[wp-trac] [WordPress Trac] #10551: wp_die() triggers block when using ModSecurity Core Rules

WordPress Trac noreply at wordpress.org
Mon Sep 29 12:59:07 UTC 2014


#10551: wp_die() triggers block when using ModSecurity Core Rules
-------------------------------------------------+-------------------------
 Reporter:  cstrosser                            |       Owner:  westi
     Type:  defect (bug)                         |      Status:  accepted
 Priority:  low                                  |   Milestone:  Future
Component:  Security                             |  Release
 Severity:  normal                               |     Version:  2.8.3
 Keywords:  needs-patch dev-feedback westi-      |  Resolution:
  likes                                          |     Focuses:
-------------------------------------------------+-------------------------

Comment (by joehoyle):

 I'm happy to take ownership of this, this is pretty important for me, as
 throwing `500`s when it isn't really screws up with my monitoring!

 For the current patch, I agree with nacin that the default should not be
 changed. I also don't really care for the new convenience functions. For
 real convenience, nacin and I discussed the 3 param to `wp_die()` can
 handle an integer which is a shortcut for passing `array( 'response' =>
 500 );`

 Attached patch adds the integer shortcut to `wp_die` and replaces all
 instances of "Cheatin Uh?" to pass a `403` response. I'd rather not try
 tackle 100% of the `wp_die` calls in one patch here, rather go
 incremental.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/10551#comment:19>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list