Version Description
- Functionality change: Check user's role on a site in multisite before granting permission.
- Feature: Alter or restore previous user permission checking with the
restricted_site_access_user_can_access
filter. - Avoid a fatal due to differing parameter counts for the
restricted_site_access_is_restricted
filter.
Download this release
Release Info
Developer | helen |
Plugin | Restricted Site Access |
Version | 6.2.0 |
Comparing to | |
See all releases |
Code changes from version 6.1.0 to 6.2.0
- readme.txt +24 -0
- restricted_site_access.php +67 -11
readme.txt
CHANGED
@@ -65,6 +65,22 @@ Restricted Site Access is not meant to be a top secret data safe, but simply a r
|
|
65 |
|
66 |
Page caching plugins often hook into WordPress to quickly serve the last cached output of a page before we can check to see if a visitor’s access should be restricted. Not all page caching plugins behave the same way, but several solutions - including external solutions we might not detect - can cause restricted pages to be publicly served regardless of your settings.
|
67 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
68 |
== Screenshots ==
|
69 |
|
70 |
1. Screenshot of settings panel with simple Restricted Site Access option (send to login page).
|
@@ -73,6 +89,11 @@ Page caching plugins often hook into WordPress to quickly serve the last cached
|
|
73 |
|
74 |
== Changelog ==
|
75 |
|
|
|
|
|
|
|
|
|
|
|
76 |
= 6.1.0 =
|
77 |
* Correct a PHP notice when running PHP >= 7.1.
|
78 |
* Refactor logic for checking ip address is in masked ip range.
|
@@ -167,5 +188,8 @@ This update improves performance, refines the user interface, and adds support f
|
|
167 |
|
168 |
== Upgrade Notice ==
|
169 |
|
|
|
|
|
|
|
170 |
= 6.1.0 =
|
171 |
* Important: version 6.1 improves testing visitors for allowed IP addresses ("Unrestricted IP addresses"). We recommend testing IP based restrictions after updating.
|
65 |
|
66 |
Page caching plugins often hook into WordPress to quickly serve the last cached output of a page before we can check to see if a visitor’s access should be restricted. Not all page caching plugins behave the same way, but several solutions - including external solutions we might not detect - can cause restricted pages to be publicly served regardless of your settings.
|
67 |
|
68 |
+
= Why can't logged-in users see all the sites on my multisite instance? =
|
69 |
+
|
70 |
+
In 6.2.0, the behavior in a multisite install changed from allowing any logged-in user to see a site to checking their role for that specific site. This is a safer default given the varying ways multisite is used; however, if you would prefer to rely on the previous behavior rather than explicitly adding users to each site, place the following PHP code in the theme's functions.php file or in a simple plug-in:
|
71 |
+
|
72 |
+
`
|
73 |
+
add_filter( 'restricted_site_access_user_can_access', 'my_rsa_user_can_access' );
|
74 |
+
|
75 |
+
function my_rsa_user_can_access( $access ) {
|
76 |
+
if ( is_user_logged_in() ) {
|
77 |
+
return true;
|
78 |
+
}
|
79 |
+
|
80 |
+
return $access;
|
81 |
+
}
|
82 |
+
`
|
83 |
+
|
84 |
== Screenshots ==
|
85 |
|
86 |
1. Screenshot of settings panel with simple Restricted Site Access option (send to login page).
|
89 |
|
90 |
== Changelog ==
|
91 |
|
92 |
+
= 6.2.0 =
|
93 |
+
* **Functionality change:** Check user's role on a site in multisite before granting permission.
|
94 |
+
* Feature: Alter or restore previous user permission checking with the `restricted_site_access_user_can_access` filter.
|
95 |
+
* Avoid a fatal due to differing parameter counts for the `restricted_site_access_is_restricted` filter.
|
96 |
+
|
97 |
= 6.1.0 =
|
98 |
* Correct a PHP notice when running PHP >= 7.1.
|
99 |
* Refactor logic for checking ip address is in masked ip range.
