[Plugin: WP Sentry] post titles visible to non-group members
Hi, WP Sentry is an excellent plugin, very useful for a community site. Everything worked perfectly and was easy to use, except that we found that a logged in member of one group we made was able to see the titles of posts limited to other groups to which they didn’t belong, even when Preview was set to none.
We narrowed it down to the fact that the filter to allow viewing of single posts is setting the user to have general read_private* privileges before the filter for posts_where fires and the posts are listed. So the database query to list the posts is always including “OR wp_memb_posts.post_status = ‘private'” and the user can see the post titles whether they should be able to or not.
We fixed it by adding a condition to the has_capability function to return the capabilities unchanged everywhere apart from on a single post or page
if ( is_single() || is_page() )
Seems to work fine and not have broken anything else!
Really looking forward to seeing how this develops.
Alan and Fiona
- The topic ‘[Plugin: WP Sentry] post titles visible to non-group members’ is closed to new replies.