Massive number of PHP Warnings after update to PHP 8.1

Resolved

(@hemligg)

After we upgraded our site to PHP 8.1 from 8.0 we started to get a massive number of PHP Warnings in our error logs:
“PHP Warning: Undefined array key “email_role” in /home/runcloud/webapps/OurSite/wp-content/plugins/invite-anyone/by-email/by-email.php on line 422″

So I had to change the function invite_anyone_access_test() to this:

function invite_anyone_access_test() {
global $current_user, $bp;

$access_allowed = true;
$iaoptions      = invite_anyone_options();

if ( ! is_user_logged_in() ) {
    $access_allowed = false;
} elseif ( current_user_can( 'bp_moderate' ) ) {
    // The site admin can see all
    $access_allowed = true;
} elseif ( bp_displayed_user_id() && ! bp_is_my_profile() ) {
    $access_allowed = false;
} elseif ( isset( $iaoptions['email_visibility_toggle'] ) && 'no_limit' === $iaoptions['email_visibility_toggle'] ) {
    // This is the last of the general checks: logged in,
    // looking at own profile, and finally admin has set to "All Users".
    $access_allowed = true;
} elseif ( isset( $iaoptions['email_since_toggle'] ) && 'yes' === $iaoptions['email_since_toggle'] ) {
    // Minimum number of days since joined the site
    $since = isset( $iaoptions['days_since'] ) ? $iaoptions['days_since'] : 0;
    if ( $since ) {
        // WordPress's DAY_IN_SECONDS exists for WP >= 3.5, target version is 3.2, hence hard-coded value of 86400.
        $since = $since * 86400;

        $date_registered = strtotime( $current_user->data->user_registered );
        $time            = time();

        if ( $time - $date_registered < $since ) {
            $access_allowed = false;
        }
    }
} elseif ( isset( $iaoptions['email_role_toggle'] ) && 'yes' === $iaoptions['email_role_toggle'] ) {
    // Check if 'email_role' is set before accessing it.
    if ( isset( $iaoptions['email_role'] ) && ! empty( $iaoptions['email_role'] ) ) {
        $role = $iaoptions['email_role'];

        // Minimum role on this blog. Users who are at the necessary role or higher
        // should move right through this toward the 'return true' at the end of the function.
        if ( isset( $iaoptions['minimum_role'] ) && $role ) {
            switch ( $role ) {
                case 'Subscriber' :
                    if ( ! current_user_can( 'read' ) ) {
                        $access_allowed = false;
                    }
                    break;

                case 'Contributor' :
                    if ( ! current_user_can( 'edit_posts' ) ) {
                        $access_allowed = false;
                    }
                    break;

                case 'Author' :
                    if ( ! current_user_can( 'publish_posts' ) ) {
                        $access_allowed = false;
                    }
                    break;

                case 'Editor' :
                    if ( ! current_user_can( 'delete_others_pages' ) ) {
                        $access_allowed = false;
                    }
                    break;

                case 'Administrator' :
                    if ( ! current_user_can( 'switch_themes' ) ) {
                        $access_allowed = false;
                    }
                    break;
            }//end switch
        }//end if
    }
} // <== This closing bracket was missing
elseif ( isset( $iaoptions['email_blacklist_toggle'] ) && 'yes' === $iaoptions['email_blacklist_toggle'] ) {
    // User blacklist.
    if ( isset( $iaoptions['email_blacklist'] ) ) {
        $blacklist = wp_parse_id_list( $iaoptions['email_blacklist'] );
        $user_id   = intval( $current_user->ID );
        if ( in_array( $user_id, $blacklist, true ) ) {
            $access_allowed = false;
        }
    }
}

return apply_filters( 'invite_anyone_access_test', $access_allowed );

}

It would be great if you could handle this issue in a coming release.

