Version Description
- 02.01.2012
- Enhance server side validation for user input of new role name, minor bug fixes.
Download this release
Release Info
| Developer | shinephp |
| Plugin |  User Role Editor |
| Version | 3.3.2 |
| Comparing to | |
| See all releases | |
Code changes from version 3.3.1 to 3.3.2
- readme.txt +5 -1
- ure-lib.php +7 -4
- ure-options.php +1 -1
- ure-role-edit.php +2 -2
- user-role-editor.php +1 -1
readme.txt
CHANGED
|
@@ -4,7 +4,7 @@ Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=vladi
|
|
| 4 |
Tags: user, role, editor, security, access, permission, capability
|
| 5 |
Requires at least: 3.0
|
| 6 |
Tested up to: 3.3
|
| 7 |
-
Stable tag: 3.3.
|
| 8 |
|
| 9 |
User Role Editor WordPress plugin makes the role capabilities changing easy. You can change any standard WordPress user role (except administrator).
|
| 10 |
|
|
@@ -80,6 +80,10 @@ Share with me new ideas about plugin further development and link to your site w
|
|
| 80 |
|
| 81 |
|
| 82 |
== Changelog ==
|
|
|
|
|
|
|
|
|
|
|
|
|
| 83 |
= 3.3.1 =
|
| 84 |
* 12.12.2011
|
| 85 |
* Compatibility with Internet Explorer fix: It automatically replaced '©' in '©_from_user_role' URL parameter inside JavaScript code to copyright sign.So I should use other name for this parameter. Thanks to Michael Wiekenberg for the help with isolating this issue.
|
| 4 |
Tags: user, role, editor, security, access, permission, capability
|
| 5 |
Requires at least: 3.0
|
| 6 |
Tested up to: 3.3
|
| 7 |
+
Stable tag: 3.3.2
|
| 8 |
|
| 9 |
User Role Editor WordPress plugin makes the role capabilities changing easy. You can change any standard WordPress user role (except administrator).
|
| 10 |
|
| 80 |
|
| 81 |
|
| 82 |
== Changelog ==
|
| 83 |
+
= 3.3.2 =
|
| 84 |
+
* 02.01.2012
|
| 85 |
+
* Enhance server side validation for user input of new role name, minor bug fixes.
|
| 86 |
+
|
| 87 |
= 3.3.1 =
|
| 88 |
* 12.12.2011
|
| 89 |
* Compatibility with Internet Explorer fix: It automatically replaced '©' in '©_from_user_role' URL parameter inside JavaScript code to copyright sign.So I should use other name for this parameter. Thanks to Michael Wiekenberg for the help with isolating this issue.
|
ure-lib.php
CHANGED
|
@@ -138,11 +138,13 @@ function ure_getUserRoles() {
|
|
| 138 |
}
|
| 139 |
|
| 140 |
$ure_roles = $wp_roles->roles;
|
| 141 |
-
|
|
|
|
|
|
|
| 142 |
|
| 143 |
return $ure_roles;
|
| 144 |
}
|
| 145 |
-
// end of
|
| 146 |
|
| 147 |
|
| 148 |
// restores User Roles from the backup record
|
|
@@ -296,8 +298,9 @@ function ure_newRoleCreate(&$ure_currentRole) {
|
|
| 296 |
if (isset($_GET['user_role']) && $_GET['user_role']) {
|
| 297 |
$user_role = utf8_decode(urldecode($_GET['user_role']));
|
| 298 |
// sanitize user input for security
|
| 299 |
-
|
| 300 |
-
|
|
|
|
| 301 |
}
|
| 302 |
if ($user_role) {
|
| 303 |
if (!isset($wp_roles)) {
|
| 138 |
}
|
| 139 |
|
| 140 |
$ure_roles = $wp_roles->roles;
|
| 141 |
+
if (is_array($ure_roles)) {
|
| 142 |
+
asort($ure_roles);
|
| 143 |
+
}
|
| 144 |
|
| 145 |
return $ure_roles;
|
| 146 |
}
|
| 147 |
+
// end of ure_getUserRoles()
|
| 148 |
|
| 149 |
|
| 150 |
// restores User Roles from the backup record
|
| 298 |
if (isset($_GET['user_role']) && $_GET['user_role']) {
|
| 299 |
$user_role = utf8_decode(urldecode($_GET['user_role']));
|
| 300 |
// sanitize user input for security
|
| 301 |
+
$valid_name = preg_match('/^[A-Za-z_][A-Za-z0-9_]*/', $user_role, $match);
|
| 302 |
+
if (!$valid_name || ($valid_name && ($match[0]!=$user_role))) { // some non-alphanumeric charactes found!
