Return HTTP status code 403 in network admin when access is forbidden.

When the error message "You do not have permission to access this page" is used in network admin screens, return an HTTP status code of 403 to match. Previously: [30356] and [31300]. Props yo-l1982. Fixes #31422. git-svn-id: https://develop.svn.wordpress.org/trunk@31658 602fd350-edb4-49c9-b593-d223f7449a82
2026-06-28 22:30:04 +00:00 · 2015-03-07 05:59:17 +00:00
parent 03b4e1f0aa
commit a5fcc34a50
10 changed files with 15 additions and 15 deletions
--- a/src/wp-admin/network/index.php
+++ b/src/wp-admin/network/index.php
@@ -17,7 +17,7 @@ if ( !is_multisite() )
 	wp_die( __( 'Multisite support is not enabled.' ) );

 if ( ! current_user_can( 'manage_network' ) )
-	wp_die( __( 'You do not have permission to access this page.' ) );
+	wp_die( __( 'You do not have permission to access this page.' ), '', array( 'response' => 403 ) );

 $title = __( 'Dashboard' );
 $parent_file = 'index.php';
--- a/src/wp-admin/network/settings.php
+++ b/src/wp-admin/network/settings.php
@@ -17,7 +17,7 @@ if ( ! is_multisite() )
 	wp_die( __( 'Multisite support is not enabled.' ) );

 if ( ! current_user_can( 'manage_network_options' ) )
-	wp_die( __( 'You do not have permission to access this page.' ) );
+	wp_die( __( 'You do not have permission to access this page.' ), '', array( 'response' => 403 ) );

 $title = __( 'Network Settings' );
 $parent_file = 'settings.php';
--- a/src/wp-admin/network/site-info.php
+++ b/src/wp-admin/network/site-info.php
@@ -40,7 +40,7 @@ if ( ! $id )

 $details = get_blog_details( $id );
 if ( !can_edit_network( $details->site_id ) )
-	wp_die( __( 'You do not have permission to access this page.' ) );
+	wp_die( __( 'You do not have permission to access this page.' ), '', array( 'response' => 403 ) );

 $parsed = parse_url( $details->siteurl );
 $is_main_site = is_main_site( $id );
--- a/src/wp-admin/network/site-settings.php
+++ b/src/wp-admin/network/site-settings.php
@@ -40,7 +40,7 @@ if ( ! $id )

 $details = get_blog_details( $id );
 if ( !can_edit_network( $details->site_id ) )
-	wp_die( __( 'You do not have permission to access this page.' ) );
+	wp_die( __( 'You do not have permission to access this page.' ), '', array( 'response' => 403 ) );

 $is_main_site = is_main_site( $id );

--- a/src/wp-admin/network/site-themes.php
+++ b/src/wp-admin/network/site-themes.php
@@ -57,7 +57,7 @@ $wp_list_table->prepare_items();

 $details = get_blog_details( $id );
 if ( !can_edit_network( $details->site_id ) )
-	wp_die( __( 'You do not have permission to access this page.' ) );
+	wp_die( __( 'You do not have permission to access this page.' ), '', array( 'response' => 403 ) );

 $is_main_site = is_main_site( $id );

--- a/src/wp-admin/network/site-users.php
+++ b/src/wp-admin/network/site-users.php
@@ -50,7 +50,7 @@ if ( ! $id )

 $details = get_blog_details( $id );
 if ( ! can_edit_network( $details->site_id ) )
-	wp_die( __( 'You do not have permission to access this page.' ) );
+	wp_die( __( 'You do not have permission to access this page.' ), '', array( 'response' => 403 ) );

 $is_main_site = is_main_site( $id );

--- a/src/wp-admin/network/sites.php
+++ b/src/wp-admin/network/sites.php
@@ -14,7 +14,7 @@ if ( ! is_multisite() )
 	wp_die( __( 'Multisite support is not enabled.' ) );

 if ( ! current_user_can( 'manage_sites' ) )
-	wp_die( __( 'You do not have permission to access this page.' ) );
+	wp_die( __( 'You do not have permission to access this page.' ), '', array( 'response' => 403 ) );

 $wp_list_table = _get_list_table( 'WP_MS_Sites_List_Table' );
 $pagenum = $wp_list_table->get_pagenum();
@@ -97,7 +97,7 @@ if ( isset( $_GET['action'] ) ) {

 		case 'deleteblog':
 			if ( ! current_user_can( 'delete_sites' ) )
-				wp_die( __( 'You do not have permission to access this page.' ) );
+				wp_die( __( 'You do not have permission to access this page.' ), '', array( 'response' => 403 ) );

