Correct user admin redirection checks, and deny access to the user admin when not running multisite. fixes #16297.

git-svn-id: http://svn.automattic.com/wordpress/trunk@17332 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
nacin 2011-01-20 03:04:20 +00:00
parent 266b772e9c
commit 405e7dfa4f
2 changed files with 6 additions and 1 deletions

View File

@ -11,6 +11,11 @@ define('WP_USER_ADMIN', TRUE);
require_once( dirname(dirname(__FILE__)) . '/admin.php');
if ( ! is_multisite() ) {
wp_redirect( admin_url() );
exit;
}
if ( ! is_main_site() ) {
wp_redirect( user_admin_url() );
exit;

View File

@ -586,7 +586,7 @@ default:
// If the user doesn't belong to a blog, send them to user admin. If the user can't edit posts, send them to their profile.
if ( is_multisite() && !get_active_blog_for_user($user->id) )
$redirect_to = user_admin_url();
elseif ( !is_multisite() && !$user->has_cap('read') )
elseif ( is_multisite() && !$user->has_cap('read') )
$redirect_to = user_admin_url();
elseif ( !$user->has_cap('edit_posts') && ( empty( $redirect_to ) || $redirect_to == 'wp-admin/' || $redirect_to == admin_url() ) )
$redirect_to = admin_url('profile.php');