WordPress.org

Making WordPress.org

Changeset 6483


Ignore:
Timestamp:
01/31/2018 04:03:15 AM (4 years ago)
Author:
dd32
Message:

API: Theme Directory: Disallow POST requests to the info/1.2 api endpoint.

See #111

Location:
sites/trunk/api.wordpress.org/public_html/themes/info
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • sites/trunk/api.wordpress.org/public_html/themes/info/1.0/index.php

    r6465 r6483  
    11<?php
     2
     3if ( ! defined( 'THEMES_API_VERSION' ) ) {
     4    define( 'THEMES_API_VERSION', basename( dirname( $_SERVER['REQUEST_URI'] ) ) );
     5}
     6
    27// Load WordPress, pretend we're the Theme Directory in order to avoid having to switch sites after loading.
    38$_SERVER['HTTP_HOST'] = 'wordpress.org';
     
    510
    611require dirname( dirname( dirname( __DIR__ ) ) ) . '/wp-init.php';
    7 
    8 if ( ! defined( 'THEMES_API_SUPPORTS_ERRORS' ) ) {
    9     define( 'THEMES_API_SUPPORTS_ERRORS', false );
    10 }
    1112
    1213// Set up action and request information.
  • sites/trunk/api.wordpress.org/public_html/themes/info/1.2/index.php

    r6465 r6483  
    11<?php
    22
    3 if ( ! defined( 'THEMES_API_SUPPORTS_ERRORS' ) ) {
    4     define( 'THEMES_API_SUPPORTS_ERRORS', true );
     3// Version 1.2+ only accepts GET requests
     4if ( isset( $_SERVER['REQUEST_METHOD'] ) && $_SERVER['REQUEST_METHOD'] === 'POST' ) {
     5    header( $_SERVER['SERVER_PROTOCOL'] . ' 405 Method not allowed' );
     6    header( 'Allow: GET' );
     7    header( 'Content-Type: text/plain' );
     8
     9    die( 'This API only serves GET requests.' );
    510}
    611
Note: See TracChangeset for help on using the changeset viewer.