Closed calevans closed 5 months ago
barryhughes
commented
6 months ago Given the conditions needed to replicate (a fairly unusual custom role), would it be viable for you to use the woocommerce_prevent_admin_access filter hook to workaround this issue?
github-actions[bot]
commented
6 months ago As a part of this repository's maintenance, this issue is being marked as stale due to inactivity. Please feel free to comment on it in case we missed something.
github-actions[bot]
commented
5 months ago This issue was closed because it has been 14 days with no activity.
Prerequisites
Describe the bug
I have users that are at a lower level than admin that need to be able to upload images. The media uploader calls async-upload.php.
async-upload requires
wp-admin/admin.phpon line 22admin.phpfiresdo_action('admin_init');on line 178One of the methods that woocommerce registered for 'admin_init'
class-wc-admin.php::prevent_admin_accessThis method checks for permission to access and redirects the user if the checks fail. Unfortunately, the users I have are not woocommerce managers. They are very limited users but they do have access to upload images.
There are 2 possible solutions. I took the one that was easier to understand and fixes this symptom but does not address the larger issue that woocommerce is making a decision for all plugins on who can do what.
Solution 1:
There may be other ramifications to this that I do not understand so I did not take it. It does however solve the problem.
Solution 2:
I added
async-upload.phpto the excempted_paths array. This works but there are probably other scenarios where this will block legitimate requests.Expected behavior
Any user with permission to upload files should be able to upload them.
Actual behavior
admin init isclass-wc-admin.php::prevent_admin_accessis preventing access toasync-upload.php` for users who do not have 'edit_posts' permission. (Accoding to the docblock at the top of the function.Steps to reproduce
To verify that it is WooCommerce blocking, deactivate WooCommerce and attempt #7 again.
WordPress Environment
`
WordPress Environment
WordPress address (URL): https://test.unclecalsdiveclub.com Site address (URL): https://test.unclecalsdiveclub.com WC Version: 8.3.1 REST API Version: ✔ 8.3.1 WC Blocks Version: ✔ 11.4.9 Action Scheduler Version: ✔ 3.6.4 Log Directory Writable: ✔ WP Version: 6.4.2 WP Multisite: – WP Memory Limit: 256 MB WP Debug Mode: – WP Cron: ✔ Language: en_US External object cache: –
Server Environment
Server Info: Apache/2.4.58 (Ubuntu) PHP Version: 8.2.13 PHP Post Max Size: 128 MB PHP Time Limit: 300 PHP Max Input Vars: 1000 cURL Version: 7.81.0 OpenSSL/3.0.2
SUHOSIN Installed: – MySQL Version: 10.6.12-MariaDB-0ubuntu0.22.04.1 Max Upload Size: 64 MB Default Timezone is UTC: ✔ fsockopen/cURL: ✔ SoapClient: ❌ Your server does not have the SoapClient class enabled - some gateway plugins which use SOAP may not work as expected. DOMDocument: ✔ GZip: ✔ Multibyte String: ✔ Remote Post: ✔ Remote Get: ✔
Database
