Version Description
- Fixed the bug with SSL when WordPress is not configured properly
- Added AAM User Activity extension
- Added ability to track access denied events
- Fixed the bug with internal AAM configurations
- Fixed the bug with login hook when only one argument is passed
- Fixed the bug with invalid argument is passed to password protected check
Download this release
Release Info
Developer | vasyl_m |
Plugin | Advanced Access Manager |
Version | 4.3 |
Comparing to | |
See all releases |
Code changes from version 4.2 to 4.3
- Application/Backend/Feature/Extension.php +5 -0
- Application/Backend/Filter.php +10 -4
- Application/Backend/Manager.php +1 -1
- Application/Core/API.php +4 -3
- Application/Core/Config.php +6 -3
- Application/Core/Media.php +6 -1
- Application/Extension/List.php +12 -1
- Application/Frontend/Manager.php +20 -14
- aam.php +5 -2
- autoloader.php +1 -1
- media/js/aam-ui.js +1 -1
- readme.txt +24 -12
Application/Backend/Feature/Extension.php
CHANGED
@@ -105,6 +105,11 @@ class AAM_Backend_Feature_Extension extends AAM_Backend_Feature_Abstract {
|
|
105 |
return json_encode(array('status' => 'success'));
|
106 |
}
|
107 |
|
|
|
|
|
|
|
|
|
|
|
108 |
public function getList($type) {
|
109 |
$response = array();
|
110 |
|
105 |
return json_encode(array('status' => 'success'));
|
106 |
}
|
107 |
|
108 |
+
/**
|
109 |
+
*
|
110 |
+
* @param type $type
|
111 |
+
* @return type
|
112 |
+
*/
|
113 |
public function getList($type) {
|
114 |
$response = array();
|
115 |
|
Application/Backend/Filter.php
CHANGED
@@ -113,7 +113,6 @@ class AAM_Backend_Filter {
|
|
113 |
//compile menu
|
114 |
if (empty($plugin_page)){
|
115 |
$menu = basename(AAM_Core_Request::server('SCRIPT_NAME'));
|
116 |
-
|
117 |
$taxonomy = AAM_Core_Request::get('taxonomy');
|
118 |
$postType = AAM_Core_Request::get('post_type');
|
119 |
$page = AAM_Core_Request::get('page');
|
@@ -132,7 +131,10 @@ class AAM_Backend_Filter {
|
|
132 |
$object = AAM::getUser()->getObject('menu');
|
133 |
|
134 |
if ($object->has($menu)) {
|
135 |
-
AAM_Core_API::reject(
|
|
|
|
|
|
|
136 |
}
|
137 |
}
|
138 |
|
@@ -247,8 +249,12 @@ class AAM_Backend_Filter {
|
|
247 |
|
248 |
if ($edit || ($others && !$this->isAuthor($post))) {
|
249 |
AAM_Core_API::reject(
|
250 |
-
|
251 |
-
|
|
|
|
|
|
|
|
|
252 |
);
|
253 |
}
|
254 |
}
|
113 |
//compile menu
|
114 |
if (empty($plugin_page)){
|
115 |
$menu = basename(AAM_Core_Request::server('SCRIPT_NAME'));
|
|
|
116 |
$taxonomy = AAM_Core_Request::get('taxonomy');
|
117 |
$postType = AAM_Core_Request::get('post_type');
|
118 |
$page = AAM_Core_Request::get('page');
|
131 |
$object = AAM::getUser()->getObject('menu');
|
132 |
|
133 |
if ($object->has($menu)) {
|
134 |
+
AAM_Core_API::reject(
|
135 |
+
'backend',
|
136 |
+
array('hook' => 'access_backend_menu', 'id' => $menu)
|
137 |
+
);
|
138 |
}
|
139 |
}
|
140 |
|
249 |
|
250 |
if ($edit || ($others && !$this->isAuthor($post))) {
|
251 |
