User Role Editor - Version 4.37

Version Description

Download this release

Release Info

Developer shinephp
Plugin Icon 128x128 User Role Editor
Version 4.37
Comparing to
See all releases

Code changes from version 4.36.1 to 4.37

changelog.txt ADDED
@@ -0,0 +1,759 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ CHANGES LOG (full version).
2
+ ===========================
3
+
4
+ = [4.37] 01.11.2017 =
5
+ * New: New option was added. It's possible to select permanent quant of capabilities columns at the "Settings->User Role Editor->General" tab.
6
+ * Update: User capabilities are shown for custom post types which use the WordPress built-in 'post' or 'page' capability type. (0/0) was shown earlier instead of the quantity of user capabilities really used.
7
+ * Update: Restriction was added for 'do_not_allow' user capability (used internally by WordPress). You can not add it manually.
8
+ * Fix: URE hides users with 'administrator' role by default from any other user. Quantity of users of 'All' view (tab) at 'Users' page is decreased now for the quantity of hidden administrators.
9
+
10
+ = [4.36.1] 02.10.2017 =
11
+ * Update: Direct access to the global $current_user variable was excluded. Current user data is initialized via WordPress core functions wp_get_current_user() or get_current_user_id().
12
+
13
+ = [4.36] 19.09.2017 =
14
+ * New: It's possible to set any URE's option value programmatically: use custom filter 'ure_get_option_<option_name>'. It takes a single parameter with current/default value for required options.
15
+ Full list of User Role Editor options is available here: https://www.role-editor.com/documentation/options-list
16
+ * Update: Users page - Grant Roles. It's possible to change just "Other roles" for multiple users and leave their primary roles untouched. Just leave a "Primary role" field empty. If you select the "- No role for this site -" option from a "Primary role" drop-down list, plugin will revoke all roles from the selected users.
17
+ * Update: Options page screen help text was updated.
18
+ * Fix: Additional (other) default roles set at URE's settings page are not granted to a new user now, if they were deselected at a 'Add New User' page.
19
+
20
+ = [4.35.3] 20.07.2017 =
21
+ * Fix: Multiple roles assignment (including default roles) did not work at "Users->Add New" new-user.php (contexts: add-existing-user, add-new-user) page for WordPress multisite.
22
+
23
+ = [4.35.2] 18.07.2017 =
24
+ * Fix: Multiple default roles (if defined at URE's settings) are selected automatically at new-user.php (context: add-new-user) page.
25
+ * Update: Code enhancement for protection of users with 'administrator' role from each other. Current user can see his own record and edit own profile.
26
+
27
+ = [4.35.1] 10.07.2017 =
28
+ * Fix: "Grant Roles" button at the bottom of "Users" page did not work as had the same ID as a similar button at the top of this page.
29
+ * Update: when bbPress plugin is active, "Grant Roles" does not revoke bbPress role granted to user anymore.
30
+ * Fix: The same ID "move_from_no_role" and "move_from_no_role_dialog" were included twice to the "Users" page.
31
+
32
+ = [4.35] 11.06.2017 =
33
+ * Update: Bulk capabilities selection checkbox is not shown for 'administrator' role for single site WP, and is shown if current user is superadmin for multisite WP. It was done to exclude sudden revoke of all capabilities from the 'administrator' role.
34
+ * Update: Full copy of JQuery UI 1.11.4 custom theme CSS file (jquery-ui.css) was included.
35
+ * Fix: User->User Role Editor page apparently loads own jQuery UI CSS (instead of use of WordPress default one) in order to exclude the conflicts with themes and plugins which can load own jQuery UI CSS globally not for own pages only.
36
+ * Fix: "Change Log" link was replaced with secure https://www.role-editor.com/changelog
37
+
38
+ = [4.34] 02.06.2017 =
39
+ * New: Multisite 'upgrade_network' capability support was added for compatibility with WordPress 4.8.
40
+ * New: Multisite 'delete_sites' capability support was added.
41
+ * Update: Users->Grant Roles: if a single user was selected for "Grant Roles" bulk action, dialog will show the current roles of selected user with checkboxes turned ON (pre-selected).
42
+ * Fix: Transients caching was removed from URE_Lib::_get_post_types() function. It cached post types list too early in some cases.
43
+ * Fix: jQuery UI CSS was updated to fix minor view inconsistency at the URE's Settings page.
44
+ * Fix: "Reset" presentation code remainders were removed from the main User Role Editor page.
45
+ * Fix: 'manage_links' capability was included into a wrong subgroup instead of "Core->General". It was a mistake in the capabilities group counters for that reason.
46
+
47
+ = [4.33] 19.05.2017 =
48
+ * Fix: "Users->Without Roles", "Users->Grant Roles" are shown only to the users with 'edit_users' capability.
49
+ * Fix: Roles were updated for all sites of all networks for WordPress multisite. "Apply to All Sites" option updates roles inside a current network only.
50
+ * Update: "Reset" button moved from the "Users->User Role Editor" main page to the "Settings->User Role Editor->Tools" tab.
51
+ * Update: "Users->Grant Roles" button worked only for superadmin or user with 'ure_manage_options' capability. User with 'edit_users' can use this feature now.
52
+ * New: boolean filter 'ure_bulk_grant_roles' allows to not show "Users->Grant Roles" button if you don't need it.
53
+ * New: boolean filter 'ure_users_select_primary_role' can hide 'Primary role' selection controls from the user profile edit page.
54
+ * New: boolean filter 'ure_users_show_wp_change_role' can hide "Change Role" bulk action selection control from the Users page. So it's possible to configure permissions for user who can change just other roles of a user without changing his primary role.
55
+ * Update: Settings tabs and dialog stylesheets was updated to jQuery UI 1.11.4 default theme.
56
+
57
+ = [4.32.3] 03.04.2017 =
58
+ * Fix: Boolean false was sent to WordPress core wp_enqueue_script() function as the 2nd parameter instead of an empty string. We should respect the type of parameter which code author supposed to use initially.
59
+ * Fix: Bulk grant to users multiple roles JavaScript code is loaded now for users.php page only, not globally.
60
+
61
+ = [4.32.2] 17.03.2017 =
62
+ * Fix: "Users->Grant Roles" button did not work with switched off option "Count Users without role" at "Settings->User Role Editor->Additional Modules" tab. "JQuery UI" library was not loaded.
63
+ * Update: minimal PHP version was raised to 5.3.
64
+
65
+ = [4.32.1] 09.03.2017 =
66
+ * Fix: URL to users.php page was built incorrectly after bulk roles assignment to the users selected at the 1st page of a users list.
67
+
68
+ = [4.32] 09.03.2017 =
69
+ * New: Button "Grant Roles" allows to "Assign multiple roles to the selected users" directly from the "Users" page.
70
+ * Update: singleton template was applied to the main User_Role_Editor class. While GLOBALS['user-role-editor'] reference to the instance of User_Role_Editor class is still available for the compatibility purpose, call to User_Role_Editor::get_instance() is the best way now to get a reference to the instance of User_Role_Editor class.
71
+ * Fix: Missed 'unfiltered_html' capability is shown now at the 'General' capabilities group too.
72
+
73
+ = [4.31.1] 06.01.2017 =
74
