User Role Editor - Version 4.25.1

Version Description

Download this release

Release Info

Developer shinephp
Plugin Icon 128x128 User Role Editor
Version 4.25.1
Comparing to
See all releases

Code changes from version 4.25 to 4.25.1

Files changed (4) hide show
  1. includes/class-user-role-editor.php +21 -12
  2. includes/classes/ure-lib.php +5 -1
  3. readme.txt +6 -1
  4. user-role-editor.php +2 -2
includes/class-user-role-editor.php CHANGED
@@ -136,7 +136,7 @@ class User_Role_Editor {
136
  add_filter('map_meta_cap', array($this, 'restore_users_edit_caps'), 1, 4);
137
  remove_all_filters('enable_edit_any_user_configuration');
138
  add_filter('enable_edit_any_user_configuration', '__return_true');
139
- add_filter('admin_head', array($this, 'edit_user_permission_check'), 1, 4);
140
  if ($pagenow == 'user-new.php') {
141
  add_filter('site_option_site_admins', array($this, 'allow_add_user_as_superadmin'));
142
  }
@@ -297,24 +297,33 @@ class User_Role_Editor {
297
  * (code is provided by http://wordpress.org/support/profile/sjobidoo)
298
  *
299
  */
300
- function edit_user_permission_check() {
301
  global $current_user, $profileuser;
302
 
 
 
 
 
303
  if (is_super_admin()) { // Superadmin may do all
304
  return;
305
  }
306
-
307
  $screen = get_current_screen();
308
-
309
- get_currentuserinfo();
310
-
311
- if ($screen->base == 'user-edit' || $screen->base == 'user-edit-network') { // editing a user profile
312
- if (!is_super_admin($current_user->ID) && is_super_admin($profileuser->ID)) { // trying to edit a superadmin while himself is less than a superadmin
313
- wp_die(esc_html__('You do not have permission to edit this user.', 'user-role-editor'));
314
- } elseif (!( is_user_member_of_blog($profileuser->ID, get_current_blog_id()) && is_user_member_of_blog($current_user->ID, get_current_blog_id()) )) { // editing user and edited user aren't members of the same blog
315
- wp_die(esc_html__('You do not have permission to edit this user.', 'user-role-editor'));
316
- }
317
  }
 
 
 
 
 
 
 
 
318
  }
319
  // end of edit_user_permission_check()
320
 
136
  add_filter('map_meta_cap', array($this, 'restore_users_edit_caps'), 1, 4);
137
  remove_all_filters('enable_edit_any_user_configuration');
138
  add_filter('enable_edit_any_user_configuration', '__return_true');
139
+ add_action('admin_head', array($this, 'edit_user_permission_check'), 1);
140
  if ($pagenow == 'user-new.php') {
141
  add_filter('site_option_site_admins', array($this, 'allow_add_user_as_superadmin'));
142
  }
297
  * (code is provided by http://wordpress.org/support/profile/sjobidoo)
298
  *
299
  */
300
+ public function edit_user_permission_check() {
301
  global $current_user, $profileuser;
302
 
303
+ wp_get_current_user();
304
+ if ($current_user->ID===0) {
305
+ return;
306
+ }
307
  if (is_super_admin()) { // Superadmin may do all
308
  return;
309
  }
310
+
311
  $screen = get_current_screen();
312
+ if (empty($screen)) {
313
+ return;
314
+ }
315
+
316
+ if ($screen->base !== 'user-edit' && $screen->base !== 'user-edit-network') {
317
+ return;
 
 
 
318
  }
319
+
320
+ // editing a user profile
321
+ if (!is_super_admin($current_user->ID) && is_super_admin($profileuser->ID)) { // trying to edit a superadmin while himself is less than a superadmin
322
+ wp_die(esc_html__('You do not have permission to edit this user.', 'user-role-editor'));
323
+ } elseif (!( is_user_member_of_blog($profileuser->ID, get_current_blog_id()) && is_user_member_of_blog($current_user->ID, get_current_blog_id()) )) { // editing user and edited user aren't members of the same blog
324
+ wp_die(esc_html__('You do not have permission to edit this user.', 'user-role-editor'));
325
+ }
326
+
327
  }
328
  // end of edit_user_permission_check()
329
 
includes/classes/ure-lib.php CHANGED
@@ -1967,7 +1967,8 @@ if ($this->multisite && !is_network_admin()) {
1967
  * @return boolean
1968
  */
1969
  protected function update_roles() {
1970
-
 
