Version Description
Download this release
Release Info
| Developer | shinephp |
| Plugin |  User Role Editor |
| Version | 4.27.2 |
| Comparing to | |
| See all releases | |
Code changes from version 4.27.1 to 4.27.2
- includes/classes/capability.php +3 -2
- includes/classes/protect-admin.php +19 -12
- includes/classes/ure-lib.php +4 -5
- includes/classes/user-role-editor.php +16 -2
- includes/classes/view.php +1 -1
- readme.txt +9 -2
- user-role-editor.php +2 -2
includes/classes/capability.php
CHANGED
|
@@ -12,12 +12,13 @@ class URE_Capability {
|
|
| 12 |
|
| 13 |
const SPACE_REPLACER = '_URE-SR_';
|
| 14 |
const SLASH_REPLACER = '_URE-SLR_';
|
|
|
|
| 15 |
|
| 16 |
|
| 17 |
public static function escape($cap_id) {
|
| 18 |
|
| 19 |
-
$search = array(' ', '/');
|
| 20 |
-
$replace = array(self::SPACE_REPLACER, self::SLASH_REPLACER);
|
| 21 |
|
| 22 |
$cap_id_esc = str_replace($search, $replace, $cap_id);
|
| 23 |
|
| 12 |
|
| 13 |
const SPACE_REPLACER = '_URE-SR_';
|
| 14 |
const SLASH_REPLACER = '_URE-SLR_';
|
| 15 |
+
const VERT_LINE_REPLACER = '_URE-VLR_';
|
| 16 |
|
| 17 |
|
| 18 |
public static function escape($cap_id) {
|
| 19 |
|
| 20 |
+
$search = array(' ', '/', '|');
|
| 21 |
+
$replace = array(self::SPACE_REPLACER, self::SLASH_REPLACER, self::VERT_LINE_REPLACER);
|
| 22 |
|
| 23 |
$cap_id_esc = str_replace($search, $replace, $cap_id);
|
| 24 |
|
includes/classes/protect-admin.php
CHANGED
|
@@ -30,6 +30,22 @@ class URE_Protect_Admin {
|
|
| 30 |
// end of __construct()
|
| 31 |
|
| 32 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 33 |
/**
|
| 34 |
* exclude administrator role from the roles list
|
| 35 |
*
|
|
@@ -38,7 +54,7 @@ class URE_Protect_Admin {
|
|
| 38 |
*/
|
| 39 |
public function exclude_admin_role($roles) {
|
| 40 |
|
| 41 |
-
if (isset($roles['administrator'])) {
|
| 42 |
unset($roles['administrator']);
|
| 43 |
}
|
| 44 |
|
|
@@ -135,17 +151,8 @@ class URE_Protect_Admin {
|
|
| 135 |
public function exclude_administrators($user_query) {
|
| 136 |
|
| 137 |
global $wpdb;
|
| 138 |
-
|
| 139 |
-
|
| 140 |
-
$links_to_block = array('profile.php', 'users.php');
|
| 141 |
-
foreach ($links_to_block as $key => $value) {
|
| 142 |
-
$result = stripos($_SERVER['REQUEST_URI'], $value);
|
| 143 |
-
if ($result !== false) {
|
| 144 |
-
break;
|
| 145 |
-
}
|
| 146 |
-
}
|
| 147 |
-
|
| 148 |
-
if ($result === false) { // block the user edit stuff only
|
| 149 |
return;
|
| 150 |
}
|
| 151 |
|
| 30 |
// end of __construct()
|
| 31 |
|
| 32 |
|
| 33 |
+
// apply protection to the user edit pages only
|
| 34 |
+
protected function is_protection_applicable() {
|
| 35 |
+
$result = false;
|
| 36 |
+
$links_to_block = array('profile.php', 'users.php', 'user-new.php');
|
| 37 |
+
foreach ($links_to_block as $key => $value) {
|
| 38 |
+
