Advanced Access Manager - Version 6.8.0

Version Description

Changed: Enhanced security pasture by escaping potentially harmful output, if information was directly modified in the DB or not escaped during storing AAM settings, reported by WordPress Plugin Review Team
Fixed: Cleared potentially corrupted data about status of premium add-ons.
Changed: Re-opened direct communication with the AAM developer through the Slack channel https://aamplugin.com/support

Release Info

Developer	vasyltech
Plugin	Advanced Access Manager
Version	6.8.0
Comparing to
See all releases

Code changes from version 6.7.9 to 6.8.0

Files changed (9) hide show

aam.php +2 -2
application/Backend/Feature/Main/Capability.php +11 -7
application/Backend/Feature/Main/Uri.php +2 -1
application/Backend/tmpl/service/404redirect.php +6 -4
application/Backend/tmpl/service/login-redirect.php +11 -3
application/Backend/tmpl/service/logout-redirect.php +11 -3
application/Backend/tmpl/service/redirect.php +13 -5
application/Migration/2121_10_15-base.php +43 -0
readme.txt +6 -1

aam.php CHANGED Viewed

	@@ -3,7 +3,7 @@
3	/**
4	* Plugin Name: Advanced Access Manager
5	* Description: Collection of features to manage your WordPress website authentication, authorization and monitoring
6	- * Version: 6.7.9
7	* Author: Vasyl Martyniuk <vasyl@vasyltech.com>
8	* Author URI: https://vasyltech.com
9	* Text Domain: advanced-access-manager
	@@ -264,7 +264,7 @@ if (defined('ABSPATH')) {
264	//define few common constants
265	define('AAM_MEDIA', plugins_url('/media', __FILE__));
266	define('AAM_KEY', 'advanced-access-manager');
267	- define('AAM_VERSION', '6.7.9');
268	define('AAM_BASEDIR', __DIR__);
269
270	//load vendor


3	/**
4	* Plugin Name: Advanced Access Manager
5	* Description: Collection of features to manage your WordPress website authentication, authorization and monitoring
6	+ * Version: 6.8.0
7	* Author: Vasyl Martyniuk <vasyl@vasyltech.com>
8	* Author URI: https://vasyltech.com
9	* Text Domain: advanced-access-manager

264	//define few common constants
265	define('AAM_MEDIA', plugins_url('/media', __FILE__));
266	define('AAM_KEY', 'advanced-access-manager');
267	+ define('AAM_VERSION', '6.8.0');
268	define('AAM_BASEDIR', __DIR__);
269
270	//load vendor

application/Backend/Feature/Main/Capability.php CHANGED Viewed

	@@ -5,15 +5,16 @@
5	* LICENSE: This file is subject to the terms and conditions defined in *
6	* file 'license.txt', which is part of this source code package. *
7	* ======================================================================
8	- *
9	- * @version 6.0.0
10	*/
11
12	/**
13	* Backend capability manager
14	*



15	* @package AAM
16	- * @version 6.0.0
17	*/
18	class AAM_Backend_Feature_Main_Capability
19	extends AAM_Backend_Feature_Abstract implements AAM_Backend_Feature_ISubjectAware
	@@ -73,8 +74,11 @@ class AAM_Backend_Feature_Main_Capability
73	*
74	* @return string
75	*



76	* @access public
77	- * @version 6.0.0
78	*/
79	public function save()
80	{
	@@ -84,12 +88,12 @@ class AAM_Backend_Feature_Main_Capability
84	$assign = $this->getFromPost('assignToMe', FILTER_VALIDATE_BOOLEAN);
85
86	if ($cap && $this->isAllowedToToggle($cap)) {


87	// Add capability to current user if checkbox checked
88	- if ($assign === true) {
89	AAM::getUser()->addCapability($cap);
90	}
91	-
92	- $result = $this->getSubject()->addCapability($cap, $effect);
93	}
94
95	return wp_json_encode(array(


