Select Page

The latest 2.7.13 release caused some troubles.

Let us explain what happened.

Administrators can give or not give the rights to autopost to specific user groups. That feature had a security hole that was allowing users who has no rights to autopost still do that. That was fixed in the latest version. We won’t unfix it or roll it back. That was a real security problem and it was causing real troubles.

If you are getting “User ID XXX can’t autopost” errors please go to the settings tab and give the user group where user with ID XXX rights to autopost.

However this fix backfired to users who were using that security hole as feature.

Examples:

– WordPress used as classifieds website. Visitors submit posts from frontend.

– Administrator doesn’t want contributors or authors to change autoposting settings, but still want their posts to be autoposted to all configured networks.

– All posts are imported by some automation plugin. That plugin is not brilliantly written and it inserts all posts using hard-coded user id #1. Website doesn’t even have the user with ID 1, so the result is “User ID 1 can’t autopost” error.

We will re-think our security model and might add another privilege, so some user groups will autopost without seeing or being able to make any changes to the settings. We also might add the ability to skip this whole security model and use plugin without any restrictions (as it was before the fix).

UPDATE: Version 2.7.14 has an ability to skip the check for user privileges as well as an ability to allow users to autopost without seeing to changing any options.

sc-snap-0003-editpost-ImageSelect