Return HTTP status code 403 in network admin when access is forbidden.
When the error message "You do not have permission to access this page" is used in network admin screens, return an HTTP status code of 403 to match. Previously: [30356] and [31300]. Props yo-l1982. Fixes #31422. Built from https://develop.svn.wordpress.org/trunk@31658 git-svn-id: http://core.svn.wordpress.org/trunk@31639 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
3c4b95c1e3
commit
80d13281ed
|
@ -17,7 +17,7 @@ if ( !is_multisite() )
|
||||||
wp_die( __( 'Multisite support is not enabled.' ) );
|
wp_die( __( 'Multisite support is not enabled.' ) );
|
||||||
|
|
||||||
if ( ! current_user_can( 'manage_network' ) )
|
if ( ! current_user_can( 'manage_network' ) )
|
||||||
wp_die( __( 'You do not have permission to access this page.' ) );
|
wp_die( __( 'You do not have permission to access this page.' ), '', array( 'response' => 403 ) );
|
||||||
|
|
||||||
$title = __( 'Dashboard' );
|
$title = __( 'Dashboard' );
|
||||||
$parent_file = 'index.php';
|
$parent_file = 'index.php';
|
||||||
|
|
|
@ -17,7 +17,7 @@ if ( ! is_multisite() )
|
||||||
wp_die( __( 'Multisite support is not enabled.' ) );
|
wp_die( __( 'Multisite support is not enabled.' ) );
|
||||||
|
|
||||||
if ( ! current_user_can( 'manage_network_options' ) )
|
if ( ! current_user_can( 'manage_network_options' ) )
|
||||||
wp_die( __( 'You do not have permission to access this page.' ) );
|
wp_die( __( 'You do not have permission to access this page.' ), '', array( 'response' => 403 ) );
|
||||||
|
|
||||||
$title = __( 'Network Settings' );
|
$title = __( 'Network Settings' );
|
||||||
$parent_file = 'settings.php';
|
$parent_file = 'settings.php';
|
||||||
|
|
|
@ -40,7 +40,7 @@ if ( ! $id )
|
||||||
|
|
||||||
$details = get_blog_details( $id );
|
$details = get_blog_details( $id );
|
||||||
if ( !can_edit_network( $details->site_id ) )
|
if ( !can_edit_network( $details->site_id ) )
|
||||||
wp_die( __( 'You do not have permission to access this page.' ) );
|
wp_die( __( 'You do not have permission to access this page.' ), '', array( 'response' => 403 ) );
|
||||||
|
|
||||||
$parsed = parse_url( $details->siteurl );
|
$parsed = parse_url( $details->siteurl );
|
||||||
$is_main_site = is_main_site( $id );
|
$is_main_site = is_main_site( $id );
|
||||||
|
|
|
@ -40,7 +40,7 @@ if ( ! $id )
|
||||||
|
|
||||||
$details = get_blog_details( $id );
|
$details = get_blog_details( $id );
|
||||||
if ( !can_edit_network( $details->site_id ) )
|
if ( !can_edit_network( $details->site_id ) )
|
||||||
wp_die( __( 'You do not have permission to access this page.' ) );
|
wp_die( __( 'You do not have permission to access this page.' ), '', array( 'response' => 403 ) );
|
||||||
|
|
||||||
$is_main_site = is_main_site( $id );
|
$is_main_site = is_main_site( $id );
|
||||||
|
|
||||||
|
|
|
@ -57,7 +57,7 @@ $wp_list_table->prepare_items();
|
||||||
|
|
||||||
$details = get_blog_details( $id );
|
$details = get_blog_details( $id );
|
||||||
if ( !can_edit_network( $details->site_id ) )
|
if ( !can_edit_network( $details->site_id ) )
|
||||||
wp_die( __( 'You do not have permission to access this page.' ) );
|
wp_die( __( 'You do not have permission to access this page.' ), '', array( 'response' => 403 ) );
|
||||||
|
|
||||||
$is_main_site = is_main_site( $id );
|
$is_main_site = is_main_site( $id );
|
||||||
|
|
||||||
|
|
|
@ -50,7 +50,7 @@ if ( ! $id )
|
||||||
|
|
||||||
$details = get_blog_details( $id );
|
$details = get_blog_details( $id );
|
||||||