$result = stripos($_SERVER['REQUEST_URI'], $value);
|
| 39 |
+
if ($result !== false) {
|
| 40 |
+
break;
|
| 41 |
+
}
|
| 42 |
+
}
|
| 43 |
+
|
| 44 |
+
return $result;
|
| 45 |
+
}
|
| 46 |
+
// end of is_protection_applicable()
|
| 47 |
+
|
| 48 |
+
|
| 49 |
/**
|
| 50 |
* exclude administrator role from the roles list
|
| 51 |
*
|
| 54 |
*/
|
| 55 |
public function exclude_admin_role($roles) {
|
| 56 |
|
| 57 |
+
if ($this->is_protection_applicable() && isset($roles['administrator'])) {
|
| 58 |
unset($roles['administrator']);
|
| 59 |
}
|
| 60 |
|
| 151 |
public function exclude_administrators($user_query) {
|
| 152 |
|
| 153 |
global $wpdb;
|
| 154 |
+
|
| 155 |
+
if (!$this->is_protection_applicable()) { // block the user edit stuff only
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 156 |
return;
|
| 157 |
}
|
| 158 |
|
includes/classes/ure-lib.php
CHANGED
|
@@ -1470,6 +1470,7 @@ class Ure_Lib extends URE_Base_Lib {
|
|
| 1470 |
}
|
| 1471 |
|
| 1472 |
$this->capabilities_to_save = $this->remove_caps_not_allowed_for_single_admin($this->capabilities_to_save);
|
|
|
|
| 1473 |
$this->roles[$this->current_role]['capabilities'] = $this->capabilities_to_save;
|
| 1474 |
$option_name = $wpdb->prefix . 'user_roles';
|
| 1475 |
|
|
@@ -1498,12 +1499,10 @@ class Ure_Lib extends URE_Base_Lib {
|
|
| 1498 |
if (!$this->last_check_before_update()) {
|
| 1499 |
return false;
|
| 1500 |
}
|
| 1501 |
-
if (!empty($this->current_role)) {
|
| 1502 |
-
|
| 1503 |
-
$this->roles[$this->current_role]['name'] = $this->current_role_name;
|
| 1504 |
-
}
|
| 1505 |
$this->roles[$this->current_role]['capabilities'] = $this->capabilities_to_save;
|
| 1506 |
-
}
|
| 1507 |
|
| 1508 |
$serialized_roles = serialize($this->roles);
|
| 1509 |
foreach ($this->blog_ids as $blog_id) {
|
| 1470 |
}
|
| 1471 |
|
| 1472 |
$this->capabilities_to_save = $this->remove_caps_not_allowed_for_single_admin($this->capabilities_to_save);
|
| 1473 |
+
$this->roles[$this->current_role]['name'] = $this->current_role_name;
|
| 1474 |
$this->roles[$this->current_role]['capabilities'] = $this->capabilities_to_save;
|
| 1475 |
$option_name = $wpdb->prefix . 'user_roles';
|
| 1476 |
|
| 1499 |
if (!$this->last_check_before_update()) {
|
| 1500 |
return false;
|
| 1501 |
}
|
| 1502 |
+
if (!empty($this->current_role)) {
|
| 1503 |
+
$this->roles[$this->current_role]['name'] = $this->current_role_name;
|
|
|
|
|
|
|
| 1504 |
$this->roles[$this->current_role]['capabilities'] = $this->capabilities_to_save;
|
| 1505 |
+
}
|
| 1506 |
|
| 1507 |
$serialized_roles = serialize($this->roles);
|
| 1508 |
foreach ($this->blog_ids as $blog_id) {
|
includes/classes/user-role-editor.php
CHANGED
|
@@ -444,8 +444,22 @@ class User_Role_Editor {
|
|
| 444 |
* @return array
|
| 445 |
*/
|
| 446 |
public function plugin_action_links($links) {
