dwindown/WooNooW
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: Trust PHP auth check, skip redundant REST API call

Browse Source
This commit is contained in:
dwindown
2025-11-04 23:28:03 +07:00
parent e8e380231e
commit 8a0f2e581e
3 changed files with 36 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
includes/Admin/StandaloneAdmin.php
View File

@@ -29,13 +29,8 @@ class StandaloneAdmin {
// Remove query string
$path = strtok( $request_uri, '?' );
// Check if path starts with /admin
if ( strpos( $path, '/admin' ) !== 0 ) {
return;
}
// Exclude /wp-admin
if ( strpos( $path, '/wp-admin' ) === 0 ) {
// Only handle exact /admin or /admin/ paths (not asset files)
if ( $path !== '/admin' && $path !== '/admin/' ) {
return;
}
@@ -49,7 +44,16 @@ class StandaloneAdmin {
*/
private static function render_standalone_admin() {
// Check if user is logged in and has permissions
$is_authenticated = is_user_logged_in() && current_user_can( 'manage_woocommerce' );
$is_logged_in = is_user_logged_in();
$has_permission = $is_logged_in && current_user_can( 'manage_woocommerce' );
$is_authenticated = $is_logged_in && $has_permission;
// Debug logging (only in WP_DEBUG mode)
if ( defined( 'WP_DEBUG' ) && WP_DEBUG ) {
error_log( '[StandaloneAdmin] is_user_logged_in: ' . ( $is_logged_in ? 'true' : 'false' ) );
error_log( '[StandaloneAdmin] has manage_woocommerce: ' . ( $has_permission ? 'true' : 'false' ) );
error_log( '[StandaloneAdmin] is_authenticated: ' . ( $is_authenticated ? 'true' : 'false' ) );
}
// Get nonce for REST API
$nonce = wp_create_nonce( 'wp_rest' );