[wp-trac] [WordPress Trac] #10551: wp_die() triggers block when using ModSecurity Core Rules
WordPress Trac
noreply at wordpress.org
Mon Sep 29 12:59:07 UTC 2014
#10551: wp_die() triggers block when using ModSecurity Core Rules
-------------------------------------------------+-------------------------
Reporter: cstrosser | Owner: westi
Type: defect (bug) | Status: accepted
Priority: low | Milestone: Future
Component: Security | Release
Severity: normal | Version: 2.8.3
Keywords: needs-patch dev-feedback westi- | Resolution:
likes | Focuses:
-------------------------------------------------+-------------------------
Comment (by joehoyle):
I'm happy to take ownership of this, this is pretty important for me, as
throwing `500`s when it isn't really screws up with my monitoring!
For the current patch, I agree with nacin that the default should not be
changed. I also don't really care for the new convenience functions. For
real convenience, nacin and I discussed the 3 param to `wp_die()` can
handle an integer which is a shortcut for passing `array( 'response' =>
500 );`
Attached patch adds the integer shortcut to `wp_die` and replaces all
instances of "Cheatin Uh?" to pass a `403` response. I'd rather not try
tackle 100% of the `wp_die` calls in one patch here, rather go
incremental.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/10551#comment:19>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list