From ff9f6afe3152cd42842a6459c4c15b2a86426d62 Mon Sep 17 00:00:00 2001 From: nikitasinelnikov Date: Tue, 1 Oct 2019 15:34:30 +0300 Subject: [PATCH] - fixed admin_post and admin_post_nopriv requests when user hasn't ability to see wp-admin; --- includes/core/um-actions-wpadmin.php | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/includes/core/um-actions-wpadmin.php b/includes/core/um-actions-wpadmin.php index ace80694..3e4836b9 100644 --- a/includes/core/um-actions-wpadmin.php +++ b/includes/core/um-actions-wpadmin.php @@ -7,8 +7,18 @@ if ( ! defined( 'ABSPATH' ) ) exit; * Checks if user can access the backend */ function um_block_wpadmin_by_user_role() { - if ( is_admin() && ! defined( 'DOING_AJAX' ) && um_user( 'ID' ) && ! um_user( 'can_access_wpadmin' ) && ! is_super_admin( um_user( 'ID' ) ) ) { - um_redirect_home(); + if ( is_admin() && ! defined( 'DOING_AJAX' ) ) { + $action = empty( $_REQUEST['action'] ) ? '' : $_REQUEST['action']; + + // filter that it's not admin_post or admin_post_nopriv request + $url_attr = parse_url( UM()->permalinks()->get_current_url() ); + if ( is_user_logged_in() && ! empty( $action ) && $url_attr['path'] == '/wp-admin/admin-post.php' ) { + return; + } + + if ( um_user( 'ID' ) && ! um_user( 'can_access_wpadmin' ) && ! is_super_admin( um_user( 'ID' ) ) ) { + um_redirect_home(); + } } } add_action( 'init', 'um_block_wpadmin_by_user_role', 99 );