Advanced Access Manager - Version 6.8.0

Version Description

  • Changed: Enhanced security pasture by escaping potentially harmful output, if information was directly modified in the DB or not escaped during storing AAM settings, reported by WordPress Plugin Review Team
  • Fixed: Cleared potentially corrupted data about status of premium add-ons.
  • Changed: Re-opened direct communication with the AAM developer through the Slack channel https://aamplugin.com/support
Download this release

Release Info

Developer vasyltech
Plugin Icon 128x128 Advanced Access Manager
Version 6.8.0
Comparing to
See all releases

Code changes from version 6.7.9 to 6.8.0

aam.php CHANGED
@@ -3,7 +3,7 @@
3
  /**
4
  * Plugin Name: Advanced Access Manager
5
  * Description: Collection of features to manage your WordPress website authentication, authorization and monitoring
6
- * Version: 6.7.9
7
  * Author: Vasyl Martyniuk <vasyl@vasyltech.com>
8
  * Author URI: https://vasyltech.com
9
  * Text Domain: advanced-access-manager
@@ -264,7 +264,7 @@ if (defined('ABSPATH')) {
264
  //define few common constants
265
  define('AAM_MEDIA', plugins_url('/media', __FILE__));
266
  define('AAM_KEY', 'advanced-access-manager');
267
- define('AAM_VERSION', '6.7.9');
268
  define('AAM_BASEDIR', __DIR__);
269
 
270
  //load vendor
3
  /**
4
  * Plugin Name: Advanced Access Manager
5
  * Description: Collection of features to manage your WordPress website authentication, authorization and monitoring
6
+ * Version: 6.8.0
7
  * Author: Vasyl Martyniuk <vasyl@vasyltech.com>
8
  * Author URI: https://vasyltech.com
9
  * Text Domain: advanced-access-manager
264
  //define few common constants
265
  define('AAM_MEDIA', plugins_url('/media', __FILE__));
266
  define('AAM_KEY', 'advanced-access-manager');
267
+ define('AAM_VERSION', '6.8.0');
268
  define('AAM_BASEDIR', __DIR__);
269
 
270
  //load vendor
application/Backend/Feature/Main/Capability.php CHANGED
@@ -5,15 +5,16 @@
5
  * LICENSE: This file is subject to the terms and conditions defined in *
6
  * file 'license.txt', which is part of this source code package. *
7
  * ======================================================================
8
- *
9
- * @version 6.0.0
10
  */
11
 
12
  /**
13
  * Backend capability manager
14
  *
 
 
 
15
  * @package AAM
16
- * @version 6.0.0
17
  */
18
  class AAM_Backend_Feature_Main_Capability
19
  extends AAM_Backend_Feature_Abstract implements AAM_Backend_Feature_ISubjectAware
@@ -73,8 +74,11 @@ class AAM_Backend_Feature_Main_Capability
73
  *
74
  * @return string
75
  *
 
 
 
76
  * @access public
77
- * @version 6.0.0
78
  */
79
  public function save()
80
  {
@@ -84,12 +88,12 @@ class AAM_Backend_Feature_Main_Capability
84
  $assign = $this->getFromPost('assignToMe', FILTER_VALIDATE_BOOLEAN);
85
 
86
  if ($cap && $this->isAllowedToToggle($cap)) {
 
 
87
  // Add capability to current user if checkbox checked
88
- if ($assign === true) {
89
  AAM::getUser()->addCapability($cap);
90
  }
91
-
92
- $result = $this->getSubject()->addCapability($cap, $effect);
93
  }
94
 
95
  return wp_json_encode(array(
5
  * LICENSE: This file is subject to the terms and conditions defined in *
6
  * file 'license.txt', which is part of this source code package. *
7
  * ======================================================================
 
