#2074 closed defect (bug) (no action required)
[patch] wp-login is not part of $bp->root_components
Reported by: | andrew_s1 | Owned by: | |
---|---|---|---|
Milestone: | 1.5 | Priority: | minor |
Severity: | Version: | ||
Component: | Core | Keywords: | has-patch |
Cc: |
Description
wp-login is a root component, but is not listed in $bp->root_components
The attached patch fixes.
Attachments (1)
Change History (8)
#2
@
15 years ago
thk u ~ this makes sense. It patched clean with no apparent side effects of including it as a $bp->root_components
#3
@
15 years ago
Well, here's the code for the plugin, as something has gone horribly wrong with my posting to buddypress forums:
<?php /* Plugin Name: BuddyPress Lockdown Plugin URI: http://buddypress.org/ Description: Lock down your BuddyPress site if a user is not logged in. Author: Andy Peatling & Andrew_S1 Version: 1.2 Author URI: http://buddypress.org/ Site Wide Only: true */ function bp_lockdown() { global $bp; if ( BP_REGISTER_SLUG != $bp->current_component && BP_LOGIN_SLUG != $bp->current_component && BP_LOGIN1_SLUG != $bp->current_component && !is_user_logged_in() ) { bp_core_redirect( site_url( BP_LOGIN_SLUG ) ); } } function wp_lockdown() { if ( !is_user_logged_in() ) { auth_redirect( 'wp-login.php' ); } } add_action( 'bp_init', 'bp_lockdown'); // if no buddypress, have a backup plan add_action( 'send_headers', 'wp_lockdown'); ?>
#4
@
15 years ago
small revision to disable the wordpress hook (the backup plan) if buddypress is active, because we don't need it
<?php
/*
Plugin Name: BuddyPress Lockdown
Plugin URI: http://buddypress.org/
Description: Lock down your BuddyPress site if a user is not logged in.
Author: Andy Peatling & Andrew_S1
Version: 1.3
Author URI: http://buddypress.org/
Site Wide Only: true
*/
function bp_lockdown() {
global $bp;
remove_action('send_headers', 'wp_lockdown');
if ( BP_REGISTER_SLUG != $bp->current_component &&
BP_LOGIN_SLUG != $bp->current_component &&
BP_LOGIN1_SLUG != $bp->current_component &&
!is_user_logged_in() ) {
bp_core_redirect( site_url( BP_LOGIN_SLUG ) );
}
}
function wp_lockdown() {
if ( !is_user_logged_in() ) {
auth_redirect( 'wp-login.php' );
}
}
add_action( 'bp_init', 'bp_lockdown');
if no buddypress, have a backup plan
add_action( 'send_headers', 'wp_lockdown');
?>
#5
@
14 years ago
- Component set to Core
- Summary changed from wp-login is not part of $bp->root_components to [patch] wp-login is not part of $bp->root_components
See the thread http://buddypress.org/forums/topic/security-all-site-data-visible-to-members-and-non-members-alike#post-39404 for the motivation for this