[wp-trac] [WordPress Trac] #10551: wp_die() triggers block when using ModSecurity core rule set

WordPress Trac wp-trac at lists.automattic.com
Wed Aug 5 19:47:29 UTC 2009


#10551: wp_die() triggers block when using ModSecurity core rule set
--------------------------+-------------------------------------------------
 Reporter:  cstrosser     |       Owner:  ryan                          
     Type:  defect (bug)  |      Status:  new                           
 Priority:  normal        |   Milestone:  Unassigned                    
Component:  Security      |     Version:                                
 Severity:  normal        |    Keywords:  ModSecurity, wp_die, 406 error
--------------------------+-------------------------------------------------
 wp_die() causes ModSecurity (using Core Rules), a commonly used Apache
 plugin, to throw a 406 error, blocking the message from displaying.

 This seems to be triggered by the fact that a 500 error is thrown.  I went
 and changed the default status code to 401 (Unauthorized) and it worked
 like a charm.  I just wonder if there is a better fix for this issue... or
 simply a better status code to use.

 Perhaps making a group of functions to make the error codes more focused.

 Example:

 wp_die_auth( __('You do not have sufficient permissions to access this
 page.') );

 /**
  * Exits WordPress with Unauthorized status code.
  *
  * @see wp_die()
  */
 function wp_die_auth($message, $title = '') {
         wp_die( $message, $title, 401 );
 }

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/10551>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list