User Role Editor - Version 4.31.1

Version Description

Download this release

Release Info

Developer shinephp
Plugin Icon 128x128 User Role Editor
Version 4.31.1
Comparing to
See all releases

Code changes from version 4.31 to 4.31.1

Files changed (6) hide show
  1. includes/classes/base-lib.php +13 -2
  2. includes/classes/{ure-own-capabilities.php → own-capabilities.php} +14 -13
  3. includes/classes/ure-lib.php +2 -0
  4. includes/loader.php +1 -1
  5. readme.txt +6 -2
  6. user-role-editor.php +2 -2
includes/classes/base-lib.php CHANGED
@@ -61,6 +61,17 @@ class URE_Base_Lib {
61
  }
62
  // end of get_property()
63
 
 
 
 
 
 
 
 
 
 
 
 
64
 
65
  public function get_main_site() {
66
  global $current_site;
@@ -127,12 +138,12 @@ class URE_Base_Lib {
127
  $result = 0;
128
  if ($request_type == 'get') {
129
  if (isset($_GET[$var_name])) {
130
- $result = $_GET[$var_name];
131
  }
132
  } else if ($request_type == 'post') {
133
  if (isset($_POST[$var_name])) {
134
  if ($var_type != 'checkbox') {
135
- $result = $_POST[$var_name];
136
  } else {
137
  $result = 1;
138
  }
61
  }
62
  // end of get_property()
63
 
64
+
65
+ public function set($property_name, $property_value) {
66
+
67
+ if (!property_exists($this, $property_name)) {
68
+ syslog(LOG_ERR, 'Lib class does not have such property '. $property_name);
69
+ }
70
+
71
+ $this->$property_name = $property_value;
72
+ }
73
+ // end of get_property()
74
+
75
 
76
  public function get_main_site() {
77
  global $current_site;
138
  $result = 0;
139
  if ($request_type == 'get') {
140
  if (isset($_GET[$var_name])) {
141
+ $result = filter_var($_GET[$var_name], FILTER_SANITIZE_STRING);
142
  }
143
  } else if ($request_type == 'post') {
144
  if (isset($_POST[$var_name])) {
145
  if ($var_type != 'checkbox') {
146
+ $result = filter_var($_POST[$var_name], FILTER_SANITIZE_STRING);;
147
  } else {
148
  $result = 1;
149
  }
includes/classes/{ure-own-capabilities.php → own-capabilities.php} RENAMED
@@ -8,7 +8,6 @@
8
  * @copyright Copyright (c) 2010 - 2016, Vladimir Garagulya
9
  **/
10
  class URE_Own_Capabilities {
11
- const URE_KEY_CAP_TR = 'ure_key_cap';
12
  const URE_SETTINGS_CAP_TR = 'ure_settings_cap';
13
 
14
 
@@ -26,9 +25,7 @@ class URE_Own_Capabilities {
26
  'ure_reset_roles' => 1
27
  );
28
 
29
- if ($lib->is_pro()) {
30
- $multisite = $lib->get('multisite');
31
-
32
  $ure_caps['ure_export_roles'] = 1;
33
  $ure_caps['ure_import_roles'] = 1;
34
  $ure_caps['ure_admin_menu_access'] = 1;
@@ -38,7 +35,9 @@ class URE_Own_Capabilities {
38
  $ure_caps['ure_other_roles_access'] = 1;
39
  $ure_caps['ure_edit_posts_access'] = 1;
40
  $ure_caps['ure_plugins_activation_access'] = 1;
41
- $ure_caps['ure_view_posts_access'] = 1;
 
 
42
  if ($multisite) {
43
  $ure_caps['ure_themes_access'] = 1;
44
  }
@@ -54,11 +53,13 @@ class URE_Own_Capabilities {
54
  */
55
  public static function get_key_capability() {
56
 
57
- $key_cap = get_transient(self::URE_KEY_CAP_TR);
 
 
58
  if (!empty($key_cap)) {
59
  return $key_cap;
60
  }
61
- $lib = URE_Lib::get_instance();
62
  $multisite = $lib->get('multisite');
63
  if (!$multisite) {
64
  $key_cap = URE_KEY_CAPABILITY;
@@ -70,8 +71,8 @@ class URE_Own_Capabilities {
70
  } else {
71
  $key_cap = 'manage_network_plugins';
72
  }
73
- }
74
- set_transient(self::URE_KEY_CAP_TR, $key_cap, 60);
75
 
76
  return $key_cap;
77
  }
@@ -85,12 +86,12 @@ class URE_Own_Capabilities {
85
  */
86
  public static function get_settings_capability() {
87
 
88
- $settings_cap = get_transient(self::URE_SETTINGS_CAP_TR);
 