WC Database Version: 8.3.1 WC Database Prefix: wp_ Total Database Size: 50.63MB Database Data Size: 44.91MB Database Index Size: 5.72MB wp_woocommerce_sessions: Data: 0.02MB + Index: 0.02MB + Engine InnoDB wp_woocommerce_api_keys: Data: 0.02MB + Index: 0.03MB + Engine InnoDB wp_woocommerce_attribute_taxonomies: Data: 0.02MB + Index: 0.02MB + Engine InnoDB wp_woocommerce_downloadable_product_permissions: Data: 0.02MB + Index: 0.06MB + Engine InnoDB wp_woocommerce_order_items: Data: 0.02MB + Index: 0.02MB + Engine InnoDB wp_woocommerce_order_itemmeta: Data: 0.06MB + Index: 0.03MB + Engine InnoDB wp_woocommerce_tax_rates: Data: 0.02MB + Index: 0.06MB + Engine InnoDB wp_woocommerce_tax_rate_locations: Data: 0.02MB + Index: 0.03MB + Engine InnoDB wp_woocommerce_shipping_zones: Data: 0.02MB + Index: 0.00MB + Engine InnoDB wp_woocommerce_shipping_zone_locations: Data: 0.02MB + Index: 0.03MB + Engine InnoDB wp_woocommerce_shipping_zone_methods: Data: 0.02MB + Index: 0.00MB + Engine InnoDB wp_woocommerce_payment_tokens: Data: 0.02MB + Index: 0.02MB + Engine InnoDB wp_woocommerce_payment_tokenmeta: Data: 0.02MB + Index: 0.03MB + Engine InnoDB wp_woocommerce_log: Data: 0.02MB + Index: 0.02MB + Engine InnoDB wp_actionscheduler_actions: Data: 0.22MB + Index: 0.25MB + Engine InnoDB wp_actionscheduler_claims: Data: 0.02MB + Index: 0.02MB + Engine InnoDB wp_actionscheduler_groups: Data: 0.02MB + Index: 0.02MB + Engine InnoDB wp_actionscheduler_logs: Data: 0.17MB + Index: 0.14MB + Engine InnoDB wp_cartflows_ca_cart_abandonment: Data: 0.02MB + Index: 0.02MB + Engine InnoDB wp_cartflows_ca_email_history: Data: 0.02MB + Index: 0.03MB + Engine InnoDB wp_cartflows_ca_email_templates: Data: 0.02MB + Index: 0.00MB + Engine InnoDB wp_cartflows_ca_email_templates_meta: Data: 0.02MB + Index: 0.02MB + Engine InnoDB wp_commentmeta: Data: 0.02MB + Index: 0.03MB + Engine InnoDB wp_comments: Data: 0.02MB + Index: 0.09MB + Engine InnoDB wp_fc_campaigns: Data: 9.44MB + Index: 0.05MB + Engine InnoDB wp_fc_campaign_emails: Data: 0.02MB + Index: 0.09MB + Engine InnoDB wp_fc_campaign_url_metrics: Data: 0.02MB + Index: 0.06MB + Engine InnoDB wp_fc_funnels: Data: 0.02MB + Index: 0.05MB + Engine InnoDB wp_fc_funnel_metrics: Data: 0.02MB + Index: 0.06MB + Engine InnoDB wp_fc_funnel_sequences: Data: 0.02MB + Index: 0.08MB + Engine InnoDB wp_fc_funnel_subscribers: Data: 0.02MB + Index: 0.09MB + Engine InnoDB wp_fc_lists: Data: 0.02MB + Index: 0.00MB + Engine InnoDB wp_fc_meta: Data: 8.42MB + Index: 0.05MB + Engine InnoDB wp_fc_sequence_tracker: Data: 0.02MB + Index: 0.09MB + Engine InnoDB wp_fc_subscribers: Data: 0.02MB + Index: 0.05MB + Engine InnoDB wp_fc_subscriber_meta: Data: 0.02MB + Index: 0.03MB + Engine InnoDB wp_fc_subscriber_notes: Data: 0.02MB + Index: 0.05MB + Engine InnoDB wp_fc_subscriber_pivot: Data: 0.02MB + Index: 0.05MB + Engine InnoDB wp_fc_tags: Data: 0.02MB + Index: 0.00MB + Engine InnoDB wp_fc_url_stores: Data: 0.02MB + Index: 0.02MB + Engine InnoDB wp_ff_scheduled_actions: Data: 0.02MB + Index: 0.00MB + Engine InnoDB wp_fluentform_entry_details: Data: 0.27MB + Index: 0.00MB + Engine InnoDB wp_fluentform_forms: Data: 0.13MB + Index: 0.00MB + Engine InnoDB wp_fluentform_form_analytics: Data: 0.02MB + Index: 0.00MB + Engine InnoDB wp_fluentform_form_meta: Data: 0.05MB + Index: 0.00MB + Engine InnoDB wp_fluentform_logs: Data: 0.22MB + Index: 0.00MB + Engine InnoDB wp_fluentform_submissions: Data: 0.42MB + Index: 