Missing case for user_role check

  • Resolved denisbugeja

    (@denisbugeja)


    4 years, 8 months ago

    Hello, I’ve tested your plugin for a ephemeral e-commerce website.
    After several tests, I saw that there was a breach into your role check.
    You can have a look on this sample of code :

    global $current_user;
    $LoggedInUserID = $current_user->ID;
    $UserData = get_userdata( $LoggedInUserID );
    // If user is not having administrator, editor, author or contributor role he will be server the coming soon page too ??
    if($UserData->roles[0] == “subscriber” || (isset($_GET[‘get_preview’]) && $_GET[‘get_preview’] == ‘true’))

    if the logged user is logged as a woocommerce customer, he can visit the website event if it’s in maintenance mode.
    Why don’t you use a custom permission “bypass_coming_soon_screen”, affected by default to “administrator” role ?

    Only the allowed users could visit the website, it will be more flexible and administrable

    Thanks for you answer

    • This topic was modified 4 years, 8 months ago by denisbugeja.
Viewing 1 replies (of 1 total)
Viewing 1 replies (of 1 total)
  • The topic ‘Missing case for user_role check’ is closed to new replies.