Return HTTP status code 403 in network admin when access is forbidden.
When the error message "You do not have permission to access this page" is used in network admin screens, return an HTTP status code of 403 to match. Previously: [30356] and [31300]. Props yo-l1982. Fixes #31422. Built from https://develop.svn.wordpress.org/trunk@31658 git-svn-id: http://core.svn.wordpress.org/trunk@31639 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
3c4b95c1e3
commit
80d13281ed
|
@ -17,7 +17,7 @@ if ( !is_multisite() )
|
|||
wp_die( __( 'Multisite support is not enabled.' ) );
|
||||
|
||||
if ( ! current_user_can( 'manage_network' ) )
|
||||
wp_die( __( 'You do not have permission to access this page.' ) );
|
||||
wp_die( __( 'You do not have permission to access this page.' ), '', array( 'response' => 403 ) );
|
||||
|
||||
$title = __( 'Dashboard' );
|
||||
$parent_file = 'index.php';
|
||||
|
|
|
@ -17,7 +17,7 @@ if ( ! is_multisite() )
|
|||
wp_die( __( 'Multisite support is not enabled.' ) );
|
||||
|
||||
if ( ! current_user_can( 'manage_network_options' ) )
|
||||
wp_die( __( 'You do not have permission to access this page.' ) );
|
||||
wp_die( __( 'You do not have permission to access this page.' ), '', array( 'response' => 403 ) );
|
||||
|
||||
$title = __( 'Network Settings' );
|
||||
$parent_file = 'settings.php';
|
||||
|
|
|
@ -40,7 +40,7 @@ if ( ! $id )
|
|||
|
||||
$details = get_blog_details( $id );
|
||||
if ( !can_edit_network( $details->site_id ) )
|
||||
wp_die( __( 'You do not have permission to access this page.' ) );
|
||||
wp_die( __( 'You do not have permission to access this page.' ), '', array( 'response' => 403 ) );
|
||||
|
||||
$parsed = parse_url( $details->siteurl );
|
||||
$is_main_site = is_main_site( $id );
|
||||
|
|
|
@ -40,7 +40,7 @@ if ( ! $id )
|
|||
|
||||
$details = get_blog_details( $id );
|
||||
if ( !can_edit_network( $details->site_id ) )
|
||||
wp_die( __( 'You do not have permission to access this page.' ) );
|
||||
wp_die( __( 'You do not have permission to access this page.' ), '', array( 'response' => 403 ) );
|
||||
|
||||
$is_main_site = is_main_site( $id );
|
||||
|
||||
|
|
|
@ -57,7 +57,7 @@ $wp_list_table->prepare_items();
|
|||
|
||||
$details = get_blog_details( $id );
|
||||
if ( !can_edit_network( $details->site_id ) )
|
||||
wp_die( __( 'You do not have permission to access this page.' ) );
|
||||
wp_die( __( 'You do not have permission to access this page.' ), '', array( 'response' => 403 ) );
|
||||
|
||||
$is_main_site = is_main_site( $id );
|
||||
|
||||
|
|
|
@ -50,7 +50,7 @@ if ( ! $id )
|
|||
|
||||
$details = get_blog_details( $id );
|
||||
if ( ! can_edit_network( $details->site_id ) )
|
||||
wp_die( __( 'You do not have permission to access this page.' ) );
|
||||
wp_die( __( 'You do not have permission to access this page.' ), '', array( 'response' => 403 ) );
|
||||
|
||||
$is_main_site = is_main_site( $id );
|
||||
|
||||
|
|
|
@ -14,7 +14,7 @@ if ( ! is_multisite() )
|
|||
wp_die( __( 'Multisite support is not enabled.' ) );
|
||||
|
||||
if ( ! current_user_can( 'manage_sites' ) )
|
||||
wp_die( __( 'You do not have permission to access this page.' ) );
|
||||
wp_die( __( 'You do not have permission to access this page.' ), '', array( 'response' => 403 ) );
|
||||
|
||||
$wp_list_table = _get_list_table( 'WP_MS_Sites_List_Table' );
|
||||
$pagenum = $wp_list_table->get_pagenum();
|
||||
|
@ -97,7 +97,7 @@ if ( isset( $_GET['action'] ) ) {
|
|||
|
||||
case 'deleteblog':
|
||||
if ( ! current_user_can( 'delete_sites' ) )
|
||||
wp_die( __( 'You do not have permission to access this page.' ) );
|
||||
wp_die( __( 'You do not have permission to access this page.' ), '', array( 'response' => 403 ) );
|
||||
|
||||
$updated_action = 'not_deleted';
|
||||