0.00MB + Engine InnoDB wp_fluentform_submission_meta: Data: 0.13MB + Index: 0.00MB + Engine InnoDB wp_fsmpt_email_logs: Data: 0.39MB + Index: 0.00MB + Engine InnoDB wp_gf_addon_feed: Data: 0.02MB + Index: 0.02MB + Engine InnoDB wp_gf_draft_submissions: Data: 0.02MB + Index: 0.02MB + Engine InnoDB wp_gf_entry: Data: 0.02MB + Index: 0.03MB + Engine InnoDB wp_gf_entry_meta: Data: 0.05MB + Index: 0.05MB + Engine InnoDB wp_gf_entry_notes: Data: 0.02MB + Index: 0.03MB + Engine InnoDB wp_gf_form: Data: 0.02MB + Index: 0.00MB + Engine InnoDB wp_gf_form_meta: Data: 0.11MB + Index: 0.00MB + Engine InnoDB wp_gf_form_revisions: Data: 0.02MB + Index: 0.03MB + Engine InnoDB wp_gf_form_view: Data: 0.08MB + Index: 0.03MB + Engine InnoDB wp_gf_rest_api_keys: Data: 0.02MB + Index: 0.03MB + Engine InnoDB wp_links: Data: 0.02MB + Index: 0.02MB + Engine InnoDB wp_mailerlite_forms: Data: 0.02MB + Index: 0.00MB + Engine InnoDB wp_ml_data: Data: 0.02MB + Index: 0.00MB + Engine InnoDB wp_options: Data: 14.48MB + Index: 0.16MB + Engine InnoDB wp_postmeta: Data: 3.52MB + Index: 1.88MB + Engine InnoDB wp_posts: Data: 4.36MB + Index: 0.34MB + Engine InnoDB wp_snp_log: Data: 0.02MB + Index: 0.00MB + Engine InnoDB wp_snp_stats: Data: 0.02MB + Index: 0.05MB + Engine InnoDB wp_strong_views: Data: 0.02MB + Index: 0.00MB + Engine InnoDB wp_swpm_membership_meta_tbl: Data: 0.02MB + Index: 0.02MB + Engine InnoDB wp_swpm_membership_tbl: Data: 0.02MB + Index: 0.00MB + Engine InnoDB wp_swpm_members_tbl: Data: 0.02MB + Index: 0.00MB + Engine InnoDB wp_swpm_payments_tbl: Data: 0.02MB + Index: 0.00MB + Engine InnoDB wp_termmeta: Data: 0.02MB + Index: 0.03MB + Engine InnoDB wp_terms: Data: 0.02MB + Index: 0.03MB + Engine InnoDB wp_term_relationships: Data: 0.05MB + Index: 0.02MB + Engine InnoDB wp_term_taxonomy: Data: 0.02MB + Index: 0.03MB + Engine InnoDB wp_tm_taskmeta: Data: 0.02MB + Index: 0.03MB + Engine InnoDB wp_tm_tasks: Data: 0.02MB + Index: 0.02MB + Engine InnoDB wp_usermeta: Data: 0.17MB + Index: 0.03MB + Engine InnoDB wp_users: Data: 0.02MB + Index: 0.05MB + Engine InnoDB wp_wc_admin_notes: Data: 0.11MB + Index: 0.00MB + Engine InnoDB wp_wc_admin_note_actions: Data: 0.09MB + Index: 0.02MB + Engine InnoDB wp_wc_category_lookup: Data: 0.02MB + Index: 0.00MB + Engine InnoDB wp_wc_customer_lookup: Data: 0.02MB + Index: 0.03MB + Engine InnoDB wp_wc_download_log: Data: 0.02MB + Index: 0.03MB + Engine InnoDB wp_wc_orders: Data: 0.02MB + Index: 0.11MB + Engine InnoDB wp_wc_orders_meta: Data: 0.02MB + Index: 0.03MB + Engine InnoDB wp_wc_order_addresses: Data: 0.02MB + Index: 0.06MB + Engine InnoDB wp_wc_order_coupon_lookup: Data: 0.02MB + Index: 0.03MB + Engine InnoDB wp_wc_order_operational_data: Data: 0.02MB + Index: 0.03MB + Engine InnoDB wp_wc_order_product_lookup: Data: 0.02MB + Index: 0.06MB + Engine InnoDB wp_wc_order_stats: Data: 0.02MB + Index: 0.05MB + Engine InnoDB wp_wc_order_tax_lookup: Data: 0.02MB + Index: 0.03MB + Engine InnoDB wp_wc_product_attributes_lookup: Data: 0.02MB + Index: 0.02MB + Engine InnoDB wp_wc_product_download_directories: Data: 0.02MB + Index: 0.02MB + Engine InnoDB wp_wc_product_meta_lookup: Data: 0.02MB + Index: 0.09MB + Engine InnoDB wp_wc_rate_limits: Data: 0.02MB + Index: 