User Role Editor - Version 4.24

Version Description

Release Info

Developer	shinephp
Plugin	User Role Editor
Version	4.24
Comparing to
See all releases

Code changes from version 4.23.2 to 4.24

Files changed (8) hide show

includes/class-role-additional-options.php +23 -5
includes/class-user-other-roles.php +2 -2
includes/class-user-role-editor.php +3 -3
includes/classes/base-lib.php +1 -1
includes/classes/ure-lib.php +52 -31
includes/ure-user-edit.php +12 -2
readme.txt +9 -2
user-role-editor.php +2 -2

includes/class-role-additional-options.php CHANGED Viewed

	@@ -41,9 +41,25 @@ class URE_Role_Additional_Options {
41
42	public static function get_active_items() {
43
44	- $~~items~~ = get_option(self::STORAGE_ID, array());
45	-
46	- ~~return $items;~~
















47	}
48
49
	@@ -56,7 +72,7 @@ class URE_Role_Additional_Options {
56	// Allow other developers to modify the list of role's additonal options
57	$this->items = apply_filters('ure_role_additional_options', $this->items);
58
59	- $this->active_items = self::get_active_items();
60	}
61	// end of init()
62
	@@ -73,7 +89,9 @@ class URE_Role_Additional_Options {
73	continue;
74	}
75	foreach(array_keys($this->active_items[$role]) as $item_id) {
76	- ~~add_action~~($this->items[$item_id]~~->hook,~~ ~~$this->items[$item_id]->routine);~~


77	}
78	}
79


41
42	public static function get_active_items() {
43
44	+ $data = get_option(self::STORAGE_ID, array());
45	+
46	+ /*
47	+ // It's enough to update the role via URE to achieve this, that why this code is commented:
48	+ // remove deactivated options
49	+ $modified = false;
50	+ foreach($data as $role=>$items) {
51	+ foreach($items as $item_id) {
52	+ if (!isset($this->items[$item_id])) {
53	+ $modified = true;
54	+ unset($data[$role][$item_id]);
55	+ }
56	+ }
57	+ }
58	+ if ($modified) {
59	+ put_option(self::STORAGE_ID, $data);
60	+ }
61	+ */
62	+ return $data;
63	}
64
65

72	// Allow other developers to modify the list of role's additonal options
73	$this->items = apply_filters('ure_role_additional_options', $this->items);
74
75	+ $this->active_items = self::get_active_items();
76	}
77	// end of init()
78

89	continue;
90	}
91	foreach(array_keys($this->active_items[$role]) as $item_id) {
92	+ if (isset($this->items[$item_id])) {
93	+ add_action($this->items[$item_id]->hook, $this->items[$item_id]->routine);
94	+ }
95	}
96	}
97

includes/class-user-other-roles.php CHANGED Viewed

	@@ -14,9 +14,9 @@ class URE_User_Other_Roles {
14	protected $lib = null;
15
16
17	- function __construct(~~Ure_Lib $lib~~) {
18
19	- $this->lib = ~~$lib~~;
20	$this->set_hooks();
21	}
22	// end of $lib


14	protected $lib = null;
15
16
17	+ function __construct() {
18
19	+ $this->lib = URE_Lib::get_instance();
20	$this->set_hooks();
21	}
22	// end of $lib

includes/class-user-role-editor.php CHANGED Viewed

	@@ -32,7 +32,7 @@ class User_Role_Editor {
32	$this->lib = URE_Lib::get_instance('user_role_editor');
33	}
34
35	- $this->user_other_roles = new URE_User_Other_Roles(~~$this->lib~~);
36
37	if ($this->lib->is_pro()) {
38	$this->ure_hook_suffixes = array('settings_page_settings-user-role-editor-pro', 'users_page_users-user-role-editor-pro');
	@@ -313,9 +313,9 @@ class User_Role_Editor {
313
314	if ($screen->base == 'user-edit' \|\| $screen->base == 'user-edit-network') { // editing a user profile
315	if (!is_super_admin($current_user->ID) && is_super_admin($profileuser->ID)) { // trying to edit a superadmin while himself is less than a superadmin
316	- wp_die(esc_html__('You do not have permission to edit this user.'));
317	} elseif (!( is_user_member_of_blog($profileuser->ID, get_current_blog_id()) && is_user_member_of_blog($current_user->ID, get_current_blog_id()) )) { // editing user and edited user aren't members of the same blog
318	- wp_die(esc_html__('You do not have permission to edit this user.'));
319	}
320	}
321	}


