Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Version 0.5.3 - Security Update #4

Merged
merged 1 commit into from May 11, 2013
Merged

Conversation

stevenkword
Copy link
Contributor

Security Update

  • Correct security vulnerability allowing both private and password protected posts from being accessed through the print page
  • Creates is_protected() method to determine if the print page should be visible to the current user
  • Remove print_url links from the content when the current user does not have the necessary capabilities to view the print page

Security Update
* Correct security vulnerability allowing both private and password protected posts from being accessed through the print page
* Creates is_protected() method to determine if the print page should be visible to the current user
* Remove print_url links from the content when the current user does not have the necessary capabilities to view the print page
ssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss
@ethitter
Copy link
Owner

I'm really not fond of the approach for a few reasons.

First off, there's no reason to throw a 404 for privately-published posts from within the plugin. WordPress does that already. It's better to not show the print template in that case, and that can be done within the template_chooser() method.

As for password-protected posts, we should prompt for the post password rather than assume that no one will ever have the password and want to print the post.

@ethitter ethitter closed this May 11, 2013
@stevenkword
Copy link
Contributor Author

As we've discussed previously, I agree and will make these changes. The pull request was simply to keep it in sync with the WordPress plugin repository. I'll be in touch.

@ethitter ethitter reopened this May 11, 2013
@ethitter
Copy link
Owner

Good point.

I'll merge the pull request, and am in the process of properly fixing these issues. I should have the plugin updated later today.

ethitter added a commit that referenced this pull request May 11, 2013
Version 0.5.3 - Security Update

Temporary and merged to keep Git in sync with the WordPress.org plugins repository. Proper fixes to these issues are forthcoming.
@ethitter ethitter merged commit 26d9563 into ethitter:master May 11, 2013
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

2 participants