5	* LICENSE: This file is subject to the terms and conditions defined in *
6	* file 'license.txt', which is part of this source code package. *
7	* ======================================================================


8	*/
9
10	/**
11	* Backend capability manager
12	*
13	+ * @since 6.8.0 https://github.com/aamplugin/advanced-access-manager/issues/195
14	+ * @since 6.0.0 Initial implementation of the class
15	+ *
16	* @package AAM
17	+ * @version 6.8.0
18	*/
19	class AAM_Backend_Feature_Main_Capability
20	extends AAM_Backend_Feature_Abstract implements AAM_Backend_Feature_ISubjectAware

74	*
75	* @return string
76	*
77	+ * @since 6.8.0 https://github.com/aamplugin/advanced-access-manager/issues/195
78	+ * @since 6.0.0 Initial implementation of the method
79	+ *
80	* @access public
81	+ * @version 6.8.0
82	*/
83	public function save()
84	{

88	$assign = $this->getFromPost('assignToMe', FILTER_VALIDATE_BOOLEAN);
89
90	if ($cap && $this->isAllowedToToggle($cap)) {
91	+ $result = $this->getSubject()->addCapability($cap, $effect);
92	+
93	// Add capability to current user if checkbox checked
94	+ if ($result && $assign === true) {
95	AAM::getUser()->addCapability($cap);
96	}


97	}
98
99	return wp_json_encode(array(

application/Backend/Feature/Main/Uri.php CHANGED Viewed

	@@ -54,7 +54,7 @@ class AAM_Backend_Feature_Main_Uri
54	* @since 6.0.0 Initial implementation of the method
55	*
56	* @access public
57	- * @version 6.0.0
58	*/
59	public function getTable()
60	{
	@@ -70,6 +70,7 @@ class AAM_Backend_Feature_Main_Uri
70
71	foreach ($rules as $uri => $rule) {
72	$prefix = ($object->has($uri) ? '' : 'no-');

73	$response['data'][] = array(
74	$uri,
75	$rule['type'],


54	* @since 6.0.0 Initial implementation of the method
55	*
56	* @access public
57	+ * @version 6.4.0
58	*/
59	public function getTable()
60	{

70
71	foreach ($rules as $uri => $rule) {
72	$prefix = ($object->has($uri) ? '' : 'no-');
73	+
74	$response['data'][] = array(
75	$uri,
76	$rule['type'],

application/Backend/tmpl/service/404redirect.php CHANGED Viewed

	@@ -1,10 +1,12 @@
1	<?php
2	/**

3	* @since 6.4.0 Allowing to define 404 for any user or role
4	* @since 6.0.0 Initial implementation of the templates
5	*
6	- * @version 6.4.0
7	- * */

8	?>
9
10	<?php if (defined('AAM_KEY')) { ?>
	@@ -65,12 +67,12 @@
65
66	<div class="form-group 404redirect-action" id="url-404redirect-action" style="display: <?php echo ($type === 'url' ? 'block' : 'none'); ?>;">
67	<label><?php echo __('The URL', AAM_KEY); ?></label>
68	- <input type="text" class="form-control" name="404.redirect.url" placeholder="https://" value="<?php echo $this->getOption('404.redirect.url'); ?>" />
69	</div>
70
71	<div class="form-group 404-redirect-action" id="callback-404redirect-action" style="display: <?php echo ($type === 'callback' ? 'block' : 'none'); ?>;">
72	<label><?php echo __('PHP Callback Function', AAM_KEY); ?></label>
73	- <input type="text" class="form-control" placeholder="Enter valid callback" name="404.redirect.callback" value="<?php echo $this->getOption('404.redirect.callback'); ?>" />
74	</div>
75	</div>
76	</div>


