Making WordPress.org

Changeset 11251


Ignore:
Timestamp:
09/23/2021 02:26:52 AM (3 years ago)
Author:
dd32
Message:

Bad Requests: Check for invalid WP Query Vars before send_headers to avoid notices caused by invalid feed values.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • sites/trunk/wordpress.org/public_html/wp-content/mu-plugins/pub/wporg-bad-request.php

    r11250 r11251  
    3737 * @see https://core.trac.wordpress.org/ticket/17737
    3838 */
    39 add_action( 'send_headers', function( $wp ) {
     39add_action( 'parse_request', function( $wp ) {
    4040    check_for_invalid_query_vars( $wp->query_vars, '$public_query_vars' );
    41 } );
     41}, 0 );
    4242
    4343/**
     
    135135        ! is_user_logged_in() &&
    136136        empty( $_SERVER['HTTP_AUTHORIZATION'] ) &&
    137         in_array( $items, [ 8, 16, 32, 64, 128, 255, 256, 512, 1024 ], true ) &&
    138137        wp_using_ext_object_cache()
    139138    ) {
     
    152151
    153152        // Only increment it for high counts, but block on low counts if exceeded.
    154         if ( $items > 16 || $hits > 20 ) {
     153        if ( $items > 32 || $hits > 20 ) {
    155154            $hits = wp_cache_incr( $key, 1, $group );
    156155        }
     
    229228        include WPORGPATH . '/403.php';
    230229    } else {
    231         \wp_die( 'Bad Request', 'Bad Request', [ 'response' => 400 ] );
     230        \wp_die( 'Bad Request: Your request contained query variables that are unexpected. Please contact #meta.', 'Bad Request', [ 'response' => 400 ] );
    232231    }
    233232    exit;
Note: See TracChangeset for help on using the changeset viewer.