Skip to content

Commit

Permalink
Merge pull request #1188 from publishpress/release-4.0.31
Browse files Browse the repository at this point in the history 
Release 4.0.31
  • Loading branch information
@agapetry
agapetry authored Oct 8, 2024
2 parents 2633bb1 + 963447f commit e2b3bad
Show file tree
Hide file tree
Showing 24 changed files with 615 additions and 511 deletions.
40 changes: 20 additions & 20 deletions classes/PressShack/LibWP.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -277,35 +277,35 @@ public static function sanitizeKey( $key ) {

public static function empty_REQUEST($var = false) {
if (false === $var) {
// phpcs:ignore WordPress.Security.NonceVerification.Recommended, WordPress.Security.NonceVerification.Missing
// phpcs:ignore WordPress.Security.NonceVerification.Recommended
return empty($_REQUEST);
} else {
// phpcs:ignore WordPress.Security.NonceVerification.Recommended, WordPress.Security.NonceVerification.Missing
// phpcs:ignore WordPress.Security.NonceVerification.Recommended
return empty($_REQUEST[$var]);
}
}

public static function is_REQUEST($var, $match = false) {
if (false === $match) {
// phpcs:ignore WordPress.Security.NonceVerification.Recommended, WordPress.Security.NonceVerification.Missing
// phpcs:ignore WordPress.Security.NonceVerification.Recommended
return isset($_REQUEST[$var]);

} elseif (is_array($match)) {
// phpcs:ignore WordPress.Security.NonceVerification.Recommended, WordPress.Security.NonceVerification.Missing
// phpcs:ignore WordPress.Security.NonceVerification.Recommended
return (isset($_REQUEST[$var]) && in_array($_REQUEST[$var], $match));
} else {
// phpcs:ignore WordPress.Security.NonceVerification.Recommended, WordPress.Security.NonceVerification.Missing
// phpcs:ignore WordPress.Security.NonceVerification.Recommended
return (isset($_REQUEST[$var]) && ($_REQUEST[$var] == $match));
}
}

public static function REQUEST_key($var) {
// phpcs:ignore WordPress.Security.NonceVerification.Recommended, WordPress.Security.NonceVerification.Missing
// phpcs:ignore WordPress.Security.NonceVerification.Recommended
if (empty($_REQUEST[$var])) {
return '';
}

// phpcs:ignore WordPress.Security.NonceVerification.Recommended, WordPress.Security.NonceVerification.Missing
// phpcs:ignore WordPress.Security.NonceVerification.Recommended
return (is_array($_REQUEST[$var])) ? array_map('sanitize_key', $_REQUEST[$var]) : sanitize_key($_REQUEST[$var]);
}

Expand All @@ -316,7 +316,7 @@ public static function REQUEST_key_match($var, $match, $args = []) {

$matched = false;

// phpcs:ignore WordPress.Security.NonceVerification.Recommended, WordPress.Security.NonceVerification.Missing
// phpcs:ignore WordPress.Security.NonceVerification.Recommended
$request_key = self::REQUEST_key($var);

if (is_array($request_key)) {
Expand All @@ -336,12 +336,12 @@ public static function REQUEST_key_match($var, $match, $args = []) {
}

public static function REQUEST_int($var) {
// phpcs:ignore WordPress.Security.NonceVerification.Recommended, WordPress.Security.NonceVerification.Missing
// phpcs:ignore WordPress.Security.NonceVerification.Recommended
return (!empty($_REQUEST[$var])) ? intval($_REQUEST[$var]) : 0;
}

public static function REQUEST_url($var) {
// phpcs:ignore WordPress.Security.NonceVerification.Recommended, WordPress.Security.NonceVerification.Missing
// phpcs:ignore WordPress.Security.NonceVerification.Recommended
return (!empty($_REQUEST) && !empty($_REQUEST[$var])) ? sanitize_url(sanitize_text_field($_REQUEST[$var])) : '';
}

