Block Anspress upload file

Viewing 9 replies - 1 through 9 (of 9 total)
  • Plugin Author tokkonopapa

    (@tokkonopapa)

    8 years, 9 months ago

    Hi Alex,

    I think this issue may be related Roles and Capabilities.

    It seems that AnsPress defines ‘participant’ and ‘moderator’ for role, and each role has capabilities such as ‘ap_read_question’ for ‘participant’ or ‘ap_view_private’ for ‘moderator’.

    I could not find an official documentation about AnsPress’s roles and capabilities, but found this in their FAQ.

    As far as I read their codes, AnsPress needs ap_edit_question or ap_edit_answer for ‘participant’, ap_edit_others_question or ap_edit_others_answer for ‘moderator’ to upload something.

    As IPGB, you can find “Capabilities to be verified” at “Prevent malicious file uploading” in “Validation rule settings” section. The default value is upload_files which is a capability for WordPress to upload files.

    So I think you should put all the above capabilities (e.g. ap_edit_question, ap_edit_answer, ap_edit_others_question, ap_edit_others_answer) into “Capabilities to be verified“.

    I also have not finished to describe the documentation about this functionality, but please refer to “Capabilities to be verified“.

    I hope this may solve your issue.

    c.f. https://anspress.io/resources/functions/ap_role_caps/

    • This reply was modified 8 years, 9 months ago by tokkonopapa. Reason: Add ap_role_caps()
    Plugin Author tokkonopapa

    (@tokkonopapa)

    8 years, 9 months ago

    Here is the help text at “Capabilities to be verified“.

    Specify the capabilities to be verified. Depending on the particular type of uploader, certain capability may be required. Default is “upload_files” for Administrator, Editor and Author. This verification will be skipped if empty.

    Thread Starter alexlii

    (@alexlii)

    8 years, 8 months ago

    SORRY for later feedback since I am really business these days.

    I tested but failed.

    1#I found it is “disable” at the setting of “Capabilities to be verified” in our sites. whatever Anspress is used or not, what is the recommend setting here please ?

    2# Actually, I tried “upload files(default)” and copy those roles capabilities, but all does not work.

    Alex

    Plugin Author tokkonopapa

    (@tokkonopapa)

    8 years, 8 months ago

    Hi Alex,

    Nice to see you again!

    Please try to put the followings into “Capabilities to be verified“:

    upload_files,ap_edit_question,ap_edit_answer,ap_edit_others_question,ap_edit_others_answer

    Thanks.

    Thread Starter alexlii

    (@alexlii)

    8 years, 8 months ago

    Thanks, I tried the above, but still not work.

    And actually, I tried the very low capability: upload_files,ap_read_question, but still not work.

    I am still confused πŸ™‚

    Alex

    Thread Starter alexlii

    (@alexlii)

    8 years, 8 months ago

    Hello @tokkonopapa,

    There is a role capabilities tool at anspress backend, and there are Anspress administrator, anspress contributors and anspress banned, please check the screenshot at http://prntscr.com/gwuqaq

    and I guess the lowest capability of anspress contributor is AP_read_quetion.
    actually, I allow the user with AP_read_quetion to upload images, so I add all of capabilities below into IP-Geo-Block:
    Upload_files,ap_read_question,ap_read_answer,ap_new_question,ap_new_answer,ap_new_comment,ap_edit_question,ap_edit_answer,ap_edit_comment,ap_delete_question,ap_delete_answer,ap_delete_comment,ap_vote_up,ap_vote_down,ap_vote_flag,ap_vote_close,ap_upload_cover,ap_change_status

    But it does not work yet, thanks.

    Alex

    Plugin Author tokkonopapa

    (@tokkonopapa)

    8 years, 7 months ago

    Hello Alex,

    Sorry for my sluggish support.

    There is a role capabilities tool at anspress backend, …

    Based on this information, I confirmed the solution.

    1. Add ap_upload_cover into “Capabilities to be verified” at “Prevent malicious file uploading“.

    Capabilities to be verified

    2. Add ap_image_submission into “Exceptions” at “Admin ajax/post“.

    Admin ajax/post

    I hope this may solve the issue.

    Uploaded

    Thanks!

    Thread Starter alexlii

    (@alexlii)

    8 years, 7 months ago

    Hello @tokkonopapa,

    Never mind, your support is really great, and it works well πŸ™‚

    I mark this topic as resolved, Really appreciated, thanks so much,

    Alex

    Plugin Author tokkonopapa

    (@tokkonopapa)

    8 years, 7 months ago

    Hi Alex,

    Thank you for your confirmation.

    I’d like to add some information for all the users:

    AnsPress – Question and answer uses Plupload to upload files. And “Prevent Zero-day Exploit” at “Admin ajax/post” can not handle ajax requests well for uploading by Plupload.

    That’s why ap_image_submission must be put into “Exceptions“.

    Thanks.

Viewing 9 replies - 1 through 9 (of 9 total)

The topic ‘Block Anspress upload file’ is closed to new replies.