+ * Fix: WP transients get/set were removed from URE_Own_Capabilities class. It leaded to the MySQL deadlock in some cases.
75
+ * Update: Base_Lib::get_request_var() sanitizes user input by PHP's filter_var() in addition to WordPress core's esc_attr().
76
+
77
+ = [4.31] 14.12.2016 =
78
+ * New: It's possible to remove unused user capabilities by list.
79
+ * Fix: There was no support for installations with the hidden/changed URL to wp-admin. URE uses 'admin_url()' now to get and check admin URL, instead of direct comparing URL with 'wp-admin' string.
80
+ * Fix: Deprecated capabilities were shown in some cases at the 'Core' group even with "Show deprecated capabilities" mode switched off.
81
+ * Update: Capability groups CSS classes are prefixed with 'ure-' in order to minimize possible CSS conflicts with other plugins/themes which may load styles with the same classes globally and break URE's markup.
82
+
83
+ = [4.30] 01.12.2016 =
84
+ * Update: compatible with WordPress 4.7
85
+ * New: "Granted Only" checkbox to the right from the "Quick Filter" input control allows to show only granted capabilities for the selected role or user.
86
+
87
+ = [4.29] 10.11.2016 =
88
+ * New: User Role Editor own user capabilities are grouped separately under Custom capabilities.
89
+ * Update: URE_Lib::is_super_admin() uses WordPress core is_super_admin() for multisite setup only. Superadmin is a user with 'administrator' role in the case of single site WordPress installation.
90
+ This is the difference with the WordPress core which counts as a superadmin (for single site WP installation) any user with a 'delete_users' capability.
91
+ * Update: BaseLib::option_selected() calls were replaced with the calls of a similar selected() function from WordPress core.
92
+
93
+ = [4.28] 20.10.2016 =
94
+ * New: WooCommerce plugin user capabilities (if exist) are grouped separately under Custom capabilities.
95
+ * Update: Temporally raised permissions flag is taken into account when checking, if user has a superadmin privileges. WordPress is_super_admin() function was replaced with custom wrapper to define if current user is a real superadmin or just a local admin with the temporally raised (add/edit users pages) permissions.
96
+
97
+ = [4.27.2] 15.09.2016 =
98
+ * Update: There was a conflict with plugins which use a '|' character at the custom user capabilities: e.g. 'Nginx Helper | Config' from "Nginx Helper' plugin.
99
+ * Fix: PHP notice was removed: Undefined property: URE_Role_View::$multisite in wp-content/plugins/user-role-editor/includes/classes/view.php on line 143
100
+ * Fix: WordPress multisite: Settings link under the URE plugin at the plugins list leads to the network admin now, not to the the single site settings page, which does not exist.
101
+ * Fix: WordPress multisite: conflict with "Visual Composer" plugin was resolved: single site administrators could now use Visual Composer editor.
102
+ * Fix: WordPress multisite: changed role name was not replicated to other sites when user clicked "Update" with "Apply to All Sites" option turned ON.
103
+
104
+ = [4.27.1] 22.08.2016 =
105
+ * Update: There was a conflict with plugins which use a '/' character at the custom user capabilities: e.g. vc_access_rules_backend_editor/disabled_ce_editor from Visual Composer.
106
+ * Update: add/delete, escape, validate user capability code extracted from URE_Lib to the separate URE_Capability class
107
+
108
+ = [4.27] 18.08.2016 =
109
+ * New: Total/Granted counters were added to the capabilities groups titles.
110
+ * New: "Columns" drop-down menu allows to change capabilities section layout to 1, 2 or 3 columns.
111
+ * New: Capabilities section is limited in height and has independent scrollbar.
112
+ * Update: User Role Editor page markup was updated to use more available space on page.
113
+ * Update: URE_Ajax_Processor class allows to differentiate required user permissions according to action submitted by user.
114
+ * Fix: CSS updated to exclude text overlapping at capabilities groups section when custom post type name is not fitted into 1 line.
115
+ * Fix: required JavaScript files were not loaded at "Network Admin->Settings->User Role Editor" page.
116
+
117
+ = [4.26.3] 25.07.2016 =
118
+ * Fix: Selecting a sub-group/list of caps does make the ure_select_all_caps checkbox select all within that group, but checking that box when at the "All" top-level group did not work.
119
+ * Fix: Notice: Undefined property: URE_Role_View::$apply_to_all
120
+
121
+ = [4.26.1] 14.07.2016 =
122
+ * Fix: some bugs, like 'undefined property' notices, etc.
123
+
124
+ = [4.26] 14.07.2016 =
125
+ * New: User capabilities were groupd by functionality for more convenience.
126
+ * Update: URE_KEY_CAPABILITY constant was changed from 'ure_edit_roles' to 'ure_manage_options'. To make possible for non-admin users access to the User Role Editor without access to the 'administrator' role and users with 'administrator' role.
127
+ * Update: User receives full access to User Role Editor under WordPress multisite if he has 'manage_network_plugins' capability instead of 'manager_network_users' as earlier. This allows to give user ability to edit network users without giving him access to the User Role Editor.
128
+ * Update: Multisite: use WordPress's global $current_site->blog_id to define main blog ID instead of selecting the 1st one from the sorted list of blogs.
129
+ * Update: use WP transients at URE_Lib::_get_post_types() to reduce response time.
130
+ * Update: various internal optimizations.
131
+
132
+ = [4.25.2] 03.05.2016 =
133
+ * Update: Enhanced inner processing of available custom post types list.
134
+ * Update: Uses 15 seconds transient cache in order to not count users without role twice when 'restrict_manage_users' action fires.
135
+ * Update: URE fires action 'profile_update' after direct update of user permissions in order other plugins may catch such change.
136
+ * Update: All URE's PHP classes files renamed and moved to the includes/classes subdirectory
137
+
138
+ = [4.25.1] 15.04.2016 =
139
+ * Fix: Selected role's capabilities list was returned back to old after click "Update" button. It was showed correctly according to the recent updates just after additional page refresh.
140
+ * Update: deprecated function get_current_user_info() call was replaced with wp_get_current_user().
141
+
142
+ = [4.25] 02.04.2016 =
143
+ * Important security update: Any registered user could get an administrator access. Thanks to [John Muncaster](http://johnmuncaster.com/) for discovering and wisely reporting it.
144
+ * URE pages title tag was replaced from h2 to h1, for compatibility with other WordPress pages.
145
+ * Fix: "Assign role to the users without role" feature ignored role selected by user.
146
+ * Fix: PHP fatal error (line 34) was raised at uninstall.php for WordPress multisite.
147
+ * Update: action priority 99 was added for role additional options hook action setup.
148
+
149
+ = [4.24] 17.03.2016 =
150
+ * Fix: PHP notice was generated by class-role-additional-options.php in case when some option does not exist anymore
151
+ * Enhance: 'Add Capability' button have added capability to the WordPress built-in administrator role by default. It did not work, if 'administrator' role did not exist.
152
+ Now script selects automatically as an admin role a role with the largest quant of capabilities and adds new capability to the selected role.
153
