Upstream/WordPress
1
0
Fork 0
mirror of https://github.com/WordPress/WordPress.git synced 2024-06-25 22:35:02 +02:00
Code Issues Projects Releases Wiki Activity

Return HTTP status code 403 in network admin when access is forbidden.

Browse Source 
When the error message "You do not have permission to access this page" is used in network admin screens, return an HTTP status code of 403 to match. Previously: [30356] and [31300].

Props yo-l1982.

Fixes #31422.

Built from https://develop.svn.wordpress.org/trunk@31658


git-svn-id: http://core.svn.wordpress.org/trunk@31639 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
Jeremy Felt 2015-03-07 06:00:28 +00:00
parent 3c4b95c1e3
commit 80d13281ed
11 changed files with 16 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
wp-admin/network/index.php
View File

@ -17,7 +17,7 @@ if ( !is_multisite() )
wp_die( __( 'Multisite support is not enabled.' ) );
if ( ! current_user_can( 'manage_network' ) )
wp_die( __( 'You do not have permission to access this page.' ) );
wp_die( __( 'You do not have permission to access this page.' ), '', array( 'response' => 403 ) );
$title = __( 'Dashboard' );
$parent_file = 'index.php';

2
wp-admin/network/settings.php
View File

@ -17,7 +17,7 @@ if ( ! is_multisite() )
wp_die( __( 'Multisite support is not enabled.' ) );
if ( ! current_user_can( 'manage_network_options' ) )
wp_die( __( 'You do not have permission to access this page.' ) );
wp_die( __( 'You do not have permission to access this page.' ), '', array( 'response' => 403 ) );
$title = __( 'Network Settings' );
$parent_file = 'settings.php';

2
wp-admin/network/site-info.php
View File

@ -40,7 +40,7 @@ if ( ! $id )
$details = get_blog_details( $id );
if ( !can_edit_network( $details->site_id ) )
wp_die( __( 'You do not have permission to access this page.' ) );
wp_die( __( 'You do not have permission to access this page.' ), '', array( 'response' => 403 ) );
$parsed = parse_url( $details->siteurl );
$is_main_site = is_main_site( $id );

2
wp-admin/network/site-settings.php
View File

@ -40,7 +40,7 @@ if ( ! $id )
$details = get_blog_details( $id );
if ( !can_edit_network( $details->site_id ) )
wp_die( __( 'You do not have permission to access this page.' ) );
wp_die( __( 'You do not have permission to access this page.' ), '', array( 'response' => 403 ) );
$is_main_site = is_main_site( $id );

2
wp-admin/network/site-themes.php
View File

@ -57,7 +57,7 @@ $wp_list_table->prepare_items();
$details = get_blog_details( $id );
if ( !can_edit_network( $details->site_id ) )
wp_die( __( 'You do not have permission to access this page.' ) );
wp_die( __( 'You do not have permission to access this page.' ), '', array( 'response' => 403 ) );
$is_main_site = is_main_site( $id );

2
wp-admin/network/site-users.php
View File

@ -50,7 +50,7 @@ if ( ! $id )
$details = get_blog_details( $id );
if ( ! can_edit_network( $details->site_id ) )
wp_die( __( 'You do not have permission to access this page.' ) );
wp_die( __( 'You do not have permission to access this page.' ), '', array( 'response' => 403 ) );
$is_main_site = is_main_site( $id );

4
wp-admin/network/sites.php
View File

@ -14,7 +14,7 @@ if ( ! is_multisite() )
wp_die( __( 'Multisite support is not enabled.' ) );
if ( ! current_user_can( 'manage_sites' ) )
wp_die( __( 'You do not have permission to access this page.' ) );
wp_die( __( 'You do not have permission to access this page.' ), '', array( 'response' => 403 ) );
$wp_list_table = _get_list_table( 'WP_MS_Sites_List_Table' );
$pagenum = $wp_list_table->get_pagenum();
@ -97,7 +97,7 @@ if ( isset( $_GET['action'] ) ) {
case 'deleteblog':
if ( ! current_user_can( 'delete_sites' ) )
wp_die( __( 'You do not have permission to access this page.' ) );
wp_die( __( 'You do not have permission to access this page.' ), '', array( 'response' => 403 ) );
$updated_action = 'not_deleted';
if ( $id != '0' && $id != $current_site->blog_id && current_user_can( 'delete_site', $id ) ) {