AAM_Core_API::reject(
|
252 |
+
'backend',
|
253 |
+
array(
|
254 |
+
'hook' => 'post_edit',
|
255 |
+
'action' => 'backend.edit',
|
256 |
+
'post' => $post
|
257 |
+
)
|
258 |
);
|
259 |
}
|
260 |
}
|
Application/Backend/Manager.php
CHANGED
@@ -103,7 +103,7 @@ class AAM_Backend_Manager {
|
|
103 |
|
104 |
if (isset($all['access_dashboard']) && get_current_user_id()) {
|
105 |
if (empty(AAM::getUser()->allcaps['access_dashboard'])) {
|
106 |
-
AAM_Core_API::reject('backend');
|
107 |
}
|
108 |
}
|
109 |
}
|
103 |
|
104 |
if (isset($all['access_dashboard']) && get_current_user_id()) {
|
105 |
if (empty(AAM::getUser()->allcaps['access_dashboard'])) {
|
106 |
+
AAM_Core_API::reject('backend', array('hook' => 'access_dashboard'));
|
107 |
}
|
108 |
}
|
109 |
}
|
Application/Core/API.php
CHANGED
@@ -226,16 +226,17 @@ final class AAM_Core_API {
|
|
226 |
);
|
227 |
}
|
228 |
|
229 |
-
|
|
|
|
|
230 |
}
|
231 |
|
232 |
/**
|
233 |
*
|
234 |
* @param type $rule
|
235 |
-
* @param type $area
|
236 |
* @param type $args
|
237 |
*/
|
238 |
-
public static function redirect($rule, $
|
239 |
if (filter_var($rule, FILTER_VALIDATE_URL)) {
|
240 |
wp_redirect($rule);
|
241 |
} elseif (preg_match('/^[\d]+$/', $rule)) {
|
226 |
);
|
227 |
}
|
228 |
|
229 |
+
do_action('aam-rejected-action', $area, $args);
|
230 |
+
|
231 |
+
self::redirect($redirect, $args);
|
232 |
}
|
233 |
|
234 |
/**
|
235 |
*
|
236 |
* @param type $rule
|
|
|
237 |
* @param type $args
|
238 |
*/
|
239 |
+
public static function redirect($rule, $args = null) {
|
240 |
if (filter_var($rule, FILTER_VALIDATE_URL)) {
|
241 |
wp_redirect($rule);
|
242 |
} elseif (preg_match('/^[\d]+$/', $rule)) {
|
Application/Core/Config.php
CHANGED
@@ -59,11 +59,14 @@ class AAM_Core_Config {
|
|
59 |
* @static
|
60 |
*/
|
61 |
public static function get($option, $default = null) {
|
62 |
-
if (
|
63 |
-
self::$config[$option]
|
|
|
|
|
|
|
64 |
}
|
65 |
|
66 |
-
return apply_filters('aam-filter-config-get',
|
67 |
}
|
68 |
|
69 |
/**
|
59 |
* @static
|
60 |
*/
|
61 |
public static function get($option, $default = null) {
|
62 |
+
if (isset(self::$config[$option])) {
|
63 |
+
$response = self::$config[$option];
|
64 |
+
} else {
|
65 |
+
$response = self::readConfigPress($option, $default);
|
66 |
+
|
67 |
}
|
68 |
|
69 |
+
return apply_filters('aam-filter-config-get', $response, $option);
|
70 |
}
|
71 |
|
72 |
/**
|
Application/Core/Media.php
CHANGED
@@ -64,7 +64,12 @@ class AAM_Core_Media {
|
|
64 |
$this->printMedia($media);
|
65 |
} elseif (!empty($media)) {
|
66 |
AAM_Core_API::reject(
|
67 |
-
$area,
|
|
|
|
|
|
|
|
|
|
|
68 |
);
|
69 |
}
|
70 |
} else {
|
64 |
$this->printMedia($media);
|
65 |
} elseif (!empty($media)) {
|
66 |
AAM_Core_API::reject(
|
67 |
+
$area,
|
68 |
+
array(
|
69 |
+
'hook' => 'media_read',
|
70 |
+
'action' => "{$area}.read",
|
71 |
+
'post' => $media->getPost()
|
72 |
+
)
|
73 |
);
|
74 |
}
|
75 |
} else {
|
Application/Extension/List.php
CHANGED