+ * New: User capabilities page was integrated with "[User Switching](https://wordpress.org/plugins/user-switching/)" plugin - "Switch To" the editing user link iss added if "User Switching" plugin is available.
154
+ * Marked as compatible with WordPress 4.5.
155
+
156
+ = [4.23.2] 03.02.2016 =
157
+ * Fix: PHP warning "Strict Standards: Static function URE_Base_Lib::get_instance() should not be abstract" was generated
158
+
159
+ = [4.23.1] 01.02.2016 =
160
+ * Fix: 'get_called_class()' function call was excluded for the compatibility with PHP 5.2.*
161
+ * Fix: ure-users.js was loaded not only to the 'Users' page.
162
+
163
+ = [4.23] 31.01.2016 =
164
+ * Fix: "Users - Without Role" button showed empty roles drop down list on the 1st call.
165
+ * Update: Own task queue was added, so code which should executed once after plugin activation is executed by the next request to WP and may use a selected WordPress action to fire with a needed priority.
166
+ * Update: Call of deprecated mysql_server_info() is replaced with $wpdb->db_version().
167
+ * Update: Singleton patern is applied to the URE_Lib class.
168
+ * Minor code enhancements
169
+
170
+ = [4.22] 15.01.2016 =
171
+ * Unused 'add_users' capability was removed from the list of core capabilities as it was removed from WordPress starting from version 4.4
172
+ * bbPress user capabilities are supported for use in the non-bbPress roles. You can not edit roles created by bbPress, as bbPress re-creates them dynamically for every request to the server. Full support for bbPress roles editing will be included into User Role Editor Pro version 4.22.
173
+ * Self-added "Other Roles" column removed from "Users" list, as WordPress started to show all roles assigned to the user in its own "Role" column.
174
+ * 'ure_show_additional_capabilities_section' filter allows to hide 'Other Roles' section at the 'Add new user', 'Edit user' pages.
175
+
176
+ = [4.21.1] 16.12.2015 =
177
+ * Fix: 'Update' button did not work at User's Capabilities page due to confirmation dialog call error.
178
+
179
+
180
+ = [4.21] 11.12.2015 =
181
+ * It's possible to switch off the update role confirmation (Settings - User Role Editor - General tab).
182
+ * Standard JavaScript confirm box before role update was replaced with custom one to exclude 'Prevent this page from creating additional dialogs' option in the Google Chrome browser.
183
+ * Fix: Removed hard coded folder name (user-role-editor) from the used paths.
184
+
185
+
186
+ = [4.20.1] 15.11.2015 =
187
+ * Fix: "Primary default role" drop-down menu was not shown at "Settings - User Role Editor - Default Roles" tab for WordPress single site installation.
188
+
189
+ = [4.20] 15.11.2015 =
190
+ * "Additional options" section was added to the user role editor page. Currently it contains the only "Hide admin bar". The list of options may be customized/extended by developers via "ure_role_additonal_options" filter.
191
+ * "Default Role" button is hidden to not duplicate functionality. Use "Settings - User Role Editor - Default Roles" tab instead. This button is available only for the single sites of WP multisite now.
192
+ * Code restructure, optimization: administrator protection parts extracted to the separate class.
193
+
194
+ = [4.19.3] 14.10.2015 =
195
+ * Fix: minor CSS change.
196
+ * Automatically add all available custom post types capabilities to the administrator role under the single site environment. Custom posts types selection query updated to include all custom post types except 'built-in' when adding custom capabilities for them
197
+ * Special flag was set to indicate that single site administrator gets raised (superadmin) permissions temporary especially for the 'user-new.php' page, but current user is not the superadmin really.
198
+ (This temporary permissions raising is done to allow single site administrator to add new users under multisite if related option is active.)
199
+
200
+ = [4.19.2] 01.10.2015 =
201
+ * Fix: multiple default roles assignment did not work under the multisite environment, when user was created from front-end by WooCommerce, etc.
202
+ * Update: the translation text domain was changed to the plugin slug (user-role-editor) for the compatibility with translations.wordpress.org
203
+ * Update: CSS enhanced to exclude column wrapping for the capabilities with the long names.
204
+
205
+ = [4.19.1] 20.08.2015 =
206
+ * Default role value has not been refreshed automatically after change at the "Default Role" dialog - fixed.
207
+ * More detailed notice messages are shown after default role change - to reflect a possible error or problem.
208
+ * Other default roles (in addition to the primary role) has been assigned to a new registered user for requests from the admin back-end only. Now this feature works for the requests from the front-end user registration forms too.
209
+
210
+ = 4.19 =
211
+ * 28.07.2015
212
+ * It is possible to assign to the user multiple roles directly through a user profile edit page.
213
+ * Custom SQL-query (checked if the role is in use and slow on the huge data) was excluded and replaced with WordPress built-in function call. [Thanks to Aaron](https://wordpress.org/support/topic/poorly-scaling-queries).
214
+ * Bulk role assignment to the users without role was rewritten for cases with a huge quant of users. It processes just 50 users without role for the one request to return the answer from the server in the short time. The related code was extracted to the separate class.
215
+ * Code to fix JavaScript and CSS compatibility issues introduced by other plugins and themes, which load its stuff globally, was extracted into the separate class.
216
+ * Custom filters were added: 'ure_full_capabilites' - takes 1 input parameter, array with a full list of user capabilities visible at URE, 'ure_built_in_wp_caps' - takes 1 input parameter, array with a list of WordPress core user capabilities. These filters may be useful if you give access to the URE for some not administrator user, and wish to change the list of capabilities which are available to him at URE.
217
+ * Dutch translation was updated. Thanks to Gerhard Hoogterp.
218
+
219
+ = 4.18.4 =
220
+ * 30.04.2015
221
+ * Calls to the function add_query_arg() is properly escaped with esc_url_raw() to exclude potential XSS vulnerabilities. Nothing critical: both calls of add_query_arg() are placed at the unused sections of the code.
222
+ * Italian translation was updated. Thanks to Leo.
223
+
224
+ = 4.18.3 =
225
+ * 24.02.2015
226
+ * Fixed PHP fatal error for roles reset operation.
227
+ * Fixed current user capability checking before URE Options page open.
228
+ * 3 missed phrases were added to the translations files. Thanks to [Morteza](https://wordpress.org/support/profile/mo0orteza)
229
+ * Hebrew translation updated. Thanks to [atar4u](http://atar4u.com)
230
+ * Persian translation updated. Thanks to [Morteza](https://wordpress.org/support/profile/mo0orteza)
231
+
232
+ = 4.18.2 =
233
+ * 06.02.2015
234
+ * New option "Edit user capabilities" was added. If it is unchecked - capabilities section of selected user will be shown in the readonly mode. Administrator (except superadmin for multisite) can not assign capabilities to the user directly. He should make it using roles only.
235
+ * More universal checking applied to the custom post type capabilities creation to exclude not existing property notices.
236
+ * Multisite: URE's options page is prohibited by 'manage_network_users' capability instead of 'ure_manage_options' in case single site administrators does not have permission to use URE.