|
| 303 |
+
return __('Error: Role name must contain latin characters and digits only!', 'ure');
|
| 304 |
}
|
| 305 |
if ($user_role) {
|
| 306 |
if (!isset($wp_roles)) {
|
ure-options.php
CHANGED
|
@@ -188,7 +188,7 @@ ure_showMessage($mess);
|
|
| 188 |
</script>
|
| 189 |
<div id="poststuff" class="metabox-holder has-right-sidebar">
|
| 190 |
<div class="inner-sidebar" >
|
| 191 |
-
<div id="side-sortables" class="meta-box-
|
| 192 |
<?php ure_displayBoxStart(__('About this Plugin:', 'ure')); ?>
|
| 193 |
<a class="ure_rsb_link" style="background-image:url(<?php echo $shinephpFavIcon; ?>);" target="_blank" href="http://www.shinephp.com/"><?php _e("Author's website", 'ure'); ?></a>
|
| 194 |
<a class="ure_rsb_link" style="background-image:url(<?php echo URE_PLUGIN_URL.'/images/user-role-editor-icon.png'; ?>);" target="_blank" href="http://www.shinephp.com/user-role-editor-wordpress-plugin/"><?php _e('Plugin webpage', 'ure'); ?></a>
|
| 188 |
</script>
|
| 189 |
<div id="poststuff" class="metabox-holder has-right-sidebar">
|
| 190 |
<div class="inner-sidebar" >
|
| 191 |
+
<div id="side-sortables" class="meta-box-sortables ui-sortable" style="position:relative;">
|
| 192 |
<?php ure_displayBoxStart(__('About this Plugin:', 'ure')); ?>
|
| 193 |
<a class="ure_rsb_link" style="background-image:url(<?php echo $shinephpFavIcon; ?>);" target="_blank" href="http://www.shinephp.com/"><?php _e("Author's website", 'ure'); ?></a>
|
| 194 |
<a class="ure_rsb_link" style="background-image:url(<?php echo URE_PLUGIN_URL.'/images/user-role-editor-icon.png'; ?>);" target="_blank" href="http://www.shinephp.com/user-role-editor-wordpress-plugin/"><?php _e('Plugin webpage', 'ure'); ?></a>
|
ure-role-edit.php
CHANGED
|
@@ -14,7 +14,7 @@ if (!defined('URE_PLUGIN_URL')) {
|
|
| 14 |
ure_makeRolesBackup();
|
| 15 |
|
| 16 |
if (!isset($ure_currentRole) || !$ure_currentRole) {
|
| 17 |
-
if (isset($_REQUEST['user_role']) && $_REQUEST['user_role']) {
|
| 18 |
$ure_currentRole = $_REQUEST['user_role'];
|
| 19 |
} else {
|
| 20 |
$ure_currentRole = $ure_rolesId[count($ure_rolesId) - 1];
|
|
@@ -134,7 +134,7 @@ if (is_multisite()) {
|
|
| 134 |
}
|
| 135 |
}
|
| 136 |
}
|
| 137 |
-
document.location = url;
|
| 138 |
} else {
|
| 139 |
document.getElementById('ure-form').submit();
|
| 140 |
}
|
| 14 |
ure_makeRolesBackup();
|
| 15 |
|
| 16 |
if (!isset($ure_currentRole) || !$ure_currentRole) {
|
| 17 |
+
if (isset($_REQUEST['user_role']) && $_REQUEST['user_role'] && isset($ure_roles[$_REQUEST['user_role']])) {
|
| 18 |
$ure_currentRole = $_REQUEST['user_role'];
|
| 19 |
} else {
|
| 20 |
$ure_currentRole = $ure_rolesId[count($ure_rolesId) - 1];
|
| 134 |
}
|
| 135 |
}
|
| 136 |
}
|
| 137 |
+
document.location.href = url;
|
| 138 |
} else {
|
| 139 |
document.getElementById('ure-form').submit();
|
| 140 |
}
|
user-role-editor.php
CHANGED
|
@@ -3,7 +3,7 @@
|
|
| 3 |
Plugin Name: User Role Editor
|
| 4 |
Plugin URI: http://www.shinephp.com/user-role-editor-wordpress-plugin/
|
| 5 |
Description: It allows you to change/add/delete any WordPress user role (except administrator) capabilities list with a few clicks.
|
| 6 |
-
Version: 3.3.
|
| 7 |
Author: Vladimir Garagulya
|
| 8 |
Author URI: http://www.shinephp.com
|
| 9 |
Text Domain: ure
|
| 3 |
Plugin Name: User Role Editor
|
| 4 |
Plugin URI: http://www.shinephp.com/user-role-editor-wordpress-plugin/
|
| 5 |
Description: It allows you to change/add/delete any WordPress user role (except administrator) capabilities list with a few clicks.
|
| 6 |
+
Version: 3.3.2
|
| 7 |
Author: Vladimir Garagulya
|
| 8 |
Author URI: http://www.shinephp.com
|
| 9 |
Text Domain: ure
|