@@ -29,6 +29,17 @@ return array(
|
|
29 |
'storeURL' => 'https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=R5QYSA9ZUA2E4',
|
30 |
'version' => (defined('AAM_IP_CHECK') ? constant('AAM_IP_CHECK') : null)
|
31 |
),
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
32 |
array(
|
33 |
'title' => 'AAM Role Hierarchy',
|
34 |
'id' => 'AAM_ROLE_HIERARCHY',
|
@@ -66,7 +77,7 @@ return array(
|
|
66 |
'type' => 'commercial',
|
67 |
'price' => '$70',
|
68 |
'currency' => 'USD',
|
69 |
-
'description' => 'Get list of all available premium extensions in one package. Any additional premium extensions in the future will be included in this package.',
|
70 |
'storeURL' => 'https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=THJWEJR3URR8L',
|
71 |
'version' => (defined('AAM_COMPLETE_PACKAGE') ? constant('AAM_COMPLETE_PACKAGE') : null)
|
72 |
),
|
29 |
'storeURL' => 'https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=R5QYSA9ZUA2E4',
|
30 |
'version' => (defined('AAM_IP_CHECK') ? constant('AAM_IP_CHECK') : null)
|
31 |
),
|
32 |
+
array(
|
33 |
+
'title' => 'AAM User Activity',
|
34 |
+
'id' => 'AAM_USER_ACTIVITY',
|
35 |
+
'type' => 'commercial',
|
36 |
+
'price' => '$10',
|
37 |
+
'currency' => 'USD',
|
38 |
+
'new' => true,
|
39 |
+
'description' => 'Track any kind of user or visitor activity on your website. <a href="https://aamplugin.com/help/how-to-track-any-wordpress-user-activity" target="_blank">Read more.</a>',
|
40 |
+
'storeURL' => 'https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=WUZ7XBWHDNWS2',
|
41 |
+
'version' => (defined('AAM_USER_ACTIVITY') ? constant('AAM_USER_ACTIVITY') : null)
|
42 |
+
),
|
43 |
array(
|
44 |
'title' => 'AAM Role Hierarchy',
|
45 |
'id' => 'AAM_ROLE_HIERARCHY',
|
77 |
'type' => 'commercial',
|
78 |
'price' => '$70',
|
79 |
'currency' => 'USD',
|
80 |
+
'description' => 'Get list of all available premium extensions in one package. Any additional premium extensions in the future will be included in this package. As of today, you already are saving $20 USD.',
|
81 |
'storeURL' => 'https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=THJWEJR3URR8L',
|
82 |
'version' => (defined('AAM_COMPLETE_PACKAGE') ? constant('AAM_COMPLETE_PACKAGE') : null)
|
83 |
),
|
Application/Frontend/Manager.php
CHANGED
@@ -97,10 +97,10 @@ class AAM_Frontend_Manager {
|
|
97 |
|
98 |
/**
|
99 |
*
|
100 |
-
* @param type $
|
101 |
* @param type $user
|
102 |
*/
|
103 |
-
public function login($username, $user) {
|
104 |
if (is_a($user, 'WP_User')) {
|
105 |
$this->updateLoginCounter(-1);
|
106 |
|
@@ -241,18 +241,20 @@ class AAM_Frontend_Manager {
|
|
241 |
* @return type
|
242 |
*/
|
243 |
public function isProtected($response, $post) {
|
244 |
-
|
245 |
-
|
246 |
-
if ($object->has('frontend.protected')) {
|
247 |
-
$hasher = new PasswordHash( 8, true );
|
248 |
-
$hash = wp_unslash(AAM_Core_Request::cookie('wp-postpass_' . COOKIEHASH));
|
249 |
|
250 |
-
if (
|
251 |
-
