Capability Manager Enhanced - Version 1.5.9

Version Description

  • Fixed : Potential vulnerability in wp-admin (but exposure was only to users with role editing capability)
Download this release

Release Info

Developer kevinB
Plugin Icon 128x128 Capability Manager Enhanced
Version 1.5.9
Comparing to
See all releases

Code changes from version 1.5.8 to 1.5.9

capsman-enhanced.php CHANGED
@@ -8,14 +8,14 @@
8
* @copyright Copyright (C) 2009, 2010 Jordi Canals; modifications Copyright (C) 2012-2018 Kevin Behrens
9
* @license GNU General Public License version 3
10
* @link http://agapetry.net
11
- * @version 1.5.8
12
*/
13
14
/*
15
Plugin Name: Capability Manager Enhanced
16
Plugin URI: http://presspermit.com/capability-manager
17
Description: Manage WordPress role definitions, per-site or network-wide. Organizes post capabilities by post type and operation.
18
- Version: 1.5.8
19
Author: Jordi Canals, Kevin Behrens
20
Author URI: http://agapetry.net
21
Text Domain: capsman-enhanced
@@ -24,8 +24,8 @@ License: GPLv3
24
*/
25
26
if ( ! defined( 'CAPSMAN_VERSION' ) ) {
27
- define( 'CAPSMAN_VERSION', '1.5.8' );
28
- define( 'CAPSMAN_ENH_VERSION', '1.5.8' );
29
}
30
31
if ( cme_is_plugin_active( 'capsman.php' ) ) {
8
* @copyright Copyright (C) 2009, 2010 Jordi Canals; modifications Copyright (C) 2012-2018 Kevin Behrens
9
* @license GNU General Public License version 3
10
* @link http://agapetry.net
11
+ * @version 1.5.9
12
*/
13
14
/*
15
Plugin Name: Capability Manager Enhanced
16
Plugin URI: http://presspermit.com/capability-manager
17
Description: Manage WordPress role definitions, per-site or network-wide. Organizes post capabilities by post type and operation.
18
+ Version: 1.5.9
19
Author: Jordi Canals, Kevin Behrens
20
Author URI: http://agapetry.net
21
Text Domain: capsman-enhanced
24
*/
25
26
if ( ! defined( 'CAPSMAN_VERSION' ) ) {
27
+ define( 'CAPSMAN_VERSION', '1.5.9' );
28
+ define( 'CAPSMAN_ENH_VERSION', '1.5.9' );
29
}
30
31
if ( cme_is_plugin_active( 'capsman.php' ) ) {
framework/lib/themes-agapetry.php CHANGED
@@ -24,7 +24,7 @@ function agp_admin_footer( $mod_id = '' ) {
24
&nbsp;&nbsp;|&nbsp;&nbsp;&copy; <?php _e( 'Copyright 2010 Jordi Canals', 'capsman-enhanced' );?>
25
&nbsp;&nbsp;|&nbsp;&nbsp;
26
<?php
27
- printf( __( 'Modifications &copy; Copyright %1$s %2$s', 'capsman-enhanced' ), '2012-2015', '<a href="http://agapetry.com">Kevin Behrens</a>' );?>
28
</p>
29
<?php
30
}
24
&nbsp;&nbsp;|&nbsp;&nbsp;&copy; <?php _e( 'Copyright 2010 Jordi Canals', 'capsman-enhanced' );?>
25
&nbsp;&nbsp;|&nbsp;&nbsp;
26
<?php
27
+ printf( __( 'Modifications &copy; Copyright %1$s %2$s', 'capsman-enhanced' ), '2012-2018', '<a href="http://agapetry.com">Kevin Behrens</a>' );?>
28
</p>
29
<?php
30
}
includes/handler.php CHANGED
@@ -312,9 +312,11 @@ class CapsmanHandler
312
return;
313
}
314
315
- $query = "SELECT ID FROM {$wpdb->usermeta} INNER JOIN {$wpdb->users} "
316
. "ON {$wpdb->usermeta}.user_id = {$wpdb->users}.ID "
317
- . "WHERE meta_key='{$wpdb->prefix}capabilities' AND meta_value LIKE '%{$this->cm->current}%';";
318
319
$users = $wpdb->get_results($query);
320
312
return;
313
}
314
315
+ $like = $wpdb->esc_like( $this->cm->current );
316
+
317
+ $query = $wpdb->prepare( "SELECT ID FROM {$wpdb->usermeta} INNER JOIN {$wpdb->users} "
318
. "ON {$wpdb->usermeta}.user_id = {$wpdb->users}.ID "
319
+ . "WHERE meta_key='{$wpdb->prefix}capabilities' AND meta_value LIKE %s", $like );
320
321
$users = $wpdb->get_results($query);
322
includes/manager.php CHANGED
@@ -11,7 +11,7 @@
11
*
12
13
Copyright 2009, 2010 Jordi Canals <devel@jcanals.cat>
