git.admin/roi-theme
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Commit inicial - WordPress Análisis de Precios Unitarios

Browse Source 
- WordPress core y plugins
- Tema Twenty Twenty-Four configurado
- Plugin allow-unfiltered-html.php simplificado
- .gitignore configurado para excluir wp-config.php y uploads

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
root
2025-11-03 21:04:30 -06:00
commit a22573bf0b
24068 changed files with 4993111 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
wp-content/plugins/remove-dashboard-access-for-non-admins/README.md Executable file
View File

@@ -0,0 +1,20 @@
# Remove Dashboard Access
## (Remove Dashboard Access for Non-Admins)
This WordPress plugin limits user access to the dashboard based on whether users have a chosen capability or role. Disallowed users are redirected to a chosen URL.
#### Features:
* Limit Dashboard access to admins only, admins + editors, admins + editors + authors, or limit by specific capability.
* Choose your own redirect URL
* Optionally allow user profile access
* Optionally display a message on the login screen
#### Contribute to RDA
Pull requests are welcome!
## Installation
1. Search 'Remove Dashboard Access' from the Install Plugins screen.
2. Install plugin, click Activate.

649
wp-content/plugins/remove-dashboard-access-for-non-admins/inc/class.rda-options.php Executable file
View File

@@ -0,0 +1,649 @@
<?php
// Bail if called directly.
if ( ! defined( 'ABSPATH' ) ) {
exit;
}
if ( class_exists( 'RDA_Options' ) ) {
return;
}
/**
* Remove Dashboard Access Options Class
*
* @since 1.0
*/
class RDA_Options {
/**
* Static instance to make removing actions and filters modular.
*
* @var $instance RDA_Options
* @since 1.1
* @access public
* @static
*/
public static $instance;
/**
* @var $settings array rda-settings options array
*
* @since 1.0
* @access public
*/
public $settings = array();
/**
* Init
*
* @since 1.0
* @access public
*/
public function __construct() {
self::$instance = $this;
self::$instance->setup();
}
/**
* Set up various actions, filters, and other items.
*
* @since 1.1
* @access public
*/
public function setup() {
$this->maybe_map_old_settings();
$this->settings = array(
'access_switch' => get_option( 'rda_access_switch', 'manage_options' ),
'access_cap' => get_option( 'rda_access_cap', 'manage_options' ),
'enable_profile' => get_option( 'rda_enable_profile', 1 ),
'redirect_url' => get_option( 'rda_redirect_url', home_url() ),
'login_message' => get_option( 'rda_login_message', esc_html__( 'This site is in maintenance mode.', 'remove_dashboard_access' ) ),
);
// Translation.
add_action( 'init', array( $this, 'load_textdomain' ) );
// Settings.
add_action( 'admin_menu', array( $this, 'options_page' ) );
add_action( 'admin_init', array( $this, 'settings' ) );
add_action( 'admin_head-settings_page_dashboard-access', array( $this, 'access_switch_js' ) );
// Settings link in plugins list.
add_filter( 'plugin_action_links', array( $this, 'settings_link' ), 10, 2 );
// Login message.
add_filter( 'login_message', array( $this, 'output_login_message' ) );
}
/**
* Load the plugin text domain for translation.
*
* @since 1.2.1
*/
public function load_textdomain() {
load_plugin_textdomain( 'remove_dashboard_access', false, dirname( plugin_basename( __FILE__ ) ) . '/languages/' );
}
/**
* (maybe) Map old settings (1.0-) to the new ones (1.1+).
*
* @since 1.1
* @access public
*/
public function maybe_map_old_settings() {
// If the settings aren't there, bail.
if ( false == $old_settings = get_option( 'rda-settings' ) ) {
return;
}
$new_settings = array();
if ( ! empty( $old_settings ) && is_array( $old_settings ) ) {
// Access Switch.
$new_settings['rda_access_switch'] = empty( $old_settings['access_switch'] ) ? 'manage_options' : $old_settings['access_switch'];
// Access Cap.
$new_settings['rda_access_cap'] = ( 'capability' == $new_settings['access_switch'] ) ? 'manage_options' : $new_settings['rda_access_switch'];
// Redirect URL.
$new_settings['rda_redirect_url'] = empty( $old_settings['redirect_url'] ) ? home_url() : $old_settings['redirect_url'];
// Enable Profile.
$new_settings['rda_enable_profile'] = empty( $old_settings['enable_profile'] ) ? true : $old_settings['enable_profile'];
// Login Message.
$new_settings['rda_login_message'] = '';
}
foreach ( $new_settings as $key => $value ) {
update_option( $key, $value );
}
delete_option( 'rda-settings' );
}
/**
* Activation Hook.
*
* Setup default options on activation.
*
* @since 1.0
* @access public
*
* @see $this->setup()
*/
public function activate() {
$settings = array(
'rda_access_switch' => 'manage_options',
'rda_access_cap' => 'manage_options',
'rda_redirect_url' => home_url(),
'rda_enable_profile' => 1,
'rda_login_message' => '',
);
foreach ( $settings as $key => $value ) {
add_option( $key, $value );
}
}
/**
* Options page: Remove Access
*
* @since 1.1.1
*
* @uses add_options_page() to add a sub-menu under 'Settings'
*/
function options_page() {
add_options_page(
esc_html__( 'Dashboard Access Settings', 'remove_dashboard_access' ),
esc_html__( 'Dashboard Access', 'remove_dashboard_access' ),
'manage_options',
'dashboard-access',
array( $this, 'options_page_cb' )
);
}
/**
* Options page: callback
*
* Outputs the form for the 'Remove Access' submenu
*
* @since 1.1.1
*/
function options_page_cb() {
?>
<div class="wrap">
<h2><?php esc_html_e( 'Dashboard Access Settings', 'remove_dashboard_access' ); ?></h2>
<form action="options.php" method="POST" id="rda-options-form">
<?php
settings_fields( 'dashboard-access' );
do_settings_sections( 'dashboard-access' );
submit_button();
?>
</form>
</div><!-- .wrap -->
<?php
}
/**
* Register settings and settings sections.
*
* @since 1.0
* @access public
*
* @see $this->setup()
*/
public function settings() {
// Dashboard Access Controls section.
add_settings_section( 'rda_options', esc_html__( 'Dashboard Access Controls', 'remove_dashbord_access' ), array( $this, 'settings_section' ), 'dashboard-access' );
// Settings.
$sets = array(
'rda_access_switch' => array(
'label' => esc_html__( 'Dashboard User Access:', 'remove_dashboard_access' ),