1	<?php
2	/**
3	+ * @since 6.8.0 https://github.com/aamplugin/advanced-access-manager/issues/195
4	* @since 6.4.0 Allowing to define 404 for any user or role
5	* @since 6.0.0 Initial implementation of the templates
6	*
7	+ * @version 6.8.0
8	+ *
9	+ */
10	?>
11
12	<?php if (defined('AAM_KEY')) { ?>

67
68	<div class="form-group 404redirect-action" id="url-404redirect-action" style="display: <?php echo ($type === 'url' ? 'block' : 'none'); ?>;">
69	<label><?php echo __('The URL', AAM_KEY); ?></label>
70	+ <input type="text" class="form-control" name="404.redirect.url" placeholder="https://" value="<?php echo stripslashes(esc_js($this->getOption('404.redirect.url'))); ?>" />
71	</div>
72
73	<div class="form-group 404-redirect-action" id="callback-404redirect-action" style="display: <?php echo ($type === 'callback' ? 'block' : 'none'); ?>;">
74	<label><?php echo __('PHP Callback Function', AAM_KEY); ?></label>
75	+ <input type="text" class="form-control" placeholder="Enter valid callback" name="404.redirect.callback" value="<?php echo stripslashes(esc_js($this->getOption('404.redirect.callback'))); ?>" />
76	</div>
77	</div>
78	</div>

application/Backend/tmpl/service/login-redirect.php CHANGED Viewed

	@@ -1,4 +1,12 @@
1	- <?php ~~/** @version 6.0.0 */ ?>~~








2
3	<?php if (defined('AAM_KEY')) { ?>
4	<div class="aam-feature" id="login_redirect-content">
	@@ -58,12 +66,12 @@
58
59	<div class="form-group login-redirect-action" id="url-login-redirect-action" style="display: <?php echo ($type === 'url' ? 'block' : 'none'); ?>;">
60	<label><?php echo __('The URL', AAM_KEY); ?></label>
61	- <input type="text" class="form-control" name="login.redirect.url" placeholder="https://" value="<?php echo $this->getOption('login.redirect.url'); ?>" />
62	</div>
63
64	<div class="form-group login-redirect-action" id="callback-login-redirect-action" style="display: <?php echo ($type === 'callback' ? 'block' : 'none'); ?>;">
65	<label><?php echo __('PHP Callback Function', AAM_KEY); ?></label>
66	- <input type="text" class="form-control" placeholder="Enter valid callback" name="login.redirect.callback" value="<?php echo $this->getOption('login.redirect.callback'); ?>" />
67	</div>
68	</div>
69	</div>


1	+ <?php
2	+ /**
3	+ * @since 6.8.0 https://github.com/aamplugin/advanced-access-manager/issues/195
4	+ * @since 6.0.0 Initial implementation of the templates
5	+ *
6	+ * @version 6.8.0
7	+ *
8	+ */
9	+ ?>
10
11	<?php if (defined('AAM_KEY')) { ?>
12	<div class="aam-feature" id="login_redirect-content">

66
67	<div class="form-group login-redirect-action" id="url-login-redirect-action" style="display: <?php echo ($type === 'url' ? 'block' : 'none'); ?>;">
68	<label><?php echo __('The URL', AAM_KEY); ?></label>
69	+ <input type="text" class="form-control" name="login.redirect.url" placeholder="https://" value="<?php echo stripslashes(esc_js($this->getOption('login.redirect.url'))); ?>" />
70	</div>
71
72	<div class="form-group login-redirect-action" id="callback-login-redirect-action" style="display: <?php echo ($type === 'callback' ? 'block' : 'none'); ?>;">
73	<label><?php echo __('PHP Callback Function', AAM_KEY); ?></label>
74	+ <input type="text" class="form-control" placeholder="Enter valid callback" name="login.redirect.callback" value="<?php echo stripslashes(esc_js($this->getOption('login.redirect.callback'))); ?>" />
75	</div>
76	</div>
77	</div>

