nwoetzel

Hi Tibor,

I have the same problem. If you really need it, you could add it on the server level (apache/nginx). Probable solution for worpdress with cache is on the bottom of this comment – but here is my analysis:
The https://www.ads-software.com/plugins/security-headers/ uses the same mechanism (action: send_headers) and fails, when the page is served from cache.
The user note to the wp_headers (a filter called in send_headers) at https://developer.www.ads-software.com/reference/hooks/wp_headers/#user-contributed-notes mentions that the send_headers is just not called for cached content. But I do not like the “meta http-equiv” tag to fix the problem with the headers.

So my best guess is to hook into the ‘template_redirect’ action like demonstrated in the “cache-control” plugin: https://plugins.svn.www.ads-software.com/cache-control/tags/1.2/cache-control.php

Having other priorities, I cannot test that right now, but I can imagine that this works. If it is the right/correct solution – I cannot tell.

Best
Nils

I have just added some information on how you can do that:
https://www.ads-software.com/support/topic/visual-composer-24?replies=2

I am not 100% sure what you are asking. But if you like to add a post-content short-code using the visual composer, you can use the Visual Composer shortcode mapper

Since this does not do the trick 100% for me, I actually use the Visual Composer API wc_map() function

in my themes ‘functions.php’ I’ve added this:

// map the post-content shortcode for user with visual-composer
if ( function_exists( 'vc_map' ) && is_plugin_active( 'post-content-shortcodes/post-content-shortcodes.php')) :
    vc_map( array(
        "weight" => -1,
        "name" => __("Post content", 'post-content-shortcodes'),
        "base" => "post-content",
        "icon" => "",
        "class" => "",
        "category" => __('Plugins', 'plugins'),
        "description" => "www.ads-software.com/plugins/post-content-shortcodes",
        "params" => array(
            array(
                "type" => "textfield",
                "heading" => "Post Id",
                "param_name" => "id",
                "value" => "1",
                "admin_label" => true,
                "description" => "The id of the post or page to include here."
            ),
            array(
                "type" => "textfield",
                "heading" => "Post Slug",
                "param_name" => "post_name",
                "value" => "",
                "admin_label" => true,
                "description" => "The slug of the post that you want to pull. This can be used in place of the id attribute."
            ),
            array(
                "type" => "checkbox",
                "class" => "",
                "heading" => "Show Image",
                "param_name" => "show_image",
                "value" => array(
                    "" => "true"
                ),
                "description" => "Determines whether oder not to display the featured image (if so, this appears befodere the content)."
            ),
            array(
                "type" => "checkbox",
                "class" => "",
                "heading" => "Show Excerpt",
                "param_name" => "show_excerpt",
                "value" => array(
                    "" => "true"
                ),
                "description" => "Determines whether to default to showing the post excerpt instead of the post content (still falls back to post content if the excerpt is not set)."
            ),
            array(
                "type" => "textfield",
                "class" => "",
                "heading" => "Excerpt length",
                "param_name" => "excerpt_length",
                "value" => "",
                "description" => "If you would like to limit the length of the content/excerpt shown on the page, specify the maximum number of woderds that should be shown (a read modere link will automatically be appended to any entries that exceed that limit)."
            ),
            array(
                "type" => "textfield",
                "heading" => "Image Width",
                "param_name" => "image_width",
                "value" => "0",
                "description" => "The width, in pixels, to which the featured image should be sized"
            ),
            array(
                "type" => "textfield",
                "heading" => "Image Height",
                "param_name" => "image_height",
                "value" => "0",
                "description" => "The height, in pixels, to which the featured image should be sized"
            ),
            array(
                "type" => "checkbox",
                "class" => "",
                "heading" => "Show Title",
                "param_name" => "show_title",
                "value" => array(
                    "" => "true"
                ),
                "description" => "Whether oder not to show the post title at the top of the content."
            ),
        )
    ) );
endif;

I have not added an equivalent for ‘post-list’, but this is quite easy using the previous code as a template.

The FAQ is indeed a walk-through you are asking for:
https://www.ads-software.com/plugins/wp-twitter-feeds/faq/

There is a slightly related post
https://www.ads-software.com/support/topic/problem-with-the-integration-of-more-then-one-ad?replies=11
although this does not discuss having multiple domain controllers with different Base DN.
Could it be, that the plugin author saw problems if you have completely different domain controllers (with different users) that there might arise conflicts if you have two different users with the same user name? It is not really a huge problem, because you could require the user to add the account-suffix to their username at login – which makes the username unique. But if you like a litte more confort (like appending the account suffix automatically), problems might become hard to trace.

Anyways, if you have control over the domain controllers, it should be possible to configure the ‘defaultnamingcontext’ (https://msdn.microsoft.com/en-us/library/cc223277.aspx) on your servers to the Base DN you would have to add otherwise in the plugin settings. The plugin uses the default (as far as I can see in the code) if the ‘Base DN’ is not given (adLDAP.php: find_base_dn()). So if you leave the ‘Base DN’ empty, and the defaultnameingcontext is your required basedn, I presume (not tested!!) that different domain controllers can work.
adLDAP.php:458:

if ($this->_base_dn == NULL) {
            $this->_base_dn = $this->find_base_dn();
        }

it might be that this has to be changed to

if ($this->_base_dn == NULL || $this->_base_dn = "") {
            $this->_base_dn = $this->find_base_dn();
        }

since the plugin does not NULL to _base_dn if the otpion is empty.

