From a50724814601256d5a84523637bc85419b212bc6 Mon Sep 17 00:00:00 2001 From: John Blackbourn Date: Sun, 25 Jun 2017 18:46:44 +0000 Subject: [PATCH] Users: Use more appropriate HTTP status codes for errors relating to user management. Also re-uses one error message string. Props tuanmh Fixes #40230 Built from https://develop.svn.wordpress.org/trunk@40940 git-svn-id: http://core.svn.wordpress.org/trunk@40790 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-admin/includes/user.php | 2 +- wp-admin/network/site-users.php | 6 +++--- wp-admin/users.php | 20 ++++++++++---------- wp-includes/version.php | 2 +- 4 files changed, 15 insertions(+), 15 deletions(-) diff --git a/wp-admin/includes/user.php b/wp-admin/includes/user.php index 479745fe10..0896a19593 100644 --- a/wp-admin/includes/user.php +++ b/wp-admin/includes/user.php @@ -59,7 +59,7 @@ function edit_user( $user_id = 0 ) { // If the new role isn't editable by the logged-in user die with error $editable_roles = get_editable_roles(); if ( ! empty( $new_role ) && empty( $editable_roles[$new_role] ) ) - wp_die(__('You can’t give users that role.')); + wp_die( __( 'Sorry, you are not allowed to give users that role.' ), 403 ); } if ( isset( $_POST['email'] )) diff --git a/wp-admin/network/site-users.php b/wp-admin/network/site-users.php index eb96158c08..a6ecd9e207 100644 --- a/wp-admin/network/site-users.php +++ b/wp-admin/network/site-users.php @@ -11,7 +11,7 @@ require_once( dirname( __FILE__ ) . '/admin.php' ); if ( ! current_user_can('manage_sites') ) - wp_die(__('Sorry, you are not allowed to edit this site.')); + wp_die( __( 'Sorry, you are not allowed to edit this site.' ), 403 ); $wp_list_table = _get_list_table('WP_Users_List_Table'); $wp_list_table->prepare_items(); @@ -115,7 +115,7 @@ if ( $action ) { case 'remove': if ( ! current_user_can( 'remove_users' ) ) { - wp_die( __( 'Sorry, you are not allowed to remove users.' ) ); + wp_die( __( 'Sorry, you are not allowed to remove users.' ), 403 ); } check_admin_referer( 'bulk-users' ); @@ -146,7 +146,7 @@ if ( $action ) { } if ( empty( $editable_roles[ $role ] ) ) { - wp_die( __( 'Sorry, you are not allowed to give users that role.' ) ); + wp_die( __( 'Sorry, you are not allowed to give users that role.' ), 403 ); } if ( isset( $_REQUEST['users'] ) ) { diff --git a/wp-admin/users.php b/wp-admin/users.php index 087d93f1b7..2755e93811 100644 --- a/wp-admin/users.php +++ b/wp-admin/users.php @@ -94,7 +94,7 @@ case 'promote': check_admin_referer('bulk-users'); if ( ! current_user_can( 'promote_users' ) ) - wp_die( __( 'Sorry, you are not allowed to edit this user.' ) ); + wp_die( __( 'Sorry, you are not allowed to edit this user.' ), 403 ); if ( empty($_REQUEST['users']) ) { wp_redirect($redirect); @@ -110,7 +110,7 @@ case 'promote': } if ( ! $role || empty( $editable_roles[ $role ] ) ) { - wp_die( __( 'Sorry, you are not allowed to give users that role.' ) ); + wp_die( __( 'Sorry, you are not allowed to give users that role.' ), 403 ); } $userids = $_REQUEST['users']; @@ -119,7 +119,7 @@ case 'promote': $id = (int) $id; if ( ! current_user_can('promote_user', $id) ) - wp_die(__('Sorry, you are not allowed to edit this user.')); + wp_die( __( 'Sorry, you are not allowed to edit this user.' ), 403 ); // The new role of the current user must also have the promote_users cap or be a multisite super admin if ( $id == $current_user->ID && ! $wp_roles->role_objects[ $role ]->has_cap('promote_users') && ! ( is_multisite() && current_user_can( 'manage_network_users' ) ) ) { @@ -145,7 +145,7 @@ case 'promote': case 'dodelete': if ( is_multisite() ) - wp_die( __('User deletion is not allowed from this screen.') ); + wp_die( __('User deletion is not allowed from this screen.'), 400 ); check_admin_referer('delete-users'); @@ -164,14 +164,14 @@ case 'dodelete': } if ( ! current_user_can( 'delete_users' ) ) - wp_die(__('Sorry, you are not allowed to delete users.')); + wp_die( __( 'Sorry, you are not allowed to delete users.' ), 403 ); $update = 'del'; $delete_count = 0; foreach ( $userids as $id ) { if ( ! current_user_can( 'delete_user', $id ) ) - wp_die(__( 'Sorry, you are not allowed to delete that user.' ) ); + wp_die( __( 'Sorry, you are not allowed to delete that user.' ), 403 ); if ( $id == $current_user->ID ) { $update = 'err_admin_del'; @@ -194,7 +194,7 @@ case 'dodelete': case 'delete': if ( is_multisite() ) - wp_die( __('User deletion is not allowed from this screen.') ); + wp_die( __('User deletion is not allowed from this screen.'), 400 ); check_admin_referer('bulk-users'); @@ -306,7 +306,7 @@ case 'doremove': check_admin_referer('remove-users'); if ( ! is_multisite() ) - wp_die( __( 'You can’t remove users.' ) ); + wp_die( __( 'You can’t remove users.' ), 400 ); if ( empty($_REQUEST['users']) ) { wp_redirect($redirect); @@ -314,7 +314,7 @@ case 'doremove': } if ( ! current_user_can( 'remove_users' ) ) - wp_die( __( 'Sorry, you are not allowed to remove users.' ) ); + wp_die( __( 'Sorry, you are not allowed to remove users.' ), 403 ); $userids = $_REQUEST['users']; @@ -337,7 +337,7 @@ case 'remove': check_admin_referer('bulk-users'); if ( ! is_multisite() ) - wp_die( __( 'You can’t remove users.' ) ); + wp_die( __( 'You can’t remove users.' ), 400 ); if ( empty($_REQUEST['users']) && empty($_REQUEST['user']) ) { wp_redirect($redirect); diff --git a/wp-includes/version.php b/wp-includes/version.php index 153d09cc03..523eb9c343 100644 --- a/wp-includes/version.php +++ b/wp-includes/version.php @@ -4,7 +4,7 @@ * * @global string $wp_version */ -$wp_version = '4.9-alpha-40939'; +$wp_version = '4.9-alpha-40940'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.