User Role Editor - Version 4.27.1

Version Description

Download this release

Release Info

Developer shinephp
Plugin Icon 128x128 User Role Editor
Version 4.27.1
Comparing to
See all releases

Code changes from version 4.27 to 4.27.1

Files changed (7) hide show
  1. includes/classes/capability.php +137 -0
  2. includes/classes/ure-lib.php +9 -96
  3. includes/classes/view.php +1 -1
  4. includes/define-constants.php +0 -1
  5. includes/loader.php +1 -0
  6. readme.txt +5 -1
  7. user-role-editor.php +2 -2
includes/classes/capability.php ADDED
@@ -0,0 +1,137 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+ /**
3
+ * Class to work with user capability
4
+ *
5
+ * @package User-Role-Editor
6
+ * @subpackage Admin
7
+ * @author Vladimir Garagulya <support@role-editor.com>
8
+ * @copyright Copyright (c) 2010 - 2016, Vladimir Garagulya
9
+ **/
10
+
11
+ class URE_Capability {
12
+
13
+ const SPACE_REPLACER = '_URE-SR_';
14
+ const SLASH_REPLACER = '_URE-SLR_';
15
+
16
+
17
+ public static function escape($cap_id) {
18
+
19
+ $search = array(' ', '/');
20
+ $replace = array(self::SPACE_REPLACER, self::SLASH_REPLACER);
21
+
22
+ $cap_id_esc = str_replace($search, $replace, $cap_id);
23
+
24
+ return $cap_id_esc;
25
+ }
26
+ // end escape()
27
+
28
+
29
+ // sanitize user input for security
30
+ public static function validate($cap_id_raw) {
31
+ $match = array();
32
+ $found = preg_match('/[A-Za-z0-9_\-]*/', $cap_id_raw, $match);
33
+ if ( !$found || ($found && ($match[0]!=$cap_id_raw)) ) { // some non-alphanumeric charactes found!
34
+ $result = false;
35
+ } else {
36
+ $result = true;
37
+ }
38
+ $data = array('result'=>$result, 'cap_id'=>strtolower($match[0]));
39
+
40
+ return $data;
41
+ }
42
+ // end of validate()
43
+
44
+
45
+ /**
46
+ * Add new user capability
47
+ *
48
+ * @global WP_Roles $wp_roles
49
+ * @return string
50
+ */
51
+ public static function add() {
52
+ global $wp_roles;
53
+
54
+ if (!current_user_can('ure_create_capabilities')) {
55
+ return esc_html__('Insufficient permissions to work with User Role Editor','user-role-editor');
56
+ }
57
+
58
+ $mess = '';
59
+ if (!isset($_POST['capability_id']) || empty($_POST['capability_id'])) {
60
+ return 'Wrong Request';
61
+ }
62
+
63
+ $data = self::validate($_POST['capability_id']);
64
+ if (!$data['result']) {
65
+ return esc_html__('Error: Capability name must contain latin characters and digits only!', 'user-role-editor');
66
+ }
67
+
68
+ $cap_id = $data['cap_id'];
69
+ $lib = URE_Lib::get_instance();
70
+ $lib->get_user_roles();
71
+ $lib->init_full_capabilities();
72
+ $full_capabilities = $lib->get('full_capabilities');
73
+ if (!isset($full_capabilities[$cap_id])) {
74
+ $admin_role = $lib->get_admin_role();
75
+ $wp_roles->use_db = true;
76
+ $wp_roles->add_cap($admin_role, $cap_id);
77
+ $mess = sprintf(esc_html__('Capability %s is added successfully', 'user-role-editor'), $cap_id);
78
+ } else {
79
+ $mess = sprintf(esc_html__('Capability %s exists already', 'user-role-editor'), $cap_id);
80
+ }
81
+
82
+ return $mess;
83
+ }
84
+ // end of add()
85
+
86
+
87
+ /**
88
+ * Delete capability
89
+ *
90
+ * @global wpdb $wpdb
91
+ * @global WP_Roles $wp_roles
92
+ * @return string - information message
93
+ */
94
+ public static function delete() {
95
+ global $wpdb, $wp_roles;
96
+
97
+
98
+ if (!current_user_can('ure_delete_capabilities')) {
99
+ return esc_html__('Insufficient permissions to work with User Role Editor','user-role-editor');
100
+ }
101
+
102
+ if (!isset($_POST['user_capability_id']) || empty($_POST['user_capability_id'])) {
103
+ return 'Wrong Request';
104
+ }
105
+
106
+ $lib = URE_Lib::get_instance();
107
+ $mess = '';
108
+ $capability_id = $_POST['user_capability_id'];
109
+ $caps_to_remove = $lib->get_caps_to_remove();
110
+ if (!is_array($caps_to_remove) || count($caps_to_remove) == 0 || !isset($caps_to_remove[$capability_id])) {
111
+ return sprintf(esc_html__('Error! You do not have permission to delete this capability: %s!', 'user-role-editor'), $capability_id);
112
+ }
113
+
114
+ // process users
115
+ $usersId = $wpdb->get_col("SELECT $wpdb->users.ID FROM $wpdb->users");
116
+ foreach ($usersId as $user_id) {
117
+ $user = get_user_to_edit($user_id);
118
+ if ($user->has_cap($capability_id)) {
119
+ $user->remove_cap($capability_id);
120
+ }
121
+ }
122
+
123
+ // process roles
124
+ foreach ($wp_roles->role_objects as $wp_role) {
125
+ if ($wp_role->has_cap($capability_id)) {
126
+ $wp_role->remove_cap($capability_id);
127
+ }
128
+ }
129
+
130
+ $mess = sprintf(esc_html__('Capability %s was removed successfully', 'user-role-editor'), $capability_id);
131
+
132
+ return $mess;
133
+ }
134
+ // end of delete()
135
+
136
+ }
137
+ // end of class URE_Capability
includes/classes/ure-lib.php CHANGED
@@ -402,16 +402,16 @@ class Ure_Lib extends URE_Base_Lib {
402
 
