$user = get_userdata( $user_id );
139139
$user->set_role( $_REQUEST['new_role'] );

src/wp-admin/options.php

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -45,7 +45,7 @@
4545
}
4646

4747
if ( !current_user_can( $capability ) )
48-
wp_die(__('Cheatin’ uh?'));
48+
wp_die( __( 'Cheatin’ uh?' ), 403 );
4949

5050
// Handle admin email change requests
5151
if ( is_multisite() ) {
@@ -69,7 +69,7 @@
6969
}
7070

7171
if ( is_multisite() && !is_super_admin() && 'update' != $action )
72-
wp_die(__('Cheatin’ uh?'));
72+
wp_die( __( 'Cheatin’ uh?' ), 403 );
7373

7474
$whitelist_options = array(
7575
'general' => array( 'blogname', 'blogdescription', 'gmt_offset', 'date_format', 'time_format', 'start_of_week', 'timezone_string', 'WPLANG' ),

0 commit comments

Comments
 (0)