Redirect on post.php?action=delete&post=POSTID&_wpnonce=NONCE"

  • Resolved writegnj

    (@writegnj)


    10 years, 5 months ago

    First of all, thank you for the great plugin!

    I have noticed one thing when you restrict admin area, you can’t use post delete feature from front-end. This is how my front-end delete button deletes the post from front-end and it just redirects to Theme my login’s profile page.

    SITEURL/wp-admin/post.php?action=delete&post=111&_wpnonce=20394jr44

    What would be the best to way to get around this?

    I still restrict access to admin area and want to have users (set to Author role) to delete their post from front-end.

    https://wordpress.org/plugins/theme-my-login/

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author Jeff Farthing

    (@jfarthing84)

    10 years, 5 months ago

    You’re best bet would be to disabled it on your own and don’t use TML’s setting to do so. Something like this:

    function disable_wp_admin() {
    if ( ! is_admin() )
        return;

    if ( current_user_can( 'manage_options' ) )
        return;

    if ( 'post.php' == $pagenow && isset( $_REQUEST['action'] ) && 'delete' == $_REQUEST['action'] )
        return;

    $redirect_to = home_url();
    wp_redirect( $redirect_to );
    exit;
}
add_action( 'init', 'disable_wp_admin' );
    Thread Starter writegnj

    (@writegnj)

    10 years, 5 months ago

    Hi Jeff, thank you for the response!

    I’m not quite sure how to use that code tho. Adding the code into my theme’s functions.php gives me the warning (Notice: Undefined variable: pagenow) and error (Cannot modify header information – headers already sent by ).

    Did u mean uncheck all roles under Restrict Admin Access and set my own restrict function? using your code?

    Thread Starter writegnj

    (@writegnj)

    10 years, 5 months ago

    This seems to be working but not quite if it’s secure enough 😉

    function disable_wp_admin() {

    if ( ! is_admin() )
        return;

    if ( current_user_can( 'manage_options' ) )
        return;

    if (( current_user_can( 'edit_posts' ) && defined( 'DOING_AJAX' ) && DOING_AJAX ) )
        return;

    if ( 'post.php' == isset( $_REQUEST['action'] ) && 'delete' == $_REQUEST['action'] && isset( $_REQUEST['post'] ) && isset( $_REQUEST['_wpnonce'] ) )
        return;

    $redirect_to = home_url();
    wp_redirect( $redirect_to );
    exit;
}
add_action( 'init', 'disable_wp_admin' );
    Plugin Author Jeff Farthing

    (@jfarthing84)

    10 years, 5 months ago

    Sorry. Change the action to admin_init.

    add_action( 'admin_init', 'disable_wp_admin' );
Viewing 4 replies - 1 through 4 (of 4 total)

The topic ‘Redirect on post.php?action=delete&post=POSTID&_wpnonce=NONCE"’ is closed to new replies.