403
  }
404
  // end of init_current_role_name()
405
-
406
-
407
  /**
408
  * prepare capabilities from user input to save at the database
409
  */
410
  protected function prepare_capabilities_to_save() {
411
  $this->capabilities_to_save = array();
412
  foreach ($this->full_capabilities as $available_capability) {
413
- $cap_id = str_replace(' ', URE_SPACE_REPLACER, $available_capability['inner']);
414
- if (isset($_POST[$cap_id])) {
415
  $this->capabilities_to_save[$available_capability['inner']] = true;
416
  }
417
  }
@@ -506,9 +506,9 @@ class Ure_Lib extends URE_Base_Lib {
506
  $this->put_option('ure_hide_pro_banner', 1);
507
  $this->flush_options();
508
  } else if ($action == 'add-new-capability') {
509
- $this->notification = $this->add_new_capability();
510
  } else if ($action == 'delete-user-capability') {
511
- $this->notification = $this->delete_capability();
512
  } else if ($action == 'roles_restore_note') {
513
  $this->notification = esc_html__('User Roles are restored to WordPress default values. ', 'user-role-editor');
514
  } else if ($action == 'update') {
@@ -1349,7 +1349,7 @@ class Ure_Lib extends URE_Base_Lib {
1349
  // end of add_ure_caps()
1350
 
1351
 
1352
- protected function init_full_capabilities() {
1353
 
1354
  $this->built_in_wp_caps = $this->get_built_in_wp_caps();
1355
  $this->full_capabilities = array();
@@ -2085,7 +2085,7 @@ class Ure_Lib extends URE_Base_Lib {
2085
  *
2086
  * @return string
2087
  */
2088
- protected function get_admin_role() {
2089
 