 
8
  */
9
 
10
  /**
11
  * Backend capability manager
12
  *
13
+ * @since 6.8.0 https://github.com/aamplugin/advanced-access-manager/issues/195
14
+ * @since 6.0.0 Initial implementation of the class
15
+ *
16
  * @package AAM
17
+ * @version 6.8.0
18
  */
19
  class AAM_Backend_Feature_Main_Capability
20
  extends AAM_Backend_Feature_Abstract implements AAM_Backend_Feature_ISubjectAware
74
  *
75
  * @return string
76
  *
77
+ * @since 6.8.0 https://github.com/aamplugin/advanced-access-manager/issues/195
78
+ * @since 6.0.0 Initial implementation of the method
79
+ *
80
  * @access public
81
+ * @version 6.8.0
82
  */
83
  public function save()
84
  {
88
  $assign = $this->getFromPost('assignToMe', FILTER_VALIDATE_BOOLEAN);
89
 
90
  if ($cap && $this->isAllowedToToggle($cap)) {
91
+ $result = $this->getSubject()->addCapability($cap, $effect);
92
+
93
  // Add capability to current user if checkbox checked
94
+ if ($result && $assign === true) {
95
  AAM::getUser()->addCapability($cap);
96
  }
 
 
97
  }
98
 
99
  return wp_json_encode(array(
application/Backend/Feature/Main/Uri.php CHANGED
@@ -54,7 +54,7 @@ class AAM_Backend_Feature_Main_Uri
54
  * @since 6.0.0 Initial implementation of the method
55
  *
56
  * @access public
57
- * @version 6.0.0
58
  */
59
  public function getTable()
60
  {
@@ -70,6 +70,7 @@ class AAM_Backend_Feature_Main_Uri
70
 
71
  foreach ($rules as $uri => $rule) {
72
  $prefix = ($object->has($uri) ? '' : 'no-');
 
73
  $response['data'][] = array(
74
  $uri,
75
  $rule['type'],
54
  * @since 6.0.0 Initial implementation of the method
55
  *
56
  * @access public
57
+ * @version 6.4.0
58
  */
59
  public function getTable()
60
  {
70
 
71
  foreach ($rules as $uri => $rule) {
72
  $prefix = ($object->has($uri) ? '' : 'no-');
73
+
74
  $response['data'][] = array(
75
  $uri,
76
  $rule['type'],
application/Backend/tmpl/service/404redirect.php CHANGED
@@ -1,10 +1,12 @@
1
  <?php
2
  /**
 
3
  * @since 6.4.0 Allowing to define 404 for any user or role
4
  * @since 6.0.0 Initial implementation of the templates
5
  *
6
- * @version 6.4.0
7
- * */
 
8
  ?>
9
 
10
  <?php if (defined('AAM_KEY')) { ?>
@@ -65,12 +67,12 @@
65
 
66
  <div class="form-group 404redirect-action" id="url-404redirect-action" style="display: <?php echo ($type === 'url' ? 'block' : 'none'); ?>;">
67
  <label><?php echo __('The URL', AAM_KEY); ?></label>
68
- <input type="text" class="form-control" name="404.redirect.url" placeholder="https://" value="<?php echo $this->getOption('404.redirect.url'); ?>" />
69
  </div>
70
 
71
  <div class="form-group 404-redirect-action" id="callback-404redirect-action" style="display: <?php echo ($type === 'callback' ? 'block' : 'none'); ?>;">
72
  <label><?php echo __('PHP Callback Function', AAM_KEY); ?></label>
73
- <input type="text" class="form-control" placeholder="Enter valid callback" name="404.redirect.callback" value="<?php echo $this->getOption('404.redirect.callback'); ?>" />
74
  </div>
75
  </div>
76
  </div>
1
  <?php
2
  /**
3
+ * @since 6.8.0 https://github.com/aamplugin/advanced-access-manager/issues/195
4
  * @since 6.4.0 Allowing to define 404 for any user or role
5
  * @since 6.0.0 Initial implementation of the templates
6
  *
7
+ * @version 6.8.0
8
+ *
9
+ */
10
  ?>
11
 
