Kevin,

You really have been pumping out the releases lately! I've just updated both of my websites that are also updated to WP2.6.  I have a major issue with the blog in which I have private pages - they are now visible to people that aren't logged in! 

In fact, it's stranger than that. Normally I have main pages: apples, bannanas, carrots.  The apples page is private, but I have assigned a group of users with reader access to be able to read it.  The apples page has sub-pages of juicy-apples and tasty-apples, with the same permissions as the apples page.

Normally, my theme displays the list of pages, and when you click on apples (which you normally only see when logged in) the juicy-apples and tasty-apples sub-pages appear below the list of main pages. This was working absolutely fine with 0.9.17 (albeit with a different bug which is now fixed in 0.9.22). Then I upgraded to 0.9.22 and something BAD has happened.

When I'm logged in as a user from the group with reader access to apples and it's sub-pages, everything is fine. But when I log out to test that everything is secure with 0.9.22, I have visible in the list of main pages: Home, apples, juicy-apples, tasty-apples.  I can click on these protected page and sub-pages and everything is completely visible to any logged-out user! The non-protected main pages are not displaying, they have instead been replaced by the protected page and sub-pages which seem to have “hijacked” the display of the non-protected pages! Also, the protected sub-pages (juicy-apples and tasty-apples) are displaying as if they were main pages, not sub-pages (still only to the logged-out user - seems to be fine with the logged-in user).

The theme I am using was published in 2006, so I might be using an old piece of code for displaying page lists - but I then tried the WP2.6 default theme, and the same bad thing is happening.

Since we have been corresponding I have developed a level of trust with you, and am willing to provide you with admin access to this offending blog if you would like to see first-hand what is going on.  Alternatively, if you would like I can email you screenshots of what's going on.

Hope this helps!

Regards,

Tom

flammobammo said:

Kevin,

You really have been pumping out the releases lately! I've just updated both of my websites that are also updated to WP2.6. 

I had some catching up to do and not much time to do it before needing to shift focus to a paid consulting gig.  For Role Scoper, I want to make good on existing claims and expectations by finding bugs and/or plugin conflicts, following WP revisions and documenting or eliminating complex/non-intuitive behavior before it aggrevates users.  This report makes me fear I'm trying to do too much and should have held these new revisions until there was more time to test with various configurations.

However, so far I am not able to reproduce the error.  Please do e-mail me a login so I can check out your configuration.