2090
  if (isset($this->roles['administrator'])) {
2091
  $admin_role_id = 'administrator';
@@ -2105,94 +2105,7 @@ class Ure_Lib extends URE_Base_Lib {
2105
  return $admin_role_id;
2106
  }
2107
  // end get_admin_role()
2108
-
2109
-
2110
- /**
2111
- * Add new capability
2112
- *
2113
- * @global WP_Roles $wp_roles
2114
- * @return string
2115
- */
2116
- protected function add_new_capability() {
2117
- global $wp_roles;
2118
-
2119
- if (!current_user_can('ure_create_capabilities')) {
2120
- return esc_html__('Insufficient permissions to work with User Role Editor','user-role-editor');
2121
- }
2122
- $mess = '';
2123
- if (!isset($_POST['capability_id']) || empty($_POST['capability_id'])) {
2124
- return 'Wrong Request';
2125
- }
2126
-
2127
- $user_capability = $_POST['capability_id'];
2128
- // sanitize user input for security
2129
- $valid_name = preg_match('/[A-Za-z0-9_\-]*/', $user_capability, $match);
2130
- if (!$valid_name || ($valid_name && ($match[0] != $user_capability))) { // some non-alphanumeric charactes found!
2131
- return esc_html__('Error: Capability name must contain latin characters and digits only!', 'user-role-editor');
2132
- }
2133
-
2134
- $user_capability = strtolower($user_capability);
2135
- $this->get_user_roles();
2136
- $this->init_full_capabilities();
2137
- if (!isset($this->full_capabilities[$user_capability])) {
2138
- $admin_role = $this->get_admin_role();
2139
- $wp_roles->use_db = true;
2140
- $wp_roles->add_cap($admin_role, $user_capability);
2141
- $mess = sprintf(esc_html__('Capability %s is added successfully', 'user-role-editor'), $user_capability);
2142
- } else {
2143
- $mess = sprintf(esc_html__('Capability %s exists already', 'user-role-editor'), $user_capability);
2144
- }
2145
-
2146
- return $mess;
2147
- }
2148
- // end of add_new_capability()
2149
-
2150
-
2151
- /**
2152
- * Delete capability
2153
- *
2154
- * @global wpdb $wpdb
2155
- * @global WP_Roles $wp_roles
2156
- * @return string - information message
2157
- */
2158
- protected function delete_capability() {
2159
- global $wpdb, $wp_roles;
2160
-
2161
-
2162
- if (!current_user_can('ure_delete_capabilities')) {
2163
- return esc_html__('Insufficient permissions to work with User Role Editor','user-role-editor');
2164
- }
2165
- $mess = '';
2166
- if (!empty($_POST['user_capability_id'])) {
2167
- $capability_id = $_POST['user_capability_id'];
2168
- $caps_to_remove = $this->get_caps_to_remove();
2169
- if (!is_array($caps_to_remove) || count($caps_to_remove) == 0 || !isset($caps_to_remove[$capability_id])) {
2170
- return sprintf(esc_html__('Error! You do not have permission to delete this capability: %s!', 'user-role-editor'), $capability_id);
2171
- }
2172
-
2173
- // process users
2174
- $usersId = $wpdb->get_col("SELECT $wpdb->users.ID FROM $wpdb->users");
2175
- foreach ($usersId as $user_id) {
2176
- $user = get_user_to_edit($user_id);
2177
- if ($user->has_cap($capability_id)) {
2178
- $user->remove_cap($capability_id);
2179
- }
2180
- }
2181
-
2182
- // process roles
2183
- foreach ($wp_roles->role_objects as $wp_role) {
2184
- if ($wp_role->has_cap($capability_id)) {
2185
- $wp_role->remove_cap($capability_id);
2186
- }
2187
- }
2188
-
2189
- $mess = sprintf(esc_html__('Capability %s was removed successfully', 'user-role-editor'), $capability_id);
2190
- }
2191
-
2192
- return $mess;
2193
- }
2194
- // end of remove_capability()
2195
-
2196
 
