search

itthinx / groups

Groups provides group-based user membership management, group-based capabilities and content access control. It integrates standard WordPress capabilities and application-specific capabilities along with an extensive API.
GNU General Public License v3.0
49 stars 35 forks source link

Mailpoet post selection fix #133

Closed milesimarco closed 1 year ago

milesimarco commented 2 years ago

Added exception for Mailpoet to fix a bug causing no post to appear in the newsletter search box

itthinx commented 1 year ago

Thanks for the suggestion but the proposed solution - a mere check for the presence of $_POST['mailpoet'] - would in fact open up an attack vector which would allow to circumvent the protection mechanism, so this would not be viable.

A possible solution could also be based on the groups_post_access_posts_where_apply filter which is applied in the same function before the suggested code bit. This could be done in a separate plugin that implements the filter in a secure way.

If you would like to explore a solution based on the filter as suggested and would like to share your approach, please feel free to do so.