WordPress.org
Get WordPress

Making WordPress.org

Changeset 14802


Ignore:
Timestamp:
04/10/2026 04:06:06 AM (5 weeks ago)
Author:
dd32
Message:

Bad Requests: Don't report logged out requests from pentesters with invalid cookie values.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • sites/trunk/wordpress.org/public_html/wp-content/mu-plugins/pub/wporg-bad-request.php

    r14785 r14802  
    310310        'production' === wp_get_environment_type() &&
    311311        function_exists( 'wporg_error_reporter' ) &&
    312         ! empty( $_COOKIE['wporg_logged_in'] )
     312        (
     313            // If we've loaded WordPress, use the validated cookie value, otherwise, cookie being present.
     314            did_action( 'init' ) ?
     315                is_user_logged_in() :
     316                ! empty( $_COOKIE['wporg_logged_in'] )
     317        )
    313318    ) {
    314319        wporg_error_reporter( E_USER_NOTICE, "400 Bad Request: $reference", __FILE__, __LINE__ );
Note: See TracChangeset for help on using the changeset viewer.