0.02MB + Engine InnoDB wp_wc_reserved_stock: Data: 0.02MB + Index: 0.00MB + Engine InnoDB wp_wc_tax_rate_classes: Data: 0.02MB + Index: 0.02MB + Engine InnoDB wp_wc_webhooks: Data: 0.02MB + Index: 0.02MB + Engine InnoDB wp_wpforms_tasks_meta: Data: 0.02MB + Index: 0.00MB + Engine InnoDB wp_yoast_indexable: Data: 0.22MB + Index: 0.13MB + Engine InnoDB wp_yoast_indexable_hierarchy: Data: 0.02MB + Index: 0.05MB + Engine InnoDB wp_yoast_migrations: Data: 0.02MB + Index: 0.02MB + Engine InnoDB wp_yoast_primary_term: Data: 0.02MB + Index: 0.03MB + Engine InnoDB wp_yoast_seo_links: Data: 0.11MB + Index: 0.06MB + Engine InnoDB
Post Type Counts
acf-field: 19 acf-field-group: 4 attachment: 844 bsf_custom_fonts: 16 cp_popups: 1 custom_css: 5 customize_changeset: 2 fc_template: 2 frm_form_actions: 2 frm_styles: 1 mailpoet_page: 1 nav_menu_item: 18 oembed_cache: 3 page: 36 post: 131 product: 37 product_variation: 51 revision: 79 shop_coupon: 12 shop_order: 16 snp_popups: 1 testimonial: 1 wcpa_pt_forms: 1 wp_block: 9 wp_global_styles: 1 wp_navigation: 1 wpforms: 2 wpm-testimonial: 5
Security
Secure connection (HTTPS): ✔ Hide errors from visitors: ✔
Active Plugins (29)
FluentSMTP: by FluentSMTP & WPManageNinja Team – 2.2.6 Advanced Custom Fields: by WP Engine – 6.2.4 Convert Pro - Addon: by Brainstorm Force – 1.5.5 Convert Pro: by Brainstorm Force – 1.7.6 Custom Fonts: by Brainstorm Force – 2.1.1 Custom Adobe Fonts (Typekit): by Brainstorm Force – 1.0.18 Facebook for WooCommerce: by Facebook – 3.1.5 FluentCRM - Marketing Automation For WordPress: by WP Email Newsletter Team - FluentCRM – 2.8.34 FluentCRM Pro: by Fluent CRM – 2.8.33 Font Awesome: by Font Awesome – 4.4.0 Ghost Kit: by Ghost Kit Team – 3.1.2 PrintifyCustomizer: by Cal Evans – 1.0.0 Printify Shipping Method: by Printify – 2.7 Speed Optimizer: by SiteGround – 7.4.4 Strong Testimonials: by WPChill – 3.1.9 UCDC Dive Ad Info Tab: by Cal Evans – 1.0.0 UCDC Catch All: by Cal Evans – 1.0.0 UCDC Dive Center Tab: by Cal Evans – 1.0.0 UCDC->FluentCRM Integrations: by Cal Evans – 1.3.0 UCDC Woocommerce Integrations: by Cal Evans – 1.1.0 Ultimate Category Excluder: by Marios Alexandrou – 1.7 User Role Editor: by Vladimir Garagulya – 4.64.1 WooCommerce Cart Abandonment Recovery: by CartFlows Inc – 1.2.26 WooCommerce Stripe Gateway: by WooCommerce – 7.7.0 Pixel Manager for WooCommerce: by SweetCode – 1.34.0 WooCommerce Shipping & Tax: by WooCommerce – 2.4.2 WooCommerce: by Automattic – 8.3.1 WP Better Emails: by Nicolas Lemoine – 0.4 WP fail2ban: by Charles Lecklider – 5.2.1
Inactive Plugins (11)
Fluent Forms: by Contact Form - WPManageNinja LLC – 5.1.5 HelloWoofy.com: by HelloWoofy.com – 1.1.5 Jetpack: by Automattic – 12.9 Redis Object Cache: by Till Krüss – 2.4.4 Site Kit by Google: by Google – 1.115.0 Spectra: by Brainstorm Force – 2.10.3 Tide Tables Client: by Cal Evans – 1.5.0 UpdraftPlus - Backup/Restore: by UpdraftPlus.Com DavidAnderson – 1.23.13
WP 2FA - Two-factor authentication for WordPress: by Melapress – 2.5.0 WP Mail Logging: by WP Mail Logging Team – 1.12.0 Yoast SEO: by Team Yoast – 21.6
Settings