89
  if (!empty($settings_cap)) {
90
  return $settings_cap;
91
  }
92
-
93
- $lib = URE_Lib::get_instance();
94
  $multisite = $lib->get('multisite');
95
  if (!$multisite) {
96
  $settings_cap = 'ure_manage_options';
@@ -103,7 +104,7 @@ class URE_Own_Capabilities {
103
  $settings_cap = self::get_key_capability();
104
  }
105
  }
106
- set_transient(self::URE_SETTINGS_CAP_TR, $settings_cap, 60);
107
 
108
  return $settings_cap;
109
  }
8
  * @copyright Copyright (c) 2010 - 2016, Vladimir Garagulya
9
  **/
10
  class URE_Own_Capabilities {
 
11
  const URE_SETTINGS_CAP_TR = 'ure_settings_cap';
12
 
13
 
25
  'ure_reset_roles' => 1
26
  );
27
 
28
+ if ($lib->is_pro()) {
 
 
29
  $ure_caps['ure_export_roles'] = 1;
30
  $ure_caps['ure_import_roles'] = 1;
31
  $ure_caps['ure_admin_menu_access'] = 1;
35
  $ure_caps['ure_other_roles_access'] = 1;
36
  $ure_caps['ure_edit_posts_access'] = 1;
37
  $ure_caps['ure_plugins_activation_access'] = 1;
38
+ $ure_caps['ure_view_posts_access'] = 1;
39
+ $ure_caps['ure_front_end_menu_access'] = 1;
40
+ $multisite = $lib->get('multisite');
41
  if ($multisite) {
42
  $ure_caps['ure_themes_access'] = 1;
43
  }
53
  */
54
  public static function get_key_capability() {
55
 
56
+ $lib = URE_Lib::get_instance();
57
+ $key_cap = $lib->get('key_capability');
58
+
59
  if (!empty($key_cap)) {
60
  return $key_cap;
61
  }
62
+
63
  $multisite = $lib->get('multisite');
64
  if (!$multisite) {
65
  $key_cap = URE_KEY_CAPABILITY;
71
  } else {
72
  $key_cap = 'manage_network_plugins';
73
  }
74
+ }
75
+ $lib->set('key_capability', $key_cap);
76
 
77
  return $key_cap;
78
  }
86
  */
87
  public static function get_settings_capability() {
88
 
89
+ $lib = URE_Lib::get_instance();
90
+ $settings_cap = $lib->get('settings_capability');
91
  if (!empty($settings_cap)) {
92
  return $settings_cap;
93
  }
94
+
 
95
  $multisite = $lib->get('multisite');
96
  if (!$multisite) {
97
  $settings_cap = 'ure_manage_options';
104
  $settings_cap = self::get_key_capability();
105
  }
106
  }
107
+ $lib->set('settings_capability', $settings_cap);
108
 
109
  return $settings_cap;
110
  }
includes/classes/ure-lib.php CHANGED
@@ -32,6 +32,8 @@ class Ure_Lib extends URE_Base_Lib {
32
  protected $advert = null;
33
  protected $role_additional_options = null;
34
  protected $bbpress = null; // reference to the URE_bbPress class instance
 
 
35
 
36
  // when allow_edit_users_to_not_super_admin option is turned ON, we set this property to true
37
  // when we raise single site admin permissions up to the superadmin for the 'Add new user' new-user.php page
32
  protected $advert = null;
33
  protected $role_additional_options = null;
34
  protected $bbpress = null; // reference to the URE_bbPress class instance
35
+ protected $key_capability = ''; // Key user capability for get full access to the User Role Editor
36
+ protected $settings_capability = ''; // User capability for access to User Role Editor Settings
37
 
38
  // when allow_edit_users_to_not_super_admin option is turned ON, we set this property to true
39
  // when we raise single site admin permissions up to the superadmin for the 'Add new user' new-user.php page
includes/loader.php CHANGED
@@ -11,7 +11,7 @@
11
  require_once(URE_PLUGIN_DIR .'includes/define-constants.php');
12
  require_once(URE_PLUGIN_DIR .'includes/misc-support-stuff.php');
13
  require_once(URE_PLUGIN_DIR .'includes/classes/task-queue.php');
14
- require_once(URE_PLUGIN_DIR .'includes/classes/ure-own-capabilities.php');
15
  require_once(URE_PLUGIN_DIR .'includes/classes/bbpress.php');
16
  require_once(URE_PLUGIN_DIR .'includes/classes/assign-role.php');
17
  require_once(URE_PLUGIN_DIR .'includes/classes/user-other-roles.php');
11
  require_once(URE_PLUGIN_DIR .'includes/define-constants.php');
12
  require_once(URE_PLUGIN_DIR .'includes/misc-support-stuff.php');
13
  require_once(URE_PLUGIN_DIR .'includes/classes/task-queue.php');
14
+ require_once(URE_PLUGIN_DIR .'includes/classes/own-capabilities.php');
15
  require_once(URE_PLUGIN_DIR .'includes/classes/bbpress.php');
16
  require_once(URE_PLUGIN_DIR .'includes/classes/assign-role.php');
17
  require_once(URE_PLUGIN_DIR .'includes/classes/user-other-roles.php');
readme.txt CHANGED
@@ -4,7 +4,7 @@ Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=vladi
4
  Tags: user, role, editor, security, access, permission, capability
5
  Requires at least: 4.0
6
  Tested up to: 4.7
7
- Stable tag: 4.31
8
  License: GPLv2 or later
9
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
10
 
