User Role Editor - Version 4.10

Version Description

15.02.2014
Security enhancement: WordPress text translation functions were replaced with more secure esc_html_() and esc_htmle() variants.
Pro version: It is possible to restrict access to the post or page content view for selected roles. Activate the option at plugin "Settings" page and use new "Content View Restrictions" metabox at post/page editor to setup content view access restrictions.
Pro version: Gravity Forms access management module was updated for compatibility with Gravity Forms version 1.8.3. If you need compatibility with earlier Gravity Forms versions, e.g. 1.7.9, use User Role Editor version 4.9.

Release Info

Developer	shinephp
Plugin	User Role Editor
Version	4.10
Comparing to
See all releases

Code changes from version 4.9 to 4.10

Files changed (6) hide show

includes/class-ure-lib.php +37 -35
includes/class-user-role-editor.php +11 -10
includes/ure-role-edit.php +7 -7
includes/ure-user-edit.php +10 -10
readme.txt +9 -2
user-role-editor.php +3 -3

includes/class-ure-lib.php CHANGED Viewed

	@@ -140,7 +140,7 @@ class Ure_Lib extends Garvs_WP_Lib {
140	public function editor() {
141
142	if (!$this->editor_init0()) {
143	- $this->show_message(__('Error: wrong request', 'URE'));
144	return false;
145	}
146	$this->process_user_request();
	@@ -172,18 +172,18 @@ class Ure_Lib extends Garvs_WP_Lib {
172	<!-- popup dialogs markup -->
173	<div id="ure_add_role_dialog" class="ure-modal-dialog" style="padding: 10px;">
174	<form id="ure_add_role_form" name="ure_add_role_form" method="POST">
175	- <div class="ure-label"><?php ~~echo __~~('Role name (ID): ', 'ure'); ?></div>
176	<div class="ure-input"><input type="text" name="user_role_id" id="user_role_id" size="25"/></div>
177	- <div class="ure-label"><?php ~~echo __~~('Display Role Name: ', 'ure'); ?></div>
178	<div class="ure-input"><input type="text" name="user_role_name" id="user_role_name" size="25"/></div>
179	- <div class="ure-label"><?php ~~echo __~~('Make copy of: ', 'ure'); ?></div>
180	<div class="ure-input"><?php echo $this->role_to_copy_html; ?></div>
181	</form>
182	</div>
183
184	<div id="ure_delete_role_dialog" class="ure-modal-dialog">
185	<div style="padding:10px;">
186	- <div class="ure-label"><?php _e('Select Role:', 'ure');?></div>
187	<div class="ure-input"><?php echo $this->role_delete_html; ?></div>
188	</div>
189	</div>
	@@ -198,14 +198,14 @@ class Ure_Lib extends Garvs_WP_Lib {
198
199	<div id="ure_delete_capability_dialog" class="ure-modal-dialog">
200	<div style="padding:10px;">
201	- <div class="ure-label"><?php _e('Delete:', 'ure');?></div>
202	<div class="ure-input"><?php echo $this->capability_remove_html; ?></div>
203	</div>
204	</div>
205
206	<div id="ure_add_capability_dialog" class="ure-modal-dialog">
207	<div style="padding:10px;">
208	- <div class="ure-label"><?php ~~echo __~~('Capability name (ID): ', 'ure'); ?></div>
209	<div class="ure-input"><input type="text" name="capability_id" id="capability_id" size="25"/></div>
210	</div>
211	</div>
	@@ -319,7 +319,8 @@ class Ure_Lib extends Garvs_WP_Lib {
319	protected function init_current_role_name() {
320
321	if (!isset($this->roles[$_POST['user_role']])) {
322	- $mess = __('Error: ', 'ure') . __('Role', 'ure') . ' <em>' . esc_html($_POST['user_role']) . '</em> ' . ~~__('does not exist', 'ure');~~

323	$this->current_role = '';
324	$this->current_role_name = '';
325	} else {
	@@ -362,27 +363,27 @@ class Ure_Lib extends Garvs_WP_Lib {
362	$mess .= '<br/>';
363	}
364	if (!$this->apply_to_all) {
365	- $mess = __('Role is updated successfully', 'ure');
366	} else {
367	- $mess = __('Roles are updated for all network', 'ure');
368	}
369	} else {
370	if ($mess) {
371	$mess .= '<br/>';
372	}
373	- $mess = __('Error occured during role(s) update', 'ure');
374	}
375	} else {
376	if ($this->update_user($this->user_to_edit)) {
377	if ($mess) {
378	$mess .= '<br/>';
379	}
380	- $mess = __('User capabilities are updated successfully', 'ure');
381	} else {
382	if ($mess) {
383	$mess .= '<br/>';
384	}
385	- $mess = __('Error occured during user update', 'ure');
386	}
387	}
388	return $mess;
	@@ -437,7 +438,7 @@ class Ure_Lib extends Garvs_WP_Lib {
437	} else if ($action == 'delete-user-capability') {
438	$this->notification = $this->delete_capability();
439	} else if ($action == 'roles_restore_note') {
440	- $this->notification = __('User Roles are restored to WordPress default values. ', 'ure');
441	} else if ($action == 'update') {
442	$this->roles = $this->get_user_roles();
443	$this->init_full_capabilities();
	@@ -1239,7 +1240,7 @@ class Ure_Lib extends Garvs_WP_Lib {
1239	<div id="ure_service_tools">
1240	<?php
1241	do_action('ure_role_edit_toolbar_service');
1242	- if (~~!is_multisite()~~ \|\|
1243	(is_main_site( get_current_blog_id()) \|\| (is_network_admin() && is_super_admin()))
1244	) {
1245	?>
	@@ -1335,7 +1336,8 @@ class Ure_Lib extends Garvs_WP_Lib {
1335	}
1336	// end of switch
1337	if (!empty($url)) {
1338	- $link = '<a href="' . $url . '" title="read about ' . $capability . ' user capability" target="new"><img src="' . ~~URE_PLUGIN_URL . '/images/help.png" alt="' . __('Help', 'ure') . '" /></a>';~~

