在错误302重定向字preSS管理阿贾克斯结果 [英] Wordpress admin-ajax results in Error 302 redirect
问题描述
我已经定制了一个插件,使一些Ajax调用管理-ajax.php和它的伟大工程。我在复制code到另一个网站,它不再为没有登录的用户谁的作品。
从萤火虫:
POST的http://<子域><服务器> /wp-admin/admin-ajax.php 302临时移动1.08s。
GET HTTP://<子域><服务器> / 200 OK。
修改:现在的问题是什么可能一个主题可能做重定向Ajax请求。该插件有两个挂钩:
add_action('wp_ajax_em_ajax_getEvents','em_ajax_getEvents'); //为登录用户阿贾克斯
add_action('wp_ajax_nopriv_em_ajax_getEvents','em_ajax_getEvents'); //为不登录的用户阿贾克斯
他们都很好地工作在大多数的网站,而是一个主题重定向非登录用户以某种方式请求。由于这些行为是特定于插件我很茫然,以从哪里开始寻找。
解决方法:非常感谢罗纳德Huereca 为 add_action('init'的的解决方案,那就是究竟在何处违规重定向被钩住的,在保护管理方面的一种尝试。现在我只需要找到一个安全修复程序没有按'牛逼妥协主题的管理区,也不会从允许用户进行匿名Ajax请求加害其他插件。
//阻止用户访问管理
add_action('init'的,数组($此,prevent_admin_access'),0);
函数prevent_admin_access(){
如果(strpos(用strtolower($ _ SERVER ['REQUEST_URI']),/可湿性粉剂管理员)!= FALSE){
$ CURRENT_USER = wp_get_current_user();
如果(user_can($ current_user->!ID,'管理员')及及(user_can($ current_user->!ID,贡献者))){
wp_redirect(get_option('SITEURL'));
}
}
}
我有类似的事情发生在一个主题。原来的codeR从能够看到/可湿性粉剂管理员/地区试图prevent一个非管理员用户。
下面是一个例子:
//阻止访问/可湿性粉剂管理员非管理员。
功能custom_blockusers_init(){
如果(is_user_logged_in()及和放大器; is_admin()及和放大器;!current_user_can('管理员')){
wp_redirect(HOME_URL());
出口;
}
}
add_action('init'的,'custom_blockusers_init'); //勾成初始化
我会检查你的主题为源$ C $ C相似,我有。
当你找到code,只需添加一个额外条件,以确保用户不重定向如果 DOING_AJAX 常量定义。
I have customized a plugin to make some ajax calls to admin-ajax.php and it works great. I copied the code over to another site and it no longer works for users who are not logged in.
From firebug:
POST http://<subdomain>.<server>/wp-admin/admin-ajax.php 302 Moved Temporarily 1.08s
GET http://<subdomain>.<server>/ 200 OK
edit: The question is what could a theme possibly do to redirect ajax requests. The plugin has two hooks:
add_action( 'wp_ajax_em_ajax_getEvents', 'em_ajax_getEvents' ); // ajax for logged in users
add_action( 'wp_ajax_nopriv_em_ajax_getEvents', 'em_ajax_getEvents' ); // ajax for not logged in users
They both work fine on most sites, but one theme redirects requests from non logged in users somehow. Since these actions are specific to the plugin I am at a loss as to where to start looking.
SOLUTION: Big thanks to Ronald Huereca for the add_action( 'init' solution, that''s exactly where the offending redirect was hooking in, in an attempt to protect the admin area. Now I just need to find a safe fix here that doesn't compromise the theme's admin area, but also doesn't hamstring other plugins from allowing users to make anonymous ajax requests.
// stop users accessing the admin
add_action('init', array( $this, 'prevent_admin_access' ), 0);
function prevent_admin_access() {
if (strpos(strtolower($_SERVER['REQUEST_URI']), '/wp-admin') !== false) {
$current_user = wp_get_current_user();
if(!user_can($current_user->ID, 'administrator') && ( !user_can($current_user->ID, 'contributor') ) ){
wp_redirect(get_option('siteurl'));
}
}
}
I had something similar occur in a theme. The original coder was trying to prevent a non-admin user from being able to see the /wp-admin/ area.
Here's an example:
// Block Access to /wp-admin for non admins.
function custom_blockusers_init() {
if ( is_user_logged_in() && is_admin() && !current_user_can( 'administrator' ) ) {
wp_redirect( home_url() );
exit;
}
}
add_action( 'init', 'custom_blockusers_init' ); // Hook into 'init'
I would check your theme for source code similar to what I have.
When you find the code, just add an extra conditional to make sure that a user isn't redirected if the DOING_AJAX constant is defined.
这篇关于在错误302重定向字preSS管理阿贾克斯结果的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
