lifterlms
lifterlms copied to clipboard
gocodebox
Conflict with User Role Editor causing Forms "Add New" button to be available to site administrators
Reproduction Steps
- HS-171499
- I can't reproduce on Mac
- couldn't reproduce this on browser stack with windows ten FireFox/Chrome either
- Go into LifterLMS->Forms->Add New on a Windows 10 with either FireFox or Chrome
Expected Behavior
- You can make a new form
Actual Behavior
+
Error Messages / Logs
- Include any relevant error messages or log files
<!-- Paste error logs / backtraces below this line -->
chrome error:
TypeError: Cannot read property 'name' of undefined
at https://www.dbm-sbx.com/wp-content/plugins/lifterlms/libraries/lifterlms-blocks/assets/js/llms-blocks.js?ver=0773d67df4d1030cde2039d836bef065:22:45803
at n.value (https://www.dbm-sbx.com/wp-includes/js/dist/components.min.js?ver=05cdf30cf2623cd4539a5c19832b0114:7:113304)
at Ie (https://www.dbm-sbx.com/wp-includes/js/dist/vendor/react-dom.min.js?ver=16.13.1:104:8)
at rh (https://www.dbm-sbx.com/wp-includes/js/dist/vendor/react-dom.min.js?ver=16.13.1:103:334)
at zj (https://www.dbm-sbx.com/wp-includes/js/dist/vendor/react-dom.min.js?ver=16.13.1:228:490)
at Th (https://www.dbm-sbx.com/wp-includes/js/dist/vendor/react-dom.min.js?ver=16.13.1:152:223)
at tj (https://www.dbm-sbx.com/wp-includes/js/dist/vendor/react-dom.min.js?ver=16.13.1:152:152)
at Te (https://www.dbm-sbx.com/wp-includes/js/dist/vendor/react-dom.min.js?ver=16.13.1:146:151)
at https://www.dbm-sbx.com/wp-includes/js/dist/vendor/react-dom.min.js?ver=16.13.1:61:68
at unstable_runWithPriority (https://www.dbm-sbx.com/wp-includes/js/dist/vendor/react.min.js?ver=16.13.1:25:260)
firefox error:
TypeError: r is not a function
at https://www.dbm-sbx.com/wp-includes/js/dist/components.min.js?ver=05cdf30cf2623cd4539a5c19832b0114:7:309054
at Bh (https://www.dbm-sbx.com/wp-includes/js/dist/vendor/react-dom.min.js?ver=16.13.1:126:456)
at Dj (https://www.dbm-sbx.com/wp-includes/js/dist/vendor/react-dom.min.js?ver=16.13.1:162:476)
at unstable_runWithPriority (https://www.dbm-sbx.com/wp-includes/js/dist/vendor/react.min.js?ver=16.13.1:25:260)
at Da (https://www.dbm-sbx.com/wp-includes/js/dist/vendor/react-dom.min.js?ver=16.13.1:60:280)
at xb (https://www.dbm-sbx.com/wp-includes/js/dist/vendor/react-dom.min.js?ver=16.13.1:162:231)
at mk.Events.current (https://www.dbm-sbx.com/wp-includes/js/dist/vendor/react-dom.min.js?ver=16.13.1:236:102)
at Ei (https://www.dbm-sbx.com/wp-includes/js/dist/vendor/react-dom.min.js?ver=16.13.1:41:59)
System and Environment Information
System Report
System Report:
Wordpress
-------------------------------------------
Home Url: [removed]
Site Url: [removed]
Login Url: [removed]/do-bexlogu/
Version: 5.7.2
Debug Mode: No
Debug Log: No
Debug Display: Yes
Locale: en_GB
Multisite: No
Page For Posts: Not Set
Page On Front: Do-Be Mindful Homepage (#42) [[removed]/]
Permalink Structure: /%postname%/
Show On Front: page
Wp Cron: Yes
Settings
-------------------------------------------
Version: 5.1.0
Db Version: 5.1.0
Course Catalog: Course Catalog (#25524) [[removed]/courses/]
Membership Catalog: Membership Catalog (#25525) [[removed]/memberships/]
Student Dashboard: My account (#25456) [[removed]/my-account/]
Checkout Page: Purchase (#25526) [[removed]/?page_id=25526]
Course Catalog Per Page: 9
Course Catalog Sorting: menu_order,ASC
Membership Catalog Per Page: 9
Membership Catalog Sorting: menu_order,ASC
Site Membership: Not Set
Courses Endpoint: my-courses
Edit Endpoint: edit-account
Lost Password Endpoint: lost-password
Vouchers Endpoint: redeem-voucher
Autogenerate Username: yes
Password Strength Meter: yes
Minimum Password Strength: medium
Terms Required: yes
Terms Page: Privacy Policy, Terms & Conditions (#171) [[removed]/terms-conditions/]
Checkout Names: required
Checkout Address: required
Checkout Phone: optional
Checkout Email Confirmation: yes
Open Registration: no
Registration Names: required
Registration Address: required
Registration Phone: required
Registration Voucher: required
Registration Email Confirmation: no
Account Names: required
Account Address: required
Account Phone: optional
Account Email Confirmation: no
Confirmation Endpoint: confirm-payment
Force Ssl Checkout: no
Country: GB
Currency: GBP
Currency Position: left
Thousand Separator: ,
Decimal Separator: .