Expand Down Expand Up @@ -396,50 +396,50 @@ public static function POST_url($var) {

public static function empty_GET($var = false) {
if (false === $var) {
// phpcs:ignore WordPress.Security.NonceVerification.Recommended, WordPress.Security.NonceVerification.Missing
// phpcs:ignore WordPress.Security.NonceVerification.Recommended
return empty($_GET);
} else {
// phpcs:ignore WordPress.Security.NonceVerification.Recommended, WordPress.Security.NonceVerification.Missing
// phpcs:ignore WordPress.Security.NonceVerification.Recommended
return empty($_GET[$var]);
}
}

public static function is_GET($var, $match = false) {
if (false === $match) {
// phpcs:ignore WordPress.Security.NonceVerification.Recommended, WordPress.Security.NonceVerification.Missing
// phpcs:ignore WordPress.Security.NonceVerification.Recommended
return isset($_GET[$var]);

} elseif (is_array($match)) {
// phpcs:ignore WordPress.Security.NonceVerification.Recommended, WordPress.Security.NonceVerification.Missing
// phpcs:ignore WordPress.Security.NonceVerification.Recommended
return (isset($_GET[$var]) && in_array($_GET[$var], $match));
} else {
// phpcs:ignore WordPress.Security.NonceVerification.Recommended, WordPress.Security.NonceVerification.Missing
// phpcs:ignore WordPress.Security.NonceVerification.Recommended
return (!empty($_GET[$var]) && ($_GET[$var] == $match));
}
}

public static function GET_key($var) {
// phpcs:ignore WordPress.Security.NonceVerification.Recommended, WordPress.Security.NonceVerification.Missing
// phpcs:ignore WordPress.Security.NonceVerification.Recommended
if (empty($_GET[$var])) {
return '';
}

// phpcs:ignore WordPress.Security.NonceVerification.Recommended, WordPress.Security.NonceVerification.Missing
// phpcs:ignore WordPress.Security.NonceVerification.Recommended
return (is_array($_GET[$var])) ? array_map('sanitize_key', $_GET[$var]) : sanitize_key($_GET[$var]);
}

public static function GET_int($var) {
// phpcs:ignore WordPress.Security.NonceVerification.Recommended, WordPress.Security.NonceVerification.Missing
// phpcs:ignore WordPress.Security.NonceVerification.Recommended
return (!empty($_GET[$var])) ? intval($_GET[$var]) : 0;
}

public static function GET_url($var) {
// phpcs:ignore WordPress.Security.NonceVerification.Recommended, WordPress.Security.NonceVerification.Missing
// phpcs:ignore WordPress.Security.NonceVerification.Recommended
return (!empty($_GET[$var])) ? sanitize_url(sanitize_text_field($_GET[$var])) : '';
}

public static function SERVER_url($var) {
// phpcs:ignore WordPress.Security.NonceVerification.Recommended, WordPress.Security.NonceVerification.Missing
// phpcs:ignore WordPress.Security.NonceVerification.Recommended
return (!empty($_SERVER[$var])) ? sanitize_url(sanitize_text_field($_SERVER[$var])) : '';
}