if ( $id != '0' && $id != $current_site->blog_id && current_user_can( 'delete_site', $id ) ) {
|
||||
|
|
|
@ -36,7 +36,7 @@ get_current_screen()->set_help_sidebar(
|
|||
require_once( ABSPATH . 'wp-admin/admin-header.php' );
|
||||
|
||||
if ( ! current_user_can( 'manage_network' ) )
|
||||
wp_die( __( 'You do not have permission to access this page.' ) );
|
||||
wp_die( __( 'You do not have permission to access this page.' ), '', array( 'response' => 403 ) );
|
||||
|
||||
echo '<div class="wrap">';
|
||||
echo '<h2>' . __( 'Upgrade Network' ) . '</h2>';
|
||||
|
|
|
@ -33,7 +33,7 @@ get_current_screen()->set_help_sidebar(
|
|||
if ( isset($_REQUEST['action']) && 'add-user' == $_REQUEST['action'] ) {
|
||||
check_admin_referer( 'add-user', '_wpnonce_add-user' );
|
||||
if ( ! current_user_can( 'manage_network_users' ) )
|
||||
wp_die( __( 'You do not have permission to access this page.' ) );
|
||||
wp_die( __( 'You do not have permission to access this page.' ), '', array( 'response' => 403 ) );
|
||||
|
||||
if ( ! is_array( $_POST['user'] ) )
|
||||
wp_die( __( 'Cannot create an empty user.' ) );
|
||||
|
|
|
@ -14,7 +14,7 @@ if ( ! is_multisite() )
|
|||
wp_die( __( 'Multisite support is not enabled.' ) );
|
||||
|
||||
if ( ! current_user_can( 'manage_network_users' ) )
|
||||
wp_die( __( 'You do not have permission to access this page.' ) );
|
||||
wp_die( __( 'You do not have permission to access this page.' ), '', array( 'response' => 403 ) );
|
||||
|
||||
function confirm_delete_users( $users ) {
|
||||
$current_user = wp_get_current_user();
|
||||
|
@ -123,7 +123,7 @@ if ( isset( $_GET['action'] ) ) {
|
|||
switch ( $_GET['action'] ) {
|
||||
case 'deleteuser':
|
||||
if ( ! current_user_can( 'manage_network_users' ) )
|
||||
wp_die( __( 'You do not have permission to access this page.' ) );
|
||||
wp_die( __( 'You do not have permission to access this page.' ), '', array( 'response' => 403 ) );
|
||||
|
||||
check_admin_referer( 'deleteuser' );
|
||||
|
||||
|
@ -144,7 +144,7 @@ if ( isset( $_GET['action'] ) ) {
|
|||
|
||||
case 'allusers':
|
||||
if ( !current_user_can( 'manage_network_users' ) )
|
||||
wp_die( __( 'You do not have permission to access this page.' ) );
|
||||
wp_die( __( 'You do not have permission to access this page.' ), '', array( 'response' => 403 ) );
|
||||
|
||||
if ( ( isset( $_POST['action']) || isset($_POST['action2'] ) ) && isset( $_POST['allusers'] ) ) {
|
||||
check_admin_referer( 'bulk-users-network' );
|
||||
|
@ -157,7 +157,7 @@ if ( isset( $_GET['action'] ) ) {
|
|||
switch ( $doaction ) {
|
||||
case 'delete':
|
||||
if ( ! current_user_can( 'delete_users' ) )
|
||||
wp_die( __( 'You do not have permission to access this page.' ) );
|
||||
wp_die( __( 'You do not have permission to access this page.' ), '', array( 'response' => 403 ) );
|
||||
$title = __( 'Users' );
|
||||
$parent_file = 'users.php';
|
||||
require_once( ABSPATH . 'wp-admin/admin-header.php' );
|
||||
|
@ -206,7 +206,7 @@ if ( isset( $_GET['action'] ) ) {
|
|||
case 'dodelete':
|
||||
check_admin_referer( 'ms-users-delete' );
|
||||
if ( ! ( current_user_can( 'manage_network_users' ) && current_user_can( 'delete_users' ) ) )
|
||||
wp_die( __( 'You do not have permission to access this page.' ) );
|
||||
wp_die( __( 'You do not have permission to access this page.' ), '', array( 'response' => 403 ) );
|
||||
|
||||
if ( ! empty( $_POST['blog'] ) && is_array( $_POST['blog'] ) ) {
|
||||
foreach ( $_POST['blog'] as $id => $users ) {
|
||||
|
|
|
@ -4,7 +4,7 @@
|
|||
*
|
||||
* @global string $wp_version
|
||||
*/
|
||||
$wp_version = '4.2-alpha-31657';
|
||||
$wp_version = '4.2-alpha-31658';
|
||||
|
||||
/**
|
||||
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.
|
||||
|
|
Loading…
Reference in New Issue