 			$updated_action = 'not_deleted';
 			if ( $id != '0' && $id != $current_site->blog_id && current_user_can( 'delete_site', $id ) ) {
--- a/src/wp-admin/network/upgrade.php
+++ b/src/wp-admin/network/upgrade.php
@@ -36,7 +36,7 @@ get_current_screen()->set_help_sidebar(
 require_once( ABSPATH . 'wp-admin/admin-header.php' );

 if ( ! current_user_can( 'manage_network' ) )
-	wp_die( __( 'You do not have permission to access this page.' ) );
+	wp_die( __( 'You do not have permission to access this page.' ), '', array( 'response' => 403 ) );

 echo '<div class="wrap">';
 echo '<h2>' . __( 'Upgrade Network' ) . '</h2>';
--- a/src/wp-admin/network/user-new.php
+++ b/src/wp-admin/network/user-new.php
@@ -33,7 +33,7 @@ get_current_screen()->set_help_sidebar(
 if ( isset($_REQUEST['action']) && 'add-user' == $_REQUEST['action'] ) {
 	check_admin_referer( 'add-user', '_wpnonce_add-user' );
 	if ( ! current_user_can( 'manage_network_users' ) )
-		wp_die( __( 'You do not have permission to access this page.' ) );
+		wp_die( __( 'You do not have permission to access this page.' ), '', array( 'response' => 403 ) );

 	if ( ! is_array( $_POST['user'] ) )
 		wp_die( __( 'Cannot create an empty user.' ) );
--- a/src/wp-admin/network/users.php
+++ b/src/wp-admin/network/users.php
@@ -14,7 +14,7 @@ if ( ! is_multisite() )
 	wp_die( __( 'Multisite support is not enabled.' ) );

 if ( ! current_user_can( 'manage_network_users' ) )
-	wp_die( __( 'You do not have permission to access this page.' ) );
+	wp_die( __( 'You do not have permission to access this page.' ), '', array( 'response' => 403 ) );

 function confirm_delete_users( $users ) {
 	$current_user = wp_get_current_user();
@@ -123,7 +123,7 @@ if ( isset( $_GET['action'] ) ) {
 	switch ( $_GET['action'] ) {
 		case 'deleteuser':
 			if ( ! current_user_can( 'manage_network_users' ) )
-				wp_die( __( 'You do not have permission to access this page.' ) );
+				wp_die( __( 'You do not have permission to access this page.' ), '', array( 'response' => 403 ) );

 			check_admin_referer( 'deleteuser' );

@@ -144,7 +144,7 @@ if ( isset( $_GET['action'] ) ) {

 		case 'allusers':
 			if ( !current_user_can( 'manage_network_users' ) )
-				wp_die( __( 'You do not have permission to access this page.' ) );
+				wp_die( __( 'You do not have permission to access this page.' ), '', array( 'response' => 403 ) );

 			if ( ( isset( $_POST['action']) || isset($_POST['action2'] ) ) && isset( $_POST['allusers'] ) ) {
 				check_admin_referer( 'bulk-users-network' );
@@ -157,7 +157,7 @@ if ( isset( $_GET['action'] ) ) {
 						switch ( $doaction ) {
 							case 'delete':
 								if ( ! current_user_can( 'delete_users' ) )
-									wp_die( __( 'You do not have permission to access this page.' ) );
+									wp_die( __( 'You do not have permission to access this page.' ), '', array( 'response' => 403 ) );
 								$title = __( 'Users' );
 								$parent_file = 'users.php';
 								require_once( ABSPATH . 'wp-admin/admin-header.php' );
@@ -206,7 +206,7 @@ if ( isset( $_GET['action'] ) ) {
 		case 'dodelete':
 			check_admin_referer( 'ms-users-delete' );
 			if ( ! ( current_user_can( 'manage_network_users' ) && current_user_can( 'delete_users' ) ) )
-				wp_die( __( 'You do not have permission to access this page.' ) );
+				wp_die( __( 'You do not have permission to access this page.' ), '', array( 'response' => 403 ) );

 			if ( ! empty( $_POST['blog'] ) && is_array( $_POST['blog'] ) ) {
 				foreach ( $_POST['blog'] as $id => $users ) {