Version Description
(October 2017) =
- Check that a user is allowed to edit pages/posts when making AJAX call, making sure users with subscribers role can't move pages.
Download this release
Release Info
| Developer | eskapism |
| Plugin |  CMS Tree Page View |
| Version | 1.4 |
| Comparing to | |
| See all releases | |
Code changes from version 1.3.4 to 1.4
- functions.php +13 -8
- index.php +2 -2
- readme.txt +6 -2
functions.php
CHANGED
|
@@ -1305,9 +1305,9 @@ function cms_tpv_get_pages($args = null) {
|
|
| 1305 |
// only run if wpml is available or always?
|
| 1306 |
// Note: get_pages filter uses orderby comma separated and with the key sort_column
|
| 1307 |
$get_posts_args["sort_column"] = str_replace(" ", ", ", $get_posts_args["orderby"]);
|
| 1308 |
-
|
| 1309 |
// We only fetch ids above, but if we run the get_pages filter we need to send pages as object
|
| 1310 |
-
|
| 1311 |
$pages_as_objects = array();
|
| 1312 |
|
| 1313 |
foreach ($pages as $page_id) {
|
|
@@ -1736,9 +1736,6 @@ function cms_tpv_move_page() {
|
|
| 1736 |
|
| 1737 |
global $wpdb;
|
| 1738 |
|
| 1739 |
-
//if ( !current_user_can( CMS_TPV_MOVE_PERMISSION ) )
|
| 1740 |
-
// die("Error: you dont have permission");
|
| 1741 |
-
|
| 1742 |
$node_id = $_POST["node_id"]; // the node that was moved
|
| 1743 |
$ref_node_id = $_POST["ref_node_id"];
|
| 1744 |
$type = $_POST["type"];
|
|
@@ -1749,12 +1746,20 @@ function cms_tpv_move_page() {
|
|
| 1749 |
$_POST["skip_sitepress_actions"] = true; // sitepress.class.php->save_post_actions
|
| 1750 |
|
| 1751 |
if ($node_id && $ref_node_id) {
|
| 1752 |
-
#echo "\nnode_id: $node_id";
|
| 1753 |
-
#echo "\ntype: $type";
|
| 1754 |
-
|
| 1755 |
$post_node = get_post($node_id);
|
| 1756 |
$post_ref_node = get_post($ref_node_id);
|
| 1757 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1758 |
// first check that post_node (moved post) is not in trash. we do not move them
|
| 1759 |
if ($post_node->post_status == "trash") {
|
| 1760 |
exit;
|
| 1305 |
// only run if wpml is available or always?
|
| 1306 |
// Note: get_pages filter uses orderby comma separated and with the key sort_column
|
| 1307 |
$get_posts_args["sort_column"] = str_replace(" ", ", ", $get_posts_args["orderby"]);
|
| 1308 |
+
|
| 1309 |
// We only fetch ids above, but if we run the get_pages filter we need to send pages as object
|
| 1310 |
+
|
| 1311 |
$pages_as_objects = array();
|
| 1312 |
|
| 1313 |
foreach ($pages as $page_id) {
|
| 1736 |
|
| 1737 |
global $wpdb;
|
| 1738 |
|
|
|
|
|
|
|
|
|
|
| 1739 |
$node_id = $_POST["node_id"]; // the node that was moved
|
| 1740 |
$ref_node_id = $_POST["ref_node_id"];
|
| 1741 |
$type = $_POST["type"];
|
| 1746 |
$_POST["skip_sitepress_actions"] = true; // sitepress.class.php->save_post_actions
|
| 1747 |
|
| 1748 |
if ($node_id && $ref_node_id) {
|
|
|
|
|
|
|
|
|
|
| 1749 |
$post_node = get_post($node_id);
|
| 1750 |
$post_ref_node = get_post($ref_node_id);
|
| 1751 |
|
| 1752 |
+
$post_node_post_type_object = get_post_type_object($post_node->post_type);
|
| 1753 |
+
$post_ref_node_post_type_object = get_post_type_object($post_ref_node->post_type);
|
| 1754 |
+
|
| 1755 |
+
$user_can_edit_post_node_post = apply_filters("cms_tree_page_view_post_can_edit", current_user_can( $post_node_post_type_object->cap->edit_post, $node_id), $node_id);
|
| 1756 |
+
$user_can_edit_post_ref_node_post = apply_filters("cms_tree_page_view_post_can_edit", current_user_can( $post_ref_node_post_type_object->cap->edit_post, $ref_node_id), $ref_node_id);
|
| 1757 |
+
|
| 1758 |
+
// Check that user is allowed to edit both pages thare are to be moved
|
| 1759 |
+
if (!$user_can_edit_post_node_post || !$user_can_edit_post_ref_node_post) {
|
| 1760 |
+
exit;
|
| 1761 |
+
}
|
| 1762 |
+
|
| 1763 |
// first check that post_node (moved post) is not in trash. we do not move them
|
| 1764 |
if ($post_node->post_status == "trash") {
|
| 1765 |
exit;
|
index.php
CHANGED
|
@@ -5,7 +5,7 @@ Plugin URI: http://eskapism.se/code-playground/cms-tree-page-view/
|
|
| 5 |
Description: Adds a CMS-like tree view of all your pages, like the view often found in a page-focused CMS. Use the tree view to edit, view, add pages and search pages (very useful if you have many pages). And with drag and drop you can rearrange the order of your pages. Page management won't get any easier than this!