1339	} else {
1340	$link = '';
1341	}
	@@ -1397,7 +1399,7 @@ class Ure_Lib extends Garvs_WP_Lib {
1397	if (!isset($this->full_capabilities[$cap_id])) {
1398	$cap = array();
1399	$cap['inner'] = $cap_id;
1400	- $cap['human'] = __($this->convert_caps_to_readable($cap_id), 'ure');
1401	if (isset($this->built_in_wp_caps[$cap_id])) {
1402	$cap['wp_core'] = true;
1403	} else {
	@@ -1685,7 +1687,7 @@ class Ure_Lib extends Garvs_WP_Lib {
1685	fclose($fh);
1686
1687	if ($show_message) {
1688	- $this->show_message('Error! ' . __('Error is occur. Please check the log file.', 'ure'));
1689	}
1690	}
1691	// end of log_event()
	@@ -1747,7 +1749,7 @@ class Ure_Lib extends Garvs_WP_Lib {
1747	$wp_roles = new WP_Roles();
1748	}
1749	if (isset($wp_roles->roles[$user_role_id])) {
1750	- return sprintf('Error! ' . __('Role %s exists already', 'ure'), $user_role_id);
1751	}
1752	$user_role_id = strtolower($user_role_id);
1753	$this->current_role = $user_role_id;
	@@ -1762,9 +1764,9 @@ class Ure_Lib extends Garvs_WP_Lib {
1762	// add new role to the roles array
1763	$result = add_role($user_role_id, $user_role_name, $capabilities);
1764	if (!isset($result) \|\| empty($result)) {
1765	- $mess = 'Error! ' . __('Error is encountered during new role create operation', 'ure');
1766	} else {
1767	- $mess = sprintf(__('Role %s is created successfully', 'ure'), $user_role_name);
1768	}
1769	}
1770	}
	@@ -1833,11 +1835,11 @@ class Ure_Lib extends Garvs_WP_Lib {
1833	$result = $this->delete_wp_roles(array($role));
1834	}
1835	if (empty($result)) {
1836	- $mess = 'Error! ' . __('Error encountered during role delete operation', 'ure');
1837	} elseif ($role==-1) {
1838	- $mess = sprintf(__('Unused roles are deleted successfully', 'ure'), $role);
1839	} else {
1840	- $mess = sprintf(__('Role %s is deleted successfully', 'ure'), $role);
1841	}
1842	unset($_POST['user_role']);
1843	}
	@@ -1862,13 +1864,13 @@ class Ure_Lib extends Garvs_WP_Lib {
1862	if (!empty($_POST['user_role_id'])) {
1863	$user_role_id = $_POST['user_role_id'];
1864	unset($_POST['user_role_id']);
1865	- $errorMessage = 'Error! ' . __('Error encountered during default role change operation', 'ure');
1866	if (isset($wp_roles->role_objects[$user_role_id]) && $user_role_id !== 'administrator') {
1867	$result = update_option('default_role', $user_role_id);
1868	if (empty($result)) {
1869	$mess = $errorMessage;
1870	} else {
1871	- $mess = sprintf(__('Default role for new users is set to %s successfully', 'ure'), $wp_roles->role_names[$user_role_id]);
1872	}
1873	} else {
1874	$mess = $errorMessage;
	@@ -2063,7 +2065,7 @@ class Ure_Lib extends Garvs_WP_Lib {
2063	// sanitize user input for security
2064	$valid_name = preg_match('/[A-Za-z0-9_\-]*/', $user_capability, $match);
2065	if (!$valid_name \|\| ($valid_name && ($match[0] != $user_capability))) { // some non-alphanumeric charactes found!
2066	- return 'Error! ' . __('Error: Capability name must contain latin characters and digits only!', 'ure');
2067	;
2068	}
2069
	@@ -2076,9 +2078,9 @@ class Ure_Lib extends Garvs_WP_Lib {
2076	$administrator = $wp_roles->get_role('administrator');
2077	if (!$administrator->has_cap($user_capability)) {
2078	$wp_roles->add_cap('administrator', $user_capability);
2079	- $mess = sprintf(__('Capability %s is added successfully', 'ure'), $user_capability);
2080	} else {
2081	- $mess = sprintf('Error! ' . __('Capability %s exists already', 'ure'), $user_capability);
2082	}
2083	}
2084	}
	@@ -2103,7 +2105,7 @@ class Ure_Lib extends Garvs_WP_Lib {
2103	$capability_id = $_POST['user_capability_id'];
2104	$caps_to_remove = $this->get_caps_to_remove();
2105	if (!is_array($caps_to_remove) \|\| count($caps_to_remove) == 0 \|\| !isset($caps_to_remove[$capability_id])) {
2106	- return sprintf(__('Error! You do not have permission to delete this capability: %s!', 'ure'), $capability_id);
2107	}
2108
2109	// process users
	@@ -2122,7 +2124,7 @@ class Ure_Lib extends Garvs_WP_Lib {
2122	}
2123	}
2124
2125	- $mess = sprintf(__('Capability %s is removed successfully', 'ure'), $capability_id);
2126	}
2127
2128	return $mess;
	@@ -2279,7 +2281,7 @@ class Ure_Lib extends Garvs_WP_Lib {
2279	}
2280	$this->role_default_html = '<select id="default_user_role" name="default_user_role" '. $select_style .'>';
2281	$this->role_to_copy_html = '<select id="user_role_copy_from" name="user_role_copy_from" style="width: '. $select_width .'px">
2282	- <option value="none" selected="selected">' . __('None', 'ure') . '</option>';
2283	$this->role_select_html = '<select id="user_role" name="user_role" onchange="ure_role_change(this.value);">';
2284	foreach ($this->roles as $key => $value) {
2285	$selected1 = $this->option_selected($key, $this->current_role);
	@@ -2304,9 +2306,9 @@ class Ure_Lib extends Garvs_WP_Lib {
2304	if ($roles_can_delete && count($roles_can_delete) > 0) {
2305	$this->role_delete_html = '<select id="del_user_role" name="del_user_role" width="200" style="width: 200px">';
2306	foreach ($roles_can_delete as $key => $value) {
2307	- $this->role_delete_html .= '<option value="' . $key . '">' . __($value, 'ure') . '</option>';
2308	}
2309	- $this->role_delete_html .= '<option value="-1" style="color: red;">' . __('Delete All Unused Roles', 'ure') . '</option>';
2310	$this->role_delete_html .= '</select>';
2311	} else {
2312	$this->role_delete_html = '';
	@@ -2330,7 +2332,7 @@ class Ure_Lib extends Garvs_WP_Lib {
2330
2331	// print the 'no role' option. Make it selected if the user has no role yet.
2332	$selected = ( empty($user_primary_role) ) ? 'selected="selected"' : '';
2333	- echo '<option value="" '. $selected.'>' . __('— No role for this site —') . '</option>';
2334	?>
2335	</select>
2336	<?php