32	$this->lib = URE_Lib::get_instance('user_role_editor');
33	}
34
35	+ $this->user_other_roles = new URE_User_Other_Roles();
36
37	if ($this->lib->is_pro()) {
38	$this->ure_hook_suffixes = array('settings_page_settings-user-role-editor-pro', 'users_page_users-user-role-editor-pro');

313
314	if ($screen->base == 'user-edit' \|\| $screen->base == 'user-edit-network') { // editing a user profile
315	if (!is_super_admin($current_user->ID) && is_super_admin($profileuser->ID)) { // trying to edit a superadmin while himself is less than a superadmin
316	+ wp_die(esc_html__('You do not have permission to edit this user.', 'user-role-editor'));
317	} elseif (!( is_user_member_of_blog($profileuser->ID, get_current_blog_id()) && is_user_member_of_blog($current_user->ID, get_current_blog_id()) )) { // editing user and edited user aren't members of the same blog
318	+ wp_die(esc_html__('You do not have permission to edit this user.', 'user-role-editor'));
319	}
320	}
321	}

includes/classes/base-lib.php CHANGED Viewed

	@@ -141,7 +141,7 @@ class URE_Base_Lib {
141	}
142	} else {
143	if (isset($_REQUEST[$var_name])) {
144	- $result = $_REQUEST[$var_name];
145	}
146	}
147


141	}
142	} else {
143	if (isset($_REQUEST[$var_name])) {
144	+ $result = filter_var($_REQUEST[$var_name], FILTER_SANITIZE_STRING);
145	}
146	}
147

includes/classes/ure-lib.php CHANGED Viewed

@@ -673,14 +673,10 @@ if ($this->multisite && !is_network_admin()) {
+                }
                 // end of editor_init0()
-            -
                 public function editor_init1() {
-            -
                    if (!isset($this->roles) || !$this->roles) {
-            -
                        // get roles data from database
-            -
                        $this->roles = $this->get_user_roles();
-            -
                    }
-            -
                     $this->init_full_capabilities();
                     if (empty($this->role_additional_options)) {
                         $this->role_additional_options = URE_Role_Additional_Options::get_instance($this);
@@ -785,7 +781,7 @@ if ($this->multisite && !is_network_admin()) {
                 public function get_user_roles() {
                     global $wp_roles;
-            -
                     if (!isset($wp_roles)) {
                         $wp_roles = new WP_Roles();
+                    }
@@ -1735,7 +1731,7 @@ if ($this->multisite && !is_network_admin()) {
                 protected function init_full_capabilities() {
-            -
                     $this->built_in_wp_caps = $this->get_built_in_wp_caps();
                     $this->full_capabilities = array();
                     $this->add_roles_caps();
@@ -2449,6 +2445,33 @@ if ($this->multisite && !is_network_admin()) {
                 // end of update_user()
                 /**
                  * Add new capability
+                 *
@@ -2462,31 +2485,29 @@ if ($this->multisite && !is_network_admin()) {
                         return esc_html__('Insufficient permissions to work with User Role Editor','user-role-editor');
+                    }
                     $mess = '';
-            -
                    if (isset($_POST['capability_id']) && $_POST['capability_id']) {
-            -
                        $user_capability = $_POST['capability_id'];
-            -
                        // sanitize user input for security
-            -
                        $valid_name = preg_match('/[A-Za-z0-9_\-]*/', $user_capability, $match);
-            -
                        if (!$valid_name || ($valid_name && ($match[0] != $user_capability))) { // some non-alphanumeric charactes found!
-            -
                            return 'Error! ' . esc_html__('Error: Capability name must contain latin characters and digits only!', 'user-role-editor');
-            -
                            ;
-            -
                        }
-            -
-            -
                        if ($user_capability) {
-            -
                            $user_capability = strtolower($user_capability);
-            -
                            if (!isset($wp_roles)) {
-            -
                                $wp_roles = new WP_Roles();
-            -
                            }
-            -
                            $wp_roles->use_db = true;
-            -
                            $administrator = $wp_roles->get_role('administrator');
-            -
                            if (!$administrator->has_cap($user_capability)) {
-            -
                                $wp_roles->add_cap('administrator', $user_capability);
-            -
                                $mess = sprintf(esc_html__('Capability %s is added successfully', 'user-role-editor'), $user_capability);
-            -
                            } else {
-            -
                                $mess = sprintf('Error! ' . esc_html__('Capability %s exists already', 'user-role-editor'), $user_capability);
-            -
                            }
-            -
                        }
+                    }
                     return $mess;
+                }
                 // end of add_new_capability()


