Restricted Site Access - Version 6.2.0

Version Description

Functionality change: Check user's role on a site in multisite before granting permission.
Feature: Alter or restore previous user permission checking with the restricted_site_access_user_can_access filter.
Avoid a fatal due to differing parameter counts for the restricted_site_access_is_restricted filter.

Release Info

Developer	helen
Plugin	Restricted Site Access
Version	6.2.0
Comparing to
See all releases

Code changes from version 6.1.0 to 6.2.0

Files changed (2) hide show

readme.txt +24 -0
restricted_site_access.php +67 -11

readme.txt CHANGED Viewed

	@@ -65,6 +65,22 @@ Restricted Site Access is not meant to be a top secret data safe, but simply a r
65
66	Page caching plugins often hook into WordPress to quickly serve the last cached output of a page before we can check to see if a visitor’s access should be restricted. Not all page caching plugins behave the same way, but several solutions - including external solutions we might not detect - can cause restricted pages to be publicly served regardless of your settings.
67
















68	== Screenshots ==
69
70	1. Screenshot of settings panel with simple Restricted Site Access option (send to login page).
	@@ -73,6 +89,11 @@ Page caching plugins often hook into WordPress to quickly serve the last cached
73
74	== Changelog ==
75





76	= 6.1.0 =
77	* Correct a PHP notice when running PHP >= 7.1.
78	* Refactor logic for checking ip address is in masked ip range.
	@@ -167,5 +188,8 @@ This update improves performance, refines the user interface, and adds support f
167
168	== Upgrade Notice ==
169



170	= 6.1.0 =
171	* Important: version 6.1 improves testing visitors for allowed IP addresses ("Unrestricted IP addresses"). We recommend testing IP based restrictions after updating.


65
66	Page caching plugins often hook into WordPress to quickly serve the last cached output of a page before we can check to see if a visitor’s access should be restricted. Not all page caching plugins behave the same way, but several solutions - including external solutions we might not detect - can cause restricted pages to be publicly served regardless of your settings.
67
68	+ = Why can't logged-in users see all the sites on my multisite instance? =
69	+
70	+ In 6.2.0, the behavior in a multisite install changed from allowing any logged-in user to see a site to checking their role for that specific site. This is a safer default given the varying ways multisite is used; however, if you would prefer to rely on the previous behavior rather than explicitly adding users to each site, place the following PHP code in the theme's functions.php file or in a simple plug-in:
71	+
72	+ `
73	+ add_filter( 'restricted_site_access_user_can_access', 'my_rsa_user_can_access' );
74	+
75	+ function my_rsa_user_can_access( $access ) {
76	+ if ( is_user_logged_in() ) {
77	+ return true;
78	+ }
79	+
80	+ return $access;
81	+ }
82	+ `
83	+
84	== Screenshots ==
85
86	1. Screenshot of settings panel with simple Restricted Site Access option (send to login page).

89
90	== Changelog ==
91
92	+ = 6.2.0 =
93	+ * Functionality change: Check user's role on a site in multisite before granting permission.
94	+ * Feature: Alter or restore previous user permission checking with the `restricted_site_access_user_can_access` filter.
95	+ * Avoid a fatal due to differing parameter counts for the `restricted_site_access_is_restricted` filter.
96	+
97	= 6.1.0 =
98	* Correct a PHP notice when running PHP >= 7.1.
99	* Refactor logic for checking ip address is in masked ip range.

188
189	== Upgrade Notice ==
190
191	+ = 6.2.0 =
192	+ IMPORTANT MULTISITE FUNCTIONALITY CHANGE: User access is now checked against their role on a given site in multisite. To restore previous behavior, use the new restricted_site_access_user_can_access filter.
193	+
194	= 6.1.0 =
195	* Important: version 6.1 improves testing visitors for allowed IP addresses ("Unrestricted IP addresses"). We recommend testing IP based restrictions after updating.

