Upstream/WordPress
1
0
Fork 0
mirror of https://github.com/WordPress/WordPress.git synced 2024-09-24 21:32:51 +02:00
Code Issues Projects Releases Wiki Activity

Bootstrap/Load: Return a 403 error code when the recovery mode cookie is invalid or expired, or the exit recovery mode nonce check failed.

Browse Source 
Props david.binda, spacedmonkey.
Fixes #47479.
Built from https://develop.svn.wordpress.org/trunk@45544


git-svn-id: http://core.svn.wordpress.org/trunk@45355 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
Sergey Biryukov 2019-06-17 18:37:55 +00:00
parent 88ffa41ee3
commit 038c980a42
2 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
wp-includes/class-wp-recovery-mode.php
View File

@ -239,7 +239,7 @@ class WP_Recovery_Mode {
} }
if ( ! isset( $_GET['_wpnonce'] ) || ! wp_verify_nonce( $_GET['_wpnonce'], self::EXIT_ACTION ) ) { if ( ! isset( $_GET['_wpnonce'] ) || ! wp_verify_nonce( $_GET['_wpnonce'], self::EXIT_ACTION ) ) {
wp_die( __( 'Exit recovery mode link expired.' ) ); wp_die( __( 'Exit recovery mode link expired.' ), 403 );
} }
if ( ! $this->exit_recovery_mode() ) { if ( ! $this->exit_recovery_mode() ) {
@ -272,14 +272,16 @@ class WP_Recovery_Mode {
if ( is_wp_error( $validated ) ) { if ( is_wp_error( $validated ) ) {
$this->cookie_service->clear_cookie(); $this->cookie_service->clear_cookie();
wp_die( $validated, '' ); $validated->add_data( array( 'status' => 403 ) );
wp_die( $validated );
} }
$session_id = $this->cookie_service->get_session_id_from_cookie(); $session_id = $this->cookie_service->get_session_id_from_cookie();
if ( is_wp_error( $session_id ) ) { if ( is_wp_error( $session_id ) ) {
$this->cookie_service->clear_cookie(); $this->cookie_service->clear_cookie();
wp_die( $session_id, '' ); $session_id->add_data( array( 'status' => 403 ) );
wp_die( $session_id );
} }
$this->is_active = true; $this->is_active = true;

2
wp-includes/version.php
View File

@ -13,7 +13,7 @@
* *
* @global string $wp_version * @global string $wp_version
*/ */
$wp_version = '5.3-alpha-45543'; $wp_version = '5.3-alpha-45544';
/** /**
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema. * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.