237
+ * URE protects administrator user from editing by other users by default. If you wish to turn off such protection, you may add filter 'ure_supress_administrators_protection' and return 'true' from it.
238
+ * Plugin installation to the WordPress multisite with large (thousands) subsites had a problem with script execution time. Fixed. URE does not try to update all subsites at once now. It does it for every subsite separately, only when you visit that subsite.
239
+ * Fixed JavaScript bug with 'Reset Roles' for FireFox v.34.
240
+
241
+ = 4.18.1 =
242
+ * 14.12.2014
243
+ * As activation hook does not fire during bulk plugins update, automatic plugin version check and upgrade execution were added.
244
+
245
+ = 4.18 =
246
+ * 14.12.2014
247
+ * Own custom user capabilities, e.g. 'ure_edit_roles' are used to restrict access to User Role Editor functionality ([read more](https://www.role-editor.com/user-role-editor-4-18-new-permissions/)).
248
+ * If custom post type uses own custom user capabilities URE add them to the 'Custom Capabilities' section automatically.
249
+ * Multisite: You may allow to the users without superadmin privileges to add/create site users without sending them email confirmation request.
250
+ * Bug fix: when non-admin user updated other user profile, that user lost secondary roles.
251
+ * Italian translation was added. Thanks to [Giuseppe Velardo](http://www.comprensivoleopardi.gov.it/).
252
+
253
+ = 4.17.3 =
254
+ * 23.11.2014
255
+ * French and Turkish translation were updated. Thanks to [Transifex](https://www.transifex.com) translation team.
256
+
257
+ = 4.17.2 =
258
+ * 21.10.2014
259
+ * Notice: "Undefined property: Ure_Lib::$pro in .../class-user-role-editor.php on line 550" was fixed.
260
+ * Settings help screen text was updated.
261
+ * Russian translation was updated.
262
+ * Hungarian translation was updated. Thanks to Németh Balázs.
263
+ * French and Turkish translation were updated. Thanks to [Transifex](https://www.transifex.com) translation team.
264
+
265
+
266
+ = 4.17.1 =
267
+ * 01.10.2014
268
+ * Bug fix for the PHP Fatal error: Call to undefined function is_plugin_active_for_network(). It may take place under multisite only,
269
+ in case no one of the other active plugins load file with this function already before User Role Editor v. 4.17 tries to call it.
270
+
271
+ = 4.17 =
272
+ * 01.10.2014
273
+ * Multisite (update for cases when URE was not network activated): It is possible to use own settings for single site activated instances of User Role Editor.
274
+ Earlier User Role Editor used the settings values from the main blog only located under "Network Admin - Settings".
275
+ Some critical options were hidden from the "Multisite" tab for single site administrators and visible to the superadmin only.
276
+ Single site admin should not have access to the options which purpose is to restrict him.
277
+ Important! In case you decide to allow single site administrator activate/deactivate User Role Editor himself, setup this PHP constant at the wp-config.php file:
278
+ define('URE_ENABLE_SIMPLE_ADMIN_FOR_MULTISITE', 1);
279
+ Otherwise single site admin will not see User Role Editor in the plugins list after its activation. User Role Editor hides itself under multisite from all users except superadmin by default.
280
+ * Help screen for the Settings page was updated.
281
+ * Hungarian translation was added. Thanks to Németh Balázs.
282
+ * Dutch translation was added. Thanks to Arjan Bosch.
283
+
284
+
285
+ = 4.16 =
286
+ * 11.09.2014
287
+ * "create_sites" user capability was added to the list of built-in WordPress user capabilities for WordPress multisite. It does not exist by default. But it is used to control "Add New" button at the "Sites" page under WordPress multisite network admin.
288
+ * bug fix: WordPress database prefix value was not used in 2 SQL queries related to the "count users without role" module - updated.
289
+
290
+ = 4.15 =
291
+ * 08.09.2014
292
+ * Rename role button was added to the URE toolbar. It allows to change user role display name (role ID is always the same). Be careful and double think before rename some built-in WordPress role.
293
+
294
+ = 4.14.4 =
295
+ * 08.08.2014
296
+ * Missed "manage_sites" user capability was added to the list of built-in WordPress capabilities managed by User Role Editor.
297
+ * Russian translation was updated.
298
+
299
+ = 4.14.3 =
300
+ * 25.07.2014
301
+ * Integer "1" as default capability value for new added empty role was excluded for the better compatibility with WordPress core. Boolean "true" is used instead as WordPress itself does.
302
+ * Integration with Gravity Forms permissions system was enhanced for WordPress multisite.
303
+
304
+ = 4.14.2 =
305
+ * 18.07.2014
306
+ * The instance of main plugin class User_Role_Editor is available for other developers now via $GLOBALS['user_role_editor']
307
+ * Compatibility issue with the theme ["WD TechGoStore"](http://wpdance.com) is resolved. This theme loads its JS and CSS stuff for admin backend uncoditionally - for all pages. While the problem is caused just by CSS URE unloads all this theme JS and CSS for optimizaiton purpose for WP admin backend pages where conflict is possible.
308
+
309
+ = 4.14.1 =
310
+ * 13.06.2014
311
+ * MySQL query optimizing to reduce memory consumption. Thanks to [SebastiaanO](http://wordpress.org/support/topic/allowed-memory-size-exhausted-fixed).
312
+ * Extra WordPress nonce field was removed from the post at main role editor page to exclude nonce duplication.
313
+ * Minor code enhancements.
314
+ * Fixes for some missed translations.
315
+
316
+ = 4.14 =
317
+ * 16.05.2014
318
+ * Persian translation was added. Thanks to Morteza.
319
+
320
+ = 4.12 =
321
+ * 22.04.2014
322
+ * Bug was fixed. It had prevented bulk move users without role (--No role for this site--) to the selected role in case such users were shown more than at one WordPress Users page.
323
+ * Korean translation was added. Thanks to [Taek Yoon](http://www.ajinsys.com).
324
+
325
+ = 4.11 =
326
+ * 06.04.2014
327
+ * Single-site: It is possible to bulk move users without role (--No role for this site--) to the selected role or automatically created role "No rights" without any capabilities. Get more details at http://role-editor.com/no-role-for-this-site/
328
+ * Plugin uses for dialogs jQuery UI CSS included into WordPress package.
329
+
330
+ = 4.10 =
331
+ * 15.02.2014
332
+ * Security enhancement: WordPress text translation functions were replaced with more secure esc_html__() and esc_html_e() variants.
333
+
334
+ = 4.9 =
335
+ * 19.01.2014
336
+ * New tab "Default Roles" was added to the User Role Editor settings page. It is possible to select multiple default roles to assign them automatically to the new registered user.
337
+ * CSS and dialog windows layout various enhancements.
338
+ * 'members_get_capabilities' filter was applied to provide better compatibility with themes and plugins which may use it to add its own user capabilities.
339
+ * jQuery UI CSS was updated to version 1.10.4.
340
+
341
+ = 4.8 =
342
+ * 10.12.2013
343
+ * Role ID validation rule was added to prohibit numeric role ID - WordPress does not support them.
344
+ * Plugin "Options" page was divided into sections (tabs): General, Multisite, About. Section with information about plugin author, his site, etc. was moved from User Role Editor main page to its "Options" page - "About" tab.