12
  <?php if (defined('AAM_KEY')) { ?>
67
 
68
  <div class="form-group 404redirect-action" id="url-404redirect-action" style="display: <?php echo ($type === 'url' ? 'block' : 'none'); ?>;">
69
  <label><?php echo __('The URL', AAM_KEY); ?></label>
70
+ <input type="text" class="form-control" name="404.redirect.url" placeholder="https://" value="<?php echo stripslashes(esc_js($this->getOption('404.redirect.url'))); ?>" />
71
  </div>
72
 
73
  <div class="form-group 404-redirect-action" id="callback-404redirect-action" style="display: <?php echo ($type === 'callback' ? 'block' : 'none'); ?>;">
74
  <label><?php echo __('PHP Callback Function', AAM_KEY); ?></label>
75
+ <input type="text" class="form-control" placeholder="Enter valid callback" name="404.redirect.callback" value="<?php echo stripslashes(esc_js($this->getOption('404.redirect.callback'))); ?>" />
76
  </div>
77
  </div>
78
  </div>
application/Backend/tmpl/service/login-redirect.php CHANGED
@@ -1,4 +1,12 @@
1
- <?php /** @version 6.0.0 */ ?>
 
 
 
 
 
 
 
 
2
 
3
  <?php if (defined('AAM_KEY')) { ?>
4
  <div class="aam-feature" id="login_redirect-content">
@@ -58,12 +66,12 @@
58
 
59
  <div class="form-group login-redirect-action" id="url-login-redirect-action" style="display: <?php echo ($type === 'url' ? 'block' : 'none'); ?>;">
60
  <label><?php echo __('The URL', AAM_KEY); ?></label>
61
- <input type="text" class="form-control" name="login.redirect.url" placeholder="https://" value="<?php echo $this->getOption('login.redirect.url'); ?>" />
62
  </div>
63
 
64
  <div class="form-group login-redirect-action" id="callback-login-redirect-action" style="display: <?php echo ($type === 'callback' ? 'block' : 'none'); ?>;">
65
  <label><?php echo __('PHP Callback Function', AAM_KEY); ?></label>
66
- <input type="text" class="form-control" placeholder="Enter valid callback" name="login.redirect.callback" value="<?php echo $this->getOption('login.redirect.callback'); ?>" />
67
  </div>
68
  </div>
69
  </div>
1
+ <?php
2
+ /**
3
+ * @since 6.8.0 https://github.com/aamplugin/advanced-access-manager/issues/195
4
+ * @since 6.0.0 Initial implementation of the templates
5
+ *
6
+ * @version 6.8.0
7
+ *
8
+ */
9
+ ?>
10
 
11
  <?php if (defined('AAM_KEY')) { ?>
12
  <div class="aam-feature" id="login_redirect-content">
66
 
67
  <div class="form-group login-redirect-action" id="url-login-redirect-action" style="display: <?php echo ($type === 'url' ? 'block' : 'none'); ?>;">
68
  <label><?php echo __('The URL', AAM_KEY); ?></label>
69
+ <input type="text" class="form-control" name="login.redirect.url" placeholder="https://" value="<?php echo stripslashes(esc_js($this->getOption('login.redirect.url'))); ?>" />
70
  </div>
71
 
72
  <div class="form-group login-redirect-action" id="callback-login-redirect-action" style="display: <?php echo ($type === 'callback' ? 'block' : 'none'); ?>;">
73
  <label><?php echo __('PHP Callback Function', AAM_KEY); ?></label>
74
+ <input type="text" class="form-control" placeholder="Enter valid callback" name="login.redirect.callback" value="<?php echo stripslashes(esc_js($this->getOption('login.redirect.callback'))); ?>" />
75
  </div>
76
  </div>
77
  </div>
application/Backend/tmpl/service/logout-redirect.php CHANGED
@@ -1,4 +1,12 @@
1
- <?php /** @version 6.0.0 */ ?>
 
