Paul Ryan
Forum Replies Created
-
Forum: Plugins
In reply to: [Authorizer] Request for updating GuzzleHttp dependency to the latest versionApologies, we are juggling a lot right now. We might need to dig into this one a little further, I just checked our dependency versions with
composer show
and it is reporting we are on the latest version of guzzleHttp (7.8.1):guzzlehttp/guzzle 7.8.1 Guzzle is a ...
guzzlehttp/promises 2.0.2 Guzzle promises library
guzzlehttp/psr7 2.6.2 PSR-7 message implementation ...Also reflected in
composer.lock
: https://github.com/uhm-coe/authorizer/blob/master/composer.lock#L316-L322Can you provide more specifics on how you are patching Authorizer to a different guzzle version?
Forum: Plugins
In reply to: [Insert Pages] Insert Pages and WPMLAloha, we have released version 3.8.1 with a fix for WPML, please let us know if this solves your problem!
https://github.com/uhm-coe/insert-pages/commit/4e024177420db98cbdca90362f0afa0b545c7fae
Forum: Plugins
In reply to: [Insert Pages] Insert Pages and WPMLAloha, sorry for the delay. We have reached out to the WPML developers for the best way to improve compatibility. For now I believe you can manually look up the page IDs of the translated pages and edit the Insert Pages shortcode on the translated pages to use those instead. But automatic translation will have to wait until we have some guidance on how to look up the associations between the translated pages.
Thanks for your patience!
Forum: Plugins
In reply to: [Insert Pages] Limit length of inserted pageCan you check Admin Dashboard > Settings > Insert Pages and see what “Insert method” is set to? This functionality should work if set to “normal” method. “Legacy” method has issues.
Forum: Plugins
In reply to: [Insert Pages] Profile Builder 3.10.5 BREAKS Insert Pages 3.7.7Sorry for the delay on this. We just tested with Profile Builder 3.11.4 and weren’t able to reproduce the issue; can you check on this version and see if the problem is still happening?
If so, what specific features of Profile Builder are enabled so we can try to reproduce the issue. Thanks!
Forum: Plugins
In reply to: [Insert Pages] Custom excerptI would just hook into
insert_pages_wrap_content
and output your custom excerpt if it exists. To do this without adding another shortcode attribute, you can re-use the existingquerystring
attribute and add yourcustom_excerpt=Your excerpt text
content in there; it will populate the$_REQUEST['custom_excerpt']
PHP global with your content that you can then use.For example for this shortcode:
[insert page='123' display='custom.php' querystring='custom_excerpt=Your excerpt text']
You can use this hook to do the same thing:
add_filter( 'insert_pages_wrap_content', function ( $content, $inserted_page, $attributes ) { if ( ! empty( $_REQUEST['custom_excerpt'] ) ) { $content = sprintf( '<%1$s data-post-id="%2$s" class="insert-page insert-page-%2$s %3$s"%4$s><div class="customexcerpt">%5$s</div>%6$s</%1$s>', esc_attr( $attributes['wrapper_tag'] ), esc_attr( $attributes['page'] ), esc_attr( $attributes['class'] ), empty( $attributes['id'] ) ? '' : ' id="' . esc_attr( $attributes['id'] ) . '"', wp_kses_post( $_REQUEST['custom_excerpt'] ), $content ); } return $content; }, PHP_INT_MAX, 3 );
Forum: Plugins
In reply to: [Insert Pages] Error to insert page block into gutenbergWe aren’t able to reproduce this on the latest version of WordPress. Can you test with a WordPress
twenty*
theme and see if the problem persists? It could be a conflict with another theme or plugin.Forum: Plugins
In reply to: [Authorizer] Request for updating GuzzleHttp dependency to the latest versionDefinitely! We try to update all composer dependencies with each release, so guzzle must be getting pinned to the previous major version and we didn’t notice.
Offhand, do you know which guzzle version is being used in your other libraries? We can target upgrading to that one.
