Changeset 11251

Timestamp:

09/23/2021 02:26:52 AM (2 years ago)

Author:

dd32

Message:

Bad Requests: Check for invalid WP Query Vars before send_headers to avoid notices caused by invalid feed values.

File:

• sites/trunk/wordpress.org/public_html/wp-content/mu-plugins/pub/wporg-bad-request.php (modified) (4 diffs)

sites/trunk/wordpress.org/public_html/wp-content/mu-plugins/pub/wporg-bad-request.php

@@ -37 +37 @@
  * @see https://core.trac.wordpress.org/ticket/17737
  */
-add_action( 'send_headers', function( $wp ) {
+add_action( 'parse_request', function( $wp ) {
     check_for_invalid_query_vars( $wp->query_vars, '$public_query_vars' );
-} );
+}, 0 );
 
 /**
@@ -135 +135 @@
         ! is_user_logged_in() &&
         empty( $_SERVER['HTTP_AUTHORIZATION'] ) &&
-        in_array( $items, [ 8, 16, 32, 64, 128, 255, 256, 512, 1024 ], true ) &&
         wp_using_ext_object_cache()
     ) {
@@ -152 +151 @@
 
         // Only increment it for high counts, but block on low counts if exceeded.
-        if ( $items > 16 || $hits > 20 ) {
+        if ( $items > 32 || $hits > 20 ) {
             $hits = wp_cache_incr( $key, 1, $group );
         }
@@ -229 +228 @@
         include WPORGPATH . '/403.php';
     } else {
-        \wp_die( 'Bad Request', 'Bad Request', [ 'response' => 400 ] );
+        \wp_die( 'Bad Request: Your request contained query variables that are unexpected. Please contact #meta.', 'Bad Request', [ 'response' => 400 ] );
     }
     exit;