$
|
252 |
-
|
253 |
-
|
254 |
-
|
255 |
-
|
|
|
|
|
|
|
|
|
|
|
256 |
}
|
257 |
}
|
258 |
|
@@ -350,7 +352,11 @@ class AAM_Frontend_Manager {
|
|
350 |
if ($restrict) {
|
351 |
AAM_Core_API::reject(
|
352 |
'frontend',
|
353 |
-
array(
|
|
|
|
|
|
|
|
|
354 |
);
|
355 |
}
|
356 |
|
97 |
|
98 |
/**
|
99 |
*
|
100 |
+
* @param type $username
|
101 |
* @param type $user
|
102 |
*/
|
103 |
+
public function login($username, $user = null) { /* CodePinch UE Fix */
|
104 |
if (is_a($user, 'WP_User')) {
|
105 |
$this->updateLoginCounter(-1);
|
106 |
|
241 |
* @return type
|
242 |
*/
|
243 |
public function isProtected($response, $post) {
|
244 |
+
if (is_a($post, 'WP_Post')) {
|
245 |
+
$object = AAM::getUser()->getObject('post', $post->ID);
|
|
|
|
|
|
|
246 |
|
247 |
+
if ($object->has('frontend.protected')) {
|
248 |
+
$hasher = new PasswordHash( 8, true );
|
249 |
+
$hash = wp_unslash(AAM_Core_Request::cookie('wp-postpass_' . COOKIEHASH));
|
250 |
+
|
251 |
+
if (empty($hash)) {
|
252 |
+
$response = true;
|
253 |
+
} else {
|
254 |
+
$response = !$hasher->CheckPassword(
|
255 |
+
$object->get('frontend.password'), $hash
|
256 |
+
);
|
257 |
+
}
|
258 |
}
|
259 |
}
|
260 |
|
352 |
if ($restrict) {
|
353 |
AAM_Core_API::reject(
|
354 |
'frontend',
|
355 |
+
array(
|
356 |
+
'hook' => 'post_read',
|
357 |
+
'action' => 'frontend.read',
|
358 |
+
'post' => $post
|
359 |
+
)
|
360 |
);
|
361 |
}
|
362 |
|
aam.php
CHANGED
@@ -3,7 +3,7 @@
|
|
3 |
/**
|
4 |
Plugin Name: Advanced Access Manager
|
5 |
Description: Manage website access for any user, role or visitors
|
6 |
-
Version: 4.
|
7 |
Author: Vasyl Martyniuk <vasyl@vasyltech.com>
|
8 |
Author URI: https://www.vasyltech.com
|
9 |
|
@@ -200,7 +200,10 @@ class AAM {
|
|
200 |
|
201 |
if (defined('ABSPATH')) {
|
202 |
//define few common constants
|
203 |
-
define(
|
|
|
|
|
|
|
204 |
define('AAM_KEY', 'advanced-access-manager');
|
205 |
define('AAM_EXTENSION_BASE', WP_CONTENT_DIR . '/aam/extension');
|
206 |
define('AAM_CODEPINCH_AFFILIATE_CODE', 'H2K31P8H');
|
3 |
/**
|
4 |
Plugin Name: Advanced Access Manager
|
5 |
Description: Manage website access for any user, role or visitors
|
6 |
+
Version: 4.3
|
7 |
Author: Vasyl Martyniuk <vasyl@vasyltech.com>
|
8 |
Author URI: https://www.vasyltech.com
|
9 |
|
200 |
|
201 |
if (defined('ABSPATH')) {
|
202 |
//define few common constants
|
203 |
+
define(
|
204 |
+
'AAM_MEDIA',
|
205 |
+
preg_replace('/^http[s]?:/', '', plugins_url('/media', __FILE__))
|
206 |
+
);
|
207 |
define('AAM_KEY', 'advanced-access-manager');
|
208 |
define('AAM_EXTENSION_BASE', WP_CONTENT_DIR . '/aam/extension');
|
209 |
define('AAM_CODEPINCH_AFFILIATE_CODE', 'H2K31P8H');
|
autoloader.php
CHANGED
@@ -8,7 +8,7 @@
|
|
8 |
*/
|
9 |
|
10 |
/**
|
11 |
-
* Project
|
12 |
*
|
13 |
* @package AAM
|
14 |
* @author Vasyl Martyniuk <vasyl@vasyltech.com>
|
8 |
*/
|
9 |
|
10 |
/**
|
11 |
+
* Project autoloader
|
12 |
*
|
13 |
* @package AAM
|
14 |
