Daniel Iser
Forum Replies Created
-
@macpheek – Check v2.6.0. Resolution took a bit of time to find an elegant solution that didn’t require breaking things or creating side effects.
Luckily we worked with someone on the Plugins Team to come up with a proper solution that resolves it by default, and still maintains full capabilities.
You can read about this specific issue here: https://contentcontrolplugin.com/docs/security/preventing-bots-from-discovering-restricted-content/#how-content-can-be-exposed
@crzyhrse – Check v2.6.0. Resolution took a bit of time to find an elegant solution that didn’t require breaking things or creating side effects.
Luckily we worked with someone on the Plugins Team to come up with a proper solution that resolves it by default, and still maintains full capabilities.
@jakobols – Correct, in your case there was no exposure at all. This only effected users who explictly set up global restrictions on posts, and set them to show up in archives with “Restricted Content” style content replacement.
You can read about this specific issue here: https://contentcontrolplugin.com/docs/security/preventing-bots-from-discovering-restricted-content/#how-content-can-be-exposed
@jakobols – Admittedly this one got by us early on, but we have been on it for some time. The trick was finding a solution that resolved the issue as outlined, but also that didn’t require breaking existing functionality/expectations, complete rewrite of the plugin, or introducing new side-effects or compatibility issues with other plugins.
Many of the solutions we fully considered would have required completely removing many of the features that have long made this plugin so flexible.
Luckily we worked with someone on the Plugins Team to come up with a simple yet elegant solution that resolves it by default, and still maintains full capabilities.
Also just note, this was less of a security vulnerability in the sense of your site could get hacked, and more of a content could be brute forced via the search. Because of the extremely low security risk and potential future issues stemming from bad choice of solution now, we did take a bit longer than our typical response to something like this which is usually days (from the finding, not announcement).You can read about this specific issue here: https://contentcontrolplugin.com/docs/security/preventing-bots-from-discovering-restricted-content/#how-content-can-be-exposed
Just for extra reference, it further relied on you setting it up to allow your content to appear for restricted users, but with your “restricted content” message. If you used redirects, or were already hiding content from archives then it wouldn’t have had any impact on your sites at all.
Forum: Plugins
In reply to: [User Menus - Nav Menu Visibility] Can’t select Roles@paulbarrett1952 which older version resolved it for you? We can easily check to see if there is any obvious issue in the changes since.
@mirkolofio – Thanks for the report, fix is made, will be in next patch soon.
Forum: Plugins
In reply to: [User Menus - Nav Menu Visibility] Update for latest versions.PS I have tasked one of our devs to look for potential updates we can look at doing for the short term.
The only long term thing we have considered is adding support for the block editor, but then again we have Content Control (linked above), which already does this much better than User Menus ever could, and with way more capabilities.
Not sure if we would want to replicate that, but maybe we can look at it in Q1 2025 as a real enhancement. That said haven’t had many requests for it, so would it even be worth the effort s 🤷♂️?
Forum: Plugins
In reply to: [User Menus - Nav Menu Visibility] Update for latest versions.@aadillm – To be clear, it works great with the latest version of WP, there simply have been no reported issues to fix in some time, much longer than the 1.2 years.
This plugin has been pretty stable and feature rich for a long time, very few support requests, feature requests etc.
We have active development on our other plugins which do get requests/issues much more frequently.
I just updated the tag to show its safe to use with current WP, but until we have a reason to push an update we try not to just push updates if that makes since.
Our other plugins for example:
@americiu – This indicates your not using WP in a normal way, correct? Your using composer to install plugins?
If so even then its incorrect, our plugin only requires 5.6 to boot.Some of our composer dev dependencies require 7.4, but your site shouldn’t be installing those.
Not sure this is related to our plugin as we don’t require 7.2 anywhere, not even in composer.json config.
That said going forward in v1.21.0 or v1.22.0 we will be raising the minimum requirements, you can read about that on our blog: https://wppopupmaker.com/announcements/upcoming-php-wp-requirement-changes/
@w-sky – Appreciate the feedback, and we are moving to full block editor support by default in near future, that said block editor support has been there since Gutenberg first came out, just not on by default as our Shortcode UI is built on TinyMCE button bars and was much more refined for the time (still is compared to some of Gutenberg).
For that matter we are realistically editor agnostic. You can also use any page builder, shortcodes.
As for Gutenberg support not only can you edit popups, but you can also set any block or text on pages/posts to be a click trigger for any of our popups, just like making a link.
To enable editing popup go to Popup Maker -> Settings, there is a checkbox for that.
https://p60.tr2.n0.cdn.zight.com/items/4guGJjNp/8398e88c-248e-4a6c-a852-740dea772cad.png
Hopefully you will see we didn’t ignore it and reconsider your star rating. It just wasn’t a priority of our users, nor one of our own, in fact from usage tracking we know that less than 5% of our users are utilizing the block editor for popups, most opting for simple shortcodes or full page builders.
— General gutenberg opinions from WP product company —
Even as a dedicated WP company we are only just starting to truly adopt Gutenberg for editing beyond simple posts.
Even years into the block editor project, most agencies & site bulders are not using it, opting instead for modern page builders (Class/ID based styling rather than modules/elements, such as Bricks, Cicily etc), capable of producing complex designs without limiting you based on what settings fields are shown or some wonky post editing optimized interface.
As someone who has personally contributed to gutenberg, released packages built on top of it for other devs & generally been involved at every level of WordPress for the past 15 years, Gutenberg is a good step in the right direction, but far from the ultimate solution.
## Reasons its not a great investment for plugin companies:
- In its current state, and the state for the past 5 years for that matter, there are breaking changes, major UI/UX shifts, changes of general direction etc, that occur every few releases if not more often. This means it costs a heck of a lot more developer time to build and support products on top of it, and then rebuild those products over and over again with every breakage. No signs of stabilization any time soon.
- Finding or training developers to full proficiency is very time intensive. A small company with 1 developer and multiple products 👋 having to constantly relearn because the changed the whole thing, is not something I should be wasting time on.
@testbewertungen – Our Remote Content extension or a custom written solution similar are the only ways to accomplish that. This is honestly heavily dependent on the content in the popup to determine if its even feasible, things like forms from another plugin 100% won’t work this way for example. The same would be true about anything that required CSS & JS, and that wasn’t built in a way that can be initialized after loading late (ie a slider plugin initilizes on page load, so it won’t work if loaded after then).
Hope that helps.
@rbdev – To be clear, your using Content Control plugin, and not Restrict Content Pro correct?
We are not associated with RCP and there are no links to their site within our code to cause such an issue, so my guess is you meant to submit a ticket with their support instead of ours by mistake.
@granatdesign – Please update to the latest version and let us know if the issue has been resolved.
@kannabanna – Please update and let us know if that resolved the issue for you.
@kannabanna – Would it be possible to check your PHP error logs or ask your host for assistance? Would be useful to see exactly what error message & which file:line it came from.
@shift8 – I’m not sure what you mean, we have styles for our popup containers and overlays, but beyond that no we don’t style content.
Most likely your themes custom classes are set to only work within containers that have a specific parent class.
You can use this filter to add a custom class to the popup container or content area.
add_filter( "pum_popup_container_classes", "my_custom_popup_container_class" );
function my_custom_popup_container_class( $classes ) {
$classes[] = 'main-content'; // or whatever your theme requires.
return $classes;
}
