myrrhlarsen

Thanks, @mvandemar – keep us posted on this when you can; I am experiencing the same issue.

Same problem. Removing the .htaccess allows me to access the files – but now anyone with the file URL could access the file, whether they are a logged in user or not.

It seems to me like a “direct hit” (without referer) to the file URL should trigger a rewrite through something that checks credentials. Is this possible? Is this part of the plugin and it’s just not working for me? Thanks in advance.

Thanks, Igor!

Btw, to anyone else who stumbled upon this and has any pre-3.4 conditional code comparing $post_object->post_password with $_COOKIE['wp-postpass_' . COOKIEHASH]: you must now use wp_check_password() instead, as the post password is (wisely!) no longer saved in plaintext in the user’s browser.

You probably shouldn’t attempt this if you don’t have at least minor proficiency in PHP.

Plugin author: I’ll delete this post upon request. I like your plugin, and I don’t mean deface it with my hacking around.

Anyway, to change it from operating on POSTS to operating on PAGES, in /wp-content/plugins/resource-booking-and-availability-calendar/cstart-Resource-booking-and-availability-calendar.php change the following:

Change line 289 from
if (/*$adminOptions[‘add_content’] == “true” && */ is_single()) {
to
if (/*$adminOptions[‘add_content’] == “true” && */ is_page()) {
…and change line 464 from
add_action(‘edit_form_advanced’, array(&$cs_RBA_plugin,’post_options’),1);
to
add_action(‘edit_page_form’, array(&$cs_RBA_plugin,’post_options’),1);

And you’ll have it on pages instead of posts. If you want it on both, you’ll need to have both “add_action” directives in there and just change the conditional in the addContent() function to if ( is_single() || is_page() ) { and you should be good.