Here’s a reasonably happy ending to a brutal day here in the land of high hopes and outrageous aspirations. Am I paying for my insistance on taking big bites? My morning started with three reports – two from “veteran” scopers:

1. “My private pages are all suddenly listed and readable”
2. “My hidden content teaser stopped working; now all those posts are exposed”
3. “When I activated Role Scoper it uncategorized all my posts (and this with WordPress 2.5)”

And this was supposed to be the day when I start working on something else. Well, I explained (1) as a configuration issue which led to some interesting points about wp_list_pages behavior.

Bug (2) was due to some combination of undeclared property variables (fine on most servers but not on that one) and variable scope issues with functions hooked to the_posts. Switching to posts_results filtering did the trick.  This fix probably also corrects other unreported bugs on susceptible servers.  If you have struggled making Role Scoper do things that seem to work for everyone else, give this a shot.

(3) is still unresolved and unconfirmed, but I did put every sensible safeguard in place to make it seemingly impossible for Role Scoper’s category filtering to strip existing stored categories.

While on this bug hunt, I also corrected some other Teaser issues as well as several Category filtering bugs. The change log for Role Scoper 0.9.23:

Hidden Content Teaser:

• fixed: Hidden Content Teaser failed on some servers due to RS use of undeclared properties and unreliability of WordPress the_posts hook for this purpose (using posts_results instead)

• fixed: potentially, other undiscovered bugs related to the failure of undeclared properties on some servers

• fixed: Comments were visible even in posts hidden with teaser

• fixed: With teaser on, visible pages below a private page did not retain their hierarchy

• fixed: Teaser was teasing unviewable private pages even if the “include private pages if user can read them” option was disabled. Now, if that setting is activated, private pages will never be listed or teased.

Categories:

• fixed: For Users < WP editor, other users’ published posts could be listed and edited (but not saved) if user had a Section Role assignment of Author in one of the post categories

• fixed: (theoretically) Imposed safeguards against potential stripping of existing post categories/tags, reported by one user and potentially possible if a post save operation was triggered from an unusual URI. Now limit RS category/tag filtering to expected URIs

• fixed: Categories with Exclusive Section settings were not filtered properly with “Realms -> Section Roles for Pages” enabled. This would pertain to installations that use Page Category Plus

• fixed: Non-admin users with Category management in a category could modify Exclusive Sections settings for roles they do not possess, effectively promoting themselves to a higher category role.

• fixed: After a Section Role or Exclusive Sections setting which lowers the user’s own administration rights, newly inaccessable categories did not disappear from the UI until after the next page reload