if ( ! can_edit_network( $details->site_id ) )
|
if ( ! can_edit_network( $details->site_id ) )
|
||||||
wp_die( __( 'You do not have permission to access this page.' ) );
|
wp_die( __( 'You do not have permission to access this page.' ), '', array( 'response' => 403 ) );
|
||||||
|
|
||||||
$is_main_site = is_main_site( $id );
|
$is_main_site = is_main_site( $id );
|
||||||
|
|
||||||
|
|
|
@ -14,7 +14,7 @@ if ( ! is_multisite() )
|
||||||
wp_die( __( 'Multisite support is not enabled.' ) );
|
wp_die( __( 'Multisite support is not enabled.' ) );
|
||||||
|
|
||||||
if ( ! current_user_can( 'manage_sites' ) )
|
if ( ! current_user_can( 'manage_sites' ) )
|
||||||
wp_die( __( 'You do not have permission to access this page.' ) );
|
wp_die( __( 'You do not have permission to access this page.' ), '', array( 'response' => 403 ) );
|
||||||
|
|
||||||
$wp_list_table = _get_list_table( 'WP_MS_Sites_List_Table' );
|
$wp_list_table = _get_list_table( 'WP_MS_Sites_List_Table' );
|
||||||
$pagenum = $wp_list_table->get_pagenum();
|
$pagenum = $wp_list_table->get_pagenum();
|
||||||
|
@ -97,7 +97,7 @@ if ( isset( $_GET['action'] ) ) {
|
||||||
|
|
||||||
case 'deleteblog':
|
case 'deleteblog':
|
||||||
if ( ! current_user_can( 'delete_sites' ) )
|
if ( ! current_user_can( 'delete_sites' ) )
|
||||||
wp_die( __( 'You do not have permission to access this page.' ) );
|
wp_die( __( 'You do not have permission to access this page.' ), '', array( 'response' => 403 ) );
|
||||||
|
|
||||||
$updated_action = 'not_deleted';
|
$updated_action = 'not_deleted';
|
||||||
if ( $id != '0' && $id != $current_site->blog_id && current_user_can( 'delete_site', $id ) ) {
|
if ( $id != '0' && $id != $current_site->blog_id && current_user_can( 'delete_site', $id ) ) {
|
||||||
|
|
|
@ -36,7 +36,7 @@ get_current_screen()->set_help_sidebar(
|
||||||
require_once( ABSPATH . 'wp-admin/admin-header.php' );
|
require_once( ABSPATH . 'wp-admin/admin-header.php' );
|
||||||
|
|
||||||
if ( ! current_user_can( 'manage_network' ) )
|
if ( ! current_user_can( 'manage_network' ) )
|
||||||
wp_die( __( 'You do not have permission to access this page.' ) );
|
wp_die( __( 'You do not have permission to access this page.' ), '', array( 'response' => 403 ) );
|
||||||
|
|
||||||
echo '<div class="wrap">';
|
echo '<div class="wrap">';
|
||||||
echo '<h2>' . __( 'Upgrade Network' ) . '</h2>';
|
echo '<h2>' . __( 'Upgrade Network' ) . '</h2>';
|
||||||
|
|
|
@ -33,7 +33,7 @@ get_current_screen()->set_help_sidebar(
|
||||||
if ( isset($_REQUEST['action']) && 'add-user' == $_REQUEST['action'] ) {
|
if ( isset($_REQUEST['action']) && 'add-user' == $_REQUEST['action'] ) {
|
||||||
check_admin_referer( 'add-user', '_wpnonce_add-user' );
|
check_admin_referer( 'add-user', '_wpnonce_add-user' );
|
||||||
if ( ! current_user_can( 'manage_network_users' ) )
|
if ( ! current_user_can( 'manage_network_users' ) )
|
||||||
wp_die( __( 'You do not have permission to access this page.' ) );
|
wp_die( __( 'You do not have permission to access this page.' ), '', array( 'response' => 403 ) );
|
||||||
|
|
||||||
if ( ! is_array( $_POST['user'] ) )
|
if ( ! is_array( $_POST['user'] ) )
|
||||||
wp_die( __( 'Cannot create an empty user.' ) );
|
wp_die( __( 'Cannot create an empty user.' ) );
|
||||||
|
|
|
@ -14,7 +14,7 @@ if ( ! is_multisite() )
|
||||||
wp_die( __( 'Multisite support is not enabled.' ) );
|
wp_die( __( 'Multisite support is not enabled.' ) );
|
||||||
|
|
||||||
if ( ! current_user_can( 'manage_network_users' ) )
|
if ( ! current_user_can( 'manage_network_users' ) )