673	}
674	// end of editor_init0()
675
676	+
677	public function editor_init1() {
678
679	+ $this->roles = $this->get_user_roles();




680	$this->init_full_capabilities();
681	if (empty($this->role_additional_options)) {
682	$this->role_additional_options = URE_Role_Additional_Options::get_instance($this);

781	public function get_user_roles() {
782
783	global $wp_roles;
784	+
785	if (!isset($wp_roles)) {
786	$wp_roles = new WP_Roles();
787	}

1731
1732
1733	protected function init_full_capabilities() {
1734	+
1735	$this->built_in_wp_caps = $this->get_built_in_wp_caps();
1736	$this->full_capabilities = array();
1737	$this->add_roles_caps();

2445	// end of update_user()
2446
2447
2448	+ /**
2449	+ * Returns administrator role ID
2450	+ *
2451	+ * @return string
2452	+ */
2453	+ protected function get_admin_role() {
2454	+
2455	+ if (isset($this->roles['administrator'])) {
2456	+ $admin_role_id = 'administrator';
2457	+ } else {
2458	+ // go through all roles and select one with max quant of capabilities included
2459	+ $max_caps = -1;
2460	+ $admin_role_id = '';
2461	+ foreach(array_keys($this->roles) as $role_id) {
2462	+ $caps = count($this->roles[$role_id]['capabilities']);
2463	+ if ($caps>$max_caps) {
2464	+ $max_caps = $caps;
2465	+ $admin_role_id = $role_id;
2466	+ }
2467	+ }
2468	+ }
2469	+
2470	+ return $admin_role_id;
2471	+ }
2472	+ // end get_admin_role()
2473	+
2474	+
2475	/**
2476	* Add new capability
2477	*

2485	return esc_html__('Insufficient permissions to work with User Role Editor','user-role-editor');
2486	}
2487	$mess = '';
2488	+ if (!isset($_POST['capability_id']) \|\| empty($_POST['capability_id'])) {
2489	+ return 'Wrong Request';
2490	+ }
2491	+
2492	+ $user_capability = $_POST['capability_id'];
2493	+ // sanitize user input for security
2494	+ $valid_name = preg_match('/[A-Za-z0-9_\-]*/', $user_capability, $match);
2495	+ if (!$valid_name \|\| ($valid_name && ($match[0] != $user_capability))) { // some non-alphanumeric charactes found!
2496	+ return esc_html__('Error: Capability name must contain latin characters and digits only!', 'user-role-editor');














