Changeset 6483

Timestamp:

01/31/2018 04:03:15 AM (6 years ago)

Author:

dd32

Message:

API: Theme Directory: Disallow POST requests to the info/1.2 api endpoint.

See #111

Location:

sites/trunk/api.wordpress.org/public_html/themes/info

Files:

• 1.0/index.php (modified) (2 diffs)
• 1.2/index.php (modified) (1 diff)

sites/trunk/api.wordpress.org/public_html/themes/info/1.0/index.php

@@ -1 +1 @@
 <?php
+
+if ( ! defined( 'THEMES_API_VERSION' ) ) {
+    define( 'THEMES_API_VERSION', basename( dirname( $_SERVER['REQUEST_URI'] ) ) );
+}
+
 // Load WordPress, pretend we're the Theme Directory in order to avoid having to switch sites after loading.
 $_SERVER['HTTP_HOST'] = 'wordpress.org';
@@ -5 +10 @@
 
 require dirname( dirname( dirname( __DIR__ ) ) ) . '/wp-init.php';
-
-if ( ! defined( 'THEMES_API_SUPPORTS_ERRORS' ) ) {
-    define( 'THEMES_API_SUPPORTS_ERRORS', false );
-}
 
 // Set up action and request information.

sites/trunk/api.wordpress.org/public_html/themes/info/1.2/index.php

@@ -1 +1 @@
 <?php
 
-if ( ! defined( 'THEMES_API_SUPPORTS_ERRORS' ) ) {
-    define( 'THEMES_API_SUPPORTS_ERRORS', true );
+// Version 1.2+ only accepts GET requests
+if ( isset( $_SERVER['REQUEST_METHOD'] ) && $_SERVER['REQUEST_METHOD'] === 'POST' ) {
+    header( $_SERVER['SERVER_PROTOCOL'] . ' 405 Method not allowed' );
+    header( 'Allow: GET' );
+    header( 'Content-Type: text/plain' );
+
+    die( 'This API only serves GET requests.' );
 }