application/Backend/tmpl/service/logout-redirect.php CHANGED Viewed

	@@ -1,4 +1,12 @@
1	- <?php ~~/** @version 6.0.0 */ ?>~~








2
3	<?php if (defined('AAM_KEY')) { ?>
4	<div class="aam-feature" id="logout_redirect-content">
	@@ -58,12 +66,12 @@
58
59	<div class="form-group logout-redirect-action" id="url-logout-redirect-action" style="display: <?php echo ($type === 'url' ? 'block' : 'none'); ?>;">
60	<label><?php echo __('The URL', AAM_KEY); ?></label>
61	- <input type="text" class="form-control" name="logout.redirect.url" placeholder="https://" value="<?php echo $this->getOption('logout.redirect.url'); ?>" />
62	</div>
63
64	<div class="form-group logout-redirect-action" id="callback-logout-redirect-action" style="display: <?php echo ($type === 'callback' ? 'block' : 'none'); ?>;">
65	<label><?php echo __('PHP Callback Function', AAM_KEY); ?></label>
66	- <input type="text" class="form-control" placeholder="Enter valid callback" name="logout.redirect.callback" value="<?php echo $this->getOption('logout.redirect.callback'); ?>" />
67	</div>
68	</div>
69	</div>


1	+ <?php
2	+ /**
3	+ * @since 6.8.0 https://github.com/aamplugin/advanced-access-manager/issues/195
4	+ * @since 6.0.0 Initial implementation of the templates
5	+ *
6	+ * @version 6.8.0
7	+ *
8	+ */
9	+ ?>
10
11	<?php if (defined('AAM_KEY')) { ?>
12	<div class="aam-feature" id="logout_redirect-content">

66
67	<div class="form-group logout-redirect-action" id="url-logout-redirect-action" style="display: <?php echo ($type === 'url' ? 'block' : 'none'); ?>;">
68	<label><?php echo __('The URL', AAM_KEY); ?></label>
69	+ <input type="text" class="form-control" name="logout.redirect.url" placeholder="https://" value="<?php echo stripslashes(esc_js($this->getOption('logout.redirect.url'))); ?>" />
70	</div>
71
72	<div class="form-group logout-redirect-action" id="callback-logout-redirect-action" style="display: <?php echo ($type === 'callback' ? 'block' : 'none'); ?>;">
73	<label><?php echo __('PHP Callback Function', AAM_KEY); ?></label>
74	+ <input type="text" class="form-control" placeholder="Enter valid callback" name="logout.redirect.callback" value="<?php echo stripslashes(esc_js($this->getOption('logout.redirect.callback'))); ?>" />
75	</div>
76	</div>
77	</div>

