WordPress - If we hit a "permission denied" error, return HTTP 403

Overview
--------

On WordPress, any CiviCRM page that produces a "permission denied" sends an
HTTP status code of 200.  This is incorrectly indicates that the page-request was a success.

Before
------

```
$ curl -vv 'http://wpmaster.127.0.0.1.nip.io:8001/civicrm/dashboard' 2>&1 |grep HTTP
> GET /civicrm/dashboard HTTP/1.1
< HTTP/1.1 200 OK
```

After
-----

```
$ curl -vv 'http://wpmaster.127.0.0.1.nip.io:8001/civicrm/dashboard' 2>&1 |grep HTTP
> GET /civicrm/dashboard HTTP/1.1
< HTTP/1.1 403 Forbidden
```

diff --git a/CRM/Utils/System/WordPress.php b/CRM/Utils/System/WordPress.php
index 1b2d22ebf2b8311135ed3b00f562bc69c45eb97e..fa8518bc21e4ec81ef67f0521339f5a549614cea 100644 (file)
--- a/CRM/Utils/System/WordPress.php
+++ b/CRM/Utils/System/WordPress.php
@@ -503,6 +503,7 @@ class CRM_Utils_System_WordPress extends CRM_Utils_System_Base {
    * @throws \CRM_Core_Exception
    */
   public function permissionDenied() {
+    status_header(403);
     throw new CRM_Core_Exception(ts('You do not have permission to access this page.'));
   }