Version Description
- Fixed : Potential vulnerability in wp-admin (but exposure was only to users with role editing capability)
Download this release
Release Info
| Developer | kevinB |
| Plugin |  Capability Manager Enhanced |
| Version | 1.5.9 |
| Comparing to | |
| See all releases | |
Code changes from version 1.5.8 to 1.5.9
- capsman-enhanced.php +4 -4
- framework/lib/themes-agapetry.php +1 -1
- includes/handler.php +4 -2
- includes/manager.php +1 -1
- includes/pp-ui.php +8 -5
- readme.txt +5 -2
capsman-enhanced.php
CHANGED
|
@@ -8,14 +8,14 @@
|
|
| 8 |
* @copyright Copyright (C) 2009, 2010 Jordi Canals; modifications Copyright (C) 2012-2018 Kevin Behrens
|
| 9 |
* @license GNU General Public License version 3
|
| 10 |
* @link http://agapetry.net
|
| 11 |
-
* @version 1.5.
|
| 12 |
*/
|
| 13 |
|
| 14 |
/*
|
| 15 |
Plugin Name: Capability Manager Enhanced
|
| 16 |
Plugin URI: http://presspermit.com/capability-manager
|
| 17 |
Description: Manage WordPress role definitions, per-site or network-wide. Organizes post capabilities by post type and operation.
|
| 18 |
-
Version: 1.5.
|
| 19 |
Author: Jordi Canals, Kevin Behrens
|
| 20 |
Author URI: http://agapetry.net
|
| 21 |
Text Domain: capsman-enhanced
|
|
@@ -24,8 +24,8 @@ License: GPLv3
|
|
| 24 |
*/
|
| 25 |
|
| 26 |
if ( ! defined( 'CAPSMAN_VERSION' ) ) {
|
| 27 |
-
define( 'CAPSMAN_VERSION', '1.5.
|
| 28 |
-
define( 'CAPSMAN_ENH_VERSION', '1.5.
|
| 29 |
}
|
| 30 |
|
| 31 |
if ( cme_is_plugin_active( 'capsman.php' ) ) {
|
| 8 |
* @copyright Copyright (C) 2009, 2010 Jordi Canals; modifications Copyright (C) 2012-2018 Kevin Behrens
|
| 9 |
* @license GNU General Public License version 3
|
| 10 |
* @link http://agapetry.net
|
| 11 |
+
* @version 1.5.9
|
| 12 |
*/
|
| 13 |
|
| 14 |
/*
|
| 15 |
Plugin Name: Capability Manager Enhanced
|
| 16 |
Plugin URI: http://presspermit.com/capability-manager
|
| 17 |
Description: Manage WordPress role definitions, per-site or network-wide. Organizes post capabilities by post type and operation.
|
| 18 |
+
Version: 1.5.9
|
| 19 |
Author: Jordi Canals, Kevin Behrens
|
| 20 |
Author URI: http://agapetry.net
|
| 21 |
Text Domain: capsman-enhanced
|
| 24 |
*/
|
| 25 |
|
| 26 |
if ( ! defined( 'CAPSMAN_VERSION' ) ) {
|
| 27 |
+
define( 'CAPSMAN_VERSION', '1.5.9' );
|
| 28 |
+
define( 'CAPSMAN_ENH_VERSION', '1.5.9' );
|
| 29 |
}
|
| 30 |
|
| 31 |
if ( cme_is_plugin_active( 'capsman.php' ) ) {
|
framework/lib/themes-agapetry.php
CHANGED
|
@@ -24,7 +24,7 @@ function agp_admin_footer( $mod_id = '' ) {
|
|
| 24 |
| © <?php _e( 'Copyright 2010 Jordi Canals', 'capsman-enhanced' );?>
|
| 25 |
|
|
| 26 |
<?php
|
| 27 |
-
printf( __( 'Modifications © Copyright %1$s %2$s', 'capsman-enhanced' ), '2012-
|
| 28 |
</p>
|
| 29 |
<?php
|
| 30 |
}
|
| 24 |
| © <?php _e( 'Copyright 2010 Jordi Canals', 'capsman-enhanced' );?>
|
| 25 |
|
|
| 26 |
<?php
|
| 27 |
+
printf( __( 'Modifications © Copyright %1$s %2$s', 'capsman-enhanced' ), '2012-2018', '<a href="http://agapetry.com">Kevin Behrens</a>' );?>
|
| 28 |
</p>
|
| 29 |
<?php
|
| 30 |
}
|
includes/handler.php
CHANGED
|
@@ -312,9 +312,11 @@ class CapsmanHandler
|
|
| 312 |
return;
|
| 313 |
}
|
| 314 |
|
| 315 |
-
$
|
|
|
|
|
|
|
| 316 |
. "ON {$wpdb->usermeta}.user_id = {$wpdb->users}.ID "
|
| 317 |
-
. "WHERE meta_key='{$wpdb->prefix}capabilities' AND meta_value LIKE
|
| 318 |
|
| 319 |
$users = $wpdb->get_results($query);
|
| 320 |
|
| 312 |
return;
|
| 313 |
}
|
| 314 |
|
| 315 |
+
$like = $wpdb->esc_like( $this->cm->current );
|
| 316 |
+
|
| 317 |
+
$query = $wpdb->prepare( "SELECT ID FROM {$wpdb->usermeta} INNER JOIN {$wpdb->users} "
|
| 318 |
. "ON {$wpdb->usermeta}.user_id = {$wpdb->users}.ID "
|
| 319 |
+