This is very speculative, and I have no environment to test this easily.

For your original request, the structure of the plugin will have to change – it was just not planned for that.

Have you tried to enter multiple ‘Domain Controllers’ under ‘Server’ and add all ‘Account Suffix’ under ‘User’ in the settings page?
I think at the moment the only limitation there is, that all servers need to use the same port and the same ‘Base DN’.

I work myself on some customization for the plugin.
I have a branch with some ‘enhancements’ for the settings page dealing mainly with the role-equivalent-groups.
Anyways, the changes that you suggest (and also for the load_scripts) are incorporated into this development branch.

https://github.com/nwoetzel/active-directory-integration/compare/1.1.7…development.patch

If you deploy any other version, just replace ‘1.1.7’

Although it might be possible to do what you are asking, might I suggest to use the ‘Role equivalent groups’ mapping.
Instead of using an AD attribute (like title), the cleaner way is to assign your users to particular AD groups (memberOf). The active-directory-integration plugin will then give the logged in user the role it finds as a first match in the ‘Role equivalent groups’.
We are using it that way for our setup.

You can even combine that with the ‘user-access-manager’ plugin and have a fine-grained way of restricting access to pages, posts and terms (like categories).

No, I did not observe something wrong.
$lang is just not defined in that scope.
It seems important for the quick edit of a category row, but I have not used it – so I cannot say if it is not working.

We have a similar problem with the “Add Media” dialog. The pagination is not working there either.
There are a couple of filters hooked up:
https://github.com/wp-plugins/user-access-manager/blob/master/user-access-manager.php#L333

I removed ‘the_posts’ filter – although this will show all posts to all users, they will not have access to individual posts.
I cannot tell the impact on the RSS feed though! So be careful with fiddling around with or deactivating certain filters.
I think it will be necessary to add some more hooks, for example filters: ‘posts_where’ and ‘posts_search’, but these filters are not well documented so I am not sure if this is easily done.

user 2 should be able to see post A.
user 2 is not directly member of group A
but through the affiliation for group A (‘subscriber’) user 2 (since he has role ‘subscriber’) is automatically in Group A and in turn, has access to post A
user 3 in the example is also a member of group 1 (since he is a subscriber and group A is affiliated with the subscriber role)

in theory you do not need to set visibility to private on your post.
If you set a user group, then the rules of this group aplly (group read only, write only, all or whatever this group is configured for)
When you do not set a user group on your post – it will just behave as if you did not install the plugin – but if you associate it with a category with user-group set (for pages set a parent with group set), than it will follow those group roles
(both parent page or category behavior only if “Lock recursive” is set to ‘yes’).

This is not really necessary.
The user usually has a default role assigned (in normal wordpress installations, new users are subscribers). And groups are affiliated with roles.
The easiest you can do is to create a user group with the ‘subscriber’ role affiliated.
This group will then be the default group for new user.

I can see what you are requesting.
You could go even further and ask, if there could be a default group also for posts, pages, categories and so on. This would actually be feature we are also seeking, since users create posts, but forget to assign them a group – then everybody just has the normal rights on the post they get through their role…

Are you sure this really is a security problem?

The meta-box is always visible (this is a feature). But the Subscriber, with the role ‘subscriber’ can only modify access to the library item (or any other post, page, category) for groups he is a member of (i.e. the user-group this role is affiliated with).
So if your subscriber role is affiliated with all groups, then the subscriber has the liberty to check or uncheck the boxes for all groups. If the user has a role, and that role is affiliated with a group, the user is in that group. When a user is in a group, the user can add or remove groups from library items, posts or pages (custom post-types, custom taxonomies etc.). The user needs to have access to it (with write permission through the group, or by being the owner) for doing this!

Could you verify, if the groups you have defined, are affiliated with the role ‘subscriber’. If this is the case, you might want to remove that affiliation.

Ok, that makes sense:
Just for reference, this is how I solved the problem for our case.
I added this code snippet to my themes functions.php:

if( ! has_filter('pll_check_canonical_url','polylang_skip_redirect')) :
    function polylang_skip_redirect($redirect_url, $language) {
        // check for the language in the $redirect_url by searching for e.g. '/en/'
        $contains_lang = preg_match("/\/".$language->slug."\//",$redirect_url);
        if( $contains_lang) {
                return $redirect_url;
        }
        else {
                return false;
        }
    }
    add_filter('pll_check_canonical_url','polylang_skip_redirect',10,2);
endif;

this basically only allows a redirect if the redirect url already contains the language slug

I have used the ‘pll_check_canonical_url’ filter and return false. For now, everything works as expected. I will test more, but I think this does solve the issue for me without too much restructuring of the content.
Thanks so much for your quick help.

I also did not know about those filters until yesterday. I am not sure if they are absolutely necessary – meaning if there is a more elegant way of registering arg names like ‘lang’ or specific slugs.
How do you reserve ‘lang’ or ‘language’ as argument/parameter name?

There is one function:
https://codex.www.ads-software.com/Function_Reference/wp_unique_term_slug
which might be useful – one probably could register ‘en’ (or any other registered language slug) as a unique slug across all taxonomies – although this will then definitely break my construct (naming a page ‘en’). But this could be used as an error condition…