2197
  /**
2198
  * Returns text presentation of user roles
402
 
403
  }
404
  // end of init_current_role_name()
405
+
406
+
407
  /**
408
  * prepare capabilities from user input to save at the database
409
  */
410
  protected function prepare_capabilities_to_save() {
411
  $this->capabilities_to_save = array();
412
  foreach ($this->full_capabilities as $available_capability) {
413
+ $cap_id_esc = URE_Capability::escape($available_capability['inner']);
414
+ if (isset($_POST[$cap_id_esc])) {
415
  $this->capabilities_to_save[$available_capability['inner']] = true;
416
  }
417
  }
506
  $this->put_option('ure_hide_pro_banner', 1);
507
  $this->flush_options();
508
  } else if ($action == 'add-new-capability') {
509
+ $this->notification = URE_Capability::add();
510
  } else if ($action == 'delete-user-capability') {
511
+ $this->notification = URE_Capability::delete();
512
  } else if ($action == 'roles_restore_note') {
513
  $this->notification = esc_html__('User Roles are restored to WordPress default values. ', 'user-role-editor');
514
  } else if ($action == 'update') {
1349
  // end of add_ure_caps()
1350
 
1351
 
1352
+ public function init_full_capabilities() {
1353
 
1354
  $this->built_in_wp_caps = $this->get_built_in_wp_caps();
1355
  $this->full_capabilities = array();
2085
  *
2086
  * @return string
2087
  */
2088
+ public function get_admin_role() {
2089
 
2090
  if (isset($this->roles['administrator'])) {
2091
  $admin_role_id = 'administrator';
2105
  return $admin_role_id;
2106
  }
2107
  // end get_admin_role()
2108
+
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
2109
 
2110
  /**
2111
  * Returns text presentation of user roles
includes/classes/view.php CHANGED
@@ -183,7 +183,7 @@ class URE_View {
183
  }
184
  }
185
  $class = 'class="' . implode(' ', $classes) .'"';
186
- $cap_id_esc = str_replace(' ', URE_SPACE_REPLACER, $cap_id);
187
  $cap_html = '<div id="ure_cap_div_'. $cap_id_esc .'" '. $class .'><input type="checkbox" name="' . $cap_id_esc . '" id="' .
188
  $cap_id_esc . '" value="' . $cap_id .'" '. $checked . ' ' . $disabled . ' ' . $onclick_for_admin .
189
  'class="ure-cap-cb">';
183
  }
184
  }
185
  $class = 'class="' . implode(' ', $classes) .'"';
186
+ $cap_id_esc = URE_Capability::escape($cap_id);
187
  $cap_html = '<div id="ure_cap_div_'. $cap_id_esc .'" '. $class .'><input type="checkbox" name="' . $cap_id_esc . '" id="' .
188
  $cap_id_esc . '" value="' . $cap_id .'" '. $checked . ' ' . $disabled . ' ' . $onclick_for_admin .
189
  'class="ure-cap-cb">';
includes/define-constants.php CHANGED
@@ -10,6 +10,5 @@
10
 
11
  define('URE_WP_ADMIN_URL', admin_url());
12
  define('URE_ERROR', 'Error is encountered');
13
- define('URE_SPACE_REPLACER', '_URE-SR_');
14
  define('URE_PARENT', is_network_admin() ? 'network/users.php':'users.php');
15
  define('URE_KEY_CAPABILITY', 'ure_manage_options');
10
 
11
  define('URE_WP_ADMIN_URL', admin_url());
12
  define('URE_ERROR', 'Error is encountered');
 
13
  define('URE_PARENT', is_network_admin() ? 'network/users.php':'users.php');
14
  define('URE_KEY_CAPABILITY', 'ure_manage_options');
includes/loader.php CHANGED
@@ -19,6 +19,7 @@ require_once(URE_PLUGIN_DIR .'includes/classes/ajax-processor.php');
19
  require_once(URE_PLUGIN_DIR .'includes/classes/screen-help.php');
20
  require_once(URE_PLUGIN_DIR .'includes/classes/known-js-css-compatibility-issues.php');
21
  require_once(URE_PLUGIN_DIR .'includes/classes/role-additional-options.php');
 
