WordPress.org

Ready to get started?Download WordPress

Forums

Member Access
Fix for multisite user access to 2nd restricted blog issue (1 post)

  1. Gabriel Serafini
    Member
    Posted 1 year ago #

    I ran into an issue where on a multi-site installation, a user from one blog was able to get access to another blog protected by this same plugin that they shouldn't have read access to. Looking at the code, it only checking for is_user_logged_in(), which is true for both sites (user is logged into the network, but doesn't have permission to view 2nd "member's only" site). I added the code below which adds a check to see if the user has permission to actually read the blog in question, and this seems to correctly handle this use-case. I hope this is helpful to anyone who needs this same level of access control on a multi-site installation.

    Index: lib/MemberAccess.php
    ===================================================================
    --- lib/MemberAccess.php	(revision 21148)
    +++ lib/MemberAccess.php	(working copy)
    @@ -214,7 +214,7 @@
         {
             // If the user is logged in, or there are no posts to filter, return
             // the posts array as no further action is necessary.
    -        if (is_user_logged_in() || empty($posts)) {
    +        if ((is_user_logged_in() && current_user_can( "read" )) || empty($posts)) {
                 return $posts;
             }
    
    @@ -285,7 +285,7 @@
         	global $post;
    
         	// If the user is logged in, return the content unfiltered.
    -        if (is_user_logged_in()) {
    +        if (is_user_logged_in() && current_user_can( "read" )) {
                 return $content;
             }

    http://wordpress.org/extend/plugins/member-access/

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

  • RSS feed for this topic
  • Started 1 year ago by Gabriel Serafini
  • This topic is not resolved
  • WordPress version: 3.4.2