345
+ * HTML markup was updated to provide compatibility with upcoming WordPress 3.8 new administrator backend theme "MP6".
346
+ * Restore previous blog 'switch_to_blog($old_blog_id)' call was replaced to 'restore_current_blog()' where it is possible to provide better compatibility with WordPress API.
347
+ After use 'switch_to_blog()' in cycle, URE clears '_wp_switched_stack' global variable directly instead of call 'restore_current_blog()' inside the cycle to work faster.
348
+
349
+ = 4.7 =
350
+ * 04.11.2013
351
+ * "Delete Role" menu has "Delete All Unused Roles" menu item now.
352
+ * More detailed warning was added before fulfill "Reset" roles command in order to reduce accident use of this critical operation.
353
+ * Bug was fixed at Ure_Lib::reset_user_roles() method. Method did not work correctly for the rest sites of the network except the main blog.
354
+
355
+ = 4.6 =
356
+ * 21.10.2013
357
+ * Multi-site: 'unfiltered_html' capability marked as deprecated one. Read this post for more information (http://shinephp.com/is-unfiltered_html-capability-deprecated/).
358
+ * Multi-site: 'manage_network%' capabilities were included into WordPress core capabilities list.
359
+ * On screen help was added to the "User Role Editor Options" page - click "Help" at the top right corner to read it.
360
+ * Bug fix: turning off capability at the Administrator role fully removed that capability from capabilities list.
361
+ * Various internal code enhancements.
362
+ * Information about GPLv2 license was added to show apparently - "User Role Editor" is licensed under GPLv2 or later.
363
+
364
+ = 4.5.2 =
365
+ * 23.09.2013
366
+ * User capabilities editor updated to support capabilities beyond the user roles - capabilities added by other plugins directly to the users, or deleted from the user roles.
367
+ * Bug fixed - custom capabilities was not shown in User capabilities editor in some cases.
368
+ * Spanish translation was added. Thanks to [Dario Ferrer](http://darioferrer.com/).
369
+
370
+ = 4.5.1 =
371
+ * 29.08.2013
372
+ * Bug with multi-site super-admin access to the User Role Editor is fixed. Version 4.5. showed message "Insufficient permissions to work with User Role Editor" until add "manage_network_users" capability to the "Administrator" role. It is enough now to be the "Superadmin" at multi-site network.
373
+
374
+ = 4.5 =
375
+ * 29.08.2013
376
+ * Direct checking of the "administrator" role is removed from the code to support ability to change User Role Editor access key capability.
377
+ URE uses by default the "administrator" role for single site as the key capability to permit access to the User Role Editor.
378
+ You may change this capability manually by replacing value of URE_KEY_CAPABILITY constant at includes/define_constants.php file. Pro version
379
+ starting from 4.5 allows to change this key capability name (input your own, custom one) via User Role Editor settings page.
380
+ * The Hebrew translation is added. Thanks to [atar4u](http://atar4u.com).
381
+
382
+ = 4.4 =
383
+ * 15.08.2013
384
+ * Bug fixed which prevented creation of current roles backup record during User Role Editor plugin installation and produced unexpected output (PHP notices).
385
+
386
+ = 4.3 =
387
+ * 12.08.2013
388
+ * Multisite update: roles from the main (1st) blog are copied to the new added blog automatically,
389
+ even new site is added from front-end after new user registration, e.g. Gravity Forms "Register User" addon does. Earlier this feature worked
390
+ for administrator back-end operations only.
391
+ * Bug prevented to apply role changes to all sites of the network is fixed. In case when one of the sites have exactly the same roles as applied from the main site, MySQL returned 0 rows affected. URE recognized that as error and stopped further network updated. It is fixed now.
392
+ * Bug prevented to save empty (without capabilities) role is fixed.
393
+ * User interface bug with options 'Show capabilities in human readable form' and 'Show deprecated capabilities' fixed.
394
+ Now this checkboxes work this way: It takes global values from the User Role Editor Settings 1st. If you change it at Roles/User editor form plugin,
395
+ it remembers your change temporally for 10 minutes. After that this value will be returned to the URE global settings.
396
+ If you wish to make permanent change make it at URE settings page.
397
+
398
+ = 4.2 =
399
+ * 02.08.2013
400
+ * Separate setting page is added for User Role Editor under Settings menu. It is available under Network Center "Settings" for the multi-site.
401
+ * Option 'show Administrator role in the User Role Editor' was added.
402
+ * User with super-admin privilege only may create, edit, delete users by default under multi-site configuration.
403
+ Use new "Allow create, edit and delete user to not super-administrators" option to workaround this obstacle.
404
+ Such user still should have correspondent user capabilities as "create_users", "edit_users", "delete_users".
405
+ Thanks to [Sjobidoo](http://wordpress.org/support/profile/sjobidoo) for suggested
406
+ [decision](http://wordpress.org/support/topic/plugin-user-role-editor-not-able-to-add-ability-to-edit-users).
407
+ * PHP fatal error caused by typo in the 'uninstall.php' file is fixed.
408
+ * Miscellaneous code enhancements.
409
+
410
+ = 4.1.1 =
411
+ * 15.07.2013
412
+ * Issue when "users with "Editor" credentials were no longer able to change the author name in the drop down on each post to someone with administrative credentials" is fixed.
413
+ * Limitation when user with 'Administrator' role could not edit/delete other users with 'Administrator' role is removed.
414
+ * "Apply to All sites" checkbox is excluded from "Select All" operation.
415
+ * Quick filter is added to the user's capabilities edit form. Capabilities selection buttons work is fixed after that.
416
+
417
+ = 4.1 =
418
+ * 03.07.2013
419
+ * Quick Filter is added. Type part of any capability. All capabilities containing that word, e.g. 'edit' or 'users' will be highlighted by green color.
420
+ While 'quick filter' is in action 'Select All', 'Unselect All', 'Inverse' buttons work with highlighted capabilities sub-set only.
421
+ Read [this post](http://role-editor.com/user-role-editor-version-4-1-is-available/) for more information:
422
+ * Class property and method access modifiers fatal errors were fixed (http://wordpress.org/support/topic/fatalerror-1).
423
+
424
+ = 4.0 =
425
+ * 30.06.2013
426
+ * Pro version only: added 'Export/Import' functionality to 'export' all user roles to the local file and 'import' them then to other WordPress blog or other sites of muliti-site WordPress network, or just restore roles to previous state after playing with them with test purpose.
427
+ * Added integration with the Gravity Forms plugin. User Role Editor shows Gravity Forms user capabilities at the custom capabilities section.
428
+ * Code is fully restructured and encapsulated to PHP classes. Internal global variables are not in use anymore.
429
+
430
+ = 3.14.1 =
431
+ * 24.05.2013
432
+ * Bug, which prevented the correct use of WordPress nonces on some installations (Windows), is fixed;
433
+ * DIRECTORY_SEPARATOR constant used in path to User Role Editor CSS file was empty on some installations (Windows). Constant DIRECTORY_SEPARATOR is excluded from the plugin code;
434
+ * User capabilities page: roles checkboxes are excluded from 'Select All', 'Unselect All', 'Inverse' operations. Only capabilities checkboxes are processed.