140	public function editor() {
141
142	if (!$this->editor_init0()) {
143	+ $this->show_message(esc_html__('Error: wrong request', 'URE'));
144	return false;
145	}
146	$this->process_user_request();

172	<!-- popup dialogs markup -->
173	<div id="ure_add_role_dialog" class="ure-modal-dialog" style="padding: 10px;">
174	<form id="ure_add_role_form" name="ure_add_role_form" method="POST">
175	+ <div class="ure-label"><?php esc_html_e('Role name (ID): ', 'ure'); ?></div>
176	<div class="ure-input"><input type="text" name="user_role_id" id="user_role_id" size="25"/></div>
177	+ <div class="ure-label"><?php esc_html_e('Display Role Name: ', 'ure'); ?></div>
178	<div class="ure-input"><input type="text" name="user_role_name" id="user_role_name" size="25"/></div>
179	+ <div class="ure-label"><?php esc_html_e('Make copy of: ', 'ure'); ?></div>
180	<div class="ure-input"><?php echo $this->role_to_copy_html; ?></div>
181	</form>
182	</div>
183
184	<div id="ure_delete_role_dialog" class="ure-modal-dialog">
185	<div style="padding:10px;">
186	+ <div class="ure-label"><?php esc_html_e('Select Role:', 'ure');?></div>
187	<div class="ure-input"><?php echo $this->role_delete_html; ?></div>
188	</div>
189	</div>

198
199	<div id="ure_delete_capability_dialog" class="ure-modal-dialog">
200	<div style="padding:10px;">
201	+ <div class="ure-label"><?php esc_html_e('Delete:', 'ure');?></div>
202	<div class="ure-input"><?php echo $this->capability_remove_html; ?></div>
203	</div>
204	</div>
205
206	<div id="ure_add_capability_dialog" class="ure-modal-dialog">
207	<div style="padding:10px;">
208	+ <div class="ure-label"><?php esc_html_e('Capability name (ID): ', 'ure'); ?></div>
209	<div class="ure-input"><input type="text" name="capability_id" id="capability_id" size="25"/></div>
210	</div>
211	</div>

319	protected function init_current_role_name() {
320
321	if (!isset($this->roles[$_POST['user_role']])) {
322	+ $mess = esc_html__('Error: ', 'ure') . esc_html__('Role', 'ure') . ' <em>' . esc_html($_POST['user_role']) . '</em> ' .
323	+ esc_html__('does not exist', 'ure');
324	$this->current_role = '';
325	$this->current_role_name = '';
326	} else {

363	$mess .= '<br/>';
364	}
365	if (!$this->apply_to_all) {
366	+ $mess = esc_html__('Role is updated successfully', 'ure');
367	} else {
368	+ $mess = esc_html__('Roles are updated for all network', 'ure');
369	}
370	} else {
371	if ($mess) {
372	$mess .= '<br/>';
373	}
374	+ $mess = esc_html__('Error occured during role(s) update', 'ure');
375	}
376	} else {
377	if ($this->update_user($this->user_to_edit)) {
378	if ($mess) {
379	$mess .= '<br/>';
380	}
381	+ $mess = esc_html__('User capabilities are updated successfully', 'ure');
382	} else {
383	if ($mess) {
384	$mess .= '<br/>';
385	}
386	+ $mess = esc_html__('Error occured during user update', 'ure');
387	}
388	}
389	return $mess;

438	} else if ($action == 'delete-user-capability') {
439	$this->notification = $this->delete_capability();
440	} else if ($action == 'roles_restore_note') {
441	+ $this->notification = esc_html__('User Roles are restored to WordPress default values. ', 'ure');
442	} else if ($action == 'update') {
443	$this->roles = $this->get_user_roles();
444	$this->init_full_capabilities();

1240	<div id="ure_service_tools">
1241	<?php
1242	do_action('ure_role_edit_toolbar_service');
1243	+ if (!$this->multisite \|\|
1244	(is_main_site( get_current_blog_id()) \|\| (is_network_admin() && is_super_admin()))
1245	) {
1246	?>

1336	}
1337	// end of switch
1338	if (!empty($url)) {
1339	+ $link = '<a href="' . $url . '" title="read about ' . $capability . ' user capability" target="new"><img src="' .
1340	+ URE_PLUGIN_URL . '/images/help.png" alt="' . esc_html__('Help', 'ure') . '" /></a>';
1341	} else {
1342	$link = '';
1343	}

1399	if (!isset($this->full_capabilities[$cap_id])) {
1400	$cap = array();
1401	$cap['inner'] = $cap_id;
1402	+ $cap['human'] = esc_html__($this->convert_caps_to_readable($cap_id), 'ure');
1403	if (isset($this->built_in_wp_caps[$cap_id])) {
1404	$cap['wp_core'] = true;
1405	} else {

1687	fclose($fh);
1688
1689	if ($show_message) {
1690	+ $this->show_message('Error! ' . esc_html__('Error is occur. Please check the log file.', 'ure'));
1691	}
1692	}
1693	// end of log_event()

1749	$wp_roles = new WP_Roles();
1750	}
1751	if (isset($wp_roles->roles[$user_role_id])) {
1752	+ return sprintf('Error! ' . esc_html__('Role %s exists already', 'ure'), $user_role_id);
1753	}
1754	$user_role_id = strtolower($user_role_id);
1755	$this->current_role = $user_role_id;

