‘preview’ mode should respect allowed roles as well

  • Resolved esemlabel

    (@esemlabel)


    7 years ago

    ‘preview’ mode from __construct() function should perform capabilities check the same way as when mm is enabled. Because check if ($is_enabled || isset($_GET['ljmm']) && $_GET['ljmm'] == 'preview') allows any one on site to add ?ljmm=preview in URL to see the mm page.

    This should be like this
    if ($is_enabled || isset($_GET['ljmm']) && $_GET['ljmm'] == 'preview' && current_user_can(...) )

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author Lukas Juhas

    (@lukasneptun)

    7 years ago

    Hey @esemlabel,

    Thanks for that! I actually thought of this in the past and I completely forgot about it.

    I will add it to 2.3 release which will be out soon!

    Currently I’m having difficulty to put out new release because of the recent changes here but hopefully they’ll resolve it very soon so I can put it out!

    Thanks.

    Lukas

    Plugin Author Lukas Juhas

    (@lukasneptun)

    7 years ago

    Hello @esemlabel, this has been implemented in 2.3 and it’s now released! Thanks!

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘‘preview’ mode should respect allowed roles as well’ is closed to new replies.