latest stable versions: v150827 (changelog)

Old Forums (READ-ONLY): The community now lives at WP Sharks™. If you have an s2Member® Pro question, please use our new Support System.

I found a hole in this plugin

Home Forums Community Forum I found a hole in this plugin

This topic contains 1 reply, has 2 voices. Last updated by  Rich Rice 4 years, 8 months ago.

Topic Author Topic
Posted: Monday Apr 30th, 2012 at 9:54 pm #12254
tom müller
Username: tom

When a page is protected and a visitor who has not logged in searches for the article on the page, the entire article opens, allowing the visitor to read the content without registering or login in.

Also, why is it not possible that after payment via paypal, the customer will be directed to the particular news item and not the 15 minutes email notice?

List Of Topic Replies

Viewing 1 replies (of 1 total)
Author Replies
Author Replies
Posted: Sunday May 6th, 2012 at 11:01 pm #12782
Rich Rice
Username: brink668

Its not a hole, its how search queries work, if you go through all the options there is a setting that deals with this. By activating this setting(s) you can prevent that from happening.

Alternative View Protection ( optional / experimental )

s2Member protects Categories, Tags, Posts, Pages, Files, URIs & more. BUT, even with all of those security restrictions, it’s still possible for protected content excerpts to be seen through XML feeds, in search results generated by WordPress®; and/or ( depending on your theme ), possibly in other Archive views; which might include: Posts by Author, Posts by Date, a list of featured items formulated by your theme, OR even through other widgets/plugins adding functionality to your site. ~ We refer to all of these collectively, as “Alternative Views”.

Using the options below, you can tell s2Member to protect some ( or all ) of these “Alternative Views”, by filtering WordPress® database queries for you. s2Member can automatically hide protected content that is NOT available to the current User/Member. In other words, s2Member is capable of pre-filtering ALL database queries, so that excerpts of protected content will not be allowed to slip through. This is marked “experimental”, because we’re still testing this against MANY widget/plugin/theme combinations. Please report all bugs.

Viewing 1 replies (of 1 total)

This topic is closed to new replies. Topics with no replies for 2 weeks are closed automatically.

Old Forums (READ-ONLY): The community now lives at WP Sharks™. If you have an s2Member® Pro question, please use our new Support System.

Contacting s2Member: Please use our Support Center for bug reports, pre-sale questions & technical assistance.