2497	}
2498
2499	+ $user_capability = strtolower($user_capability);
2500	+ $this->get_user_roles();
2501	+ $this->init_full_capabilities();
2502	+ if (!isset($this->full_capabilities[$user_capability])) {
2503	+ $admin_role = $this->get_admin_role();
2504	+ $wp_roles->use_db = true;
2505	+ $wp_roles->add_cap($admin_role, $user_capability);
2506	+ $mess = sprintf(esc_html__('Capability %s is added successfully', 'user-role-editor'), $user_capability);
2507	+ } else {
2508	+ $mess = sprintf(esc_html__('Capability %s exists already', 'user-role-editor'), $user_capability);
2509	+ }
2510	+
2511	return $mess;
2512	}
2513	// end of add_new_capability()

includes/ure-user-edit.php CHANGED Viewed

	@@ -15,13 +15,18 @@ $edit_user_caps_mode = $this->get_edit_user_caps_mode();
15
16	<div class="has-sidebar-content">
17	<?php

18	if (!is_multisite() \|\| current_user_can('manage_network_users')) {
19	$anchor_start = '<a href="' . wp_nonce_url("user-edit.php?user_id={$this->user_to_edit->ID}",
20	"ure_user_{$this->user_to_edit->ID}") .'" >';
21	$anchor_end = '</a>';




22	} else {
23	$anchor_start = '';
24	- $anchor_end = '';
25	}
26	$user_info = ' <span style="font-weight: bold;">'.$anchor_start. $this->user_to_edit->user_login;
27	if ($this->user_to_edit->display_name!==$this->user_to_edit->user_login) {
	@@ -31,8 +36,13 @@ $edit_user_caps_mode = $this->get_edit_user_caps_mode();
31	if (is_multisite() && is_super_admin($this->user_to_edit->ID)) {
32	$user_info .= ' <span style="font-weight: bold; color:red;">'. esc_html__('Network Super Admin', 'user-role-editor') .'</span>';
33	}





34
35	- $this->display_box_start(esc_html__('Change capabilities for user', 'user-role-editor').$user_info, 'min-width:1100px;');
36
37	?>
38	<table cellpadding="0" cellspacing="0" style="width: 100%;">


15
16	<div class="has-sidebar-content">
17	<?php
18	+ $switch_to_user = '';
19	if (!is_multisite() \|\| current_user_can('manage_network_users')) {
20	$anchor_start = '<a href="' . wp_nonce_url("user-edit.php?user_id={$this->user_to_edit->ID}",
21	"ure_user_{$this->user_to_edit->ID}") .'" >';
22	$anchor_end = '</a>';
23	+ if (class_exists('user_switching') && current_user_can('switch_to_user', $this->user_to_edit->ID)) {
24	+ $switch_to_user_link = user_switching::switch_to_url($this->user_to_edit);
25	+ $switch_to_user = '<a href="'. esc_url($switch_to_user_link) .'">'. esc_html__('Switch To', 'user-switching') .'</a>';
26	+ }
27	} else {
28	$anchor_start = '';
29	+ $anchor_end = '';
30	}
31	$user_info = ' <span style="font-weight: bold;">'.$anchor_start. $this->user_to_edit->user_login;
32	if ($this->user_to_edit->display_name!==$this->user_to_edit->user_login) {

36	if (is_multisite() && is_super_admin($this->user_to_edit->ID)) {
37	$user_info .= ' <span style="font-weight: bold; color:red;">'. esc_html__('Network Super Admin', 'user-role-editor') .'</span>';
38	}
39	+
40	+ if (!empty($switch_to_user)) {
41	+ $user_info .= '    '. $switch_to_user;
42	+ }
43	+
44
45	+ $this->display_box_start(esc_html__('Change capabilities for user', 'user-role-editor'). $user_info, 'min-width:1100px;');
46
47	?>
48	<table cellpadding="0" cellspacing="0" style="width: 100%;">

