bracks iThemes security checks

  • Resolved Paul Bearne

    (@pbearne)


    5 years, 2 months ago

    This plugin doesn’t allow for admin_post_nopriv_{$action} action call as it blocks the loading of admin-post.php
    I feel this file should be whitelisted
    This patch will do it

    
	/**
	 * Dashboard Redirect.
	 *
	 * @since 0.1
	 *
	 * @see wp_redirect() Used to redirect disallowed users to chosen URL.
	 */
	function dashboard_redirect() {
		/** @global string $pagenow */
		global $pagenow;

		if( 'admin-post.php' === $pagenow ){
			return;
		}

		if ( 'profile.php' != $pagenow || ! $this->settings['enable_profile'] ) {
			wp_redirect( $this->settings['redirect_url'] );
			exit;
		}
	}

    The page I need help with: [log in to see the link]

Viewing 1 replies (of 1 total)
  • Drew Jaynes

    (@drewapicture)

    5 years, 1 month ago

    @pbearne Thanks for the suggestion! I’m actually pretty much restructuring the whole plugin to move toward a 1.2 release, and there’s actually already a new rda_allowed_pages filter in the release branch that allows for adding pages in a similar manner to what you’ve done here. It’s versioned 1.2.0 but with the rewrite, I may just call it 2.0.

Viewing 1 replies (of 1 total)

The topic ‘bracks iThemes security checks’ is closed to new replies.