1764	// add new role to the roles array
1765	$result = add_role($user_role_id, $user_role_name, $capabilities);
1766	if (!isset($result) \|\| empty($result)) {
1767	+ $mess = 'Error! ' . esc_html__('Error is encountered during new role create operation', 'ure');
1768	} else {
1769	+ $mess = sprintf(esc_html__('Role %s is created successfully', 'ure'), $user_role_name);
1770	}
1771	}
1772	}

1835	$result = $this->delete_wp_roles(array($role));
1836	}
1837	if (empty($result)) {
1838	+ $mess = 'Error! ' . esc_html__('Error encountered during role delete operation', 'ure');
1839	} elseif ($role==-1) {
1840	+ $mess = sprintf(esc_html__('Unused roles are deleted successfully', 'ure'), $role);
1841	} else {
1842	+ $mess = sprintf(esc_html__('Role %s is deleted successfully', 'ure'), $role);
1843	}
1844	unset($_POST['user_role']);
1845	}

1864	if (!empty($_POST['user_role_id'])) {
1865	$user_role_id = $_POST['user_role_id'];
1866	unset($_POST['user_role_id']);
1867	+ $errorMessage = 'Error! ' . esc_html__('Error encountered during default role change operation', 'ure');
1868	if (isset($wp_roles->role_objects[$user_role_id]) && $user_role_id !== 'administrator') {
1869	$result = update_option('default_role', $user_role_id);
1870	if (empty($result)) {
1871	$mess = $errorMessage;
1872	} else {
1873	+ $mess = sprintf(esc_html__('Default role for new users is set to %s successfully', 'ure'), $wp_roles->role_names[$user_role_id]);
1874	}
1875	} else {
1876	$mess = $errorMessage;

2065	// sanitize user input for security
2066	$valid_name = preg_match('/[A-Za-z0-9_\-]*/', $user_capability, $match);
2067	if (!$valid_name \|\| ($valid_name && ($match[0] != $user_capability))) { // some non-alphanumeric charactes found!
2068	+ return 'Error! ' . esc_html__('Error: Capability name must contain latin characters and digits only!', 'ure');
2069	;
2070	}
2071

2078	$administrator = $wp_roles->get_role('administrator');
2079	if (!$administrator->has_cap($user_capability)) {
2080	$wp_roles->add_cap('administrator', $user_capability);
2081	+ $mess = sprintf(esc_html__('Capability %s is added successfully', 'ure'), $user_capability);
2082	} else {
2083	+ $mess = sprintf('Error! ' . esc_html__('Capability %s exists already', 'ure'), $user_capability);
2084	}
2085	}
2086	}

2105	$capability_id = $_POST['user_capability_id'];
2106	$caps_to_remove = $this->get_caps_to_remove();
2107	if (!is_array($caps_to_remove) \|\| count($caps_to_remove) == 0 \|\| !isset($caps_to_remove[$capability_id])) {
2108	+ return sprintf(esc_html__('Error! You do not have permission to delete this capability: %s!', 'ure'), $capability_id);
2109	}
2110
2111	// process users

2124	}
2125	}
2126
2127	+ $mess = sprintf(esc_html__('Capability %s is removed successfully', 'ure'), $capability_id);
2128	}
2129
2130	return $mess;

2281	}
2282	$this->role_default_html = '<select id="default_user_role" name="default_user_role" '. $select_style .'>';
2283	$this->role_to_copy_html = '<select id="user_role_copy_from" name="user_role_copy_from" style="width: '. $select_width .'px">
2284	+ <option value="none" selected="selected">' . esc_html__('None', 'ure') . '</option>';
2285	$this->role_select_html = '<select id="user_role" name="user_role" onchange="ure_role_change(this.value);">';
2286	foreach ($this->roles as $key => $value) {
2287	$selected1 = $this->option_selected($key, $this->current_role);

2306	if ($roles_can_delete && count($roles_can_delete) > 0) {
2307	$this->role_delete_html = '<select id="del_user_role" name="del_user_role" width="200" style="width: 200px">';
2308	foreach ($roles_can_delete as $key => $value) {
2309	+ $this->role_delete_html .= '<option value="' . $key . '">' . esc_html__($value, 'ure') . '</option>';
2310	}
2311	+ $this->role_delete_html .= '<option value="-1" style="color: red;">' . esc_html__('Delete All Unused Roles', 'ure') . '</option>';
2312	$this->role_delete_html .= '</select>';
2313	} else {
2314	$this->role_delete_html = '';

2332
2333	// print the 'no role' option. Make it selected if the user has no role yet.
2334	$selected = ( empty($user_primary_role) ) ? 'selected="selected"' : '';
2335	+ echo '<option value="" '. $selected.'>' . esc_html__('— No role for this site —') . '</option>';
2336	?>
2337	</select>
2338	<?php

