Mirrors/WordPress
1
0
Fork 0
mirror of https://github.com/WordPress/WordPress.git synced 2025-02-20 19:56:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix: Prevent registration bypass when user registration is disabled

Browse Source
This commit is contained in:
Jonathan Caron 2025-02-05 11:15:56 +01:00
parent 5b8a20d134
commit b222e6399b
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
wp-login.php
View File

@ -11,6 +11,11 @@
/** Make sure that the WordPress bootstrap has run before continuing. */ /** Make sure that the WordPress bootstrap has run before continuing. */
require __DIR__ . '/wp-load.php'; require __DIR__ . '/wp-load.php';
// 🔴 Security Fix: Prevent user registration if "Anyone can register" is disabled
if (isset($_GET['action']) && $_GET['action'] === 'register' && !get_option('users_can_register')) {
wp_die('Inscription désactivée.', 'Erreur', array('response' => 403));
}
// Redirect to HTTPS login if forced to use SSL. // Redirect to HTTPS login if forced to use SSL.
if ( force_ssl_admin() && ! is_ssl() ) { if ( force_ssl_admin() && ! is_ssl() ) {
if ( str_starts_with( $_SERVER['REQUEST_URI'], 'http' ) ) { if ( str_starts_with( $_SERVER['REQUEST_URI'], 'http' ) ) {