|
| 447 |
-
|
| 448 |
-
$
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 449 |
array_unshift($links, $settings_link);
|
| 450 |
|
| 451 |
return $links;
|
| 444 |
* @return array
|
| 445 |
*/
|
| 446 |
public function plugin_action_links($links) {
|
| 447 |
+
$single_site_settings_link = '<a href="options-general.php?page=settings-' . URE_PLUGIN_FILE . '">' . esc_html__('Settings', 'user-role-editor') .'</a>';
|
| 448 |
+
$multisite = $this->lib->get('multisite');
|
| 449 |
+
if (!$multisite ) {
|
| 450 |
+
$settings_link = $single_site_settings_link;
|
| 451 |
+
} else {
|
| 452 |
+
$ure = basename(URE_PLUGIN_DIR) . '/' . URE_PLUGIN_FILE;
|
| 453 |
+
$active_for_network = is_plugin_active_for_network($ure);
|
| 454 |
+
if (!$active_for_network) {
|
| 455 |
+
$settings_link = $single_site_settings_link;
|
| 456 |
+
} else {
|
| 457 |
+
if (!current_user_can('manage_network_plugins')) {
|
| 458 |
+
return $links;
|
| 459 |
+
}
|
| 460 |
+
$settings_link = '<a href="'. network_admin_url() .'settings.php?page=settings-'. URE_PLUGIN_FILE .'">'. esc_html__('Settings', 'user-role-editor') .'</a>';
|
| 461 |
+
}
|
| 462 |
+
}
|
| 463 |
array_unshift($links, $settings_link);
|
| 464 |
|
| 465 |
return $links;
|
includes/classes/view.php
CHANGED
|
@@ -140,7 +140,7 @@ class URE_View {
|
|
| 140 |
$cap_id = $capability['inner'];
|
| 141 |
if (!$user_is_ure_admin) {
|
| 142 |
if (isset($ure_caps[$cap_id]) ||
|
| 143 |
-
($
|
| 144 |
// exclude URE caps if user does not have full access to URE
|
| 145 |
continue;
|
| 146 |
}
|
| 140 |
$cap_id = $capability['inner'];
|
| 141 |
if (!$user_is_ure_admin) {
|
| 142 |
if (isset($ure_caps[$cap_id]) ||
|
| 143 |
+
($multisite && $cap_id=='manage_network_plugins')) {
|
| 144 |
// exclude URE caps if user does not have full access to URE
|
| 145 |
continue;
|
| 146 |
}
|
readme.txt
CHANGED
|
@@ -3,8 +3,8 @@ Contributors: shinephp
|
|
| 3 |
Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=vladimir%40shinephp%2ecom&lc=RU&item_name=ShinePHP%2ecom&item_number=User%20Role%20Editor%20WordPress%20plugin¤cy_code=USD&bn=PP%2dDonationsBF%3abtn_donateCC_LG%2egif%3aNonHosted
|
| 4 |
Tags: user, role, editor, security, access, permission, capability
|
| 5 |
Requires at least: 4.0
|
| 6 |
-
Tested up to: 4.6
|
| 7 |
-
Stable tag: 4.27.
|
| 8 |
License: GPLv2 or later
|
| 9 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
| 10 |
|
|
@@ -78,6 +78,13 @@ https://translate.wordpress.org/projects/wp-plugins/user-role-editor/
|
|
| 78 |
|
| 79 |
== Changelog ==
|
| 80 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 81 |
= [4.27.1] 22.08.2016 =
|
| 82 |
* Update: There was a conflict with plugins which use a '/' character at the custom user capabilities: e.g. vc_access_rules_backend_editor/disabled_ce_editor from Visual Composer.