. "WHERE meta_key='{$wpdb->prefix}capabilities' AND meta_value LIKE %s", $like );
|
| 320 |
|
| 321 |
$users = $wpdb->get_results($query);
|
| 322 |
|
includes/manager.php
CHANGED
|
@@ -11,7 +11,7 @@
|
|
| 11 |
*
|
| 12 |
|
| 13 |
Copyright 2009, 2010 Jordi Canals <devel@jcanals.cat>
|
| 14 |
-
Modifications Copyright 2012-
|
| 15 |
|
| 16 |
This program is free software; you can redistribute it and/or
|
| 17 |
modify it under the terms of the GNU General Public License
|
| 11 |
*
|
| 12 |
|
| 13 |
Copyright 2009, 2010 Jordi Canals <devel@jcanals.cat>
|
| 14 |
+
Modifications Copyright 2012-2018 Kevin Behrens <kevin@agapetry.net>
|
| 15 |
|
| 16 |
This program is free software; you can redistribute it and/or
|
| 17 |
modify it under the terms of the GNU General Public License
|
includes/pp-ui.php
CHANGED
|
@@ -9,11 +9,14 @@ class Capsman_PP_UI {
|
|
| 9 |
function get_metagroup_caps( $default ) {
|
| 10 |
global $wpdb;
|
| 11 |
|
| 12 |
-
if ( defined( 'PPC_VERSION' ) )
|
| 13 |
-
$
|
| 14 |
-
|
| 15 |
-
|
| 16 |
-
|
|
|
|
|
|
|
|
|
|
| 17 |
$pp_filtered_types = pp_get_enabled_types('post');
|
| 18 |
$pp_metagroup_caps = array();
|
| 19 |
$pp_cap_caster = pp_init_cap_caster();
|
| 9 |
function get_metagroup_caps( $default ) {
|
| 10 |
global $wpdb;
|
| 11 |
|
| 12 |
+
if ( defined( 'PPC_VERSION' ) ) {
|
| 13 |
+
$query = $wpdb->prepare( "SELECT role_name FROM $wpdb->ppc_roles AS r INNER JOIN $wpdb->pp_groups AS g ON g.ID = r.agent_id AND r.agent_type = 'pp_group' WHERE g.metagroup_type = 'wp_role' AND g.metagroup_id = %s", $default );
|
| 14 |
+
$pp_supplemental_roles = $wpdb->get_col( $query );
|
| 15 |
+
} else {
|
| 16 |
+
$query = $wpdb->prepare( "SELECT role_name FROM $wpdb->pp_roles AS r INNER JOIN $wpdb->pp_groups AS g ON g.ID = r.group_id AND r.group_type = 'pp_group' AND r.scope = 'site' WHERE g.metagroup_type = 'wp_role' AND g.metagroup_id = %s", $default );
|
| 17 |
+
$pp_supplemental_roles = $wpdb->get_col( $query );
|
| 18 |
+
}
|
| 19 |
+
|
| 20 |
$pp_filtered_types = pp_get_enabled_types('post');
|
| 21 |
$pp_metagroup_caps = array();
|
| 22 |
$pp_cap_caster = pp_init_cap_caster();
|
readme.txt
CHANGED
|
@@ -3,8 +3,8 @@ Contributors: txanny, kevinB
|
|
| 3 |
Donate Link: https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=JWZVFUDLLYQBA
|
| 4 |
Tags: roles, capabilities, manager, editor, rights, role, capability, types, taxonomies, network, multisite, default
|
| 5 |
Requires at least: 3.1
|
| 6 |
-
Tested up to: 4.9.
|
| 7 |
-
Stable tag: 1.5.
|
| 8 |
|
| 9 |
A simple way to manage WordPress roles and capabilities.
|
| 10 |
|
|
@@ -109,6 +109,9 @@ You should have received a copy of the GNU General Public License along with thi
|
|
| 109 |
|
| 110 |
== Changelog ==
|
| 111 |
|
|
|
|
|
|
|
|
|
|
| 112 |
= 1.5.8 =
|
| 113 |
* Fixed : PHP warning for deprecated function WP_Roles::reinit
|
| 114 |
* Change : Don't allow non-Administrator to edit Administrators, even if Administrator role level is set to 0
|
| 3 |
Donate Link: https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=JWZVFUDLLYQBA
|
| 4 |
Tags: roles, capabilities, manager, editor, rights, role, capability, types, taxonomies, network, multisite, default
|
| 5 |
Requires at least: 3.1
|
| 6 |
+
Tested up to: 4.9.7
|
| 7 |
+
Stable tag: 1.5.9
|
| 8 |
|
| 9 |
A simple way to manage WordPress roles and capabilities.
|
| 10 |
|
| 109 |
|
| 110 |
== Changelog ==
|
| 111 |
|
| 112 |
+
= 1.5.9 =
|
| 113 |
+
* Fixed : Potential vulnerability in wp-admin (but exposure was only to users with role editing capability)
|
| 114 |
+
|
| 115 |
= 1.5.8 =
|
| 116 |
* Fixed : PHP warning for deprecated function WP_Roles::reinit
|
| 117 |
* Change : Don't allow non-Administrator to edit Administrators, even if Administrator role level is set to 0
|
