Support » Plugin: Remove Dashboard Access » bracks iThemes security checks

  • Resolved Paul Bearne

    (@pbearne)


    This plugin doesn’t allow for admin_post_nopriv_{$action} action call as it blocks the loading of admin-post.php
    I feel this file should be whitelisted
    This patch will do it

    
    	/**
    	 * Dashboard Redirect.
    	 *
    	 * @since 0.1
    	 *
    	 * @see wp_redirect() Used to redirect disallowed users to chosen URL.
    	 */
    	function dashboard_redirect() {
    		/** @global string $pagenow */
    		global $pagenow;
    
    		if( 'admin-post.php' === $pagenow ){
    			return;
    		}
    
    		if ( 'profile.php' != $pagenow || ! $this->settings['enable_profile'] ) {
    			wp_redirect( $this->settings['redirect_url'] );
    			exit;
    		}
    	}

    The page I need help with: [log in to see the link]

Viewing 1 replies (of 1 total)
  • @pbearne Thanks for the suggestion! I’m actually pretty much restructuring the whole plugin to move toward a 1.2 release, and there’s actually already a new rda_allowed_pages filter in the release branch that allows for adding pages in a similar manner to what you’ve done here. It’s versioned 1.2.0 but with the rewrite, I may just call it 2.0.

Viewing 1 replies (of 1 total)
  • The topic ‘bracks iThemes security checks’ is closed to new replies.