Making WordPress.org

Changeset 10903


Ignore:
Timestamp:
04/14/2021 05:08:34 AM (3 years ago)
Author:
dd32
Message:

Login: Allow members of the blog (not just super admins) to access wp-admin.

This allows certain moderators access to the pending user list.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • sites/trunk/common/includes/wporg-sso/wp-plugin.php

    r10889 r10903  
    345345                            $this->_redirect_to_source_or_profile();
    346346                        }
    347                     } elseif ( ( is_admin() && is_super_admin() ) || 0 === strpos( $_SERVER['REQUEST_URI'], '/wp-json' ) || 0 === strpos( $_SERVER['REQUEST_URI'], '/xmlrpc.php' ) ) {
     347                    } elseif (
     348                        (
     349                            ( is_admin() || wp_installing() ) &&
     350                            ( is_super_admin() || is_user_member_of_blog() )
     351                        ) ||
     352                        0 === strpos( $_SERVER['REQUEST_URI'], '/wp-json' ) ||
     353                        0 === strpos( $_SERVER['REQUEST_URI'], '/xmlrpc.php' )
     354                    ) {
    348355                        // Do nothing, allow access to wp-admin, wp-json and xmlrpc.php on login.wordpress.org
    349356                    } elseif ( is_user_logged_in() ) {
     
    558565
    559566        /**
    560          * The `send_auth_cookies` action used for the below function has no user context.
    561          * This function provides user context to it via the local static.
     567         * Hooked to 'set_auth_cookie' to provide action to the below function, as the
     568         * `send_auth_cookies` filter used for the below function has no user context.
    562569         */
    563570        public function maybe_block_auth_cookies_context_provider( $auth_cookie = null, $expire = null, $expiration = null, $user_id = null ) {
Note: See TracChangeset for help on using the changeset viewer.