Expand Down
4 changes: 2 additions & 2 deletions classes/PublishPress/Permissions/Admin.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -197,7 +197,7 @@ public function getModuleInfo($args=[])
$blurb = [
'circles' => esc_html__('Visibility Circles and Editorial Circles block access to content not authored by other group members.', 'press-permit-core'),
'collaboration' => esc_html__('Post-specific and category-specific permissions for creation and editing.', 'press-permit-core'),
'compatibility' => esc_html__('Integration with bbPress, BuddyPress, Relevanssi, WPML and other plugins; enhanced Multisite support.', 'press-permit-core'),
'compatibility' => esc_html__('Integration with ACF, bbPress, BuddyPress, Relevanssi, WPML and other plugins; enhanced Multisite support.', 'press-permit-core'),
'teaser' => esc_html__('On the site front end, display teaser text for unreadable posts instead of hiding them.', 'press-permit-core'),
'status-control' => esc_html__('Customize access to custom publication workflow statuses or visibility statuses.', 'press-permit-core'),
'file-access' => esc_html__("Restrict direct file requests based on user's access to the page a file is attached to.", 'press-permit-core'),
Expand All @@ -210,7 +210,7 @@ public function getModuleInfo($args=[])
$descript = [
'circles' => esc_html__('Visibility Circles and Editorial Circles block access to content not authored by other group members. Any WP Role, BuddyPress Group or custom Group can be marked as a Circle for specified post types.', 'press-permit-core'),
'collaboration' => esc_html__('Supports content-specific permissions for editing, term assignment and page parent selection. In combination with other modules, supports workflow statuses, PublishPress and PublishPress Revisions.', 'press-permit-core'),
'compatibility' => esc_html__('Adds compatibility or integration with bbPress, Relevanssi, CMS Tree Page View, Custom Post Type UI, Subscribe2, WPML, various other plugins. Configure any BuddyPress Group as a Permissions Group. For multisite, provides network-wide Permission Groups.', 'press-permit-core'),
'compatibility' => esc_html__('Adds compatibility or integration with ACF, bbPress, Relevanssi, CMS Tree Page View, Custom Post Type UI, Subscribe2, WPML, various other plugins. Configure any BuddyPress Group as a Permissions Group. For multisite, provides network-wide Permission Groups.', 'press-permit-core'),
'teaser' => esc_html__('On the site front end, replace non-readable content with placeholder text. Can be enabled for any post type. Custom filters are provided but no programming is required for basic usage.', 'press-permit-core'),
'status-control' => esc_html__('Custom post statuses: Workflow statuses allow unlimited orderable steps between pending and published, each with distinct capability requirements and role assignments. Statuses can be type-specific.', 'press-permit-core'),
'file-access' => esc_html__("Filters direct file access, based on user's access to post(s) which the file is attached to. No additional configuration required. Creates/modifies .htaccess file in uploads folder (and in main folder for multisite).", 'press-permit-core'),
Expand Down
12 changes: 8 additions & 4 deletions classes/PublishPress/Permissions/Constants.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,8 +22,8 @@ private function loadConstants() {
'PP_GROUP_RESTRICTIONS' => esc_html__("Specific Permissions: restrictions ('Blocked') can be applied to custom-defined groups", 'press-permit-core-hints'),
'PP_ALL_ANON_ROLES' => esc_html__("Supplemental roles assignment available for {All} and {Anonymous} metagroups", 'press-permit-core-hints'),
'PP_ALL_ANON_FULL_EXCEPTIONS' => esc_html__("Allow the {All} and {Anonymous} metagroups to be granted specific reading permissions for private content", 'press-permit-core-hints'),
'PP_EDIT_EXCEPTIONS_ALLOW_DELETION' => esc_html__("PRO: Users who have specific editing permissions for a post or attachment can also delete it", 'press-permit-core-hints'),
'PP_EDIT_EXCEPTIONS_ALLOW_ATTACHMENT_DELETION' => esc_html__("PRO: Users who have custom editing permissions for an attachment can also delete it", 'press-permit-core-hints'),
'PP_EDIT_EXCEPTIONS_ALLOW_DELETION' => esc_html__("Users who have specific editing permissions for a post or attachment can also delete it", 'press-permit-core-hints'),
'PP_EDIT_EXCEPTIONS_ALLOW_ATTACHMENT_DELETION' => esc_html__("Users who have custom editing permissions for an attachment can also delete it", 'press-permit-core-hints'),
'PP_ALLOW_UNFILTERED_FRONT' => esc_html__("Disable front end filtering if logged user is a content administrator (normally filter to force inclusion of readable private posts in get_pages() listing, post counts, etc.", 'press-permit-core-hints'),
'PP_UNFILTERED_FRONT' => esc_html__("Disable front end filtering for all users (subject to limitation by PP_UNFILTERED_FRONT_TYPES)", 'press-permit-core-hints'),
'PP_UNFILTERED_FRONT_TYPES' => esc_html__("Comma-separated list of post types to limit the effect of PP_UNFILTERED_FRONT and apply_filters( 'presspermit_skip_cap_filtering' )", 'press-permit-core-hints'),
Expand Down Expand Up @@ -71,7 +71,7 @@ private function loadConstants() {
$consts = array_merge(
$consts,
[
'PP_TEASER_HIDE_PAGE_LISTING' => esc_html__("PRO: Don't apply content teaser to get_pages() results (leave unreadable posts hidden)", 'press-permit-core-hints'),
'PP_TEASER_HIDE_PAGE_LISTING' => esc_html__("Don't apply content teaser to get_pages() results (leave unreadable posts hidden)", 'press-permit-core-hints'),
]
);
}
Expand Down Expand Up @@ -180,6 +180,7 @@ private function loadConstants() {
foreach ($consts as $k => $v) $this->constants[$k] = (object)['descript' => $v, 'type' => $type];