'callback' => 'access_switch_cb',
),
'rda_access_cap' => array(
'label' => '',
'callback' => 'access_cap_dropdown',
),
'rda_redirect_url' => array(
'label' => esc_html__( 'Redirect URL:', 'remove_dashboard_access' ),
'callback' => 'url_redirect_cb',
),
'rda_enable_profile' => array(
'label' => esc_html__( 'User Profile Access:', 'remove_dashboard_access' ),
'callback' => 'profile_enable_cb',
),
'rda_login_message' => array(
'label' => esc_html__( 'Login Message', 'remove_dashboard_access' ),
'callback' => 'login_message_cb',
),
);
foreach ( $sets as $id => $settings ) {
add_settings_field( $id, $settings['label'], array( $this, $settings['callback'] ), 'dashboard-access', 'rda_options' );
// Pretty lame that we need separate sanitize callbacks for everything.
$sanitize_callback = str_replace( 'rda', 'sanitize', $id );
register_setting( 'dashboard-access', $id, array( $this, $sanitize_callback ) );
};
// Debug info "setting".
if ( ! empty( $_GET['rda_debug'] ) ) { // phpcs:ignore WordPress.Security.NonceVerification
add_settings_field( 'rda_debug_mode', esc_html__( 'Debug Info', 'remove_dashboard_access' ), array( $this, '_debug_mode' ), 'dashboard-access', 'rda_options' );
}
}
/**
* Dashboard Access Controls display callback.
*
* @since 1.1
* @access public
*/
public function settings_section() {
esc_html_e( 'Dashboard access can be restricted to users of certain roles only or users with a specific capability.', 'remove_dashboard_access' );
}
/**
* Access Controls 2 of 2.
*
* Output the capability drop-down.
*
* @since 1.1
* @access public
*/
public function access_cap_dropdown() {
$switch = $this->settings['access_switch'];
?>
<p><label>
<input name="rda_access_switch" type="radio" value="capability" class="tag" <?php checked( 'capability', esc_attr( $switch ) ); ?> />
<?php echo wp_kses( __( '<strong>Advanced</strong>: Limit by capability:', 'remove_dashboard_access' ), array( 'strong' => array() ) ); ?>
</label><?php $this->_output_caps_dropdown(); ?></p>
<p>
<?php printf( esc_html__( 'You can find out more about specific %s in the Codex.', 'remove_dashboard_access' ),
sprintf( '<a href="%1$s" target="_new">%2$s</a>',
esc_url( 'http://codex.wordpress.org/Roles_and_Capabilities' ),
esc_html__( 'Roles &amp; Capabilities', 'remove_dashboard_access' )
)
); ?>
</p>
<?php
}
/**
* Capability-type radio switch jQuery script.
*
* When the 'Limit by capability' radio option is selected the script.
* enables the capabilities drop-down. Default state is disabled.
*
* @since 1.0
* @access public
*
* @see $this->setup()
*/
public function access_switch_js() {
wp_enqueue_script( 'rda-settings', plugin_dir_url( __FILE__ ) . 'js/settings.js', array( 'jquery' ), '1.0' );
}
/**
* Enable/Disable radio toggle display callback.
*
* @since 1.1
* @access public
*
* @see $this->options_setup()
*/
public function plugin_toggle_cb() {
printf( '<input name="rda_toggle_plugin_off" type="checkbox" value="1" class="code" %1$s/>%2$s',
checked( esc_attr( $this->settings['toggle_plugin_off'] ), true, false ),
esc_html__( ' Disable access controls and redirection', 'remove_dashboard_access' )
);
}
/**
* Capability-type radio switch display callback.
*
* Displays the radio button switch for choosing which
* capability users need to access the Dashboard. Mimics
* 'Page on front' UI in options-reading.php for a more
* integrated feel.
*
* @since 1.0
* @access public
*
* @see $this->caps_dropdown()
*/
public function access_switch_cb() {
echo '<a id="dashboard-access"></a>';
$switch = $this->settings['access_switch'];
/**
* Filter the capability defaults for admins, editors, and authors.
*
* @since 1.1
*
* @param array $capabilities {
* Default capabilities for various roles.
*
* @type string $admin Capability to use for administrators only. Default 'manage_options'.
* @type string $editor Capability to use for admins + editors. Default 'edit_others_posts'.
* @type string $author Capability to use for admins + editors + authors. Default 'publish_posts'.
* }
*/
$defaults = apply_filters( 'rda_default_caps_for_role', array(
'admin' => 'manage_options',
'editor' => 'edit_others_posts',
'author' => 'publish_posts',
) );
?>
<p><label>
<input name="rda_access_switch" type="radio" value="<?php echo esc_attr( $defaults['admin'] ); ?>" class="tag" <?php checked( $defaults['admin'], esc_attr( $switch ) ); ?> />
<?php esc_html_e( 'Administrators only', 'remove_dashboard_access' ); ?>
</label></p>
<p><label>
<input name="rda_access_switch" type="radio" value="<?php echo esc_attr( $defaults['editor'] ); ?>" class="tag" <?php checked( $defaults['editor'], esc_attr( $switch ) ); ?> />
<?php esc_html_e( 'Editors and Administrators', 'remove_dashboard_access' ); ?>
</label></p>
<p><label>
<input name="rda_access_switch" type="radio" value="<?php echo esc_attr( $defaults['author'] ); ?>" class="tag" <?php checked( $defaults['author'], esc_attr( $switch ) ); ?> />
<?php esc_html_e( 'Authors, Editors, and Administrators', 'remove_dashboard_access' ); ?>
</label></p>
<?php
}
/**
* Capability-type switch drop-down.
*
* @since 1.0
* @access private
*
* @see $this->access_switch_cb()
*/
private function _output_caps_dropdown() {
/** @global WP_Roles $wp_roles */
global $wp_roles;
$capabilities = array();
foreach ( $wp_roles->role_objects as $key => $role ) {
if ( is_array( $role->capabilities ) ) {
foreach ( $role->capabilities as $cap => $grant )
$capabilities[$cap] = $cap;
}
}
// Gather legacy user levels.
$levels = array(
'level_0','level_1', 'level_2', 'level_3',
'level_4', 'level_5', 'level_6', 'level_7',
'level_8', 'level_9', 'level_10',
);
// Remove levels from caps array (Thank you Justin Tadlock).
$capabilities = array_diff( $capabilities, $levels );
// Remove # capabilities (maybe from some plugin, perhaps?).
for ( $i = 0; $i < 12; $i++ ) {
unset( $capabilities[$i] );
}
// Alphabetize for nicer display.
ksort( $capabilities );
if ( ! empty( $capabilities ) ) {
// Start <select> element.
print( '<select name="rda_access_cap">' );
// Default first option.
printf( '<option selected="selected" value="manage_options">%s</option>', esc_html__( '--- Select a Capability ---', 'removed_dashboard_access' ) );