 
 
 
 
 
 
 
2
 
3
  <?php if (defined('AAM_KEY')) { ?>
4
  <div class="aam-feature" id="logout_redirect-content">
@@ -58,12 +66,12 @@
58
 
59
  <div class="form-group logout-redirect-action" id="url-logout-redirect-action" style="display: <?php echo ($type === 'url' ? 'block' : 'none'); ?>;">
60
  <label><?php echo __('The URL', AAM_KEY); ?></label>
61
- <input type="text" class="form-control" name="logout.redirect.url" placeholder="https://" value="<?php echo $this->getOption('logout.redirect.url'); ?>" />
62
  </div>
63
 
64
  <div class="form-group logout-redirect-action" id="callback-logout-redirect-action" style="display: <?php echo ($type === 'callback' ? 'block' : 'none'); ?>;">
65
  <label><?php echo __('PHP Callback Function', AAM_KEY); ?></label>
66
- <input type="text" class="form-control" placeholder="Enter valid callback" name="logout.redirect.callback" value="<?php echo $this->getOption('logout.redirect.callback'); ?>" />
67
  </div>
68
  </div>
69
  </div>
1
+ <?php
2
+ /**
3
+ * @since 6.8.0 https://github.com/aamplugin/advanced-access-manager/issues/195
4
+ * @since 6.0.0 Initial implementation of the templates
5
+ *
6
+ * @version 6.8.0
7
+ *
8
+ */
9
+ ?>
10
 
11
  <?php if (defined('AAM_KEY')) { ?>
12
  <div class="aam-feature" id="logout_redirect-content">
66
 
67
  <div class="form-group logout-redirect-action" id="url-logout-redirect-action" style="display: <?php echo ($type === 'url' ? 'block' : 'none'); ?>;">
68
  <label><?php echo __('The URL', AAM_KEY); ?></label>
69
+ <input type="text" class="form-control" name="logout.redirect.url" placeholder="https://" value="<?php echo stripslashes(esc_js($this->getOption('logout.redirect.url'))); ?>" />
70
  </div>
71
 
72
  <div class="form-group logout-redirect-action" id="callback-logout-redirect-action" style="display: <?php echo ($type === 'callback' ? 'block' : 'none'); ?>;">
73
  <label><?php echo __('PHP Callback Function', AAM_KEY); ?></label>
74
+ <input type="text" class="form-control" placeholder="Enter valid callback" name="logout.redirect.callback" value="<?php echo stripslashes(esc_js($this->getOption('logout.redirect.callback'))); ?>" />
75
  </div>
76
  </div>
77
  </div>
application/Backend/tmpl/service/redirect.php CHANGED
@@ -1,4 +1,12 @@
1
- <?php /** @version 6.0.0 */ ?>
 
 
 
 
 
 
 
 
2
 
3
  <?php if (defined('AAM_KEY')) { ?>
4
  <?php $subject = AAM_Backend_Subject::getInstance(); ?>
@@ -84,12 +92,12 @@
84
 
85
  <div class="form-group aam-redirect-action frontend-redirect" id="frontend-url-action" style="display: <?php echo ($frontendType == 'url' ? 'block' : 'none'); ?>;">
86
  <label for="frontend-url"><?php echo __('The URL', AAM_KEY); ?></label>
87
- <input type="text" class="form-control" name="frontend.redirect.url" placeholder="https://" value="<?php echo $this->getOption('frontend.redirect.url'); ?>" />
88
  </div>
89
 
90
  <div class="form-group aam-redirect-action frontend-redirect" id="frontend-callback-action" style="display: <?php echo ($frontendType == 'callback' ? 'block' : 'none'); ?>;">
91
  <label for="frontend-url"><?php echo __('PHP Callback Function', AAM_KEY); ?></label>
92
- <input type="text" class="form-control" placeholder="<?php echo __('Enter valid callback', AAM_KEY); ?>" name="frontend.redirect.callback" value="<?php echo $this->getOption('frontend.redirect.callback'); ?>" />
93
  </div>
94
  </div>
95
  <div role="tabpanel" class="tab-pane" id="backend-redirect">
@@ -136,12 +144,12 @@
136
 