includes/class-user-role-editor.php CHANGED Viewed

	@@ -197,9 +197,9 @@ class User_Role_Editor {
197
198	if ($screen->base == 'user-edit' \|\| $screen->base == 'user-edit-network') { // editing a user profile
199	if (!is_super_admin($current_user->ID) && is_super_admin($profileuser->ID)) { // trying to edit a superadmin while himself is less than a superadmin
200	- wp_die(__('You do not have permission to edit this user.'));
201	} elseif (!( is_user_member_of_blog($profileuser->ID, get_current_blog_id()) && is_user_member_of_blog($current_user->ID, get_current_blog_id()) )) { // editing user and edited user aren't members of the same blog
202	- wp_die(__('You do not have permission to edit this user.'));
203	}
204	}
205	}
	@@ -340,7 +340,7 @@ class User_Role_Editor {
340	if ($current_user->has_cap($this->key_capability)) {
341	$actions['capabilities'] = '<a href="' .
342	wp_nonce_url("users.php?page=users-".URE_PLUGIN_FILE."&object=user&user_id={$user->ID}", "ure_user_{$user->ID}") .
343	- '">' . __('Capabilities', 'ure') . '</a>';
344	}
345	}
346
	@@ -433,7 +433,7 @@ class User_Role_Editor {
433	{
434
435	if ($file == plugin_basename(dirname(URE_PLUGIN_FULL_PATH).'/'.URE_PLUGIN_FILE)) {
436	- $settings_link = "<a href='options-general.php?page=settings-".URE_PLUGIN_FILE."'>" . __('Settings', 'ure') . "</a>";
437	array_unshift($links, $settings_link);
438	}
439
	@@ -446,7 +446,7 @@ class User_Role_Editor {
446	public function plugin_row_meta($links, $file) {
447
448	if ($file == plugin_basename(dirname(URE_PLUGIN_FULL_PATH) .'/'.URE_PLUGIN_FILE)) {
449	- $links[] = '<a target="_blank" href="http://role-editor.com/changelog">' . __('Changelog', 'ure') . '</a>';
450	}
451
452	return $links;
	@@ -468,7 +468,7 @@ class User_Role_Editor {
468	$screen_help = new Ure_Screen_Help();
469	$screen->add_help_tab( array(
470	'id' => 'overview',
471	- 'title' => __('Overview'),
472	'content' => $screen_help->get_settings_help('overview')
473	));
474	}
	@@ -613,7 +613,7 @@ class User_Role_Editor {
613
614	public function settings() {
615	if (!current_user_can($this->key_capability)) {
616	- __( 'You do not have sufficient permissions to manage options for User Role Editor.', 'ure' );
617	}
618	$action = $this->get_settings_action();
619	switch ($action) {
	@@ -680,7 +680,7 @@ class User_Role_Editor {
680	}
681	$ure_key_capability = $this->lib->get_key_capability();
682	if (!$this->lib->user_has_capability($current_user, $ure_key_capability)) {
683	- die(__('Insufficient permissions to work with User Role Editor', 'ure'));
684	}
685
686	$this->lib->editor();
	@@ -802,7 +802,8 @@ class User_Role_Editor {
802	}
803	}
804	$output = $this->lib->roles_text($roles);
805	- echo $output . '  >> <a href="' . wp_nonce_url("users.php?page=users-".URE_PLUGIN_FILE."&object=user&user_id={$user->ID}", "ure_user_{$user->ID}") . '">' . ~~__('Edit', 'ure') . '</a>';~~

806	?>
807	</td>
808	</tr>
	@@ -820,7 +821,7 @@ class User_Role_Editor {
820	*/
821	public function user_role_column($columns = array()) {
822
823	- $columns['ure_roles'] = __('Other Roles', 'ure');
824
825	return $columns;
826	}


197
198	if ($screen->base == 'user-edit' \|\| $screen->base == 'user-edit-network') { // editing a user profile
199	if (!is_super_admin($current_user->ID) && is_super_admin($profileuser->ID)) { // trying to edit a superadmin while himself is less than a superadmin
200	+ wp_die(esc_html__('You do not have permission to edit this user.'));
201	} elseif (!( is_user_member_of_blog($profileuser->ID, get_current_blog_id()) && is_user_member_of_blog($current_user->ID, get_current_blog_id()) )) { // editing user and edited user aren't members of the same blog
202	+ wp_die(esc_html__('You do not have permission to edit this user.'));
203	}
204	}
205	}

340	if ($current_user->has_cap($this->key_capability)) {
341	$actions['capabilities'] = '<a href="' .
342	wp_nonce_url("users.php?page=users-".URE_PLUGIN_FILE."&object=user&user_id={$user->ID}", "ure_user_{$user->ID}") .
343	+ '">' . esc_html__('Capabilities', 'ure') . '</a>';
344	}
345	}
346

433	{
434
435	if ($file == plugin_basename(dirname(URE_PLUGIN_FULL_PATH).'/'.URE_PLUGIN_FILE)) {
436	+ $settings_link = "<a href='options-general.php?page=settings-".URE_PLUGIN_FILE."'>" . esc_html__('Settings', 'ure') . "</a>";
437	array_unshift($links, $settings_link);
438	}
439

446	public function plugin_row_meta($links, $file) {
447
448	if ($file == plugin_basename(dirname(URE_PLUGIN_FULL_PATH) .'/'.URE_PLUGIN_FILE)) {
449	+ $links[] = '<a target="_blank" href="http://role-editor.com/changelog">' . esc_html__('Changelog', 'ure') . '</a>';
450	}
451
452	return $links;

468	$screen_help = new Ure_Screen_Help();
469	$screen->add_help_tab( array(
470	'id' => 'overview',
471	+ 'title' => esc_html__('Overview'),
472	'content' => $screen_help->get_settings_help('overview')
473	));
474	}

613
614	public function settings() {
615	if (!current_user_can($this->key_capability)) {
616	+ esc_html__( 'You do not have sufficient permissions to manage options for User Role Editor.', 'ure' );
617	}
618	$action = $this->get_settings_action();
619	switch ($action) {

680	}
681	$ure_key_capability = $this->lib->get_key_capability();
682	if (!$this->lib->user_has_capability($current_user, $ure_key_capability)) {
683	+ die(esc_html__('Insufficient permissions to work with User Role Editor', 'ure'));
684	}
685
686	$this->lib->editor();

802	}
803	}
804	$output = $this->lib->roles_text($roles);
805	+ echo $output . '  >> <a href="' . wp_nonce_url("users.php?page=users-".URE_PLUGIN_FILE."&object=user&user_id={$user->ID}", "ure_user_{$user->ID}") . '">' .
806	+ esc_html__('Edit', 'ure') . '</a>';
807	?>
808	</td>
809	</tr>

