mirror of
https://github.com/10h30/ultimatemember.git
synced 2026-07-15 20:53:39 +09:00
- fixed admin_post and admin_post_nopriv requests when user hasn't ability to see wp-admin;
This commit is contained in:
@@ -7,8 +7,18 @@ if ( ! defined( 'ABSPATH' ) ) exit;
|
||||
* Checks if user can access the backend
|
||||
*/
|
||||
function um_block_wpadmin_by_user_role() {
|
||||
if ( is_admin() && ! defined( 'DOING_AJAX' ) && um_user( 'ID' ) && ! um_user( 'can_access_wpadmin' ) && ! is_super_admin( um_user( 'ID' ) ) ) {
|
||||
um_redirect_home();
|
||||
if ( is_admin() && ! defined( 'DOING_AJAX' ) ) {
|
||||
$action = empty( $_REQUEST['action'] ) ? '' : $_REQUEST['action'];
|
||||
|
||||
// filter that it's not admin_post or admin_post_nopriv request
|
||||
$url_attr = parse_url( UM()->permalinks()->get_current_url() );
|
||||
if ( is_user_logged_in() && ! empty( $action ) && $url_attr['path'] == '/wp-admin/admin-post.php' ) {
|
||||
return;
|
||||
}
|
||||
|
||||
if ( um_user( 'ID' ) && ! um_user( 'can_access_wpadmin' ) && ! is_super_admin( um_user( 'ID' ) ) ) {
|
||||
um_redirect_home();
|
||||
}
|
||||
}
|
||||
}
|
||||
add_action( 'init', 'um_block_wpadmin_by_user_role', 99 );
|
||||
|
||||
Reference in New Issue
Block a user