Decimals: 2
Trim Zero Decimals: no
Recurring Payments: no
Email From Address: [removed]
Email From Name: [removed]
Email Footer Text: © 2017 Do-Be Limited. All rights reserved.
Email Header Image: 26724
Cert Bg Width: 842
Cert Bg Height: 595
Cert Legacy Compat: yes
Constants
-------------------------------------------
LLMS_REMOVE_ALL_DATA: undefined
LLMS_REST_DISABLE: undefined
LLMS_SITE_FEATURE_RECURRING_PAYMENTS: undefined
LLMS_SITE_IS_CLONE: undefined
Gateways
-------------------------------------------
Manual: Disabled
Manual Logging: no
Manual Order: 1
Server
-------------------------------------------
Mysql Version: 5.6.51
Php Curl: Yes
Php Default Timezone: UTC
Php Fsockopen: Yes
Php Max Input Vars: 5000
Php Max Upload Size: 256 MB
Php Memory Limit: 256M
Php Post Max Size: 256M
Php Soap: Yes
Php Suhosin: No
Php Time Limt: 300
Php Version: 7.4.21
Software: Apache/2.4.25 (Debian)
Wp Memory Limit: 40M
Browser
-------------------------------------------
HTTP USER AGENT: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36
Theme
-------------------------------------------
Name: Bridge Child
Version: 1.0.0
Themeuri: http://demo.qodeinteractive.com/bridge/
Authoruri: http://www.qodethemes.com/
Template: bridge
Child Theme: Yes
Llms Support: No
Plugins
-------------------------------------------
Add-on Contact Form 7 - Mailpoet 3: 1.3.19
AddToAny Share Buttons: 1.7.45
Advanced Order Export For WooCommerce: 3.1.9
Automatic Copyright Year: 1.1
BackupBuddy: 8.7.4.0
Better User Search: 1.1.1
Bounce Handler Mailpoet: 1.3.21
Bridge Core: 2.8.9
Checkout Field Editor for WooCommerce: 1.4.8
Classic Editor: 1.6.2
Collapse-O-Matic: 1.7.13
Contact Form 7: 5.4.2
Enhanced Media Library: 2.8.5
Envato Market: 2.0.6
Flamingo: 2.2.2
GDPR Cookie Consent Banner: 99.9
Hide My Site: 2.1
Hide My Site Premium Expansion: 1.1.2
Invisible reCaptcha: 1.2.3
LifterLMS: 5.1.0
LifterLMS Helper: 3.3.0
LifterLMS Labs: 1.6.0
LifterLMS WooCommerce: 2.2.1
Loco Translate: 2.5.3
MailPoet 3 (New): 3.65.1
MailPoet 3 Premium (New): 3.65.0
Manage Notification E-mails: 1.8.0
Nav Menu Roles: 2.0.1
Print-O-Matic: 1.7.14
Quick Page/Post Redirect Plugin: 5.2.2
ReCaptcha v2 for Contact Form 7: 1.3.5
Slider Revolution: 6.5.5
Templatera: 2.0.4
User Role Editor: 4.60.1
WooCommerce: 5.5.2
WooCommerce Customizer: 2.7.4
WooCommerce Email Validation: 2.1.1
WooCommerce PayPal Checkout Gateway: 2.1.2
WooCommerce Stripe Gateway: 5.3.0
WooCommerce Subscriptions: 3.1.4
Wordfence Security: 7.5.4
WordPress Force HTTPS: 0.1.4
WPBakery Page Builder: 6.7.0
wpDiscuz: 7.2.2
WP Downgrade | Specific Core Version: 1.2.2
WPS Hide Login: 1.8.5
WP User Avatar: 999.9.16
Yoast SEO: 16.7
Integrations
-------------------------------------------
BbPress: No
BuddyPress: No
WooCommerce: Yes
Template Overrides
-------------------------------------------
This issue has be recreated:
- [ ] Locally
- [ ] On a staging site
- [X] On a production website
- [ ] With only LifterLMS and a default theme
Browser, Device, and Operating System Information
- chrome Version 92.0.4515.107
- firefox 89.0.2
- Windows 10
@nrherron92 I'm not able to reproduce the issue on the customer (production) website using browserstack win10+chrome. Maybe cleaning the browser's cache might help...(?)
