Version Description
- Security fix : Certain capabilities could be granted to users instead of being denied with a change introduced in version 1.4.5. Roles with negated capabilities would effectively grant these capabilities to the user.
Download this release
Release Info
| Developer | itthinx |
| Plugin |  Groups |
| Version | 1.4.6 |
| Comparing to | |
| See all releases | |
Code changes from version 1.4.5 to 1.4.6
- groups.php +2 -2
- lib/core/class-groups-user.php +1 -1
- readme.txt +7 -1
groups.php
CHANGED
|
@@ -21,13 +21,13 @@
|
|
| 21 |
* Plugin Name: Groups
|
| 22 |
* Plugin URI: http://www.itthinx.com/plugins/groups
|
| 23 |
* Description: Groups provides group-based user membership management, group-based capabilities and content access control.
|
| 24 |
-
* Version: 1.4.
|
| 25 |
* Author: itthinx
|
| 26 |
* Author URI: http://www.itthinx.com
|
| 27 |
* Donate-Link: http://www.itthinx.com
|
| 28 |
* License: GPLv3
|
| 29 |
*/
|
| 30 |
-
define( 'GROUPS_CORE_VERSION', '1.4.
|
| 31 |
define( 'GROUPS_FILE', __FILE__ );
|
| 32 |
if ( !defined( 'GROUPS_CORE_DIR' ) ) {
|
| 33 |
define( 'GROUPS_CORE_DIR', WP_PLUGIN_DIR . '/groups' );
|
| 21 |
* Plugin Name: Groups
|
| 22 |
* Plugin URI: http://www.itthinx.com/plugins/groups
|
| 23 |
* Description: Groups provides group-based user membership management, group-based capabilities and content access control.
|
| 24 |
+
* Version: 1.4.6
|
| 25 |
* Author: itthinx
|
| 26 |
* Author URI: http://www.itthinx.com
|
| 27 |
* Donate-Link: http://www.itthinx.com
|
| 28 |
* License: GPLv3
|
| 29 |
*/
|
| 30 |
+
define( 'GROUPS_CORE_VERSION', '1.4.6' );
|
| 31 |
define( 'GROUPS_FILE', __FILE__ );
|
| 32 |
if ( !defined( 'GROUPS_CORE_DIR' ) ) {
|
| 33 |
define( 'GROUPS_CORE_DIR', WP_PLUGIN_DIR . '/groups' );
|
lib/core/class-groups-user.php
CHANGED
|
@@ -300,7 +300,7 @@ class Groups_User implements I_Capable {
|
|
| 300 |
if ( !empty( $role_caps ) && is_array( $role_caps ) ) {
|
| 301 |
$caps = array();
|
| 302 |
foreach( $role_caps as $role_cap => $has ) {
|
| 303 |
-
if ( !in_array( $role_cap, $capabilities ) ) {
|
| 304 |
$caps[] = "'" . $role_cap . "'";
|
| 305 |
}
|
| 306 |
}
|
| 300 |
if ( !empty( $role_caps ) && is_array( $role_caps ) ) {
|
| 301 |
$caps = array();
|
| 302 |
foreach( $role_caps as $role_cap => $has ) {
|
| 303 |
+
if ( $has && !in_array( $role_cap, $capabilities ) ) {
|
| 304 |
$caps[] = "'" . $role_cap . "'";
|
| 305 |
}
|
| 306 |
}
|
readme.txt
CHANGED
|
@@ -4,7 +4,7 @@ Donate link: http://www.itthinx.com/plugins/groups
|
|
| 4 |
Tags: access, access control, capability, capabilities, content, download, downloads, file, file access, files, group, groups, member, members, membership, memberships, paypal, permission, permissions, subscription, subscriptions, woocommerce
|
| 5 |
Requires at least: 3.5
|
| 6 |
Tested up to: 3.8
|
| 7 |
-
Stable tag: 1.4.
|
| 8 |
License: GPLv3
|
| 9 |
|
| 10 |
Groups is an efficient and powerful solution, providing group-based user membership management, group-based capabilities and content access control.
|
|
@@ -177,6 +177,9 @@ See also [Groups](http://www.itthinx.com/plugins/groups/)
|
|
| 177 |
|
| 178 |
== Changelog ==
|
| 179 |
|
|
|
|
|
|
|
|
|
|
| 180 |
= 1.4.5 =
|
| 181 |
* Using a WordPress API function get_post_type_capabilities() instead of semi-hardcoded capabilities for access restriction checks (affects CPTs).
|
| 182 |
* Changed: Taking role-based capabilities into account when creating cache entries for the Groups_User object. The new groups_user_add_role_capabilities filter allows to modify this new behaviour by returning false.
|
|
@@ -364,6 +367,9 @@ Some installations wouldn't work correctly, showing no capabilities and making i
|
|
| 364 |
|
| 365 |
== Upgrade Notice ==
|
| 366 |
|
|
|
|
|
|
|
|
|
|
| 367 |
= 1.4.5 =
|
| 368 |
* Fixed incompatible access restriction checks on some custom post types. Taking role-based capabilities into account.
|
| 369 |
|
| 4 |
Tags: access, access control, capability, capabilities, content, download, downloads, file, file access, files, group, groups, member, members, membership, memberships, paypal, permission, permissions, subscription, subscriptions, woocommerce
|
| 5 |
Requires at least: 3.5
|
| 6 |
Tested up to: 3.8
|
| 7 |
+
Stable tag: 1.4.6
|
| 8 |
License: GPLv3
|
| 9 |
|
| 10 |
Groups is an efficient and powerful solution, providing group-based user membership management, group-based capabilities and content access control.
|
| 177 |
|
| 178 |
== Changelog ==
|
| 179 |
|
| 180 |
+
= 1.4.6 =
|
| 181 |
+
* Security fix : Certain capabilities could be granted to users instead of being denied with a change introduced in version 1.4.5. Roles with negated capabilities would effectively grant these capabilities to the user.
|
| 182 |
+
|
| 183 |
= 1.4.5 =
|
| 184 |
* Using a WordPress API function get_post_type_capabilities() instead of semi-hardcoded capabilities for access restriction checks (affects CPTs).
|
| 185 |
* Changed: Taking role-based capabilities into account when creating cache entries for the Groups_User object. The new groups_user_add_role_capabilities filter allows to modify this new behaviour by returning false.
|
| 367 |
|
| 368 |
== Upgrade Notice ==
|
| 369 |
|
| 370 |
+
= 1.4.6 =
|
| 371 |
+
* Security fix : Certain capabilities could be granted to users instead of being denied with a change introduced in version 1.4.5.
|
| 372 |
+
|
| 373 |
= 1.4.5 =
|
| 374 |
* Fixed incompatible access restriction checks on some custom post types. Taking role-based capabilities into account.
|
| 375 |
|