22
  require_once(URE_PLUGIN_DIR .'includes/classes/capabilities-groups-manager.php');
23
  require_once(URE_PLUGIN_DIR .'includes/classes/view.php');
24
  require_once(URE_PLUGIN_DIR .'includes/classes/role-view.php');
19
  require_once(URE_PLUGIN_DIR .'includes/classes/screen-help.php');
20
  require_once(URE_PLUGIN_DIR .'includes/classes/known-js-css-compatibility-issues.php');
21
  require_once(URE_PLUGIN_DIR .'includes/classes/role-additional-options.php');
22
+ require_once(URE_PLUGIN_DIR .'includes/classes/capability.php');
23
  require_once(URE_PLUGIN_DIR .'includes/classes/capabilities-groups-manager.php');
24
  require_once(URE_PLUGIN_DIR .'includes/classes/view.php');
25
  require_once(URE_PLUGIN_DIR .'includes/classes/role-view.php');
readme.txt CHANGED
@@ -4,7 +4,7 @@ Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=vladi
4
  Tags: user, role, editor, security, access, permission, capability
5
  Requires at least: 4.0
6
  Tested up to: 4.6
7
- Stable tag: 4.27
8
  License: GPLv2 or later
9
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
10
 
@@ -78,6 +78,10 @@ https://translate.wordpress.org/projects/wp-plugins/user-role-editor/
78
 
79
  == Changelog ==
80
 
 
 
 
 
81
  = [4.27] 18.08.2016 =
82
  * New: Total/Granted counters were added to the capabilities groups titles.
83
  * New: "Columns" drop-down menu allows to change capabilities section layout to 1, 2 or 3 columns.
4
  Tags: user, role, editor, security, access, permission, capability
5
  Requires at least: 4.0
6
  Tested up to: 4.6
7
+ Stable tag: 4.27.1
8
  License: GPLv2 or later
9
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
10
 
78
 
79
  == Changelog ==
80
 
81
+ = [4.27.1] 22.08.2016 =
82
+ * Update: There was a conflict with plugins which use a '/' character at the custom user capabilities: e.g. vc_access_rules_backend_editor/disabled_ce_editor from Visual Composer.
83
+ * Update: add/delete, escape, validate user capability code extracted from URE_Lib to the separate URE_Capability class
84
+
85
  = [4.27] 18.08.2016 =
86
  * New: Total/Granted counters were added to the capabilities groups titles.
87
  * New: "Columns" drop-down menu allows to change capabilities section layout to 1, 2 or 3 columns.
user-role-editor.php CHANGED
@@ -3,7 +3,7 @@
3
  Plugin Name: User Role Editor
4
  Plugin URI: https://www.role-editor.com
5
  Description: Change/add/delete WordPress user roles and capabilities.
6
- Version: 4.27
7
  Author: Vladimir Garagulya
8
  Author URI: https://www.role-editor.com
9
  Text Domain: ure
@@ -23,7 +23,7 @@ if (defined('URE_PLUGIN_URL')) {
23
  wp_die('It seems that other version of User Role Editor is active. Please deactivate it before use this version');
24
  }
25
 
26
- define('URE_VERSION', '4.27');
27
  define('URE_PLUGIN_URL', plugin_dir_url(__FILE__));
28
  define('URE_PLUGIN_DIR', plugin_dir_path(__FILE__));
29
  define('URE_PLUGIN_BASE_NAME', plugin_basename(__FILE__));
3
  Plugin Name: User Role Editor
4
  Plugin URI: https://www.role-editor.com
5
  Description: Change/add/delete WordPress user roles and capabilities.
6
+ Version: 4.27.1
7
  Author: Vladimir Garagulya
8
  Author URI: https://www.role-editor.com
9
  Text Domain: ure
23
  wp_die('It seems that other version of User Role Editor is active. Please deactivate it before use this version');
24
  }
25
 
26
+ define('URE_VERSION', '4.27.1');
27
  define('URE_PLUGIN_URL', plugin_dir_url(__FILE__));
28
  define('URE_PLUGIN_DIR', plugin_dir_path(__FILE__));
29
  define('URE_PLUGIN_BASE_NAME', plugin_basename(__FILE__));