From 4ab2d6848685b72789190cdc38b0dcbc6292bade Mon Sep 17 00:00:00 2001 From: Andrew Nacin Date: Thu, 20 Jan 2011 03:04:20 +0000 Subject: [PATCH] Correct user admin redirection checks, and deny access to the user admin when not running multisite. fixes #16297. git-svn-id: https://develop.svn.wordpress.org/trunk@17332 602fd350-edb4-49c9-b593-d223f7449a82 --- wp-admin/user/admin.php | 5 +++++ wp-login.php | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/wp-admin/user/admin.php b/wp-admin/user/admin.php index 7315ea6306..4b8423f404 100644 --- a/wp-admin/user/admin.php +++ b/wp-admin/user/admin.php @@ -11,6 +11,11 @@ define('WP_USER_ADMIN', TRUE); require_once( dirname(dirname(__FILE__)) . '/admin.php'); +if ( ! is_multisite() ) { + wp_redirect( admin_url() ); + exit; +} + if ( ! is_main_site() ) { wp_redirect( user_admin_url() ); exit; diff --git a/wp-login.php b/wp-login.php index e303ba5f1c..6a025b6497 100644 --- a/wp-login.php +++ b/wp-login.php @@ -586,7 +586,7 @@ default: // If the user doesn't belong to a blog, send them to user admin. If the user can't edit posts, send them to their profile. if ( is_multisite() && !get_active_blog_for_user($user->id) ) $redirect_to = user_admin_url(); - elseif ( !is_multisite() && !$user->has_cap('read') ) + elseif ( is_multisite() && !$user->has_cap('read') ) $redirect_to = user_admin_url(); elseif ( !$user->has_cap('edit_posts') && ( empty( $redirect_to ) || $redirect_to == 'wp-admin/' || $redirect_to == admin_url() ) ) $redirect_to = admin_url('profile.php');