// Build capabilities dropdown.
foreach ( $capabilities as $capability => $value ) {
printf( '<option value="%1$s" %2$s>%3$s</option>', esc_attr( $value ), selected( $this->settings['access_cap'], $value ), esc_html( $capability ) );
}
print( '</select>' );
}
}
/**
* Enable profile access checkbox display callback.
*
* @since 1.0
* @access public
*
* @see $this->options_setup()
*
* @uses checked() Outputs the checked attribute when the option is enabled.
*/
public function profile_enable_cb() {
printf( '<label><input name="rda_enable_profile" type="checkbox" value="1" class="code" %1$s/>%2$s</label>',
checked( esc_attr( $this->settings['enable_profile'] ), true, false ),
/* Translators: The leading space is intentional to space the text away from the checkbox */
esc_html__( ' Allow all users to edit their profiles in the dashboard.', 'remove_dashboard_access' )
);
}
/**
* Redirect URL display callback.
*
* Default value is home_url(). $this->sanitize_option() handles validation and escaping.
*
* @since 1.0
* @access public
*
* @see $this->options_setup()
*/
public function url_redirect_cb() {
?>
<p><label>
<?php esc_html_e( 'Redirect disallowed users to:', 'remove_dashboard_access' ); ?>
<input name="rda_redirect_url" class="regular-text" type="text" value="<?php echo esc_attr( $this->settings['redirect_url'] ); ?>" placeholder="<?php printf( esc_attr__( 'Default: %s', 'remove_dashboard_access' ), home_url() ); ?>" />
</label></p>
<?php
}
/**
* Login Message display callback.
*
* @since 1.1
* @access public
*/
public function login_message_cb() {
?>
<p><label>
<?php esc_html_e( 'Display this message to users above the login form:', 'remove_dashboard_access' ); ?>
<input name="rda_login_message" class="widefat" type="text" value="<?php echo esc_attr( $this->settings['login_message'] ); ?>" placeholder="<?php esc_attr_e( '(Disabled when empty)', 'remove_dashboard_access' ); ?>" />
</label>
</p>
<p class="howto">
<span class="howto"><?php
// translators: %s is replaced with the default login message
echo sprintf(
esc_html__( 'Leave blank to not show a message. This message will only be shown on the %1$sLog In screen%2$s, not in embedded Login/Logout blocks.', 'remove_dashboard_access' ),
'<a href="' . esc_url( wp_login_url() ) . '" target="_blank">',
'<span class="screen-reader-text"> ' . esc_html__( '(This link opens in a new window.)' ) . '</span></a>'
);
?></span>
</p>
<?php
}
/**
* Login Message option callback.
*
* @since 1.1
* @access public
*/
public function output_login_message( $message ) {
if ( ! empty( $this->settings['login_message'] ) ) {
$message .= '<p class="message">' . esc_html( $this->settings['login_message'] ) . '</p>';
}
return $message;
}
/**
* Access Switch sanitize callback.
*
* @since 1.1
* @access public
*
* @param string $option Access switch capability.
* @return string Sanitized capability.
*/
public function sanitize_access_switch( $option ) {
return $option;
}
/**
* Access capability sanitize callback.
*
* @since 1.1
* @access public
*
* @param string $option Access capability.
* @return string Sanitized capability. If the option is empty, default to the value of
* 'rda_access_switch'.
*/
public function sanitize_access_cap( $option ) {
return empty( $option ) ? get_option( 'rda_access_switch' ) : $option;
}
/**
* Redirect URL sanitize callback.
*
* @since 1.1
* @access public
*
* @param string $option Redirect URL.
* @return string If empty, defaults to home_url(). Otherwise sanitized URL.
*/
public function sanitize_redirect_url( $option ) {
return empty( $option ) ? home_url() : esc_url_raw( $option );
}
/**
* Enable Profile sanitize callback.
*
* @since 1.1
* @access public
*
* @param bool $option Whether to enable all users to edit their profiles.
* @return bool Whether all users will be able to edit their profiles.
*/
public function sanitize_enable_profile( $option ) {
return (bool) empty( $option ) ? false : true;
}
/**
* Login Message sanitize callback.
*
* @since 1.1
* @access public
*
* @param string $option Login message.
* @return string Sanitized login message.
*/
public function sanitize_login_message( $option ) {
return sanitize_text_field( $option );
}
/**
* Required capability for Dashboard access.
*
* @since 1.0
* @access public
*
* @return string $this->settings['access_cap'] if set, otherwise, 'manage_options' (filterable).
*/
public function capability() {
/**
* Filter the access capability.
*
* @since 1.1
*
* @param string $capability Capability needed to access the Dashboard.
*/
return apply_filters( 'rda_access_capability', $this->settings['access_cap'] );
}
/**
* Plugins list 'Settings' row link.
*
* @since 1.0
*
* @see $this->setup()
*
* @param array $links Row links array to filter.
* @return array $links Filtered links array.
*/
public function settings_link( $links, $file ) {
// WordPress.org slug.
if ( 'remove-dashboard-access-for-non-admins/remove-dashboard-access.php' == $file
// GitHub slug
|| 'remove-dashboard-access/remove-dashboard-access.php' == $file
) {
array_unshift( $links, sprintf( '<a href="%1$s">%2$s</a>',
esc_url( admin_url( 'options-general.php?page=dashboard-access' ) ),
esc_html__( 'Settings', 'remove_dashboard_access' )
) );
}
return $links;
}
/**
* Debug mode output.
*
* When rda_debug=1 is passed via the query string, displays a table with all the raw
* option values for debugging purposes.
*
* @since 1.1
* @access public
*/
public function _debug_mode() {
?>
<style type="text/css">
table.rda_debug {
width: 400px;
border: 1px solid #222;
}
.rda_debug th {
text-align: center;
}
.rda_debug th,
.rda_debug td {
width: 50%;
padding: 15px 10px;
border: 1px solid #222;
}
</style>
<table class="rda_debug">
<tbody>
<tr>
<th><?php esc_html_e( 'Setting', 'remove_dashboard_access' ); ?></th>
<th><?php esc_html_e( 'Value', 'remove_dashboard_access' ); ?></th>
</tr>
<?php foreach ( $this->settings as $key => $value ) :
$value = empty( $value ) ? esc_html__( 'empty', 'remove_dashboard_access' ) : $value;
?>
<tr>
<td><?php echo esc_html( $key ); ?></td>
<td><?php echo esc_html( $value ); ?></td>
</tr>
<?php endforeach; ?>
</tbody>
</table>
<?php
}
} // RDA_Options

