WordPress.org

Support

Support » Plugins and Hacks » [Resolved] [Plugin: Content Mirror] Mirroring private posts, a security issue

[Resolved] [Plugin: Content Mirror] Mirroring private posts, a security issue

  • Marten_R_K
    Member

    @marten_r_k

    Hej! (hi)
    This is a wonderful plugin that opens up great CMS functionalities.

    However for my current project I have certain content that is private and not ment to be seen by people outside of a certain group.

    It is a project with multiple authors and contributors etc., and today this plugin can be used to mirror content of posts thate are marked private.

    The post contributor / editor / author only have to specifiy the correct post ID of a otherwise private post. This is something that can be done by misstakenly specifying a certain post ID, or with mallicious intent using a trial and error approach.

    Would it be possible to disable the mirroring functionality only for posts that are marked private?

    Best regards
    MÃ¥rten

    http://wordpress.org/extend/plugins/content-mirror/

Viewing 1 replies (of 1 total)
  • Plugin Author dreamsofmatter
    Member

    @stratoponjak

    Hej and hi Marten!

    Sorry for a delayed answer.

    You can add a filter to hide private posts, just put the code below in functions.php. Note: Works from plugin version 1.1.

    Best,
    Klas

    add_filter("content_mirror_output", 'hide_content_mirror_private_post', 10, 5);
    
    function hide_content_mirror_private_post ( $post_content, $site_id, $post_type, $post_id, $post_item ) {
    	if ( isset ( $post_item ) && isset ( $post_item->post_status ) && $post_item->post_status == 'private' ) {
    		$post_content = ''; // return nothing because this is a private post
    	}
    	return $post_content;
    }
Viewing 1 replies (of 1 total)
  • The topic ‘[Resolved] [Plugin: Content Mirror] Mirroring private posts, a security issue’ is closed to new replies.