137
  <div class="form-group aam-redirect-action backend-redirect" id="backend-url" style="display: <?php echo ($backendType == 'url' ? 'block' : 'none'); ?>;">
138
  <label for="backend-url"><?php echo __('The URL', AAM_KEY); ?></label>
139
- <input type="text" class="form-control" placeholder="https://" name="backend.redirect.url" value="<?php echo $this->getOption('backend.redirect.url'); ?>" />
140
  </div>
141
 
142
  <div class="form-group aam-redirect-action backend-redirect" id="backend-callback-action" style="display: <?php echo ($backendType == 'callback' ? 'block' : 'none'); ?>;">
143
  <label for="frontend-url"><?php echo __('PHP Callback Function', AAM_KEY); ?></label>
144
- <input type="text" class="form-control" placeholder="<?php echo __('Enter valid callback', AAM_KEY); ?>" name="backend.redirect.callback" value="<?php echo $this->getOption('backend.redirect.callback'); ?>" />
145
  </div>
146
  </div>
147
  </div>
1
+ <?php
2
+ /**
3
+ * @since 6.8.0 https://github.com/aamplugin/advanced-access-manager/issues/195
4
+ * @since 6.0.0 Initial implementation of the templates
5
+ *
6
+ * @version 6.8.0
7
+ *
8
+ */
9
+ ?>
10
 
11
  <?php if (defined('AAM_KEY')) { ?>
12
  <?php $subject = AAM_Backend_Subject::getInstance(); ?>
92
 
93
  <div class="form-group aam-redirect-action frontend-redirect" id="frontend-url-action" style="display: <?php echo ($frontendType == 'url' ? 'block' : 'none'); ?>;">
94
  <label for="frontend-url"><?php echo __('The URL', AAM_KEY); ?></label>
95
+ <input type="text" class="form-control" name="frontend.redirect.url" placeholder="https://" value="<?php echo stripslashes(esc_js($this->getOption('frontend.redirect.url'))); ?>" />
96
  </div>
97
 
98
  <div class="form-group aam-redirect-action frontend-redirect" id="frontend-callback-action" style="display: <?php echo ($frontendType == 'callback' ? 'block' : 'none'); ?>;">
99
  <label for="frontend-url"><?php echo __('PHP Callback Function', AAM_KEY); ?></label>
100
+ <input type="text" class="form-control" placeholder="<?php echo __('Enter valid callback', AAM_KEY); ?>" name="frontend.redirect.callback" value="<?php echo stripslashes(esc_js($this->getOption('frontend.redirect.callback'))); ?>" />
101
  </div>
102
  </div>
103
  <div role="tabpanel" class="tab-pane" id="backend-redirect">
144
 
145
  <div class="form-group aam-redirect-action backend-redirect" id="backend-url" style="display: <?php echo ($backendType == 'url' ? 'block' : 'none'); ?>;">
146
  <label for="backend-url"><?php echo __('The URL', AAM_KEY); ?></label>
147
+ <input type="text" class="form-control" placeholder="https://" name="backend.redirect.url" value="<?php echo stripslashes(esc_js($this->getOption('backend.redirect.url'))); ?>" />
148
  </div>
149
 