280
wp-content/plugins/remove-dashboard-access-for-non-admins/inc/class.rda-remove-access.php Executable file
View File

@@ -0,0 +1,280 @@
<?php
/**
* Remove Dashboard Access Class
*
* @since 1.0
*/
// Bail if called directly.
if ( ! defined( 'ABSPATH' ) ) {
exit;
}
if ( ! class_exists( 'RDA_Remove_Access' ) ) {
class RDA_Remove_Access {
/**
* @var string $capability
*
* String with capability passed from RDA_Options{}
*
* @since 1.0
*/
var $capability;
/**
* @var array $settings
*
* Array of settings passed from RDA_Options{}
*
* @since 1.0
*/
var $settings = array();
/**
* RDA Remove Access Init
*
* @since 1.0
* @since 1.1.3 Moved `is_user_allowed()` to the {@see 'init'} hook.
*
* @param string $capability Capability passed from RDA_Options instance.
* @param array $settings Settings array passed from RDA_Options instance.
*/
function __construct( $capability, $settings ) {
if ( empty( $capability ) ) {
return; // Bail
} else {
$this->capability = $capability;
}
$this->settings = $settings;
add_action( 'init', array( $this, 'is_user_allowed' ) );
}
/**
* Determine if user is allowed to access the Dashboard.
*
* @since 1.0
*
* @uses current_user_can() Checks whether the current user has the specified capability.
* @return null Bail if the current user has the requisite capability.
*/
function is_user_allowed() {
if ( $this->capability && ! current_user_can( $this->capability ) && ! defined( 'DOING_AJAX' ) ) {
$this->lock_it_up();
} else {
return; // Bail
}
}
/**
* "Lock it up" Hooks.
*
* dashboard_redirect - Handles redirecting disallowed users.
* hide_menus - Hides the admin menus.
* hide_toolbar_items - Hides various Toolbar items on front and back-end.
*
* @since 1.0
*/
function lock_it_up() {
add_action( 'admin_init', array( $this, 'dashboard_redirect' ) );
add_action( 'admin_head', array( $this, 'hide_menus' ) );
add_action( 'admin_bar_menu', array( $this, 'hide_toolbar_items' ), 999 );
}
/**
* Hide menus other than profile.php.
*
* @since 1.1
*/
public function hide_menus() {
/** @global array $menu */
global $menu;
if ( ! $menu || ! is_array( $menu ) ) {
return;
}
// Gather menu IDs (minus profile.php).
foreach ( $menu as $index => $values ) {
if ( isset( $values[2] ) ) {
if ( 'profile.php' == $values[2] ) {
continue;
}
// Remove menu pages.
remove_menu_page( $values[2] );
}
}
}
/**
* Dashboard Redirect.
*
* @since 0.1
*
* @see wp_redirect() Used to redirect disallowed users to chosen URL.
*/
function dashboard_redirect() {
/** @global string $pagenow */
global $pagenow;
if ( $this->is_allowed_page() ) {
return;
}
if ( ( $pagenow && 'profile.php' !== $pagenow ) || ( defined( 'IS_PROFILE_PAGE' ) && ! IS_PROFILE_PAGE ) || ! $this->settings['enable_profile'] ) {
wp_redirect( $this->settings['redirect_url'] );
exit;
}
}
/**
* Returns an array of admin pages that are allowed.
*
* @since 1.2
*
* @return array Allowlist of admin pages.
*/
private function get_allowlist() {
$allowlist = array(
'admin.php' => array(
array(
'page' => 'WFLS', // Wordfence Login Security 2FA
),
),
);
/**
* Filter the allowlist of admin pages.
* The function returns an associative array with $pagenow as the key and a nested array of key => value pairs
* where the key is the $_GET variable and the value is the allowed value.
*
* Example: To allow the Wordfence Login Security 2FA page, with a URL of admin.php?page=WFLS, the array would be:
*
* array(
* 'admin.php' => array(
* array(
* 'page' => 'WFLS',
* ),
* ),
* );
*
* You can also allow relative paths to be defined as either the key or value.
*
* Example: To allow the Wordfence Login Security 2FA page, with a URL of admin.php?page=WFLS, the array would be:
*
* array(
* 'admin.php?page=WFLS' => array(),
* );
*
* @param array $allowlist The allowlist of admin pages.
*/
$allowlist = apply_filters( 'rda_allowlist', $allowlist );
return $allowlist;
}
/**
* Checks if the current page is allowed.
*
* @since 1.2
*
* @return bool True if the current page is in the allowlist, false otherwise.
*/
private function is_allowed_page() {
$allowlist = $this->get_allowlist();
// Allow full URLs to be defined as either the key or value.
foreach ( $allowlist as $allowed_url_key => $allowed_url_value ) {
if ( empty( $_SERVER['REQUEST_URI'] ) ) {
continue;
}
if ( $allowed_url_key === $_SERVER['REQUEST_URI'] ) {
return true;
}
if ( $allowed_url_value === $_SERVER['REQUEST_URI'] ) {
return true;
}
}
/** @global string $pagenow */
global $pagenow;
if ( empty( $pagenow ) ) {
return false;
}
if ( ! array_key_exists( $pagenow, $allowlist ) ) {
return false;
}
// Iterate over each set of allowed GET parameters for the current page.
foreach ( $allowlist[ $pagenow ] as $allowed_params_set ) {
if ( $this->is_params_set_allowed( $allowed_params_set ) ) {
return true;
}
}
return false;
}
/**
* Checks if a set of parameters matches the current $_GET parameters.
*
* @since 1.2
*
* @param array $allowed_params_set A set of allowed GET parameters.
* @return bool True if the current $_GET parameters match the allowed set, false otherwise.
*/
private function is_params_set_allowed( $allowed_params_set ) {
if ( ! is_array( $_GET ) || ! is_array( $allowed_params_set ) ) {
return false;
}
// Check if the number of parameters in both arrays is the same. This prevents sub-pages from being allowed,
// e.g. admin.php?page=example&subpage=secure-thing.
if ( count( $_GET ) !== count( $allowed_params_set ) ) {
return false;
}
foreach ( $allowed_params_set as $param_key => $param_value ) {
if ( ! isset( $_GET[ $param_key ] ) || $_GET[ $param_key ] !== $param_value ) {
return false;
}
}
return true;
}
/**
* Hide Toolbar Items.
*
* @since 1.0
*
* @param WP_Admin_Bar $wp_admin_bar For remove_node() method access.
*/
function hide_toolbar_items( $wp_admin_bar ) {
$edit_profile = ! $this->settings['enable_profile'] ? 'edit-profile' : '';
if ( is_admin() ) {
$ids = array( 'about', 'comments', 'new-content', $edit_profile );
$nodes = apply_filters( 'rda_toolbar_nodes', $ids );
} else {
$ids = array( 'about', 'dashboard', 'comments', 'new-content', 'edit', $edit_profile );
$nodes = apply_filters( 'rda_frontend_toolbar_nodes', $ids );
}
foreach ( $nodes as $id ) {
$wp_admin_bar->remove_menu( $id );
}
}
} // RDA_Remove_Access
} // class_exists

