Notifications
Clear all

Paid Addons Support Forum Only

Please note, that here we only support Paid Addons issues and questions.

gVectors Support staff works from 6am to 6pm (GMT+0)

All questions related to wpForo and wpDiscuz free plugins should be asked in the corresponding plugin support forum:

 

wpDiscuz Support Forum wpForo Support Forum

[Solved] This plugin breaks permission for all admin pages


Mathias Latournerie
Posts: 27
Customer
Topic starter
(@mathias-latournerie)
Member
Joined: 8 months ago

Hello,

I found a bug in the plugin that completely break the permissions for my forum admins.

If you are a user with some admin access on WPForo but are not a WP Admin, you can't access your admin pages anymore because of a bug in "wpforotpx.php" in the "admin_menu_order" function.

I've spent hours trying to understand what was wrong with my install as my forum admins and moderators told me they were getting an error saying "Sorry,  you are not allowed to access this page." when trying to access their admin pages (ex: wpforo-settings)

If you are not a WP admin, you won't get the "Topic Prefix" submenu, and in return the "admin_menu_order" function will replace the $submenu global variable with an empty array, breaking the WP "user_can_access_admin_page" function.

I'm not sure about the best way to fix this, I just made a workaround to not unset the menu if the replacement is empty, but in my opinion, the issue is that people with WPForo "Full Access" should get access to the submenu in the first place.

So all in all, I believe the underlying issue is that the "wpforo_current_user_is" should check for the "fullaccess" permission when trying to see if someone is a forum admin. However, as I'm not sure what the implications would be, I didn't modify this function myself.

I would like my forum admin ("fullaccess") to be able to change the plugin settings like they are able to do for your other addons.

Regards.

6 Replies
Astghik
Posts: 5048
Admin
(@astgh)
Support Team
Joined: 4 years ago

@mathias-latournerie,

This is designed to work in this way. We may provide you with a hook code for this case if you want. You'll simply need to add the code in the functions.php file it'll as you expected. 

Reply
5 Replies
Mathias Latournerie
Customer
(@mathias-latournerie)
Joined: 8 months ago

Member
Posts: 27

@astghik I can assure you it is not designed to work like this :p

There's a misunderstanding. I can hear that you designed it in a way that only WP admin can access the plugin settings (and in that case, yes, I would like to get this hook to make my forum admins have access too).

However it is not designed to cause a major bug in the admin area itself! I'm going to give another example but please re-read my message.

Without "Prefix plugin" => Users with "fullaccess" can open the "Settings" page and users with "Moderation access" can open the "Moderation" panel in the WP admin area.

With plugin => They can't! Because the plugin has a bug that breaks permissions for other pages than itself! That's a major bug and I can't update the plugin until it is fixed.

Regards.

Reply
Tom
 Tom
Admin
(@tomson)
Joined: 6 years ago

Support Team
Posts: 3712

@mathias-latournerie,

Thank you for the information. We'll check it and release the addon update asap.

Reply
Mathias Latournerie
Customer
(@mathias-latournerie)
Joined: 8 months ago

Member
Posts: 27

@tomson Hello, any news on this please? It's been more than 5 months

Reply
Tom
 Tom
Admin
(@tomson)
Joined: 6 years ago

Support Team
Posts: 3712

@mathias-latournerie,

Please make sure you use the latest 1.0.3 version.

Reply
Mathias Latournerie
Customer
(@mathias-latournerie)
Joined: 8 months ago

Member
Posts: 27

@tomson Oh did you just released a new version? Sorry I updated yesterday. Ok I will update then, thanks!

Reply
Share:
Scroll to top