Support » Plugin: Member Access » [Plugin: Member Access] Fix for multisite user access to 2nd restricted blog issue

  • I ran into an issue where on a multi-site installation, a user from one blog was able to get access to another blog protected by this same plugin that they shouldn’t have read access to. Looking at the code, it only checking for is_user_logged_in(), which is true for both sites (user is logged into the network, but doesn’t have permission to view 2nd “member’s only” site). I added the code below which adds a check to see if the user has permission to actually read the blog in question, and this seems to correctly handle this use-case. I hope this is helpful to anyone who needs this same level of access control on a multi-site installation.

    Index: lib/MemberAccess.php
    ===================================================================
    --- lib/MemberAccess.php	(revision 21148)
    +++ lib/MemberAccess.php	(working copy)
    @@ -214,7 +214,7 @@
         {
             // If the user is logged in, or there are no posts to filter, return
             // the posts array as no further action is necessary.
    -        if (is_user_logged_in() || empty($posts)) {
    +        if ((is_user_logged_in() && current_user_can( "read" )) || empty($posts)) {
                 return $posts;
             }
    
    @@ -285,7 +285,7 @@
         	global $post;
    
         	// If the user is logged in, return the content unfiltered.
    -        if (is_user_logged_in()) {
    +        if (is_user_logged_in() && current_user_can( "read" )) {
                 return $content;
             }

    http://wordpress.org/extend/plugins/member-access/

  • The topic ‘[Plugin: Member Access] Fix for multisite user access to 2nd restricted blog issue’ is closed to new replies.