1
wp-content/plugins/remove-dashboard-access-for-non-admins/inc/index.php Executable file
View File

@@ -0,0 +1 @@
<?php // Silence is golden

1
wp-content/plugins/remove-dashboard-access-for-non-admins/inc/js/index.php Executable file
View File

@@ -0,0 +1 @@
<?php // Silence is golden

13
wp-content/plugins/remove-dashboard-access-for-non-admins/inc/js/settings.js Executable file
View File

@@ -0,0 +1,13 @@
/**
* Mimic WordPress Core's front-page dropdown toggle control.
*/
jQuery( document ).ready( function( $ ) {
var section = $( '.form-table' ),
capType = section.find( 'input:radio[value="capability"]' ),
selects = section.find( 'select' ),
check_disabled = function() {
selects.prop( 'disabled', ! capType.prop( 'checked' ) );
};
check_disabled();
section.find( 'input:radio' ).change( check_disabled );
} );

1
wp-content/plugins/remove-dashboard-access-for-non-admins/index.php Executable file
View File

@@ -0,0 +1 @@
<?php // Silence is golden

1
wp-content/plugins/remove-dashboard-access-for-non-admins/languages/index.php Executable file
View File

@@ -0,0 +1 @@
<?php // Silence is golden

BIN
wp-content/plugins/remove-dashboard-access-for-non-admins/languages/remove-dashboard-access.mo Executable file
View File

Binary file not shown.

124
wp-content/plugins/remove-dashboard-access-for-non-admins/languages/remove-dashboard-access.po Executable file
View File

@@ -0,0 +1,124 @@
msgid ""
msgstr ""
"Project-Id-Version: Remove Dashboard Access\n"
"POT-Creation-Date: 2014-07-16 02:30-0700\n"
"PO-Revision-Date: 2014-07-16 02:31-0700\n"
"Last-Translator: \n"
"Language-Team: Drew Jaynes (DrewAPicture) <info@drewapicture.com>\n"
"Language: en\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"X-Generator: Poedit 1.6.6\n"
"X-Poedit-KeywordsList: __;_e;esc_attr__;esc_attr_e;esc_html__;esc_html_e;_x;"
"_ex;esc_attr_x;esc_html_x;_n;_nx;_n_noop;_nx_noop\n"
"X-Poedit-Basepath: ../\n"
"X-Poedit-SearchPath-0: .\n"
#: inc/class.rda-options.php:55
msgid "This site is in maintenance mode."
msgstr ""
#: inc/class.rda-options.php:141 inc/class.rda-options.php:160
msgid "Dashboard Access Settings"
msgstr ""
#: inc/class.rda-options.php:142
msgid "Dashboard Access"
msgstr ""
#: inc/class.rda-options.php:182
msgid "Dashboard Access Controls"
msgstr ""
#: inc/class.rda-options.php:187
msgid "Dashboard User Access:"
msgstr ""
#: inc/class.rda-options.php:195
msgid "Redirect URL:"
msgstr ""
#: inc/class.rda-options.php:199
msgid "User Profile Access:"
msgstr ""
#: inc/class.rda-options.php:203
msgid "Login Message"
msgstr ""
#: inc/class.rda-options.php:218
msgid "Debug Info"
msgstr ""
#: inc/class.rda-options.php:230
msgid ""
"Dashboard access can be restricted to users of certain roles only or users "
"with a specific capability."
msgstr ""
#: inc/class.rda-options.php:246
msgid "<strong>Advanced</strong>: Limit by capability:"
msgstr ""
#: inc/class.rda-options.php:249
#, php-format
msgid "You can find out more about specific %s in the Codex."
msgstr ""
#: inc/class.rda-options.php:252
msgid "Roles &amp; Capabilities"
msgstr ""
#: inc/class.rda-options.php:285
msgid " Disable access controls and redirection"
msgstr ""
#: inc/class.rda-options.php:328
msgid "Administrators only"
msgstr ""
#: inc/class.rda-options.php:332
msgid "Editors and Administrators"
msgstr ""
#: inc/class.rda-options.php:336
msgid "Authors, Editors, and Administrators"
msgstr ""
#: inc/class.rda-options.php:386
msgid "--- Select a Capability ---"
msgstr ""
#: inc/class.rda-options.php:410
msgid " Allow all users to edit their profiles in the dashboard."
msgstr ""
#: inc/class.rda-options.php:427
msgid "Redirect disallowed users to:"
msgstr ""
#: inc/class.rda-options.php:428
#, php-format
msgid "Default: %s"
msgstr ""
#: inc/class.rda-options.php:441
msgid "(Disabled when empty)"
msgstr ""
#: inc/class.rda-options.php:561
msgid "Settings"
msgstr ""
#: inc/class.rda-options.php:596
msgid "Setting"
msgstr ""
#: inc/class.rda-options.php:597
msgid "Value"
msgstr ""
#: inc/class.rda-options.php:600
msgid "empty"
msgstr ""

244
wp-content/plugins/remove-dashboard-access-for-non-admins/readme.txt Executable file
View File