Forum: Plugins
In reply to: [Authorizer] User roles being “rolled” backThis feels like a conflict with your other plugin that’s providing multiple roles. As mentioned above, the core function
set_role()
doesn’t handle multiple roles. So when the user successfully logs in, Authorizer checks to make sure their role matches what is in the Approved list, and if it doesn’t match, it usesset_role()
to update their rolehttps://github.com/uhm-coe/authorizer/blob/master/src/authorizer/class-authorization.php#L391-L394
It’s probably only affecting users whose role in the Approved list is not in any of their assigned roles (so in your example, assigned is
researcher_admin
+editor
but the entry in the Approved list isresearcher
). So I think a quick fix is making sure their Approved list role is eitherresearcher_admin
oreditor
, then Authorizer won’t try to update their role.Forum: Plugins
In reply to: [Authorizer] User roles being “rolled” backI hear ya with the chainsaws 😆
Ok so we should definitely investigate why the database has the user role at
subscriber
but the UI showseditor
. Two things I can think of at the moment:- The user has a “multisite approved user” entry (from Network Settings) and an approved user entry on the specific subsite, and they disagree (although Authorizer is supposed to detect duplicates here)
- The user has two separate accounts, perhaps one linked by username and another linked by email
Can you look in the database again and see if you can find any entry for this user with
editor
role? Besides theauth_settings_access_users_approved
in the options table you’ve already inspected, the multisite approved users are stored inwp_options
with nameauth_multisite_settings_access_users_approved
.Forum: Plugins
In reply to: [Authorizer] Remove/Block Forgot Password PageFor now you should be able to just hook into
lostpassword_errors
and return aWP_Error
object which will abort the password reset process (it won’t send any emails):https://developer.wordpress.org/reference/hooks/lostpassword_errors/
Forum: Plugins
In reply to: [Authorizer] Remove/Block Forgot Password Pageexternal=wordpress
should only be available if “Hide WordPress logins” is enabled; “Disable WordPress logins” should prevent that login method from working. So at least the attackers shouldn’t be able to log into an account if they manage to intercept the “reset password” email.But it does make sense to disable the forgot password endpoint if WordPress logins are disabled. We’ll look at the
wp-login.php
source and see if there’s a good way to do that!Forum: Plugins
In reply to: [Authorizer] User roles being “rolled” backDo you know which plugin creates the
wp_x_fa_user_logins_table
? It’s not Authorizer. If you want to see what role Authorizer thinks the user should be, check theauth_settings_access_users_approved
option inwp_options
(orwp_x_options
for a specific subsite). It’s a serialized array so a little hard to inspect, but I’m wondering if it’s grown so large that it’s not properly being updated when you make a role change from the Approved User list in the admin dashboard.Forum: Plugins
In reply to: [Authorizer] User roles being “rolled” backThanks! We’ve had one similar report from our institution but we were never able to get a concrete answer. We ultimately blamed it on a very large multisite with a low mysql
max_allowed_packet
corrupting the list of approved Authorizer users and their roles when it was updated. So that’s one thing to check.The extra details about the failed logins give us another data point to look into. I’ll let you know if we have any follow up questions, thanks again for offering to help debug.
One other side comment with regards to the Members plugin: the role setting functionality in Authorizer expects a single role to be assigned, so it may occasionally conflict with multiple assigned roles assigned from another plugin. We’re still waiting for the core WordPress
set_role()
function to support multiple roles to get around this. https://developer.wordpress.org/reference/classes/wp_user/set_role/Forum: Plugins
In reply to: [Authorizer] Authorizer seems to be slowing us downThat should be up to date; it only changes if there’s a new database migration to run. The last migration we added was Feb 22 last year: https://github.com/uhm-coe/authorizer/commit/43fe01dfde333cfd52e456cd89db37cf7fe5137d#diff-9f9789bfbac0b352be06472af8c1b07093c5777ef1a5d8b57b3157125f22dc2eR514