WordPress.org

Ready to get started?Download WordPress

Forums

[resolved] Theme redirects ajax requests for users that are not logged in (8 posts)

  1. sinetheta
    Member
    Posted 2 years ago #

    Hi, I am wondering if anyone knows how a theme might be able to interfere with ajax requests.

    I have a plugin which works fine in any other theme (including Directorypress 6.3.2) but I recently installed classifiedstheme 7.0.2 on a new wordpress 3.3.1 install and the plugin now does not work for users who are not logged in.

    The plugin has two ajax actions:

    add_action( 'wp_ajax_em_ajax_getEvents', 'em_ajax_getEvents' ); // ajax for logged in users
    add_action( 'wp_ajax_nopriv_em_ajax_getEvents', 'em_ajax_getEvents' ); // ajax for not logged in users

    When a user is not logged in they see the following:

    POST http://<server>/wp-admin/admin-ajax.php 302 Moved Temporarily 999ms
    GET http://<server>/ 200 OK 441ms

    But of course they receive no information because the root certainly has no idea how to deal with that request. Any ideas how classifiedstheme might be causing that ajax call to redirect?

  2. esmi
    Forum Moderator
    Posted 2 years ago #

    As this is a commercial theme, you need to seek support from the theme's vendors.

  3. sinetheta
    Member
    Posted 2 years ago #

    Fair enough, I was really just hoping for how a theme might be able to get in the way of a an ajax request like this, so that I could search it out in the source myself.

  4. sinetheta
    Member
    Posted 2 years ago #

    SOLUTION: the theme was using an 'init' hook to protect its admin area, but this was also redirecting anonymous ajax requests. When I can find a safe way to disable this without compromising the admin area I will post.

    // stop users accessing the admin
    add_action('init', array( $this, 'prevent_admin_access' ), 0);
    
    function prevent_admin_access() {       
    
        if (strpos(strtolower($_SERVER['REQUEST_URI']), '/wp-admin') !== false) {
            $current_user = wp_get_current_user(); 
    
            if(!user_can($current_user->ID, 'administrator') && ( !user_can($current_user->ID, 'contributor') ) ){
                wp_redirect(get_option('siteurl'));
            }
        }
    }
  5. Interpolat
    Member
    Posted 2 years ago #

    Any solution yet?

  6. sinetheta
    Member
    Posted 2 years ago #

    The author of Classifieds Theme updated the theme to patch the problem. Are you experiencing a similar problem?

  7. Interpolat
    Member
    Posted 2 years ago #

    Yes I am, but with a different theme. Do you know what the patch is?

  8. sinetheta
    Member
    Posted 2 years ago #

    Well the "patch" is to not highjack the ajax requests like this theme was doing. I imagine he just found a better way to protect his admin area. I can't really suggest a fix though, since in this theme all you would need to do is remove the hook noted above.
    I would recommend searching for add_action('init' or /wp-admin in your theme to see if it's the same problem, if yes, decide how else to do whatever those lines are doing instead of just wholesale blocking access to the admin files of WP.

Topic Closed

This topic has been closed to new replies.

About this Topic