|
||||||
wp_die( __( 'You do not have permission to access this page.' ) );
|
wp_die( __( 'You do not have permission to access this page.' ), '', array( 'response' => 403 ) );
|
||||||
|
|
||||||
function confirm_delete_users( $users ) {
|
function confirm_delete_users( $users ) {
|
||||||
$current_user = wp_get_current_user();
|
$current_user = wp_get_current_user();
|
||||||
|
@ -123,7 +123,7 @@ if ( isset( $_GET['action'] ) ) {
|
||||||
switch ( $_GET['action'] ) {
|
switch ( $_GET['action'] ) {
|
||||||
case 'deleteuser':
|
case 'deleteuser':
|
||||||
if ( ! current_user_can( 'manage_network_users' ) )
|
if ( ! current_user_can( 'manage_network_users' ) )
|
||||||
wp_die( __( 'You do not have permission to access this page.' ) );
|
wp_die( __( 'You do not have permission to access this page.' ), '', array( 'response' => 403 ) );
|
||||||
|
|
||||||
check_admin_referer( 'deleteuser' );
|
check_admin_referer( 'deleteuser' );
|
||||||
|
|
||||||
|
@ -144,7 +144,7 @@ if ( isset( $_GET['action'] ) ) {
|
||||||
|
|
||||||
case 'allusers':
|
case 'allusers':
|
||||||
if ( !current_user_can( 'manage_network_users' ) )
|
if ( !current_user_can( 'manage_network_users' ) )
|
||||||
wp_die( __( 'You do not have permission to access this page.' ) );
|
wp_die( __( 'You do not have permission to access this page.' ), '', array( 'response' => 403 ) );
|
||||||
|
|
||||||
if ( ( isset( $_POST['action']) || isset($_POST['action2'] ) ) && isset( $_POST['allusers'] ) ) {
|
if ( ( isset( $_POST['action']) || isset($_POST['action2'] ) ) && isset( $_POST['allusers'] ) ) {
|
||||||
check_admin_referer( 'bulk-users-network' );
|
check_admin_referer( 'bulk-users-network' );
|
||||||
|
@ -157,7 +157,7 @@ if ( isset( $_GET['action'] ) ) {
|
||||||
switch ( $doaction ) {
|
switch ( $doaction ) {
|
||||||
case 'delete':
|
case 'delete':
|
||||||
if ( ! current_user_can( 'delete_users' ) )
|
if ( ! current_user_can( 'delete_users' ) )
|
||||||
wp_die( __( 'You do not have permission to access this page.' ) );
|
wp_die( __( 'You do not have permission to access this page.' ), '', array( 'response' => 403 ) );
|
||||||
$title = __( 'Users' );
|
$title = __( 'Users' );
|
||||||
$parent_file = 'users.php';
|
$parent_file = 'users.php';
|
||||||
require_once( ABSPATH . 'wp-admin/admin-header.php' );
|
require_once( ABSPATH . 'wp-admin/admin-header.php' );
|
||||||
|
@ -206,7 +206,7 @@ if ( isset( $_GET['action'] ) ) {
|
||||||
case 'dodelete':
|
case 'dodelete':
|
||||||
check_admin_referer( 'ms-users-delete' );
|
check_admin_referer( 'ms-users-delete' );
|
||||||
if ( ! ( current_user_can( 'manage_network_users' ) && current_user_can( 'delete_users' ) ) )
|
if ( ! ( current_user_can( 'manage_network_users' ) && current_user_can( 'delete_users' ) ) )
|
||||||
wp_die( __( 'You do not have permission to access this page.' ) );
|
wp_die( __( 'You do not have permission to access this page.' ), '', array( 'response' => 403 ) );
|
||||||
|
|
||||||
if ( ! empty( $_POST['blog'] ) && is_array( $_POST['blog'] ) ) {
|
if ( ! empty( $_POST['blog'] ) && is_array( $_POST['blog'] ) ) {
|
||||||
foreach ( $_POST['blog'] as $id => $users ) {
|
foreach ( $_POST['blog'] as $id => $users ) {
|
||||||
|
|
|
@ -4,7 +4,7 @@
|
||||||
*
|
*
|
||||||
* @global string $wp_version
|
* @global string $wp_version
|
||||||
*/
|
*/
|
||||||
$wp_version = '4.2-alpha-31657';
|
$wp_version = '4.2-alpha-31658';
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.
|
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.
|
||||||
|
|
Loading…
Reference in New Issue