|
188 |
|
189 |
== Upgrade Notice ==
|
190 |
|
191 |
+
= 6.2.0 =
|
192 |
+
IMPORTANT MULTISITE FUNCTIONALITY CHANGE: User access is now checked against their role on a given site in multisite. To restore previous behavior, use the new restricted_site_access_user_can_access filter.
|
193 |
+
|
194 |
= 6.1.0 =
|
195 |
* Important: version 6.1 improves testing visitors for allowed IP addresses ("Unrestricted IP addresses"). We recommend testing IP based restrictions after updating.
|
restricted_site_access.php
CHANGED
@@ -3,13 +3,13 @@
|
|
3 |
* Plugin Name: Restricted Site Access
|
4 |
* Plugin URI: http://10up.com/plugins/restricted-site-access-wordpress/
|
5 |
* Description: <strong>Limit access your site</strong> to visitors who are logged in or accessing the site from a set of specific IP addresses. Send restricted visitors to the log in page, redirect them, or display a message or page. <strong>Powerful control over redirection</strong>, including <strong>SEO friendly redirect headers</strong>. Great solution for Extranets, publicly hosted Intranets, or parallel development sites.
|
6 |
-
* Version: 6.
|
7 |
* Author: Jake Goldman, 10up, Oomph
|
8 |
* Author URI: http://10up.com
|
9 |
* License: GPLv2 or later
|
10 |
*/
|
11 |
|
12 |
-
define( 'RSA_VERSION', '6.
|
13 |
|
14 |
class Restricted_Site_Access {
|
15 |
|
@@ -188,12 +188,9 @@ class Restricted_Site_Access {
|
|
188 |
}
|
189 |
|
190 |
/**
|
191 |
-
* Determine
|
192 |
-
*
|
193 |
-
* @param array $wp WordPress request
|
194 |
*/
|
195 |
-
|
196 |
-
self::$rsa_options = self::get_options();
|
197 |
$mode = self::get_network_mode();
|
198 |
|
199 |
if ( RSA_IS_NETWORK ) {
|
@@ -205,11 +202,69 @@ class Restricted_Site_Access {
|
|
205 |
$blog_public = get_option( 'blog_public', 2 );
|
206 |
|
207 |
//If rsa_mode==enforce we override the rsa_options
|
208 |
-
if( RSA_IS_NETWORK && 'enforce' === $mode ) {
|
209 |
$blog_public = get_site_option( 'blog_public', 2 );
|
210 |
}
|
211 |
|
212 |
-
$
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
213 |
if ( apply_filters( 'restricted_site_access_is_restricted', $is_restricted, $wp ) === false ) {
|
214 |
return;
|
215 |
}
|
@@ -629,8 +684,9 @@ class Restricted_Site_Access {
|
|
629 |
* Add a new choice to the privacy selector
|
630 |
*/
|
631 |
public static function blog_privacy_selector() {
|
632 |
-
$
|
633 |
-
$is_restricted =
|
|
|
634 |
?>
|
635 |
<p>
|
636 |
<input id="blog-restricted" type="radio" name="blog_public" value="2" <?php checked( $is_restricted ); ?> />
|
3 |
* Plugin Name: Restricted Site Access
|
4 |
* Plugin URI: http://10up.com/plugins/restricted-site-access-wordpress/
|
5 |
* Description: <strong>Limit access your site</strong> to visitors who are logged in or accessing the site from a set of specific IP addresses. Send restricted visitors to the log in page, redirect them, or display a message or page. <strong>Powerful control over redirection</strong>, including <strong>SEO friendly redirect headers</strong>. Great solution for Extranets, publicly hosted Intranets, or parallel development sites.