@@ -0,0 +1,244 @@
=== Remove Dashboard Access ===
Contributors: TrustedLogin
Donate link: https://www.trustedlogin.com
Tags: dashboard, access, administration, login, restrict
Requires at least: 3.1.0
Tested up to: 6.7
Stable tag: 1.2.1
Requires PHP: 5.3
Disable Dashboard access for users of a specific role or capability. Disallowed users are redirected to a chosen URL. Get set up in seconds.
== Description ==
The easiest and safest way to restrict access to your WordPress site's Dashboard and administrative menus. Remove Dashboard Access is a lightweight plugin that automatically redirects users who shouldn't have access to the Dashboard to a custom URL of your choosing. Redirects can also be configured on a per-role/per-capability basis, allowing you to keep certain users out of the Dashboard, while retaining access for others.
* Limit Dashboard access to user roles:
- Admins only
- Admins + editors
- Admins, editors, and authors
- or restrict by specific user capability
* Choose your own redirect URL
* Optionally allow users to edit their profiles
* Display a message on the login screen so users know why they're being redirected
Blocking access to the Dashboard is a great way to prevent clients from breaking their sites, prevent users from seeing things they shouldn't, and to keep your site's backend more secure.
<strong>Allow only users with roles or capabilities:</strong>
You can restrict Dashboard access to Admins only, Editors or above, Authors or above, or by selecting a specific user capability.
<strong>Grant access to user profiles:</strong>
Optionally allow all users the ability to edit their profiles in the Dashboard. Users lacking the chosen capability won't be able to access any other sections of the Dashboard.
<strong>Show a custom login message:</strong>
* Supply a message to display on the login screen. Leaving this blank disables the message.
== Installation ==
1. Search 'Remove Dashboard Access' from the Install Plugins screen.
2. Install plugin, click Activate.
== Frequently Asked Questions ==
= What happens to disallowed users who try to access to the Dashboard? =
Users lacking the chosen capability or role(s) will be redirected to the URL set in Settings > Dashboard Access.
= Why haven't you added an option to disable the WordPress Toolbar? =
The Toolbar contains certain important links (even for disallowed users) such as for accessing to the profile editor and/or logging out. Plus, there are many plugins out there for disabling the Toolbar if you really want to.
= Can I disable the redirection/profile-editing controls without disabling the plugin? =
No. Disable the plugin if you don't wish to leverage the functionality.
= How do I hide other plugins/themes' Toolbar menus? =
* Remove Dashboard Access removes some built-in WordPress Toolbar menus by default, but can be extended to hide menus from other plugins or themes via two filters: `rda_toolbar_nodes` (viewing from the admin), and `rda_frontend_toolbar_nodes` (viewing from the front-end).
= How do I find the menu (node) id? =
* In the HTML page source, look for the `<li>` container for the menu node you're targeting. It should take the form of `<li id="wp-admin-bar-SOMETHING">`
* In `<li id="wp-admin-bar-SOMETHING">`, you want the "SOMETHING" part.
= How can I allow access to specific pages of the Dashboard? =
The function returns an associative array with `$pagenow` as the key and a nested array of key => value pairs where the key is the `$_GET` parameter and the value is the allowed value.
Example: If you want to allow a URL of `admin.php?page=EXAMPLE`, there are three parts to know:
- The `$pagenow` global value (`tools.php` in this case)
- The `$_GET` key (`page` in this case)
- The `$_GET value (`EXAMPLE in this case)
Here is how we would add that URL to the allowlist:
`
/**
* Allow users to access a page with a URL of tools.php?page=EXAMPLE
*
* @param array $pages Allowed Dashboard pages.
* @return array Filtered allowed Dashboard pages.
*/
function wpdocs_allow_example_dashboard_page( $pages ) {
// If the $pages array doesn't contain the 'admin.php' key, add it.
if ( ! isset( $pages['tools.php'] ) ) {
$pages['tools.php'] = array();
}
// Now add `?page=EXAMPLE` combination to the allowed parameter set for that page.
$pages['tools.php'][] = array(
'page' => 'EXAMPLE'
);
return $pages;
}
add_filter( 'rda_allowlist', 'wpdocs_allow_example_dashboard_page' );
`
= How can I filter the disallowed Toolbar nodes on the front-end? =
`
/**
* Filter hidden Toolbar menus on the front-end.
*
* @param array $ids Toolbar menu IDs.
* @return array Filtered front-end Toolbar menu IDs.
*/
function wpdocs_hide_some_toolbar_menu( $ids ) {
$ids[] = 'SOMETHING';
