[wp-trac] [WordPress Trac] #16297: User admin shouldn't kick in if not multisite
WordPress Trac
wp-trac at lists.automattic.com
Sat Jan 22 05:04:59 UTC 2011
#16297: User admin shouldn't kick in if not multisite
------------------------------------+---------------------
Reporter: nacin | Owner: ryan
Type: defect (bug) | Status: closed
Priority: normal | Milestone: 3.1
Component: Network Admin | Version: 3.1
Severity: normal | Resolution: fixed
Keywords: has-patch dev-feedback |
------------------------------------+---------------------
Comment (by mdawaffe):
I have the following scenario.
A multisite user who is not a member of http://blog.multisite.com/ is sent
to http://blog.multisite.com/wp-
login.php?redirect_to=http://blog.multisite.com/foo/.
Since the user is not a member of http://blog.multisite.com/, though, the
user has no read cap. My redirect_to parameter is ignored and the user is
sent to user_admin_url().
A sort of strange scenario, I know. Be that as it may, I believe these
wp-login.php redirect_to conditionals are meant to prevent an unauthorized
user from being redirected to an *admin* url that he/she doesn't have
access to. They shouldn't prevent the user from going to a blog URL.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/16297#comment:7>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list