|
| 83 |
* Update: add/delete, escape, validate user capability code extracted from URE_Lib to the separate URE_Capability class
|
| 3 |
Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=vladimir%40shinephp%2ecom&lc=RU&item_name=ShinePHP%2ecom&item_number=User%20Role%20Editor%20WordPress%20plugin¤cy_code=USD&bn=PP%2dDonationsBF%3abtn_donateCC_LG%2egif%3aNonHosted
|
| 4 |
Tags: user, role, editor, security, access, permission, capability
|
| 5 |
Requires at least: 4.0
|
| 6 |
+
Tested up to: 4.6.1
|
| 7 |
+
Stable tag: 4.27.2
|
| 8 |
License: GPLv2 or later
|
| 9 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
| 10 |
|
| 78 |
|
| 79 |
== Changelog ==
|
| 80 |
|
| 81 |
+
= [4.27.2] 15.09.2016 =
|
| 82 |
+
* Update: There was a conflict with plugins which use a '|' character at the custom user capabilities: e.g. 'Nginx Helper | Config' from "Nginx Helper' plugin.
|
| 83 |
+
* Fix: PHP notice was removed: Undefined property: URE_Role_View::$multisite in wp-content/plugins/user-role-editor/includes/classes/view.php on line 143
|
| 84 |
+
* Fix: WordPress multisite: Settings link under the URE plugin at the plugins list leads to the network admin now, not to the the single site settings page, which does not exist.
|
| 85 |
+
* Fix: WordPress multisite: conflict with "Visual Composer" plugin was resolved: single site administrators could now use Visual Composer editor.
|
| 86 |
+
* Fix: WordPress multisite: changed role name was not replicated to other sites when user clicked "Update" with "Apply to All Sites" option turned ON.
|
| 87 |
+
|
| 88 |
= [4.27.1] 22.08.2016 =
|
| 89 |
* Update: There was a conflict with plugins which use a '/' character at the custom user capabilities: e.g. vc_access_rules_backend_editor/disabled_ce_editor from Visual Composer.
|
| 90 |
* Update: add/delete, escape, validate user capability code extracted from URE_Lib to the separate URE_Capability class
|
user-role-editor.php
CHANGED
|
@@ -3,7 +3,7 @@
|
|
| 3 |
Plugin Name: User Role Editor
|
| 4 |
Plugin URI: https://www.role-editor.com
|
| 5 |
Description: Change/add/delete WordPress user roles and capabilities.
|
| 6 |
-
Version: 4.27.
|
| 7 |
Author: Vladimir Garagulya
|
| 8 |
Author URI: https://www.role-editor.com
|
| 9 |
Text Domain: ure
|
|
@@ -23,7 +23,7 @@ if (defined('URE_PLUGIN_URL')) {
|
|
| 23 |
wp_die('It seems that other version of User Role Editor is active. Please deactivate it before use this version');
|
| 24 |
}
|
| 25 |
|
| 26 |
-
define('URE_VERSION', '4.27.
|
| 27 |
define('URE_PLUGIN_URL', plugin_dir_url(__FILE__));
|
| 28 |
define('URE_PLUGIN_DIR', plugin_dir_path(__FILE__));
|
| 29 |
define('URE_PLUGIN_BASE_NAME', plugin_basename(__FILE__));
|
| 3 |
Plugin Name: User Role Editor
|
| 4 |
Plugin URI: https://www.role-editor.com
|
| 5 |
Description: Change/add/delete WordPress user roles and capabilities.
|
| 6 |
+
Version: 4.27.2
|
| 7 |
Author: Vladimir Garagulya
|
| 8 |
Author URI: https://www.role-editor.com
|
| 9 |
Text Domain: ure
|
| 23 |
wp_die('It seems that other version of User Role Editor is active. Please deactivate it before use this version');
|
| 24 |
}
|
| 25 |
|
| 26 |
+
define('URE_VERSION', '4.27.2');
|
| 27 |
define('URE_PLUGIN_URL', plugin_dir_url(__FILE__));
|
| 28 |
define('URE_PLUGIN_DIR', plugin_dir_path(__FILE__));
|
| 29 |
define('URE_PLUGIN_BASE_NAME', plugin_basename(__FILE__));
|