1971
  if ($this->multisite && is_super_admin() && $this->apply_to_all) { // update Role for the all blogs/sites in the network (permitted to superadmin only)
1972
  if (!$this->multisite_update_roles()) {
1973
  return false;
@@ -1978,6 +1979,9 @@ if ($this->multisite && !is_network_admin()) {
1978
  }
1979
  }
1980
 
 
 
 
1981
  return true;
1982
  }
1983
  // end of update_roles()
1967
  * @return boolean
1968
  */
1969
  protected function update_roles() {
1970
+ global $wp_roles;
1971
+
1972
  if ($this->multisite && is_super_admin() && $this->apply_to_all) { // update Role for the all blogs/sites in the network (permitted to superadmin only)
1973
  if (!$this->multisite_update_roles()) {
1974
  return false;
1979
  }
1980
  }
1981
 
1982
+ // refresh global $wp_roles
1983
+ $wp_roles = new WP_Roles();
1984
+
1985
  return true;
1986
  }
1987
  // end of update_roles()
readme.txt CHANGED
@@ -4,7 +4,7 @@ Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=vladi
4
  Tags: user, role, editor, security, access, permission, capability
5
  Requires at least: 4.0
6
  Tested up to: 4.5
7
- Stable tag: 4.25
8
  License: GPLv2 or later
9
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
10
 
@@ -76,6 +76,11 @@ If you wish to check available translations or help with plugin translation to y
76
  https://translate.wordpress.org/projects/wp-plugins/user-role-editor/
77
 
78
  == Changelog ==
 
 
 
 
 
79
  = [4.25] 02.04.2016 =
80
  * Important security update: Any registered user could get an administrator access. Thanks to [John Muncaster](http://johnmuncaster.com/) for discovering and wisely reporting it.
81
  * URE pages title tag was replaced from h2 to h1, for compatibility with other WordPress pages.
4
  Tags: user, role, editor, security, access, permission, capability
5
  Requires at least: 4.0
6
  Tested up to: 4.5
7
+ Stable tag: 4.25.1
8
  License: GPLv2 or later
9
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
10
 
76
  https://translate.wordpress.org/projects/wp-plugins/user-role-editor/
77
 
78
  == Changelog ==
79
+
80
+ = [4.25.1] 15.04.2016 =
81
+ * Fix: Selected role's capabilities list was returned back to old after click "Update" button. It was showed correctly according to the recent updates just after additional page refresh.
82
+ * Update: deprecated function get_current_user_info() call was replaced with wp_get_current_user().
83
+
84
  = [4.25] 02.04.2016 =
85
  * Important security update: Any registered user could get an administrator access. Thanks to [John Muncaster](http://johnmuncaster.com/) for discovering and wisely reporting it.
86
  * URE pages title tag was replaced from h2 to h1, for compatibility with other WordPress pages.
user-role-editor.php CHANGED
@@ -3,7 +3,7 @@
3
  Plugin Name: User Role Editor
4
  Plugin URI: https://www.role-editor.com
5
  Description: Change/add/delete WordPress user roles and capabilities.
6
- Version: 4.25
7
  Author: Vladimir Garagulya
8
  Author URI: https://www.role-editor.com
9
  Text Domain: ure
@@ -23,7 +23,7 @@ if (defined('URE_PLUGIN_URL')) {
23
  wp_die('It seems that other version of User Role Editor is active. Please deactivate it before use this version');
24
  }
25
 
26
- define('URE_VERSION', '4.25');
27
  define('URE_PLUGIN_URL', plugin_dir_url(__FILE__));
28
  define('URE_PLUGIN_DIR', plugin_dir_path(__FILE__));
29
  define('URE_PLUGIN_BASE_NAME', plugin_basename(__FILE__));
3
  Plugin Name: User Role Editor
4
  Plugin URI: https://www.role-editor.com
5
  Description: Change/add/delete WordPress user roles and capabilities.
6
+ Version: 4.25.1
7
  Author: Vladimir Garagulya
8
  Author URI: https://www.role-editor.com
9
  Text Domain: ure
23
  wp_die('It seems that other version of User Role Editor is active. Please deactivate it before use this version');
24
  }
25
 
26
+ define('URE_VERSION', '4.25.1');
27
  define('URE_PLUGIN_URL', plugin_dir_url(__FILE__));
28
  define('URE_PLUGIN_DIR', plugin_dir_path(__FILE__));
29
  define('URE_PLUGIN_BASE_NAME', plugin_basename(__FILE__));