* @author Vasyl Martyniuk <vasyl@vasyltech.com>
|
media/js/aam-ui.js
CHANGED
@@ -2038,7 +2038,7 @@
|
|
2038 |
aam.notification('danger', aam.__(response.error));
|
2039 |
if (typeof response.content !== 'undefined') {
|
2040 |
dump = response;
|
2041 |
-
$('#installation-error').
|
2042 |
$('#extension-notification-modal').modal('show');
|
2043 |
}
|
2044 |
}
|
2038 |
aam.notification('danger', aam.__(response.error));
|
2039 |
if (typeof response.content !== 'undefined') {
|
2040 |
dump = response;
|
2041 |
+
$('#installation-error').html(response.error);
|
2042 |
$('#extension-notification-modal').modal('show');
|
2043 |
}
|
2044 |
}
|
readme.txt
CHANGED
@@ -2,8 +2,8 @@
|
|
2 |
Contributors: vasyltech
|
3 |
Tags: access, role, user, capability, page access, post access, security, login redirect, brute force attack, double authentication, membership, backend lockdown, wp-admin
|
4 |
Requires at least: 3.8
|
5 |
-
Tested up to: 4.7.
|
6 |
-
Stable tag: 4.
|
7 |
|
8 |
Manage your website access and security for any user, role or visitors.
|
9 |
|
@@ -23,22 +23,22 @@ premium extensions that are available for download.
|
|
23 |
Restrict access to your website backend side for any user or role. For more information about this feature
|
24 |
refer to the [How to lockdown WordPress backend](https://aamplugin.com/help/how-to-lockdown-wordpress-backend)
|
25 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
26 |
= Manage Backend Menu =
|
27 |
Manage access to the backend menu for any user or group or users (roles).
|
28 |
|
29 |
-
= Manage Metaboxes and Widgets =
|
30 |
-
Filter list of metaboxes and widgets on both frontend and backend for any user,
|
31 |
-
group of users or visitors.
|
32 |
-
|
33 |
= Manage Capabilities =
|
34 |
Create, edit or delete capabilities for any role or even user.
|
35 |
|
36 |
-
= Manage Posts & Pages =
|
37 |
-
Manage access to any post, page or custom post type. With premium AAM Plus Package extension
|
38 |
-
also manage access to categories, custom hierarchical taxonomies or setup the default
|
39 |
-
access to all posts and categories. Refer to [How to manage WordPress post and category access](https://aamplugin.com/help/how-to-manage-wordpress-post-and-category-access)
|
40 |
-
to learn more about this feature.
|
41 |
-
|
42 |
= Manage Access Based On Geo Location And IP =
|
43 |
Manage access to your website for all visitors based on referred host, IP address or geographical location.
|
44 |
For more information about this feature check [How to manage access to WordPress website based on location](https://aamplugin.com/help/how-to-manage-access-to-wordpress-website-based-on-location) article
|
@@ -47,6 +47,10 @@ For more information about this feature check [How to manage access to WordPress
|
|
47 |
Define custom access denied or login redirects for any user or group of users. Redirect
|
48 |
user to any existing page, URL or specify your own PHP callback function to handle it.