application/Backend/tmpl/service/redirect.php CHANGED Viewed

	@@ -1,4 +1,12 @@
1	- <?php ~~/** @version 6.0.0 */ ?>~~








2
3	<?php if (defined('AAM_KEY')) { ?>
4	<?php $subject = AAM_Backend_Subject::getInstance(); ?>
	@@ -84,12 +92,12 @@
84
85	<div class="form-group aam-redirect-action frontend-redirect" id="frontend-url-action" style="display: <?php echo ($frontendType == 'url' ? 'block' : 'none'); ?>;">
86	<label for="frontend-url"><?php echo __('The URL', AAM_KEY); ?></label>
87	- <input type="text" class="form-control" name="frontend.redirect.url" placeholder="https://" value="<?php echo $this->getOption('frontend.redirect.url'); ?>" />
88	</div>
89
90	<div class="form-group aam-redirect-action frontend-redirect" id="frontend-callback-action" style="display: <?php echo ($frontendType == 'callback' ? 'block' : 'none'); ?>;">
91	<label for="frontend-url"><?php echo __('PHP Callback Function', AAM_KEY); ?></label>
92	- <input type="text" class="form-control" placeholder="<?php echo __('Enter valid callback', AAM_KEY); ?>" name="frontend.redirect.callback" value="<?php echo $this->getOption('frontend.redirect.callback'); ?>" />
93	</div>
94	</div>
95	<div role="tabpanel" class="tab-pane" id="backend-redirect">
	@@ -136,12 +144,12 @@
136
137	<div class="form-group aam-redirect-action backend-redirect" id="backend-url" style="display: <?php echo ($backendType == 'url' ? 'block' : 'none'); ?>;">
138	<label for="backend-url"><?php echo __('The URL', AAM_KEY); ?></label>
139	- <input type="text" class="form-control" placeholder="https://" name="backend.redirect.url" value="<?php echo $this->getOption('backend.redirect.url'); ?>" />
140	</div>
141
142	<div class="form-group aam-redirect-action backend-redirect" id="backend-callback-action" style="display: <?php echo ($backendType == 'callback' ? 'block' : 'none'); ?>;">
143	<label for="frontend-url"><?php echo __('PHP Callback Function', AAM_KEY); ?></label>
144	- <input type="text" class="form-control" placeholder="<?php echo __('Enter valid callback', AAM_KEY); ?>" name="backend.redirect.callback" value="<?php echo $this->getOption('backend.redirect.callback'); ?>" />
145	</div>
146	</div>
147	</div>


1	+ <?php
2	+ /**
3	+ * @since 6.8.0 https://github.com/aamplugin/advanced-access-manager/issues/195
4	+ * @since 6.0.0 Initial implementation of the templates
5	+ *
6	+ * @version 6.8.0
7	+ *
8	+ */
9	+ ?>
10
11	<?php if (defined('AAM_KEY')) { ?>
12	<?php $subject = AAM_Backend_Subject::getInstance(); ?>

92
93	<div class="form-group aam-redirect-action frontend-redirect" id="frontend-url-action" style="display: <?php echo ($frontendType == 'url' ? 'block' : 'none'); ?>;">
94	<label for="frontend-url"><?php echo __('The URL', AAM_KEY); ?></label>
95	+ <input type="text" class="form-control" name="frontend.redirect.url" placeholder="https://" value="<?php echo stripslashes(esc_js($this->getOption('frontend.redirect.url'))); ?>" />
96	</div>
97
98	<div class="form-group aam-redirect-action frontend-redirect" id="frontend-callback-action" style="display: <?php echo ($frontendType == 'callback' ? 'block' : 'none'); ?>;">
99	<label for="frontend-url"><?php echo __('PHP Callback Function', AAM_KEY); ?></label>
100	+ <input type="text" class="form-control" placeholder="<?php echo __('Enter valid callback', AAM_KEY); ?>" name="frontend.redirect.callback" value="<?php echo stripslashes(esc_js($this->getOption('frontend.redirect.callback'))); ?>" />
101	</div>
102	</div>
103	<div role="tabpanel" class="tab-pane" id="backend-redirect">

144
145	<div class="form-group aam-redirect-action backend-redirect" id="backend-url" style="display: <?php echo ($backendType == 'url' ? 'block' : 'none'); ?>;">
146	<label for="backend-url"><?php echo __('The URL', AAM_KEY); ?></label>
147	+ <input type="text" class="form-control" placeholder="https://" name="backend.redirect.url" value="<?php echo stripslashes(esc_js($this->getOption('backend.redirect.url'))); ?>" />
148	</div>
149
150	<div class="form-group aam-redirect-action backend-redirect" id="backend-callback-action" style="display: <?php echo ($backendType == 'callback' ? 'block' : 'none'); ?>;">
151	<label for="frontend-url"><?php echo __('PHP Callback Function', AAM_KEY); ?></label>
152	+ <input type="text" class="form-control" placeholder="<?php echo __('Enter valid callback', AAM_KEY); ?>" name="backend.redirect.callback" value="<?php echo stripslashes(esc_js($this->getOption('backend.redirect.callback'))); ?>" />
153	</div>
154	</div>
155	</div>