2
wp-admin/network/upgrade.php
View File

@ -36,7 +36,7 @@ get_current_screen()->set_help_sidebar(
require_once( ABSPATH . 'wp-admin/admin-header.php' );
if ( ! current_user_can( 'manage_network' ) )
wp_die( __( 'You do not have permission to access this page.' ) );
wp_die( __( 'You do not have permission to access this page.' ), '', array( 'response' => 403 ) );
echo '<div class="wrap">';
echo '<h2>' . __( 'Upgrade Network' ) . '</h2>';

2
wp-admin/network/user-new.php
View File

@ -33,7 +33,7 @@ get_current_screen()->set_help_sidebar(
if ( isset($_REQUEST['action']) && 'add-user' == $_REQUEST['action'] ) {
check_admin_referer( 'add-user', '_wpnonce_add-user' );
if ( ! current_user_can( 'manage_network_users' ) )
wp_die( __( 'You do not have permission to access this page.' ) );
wp_die( __( 'You do not have permission to access this page.' ), '', array( 'response' => 403 ) );
if ( ! is_array( $_POST['user'] ) )
wp_die( __( 'Cannot create an empty user.' ) );

10
wp-admin/network/users.php
View File

@ -14,7 +14,7 @@ if ( ! is_multisite() )
wp_die( __( 'Multisite support is not enabled.' ) );
if ( ! current_user_can( 'manage_network_users' ) )
wp_die( __( 'You do not have permission to access this page.' ) );
wp_die( __( 'You do not have permission to access this page.' ), '', array( 'response' => 403 ) );
function confirm_delete_users( $users ) {
$current_user = wp_get_current_user();
@ -123,7 +123,7 @@ if ( isset( $_GET['action'] ) ) {
switch ( $_GET['action'] ) {
case 'deleteuser':
if ( ! current_user_can( 'manage_network_users' ) )
wp_die( __( 'You do not have permission to access this page.' ) );
wp_die( __( 'You do not have permission to access this page.' ), '', array( 'response' => 403 ) );
check_admin_referer( 'deleteuser' );
@ -144,7 +144,7 @@ if ( isset( $_GET['action'] ) ) {
case 'allusers':
if ( !current_user_can( 'manage_network_users' ) )
wp_die( __( 'You do not have permission to access this page.' ) );
wp_die( __( 'You do not have permission to access this page.' ), '', array( 'response' => 403 ) );
if ( ( isset( $_POST['action']) || isset($_POST['action2'] ) ) && isset( $_POST['allusers'] ) ) {
check_admin_referer( 'bulk-users-network' );
@ -157,7 +157,7 @@ if ( isset( $_GET['action'] ) ) {
switch ( $doaction ) {
case 'delete':
if ( ! current_user_can( 'delete_users' ) )
wp_die( __( 'You do not have permission to access this page.' ) );
wp_die( __( 'You do not have permission to access this page.' ), '', array( 'response' => 403 ) );
$title = __( 'Users' );
$parent_file = 'users.php';
require_once( ABSPATH . 'wp-admin/admin-header.php' );
@ -206,7 +206,7 @@ if ( isset( $_GET['action'] ) ) {
case 'dodelete':
check_admin_referer( 'ms-users-delete' );
if ( ! ( current_user_can( 'manage_network_users' ) && current_user_can( 'delete_users' ) ) )
wp_die( __( 'You do not have permission to access this page.' ) );
wp_die( __( 'You do not have permission to access this page.' ), '', array( 'response' => 403 ) );
if ( ! empty( $_POST['blog'] ) && is_array( $_POST['blog'] ) ) {
foreach ( $_POST['blog'] as $id => $users ) {

2
wp-includes/version.php
View File

@ -4,7 +4,7 @@
*
* @global string $wp_version
*/
$wp_version = '4.2-alpha-31657';
$wp_version = '4.2-alpha-31658';
/**
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.