821	*/
822	public function user_role_column($columns = array()) {
823
824	+ $columns['ure_roles'] = esc_html__('Other Roles', 'ure');
825
826	return $columns;
827	}

includes/ure-role-edit.php CHANGED Viewed

	@@ -27,7 +27,7 @@ if (!defined('URE_PLUGIN_URL')) {
27	?>
28	<input type="checkbox" name="ure_caps_readable" id="ure_caps_readable" value="1"
29	<?php echo $checked; ?> onclick="ure_turn_caps_readable(0);"/>
30	- <label for="ure_caps_readable"><?php _e('Show capabilities in human readable form', 'ure'); ?></label>
31	<?php
32	if ($this->show_deprecated_caps) {
33	$checked = 'checked="checked"';
	@@ -37,11 +37,11 @@ if (!defined('URE_PLUGIN_URL')) {
37	?>
38	<input type="checkbox" name="ure_show_deprecated_caps" id="ure_show_deprecated_caps" value="1"
39	<?php echo $checked; ?> onclick="ure_turn_deprecated_caps(0);"/>
40	- <label for="ure_show_deprecated_caps"><?php _e('Show deprecated capabilities', 'ure'); ?></label>
41	<?php
42	}
43	if (is_multisite() && !is_network_admin() && is_main_site( get_current_blog_id() ) && is_super_admin()) {
44	- $hint = __('If checked, then apply action to ALL sites of this Network');
45	if ($this->apply_to_all) {
46	$checked = 'checked="checked"';
47	$fontColor = 'color:#FF0000;';
	@@ -53,16 +53,16 @@ if (is_multisite() && !is_network_admin() && is_main_site( get_current_blog_id()
53	<div style="float: right; margin-left:10px; margin-right: 20px; <?php echo $fontColor;?>" id="ure_apply_to_all_div">
54	<input type="checkbox" name="ure_apply_to_all" id="ure_apply_to_all" value="1"
55	<?php echo $checked; ?> title="<?php echo $hint;?>" onclick="ure_applyToAllOnClick(this)"/>
56	- <label for="ure_apply_to_all" title="<?php echo $hint;?>"><?php _e('Apply to All Sites', 'ure');?></label>
57	</div>
58	<?php
59	}
60	?>
61	<br /><br />
62	<hr />
63	- <?php _e('Core capabilities:', 'ure'); ?>
64	<div style="display:table-inline; float: right; margin-right: 12px;">
65	- <?php _e('Quick filter:', 'ure'); ?>
66	<input type="text" id="quick_filter" name="quick_filter" value="" size="20" onkeyup="ure_filter_capabilities(this.value);" />
67	</div>
68
	@@ -80,7 +80,7 @@ if (is_multisite() && !is_network_admin() && is_main_site( get_current_blog_id()
80	$quant = count( $this->full_capabilities ) - count( $this->get_built_in_wp_caps() );
81	if ($quant>0) {
82	echo '<hr />';
83	- _e('Custom capabilities:', 'ure');
84	?>
85	<table class="form-table" style="clear:none;" cellpadding="0" cellspacing="0">
86	<tr>


27	?>
28	<input type="checkbox" name="ure_caps_readable" id="ure_caps_readable" value="1"
29	<?php echo $checked; ?> onclick="ure_turn_caps_readable(0);"/>
30	+ <label for="ure_caps_readable"><?php esc_html_e('Show capabilities in human readable form', 'ure'); ?></label>
31	<?php
32	if ($this->show_deprecated_caps) {
33	$checked = 'checked="checked"';

37	?>
38	<input type="checkbox" name="ure_show_deprecated_caps" id="ure_show_deprecated_caps" value="1"
39	<?php echo $checked; ?> onclick="ure_turn_deprecated_caps(0);"/>
40	+ <label for="ure_show_deprecated_caps"><?php esc_html_e('Show deprecated capabilities', 'ure'); ?></label>
41	<?php
42	}
43	if (is_multisite() && !is_network_admin() && is_main_site( get_current_blog_id() ) && is_super_admin()) {
44	+ $hint = esc_html__('If checked, then apply action to ALL sites of this Network');
45	if ($this->apply_to_all) {
46	$checked = 'checked="checked"';
47	$fontColor = 'color:#FF0000;';

53	<div style="float: right; margin-left:10px; margin-right: 20px; <?php echo $fontColor;?>" id="ure_apply_to_all_div">
54	<input type="checkbox" name="ure_apply_to_all" id="ure_apply_to_all" value="1"
55	<?php echo $checked; ?> title="<?php echo $hint;?>" onclick="ure_applyToAllOnClick(this)"/>
56	+ <label for="ure_apply_to_all" title="<?php echo $hint;?>"><?php esc_html_e('Apply to All Sites', 'ure');?></label>
57	</div>
58	<?php
59	}
60	?>
61	<br /><br />
62	<hr />
63	+ <?php esc_html_e('Core capabilities:', 'ure'); ?>
64	<div style="display:table-inline; float: right; margin-right: 12px;">
65	+ <?php esc_html_e('Quick filter:', 'ure'); ?>
66	<input type="text" id="quick_filter" name="quick_filter" value="" size="20" onkeyup="ure_filter_capabilities(this.value);" />
67	</div>
68

80	$quant = count( $this->full_capabilities ) - count( $this->get_built_in_wp_caps() );
81	if ($quant>0) {
82	echo '<hr />';
83	+ esc_html_e('Custom capabilities:', 'ure');
84	?>
85	<table class="form-table" style="clear:none;" cellpadding="0" cellspacing="0">
86	<tr>