restricted_site_access.php CHANGED Viewed

@@ -3,13 +3,13 @@
              * Plugin Name: Restricted Site Access
              * Plugin URI: http://10up.com/plugins/restricted-site-access-wordpress/
              * Description: <strong>Limit access your site</strong> to visitors who are logged in or accessing the site from a set of specific IP addresses. Send restricted visitors to the log in page, redirect them, or display a message or page. <strong>Powerful control over redirection</strong>, including <strong>SEO friendly redirect headers</strong>. Great solution for Extranets, publicly hosted Intranets, or parallel development sites.
-            -
             * Version: 6.1.0
              * Author: Jake Goldman, 10up, Oomph
              * Author URI: http://10up.com
              * License: GPLv2 or later
              */
-            -
            define( 'RSA_VERSION', '6.1.0' );
             class Restricted_Site_Access {
@@ -188,12 +188,9 @@ class Restricted_Site_Access {
+            	}
             	/**
-            -
            	 * Determine whether page should be restricted at point of request
-            -
            	 *
-            -
            	 * @param array $wp WordPress request
             	 */
-            -
            	public static function restrict_access( $wp ) {
-            -
            		self::$rsa_options = self::get_options();
             		$mode = self::get_network_mode();
             		if ( RSA_IS_NETWORK ) {
@@ -205,11 +202,69 @@ class Restricted_Site_Access {
             		$blog_public = get_option( 'blog_public', 2 );
             		//If rsa_mode==enforce we override the rsa_options
-            -
            		if( RSA_IS_NETWORK && 'enforce' === $mode ) {
             			$blog_public = get_site_option( 'blog_public', 2 );
+            		}
-            -
            		$is_restricted = !( is_admin() || is_user_logged_in() || 2 != $blog_public || ( defined( 'WP_INSTALLING' ) && isset( $_GET['key'] ) ) );
             		if ( apply_filters( 'restricted_site_access_is_restricted', $is_restricted, $wp ) === false ) {
             			return;
+            		}
@@ -629,8 +684,9 @@ class Restricted_Site_Access {
             	 * Add a new choice to the privacy selector
             	 */
             	public static function blog_privacy_selector() {
-            -
            		$is_restricted = ( 2 == get_option( 'blog_public' ));
-            -
            		$is_restricted = apply_filters( 'restricted_site_access_is_restricted', $is_restricted );
             	?>
             		<p>
             			<input id="blog-restricted" type="radio" name="blog_public" value="2" <?php checked( $is_restricted ); ?> />


3	* Plugin Name: Restricted Site Access
4	* Plugin URI: http://10up.com/plugins/restricted-site-access-wordpress/
5	* Description: <strong>Limit access your site</strong> to visitors who are logged in or accessing the site from a set of specific IP addresses. Send restricted visitors to the log in page, redirect them, or display a message or page. <strong>Powerful control over redirection</strong>, including <strong>SEO friendly redirect headers</strong>. Great solution for Extranets, publicly hosted Intranets, or parallel development sites.
6	+ * Version: 6.2.0
7	* Author: Jake Goldman, 10up, Oomph
8	* Author URI: http://10up.com
9	* License: GPLv2 or later
10	*/
11
12	+ define( 'RSA_VERSION', '6.2.0' );
13
14	class Restricted_Site_Access {
15

188	}
189
190	/**
191	+ * Determine if site should be restricted


192	*/
193	+ protected static function is_restricted() {

194	$mode = self::get_network_mode();
195
196	if ( RSA_IS_NETWORK ) {

202	$blog_public = get_option( 'blog_public', 2 );
203
204	//If rsa_mode==enforce we override the rsa_options
205	+ if ( RSA_IS_NETWORK && 'enforce' === $mode ) {
206	$blog_public = get_site_option( 'blog_public', 2 );
207	}
208
209	+ $user_check = self::user_can_access();
210	+
211	+ $checks = is_admin() \|\| $user_check \|\| 2 !== (int) $blog_public \|\| ( defined( 'WP_INSTALLING' ) && isset( $_GET['key'] ) );
212	+
213	+ return ! $checks;
214	+ }
215	+
216	+ /**
217	+ * Check if current user has access.
218	+ *
219	+ * Can be short-circuited using the `restricted_site_access_user_can_access` filter
220	+ * to return a value other than null (boolean recommended).
221	+ *
222	+ * @return bool Whether the user has access
223	+ */
224	+ protected static function user_can_access() {
225	+ /**
226	+ * Filters whether the user can access the site before any other checks.
227	+ *
228	+ * Returning a non-null value will short-circuit the function
229	+ * and return that value instead.
230	+ *
231	+ * @param null\|bool $access Whether the user can access the site.
232	+ */
233	+ $access = apply_filters( 'restricted_site_access_user_can_access', null );
234	+
235	+ if ( null !== $access ) {
236	+ return $access;
237	+ }
238	+
239	+ if ( ! is_user_logged_in() ) {
240	+ return false;
241	+ }
242	+
243	+ if ( is_multisite() ) {
244	+ $user_id = get_current_user_id();
245	+
246	+ if ( is_super_admin( $user_id ) ) {
247	+ return true;
248	+ }
249	+
250	+ if ( is_user_member_of_blog( $user_id ) && current_user_can( 'read' ) ) {
251	+ return true;
252	+ }
253	+ }
254	+
255	+ return false;
256	+ }
257	+
258	+ /**
259	+ * Determine whether page should be restricted at point of request
260	+ *
261	+ * @param array $wp WordPress request
262	+ */
263	+ public static function restrict_access( $wp ) {
264	+ self::$rsa_options = self::get_options();
265	+ $is_restricted = self::is_restricted();
266	+
267	+ // Check to see if it's _not_ restricted
268	if ( apply_filters( 'restricted_site_access_is_restricted', $is_restricted, $wp ) === false ) {
269	return;
270	}

684	* Add a new choice to the privacy selector
685	*/
686	public static function blog_privacy_selector() {
687	+ global $wp;
688	+ $is_restricted = ( 2 == get_option( 'blog_public' ) );
689	+ $is_restricted = apply_filters( 'restricted_site_access_is_restricted', $is_restricted, $wp );
690	?>
691	<p>
692	<input id="blog-restricted" type="radio" name="blog_public" value="2" <?php checked( $is_restricted ); ?> />