|
6 |
+
* Version: 6.2.0
|
7 |
* Author: Jake Goldman, 10up, Oomph
|
8 |
* Author URI: http://10up.com
|
9 |
* License: GPLv2 or later
|
10 |
*/
|
11 |
|
12 |
+
define( 'RSA_VERSION', '6.2.0' );
|
13 |
|
14 |
class Restricted_Site_Access {
|
15 |
|
188 |
}
|
189 |
|
190 |
/**
|
191 |
+
* Determine if site should be restricted
|
|
|
|
|
192 |
*/
|
193 |
+
protected static function is_restricted() {
|
|
|
194 |
$mode = self::get_network_mode();
|
195 |
|
196 |
if ( RSA_IS_NETWORK ) {
|
202 |
$blog_public = get_option( 'blog_public', 2 );
|
203 |
|
204 |
//If rsa_mode==enforce we override the rsa_options
|
205 |
+
if ( RSA_IS_NETWORK && 'enforce' === $mode ) {
|
206 |
$blog_public = get_site_option( 'blog_public', 2 );
|
207 |
}
|
208 |
|
209 |
+
$user_check = self::user_can_access();
|
210 |
+
|
211 |
+
$checks = is_admin() || $user_check || 2 !== (int) $blog_public || ( defined( 'WP_INSTALLING' ) && isset( $_GET['key'] ) );
|
212 |
+
|
213 |
+
return ! $checks;
|
214 |
+
}
|
215 |
+
|
216 |
+
/**
|
217 |
+
* Check if current user has access.
|
218 |
+
*
|
219 |
+
* Can be short-circuited using the `restricted_site_access_user_can_access` filter
|
220 |
+
* to return a value other than null (boolean recommended).
|
221 |
+
*
|
222 |
+
* @return bool Whether the user has access
|
223 |
+
*/
|
224 |
+
protected static function user_can_access() {
|
225 |
+
/**
|
226 |
+
* Filters whether the user can access the site before any other checks.
|
227 |
+
*
|
228 |
+
* Returning a non-null value will short-circuit the function
|
229 |
+
* and return that value instead.
|
230 |
+
*
|
231 |
+
* @param null|bool $access Whether the user can access the site.
|
232 |
+
*/
|
233 |
+
$access = apply_filters( 'restricted_site_access_user_can_access', null );
|
234 |
+
|
235 |
+
if ( null !== $access ) {
|
236 |
+
return $access;
|
237 |
+
}
|
238 |
+
|
239 |
+
if ( ! is_user_logged_in() ) {
|
240 |
+
return false;
|
241 |
+
}
|
242 |
+
|
243 |
+
if ( is_multisite() ) {
|
244 |
+
$user_id = get_current_user_id();
|
245 |
+
|
246 |
+
if ( is_super_admin( $user_id ) ) {
|
247 |
+
return true;
|
248 |
+
}
|
249 |
+
|
250 |
+
if ( is_user_member_of_blog( $user_id ) && current_user_can( 'read' ) ) {
|
251 |
+
return true;
|
252 |
+
}
|
253 |
+
}
|
254 |
+
|
255 |
+
return false;
|
256 |
+
}
|
257 |
+
|
258 |
+
/**
|
259 |
+
* Determine whether page should be restricted at point of request
|
260 |
+
*
|
261 |
+
* @param array $wp WordPress request
|
262 |
+
*/
|
263 |
+
public static function restrict_access( $wp ) {
|
264 |
+
self::$rsa_options = self::get_options();
|
265 |
+
$is_restricted = self::is_restricted();
|
266 |
+
|
267 |
+
// Check to see if it's _not_ restricted
|
268 |
if ( apply_filters( 'restricted_site_access_is_restricted', $is_restricted, $wp ) === false ) {
|
269 |
return;
|
270 |
}
|
684 |
* Add a new choice to the privacy selector
|
685 |
*/
|
686 |
public static function blog_privacy_selector() {
|
687 |
+
global $wp;
|
688 |
+
$is_restricted = ( 2 == get_option( 'blog_public' ) );
|
689 |
+
$is_restricted = apply_filters( 'restricted_site_access_is_restricted', $is_restricted, $wp );
|
690 |
?>
|
691 |
<p>
|
692 |
<input id="blog-restricted" type="radio" name="blog_public" value="2" <?php checked( $is_restricted ); ?> />
|