wturrell

Thanks Brandon – understood.

Could you clarify, did you push an automatic update for this? Asking because I saw the news about it, went to check on a client’s site (who doesn’t update their own plugins) and found a few outstanding updates but WP Super Cache already running 1.4.4.

(Thanks.)

If you’re using composer, try adding https://github.com/leafo/lessphp (version 0.4.0)

I upgraded today and was suddenly getting wp_kses() errors (and “.required is undefined”) on the public site – specifically:

Missing argument 2 for wp_kses(), called in /var/www/mysite/htdocs/wp-content/plugins/wp-less/wp-less.class.php on line 297 and defined in /var/www/mysite/htdocs/wp-includes/kses.php on line 520

(Affecting both a server running PHP 5.3 and 5.5).

Eventually when reviewing the composer update, I noticed leafo/lessphp had been replaced by oyejorge/less.php in the plugin’s composer.json. Putting leafo back fixed this.

Note this is a workaround and I don’t fully understand the original problem.

There’s a workaround for this:

Dashboard > Groups > Options
Untick “Administrators override all access permissions derived from Groups capabilities.”
Save.

(That will do what it suggests though, and not allow to you access posts etc. if you’re not in the correct group, even as a WordPress administrator).

I believe the problem is with:
/groups/lib/core/class-groups-user.php and the if statement in line 225. What’s odd is that in capabilities.php in WordPress core, DISALLOW_FILE_EDIT is only used for edit_files, edit_plugins and edit_themes, however none of these are apparently checked when viewing the editor page, so adding something like:

&& $capability !== 'edit_files'
&& $capability !== 'edit_themes'
&& $capability !== 'edit_plugins'

to the conditional in class-groups-user.php makes no difference.

Anyone see what I’m missing? Am I looking in the wrong place?

William