WordPress.org

Make WordPress Core

Changeset 17332


Ignore:
Timestamp:
01/20/11 03:04:20 (3 years ago)
Author:
nacin
Message:

Correct user admin redirection checks, and deny access to the user admin when not running multisite. fixes #16297.

Location:
trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/user/admin.php

    r16847 r17332  
    1212require_once( dirname(dirname(__FILE__)) . '/admin.php'); 
    1313 
     14if ( ! is_multisite() ) { 
     15    wp_redirect( admin_url() ); 
     16    exit; 
     17} 
     18 
    1419if ( ! is_main_site() ) { 
    1520    wp_redirect( user_admin_url() ); 
  • trunk/wp-login.php

    r17102 r17332  
    587587        if ( is_multisite() && !get_active_blog_for_user($user->id) ) 
    588588            $redirect_to = user_admin_url(); 
    589         elseif ( !is_multisite() && !$user->has_cap('read') ) 
     589        elseif ( is_multisite() && !$user->has_cap('read') ) 
    590590            $redirect_to = user_admin_url(); 
    591591        elseif ( !$user->has_cap('edit_posts') && ( empty( $redirect_to ) || $redirect_to == 'wp-admin/' || $redirect_to == admin_url() ) ) 
Note: See TracChangeset for help on using the changeset viewer.