|
49 |
|
|
|
|
|
|
|
|
|
50 |
= Content Teaser =
|
51 |
Create your own content teaser for any limited post, page or custom post type.
|
52 |
|
@@ -100,6 +104,14 @@ Check our [help page](https://aamplugin.com/help) to find out more about AAM.
|
|
100 |
|
101 |
== Changelog ==
|
102 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
103 |
= 4.2 =
|
104 |
* Fixed the bug with post list caching
|
105 |
* Fixed the bug with Manage Access button
|
2 |
Contributors: vasyltech
|
3 |
Tags: access, role, user, capability, page access, post access, security, login redirect, brute force attack, double authentication, membership, backend lockdown, wp-admin
|
4 |
Requires at least: 3.8
|
5 |
+
Tested up to: 4.7.3
|
6 |
+
Stable tag: 4.3
|
7 |
|
8 |
Manage your website access and security for any user, role or visitors.
|
9 |
|
23 |
Restrict access to your website backend side for any user or role. For more information about this feature
|
24 |
refer to the [How to lockdown WordPress backend](https://aamplugin.com/help/how-to-lockdown-wordpress-backend)
|
25 |
|
26 |
+
= Manage Posts & Categories =
|
27 |
+
Manage access to any post, page or custom post type. With premium AAM Plus Package extension
|
28 |
+
also manage access to categories, custom hierarchical taxonomies or setup the default
|
29 |
+
access to all posts and categories. Refer to [How to manage WordPress post and category access](https://aamplugin.com/help/how-to-manage-wordpress-post-and-category-access)
|
30 |
+
to learn more about this feature.
|
31 |
+
|
32 |
+
= Track Any User Activities =
|
33 |
+
Track any user or visitor activities on your website with AAM User Activity extension. For more information about this
|
34 |
+
feature refer to the [How to track any WordPress user activity](https://aamplugin.com/help/how-to-track-any-wordpress-user-activity)
|
35 |
+
|
36 |
= Manage Backend Menu =
|
37 |
Manage access to the backend menu for any user or group or users (roles).
|
38 |
|
|
|
|
|
|
|
|
|
39 |
= Manage Capabilities =
|
40 |
Create, edit or delete capabilities for any role or even user.
|
41 |
|
|
|
|
|
|
|
|
|
|
|
|
|
42 |
= Manage Access Based On Geo Location And IP =
|
43 |
Manage access to your website for all visitors based on referred host, IP address or geographical location.
|
44 |
For more information about this feature check [How to manage access to WordPress website based on location](https://aamplugin.com/help/how-to-manage-access-to-wordpress-website-based-on-location) article
|
47 |
Define custom access denied or login redirects for any user or group of users. Redirect
|
48 |
user to any existing page, URL or specify your own PHP callback function to handle it.
|
49 |
|
50 |
+
= Manage Metaboxes and Widgets =
|
51 |
+
Filter list of metaboxes and widgets on both frontend and backend for any user,
|
52 |
+
group of users or visitors.
|
53 |
+
|
54 |
= Content Teaser =
|
55 |
Create your own content teaser for any limited post, page or custom post type.
|
56 |
|
104 |
|
105 |
== Changelog ==
|
106 |
|
107 |
+
= 4.3 =
|
108 |
+
* Fixed the bug with SSL when WordPress is not configured properly
|
109 |
+
* Added AAM User Activity extension
|
110 |
+
* Added ability to track access denied events
|
111 |
+
* Fixed the bug with internal AAM configurations
|
112 |
+
* Fixed the bug with login hook when only one argument is passed
|
113 |
+
* Fixed the bug with invalid argument is passed to password protected check
|
114 |
+
|
115 |
= 4.2 =
|
116 |
* Fixed the bug with post list caching
|
117 |
* Fixed the bug with Manage Access button
|