435
+ * Turkish [Muhammed YILDIRIM](http://ben.muhammed.im) translation is updated.
436
+
437
+ = 3.14 =
438
+ * 17.05.2013
439
+ * Interface update: role/capability add/remove stuff was removed from the page. Plugin has toolbar at the right side now. Click on the button opens needed dialog window.
440
+ * New role may have different attrubutes "ID" and "Name". While ID is still restricted by latin characters hyphen, underscore and digits only, Name could contain spaces and national languages characters.
441
+ * General code cleanup and security enhancements: all data changes request are processed via POST instead of GET now. So its more difficult to send modified malicious request without special software. Presence of special nonce field is checked for all requests.
442
+ * Setting up the 'administrator' role as default one for new registered users is prohibited at server side.
443
+ * JavaScript code separated from PHP one whenever it's possible.
444
+
445
+ * 14.05.2013
446
+ * Update for administrators of multi-site WordPress installations. Single-site WordPress installation administrator could skip this update.
447
+ * "Apply to All Sites" feature did not work at version 3.12. It is fixed.
448
+ * "Apply to All Sites" feature is available now from main site of the network only
449
+
450
+ = 3.12 =
451
+ * 01.05.2013
452
+ * Critical update: persistent cross-site scripting vulnerability is fixed.
453
+ * WordPress built-in constants, like WP_PLUGIN_URL are not used in order to provide compatibility with sites which use SSL. plugin_dir_url(), plugin_dir_path() functions are used to define paths to the plugin's files instead.
454
+ * "Greetings" section is removed from the plugin's main page. All that content is still available at [plugin page](http://shinephp.com/user-role-editor-wordpress-plugin)
455
+
456
+
457
+ = 3.11 =
458
+ * 24.03.2013
459
+ * Required WordPress version checking is moved to plugin activation hook.
460
+ * Administrator can now exclude non-core (custom) capabilities from his role. It is useful if you need to fully remove some capability as capability deletion is prohibited while it is used at least one role.
461
+ * bbPress compatibility issue is fixed: capabilities created by bbPress dinamically are excluded from the capabilities set in User Role Editor to not store them in the database as persistent WP roles data.
462
+ * Additional roles are assigned to user without overriding her primary WordPress role and bbPress role.
463
+ * Changing Wordpress user primary role at user profile doesn't clear additonal roles assigned with User Role Editor earlier.
464
+ * Brasilian Portuguese translation is updated.
465
+
466
+ = 3.10 =
467
+ * 04.02.2013
468
+ * You can assign to user multiple roles simultaneously. Use user level roles and capabilities editor for that. You can click 'Capabilities' link under selected user row at users list or 'Assign Roles and Additional Capabilities' link at user profile.
469
+ * Critical bug fix: hidden deprecated WordPress core capabilities had turned on after any update made to the role. Deprecated capabilities are not currently in use by WordPress itself. But old plugins or themes could still use them. If you use some outdated code I recommend you to check all roles, you modified with User Role Editor, and turn off unneeded deprecated capabilities there.
470
+ * User with Administrator role is secured better from editing, deletion by user with lower capabilities.
471
+
472
+ = 3.9 =
473
+ * 07.01.2013
474
+ * Compatibility with bbPress 2.2 new user roles model is provided. More details about the reason of such update at http://shinephp.com/bbpress-user-role-editor-conflict-fix/
475
+ * "Reset" button works differently now. It restores WordPress roles data to its 1st, default state, exactly that, what WordPress has just after fresh install/latest version update. Be careful with it, make database backup copy before fulfill this operation. Some plugin could require reactivation to function properly after roles reset.
476
+ * Arabic translation is added. Thanks to [Yaser](http://www.englize.com/)
477
+ * Slovak translation is added. Thanks to Branco.
478
+
479
+ = 3.8.3 =
480
+ * 14.12.2012
481
+ * Compatibility issue with WordPress 3.5 was found (thanks to Sonja) and fixed: $wpdb->prepare() was called without 2nd $args parameter - removed.
482
+
483
+ = 3.8.2 =
484
+ * 02.12.2012
485
+ * load_plugin_textdomain() call moved to the 'plugins_loaded' hook for higher compatibility with translation plugins.
486
+ * Traditional Chinese translation is added. Thanks to Jingxin Lai.
487
+
488
+ = 3.8.1 =
489
+ * 21.10.2012
490
+ * Fix: URE taked roles names from the database directly and ignored changes made to roles names on the fly by other plugins or themes, names, which were cached by WordPress internally, but were not written to the database. URE uses WordPress internal cache now.
491
+ * Roles names translation update: if URE translation file doesn't exist for blog default language, URE uses WordPress internal translation now.
492
+ * Serbian translation is added. Thanks to [Diana](http://wpcouponshop.com).
493
+
494
+ = 3.8 =
495
+ * 01.09.2012
496
+ * Bug fix: Some times URE didn't show real changes it made to the database. The reason was that direct update of database did not invalidate data stored at WordPress cache. Special thanks to [Knut Sparhell](http://sparhell.no/knut/) for the help to detect this critical issue.
497
+ * WordPress core capabilities are shown separately from capabilities added by plugins and manually.
498
+ * If you configured URE to show you 'Administrator' role, you will see its capabilities, but you can not exclude any capability from it. I may just add capabilities to the Administrator role now. The reason - Administrator role should have all existing capabilities included.
499
+ * Brasilian Portuguese translation is updated. Thanks to [Onbiz](http://www.onbiz.com.br/).
500
+
501
+ = 3.7.5 =
502
+ * 11.08.2012
503
+ * Minor fix of German language translation file. One string translation was the reason of URE empty screen. Just replace your German language translation files in the ./lang directory with files from this package.
504
+
505
+ = 3.7.5 =
506
+ * 29.07.2012
507
+ * Polish translation is updated. Thanks to Bartosz.
508
+ * "User Role Editor" menu item could be shown in translated form now. Do not lose it - it is on the same place at the "Users" submenu.
509
+
510
+ = 3.7.4 =
511
+ * 26.07.2012
512
+ * Persian translation is updated. Thanks to Amir Khalilnejad.
513
+
514
+ = 3.7.3 =
515
+ * 25.07.2012
516
+ * German translation is updated. Thanks to Piter.
517
+
518
+ = 3.7.2 =
519
+ * 20.07.2012
520
+ * SQL-injection vulnerability was found and fixed. Thanks to DDave for reporting it, look this [thread](http://shinephp.com/community/topic/little-bug-in-ure_has_administrator_role#post-819) for the details.
521
+
522
+ = 3.7.1 =
523
+ * 25.06.2012
524
+ * Bug fix for "Fatal error: Call to a member function get_role() on a non-object in .../wp-content/plugins/user-role-editor/user-role-editor.php on line 185"
525
+
526
+ = 3.7 =
527
+ * 23.06.2012
528
+ * 'Select All', 'Unselect All', 'Inverse' buttons were added to the from for more convenient capabilities management while role editing.
529
+ * Role and capability name could be started from digit, and underscore '_' character. Hyphen '-' character could be included into such name too.