API Enabled: – Force SSL: – Currency: USD ($) Currency Position: left Thousand Separator: , Decimal Separator: . Number of Decimals: 2 Taxonomies: Product Types: external (external) grouped (grouped) simple (simple) subscription (subscription) variable (variable) variable subscription (variable-subscription)
Taxonomies: Product Visibility: exclude-from-catalog (exclude-from-catalog) exclude-from-search (exclude-from-search) featured (featured) outofstock (outofstock) rated-1 (rated-1) rated-2 (rated-2) rated-3 (rated-3) rated-4 (rated-4) rated-5 (rated-5)
Connected to WooCommerce.com: ✔ Enforce Approved Product Download Directories: – HPOS feature screen enabled: – HPOS feature enabled: – Order datastore: WC_Order_Data_Store_CPT HPOS data sync enabled: –
WC Pages
Shop base: #390 - /shop/ Cart: #391 - /cart/ Checkout: #392 - /checkout/ My account: #393 - /my-account/ Terms and conditions: #3 - /privacy-policy/
Theme
Name: bootScore Child Version: 5.3.0 Author URL: https://bootscore.me Child Theme: ✔ Parent Theme Name: bootScore Parent Theme Version: 5.3.3 Parent Theme Author URL: https://bootscore.me WooCommerce Support: ✔
Templates
Archive Template: Your theme has a woocommerce.php file you will not be able to override the woocommerce/archive-product.php custom template since woocommerce.php has priority over archive-product.php. This is intended to prevent display issues.
Overrides: bootscore-main/woocommerce/cart/mini-cart.php bootscore-main/woocommerce/checkout/form-checkout.php bootscore-main/woocommerce/checkout/form-coupon.php bootscore-main/woocommerce/content-product-cat.php bootscore-main/woocommerce/content-product.php bootscore-main/woocommerce/loop/loop-end.php bootscore-main/woocommerce/loop/loop-start.php bootscore-main/woocommerce/loop/orderby.php bootscore-main/woocommerce/loop/pagination.php bootscore-main/woocommerce/loop/result-count.php bootscore-main/woocommerce/myaccount/my-account.php bootscore-main/woocommerce/myaccount/navigation.php bootscore-main/woocommerce/product-searchform.php bootscore-main/woocommerce/single-product/review.php bootscore-main/woocommerce/single-product/tabs/tabs.php bootscore-main/woocommerce/single-product-reviews.php
Admin
Enabled Features: activity-panels analytics product-block-editor coupons core-profiler customer-effort-score-tracks import-products-task experimental-fashion-sample-products shipping-smart-defaults shipping-setting-tour homescreen marketing mobile-app-banner navigation onboarding onboarding-tasks product-variation-management remote-inbox-notifications remote-free-extensions payment-gateway-suggestions shipping-label-banner subscriptions store-alerts transient-notices woo-mobile-welcome wc-pay-promotion wc-pay-welcome-page
Disabled Features: customize-store minified-js new-product-management-experience product-virtual-downloadable product-external-affiliate settings async-product-editor-category-field
Daily Cron: ✔ Next scheduled: 2023-12-10 23:53:47 -05:00 Options: ✔ Notes: 149 Onboarding: completed
Action Scheduler
Complete: 612 Oldest: 2023-11-09 16:16:20 -0500 Newest: 2023-12-10 08:28:38 -0500
Failed: 25 Oldest: 2022-09-20 20:17:18 -0400 Newest: 2023-12-09 17:02:16 -0500
Pending: 2 Oldest: 2023-12-10 22:34:12 -0500 Newest: 2023-12-14 14:21:40 -0500
Status report information
Generated at: 2023-12-10 09:01:56 -05:00 `
Isolating the problem