readme.txt CHANGED Viewed

	@@ -3,8 +3,8 @@ Contributors: shinephp
3	Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=vladimir%40shinephp%2ecom&lc=RU&item_name=ShinePHP%2ecom&item_number=User%20Role%20Editor%20WordPress%20plugin&currency_code=USD&bn=PP%2dDonationsBF%3abtn_donateCC_LG%2egif%3aNonHosted
4	Tags: user, role, editor, security, access, permission, capability
5	Requires at least: 4.0
6	- Tested up to: 4.~~4.2~~
7	- Stable tag: 4.~~23.2~~
8	License: GPLv2 or later
9	License URI: http://www.gnu.org/licenses/gpl-2.0.html
10
	@@ -76,6 +76,13 @@ If you wish to check available translations or help with plugin translation to y
76	https://translate.wordpress.org/projects/wp-plugins/user-role-editor/
77
78	== Changelog ==







79	= [4.23.2] 03.02.2016 =
80	* Fix: PHP warning "Strict Standards: Static function URE_Base_Lib::get_instance() should not be abstract" was generated
81


3	Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=vladimir%40shinephp%2ecom&lc=RU&item_name=ShinePHP%2ecom&item_number=User%20Role%20Editor%20WordPress%20plugin&currency_code=USD&bn=PP%2dDonationsBF%3abtn_donateCC_LG%2egif%3aNonHosted
4	Tags: user, role, editor, security, access, permission, capability
5	Requires at least: 4.0
6	+ Tested up to: 4.5
7	+ Stable tag: 4.24
8	License: GPLv2 or later
9	License URI: http://www.gnu.org/licenses/gpl-2.0.html
10

76	https://translate.wordpress.org/projects/wp-plugins/user-role-editor/
77
78	== Changelog ==
79	+ = [4.24] 17.03.2016 =
80	+ * Fix: PHP notice was generated by class-role-additional-options.php in case when some option does not exist anymore
81	+ * Enhance: 'Add Capability' button have added capability to the WordPress built-in administrator role by default. It did not work, if 'administrator' role did not exist.
82	+ Now script selects automatically as an admin role a role with the largest quant of capabilities and adds new capability to the selected role.
83	+ * New: User capabilities page was integrated with "[User Switching](https://wordpress.org/plugins/user-switching/)" plugin - "Switch To" the editing user link is added if "User Switching" plugin is available.
84	+ * Marked as compatible with WordPress 4.5.
85	+
86	= [4.23.2] 03.02.2016 =
87	* Fix: PHP warning "Strict Standards: Static function URE_Base_Lib::get_instance() should not be abstract" was generated
88

user-role-editor.php CHANGED Viewed

	@@ -3,7 +3,7 @@
3	Plugin Name: User Role Editor
4	Plugin URI: https://www.role-editor.com
5	Description: Change/add/delete WordPress user roles and capabilities.
6	- Version: 4.~~23.2~~
7	Author: Vladimir Garagulya
8	Author URI: https://www.role-editor.com
9	Text Domain: ure
	@@ -23,7 +23,7 @@ if (defined('URE_PLUGIN_URL')) {
23	wp_die('It seems that other version of User Role Editor is active. Please deactivate it before use this version');
24	}
25
26	- define('URE_VERSION', '4.~~23.2~~');
27	define('URE_PLUGIN_URL', plugin_dir_url(__FILE__));
28	define('URE_PLUGIN_DIR', plugin_dir_path(__FILE__));
29	define('URE_PLUGIN_BASE_NAME', plugin_basename(__FILE__));


3	Plugin Name: User Role Editor
4	Plugin URI: https://www.role-editor.com
5	Description: Change/add/delete WordPress user roles and capabilities.
6	+ Version: 4.24
7	Author: Vladimir Garagulya
8	Author URI: https://www.role-editor.com
9	Text Domain: ure

23	wp_die('It seems that other version of User Role Editor is active. Please deactivate it before use this version');
24	}
25
26	+ define('URE_VERSION', '4.24');
27	define('URE_PLUGIN_URL', plugin_dir_url(__FILE__));
28	define('URE_PLUGIN_DIR', plugin_dir_path(__FILE__));
29	define('URE_PLUGIN_BASE_NAME', plugin_basename(__FILE__));