@@ -76,11 +76,15 @@ If you wish to check available translations or help with plugin translation to y
76
  https://translate.wordpress.org/projects/wp-plugins/user-role-editor/
77
 
78
  == Changelog ==
 
 
 
 
79
  = [4.31] 14.12.2016 =
80
  * New: It's possible to remove unused user capabilities by list.
81
  * Fix: There was no support for installations with the hidden/changed URL to wp-admin. URE uses 'admin_url()' now to get and check admin URL, instead of direct comparing URL with 'wp-admin' string.
82
  * Fix: Deprecated capabilities were shown in some cases at the 'Core' group even with "Show deprecated capabilities" mode switched off.
83
- * Update: Capability groups CSS classes are prefixed with 'ure-' in order to the minimize possible CSS conflicts with other plugins/themes which may load styles with the same classes globally and break URE's markup.
84
 
85
  = [4.30] 01.12.2016 =
86
  * Update: compatible with WordPress 4.7
4
  Tags: user, role, editor, security, access, permission, capability
5
  Requires at least: 4.0
6
  Tested up to: 4.7
7
+ Stable tag: 4.31.1
8
  License: GPLv2 or later
9
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
10
 
76
  https://translate.wordpress.org/projects/wp-plugins/user-role-editor/
77
 
78
  == Changelog ==
79
+ = [4.31.1] 06.01.2017 =
80
+ * Fix: WP transients get/set were removed from URE_Own_Capabilities class. It leaded to the MySQL deadlock in some cases.
81
+ * Update: Base_Lib::get_request_var() sanitizes user input by PHP's filter_var() in addition to WordPress core's esc_attr().
82
+
83
  = [4.31] 14.12.2016 =
84
  * New: It's possible to remove unused user capabilities by list.
85
  * Fix: There was no support for installations with the hidden/changed URL to wp-admin. URE uses 'admin_url()' now to get and check admin URL, instead of direct comparing URL with 'wp-admin' string.
86
  * Fix: Deprecated capabilities were shown in some cases at the 'Core' group even with "Show deprecated capabilities" mode switched off.
87
+ * Update: Capability groups CSS classes are prefixed with 'ure-' in order to minimize possible CSS conflicts with other plugins/themes which may load styles with the same classes globally and break URE's markup.
88
 
89
  = [4.30] 01.12.2016 =
90
  * Update: compatible with WordPress 4.7
user-role-editor.php CHANGED
@@ -3,7 +3,7 @@
3
  Plugin Name: User Role Editor
4
  Plugin URI: https://www.role-editor.com
5
  Description: Change/add/delete WordPress user roles and capabilities.
6
- Version: 4.31
7
  Author: Vladimir Garagulya
8
  Author URI: https://www.role-editor.com
9
  Text Domain: ure
@@ -23,7 +23,7 @@ if (defined('URE_PLUGIN_URL')) {
23
  wp_die('It seems that other version of User Role Editor is active. Please deactivate it before use this version');
24
  }
25
 
26
- define('URE_VERSION', '4.31');
27
  define('URE_PLUGIN_URL', plugin_dir_url(__FILE__));
28
  define('URE_PLUGIN_DIR', plugin_dir_path(__FILE__));
29
  define('URE_PLUGIN_BASE_NAME', plugin_basename(__FILE__));
3
  Plugin Name: User Role Editor
4
  Plugin URI: https://www.role-editor.com
5
  Description: Change/add/delete WordPress user roles and capabilities.
6
+ Version: 4.31.1
7
  Author: Vladimir Garagulya
8
  Author URI: https://www.role-editor.com
9
  Text Domain: ure
23
  wp_die('It seems that other version of User Role Editor is active. Please deactivate it before use this version');
24
  }
25
 
26
+ define('URE_VERSION', '4.31.1');
27
  define('URE_PLUGIN_URL', plugin_dir_url(__FILE__));
28
  define('URE_PLUGIN_DIR', plugin_dir_path(__FILE__));
29
  define('URE_PLUGIN_BASE_NAME', plugin_basename(__FILE__));