Viewing 2 replies - 1 through 2 (of 2 total)

Plugin Author

Boone Gorges

(@boonebgorges)

5 months, 1 week ago

Thanks for the report! I’ve made a similar fix in https://github.com/boonebgorges/invite-anyone/commit/fffb2ea52e8ec55a55f2541915cc09e2fc9db9f3 and it will be part of the next release.

Thread Starter

hemligg

(@hemligg)

2 months, 1 week ago

Well actually we now found that this code isn’t working. Users could access the invite page and send invitations even though only Administrators should have access.

So it seems the role to be used should be ‘minimum_role’ and not ’email_role’.

So the function invite_anyone_access_test() we use now in file /invite-anyone/by-email/by-email.php is the following:

function invite_anyone_access_test() {
	global $current_user, $bp;

	$access_allowed = true;
	$iaoptions      = invite_anyone_options();

	if ( ! is_user_logged_in() ) {
		$access_allowed = false;
	} elseif ( current_user_can( 'bp_moderate' ) ) {
		// The site admin can see all
		$access_allowed = true;
	} elseif ( bp_displayed_user_id() && ! bp_is_my_profile() ) {
		$access_allowed = false;
	} elseif ( isset( $iaoptions['email_visibility_toggle'] ) && 'no_limit' === $iaoptions['email_visibility_toggle'] ) {
		// This is the last of the general checks: logged in,
		// looking at own profile, and finally admin has set to "All Users".
		$access_allowed = true;
	} elseif ( isset( $iaoptions['email_since_toggle'] ) && 'yes' === $iaoptions['email_since_toggle'] ) {
		// Minimum number of days since joined the site
		$since = isset( $iaoptions['days_since'] ) ? $iaoptions['days_since'] : 0;
		if ( $since ) {
			// WordPress's DAY_IN_SECONDS exists for WP >= 3.5, target version is 3.2, hence hard-coded value of 86400.
			$since = $since * 86400;

			$date_registered = strtotime( $current_user->data->user_registered );
			$time            = time();

			if ( $time - $date_registered < $since ) {
				$access_allowed = false;
			}
		}
	} elseif ( isset( $iaoptions['email_role_toggle'] ) && 'yes' === $iaoptions['email_role_toggle'] ) {
		// Check if 'email_role' is set before accessing it.
		if ( isset( $iaoptions['minimum_role'] ) && ! empty( $iaoptions['minimum_role'] ) ) {
			$role = $iaoptions['minimum_role'];
			
			// Minimum role on this blog. Users who are at the necessary role or higher
			// should move right through this toward the 'return true' at the end of the function.
			if ( isset( $iaoptions['minimum_role'] ) && $role ) {
				switch ( $role ) {
					case 'Subscriber' :
						if ( ! current_user_can( 'read' ) ) {
							$access_allowed = false;
						}
						break;

					case 'Contributor' :
						if ( ! current_user_can( 'edit_posts' ) ) {
							$access_allowed = false;
						}
						break;

					case 'Author' :
						if ( ! current_user_can( 'publish_posts' ) ) {
							$access_allowed = false;
						}
						break;

					case 'Editor' :
						if ( ! current_user_can( 'delete_others_pages' ) ) {
							$access_allowed = false;
						}
						break;

					case 'Administrator' :
						if ( ! current_user_can( 'switch_themes' ) ) {
							$access_allowed = false;
						}
						break;
				}//end switch
			}//end if
		}
	} 
	elseif ( isset( $iaoptions['email_blacklist_toggle'] ) && 'yes' === $iaoptions['email_blacklist_toggle'] ) {
		// User blacklist.
		if ( isset( $iaoptions['email_blacklist'] ) ) {
			$blacklist = wp_parse_id_list( $iaoptions['email_blacklist'] );
			$user_id   = intval( $current_user->ID );
			if ( in_array( $user_id, $blacklist, true ) ) {
				$access_allowed = false;
			}
		}
	}

	return apply_filters( 'invite_anyone_access_test', $access_allowed );
}

This reply was modified 2 months, 1 week ago by hemligg.

Viewing 2 replies - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.