|
| 6 |
Text Domain: cms-tree-page-view
|
| 7 |
Domain Path: /languages/
|
| 8 |
-
Version: 1.
|
| 9 |
Author: Pär Thernström
|
| 10 |
Author URI: http://eskapism.se/
|
| 11 |
License: GPL2
|
|
@@ -29,7 +29,7 @@ License: GPL2
|
|
| 29 |
|
| 30 |
#require("functions.php");
|
| 31 |
|
| 32 |
-
define( "CMS_TPV_VERSION", "1.
|
| 33 |
define( "CMS_TPV_NAME", "CMS Tree Page View");
|
| 34 |
|
| 35 |
require(dirname(__FILE__) . "/functions.php");
|
| 5 |
Description: Adds a CMS-like tree view of all your pages, like the view often found in a page-focused CMS. Use the tree view to edit, view, add pages and search pages (very useful if you have many pages). And with drag and drop you can rearrange the order of your pages. Page management won't get any easier than this!
|
| 6 |
Text Domain: cms-tree-page-view
|
| 7 |
Domain Path: /languages/
|
| 8 |
+
Version: 1.4
|
| 9 |
Author: Pär Thernström
|
| 10 |
Author URI: http://eskapism.se/
|
| 11 |
License: GPL2
|
| 29 |
|
| 30 |
#require("functions.php");
|
| 31 |
|
| 32 |
+
define( "CMS_TPV_VERSION", "1.4");
|
| 33 |
define( "CMS_TPV_NAME", "CMS Tree Page View");
|
| 34 |
|
| 35 |
require(dirname(__FILE__) . "/functions.php");
|
readme.txt
CHANGED
|
@@ -4,8 +4,8 @@ Donate link: http://eskapism.se/sida/donate/
|
|
| 4 |
Tags: page, pages, posts, custom posts, tree, cms, dashboard, overview, drag-and-drop, rearrange, management, manage, admin
|
| 5 |
Text Domain: cms-tree-page-view
|
| 6 |
Requires at least: 3.8
|
| 7 |
-
Tested up to: 4.
|
| 8 |
-
Stable tag: 1.
|
| 9 |
|
| 10 |
Adds a tree view of all pages & custom posts. Get a great overview + options to drag & drop to reorder & option to add multiple pages.
|
| 11 |
|
|
@@ -117,6 +117,10 @@ Now the tree with the pages will be visible both on the dashboard and in the men
|
|
| 117 |
|
| 118 |
== Changelog ==
|
| 119 |
|
|
|
|
|
|
|
|
|
|
|
|
|
| 120 |
= 1.3.4 (June 2016) =
|
| 121 |
|
| 122 |
- Update Finnish translation files. Thanks translator!
|
| 4 |
Tags: page, pages, posts, custom posts, tree, cms, dashboard, overview, drag-and-drop, rearrange, management, manage, admin
|
| 5 |
Text Domain: cms-tree-page-view
|
| 6 |
Requires at least: 3.8
|
| 7 |
+
Tested up to: 4.8
|
| 8 |
+
Stable tag: 1.4
|
| 9 |
|
| 10 |
Adds a tree view of all pages & custom posts. Get a great overview + options to drag & drop to reorder & option to add multiple pages.
|
| 11 |
|
| 117 |
|
| 118 |
== Changelog ==
|
| 119 |
|
| 120 |
+
= 1.4 (October 2017) =
|
| 121 |
+
|
| 122 |
+
- Check that a user is allowed to edit pages/posts when making AJAX call, making sure users with subscribers role can't move pages.
|
| 123 |
+
|
| 124 |
= 1.3.4 (June 2016) =
|
| 125 |
|
| 126 |
- Update Finnish translation files. Thanks translator!
|
