Upstream/WordPress
1
0
Fork 0
mirror of https://github.com/WordPress/WordPress.git synced 2024-06-23 13:24:57 +02:00
Code Issues Projects Releases Wiki Activity

Users: Use more appropriate HTTP status codes for errors relating to user management.

Browse Source 
Also re-uses one error message string.

Props tuanmh

Fixes #40230

Built from https://develop.svn.wordpress.org/trunk@40940


git-svn-id: http://core.svn.wordpress.org/trunk@40790 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
John Blackbourn 2017-06-25 18:46:44 +00:00
parent 46551a898a
commit a507248146
4 changed files with 15 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
wp-admin/includes/user.php
View File

@ -59,7 +59,7 @@ function edit_user( $user_id = 0 ) {
// If the new role isn't editable by the logged-in user die with error
$editable_roles = get_editable_roles();
if ( ! empty( $new_role ) && empty( $editable_roles[$new_role] ) )
wp_die(__('You can’t give users that role.'));
wp_die( __( 'Sorry, you are not allowed to give users that role.' ), 403 );
}
if ( isset( $_POST['email'] ))

6
wp-admin/network/site-users.php
View File

@ -11,7 +11,7 @@
require_once( dirname( __FILE__ ) . '/admin.php' );
if ( ! current_user_can('manage_sites') )
wp_die(__('Sorry, you are not allowed to edit this site.'));
wp_die( __( 'Sorry, you are not allowed to edit this site.' ), 403 );
$wp_list_table = _get_list_table('WP_Users_List_Table');
$wp_list_table->prepare_items();
@ -115,7 +115,7 @@ if ( $action ) {
case 'remove':
if ( ! current_user_can( 'remove_users' ) ) {
wp_die( __( 'Sorry, you are not allowed to remove users.' ) );
wp_die( __( 'Sorry, you are not allowed to remove users.' ), 403 );
}
check_admin_referer( 'bulk-users' );
@ -146,7 +146,7 @@ if ( $action ) {
}
if ( empty( $editable_roles[ $role ] ) ) {
wp_die( __( 'Sorry, you are not allowed to give users that role.' ) );
wp_die( __( 'Sorry, you are not allowed to give users that role.' ), 403 );
}
if ( isset( $_REQUEST['users'] ) ) {

20
wp-admin/users.php
View File

@ -94,7 +94,7 @@ case 'promote':
check_admin_referer('bulk-users');
if ( ! current_user_can( 'promote_users' ) )
wp_die( __( 'Sorry, you are not allowed to edit this user.' ) );
wp_die( __( 'Sorry, you are not allowed to edit this user.' ), 403 );
if ( empty($_REQUEST['users']) ) {
wp_redirect($redirect);
@ -110,7 +110,7 @@ case 'promote':
}
if ( ! $role || empty( $editable_roles[ $role ] ) ) {
wp_die( __( 'Sorry, you are not allowed to give users that role.' ) );
wp_die( __( 'Sorry, you are not allowed to give users that role.' ), 403 );
}
$userids = $_REQUEST['users'];
@ -119,7 +119,7 @@ case 'promote':
$id = (int) $id;
if ( ! current_user_can('promote_user', $id) )
wp_die(__('Sorry, you are not allowed to edit this user.'));
wp_die( __( 'Sorry, you are not allowed to edit this user.' ), 403 );
// The new role of the current user must also have the promote_users cap or be a multisite super admin
if ( $id == $current_user->ID && ! $wp_roles->role_objects[ $role ]->has_cap('promote_users')
&& ! ( is_multisite() && current_user_can( 'manage_network_users' ) ) ) {
@ -145,7 +145,7 @@ case 'promote':
case 'dodelete':
if ( is_multisite() )
wp_die( __('User deletion is not allowed from this screen.') );
wp_die( __('User deletion is not allowed from this screen.'), 400 );
check_admin_referer('delete-users');
@ -164,14 +164,14 @@ case 'dodelete':
}
if ( ! current_user_can( 'delete_users' ) )
wp_die(__('Sorry, you are not allowed to delete users.'));
wp_die( __( 'Sorry, you are not allowed to delete users.' ), 403 );
$update = 'del';
$delete_count = 0;
foreach ( $userids as $id ) {
if ( ! current_user_can( 'delete_user', $id ) )
wp_die(__( 'Sorry, you are not allowed to delete that user.' ) );
wp_die( __( 'Sorry, you are not allowed to delete that user.' ), 403 );
if ( $id == $current_user->ID ) {
$update = 'err_admin_del';
@ -194,7 +194,7 @@ case 'dodelete':
case 'delete':
if ( is_multisite() )
wp_die( __('User deletion is not allowed from this screen.') );
wp_die( __('User deletion is not allowed from this screen.'), 400 );
check_admin_referer('bulk-users');
@ -306,7 +306,7 @@ case 'doremove':
check_admin_referer('remove-users');
if ( ! is_multisite() )
wp_die( __( 'You can’t remove users.' ) );
wp_die( __( 'You can’t remove users.' ), 400 );
if ( empty($_REQUEST['users']) ) {
wp_redirect($redirect);
@ -314,7 +314,7 @@ case 'doremove':
}
if ( ! current_user_can( 'remove_users' ) )
wp_die( __( 'Sorry, you are not allowed to remove users.' ) );
wp_die( __( 'Sorry, you are not allowed to remove users.' ), 403 );
$userids = $_REQUEST['users'];
@ -337,7 +337,7 @@ case 'remove':
check_admin_referer('bulk-users');
if ( ! is_multisite() )
wp_die( __( 'You can’t remove users.' ) );
wp_die( __( 'You can’t remove users.' ), 400 );
if ( empty($_REQUEST['users']) && empty($_REQUEST['user']) ) {
wp_redirect($redirect);

2
wp-includes/version.php
View File

@ -4,7 +4,7 @@
*
* @global string $wp_version
*/
$wp_version = '4.9-alpha-40939';
$wp_version = '4.9-alpha-40940';
/**
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.