14
- Modifications Copyright 2012-2015 Kevin Behrens <kevin@agapetry.net>
15
16
This program is free software; you can redistribute it and/or
17
modify it under the terms of the GNU General Public License
11
*
12
13
Copyright 2009, 2010 Jordi Canals <devel@jcanals.cat>
14
+ Modifications Copyright 2012-2018 Kevin Behrens <kevin@agapetry.net>
15
16
This program is free software; you can redistribute it and/or
17
modify it under the terms of the GNU General Public License
includes/pp-ui.php CHANGED
@@ -9,11 +9,14 @@ class Capsman_PP_UI {
9
function get_metagroup_caps( $default ) {
10
global $wpdb;
11
12
- if ( defined( 'PPC_VERSION' ) )
13
- $pp_supplemental_roles = $wpdb->get_col( "SELECT role_name FROM $wpdb->ppc_roles AS r INNER JOIN $wpdb->pp_groups AS g ON g.ID = r.agent_id AND r.agent_type = 'pp_group' WHERE g.metagroup_type = 'wp_role' AND g.metagroup_id = '$default'" );
14
- else
15
- $pp_supplemental_roles = $wpdb->get_col( "SELECT role_name FROM $wpdb->pp_roles AS r INNER JOIN $wpdb->pp_groups AS g ON g.ID = r.group_id AND r.group_type = 'pp_group' AND r.scope = 'site' WHERE g.metagroup_type = 'wp_role' AND g.metagroup_id = '$default'" );
16
-
17
$pp_filtered_types = pp_get_enabled_types('post');
18
$pp_metagroup_caps = array();
19
$pp_cap_caster = pp_init_cap_caster();
9
function get_metagroup_caps( $default ) {
10
global $wpdb;
11
12
+ if ( defined( 'PPC_VERSION' ) ) {
13
+ $query = $wpdb->prepare( "SELECT role_name FROM $wpdb->ppc_roles AS r INNER JOIN $wpdb->pp_groups AS g ON g.ID = r.agent_id AND r.agent_type = 'pp_group' WHERE g.metagroup_type = 'wp_role' AND g.metagroup_id = %s", $default );
14
+ $pp_supplemental_roles = $wpdb->get_col( $query );
15
+ } else {
16
+ $query = $wpdb->prepare( "SELECT role_name FROM $wpdb->pp_roles AS r INNER JOIN $wpdb->pp_groups AS g ON g.ID = r.group_id AND r.group_type = 'pp_group' AND r.scope = 'site' WHERE g.metagroup_type = 'wp_role' AND g.metagroup_id = %s", $default );
17
+ $pp_supplemental_roles = $wpdb->get_col( $query );
18
+ }
19
+
20
$pp_filtered_types = pp_get_enabled_types('post');
21
$pp_metagroup_caps = array();
22
$pp_cap_caster = pp_init_cap_caster();
readme.txt CHANGED
@@ -3,8 +3,8 @@ Contributors: txanny, kevinB
3
Donate Link: https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=JWZVFUDLLYQBA
4
Tags: roles, capabilities, manager, editor, rights, role, capability, types, taxonomies, network, multisite, default
5
Requires at least: 3.1
6
- Tested up to: 4.9.5
7
- Stable tag: 1.5.8
8
9
A simple way to manage WordPress roles and capabilities.
10
@@ -109,6 +109,9 @@ You should have received a copy of the GNU General Public License along with thi
109
110
== Changelog ==
111
112
= 1.5.8 =
113
* Fixed : PHP warning for deprecated function WP_Roles::reinit
114
* Change : Don't allow non-Administrator to edit Administrators, even if Administrator role level is set to 0
3
Donate Link: https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=JWZVFUDLLYQBA
4
Tags: roles, capabilities, manager, editor, rights, role, capability, types, taxonomies, network, multisite, default
5
Requires at least: 3.1
6
+ Tested up to: 4.9.7
7
+ Stable tag: 1.5.9
8
9
A simple way to manage WordPress roles and capabilities.
10
109
110
== Changelog ==
111
112
+ = 1.5.9 =
113
+ * Fixed : Potential vulnerability in wp-admin (but exposure was only to users with role editing capability)
114
+
115
= 1.5.8 =
116
* Fixed : PHP warning for deprecated function WP_Roles::reinit
117
* Change : Don't allow non-Administrator to edit Administrators, even if Administrator role level is set to 0