// phpcs:ignore Squiz.PHP.CommentedOutCode.Found
/*
if (defined('PUBLISHPRESS_REVISIONS_VERSION') || defined("REVISIONARY_VERSION")) {
$type = 'third-party';
Expand Down Expand Up @@ -222,7 +223,10 @@ private function loadConstants() {
'PRESSPERMIT_GET_PAGES_DISABLE_IN_CLAUSE' => '',
'PRESSPERMIT_GET_PAGES_IGNORE_EXCLUDE_ARGS' => '',
'PP_LEGACY_PAGE_URI_FILTER' => '',
//'PRESSPERMIT_READ_PUBLIC_CAP' => '',

// phpcs:ignore Squiz.PHP.CommentedOutCode.Found
//'PRESSPERMIT_READ_PUBLIC_CAP' => '',

'PRESSPERMIT_STRICT_READ_CAP' => '',
'PRESSPERMIT_SIMPLIFY_READ_PERMISSIONS' => '',
'PRESSPERMIT_LEGACY_HOOKS' => '',
Expand Down
2 changes: 1 addition & 1 deletion classes/PublishPress/Permissions/DB/Permissions.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -386,7 +386,7 @@ public static function addExceptionClauses($where, $required_operation, $post_ty
);
}

if (!$additions_only) {
if (!$additions_only && !did_action('presspermit_bypass_term_restrictions')) {
if ($where) { // where clause already indicates sitewide caps for one or more statuses (or just want the exceptions clause generated)
if ($append_clause = apply_filters('presspermit_append_query_clause', '', $post_type, $required_operation, $args)) {
$where .= $append_clause;
Expand Down
2 changes: 1 addition & 1 deletion classes/PublishPress/Permissions/PostFilters.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -909,7 +909,7 @@ public function getPostsWhere($args)
$pp_where = '1=1';

// term restrictions which apply to any post type
if ($apply_term_restrictions) {
if ($apply_term_restrictions && !did_action('presspermit_bypass_term_restrictions')) {

// account for term additions which apply to any post type (possibly based on a different taxonomy than restrictions)
$additional_ttids = [];
Expand Down
10 changes: 7 additions & 3 deletions classes/PublishPress/Permissions/TermQuery.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ public static function tallyTermCounts(&$terms, $taxonomy, $args = [])

if ($terms) {
if (!is_object(reset($terms))) {
return $terms;
return;
}

foreach ((array)$terms as $key => $term) {
Expand All @@ -34,8 +34,12 @@ public static function tallyTermCounts(&$terms, $taxonomy, $args = [])

// Get the object and term ids and stick them in a lookup table
$tax_obj = get_taxonomy($taxonomy);

$object_types = ($post_type) ? (array)$post_type : (array)esc_sql($tax_obj->object_type);

if ($post_type || $tax_obj) {
$object_types = ($post_type) ? (array) $post_type : (array) esc_sql($tax_obj->object_type);
} else {
return;
}

if ( class_exists('\PublishPress\Permissions\PostFilters') && ! presspermit()->isUserUnfiltered() ) {
// will default to src_table $wpdb->posts
Expand Down
31 changes: 19 additions & 12 deletions classes/PublishPress/Permissions/UI/AgentPermissionsUI.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1096,7 +1096,7 @@ public static function currentExceptionsUI($exc_results, $args = [])