includes/ure-user-edit.php CHANGED Viewed

	@@ -31,7 +31,7 @@ if (!defined('URE_PLUGIN_URL')) {
31	$user_info .= ' <span style="font-weight: bold; color:red;">'. esc_html__('Network Super Admin', 'ure') .'</span>';
32	}
33
34	- $this->display_box_start(__('Change capabilities for user', 'ure').$user_info, 'min-width:1100px;');
35
36	?>
37	<table cellpadding="0" cellspacing="0" style="width: 100%;">
	@@ -50,7 +50,7 @@ if (!defined('URE_PLUGIN_URL')) {
50
51	<input type="checkbox" name="ure_caps_readable" id="ure_caps_readable" value="1"
52	<?php echo $checked; ?> onclick="ure_turn_caps_readable(<?php echo $this->user_to_edit->ID; ?>);" />
53	- <label for="ure_caps_readable"><?php _e('Show capabilities in human readable form', 'ure'); ?></label>
54	<?php
55	if ($this->show_deprecated_caps) {
56	$checked = 'checked="checked"';
	@@ -60,7 +60,7 @@ if (!defined('URE_PLUGIN_URL')) {
60	?>
61	<input type="checkbox" name="ure_show_deprecated_caps" id="ure_show_deprecated_caps" value="1"
62	<?php echo $checked; ?> onclick="ure_turn_deprecated_caps(<?php echo $this->user_to_edit->ID; ?>);"/>
63	- <label for="ure_show_deprecated_caps"><?php _e('Show deprecated capabilities', 'ure'); ?></label>
64	<?php
65	}
66	?>
	@@ -68,7 +68,7 @@ if (!defined('URE_PLUGIN_URL')) {
68	</tr>
69	<tr>
70	<td class="ure-user-roles">
71	- <div style="margin-bottom: 5px; font-weight: bold;"><?php ~~echo __~~('Primary Role:', 'ure'); ?></div>
72	<?php
73	$show_admin_role = $this->show_admin_role_allowed();
74	// output primary role selection dropdown list
	@@ -78,7 +78,7 @@ $values = array_values($this->user_to_edit->roles);
78	$primary_role = array_shift($values); // get 1st element from roles array
79	if (function_exists('bbp_filter_blog_editable_roles') ) { // bbPress plugin is active
80	?>
81	- <div style="margin-top: 5px;margin-bottom: 5px; font-weight: bold;"><?php ~~echo __~~('bbPress Role:', 'ure'); ?></div>
82	<?php
83	// Get the roles
84	$dynamic_roles = bbp_get_dynamic_roles();
	@@ -88,7 +88,7 @@ if (function_exists('bbp_filter_blog_editable_roles') ) { // bbPress plugin is
88	}
89	}
90	?>
91	- <div style="margin-top: 5px;margin-bottom: 5px; font-weight: bold;"><?php ~~echo __~~('Other Roles:', 'ure'); ?></div>
92	<?php
93
94	foreach ($this->roles as $role_id => $role) {
	@@ -100,15 +100,15 @@ if (function_exists('bbp_filter_blog_editable_roles') ) { // bbPress plugin is
100	}
101	echo '<label for="wp_role_' . $role_id .'"><input type="checkbox" id="wp_role_' . $role_id .
102	'" name="wp_role_' . $role_id . '" value="' . $role_id . '"' . $checked .' /> ' .
103	- __($role['name'], 'ure') . '</label><br />';
104	}
105	}
106	?>
107	</td>
108	<td style="padding-left: 5px; padding-top: 5px; border-top: 1px solid #ccc;">
109	- <span style="font-weight: bold;"><?php _e('Core capabilities:', 'ure'); ?></span>
110	<div style="display:table-inline; float: right; margin-right: 12px;">
111	- <?php _e('Quick filter:', 'ure'); ?>
112	<input type="text" id="quick_filter" name="quick_filter" value="" size="20" onkeyup="ure_filter_capabilities(this.value);" />
113	</div>
114
	@@ -127,7 +127,7 @@ if (function_exists('bbp_filter_blog_editable_roles') ) { // bbPress plugin is
127	if ($quant>0) {
128	echo '<hr />';
129	?>
130	- <span style="font-weight: bold;"><?php _e('Custom capabilities:', 'ure'); ?></span>
131	<table class="form-table" style="clear:none;" cellpadding="0" cellspacing="0">
132	<tr>
133	<td style="vertical-align:top;">


31	$user_info .= ' <span style="font-weight: bold; color:red;">'. esc_html__('Network Super Admin', 'ure') .'</span>';
32	}
33
34	+ $this->display_box_start(esc_html__('Change capabilities for user', 'ure').$user_info, 'min-width:1100px;');
35
36	?>
37	<table cellpadding="0" cellspacing="0" style="width: 100%;">

50
51	<input type="checkbox" name="ure_caps_readable" id="ure_caps_readable" value="1"
52	<?php echo $checked; ?> onclick="ure_turn_caps_readable(<?php echo $this->user_to_edit->ID; ?>);" />
53	+ <label for="ure_caps_readable"><?php esc_html_e('Show capabilities in human readable form', 'ure'); ?></label>
54	<?php
55	if ($this->show_deprecated_caps) {
56	$checked = 'checked="checked"';

60	?>
61	<input type="checkbox" name="ure_show_deprecated_caps" id="ure_show_deprecated_caps" value="1"
62	<?php echo $checked; ?> onclick="ure_turn_deprecated_caps(<?php echo $this->user_to_edit->ID; ?>);"/>
63	+ <label for="ure_show_deprecated_caps"><?php esc_html_e('Show deprecated capabilities', 'ure'); ?></label>
64	<?php
65	}
66	?>

68	</tr>
69	<tr>
70	<td class="ure-user-roles">
71	+ <div style="margin-bottom: 5px; font-weight: bold;"><?php esc_html_e('Primary Role:', 'ure'); ?></div>
72	<?php
73	$show_admin_role = $this->show_admin_role_allowed();
74	// output primary role selection dropdown list

78	$primary_role = array_shift($values); // get 1st element from roles array
79	if (function_exists('bbp_filter_blog_editable_roles') ) { // bbPress plugin is active
80	?>
81	+ <div style="margin-top: 5px;margin-bottom: 5px; font-weight: bold;"><?php esc_html_e('bbPress Role:', 'ure'); ?></div>
82	<?php
83	// Get the roles
84	$dynamic_roles = bbp_get_dynamic_roles();

88	}
89	}
90	?>
91	+ <div style="margin-top: 5px;margin-bottom: 5px; font-weight: bold;"><?php esc_html_e('Other Roles:', 'ure'); ?></div>
92	<?php
93
94	foreach ($this->roles as $role_id => $role) {

