Return HTTP status code 403 in network admin when access is forbidden.

When the error message "You do not have permission to access this page" is used in network admin screens, return an HTTP status code of 403 to match. Previously: [30356] and [31300].

Props yo-l1982.

Fixes #31422.

Built from https://develop.svn.wordpress.org/trunk@31658


git-svn-id: http://core.svn.wordpress.org/trunk@31639 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
Jeremy Felt 2015-03-07 06:00:28 +00:00
parent 3c4b95c1e3
commit 80d13281ed
11 changed files with 16 additions and 16 deletions

View File

@ -17,7 +17,7 @@ if ( !is_multisite() )
wp_die( __( 'Multisite support is not enabled.' ) ); wp_die( __( 'Multisite support is not enabled.' ) );
if ( ! current_user_can( 'manage_network' ) ) if ( ! current_user_can( 'manage_network' ) )
wp_die( __( 'You do not have permission to access this page.' ) ); wp_die( __( 'You do not have permission to access this page.' ), '', array( 'response' => 403 ) );
$title = __( 'Dashboard' ); $title = __( 'Dashboard' );
$parent_file = 'index.php'; $parent_file = 'index.php';

View File

@ -17,7 +17,7 @@ if ( ! is_multisite() )
wp_die( __( 'Multisite support is not enabled.' ) ); wp_die( __( 'Multisite support is not enabled.' ) );
if ( ! current_user_can( 'manage_network_options' ) ) if ( ! current_user_can( 'manage_network_options' ) )
wp_die( __( 'You do not have permission to access this page.' ) ); wp_die( __( 'You do not have permission to access this page.' ), '', array( 'response' => 403 ) );
$title = __( 'Network Settings' ); $title = __( 'Network Settings' );
$parent_file = 'settings.php'; $parent_file = 'settings.php';

View File

@ -40,7 +40,7 @@ if ( ! $id )
$details = get_blog_details( $id ); $details = get_blog_details( $id );
if ( !can_edit_network( $details->site_id ) ) if ( !can_edit_network( $details->site_id ) )
wp_die( __( 'You do not have permission to access this page.' ) ); wp_die( __( 'You do not have permission to access this page.' ), '', array( 'response' => 403 ) );
$parsed = parse_url( $details->siteurl ); $parsed = parse_url( $details->siteurl );
$is_main_site = is_main_site( $id ); $is_main_site = is_main_site( $id );

View File

@ -40,7 +40,7 @@ if ( ! $id )
$details = get_blog_details( $id ); $details = get_blog_details( $id );
if ( !can_edit_network( $details->site_id ) ) if ( !can_edit_network( $details->site_id ) )
wp_die( __( 'You do not have permission to access this page.' ) ); wp_die( __( 'You do not have permission to access this page.' ), '', array( 'response' => 403 ) );
$is_main_site = is_main_site( $id ); $is_main_site = is_main_site( $id );

View File

@ -57,7 +57,7 @@ $wp_list_table->prepare_items();
$details = get_blog_details( $id ); $details = get_blog_details( $id );
if ( !can_edit_network( $details->site_id ) ) if ( !can_edit_network( $details->site_id ) )
wp_die( __( 'You do not have permission to access this page.' ) ); wp_die( __( 'You do not have permission to access this page.' ), '', array( 'response' => 403 ) );
$is_main_site = is_main_site( $id ); $is_main_site = is_main_site( $id );

View File

@ -50,7 +50,7 @@ if ( ! $id )
$details = get_blog_details( $id ); $details = get_blog_details( $id );
if ( ! can_edit_network( $details->site_id ) ) if ( ! can_edit_network( $details->site_id ) )
wp_die( __( 'You do not have permission to access this page.' ) ); wp_die( __( 'You do not have permission to access this page.' ), '', array( 'response' => 403 ) );
$is_main_site = is_main_site( $id ); $is_main_site = is_main_site( $id );

View File

@ -14,7 +14,7 @@ if ( ! is_multisite() )
wp_die( __( 'Multisite support is not enabled.' ) ); wp_die( __( 'Multisite support is not enabled.' ) );
if ( ! current_user_can( 'manage_sites' ) ) if ( ! current_user_can( 'manage_sites' ) )
wp_die( __( 'You do not have permission to access this page.' ) ); wp_die( __( 'You do not have permission to access this page.' ), '', array( 'response' => 403 ) );
$wp_list_table = _get_list_table( 'WP_MS_Sites_List_Table' ); $wp_list_table = _get_list_table( 'WP_MS_Sites_List_Table' );
$pagenum = $wp_list_table->get_pagenum(); $pagenum = $wp_list_table->get_pagenum();
@ -97,7 +97,7 @@ if ( isset( $_GET['action'] ) ) {
case 'deleteblog': case 'deleteblog':
if ( ! current_user_can( 'delete_sites' ) ) if ( ! current_user_can( 'delete_sites' ) )
wp_die( __( 'You do not have permission to access this page.' ) ); wp_die( __( 'You do not have permission to access this page.' ), '', array( 'response' => 403 ) );
$updated_action = 'not_deleted'; $updated_action = 'not_deleted';
if ( $id != '0' && $id != $current_site->blog_id && current_user_can( 'delete_site', $id ) ) { if ( $id != '0' && $id != $current_site->blog_id && current_user_can( 'delete_site', $id ) ) {