$convert_caption = [
'additional' => __('Convert to "Enabled"', 'press-permit-core'),
'exclude' => __('Convert to "Blocked"', 'press-permit-core'),
'exclude' => __('Convert to "Blocked"', 'press-permit-core'), // phpcs:ignore WordPressVIPMinimum.Performance.WPQueryParams.PostNotIn_exclude
'include' => __('Convert to "Limit to"', 'press-permit-core'),
];

Expand Down Expand Up @@ -1170,7 +1170,7 @@ public static function currentExceptionsUI($exc_results, $args = [])

foreach (['additional', 'exclude', 'include'] as $_mod_type) {
echo "<option value='convert_" . esc_attr($_mod_type) . "'>"
. $convert_caption[$_mod_type]
. esc_html($convert_caption[$_mod_type])
. '</option>';
}
}
Expand Down Expand Up @@ -1220,17 +1220,19 @@ public static function currentExceptionsUI($exc_results, $args = [])

endif;

if ((PWP::empty_REQUEST('show_propagated') || !empty($fix_child_exceptions_link)) && !empty($_SERVER['REQUEST_URI'])) {
if (!empty($_SERVER['REQUEST_URI'])) {
$show_all_url = add_query_arg('show_propagated', '1', esc_url_raw($_SERVER['REQUEST_URI']));

if ('term' == $via_src) {
echo '<div class="pp-current-roles-note">'
. sprintf(
esc_html__('Note: Permissions inherited from parent %1$s are not displayed. %2$sshow all%3$s', 'press-permit-core'),
esc_html($_caption), "&nbsp;&nbsp;<a href='" . esc_url($show_all_url) . "'>",
'</a>'
)
. '</div>';
if (PWP::empty_REQUEST('show_propagated')) {
echo '<div class="pp-current-roles-note">'
. sprintf(
esc_html__('Note: Permissions inherited from parent %1$s are not displayed. %2$sshow all%3$s', 'press-permit-core'),
esc_html($_caption), "&nbsp;&nbsp;<a href='" . esc_url($show_all_url) . "'>",
'</a>'
)
. '</div>';
}
} else {
echo '<div class="pp-current-roles-note">';

Expand All @@ -1240,12 +1242,17 @@ public static function currentExceptionsUI($exc_results, $args = [])
esc_html($_caption), "&nbsp;&nbsp;<a href='" . esc_url($show_all_url) . "'>",
'</a>'
);
}
} else {
echo '<br />';
}

if (defined('WP_DEBUG')) {
$fix_child_url = add_query_arg('pp_fix_child_exceptions', '1', esc_url_raw($_SERVER['REQUEST_URI']));

echo '&nbsp;&nbsp;&bull;';
if (PWP::empty_REQUEST('show_propagated')) {
echo '&nbsp;&nbsp;&bull;';
}

printf(
esc_html__(' %1$sfix sub-%2$s permissions %3$s', 'press-permit-core'),
"&nbsp;&nbsp;<a href='" . esc_url($fix_child_url) . "'>",
Expand Down
4 changes: 2 additions & 2 deletions classes/PublishPress/Permissions/UI/Groups.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -62,9 +62,9 @@ public function __construct() {

// group IDs processing is only to report number of groups that were updated

// phpcs:ignore WordPress.Security.NonceVerification.Recommended, WordPress.Security.NonceVerification.Missing
// phpcs:ignore WordPress.Security.NonceVerification.Recommended
if (!empty($_REQUEST['groups'])) {
// phpcs:ignore WordPress.Security.NonceVerification.Recommended, WordPress.Security.NonceVerification.Missing
// phpcs:ignore WordPress.Security.NonceVerification.Recommended
$groupids = array_map('intval', (array) $_REQUEST['groups']);
} else {
$groupids = (PWP::is_REQUEST('group')) ? [PWP::REQUEST_int('group')] : [];
Expand Down
Loading

0 comments on commit e2b3bad

Please sign in to comment.