WordPress.org

Ready to get started?Download WordPress

Forums

Events Manager
Bug? can_manage() always returns true (5 posts)

  1. jazbek
    Member
    Posted 2 years ago #

    Hi,

    I believe I may have found a bug in the event can_manage() of EM_Object.

    The if() clause on lines 390 - 395 of classes/em-object.php causes can_manage to always return true if you are using multisite, global tables, and are on the root/main blog:

    if( !empty($this->id) && is_multisite() && get_site_option('dbem_ms_global_table') ){
    			if( get_class($this) == "EM_Event" ){
    				//Other user-owned events can be modified by admins if it's on the same blog, otherwise it must be an admin on the main site.
    				$can_manage = $this->blog_id == get_current_blog_id() || is_main_site() || (defined('BP_ROOT_BLOG') && get_current_blog_id() == BP_ROOT_BLOG);
    			}
    		}

    Note that there is absolutely no check for whether the user is an admin in this clause.

    We are using multisite and global tables, and can_manage is returning true on every event on the main site for people who have the edit_events capability.

    I've been working on an extensively customized version of Events Manager. Thank you for developing the plugin and adding all the hooks and ability to override templates, it has been able to meet all our needs. :)

    http://wordpress.org/extend/plugins/events-manager/

  2. agelonwl
    Member
    Posted 2 years ago #

    did you do any customization on that part or any of the classes that could affect the normal operation? is it possible to specify those?

  3. Marcus
    NetWebLogic Support
    Plugin Author

    Posted 2 years ago #

    well spotted thanks. will correct asap.

  4. jazbek
    Member
    Posted 2 years ago #

    agelonwl: no, I have not touched the code of the core plugin at all.

    Marcus: thanks. looking forward to the next release so I can use this function in my theme. :)

  5. Marcus
    NetWebLogic Support
    Plugin Author

    Posted 2 years ago #

    just removed that snippet from the dev version, this bit isn't really needed anymore.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic