Correct user admin redirection checks, and deny access to the user admin when not running multisite. fixes #16297.

git-svn-id: https://develop.svn.wordpress.org/trunk@17332 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Andrew Nacin 2011-01-20 03:04:20 +00:00
parent e08ea2a111
commit 4ab2d68486
2 changed files with 6 additions and 1 deletions

View File

@ -11,6 +11,11 @@ define('WP_USER_ADMIN', TRUE);
require_once( dirname(dirname(__FILE__)) . '/admin.php');
if ( ! is_multisite() ) {
wp_redirect( admin_url() );
exit;
}
if ( ! is_main_site() ) {
wp_redirect( user_admin_url() );
exit;

View File

@ -586,7 +586,7 @@ default:
// If the user doesn't belong to a blog, send them to user admin. If the user can't edit posts, send them to their profile.
if ( is_multisite() && !get_active_blog_for_user($user->id) )
$redirect_to = user_admin_url();
elseif ( !is_multisite() && !$user->has_cap('read') )
elseif ( is_multisite() && !$user->has_cap('read') )
$redirect_to = user_admin_url();
elseif ( !$user->has_cap('edit_posts') && ( empty( $redirect_to ) || $redirect_to == 'wp-admin/' || $redirect_to == admin_url() ) )
$redirect_to = admin_url('profile.php');