wturrell
Forum Replies Created
-
Forum: Plugins
In reply to: [WP Super Cache] Security Advisory: Persistent XSS in WP-Super-CacheThanks Brandon – understood.
Forum: Plugins
In reply to: [WP Super Cache] Security Advisory: Persistent XSS in WP-Super-CacheCould you clarify, did you push an automatic update for this? Asking because I saw the news about it, went to check on a client’s site (who doesn’t update their own plugins) and found a few outstanding updates but WP Super Cache already running 1.4.4.
(Thanks.)
Forum: Plugins
In reply to: [WP-LESS] broken site when updating to 1.7.5 and WP 4.0If you’re using composer, try adding https://github.com/leafo/lessphp (version 0.4.0)
I upgraded today and was suddenly getting wp_kses() errors (and “.required is undefined”) on the public site – specifically:
Missing argument 2 for wp_kses(), called in /var/www/mysite/htdocs/wp-content/plugins/wp-less/wp-less.class.php on line 297 and defined in /var/www/mysite/htdocs/wp-includes/kses.php on line 520
(Affecting both a server running PHP 5.3 and 5.5).
Eventually when reviewing the composer update, I noticed leafo/lessphp had been replaced by oyejorge/less.php in the plugin’s composer.json. Putting leafo back fixed this.
Note this is a workaround and I don’t fully understand the original problem.
Forum: Plugins
In reply to: [Groups] Groups overrides wp-config's DISALLOW_FILE_EDIT settingThere’s a workaround for this:
Dashboard > Groups > Options
Untick “Administrators override all access permissions derived from Groups capabilities.”
Save.(That will do what it suggests though, and not allow to you access posts etc. if you’re not in the correct group, even as a WordPress administrator).
I believe the problem is with:
/groups/lib/core/class-groups-user.php
and the if statement in line 225. What’s odd is that incapabilities.php
in WordPress core, DISALLOW_FILE_EDIT is only used for edit_files, edit_plugins and edit_themes, however none of these are apparently checked when viewing the editor page, so adding something like:&& $capability !== 'edit_files' && $capability !== 'edit_themes' && $capability !== 'edit_plugins'
to the conditional in class-groups-user.php makes no difference.
Anyone see what I’m missing? Am I looking in the wrong place?
William