[wp-trac] [WordPress Trac] #10551: wp_die() triggers block when using ModSecurity core rule set
WordPress Trac
wp-trac at lists.automattic.com
Wed Aug 5 19:47:29 UTC 2009
#10551: wp_die() triggers block when using ModSecurity core rule set
--------------------------+-------------------------------------------------
Reporter: cstrosser | Owner: ryan
Type: defect (bug) | Status: new
Priority: normal | Milestone: Unassigned
Component: Security | Version:
Severity: normal | Keywords: ModSecurity, wp_die, 406 error
--------------------------+-------------------------------------------------
wp_die() causes ModSecurity (using Core Rules), a commonly used Apache
plugin, to throw a 406 error, blocking the message from displaying.
This seems to be triggered by the fact that a 500 error is thrown. I went
and changed the default status code to 401 (Unauthorized) and it worked
like a charm. I just wonder if there is a better fix for this issue... or
simply a better status code to use.
Perhaps making a group of functions to make the error codes more focused.
Example:
wp_die_auth( __('You do not have sufficient permissions to access this
page.') );
/**
* Exits WordPress with Unauthorized status code.
*
* @see wp_die()
*/
function wp_die_auth($message, $title = '') {
wp_die( $message, $title, 401 );
}
--
Ticket URL: <http://core.trac.wordpress.org/ticket/10551>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list