@eri-trabiccolo he's still having this issue apparently. I thought it may have been because he had LifterLMS and WooCommerce my account on the same page but he fixed that and it's still happening... I'll see if he can try from a different windows 10 device
@thomasplevy it's happening for him in Firefox too. I just sent a reply to find out if he can test on another windows 10 device to see if it's specific to his computer or not
@nrherron92 If you try to create a new form with whatever browser on whatever s.o. on the customer website:
- The form being created has no blocks, and this is not expected because it should have a set of default blocks
- If you click on the "Form settings" on the right (as the customer now suggests) to expand the forms settings the editor breaks as the customer says. It can also happen that the editor breaks as soon as you enter, it depends on whether the Form settings are already expanded or not (which is a preference stored by wp in the browser's local storage). So the issue here is most likely a plugin/theme conflict. The staging website it's now crucial.
@eri-trabiccolo I was able to reproduce the issue once we cleared up confusion with which was the staging site. Basically what's happening is the user does not have the custom fields plugin so they should not at all have the add new form button that's causing the issue
@nrherron92
The "User Role Editor" plugin has been used to modify the default permissions shipped with LifterLMS core which explicitly prevent form posts from being created
You can check this by heading to Users -> User Role Editor then select "Administrator" and under post types look for the second instance of "Forms"
By default LifterLMS specifies the "create_posts" as false, denoting that new form posts cannot be created.
A user can of course modify this via code (or via this plugin) but they're doing so at their own risk and yes apparently there is a "bug" in our Javascript that is not expecting you to be able to get to this screen and then when you do it acts up.
I don't see any issuse when trying to edit existing forms (the core default forms) and the bug is encountered only as a result of modifying the permissions to enable something that we don't exepct you to be able to do.
The solution here is to use the custom fields add-on to create new custom forms if that's desired and if we simply want the "bug" to go away the permission should be disabled in the user role editor.
We cannot really fix a conflict like this since in this case the plugin is doing what it's supposed to do (allow modification of roles) and there's no real way for us to program the permissions in a way that prevent modification.
I'm going to mark this as resolved because we can't fix it
Let me know if you need anything further on this one, just reopen and let us know.
@thomasplevy This issue may end up coming up again. You can't remove any admin permissions in the User Role Editor. Once you turn it on it grants the admin all permissions, and even if you go in to edit the admin role you can't remove the forms create_post. Which, of course this doesn't actually break any existing functionality and the default forms work as expected, since the User Role Editor sees the forms->create_post as a default admin permission you can't unset it or reset to default and then even if you delete the plugin the change is still permanent so users who have the plugin will all be able to see/encounter this conflict.
I don't know that there's anything we can do about it except just have it on record that we know it happens.
@nrherron92 sigh.
We can work around this... I suppose relying on user permissions was an arrogant idea.
@gocodebox/success I'm keeping this open as a known plugin conflict which I think we can, potentially, build a handler for if it becomes a regularly-enough reported issue.
We could add a filter that runs to force it to look like the user doesn't have the capability when the user role editor plugin is enabled on the site. Our custom fields add-on will need to remove this filter too.
I'm going to mark this as a "future" issue for now and we'll take care of it at some point if it grows very annoying.
This is a common plugin, @nrherron92 is right, and I didn't realize that it prevented admin permissions from being removed. My mistake.