View File

@ -36,7 +36,7 @@ get_current_screen()->set_help_sidebar(
require_once( ABSPATH . 'wp-admin/admin-header.php' ); require_once( ABSPATH . 'wp-admin/admin-header.php' );
if ( ! current_user_can( 'manage_network' ) ) if ( ! current_user_can( 'manage_network' ) )
wp_die( __( 'You do not have permission to access this page.' ) ); wp_die( __( 'You do not have permission to access this page.' ), '', array( 'response' => 403 ) );
echo '<div class="wrap">'; echo '<div class="wrap">';
echo '<h2>' . __( 'Upgrade Network' ) . '</h2>'; echo '<h2>' . __( 'Upgrade Network' ) . '</h2>';

View File

@ -33,7 +33,7 @@ get_current_screen()->set_help_sidebar(
if ( isset($_REQUEST['action']) && 'add-user' == $_REQUEST['action'] ) { if ( isset($_REQUEST['action']) && 'add-user' == $_REQUEST['action'] ) {
check_admin_referer( 'add-user', '_wpnonce_add-user' ); check_admin_referer( 'add-user', '_wpnonce_add-user' );
if ( ! current_user_can( 'manage_network_users' ) ) if ( ! current_user_can( 'manage_network_users' ) )
wp_die( __( 'You do not have permission to access this page.' ) ); wp_die( __( 'You do not have permission to access this page.' ), '', array( 'response' => 403 ) );
if ( ! is_array( $_POST['user'] ) ) if ( ! is_array( $_POST['user'] ) )
wp_die( __( 'Cannot create an empty user.' ) ); wp_die( __( 'Cannot create an empty user.' ) );

View File

@ -14,7 +14,7 @@ if ( ! is_multisite() )
wp_die( __( 'Multisite support is not enabled.' ) ); wp_die( __( 'Multisite support is not enabled.' ) );
if ( ! current_user_can( 'manage_network_users' ) ) if ( ! current_user_can( 'manage_network_users' ) )
wp_die( __( 'You do not have permission to access this page.' ) ); wp_die( __( 'You do not have permission to access this page.' ), '', array( 'response' => 403 ) );
function confirm_delete_users( $users ) { function confirm_delete_users( $users ) {
$current_user = wp_get_current_user(); $current_user = wp_get_current_user();
@ -123,7 +123,7 @@ if ( isset( $_GET['action'] ) ) {
switch ( $_GET['action'] ) { switch ( $_GET['action'] ) {
case 'deleteuser': case 'deleteuser':
if ( ! current_user_can( 'manage_network_users' ) ) if ( ! current_user_can( 'manage_network_users' ) )
wp_die( __( 'You do not have permission to access this page.' ) ); wp_die( __( 'You do not have permission to access this page.' ), '', array( 'response' => 403 ) );
check_admin_referer( 'deleteuser' ); check_admin_referer( 'deleteuser' );
@ -144,7 +144,7 @@ if ( isset( $_GET['action'] ) ) {
case 'allusers': case 'allusers':
if ( !current_user_can( 'manage_network_users' ) ) if ( !current_user_can( 'manage_network_users' ) )
wp_die( __( 'You do not have permission to access this page.' ) ); wp_die( __( 'You do not have permission to access this page.' ), '', array( 'response' => 403 ) );
if ( ( isset( $_POST['action']) || isset($_POST['action2'] ) ) && isset( $_POST['allusers'] ) ) { if ( ( isset( $_POST['action']) || isset($_POST['action2'] ) ) && isset( $_POST['allusers'] ) ) {
check_admin_referer( 'bulk-users-network' ); check_admin_referer( 'bulk-users-network' );
@ -157,7 +157,7 @@ if ( isset( $_GET['action'] ) ) {
switch ( $doaction ) { switch ( $doaction ) {
case 'delete': case 'delete':
if ( ! current_user_can( 'delete_users' ) ) if ( ! current_user_can( 'delete_users' ) )
wp_die( __( 'You do not have permission to access this page.' ) ); wp_die( __( 'You do not have permission to access this page.' ), '', array( 'response' => 403 ) );
$title = __( 'Users' ); $title = __( 'Users' );
$parent_file = 'users.php'; $parent_file = 'users.php';
require_once( ABSPATH . 'wp-admin/admin-header.php' ); require_once( ABSPATH . 'wp-admin/admin-header.php' );
@ -206,7 +206,7 @@ if ( isset( $_GET['action'] ) ) {
case 'dodelete': case 'dodelete':
check_admin_referer( 'ms-users-delete' ); check_admin_referer( 'ms-users-delete' );
if ( ! ( current_user_can( 'manage_network_users' ) && current_user_can( 'delete_users' ) ) ) if ( ! ( current_user_can( 'manage_network_users' ) && current_user_can( 'delete_users' ) ) )
wp_die( __( 'You do not have permission to access this page.' ) ); wp_die( __( 'You do not have permission to access this page.' ), '', array( 'response' => 403 ) );
if ( ! empty( $_POST['blog'] ) && is_array( $_POST['blog'] ) ) { if ( ! empty( $_POST['blog'] ) && is_array( $_POST['blog'] ) ) {
foreach ( $_POST['blog'] as $id => $users ) { foreach ( $_POST['blog'] as $id => $users ) {

View File

@ -4,7 +4,7 @@
* *
* @global string $wp_version * @global string $wp_version
*/ */
$wp_version = '4.2-alpha-31657'; $wp_version = '4.2-alpha-31658';
/** /**
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema. * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.