530
+ * Old versions used 'edit_users' capability to check if show/hide 'User Role Editor' menu item under 'Users' menu. Starting from version 3.7 'administrator' role is checked. Existed inconsistency, when non-admin user with 'edit_users' capability saws 'User Role Editor' menu, but got 'Only Administrator is allowed to use User Role Editor' error message, was removed.
531
+ * Bug fix: if you work with WordPress admin via https, URE will use https instead of http, as it made in older versions.
532
+
533
+ = 3.6.2 =
534
+ * 23.05.2012
535
+ * Hindi translation is added. Thanks to Love Chandel.
536
+
537
+ = 3.6.1 =
538
+ * 07.05.2012
539
+ * Italian translation is updated. Thanks to Tristano Ajmone.
540
+
541
+ = 3.6 =
542
+ * 30.04.2012
543
+ * CSS and page layout fix for compatibility with WordPress 3.4.
544
+ * WordPress multi-site: when new blog created default role setting is copied for it from the main blog default role value now.
545
+ * Minor translations files update, e.g Russian roles names in plugin are identical to those WordPress uses itself now, etc.
546
+
547
+ = 3.5.4 =
548
+ * 4.04.2012
549
+ * Lithuanian translation is added, thanks to Vincent G.
550
+ * Spanish translation is updated, thanks to Victor Ricardo Díaz.
551
+
552
+ = 3.5.3 =
553
+ * 24.03.2012
554
+ * French translation is updated, thanks to Presse et Multimedia.
555
+ * Hebrew translation is updated, thanks to Aryo Digital.
556
+ * Persian translation is updated, thanks to Parsa.
557
+ * Minor CSS fix to provide compatibility with RTL languages.
558
+
559
+ = 3.5.2 =
560
+ * 17.03.2012
561
+ * Turkish translation is updated, thanks to Muhammed YILDIRIM.
562
+ * Dutch translation is updated, thanks to Frank Groeneveld.
563
+
564
+ = 3.5.1 =
565
+ * 24.02.2012
566
+ * Bugs for multi-site WordPress network installation were discovered and fixed: 1) blocked login to admin back-end; 2) empty users list for administrators of single sites; 3) empty authors drop down list at the post editor page.
567
+ * If URE plugin is not enabled for single site administrator, then URE is automatically excluded from plugins list available to that administrator.
568
+
569
+ = 3.5 =
570
+ * 19.02.2012
571
+ * User Role Editor could be available now for single site administrators (Administrator role) under multi-site environment. You should define URE_ENABLE_SIMPLE_ADMIN_FOR_MULTISITE constant in your blog wp-config.php file for that. Insert this line "define('URE_ENABLE_SIMPLE_ADMIN_FOR_MULTISITE', 1);" there, if you decide to give single site admin such opportunity.
572
+ * One of "User Role Editor" users with 1100+ sites in the multi-site network reported that URE doesn't update roles for all sites, but stalls somewhere in the middle. Other network update method is realized as alternative. Due to my tests it works approximately 30 times faster. If you met the same problem, try it. It will be great if you share your experience with me. In order select alternative method of all sites update add this line to you blog wp-config.php file "define('URE_MULTISITE_DIRECT_UPDATE', 1);". But be careful. It's recommended to make 1st try on the backup copy, not on a live site.
573
+ * Persian translation is updated. Thanks to [Parsa](http://parsa.ws).
574
+
575
+ = 3.4 =
576
+ * 21.01.2012
577
+ * You can see/edit "Administrator" role now. Insert this line of code "define('URE_SHOW_ADMIN_ROLE', 1);" into your wp-config.php file and login with administrator account for that.
578
+ If for some reason your Administrator role missed some capabilities added by plugins or themes, you can fix that. But be careful with changing "Administrator" role, do not turn off accidentally some critical capabilities to not block your admin users.
579
+
580
+ = 3.3.3 =
581
+ * 11.01.2012
582
+ * Spanish (Dario) and Swedish (Andréas) translations update.
583
+
584
+ = 3.3.2 =
585
+ * 02.01.2012
586
+ * Enhance server side validation for user input of new role name, minor bug fixes.
587
+
588
+ = 3.3.1 =
589
+ * 12.12.2011
590
+ * Compatibility with Internet Explorer fix: It automatically replaced '&copy' in '&copy_from_user_role' URL parameter inside JavaScript code to copyright sign.So I should use other name for this parameter. Thanks to Michael Wiekenberg for the help with isolating this issue.
591
+
592
+ = 3.3 =
593
+ * 10.12.2011
594
+ * New role can be created as a copy of other existing one.
595
+ * You can hide/show deprecated capabilties (level_1 - level_10).
596
+ * Users with "Administrator" role are not shown to other users with "list_users" capability.
597
+ * Plugin data cleanup is added - plugin options will be automatically deleted if you delete plugin via WordPress link.
598
+ * Some code enhancements are applied, e.g. optimization and using of WordPress API instead of self-written routine.
599
+ * New bugs are added :) - it's a joke of course, but if you find some, please report, I will fix it ASAP.
600
+
601
+ = 3.2.1 =
602
+ * 01.08.2011
603
+ * This is minor bug-fix update. If you didn't meet this bug you can skip this update. "usermeta" table doesn't exist bug appearing on some multi-site blogs is fixed. Read [this post](http://wordpress.org/support/topic/multisite-setup-gives-usermeta-table-error) for more information. Thanks to harpinder for discovering this bug and for the help with testing updated code. "usermeta" Db table name is define by more universal way now.
604
+
605
+ = 3.2 =
606
+ * 25.07.2011
607
+ * If you run multi-site WordPress network, User Role Editor will automatically duplicate all roles from the main blog (blog with mininal ID) to every new created blog.
608
+ * Some fixes, refactoring and logic change were applied to code to enhance its productivity. There were some complaints for PHP timeout error after trying to open plugin Settings page.
609
+ * Thanks to Grant Norwood for code fix to hide PHP warnings he met during plugin usage.
610
+ * Hebrew translation is added. Thanks to Sagive.
611
+ * French translation is updated. Thanks to Whiler.
612
+ * Japan translation is updated. Thanks to Kaz.
613
+ * Spanish translation is updated. Thanks to Dario.
614
+
615
+ = 3.1.1 =
616
+ * 07.07.2011
617
+ * CUSTOM_USER_META_TABLE constant is used now for more compatibility with core WordPress API. Thanks to [Lorenzo Nicoletti](http://www.extera.com)
618
+ * Turkish translation is updated. Thanks to Muhammed YILDIRIM. Other language translators are welcome!
619
+
620
+ = 3.1 =
621
+ * 03.06.2011
622
+ * Add/Remove capability boxes are added to the User Role Editor
623
+ * Capabilities could be assigned directly to the user, additionally to the assigned role
624
+ * PHP4 is not supported by this plugin anymore. Update your site to PHP5 in order to use this plugin and [near to release WordPress 3.2 :)](http://wordpress.org/about/requirements/)
625
+ * Minor compatibility issues with other plugins were fixed
626
+
627
+ = 3.0.4 =
628
+ * 18.04.2011
629
+ * minor update: PHP4 compatibility issue in code was discovered and fixed. PHP5 users could skip it. PHP4 users should think about update to PHP5, as WordPress 3.2 (planned to July 2011) will not provide PHP4 compatibility more.
630
+
631
+ = 3.0.3 =
632
+ * 17.04.2011
633
+ * Capabilities in human readable form are sorted by alphabet (usefull for translated form) now, not by inner capability name.
634
+ * Finnish translation is added.
635
+
636
+ = 3.0.2 =
637
+ * 11.04.2011
638
+ * Swedish translation is added.
639
