[wp-trac] [WordPress Trac] #20872: Accessing /wp-admin/customize.php doesn't redirect to wp-login.php when not logged in
WordPress Trac
wp-trac at lists.automattic.com
Thu Jun 7 11:55:42 UTC 2012
#20872: Accessing /wp-admin/customize.php doesn't redirect to wp-login.php when not
logged in
--------------------------+--------------------------------------
Reporter: ocean90 | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: 3.4
Component: Appearance | Version: 3.4
Severity: normal | Keywords: needs-patch dev-feedback
--------------------------+--------------------------------------
I just sent the direct link to the Customizer `domain.com/wp-
admin/customize.php` to a friend and he only got a `Cheatin’ uh?` message.
The problem is, that we include the `admin.php` in `customize.php`.
`admin.php` includes `wp-load.php` which includes `wp-settings.php`.
`do_action( 'plugins_loaded' );` is fired.
`_wp_customize_include()` is fired.
`WP_Customize_Manager::setup_theme()` is fired.
In `setup_theme()`
{{{
if ( ! current_user_can( 'edit_theme_options' ) )
wp_die( __( 'Cheatin’ uh?' ) );
}}}
fails.
The main issue is, that `auth_redirect()` can't be fired since the
Customizer runs before this action.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/20872>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list