Support » Plugin: Content Mirror » [Plugin: Content Mirror] Mirroring private posts, a security issue

  • Resolved Marten_R_K


    Hej! (hi)
    This is a wonderful plugin that opens up great CMS functionalities.

    However for my current project I have certain content that is private and not ment to be seen by people outside of a certain group.

    It is a project with multiple authors and contributors etc., and today this plugin can be used to mirror content of posts thate are marked private.

    The post contributor / editor / author only have to specifiy the correct post ID of a otherwise private post. This is something that can be done by misstakenly specifying a certain post ID, or with mallicious intent using a trial and error approach.

    Would it be possible to disable the mirroring functionality only for posts that are marked private?

    Best regards

Viewing 1 replies (of 1 total)
  • Plugin Author dreamsofmatter


    Hej and hi Marten!

    Sorry for a delayed answer.

    You can add a filter to hide private posts, just put the code below in functions.php. Note: Works from plugin version 1.1.


    add_filter("content_mirror_output", 'hide_content_mirror_private_post', 10, 5);
    function hide_content_mirror_private_post ( $post_content, $site_id, $post_type, $post_id, $post_item ) {
    	if ( isset ( $post_item ) && isset ( $post_item->post_status ) && $post_item->post_status == 'private' ) {
    		$post_content = ''; // return nothing because this is a private post
    	return $post_content;
Viewing 1 replies (of 1 total)
  • The topic ‘[Plugin: Content Mirror] Mirroring private posts, a security issue’ is closed to new replies.