100	}
101	echo '<label for="wp_role_' . $role_id .'"><input type="checkbox" id="wp_role_' . $role_id .
102	'" name="wp_role_' . $role_id . '" value="' . $role_id . '"' . $checked .' /> ' .
103	+ esc_html__($role['name'], 'ure') . '</label><br />';
104	}
105	}
106	?>
107	</td>
108	<td style="padding-left: 5px; padding-top: 5px; border-top: 1px solid #ccc;">
109	+ <span style="font-weight: bold;"><?php esc_html_e('Core capabilities:', 'ure'); ?></span>
110	<div style="display:table-inline; float: right; margin-right: 12px;">
111	+ <?php esc_html_e('Quick filter:', 'ure'); ?>
112	<input type="text" id="quick_filter" name="quick_filter" value="" size="20" onkeyup="ure_filter_capabilities(this.value);" />
113	</div>
114

127	if ($quant>0) {
128	echo '<hr />';
129	?>
130	+ <span style="font-weight: bold;"><?php esc_html_e('Custom capabilities:', 'ure'); ?></span>
131	<table class="form-table" style="clear:none;" cellpadding="0" cellspacing="0">
132	<tr>
133	<td style="vertical-align:top;">

readme.txt CHANGED Viewed

	@@ -3,7 +3,7 @@ Contributors: shinephp
3	Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=vladimir%40shinephp%2ecom&lc=RU&item_name=ShinePHP%2ecom&item_number=User%20Role%20Editor%20WordPress%20plugin&currency_code=USD&bn=PP%2dDonationsBF%3abtn_donateCC_LG%2egif%3aNonHosted
4	Tags: user, role, editor, security, access, permission, capability
5	Requires at least: 3.5
6	- Tested up to: 3.8
7	Stable tag: trunk
8	License: GPLv2 or later
9	License URI: http://www.gnu.org/licenses/gpl-2.0.html
	@@ -34,8 +34,9 @@ Pro version includes extra modules:
34	<li>Per plugin users access management for plugins activate/deactivate operations.</li>
35	<li>Per form users access management for Gravity Forms plugin.</li>
36	<li>Shortcode to show enclosed content to the users with selected roles only.</li>

37	</ul>
38	- Pro version is advertisement free. Premium support is included. It is provided by User Role Editor plugin ~~author~~ Vladimir Garagulya. You will get an answer on your question not once a week ~~or never~~, but in 24 hours.
39
40	== Installation ==
41
	@@ -77,6 +78,12 @@ Share with me new ideas about plugin further development and link to your site w
77
78
79	== Changelog ==






80
81	= 4.9 =
82	* 19.01.2014


3	Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=vladimir%40shinephp%2ecom&lc=RU&item_name=ShinePHP%2ecom&item_number=User%20Role%20Editor%20WordPress%20plugin&currency_code=USD&bn=PP%2dDonationsBF%3abtn_donateCC_LG%2egif%3aNonHosted
4	Tags: user, role, editor, security, access, permission, capability
5	Requires at least: 3.5
6	+ Tested up to: 3.8.1
7	Stable tag: trunk
8	License: GPLv2 or later
9	License URI: http://www.gnu.org/licenses/gpl-2.0.html

34	<li>Per plugin users access management for plugins activate/deactivate operations.</li>
35	<li>Per form users access management for Gravity Forms plugin.</li>
36	<li>Shortcode to show enclosed content to the users with selected roles only.</li>
37	+ <li>Posts and pages view restrictions for selected roles.</li>
38	</ul>
39	+ Pro version is advertisement free. Premium support is included. It is provided by User Role Editor plugin developer Vladimir Garagulya. You will get an answer on your question not once a week, but in 24 hours or quicker.
40
41	== Installation ==
42

78
79
80	== Changelog ==
81	+ = 4.10 =
82	+ * 15.02.2014
83	+ * Security enhancement: WordPress text translation functions were replaced with more secure esc_html__() and esc_html_e() variants.
84	+ * Pro version: It is possible to restrict access to the post or page content view for selected roles. Activate the option at plugin "Settings" page and use new "Content View Restrictions" metabox at post/page editor to setup content view access restrictions.
85	+ * Pro version: Gravity Forms access management module was updated for compatibility with Gravity Forms version 1.8.3. If you need compatibility with earlier Gravity Forms versions, e.g. 1.7.9, use User Role Editor version 4.9.
86	+
87
88	= 4.9 =
89	* 19.01.2014

user-role-editor.php CHANGED Viewed

	@@ -3,7 +3,7 @@
3	Plugin Name: User Role Editor
4	Plugin URI: http://role-editor.com
5	Description: Change/add/delete WordPress user roles and capabilities.
6	- Version: 4.9
7	Author: Vladimir Garagulya
8	Author URI: http://www.shinephp.com
9	Text Domain: ure
	@@ -11,7 +11,7 @@ Domain Path: /lang/
11	*/
12
13	/*
14	- Copyright 2010-~~2013~~ Vladimir Garagulya (email: vladimir@shinephp.com)
15	*/
16
17	if (!function_exists("get_option")) {
	@@ -23,7 +23,7 @@ if (defined('URE_PLUGIN_URL')) {
23	wp_die('It seems that other version of User Role Editor is active. Please deactivate it before use this version');
24	}
25
26	- define('URE_VERSION', '4.9');
27	define('URE_PLUGIN_URL', plugin_dir_url(__FILE__));
28	define('URE_PLUGIN_DIR', plugin_dir_path(__FILE__));
29	define('URE_PLUGIN_FILE', basename(__FILE__));


3	Plugin Name: User Role Editor
4	Plugin URI: http://role-editor.com
5	Description: Change/add/delete WordPress user roles and capabilities.
6	+ Version: 4.10
7	Author: Vladimir Garagulya
8	Author URI: http://www.shinephp.com
9	Text Domain: ure

11	*/
12
13	/*
14	+ Copyright 2010-2014 Vladimir Garagulya (email: vladimir@shinephp.com)
15	*/
16
17	if (!function_exists("get_option")) {

23	wp_die('It seems that other version of User Role Editor is active. Please deactivate it before use this version');
24	}
25
26	+ define('URE_VERSION', '4.10');
27	define('URE_PLUGIN_URL', plugin_dir_url(__FILE__));
28	define('URE_PLUGIN_DIR', plugin_dir_path(__FILE__));
29	define('URE_PLUGIN_FILE', basename(__FILE__));