return $ids;
}
add_filter( 'rda_frontend_toolbar_nodes', 'wpdocs_hide_some_toolbar_menu' );
<strong>Common plugin Toolbar menus and their ids:</strong>
* <a href="https://wordpress.org/extend/plugins/jetpack/">Jetpack by WordPress.com</a> (notifications) 'notes'
* <a href="https://wordpress.org/extend/plugins/wordpress-seo/">WordPress SEO by Yoast</a> 'wpseo-menu'
* <a href="https://wordpress.org/extend/plugins/w3-total-cache/">W3 Total Cache</a> 'w3tc'
= How do I enable Debug Mode? =
To view debugging information on the Settings > Reading screen, visit:
`
example.com/options-general.php?page=dashboard-access&rda_debug=1
`
= Can I contribute to the plugin? =
Yes! This plugin is in active development <a href="https://github.com/trustedlogin/Remove-Dashboard-Access" target="_new">on GitHub</a>. Pull requests are welcome!
= Is the plugin GDPR compliant? =
Yes. The plugin does not collect any personal data, nor does it set any cookies.
== Screenshots ==
1. The Dashboard Access Controls settings in the Settings > Dashboard Access screen.
2. Allow users to access their profile settings (only).
3. Optional login message.
== Changelog ==
= 1.2.1 on November 29, 2024 =
* Fixed: Compatibility with WordPress 6.7 (there was a warning that translations were being loaded too soon)
* Tweak: Sanitized admin menu URL
= 1.2 on January 29, 2024 =
* Confirmed compatibility with WordPress 6.4.2
* New: Added a new filter, `rda_allowlist`, to configure pages that should be accessible to all users, regardless of their capabilities or roles (see FAQ for usage)
* Improved: Added a description that clarifies that the Login Message is only displayed on the WordPress "Log In" screen
* Improved: The User Profile Access text is now a proper label for the checkbox
* Fixed: Allow access to the Wordfence 2FA configuration page ([#33](https://github.com/trustedlogin/Remove-Dashboard-Access/issues/33))
* Fixed: Text domain not properly set for translations (thanks [@fierevere](https://wordpress.org/support/topic/i18n-problem-textdomain-is-not-sethello/))
* Tweak: Prevent directly accessing PHP files by checking for `ABSPATH` ([#26](https://github.com/trustedlogin/Remove-Dashboard-Access/issues/26))
* Tweak: Prevent browsing directories on poorly-configured servers by adding `index.php` files in plugin directories
= 1.1.4 & 1.1.5 on April 18, 2022 =
Remove Dashboard Access is now being maintained by [TrustedLogin](https://www.trustedlogin.com/2022/02/21/remove-dashboard-access/)! Remove Dashboard Access aligns with what we do at TrustedLogin: simply making WordPress more secure. Email any questions to [support@trustedlogin.com](mailto:support@trustedlogin.com).
* Fixed: Deactivating and activating the plugin will no longer overwrite plugin settings
* Fixed: Deprecated function `screen_icon()` warning
* Fixed: Issue when front-end editing of profiles when the `$pagenow` global is not defined ([#24](https://github.com/trustedlogin/Remove-Dashboard-Access/issues/24))
* Fixed: Potential `Invalid argument supplied for foreach()` PHP warning ([#22](https://github.com/trustedlogin/Remove-Dashboard-Access/pull/22))
= 1.1.3 =
* Fixed a compatibility issue with bbPress and the media grid view.
= 1.1.2 =
* Bump tested-up-to to 4.1.0
* Miscellaneous readme changes.
= 1.1.1 =
Bug Fix:
* Move options back to Settings > Dashboard Access screen to resolve conflict with page_on_front UI.
= 1.1 =
Enhancements:
* Instantiate as a static instance for better modularity
* Move Dashboard Access Controls settings to Settings > Dashboard Access
* Add optional login message option
* Add better settings sanitization
* New Filter: `rda_default_caps_for_role` - Filter default roles for Admins, Editors, and Authors
* New Debug Mode
Bug Fixes:
* Remove unnecessarily stringent URL mask on the redirect URL option
= 1.0 =
* Complete rewrite!
* New: Limit dashboard access for Admins only or by capability
* New: Allow/disallow edit-profile access
* New: Choose your own redirect URL
* New Filter: `rda_default_access_cap` - Change default access capability
* New Filter: `rda_toolbar_nodes` - Filter which back-end Toolbar nodes are hidden
* New Filter: `rda_frontend_toolbar_nodes` - Filter which front-end Toolbar nodes are hidden
= 0.4 =
* Refined DOING_AJAX check for logged-out users, props @nacin and @BoiteAWeb
= 0.3 =
* Changed cap to manage_options, replaced PHP_SELF with DOING_AJAX
= 0.2 =
* Replaced preg_match with admin-ajax test. Added compatibility with rewritten dashboard URLs.
= 0.1 =
* Submitted to repository
== Upgrade Notice ==
= 0.4 =
* Refined DOING_AJAX check for logged-out users
= 0.3 =
* Improved function.
= 0.2 =
* No additional files were added.
= 0.1 =
* Initial submission