application/Migration/2121_10_15-base.php ADDED Viewed

	@@ -0,0 +1,43 @@


1	+ <?php
2	+
3	+ /**
4	+ * ======================================================================
5	+ * LICENSE: This file is subject to the terms and conditions defined in *
6	+ * file 'license.txt', which is part of this source code package. *
7	+ * ======================================================================
8	+ */
9	+
10	+ namespace AAM\Migration;
11	+
12	+ use AAM_Core_Migration,
13	+ AAM_Core_Contract_MigrationInterface;
14	+
15	+ /**
16	+ * Clearing the AAM violations repository to remove corrupted data
17	+ *
18	+ * @package AAM
19	+ * @version 6.8.0
20	+ */
21	+ class Migration680 implements AAM_Core_Contract_MigrationInterface
22	+ {
23	+
24	+ /**
25	+ * @inheritdoc
26	+ *
27	+ * @version 6.8.0
28	+ */
29	+ public function run()
30	+ {
31	+ \AAM_Core_API::deleteOption(\AAM_Addon_Repository::DB_VIOLATION_OPTION);
32	+
33	+ // Finally store this script as completed
34	+ AAM_Core_Migration::storeCompletedScript(basename(__FILE__));
35	+
36	+ return array('errors' => array());
37	+ }
38	+
39	+ }
40	+
41	+ if (defined('AAM_KEY')) {
42	+ return (new Migration680())->run();
43	+ }

readme.txt CHANGED Viewed

	@@ -4,7 +4,7 @@ Tags: access control, membership, backend menu, user role, restricted content, s
4	Requires at least: 4.7.0
5	Requires PHP: 5.6.0
6	Tested up to: 5.8.1
7	- Stable tag: 6.7.9
8
9	All you need to manage access to WordPress websites on the frontend, backend and API levels for any role, user or visitors.
10
	@@ -91,6 +91,11 @@ We take security and privacy very seriously, that is why there are several non-n
91
92	== Changelog ==
93





94	= 6.7.9 =
95	* Changed: Enhanced security pasture by escaping potentially harmful input from users that do not have unfiltered_html capability, reported by WordPress Plugin Review Team [https://github.com/aamplugin/advanced-access-manager/issues/192](https://github.com/aamplugin/advanced-access-manager/issues/192)
96	* Changed: Disabling the "User Role Filter" by default for all new AAM installations [https://github.com/aamplugin/advanced-access-manager/issues/193](https://github.com/aamplugin/advanced-access-manager/issues/193)


4	Requires at least: 4.7.0
5	Requires PHP: 5.6.0
6	Tested up to: 5.8.1
7	+ Stable tag: 6.8.0
8
9	All you need to manage access to WordPress websites on the frontend, backend and API levels for any role, user or visitors.
10

91
92	== Changelog ==
93
94	+ = 6.8.0 =
95	+ * Changed: Enhanced security pasture by escaping potentially harmful output, if information was directly modified in the DB or not escaped during storing AAM settings, reported by WordPress Plugin Review Team
96	+ * Fixed: Cleared potentially corrupted data about status of premium add-ons.
97	+ * Changed: Re-opened direct communication with the AAM developer through the Slack channel [https://aamplugin.com/support](https://aamplugin.com/support)
98	+
99	= 6.7.9 =
100	* Changed: Enhanced security pasture by escaping potentially harmful input from users that do not have unfiltered_html capability, reported by WordPress Plugin Review Team [https://github.com/aamplugin/advanced-access-manager/issues/192](https://github.com/aamplugin/advanced-access-manager/issues/192)
101	* Changed: Disabling the "User Role Filter" by default for all new AAM installations [https://github.com/aamplugin/advanced-access-manager/issues/193](https://github.com/aamplugin/advanced-access-manager/issues/193)