150
  <div class="form-group aam-redirect-action backend-redirect" id="backend-callback-action" style="display: <?php echo ($backendType == 'callback' ? 'block' : 'none'); ?>;">
151
  <label for="frontend-url"><?php echo __('PHP Callback Function', AAM_KEY); ?></label>
152
+ <input type="text" class="form-control" placeholder="<?php echo __('Enter valid callback', AAM_KEY); ?>" name="backend.redirect.callback" value="<?php echo stripslashes(esc_js($this->getOption('backend.redirect.callback'))); ?>" />
153
  </div>
154
  </div>
155
  </div>
application/Migration/2121_10_15-base.php ADDED
@@ -0,0 +1,43 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+
3
+ /**
4
+ * ======================================================================
5
+ * LICENSE: This file is subject to the terms and conditions defined in *
6
+ * file 'license.txt', which is part of this source code package. *
7
+ * ======================================================================
8
+ */
9
+
10
+ namespace AAM\Migration;
11
+
12
+ use AAM_Core_Migration,
13
+ AAM_Core_Contract_MigrationInterface;
14
+
15
+ /**
16
+ * Clearing the AAM violations repository to remove corrupted data
17
+ *
18
+ * @package AAM
19
+ * @version 6.8.0
20
+ */
21
+ class Migration680 implements AAM_Core_Contract_MigrationInterface
22
+ {
23
+
24
+ /**
25
+ * @inheritdoc
26
+ *
27
+ * @version 6.8.0
28
+ */
29
+ public function run()
30
+ {
31
+ \AAM_Core_API::deleteOption(\AAM_Addon_Repository::DB_VIOLATION_OPTION);
32
+
33
+ // Finally store this script as completed
34
+ AAM_Core_Migration::storeCompletedScript(basename(__FILE__));
35
+
36
+ return array('errors' => array());
37
+ }
38
+
39
+ }
40
+
41
+ if (defined('AAM_KEY')) {
42
+ return (new Migration680())->run();
43
+ }
readme.txt CHANGED
@@ -4,7 +4,7 @@ Tags: access control, membership, backend menu, user role, restricted content, s
4
  Requires at least: 4.7.0
5
  Requires PHP: 5.6.0
6
  Tested up to: 5.8.1
7
- Stable tag: 6.7.9
8
 
9
  All you need to manage access to WordPress websites on the frontend, backend and API levels for any role, user or visitors.
10
 
@@ -91,6 +91,11 @@ We take security and privacy very seriously, that is why there are several non-n
91
 
92
  == Changelog ==
93
 
 
 
 
 
 
94
  = 6.7.9 =
95
  * Changed: Enhanced security pasture by escaping potentially harmful input from users that do not have unfiltered_html capability, reported by WordPress Plugin Review Team [https://github.com/aamplugin/advanced-access-manager/issues/192](https://github.com/aamplugin/advanced-access-manager/issues/192)
96
  * Changed: Disabling the "User Role Filter" by default for all new AAM installations [https://github.com/aamplugin/advanced-access-manager/issues/193](https://github.com/aamplugin/advanced-access-manager/issues/193)
4
  Requires at least: 4.7.0
5
  Requires PHP: 5.6.0
6
  Tested up to: 5.8.1
7
+ Stable tag: 6.8.0
8
 
9
  All you need to manage access to WordPress websites on the frontend, backend and API levels for any role, user or visitors.
10
 
91
 
92
  == Changelog ==
93
 
94
+ = 6.8.0 =
95
+ * Changed: Enhanced security pasture by escaping potentially harmful output, if information was directly modified in the DB or not escaped during storing AAM settings, reported by WordPress Plugin Review Team
96
+ * Fixed: Cleared potentially corrupted data about status of premium add-ons.
97
+ * Changed: Re-opened direct communication with the AAM developer through the Slack channel [https://aamplugin.com/support](https://aamplugin.com/support)
98
+
99
  = 6.7.9 =
100
  * Changed: Enhanced security pasture by escaping potentially harmful input from users that do not have unfiltered_html capability, reported by WordPress Plugin Review Team [https://github.com/aamplugin/advanced-access-manager/issues/192](https://github.com/aamplugin/advanced-access-manager/issues/192)
101
  * Changed: Disabling the "User Role Filter" by default for all new AAM installations [https://github.com/aamplugin/advanced-access-manager/issues/193](https://github.com/aamplugin/advanced-access-manager/issues/193)