Latest update breaks all public AJAX calls

  • In rgg-options.php you have a hook on admin_init which kills the WP request if the logged-in user does not have manage_options. The problem with that is admin_init gets called by admin-ajax.php even by public (non-admin users). Many plugins depend on those types of calls. Our site broke in several ways after the last update of your plugin. May we suggest removing the wp_die call?

    Perhaps make it a positive assertion, like:
    if (current_user_can(‘manage_options’)) {
    /* your three lines of code */
    }

Viewing 8 replies - 1 through 8 (of 8 total)

  • Yes the latest update definitely has a bug. On grid pages I get this error in the console (non admin/not logged in):

    Error: Syntax error, unrecognized expression: You do not have sufficient permissions to access this page.

    I confirm that we are having problems too.
    It blocks the site from being viewed and this message is displayed.
    “You do not have sufficient permissions to access this page.”

    In my case it seems that the version 2.3.15
    does not have this problem

    +1, this is a bug that completely breaks the majority of sites. Not only public ajax requests, all non-admin users can’t login anymore.

    Thanks to @ionainteractive for identifying the problem and providing an easy fix.

    • This reply was modified 5 months, 1 week ago by JonasBreuer.

    Yes, I confirm

    Since version 2.3.16, developper added a security check based on the “manage_options” capability into the file “rgg-options.php”.
    Because of this, users that doesn’t have this capability may encounter the message “You do not have sufficient permissions to access this page.”

    From version 2.3.16, the developper should implement a “Role Management” section into the RGG settings panel, and accordingly adapt the security check added in “rgg-options.php” (since version 2.3.16).

    Here is a Fix in case you faces “You do not have sufficient permissions to access this page.”

    1. Find the WordPress capability that is common to the different users who must access to Responsive Gallery Grid, and/or should not get the error message.
      eg: “manage_woocommerce” if users have the “Shop Manager” role
      eg: “edit_page” if users have the “Editor” role
    2. Add the code below into the functions.php file of your child theme
    remove_action('admin_init', 'rgg_admin_init');

    add_action('admin_init', 'FIX_rgg_admin_init');
    function FIX_rgg_admin_init(){
    	if (!current_user_can('manage_woocommerce')) {
    		wp_die('You do not have sufficient permissions to access this page.');
    	}
    	register_setting( RGG_OPTIONS, RGG_OPTIONS, 'rgg_options_sanitize' );
    	add_settings_section('rgg_main', 'Main Settings', 'rgg_section_text', RGG_PLUGIN);
    	add_settings_field('rgg_text_string', 'Plugin Text Input', 'rgg_setting_string', RGG_PLUGIN, 'rgg_main');
    }

    Same here – Last Update is breaking KaliForms Sending process.

    Plugin Author Jules Colle

    (@jules-colle)

    Sorry. Should be fixed in version 2.3.18

Viewing 8 replies - 1 through 8 (of 8 total)
  • You must be logged in to reply to this topic.