36
wp-content/plugins/remove-dashboard-access-for-non-admins/remove-dashboard-access.php Executable file
View File

@@ -0,0 +1,36 @@
<?php
/**
* Plugin Name: Remove Dashboard Access
* Plugin URI: https://www.trustedlogin.com/remove-dashboard-access/
* Description: Removes Dashboard access for certain users based on capability.
* Version: 1.2.1
* Author: TrustedLogin
* Author URI: https://www.trustedlogin.com
* License: GPLv2
* Requires PHP: 5.3
* Text Domain: remove_dashboard_access
*/
// Bail if called directly.
if ( ! defined( 'ABSPATH' ) ) {
exit;
}
// RDA_Options Class
require_once( dirname( __FILE__ ) . '/inc/class.rda-options.php' );
// RDA_Remove_Access Class
require_once( dirname( __FILE__ ) . '/inc/class.rda-remove-access.php' );
// Load options instance
if ( class_exists( 'RDA_Options' ) ) {
$load = new RDA_Options;
// Set up options array on activation.
register_activation_hook( __FILE__, array( $load, 'activate' ) );
// Run it
if ( class_exists( 'RDA_Remove_Access' ) ) {
$access = new RDA_Remove_Access( $load->capability(), $load->settings );
}
}

17
wp-content/plugins/remove-dashboard-access-for-non-admins/uninstall.php Executable file
View File

@@ -0,0 +1,17 @@
<?php
/**
* Remove Dashboard Access Uninstall
*
* @since 1.0
*/
$settings = array(
'rda_access_switch',
'rda_access_cap',
'rda_redirect_url',
'rda_enable_profile',
'rda_login_message'
);
foreach ( $settings as $setting ) {
delete_option( $setting );
}