diff --git a/readme.txt b/readme.txt index 545a7d84..559889b3 100644 --- a/readme.txt +++ b/readme.txt @@ -100,6 +100,11 @@ Follow PublishPress on [Facebook](https://www.facebook.com/publishpress), [Twitt == Changelog == += 2.4.4 - 18 Nov 2020 = +* Fixed : Revision submission caused Post Thumbnail to be cleared from the published post +* Fixed : Revision submission by a Revisor caused corruption of published content (by slash removal) on some ACF installations +* Fixed : Compare Past Revisions - Editors did have "Preview / Restore" or "Manage" buttons + = 2.4.3 - 5 Nov 2020 = * Compat : Polylang - language settings were not stored to revision (Fix also applies to other plugins using hidden taxonomies) * Compat : Project Nami (Microsoft SQL Server / ODBC) - No confirmation redirect on revision submission diff --git a/revisionary.php b/revisionary.php index 401e9f15..9a777081 100644 --- a/revisionary.php +++ b/revisionary.php @@ -5,7 +5,7 @@ * Description: Maintain published content with teamwork and precision using the Revisions model to submit, approve and schedule changes. * Author: PublishPress * Author URI: https://publishpress.com - * Version: 2.4.3 + * Version: 2.4.4 * Text Domain: revisionary * Domain Path: /languages/ * Min WP Version: 4.9.7 @@ -96,7 +96,7 @@ function($links, $file) // register these functions before any early exits so normal activation/deactivation can still run with RS_DEBUG register_activation_hook(__FILE__, function() { - $current_version = '2.4.3'; + $current_version = '2.4.4'; $last_ver = get_option('revisionary_last_version'); @@ -143,7 +143,7 @@ function() } else { $message = sprintf( __( 'Another copy of PublishPress Revisions (or Revisionary) is already activated (version %1$s)', 'revisionary' ), RVY_VERSION ); } - + echo "
" . $message . '
'; }, 5); } @@ -172,7 +172,7 @@ function() return; } - define('REVISIONARY_VERSION', '2.4.3'); + define('REVISIONARY_VERSION', '2.4.4'); if ( ! defined( 'RVY_VERSION' ) ) { define( 'RVY_VERSION', REVISIONARY_VERSION ); // back compat diff --git a/revisionary_main.php b/revisionary_main.php index 57e6bd8c..366b3533 100644 --- a/revisionary_main.php +++ b/revisionary_main.php @@ -28,6 +28,14 @@ class Revisionary // minimal config retrieval to support pre-init usage by WP_Scoped_User before text domain is loaded function __construct() { + if (is_admin() && (false !== strpos($_SERVER['REQUEST_URI'], 'revision.php')) && (!empty($_REQUEST['revision']))) { + add_action('init', [$this, 'addFilters'], PHP_INT_MAX); + } else { + $this->addFilters(); + } + } + + function addFilters() { global $script_name; // Ensure editing access to past revisions is not accidentally filtered. diff --git a/rvy_init.php b/rvy_init.php index 757c84f6..e4323d37 100644 --- a/rvy_init.php +++ b/rvy_init.php @@ -27,6 +27,49 @@ add_action('rvy_mail_buffer_hook', 'rvy_send_buffered_mail' ); add_filter('cron_schedules', 'rvy_mail_buffer_cron_interval'); +add_filter('wp_insert_post_empty_content', '_rvy_buffer_post_content', 10, 2); + +add_action('post_updated', '_rvy_restore_published_content', 99, 3); + +add_action('update_post_metadata', '_rvy_limit_postmeta_update', 10, 5); +add_action('delete_post_metadata', '_rvy_limit_postmeta_update', 10, 5); + +function _rvy_limit_postmeta_update($block_update, $object_id, $meta_key, $meta_value, $prev_value) { + global $current_user; + + if (in_array($meta_key, apply_filters('revisionary_protect_published_meta_keys', ['_thumbnail_id', '_wp_page_template']), $object_id)) { + if ($status_obj = get_post_status_object(get_post_field('post_status', $object_id))) { + if (!empty($status_obj->public) || !empty($status_obj->private)) { + if (get_transient("_rvy_pending_revision_{$current_user->ID}_{$object_id}") || !agp_user_can('edit_post', $object_id, '', ['skip_revision_allowance' => true])) { + $block_update = true; + } + } + } + } + + return $block_update; +} + +// Make sure upstream capability filtering never allows unauthorized updating of published post content +function _rvy_restore_published_content( $post_ID, $post_after, $post_before ) { + global $wpdb; + + if (defined('RVY_DISABLE_CONTENT_BUFFER')) { + return; + } + + if ($status_obj = get_post_status_object(get_post_field('post_status', $post_ID))) { + if (!empty($status_obj->public) || !empty($status_obj->private)) { + if (!agp_user_can('edit_post', $post_ID, '', ['skip_revision_allowance' => true])) { + if ($post_content = get_transient('rvy_post_content_' . $post_ID)) { + $wpdb->update($wpdb->posts, ['post_content' => $post_content], ['ID' => $post_ID]); + delete_transient('rvy_post_content_' . $post_ID); + } + } + } + } +} + if (defined('JREVIEWS_ROOT') && !empty($_REQUEST['preview']) && ((empty($_REQUEST['preview_id']) && empty($_REQUEST['thumbnail_id'])) || (!empty($_REQUEST['preview_id']) && rvy_is_revision_status(get_post_field('post_status', (int) $_REQUEST['preview_id']))) @@ -36,6 +79,31 @@ _rvy_jreviews_preview_compat(); } +function _rvy_buffer_post_content($maybe_empty, $postarr) { + global $wpdb; + + if (empty($postarr['ID']) || defined('RVY_DISABLE_CONTENT_BUFFER')) { + return $maybe_empty; + } + + if ($status_obj = get_post_status_object(get_post_field('post_status', $postarr['ID']))) { + if (!empty($status_obj->public) || !empty($status_obj->private)) { + if (!agp_user_can('edit_post', $postarr['ID'], '', ['skip_revision_allowance' => true])) { + if ($raw_content = $wpdb->get_var( + $wpdb->prepare( + "SELECT post_content FROM $wpdb->posts WHERE ID = %d", + $postarr['ID'] + ) + )) { + set_transient('rvy_post_content_' . $postarr['ID'], $raw_content, 60); + } + } + } + } + + return $maybe_empty; +} + function rvy_mail_check_buffer($new_msg = [], $args = []) { if (empty($args['log_only'])) { if (!$use_buffer = rvy_get_option('use_notification_buffer')) {