Why have you changed conditional logic?

  • Resolved michaelxxx

    (@michaelxxx)


    4 months ago

    Hi,

    Like many other users, since the last update, I am no longer able to display widgets in which I have incorporated conditional logic suggested by you. I have 100 different logic on my site.

    Why did you release an update that causes this logic to no longer function, without even informing users?

    The information “Restricted the Display Logic feature to administrators only, as code execution was flagged as a potential security risk” is not helpful to me if users can no longer see the widgets.

    Above all, I find it unfortunate that you don’t provide any guidance on how to do things differently now, or how they must be done.

    So my only option is to roll back to the previous version. Is this the solution?

Viewing 10 replies - 1 through 10 (of 10 total)
  • Plugin Author Mej de Castro

    (@mej)

    4 months ago

    Hi @michaelxxx,

    Thanks for reaching out. We understand the frustration this has caused. We had to restrict the Display Logic feature to administrators only due to a security report flagged by WordFence. This might also be affecting how the conditional logics work at the moment.

    Our team is currently coordinating with WordFence and exploring safe alternatives so users can continue using conditional logic.

    In the meantime, rolling back to a previous version is the best workaround until we finalize a secure solution.

    Kind Regards,
    Mej, Widget Options Team

    Plugin Author Mej de Castro

    (@mej)

    4 months ago

    Hey @michaelxxx,

    I hope you are doing well. Could you please let us know the specific conditional logic you were using for your widgets? This will help us look into possible workarounds for your setup.

    In the meantime, you may also try adding the filter below to your functions.php file and let us know if it works:

    function add_extra_hooks( $allowed_functions ) {
    // Add your custom functions here
    $allowed_functions[] = 'function_to_add';
    return $allowed_functions;
    }
    add_filter( 'widgetopts_allowed_php_functions', 'add_extra_hooks' );

    Please make sure to replace function_to_add with the actual functions you are using in your conditional logic.

    Looking forward to your update!

    Thread Starter michaelxxx

    (@michaelxxx)

    4 months ago

    Here is an example:

    ( ( is_single() && ( in_category( 'the-bahamas' ) ) ) || ( is_category('the-bahamas' ) ) || ( is_tag('city-of-nassau-bahamas' ) ) || ( is_category('island-long-island' ) ) || ( is_category('island-new-providence' ) ) || ( is_tag('swimming-pigs-bahamas' ) ) || ( is_category('island-exumas' ) ) )

    Plugin Author Mej de Castro

    (@mej)

    3 months, 4 weeks ago

    Hi @michaelxxx,

    Could you please try adding this filters on your functions.php file or any suitable place?

    function add_extra_hooks( $allowed_functions ) {
    $allowed_functions[] = 'in_category';
    return $allowed_functions;
    }
    add_filter( 'widgetopts_allowed_php_functions', 'add_extra_hooks' );

    Thanks and let us know how it goes!

    Plugin Author Mej de Castro

    (@mej)

    3 months, 3 weeks ago

    Hey @michaelxxx ,

    Quick follow up here! Just checking if you have seen our previous message regarding the filters.

    Thanks!

    siteimpulse

    (@siteimpulse)

    2 months, 2 weeks ago

    Hi @mej

    Our team is currently coordinating with WordFence and exploring safe alternatives so users can continue using conditional logic.

    Any update regarding this?

    We too are holding off on updating.

    Plugin Author Mej de Castro

    (@mej)

    2 months, 2 weeks ago

    Hi @siteimpulse,

    Thanks for reaching out to us. Regarding your query, the workaround to make your conditional logic work is by adding filters to your functions.php file, as the allowed functions in the Widget Options plugin are now limited.

    You may check the list of allowed WordPress and PHP functions here:

    If any of your functions are missing from these lists, please make sure to add them following the example code provided in the documentation.

    Kind Regards,
    Mej, Widget Options Team

    aparentdesign

    (@aparentdesign)

    2 months, 2 weeks ago

    We have created custom roles and your plugin is basically broken for us. The only users on our site who are admins are the system administrators, not the web users.

    Any way this can be integrated to work with the plugin User Role Editor so we can allow other roles than admin to access?

    Plugin Author Mej de Castro

    (@mej)

    2 months, 1 week ago

    Hi @aparentdesign,

    Any way this can be integrated to work with the plugin User Role Editor so we can allow other roles than admin to access?

    Some access has been restricted to Administrators only because certain features — particularly in the Conditional Logic section — can introduce potential vulnerabilities for website owners. As a temporary solution, these functionalities are now limited to Administrators, even if other roles are modified using the User Role Editor plugin.

    Could you please let us know which specific functionalities are not accessible when a non-Administrator role is edited using the User Role Editor plugin? This will help us review and determine if adjustments can be made.

    Thanks!

    aparentdesign

    (@aparentdesign)

    2 months, 1 week ago

    Conditional logic is the main reason we use your plugin, so that is the feature that our custom roles needs to access. Again the only “admins” on this site are network administrators who do not post content. We use User Role Editor to create roles that have enough access to add/edit widgets, etc without granting full admin rights.

Viewing 10 replies - 1 through 10 (of 10 total)

You must be logged in to reply to this topic.