+ * Alternative Italian translation is added. Rename ure-it_IT_1.* files to ure-it_IT.* if wish to try it.
640
+ * ShinePHP.com RSS feed is excluded from plugin settings page. Use this link http://feeds.feedburner.com/shinephp with your favorite RSS reader if you wish to read it.
641
+
642
+ = 3.0.1 =
643
+ * 27.02.2011
644
+ * Spanish translation is updated. Thanks to [Dario Ferrer](http://www.darioferrer.com). Other language translation wait for update too. You are welcome :).
645
+
646
+ = 3.0 =
647
+ * 06.02.2011
648
+ * Compatibility with WordPress 3.1 Release Candidate 3 and real multi-site feature are provided.
649
+ * Role capabilities list are sorted now in the alphabetical order. Easier to find - easier to manage.
650
+ * Code fix: allows to not lose new custom capability if it is added to other than 'Administrator' role. Thanks to Marcin for the contribution to the code of this plugin.
651
+ * Under multi-site environment:
652
+ * 1) URE has additional option 'Apply to All Sites' which allows you to apply updates to the selected role at all sites of your network. If some site has not such role, it will be added. You should know, that this option works for the role update only. All other actions as 'Add' or 'Delete' role still works for the currently selected blog/site only.
653
+ * 2) URE plugin settings page is available only to user with network superadministrator rights.
654
+
655
+ = 2.2.3 =
656
+ * 08.11.2010
657
+ * It is the security update. Old problem returned after 2.2.2 update and was discovered by saharusa. You can read this [thread](http://wordpress.org/support/topic/plugin-user-role-editor-editor-can-edit-admin).
658
+ Only user with Administrator role and superadmin user under multi-site environment have access to the User Role Editor Settings page now.
659
+
660
+ = 2.2.2 =
661
+ * 07.11.2010
662
+ * URE plugin Settings page was unavailable for some installations in multi-site environment. It is fixed by changing 'add_users' capability for administrator access to the 'edit_users'.
663
+ * Turkish translation is added.
664
+
665
+ = 2.2.1 =
666
+ * 09.10.2010
667
+ * Critical bug "Fatal error: Class 'SimplePie' not found in /" is fixed. This is a required update as URE plugin Settings page did not opened in previous version if you have not some of other my plugins installed :).
668
+
669
+ = 2.2 =
670
+ * 08.10.2010
671
+ * Technical update for WordPress 3.0 full compatibility. Staff deprecated since WordPress v.3.0 is excluded. If you use earlier WordPress versions, do not update URE plugin to v.2.2 or higher.
672
+ * Italian translation update. Thanks to [Alessandro Mariani](http://technodin.org).
673
+
674
+ = 2.1.10 =
675
+ * 21.09.2010
676
+ * German translation is updated. Thanks to [Peter](http://www.red-socks-reinbek.de).
677
+
678
+ = 2.1.9 =
679
+ * 17.09.2010
680
+ * Persian translation is added.
681
+
682
+ = 2.1.8 =
683
+ * 16.08.2010
684
+ * Compatibility issue with other plugins (like Flash Album Gallery), which use capabilities names with spaces inside (non valid JavaScript identifier), is fixed.
685
+ * Missed translation slots are added for some new WordPress 3.0 capabilities. Translators (former and new) are welcome to update correspondent language files.
686
+ * Brasilian Portuguese translation is added.
687
+
688
+ = 2.1.7 =
689
+ * 07.07.2010
690
+ * Chinese translation is added.
691
+
692
+ = 2.1.6 =
693
+ * 06.07.2010
694
+ * Dutch translation is added.
695
+
696
+ = 2.1.5 =
697
+ * 18.06.2010
698
+ * Hungarian translation is added.
699
+
700
+ = 2.1.4 =
701
+ * 08.05.2010
702
+ * Italian translation is added.
703
+ * Minor javascript bug (undefined parameter value was sent to the server) is fixed.
704
+
705
+ = 2.1.3 =
706
+ * 27.04.2010
707
+ * Japanese translation is updated.
708
+
709
+ = 2.1.2 =
710
+ * 26.04.2010
711
+ * Polish translation is added.
712
+
713
+ = 2.1.1 =
714
+ * 19.04.2010
715
+ * Form layout changed slightly to fit more long phrases in other languages
716
+ * Belorussian translation is added. Thanks to [Marsis G.](http://pc.de/).
717
+ * French, Japanese, Russian, Spanish translations are updated.
718
+
719
+ = 2.1 =
720
+ * 17.04.2010
721
+ * Two ways of capabilities names presentation are available for the user choice: standard WordPress name like 'edit_pages' and mouse pointer hint 'Edit pages', and vice versa - human readable form 'Edit pages' with mouse hint for WP standard name 'edit-pages'. Human readable form will be available in translated variant after correspondent translation file will be updated.
722
+ * Form layout changed slightly to fit more long phrases in other languages
723
+ * Russian, Spanish translations are updated.
724
+
725
+ = 2.0.3 =
726
+ * 14.04.2010
727
+ * Japanese translation is added. Thanks to [Technolog.jp](http://technolog.jp/).
728
+
729
+ = 2.0.2 =
730
+ * 11.04.2010
731
+ * German translation is verified and updated. Thanks to [Peter](http://www.red-socks-reinbek.de).
732
+
733
+ = 2.0.1 =
734
+ * 04.04.2010
735
+ * It is the critical update - security issue is fixed. Thanks to [Saharuza](http://wordpress.org/support/profile/2855662) for discover and telling me about it.
736
+ User with 'edit_users' permission could still use URL request with special parameters to remove Administrator role from Admin user or delete Admin user record. Check [this thread](http://wordpress.org/support/topic/383935) for more details.
737
+
738
+ = 2.0 =
739
+ * 04.04.2010
740
+ * Create New Role feature was added
741
+ * Delete self-made not used role feature was added. You can not delete any WordPress standard role.
742
+ * Change default role for new user feature was added
743
+ * Administator role and users with Administrator role permission were hidden from "Users" and "Edit User" page. This is done in case of delegation of add_user, edit_user or delete_user capabilities to some role.
744
+
745
+ = 1.2 =
746
+ * 28.03.2010
747
+ * User Role Editor plugin menu item is moved to the Users menu
748
+ * Roles in the dropdown list are translated
749
+ * French translation is added
750
+
751
+ = 1.1 =
752
+ * 24.03.2010
753
+ * Critical bug is fixed. If you click 'Reset' button before any changes to the role data saved (that is click Update button) at least one time, you met with all roles data lost problem. Backup data created automatically before the 1st role data update. If no update - no backup. Special checking for that was added.
754
+ * German translation is added.
755
+ * Spanish translation is added.
756
+
757
+ = 1.0 =
758
+ * 22.03.2010
759
+ * 1st release.
includes/classes/capabilities-groups-manager.php CHANGED
@@ -33,7 +33,7 @@ class URE_Capabilities_Groups_Manager {
33
 
34
  $this->lib = URE_Lib::get_instance();
35
  $this->_get_built_in_wp_caps();
36
- $this->_get_all_custom_post_types_capabilities();
37
 
38
  }
39
  // end of __construct()
@@ -269,28 +269,53 @@ class URE_Capabilities_Groups_Manager {
269
  } else {
270
  continue;
271
  }
272
-
273
- if (!isset($this->cpt_caps[$cap])) {
274
- $this->cpt_caps[$cap] = array('custom', 'custom_post_types');
275
  }
276
- $this->cpt_caps[$cap][] = $post_type->name;
 
 
 
 
 
277
  }
278
  }
279
  // end of get_registered_cpt_caps()
 
 
 
 
 
 
 
 
 
 
 
 
 
280
 
281
 
282
- private function get_custom_post_type_capabilities($post_type, $post_edit_caps) {
283
  $pt_without_caps = $this->get_post_types_without_caps();
284
- if (!in_array($post_type->name, $pt_without_caps)) {
285
- $this->get_registered_cpt_caps($post_type, $post_edit_caps);
286
  }
 
 
 
 
 
 
 
 
287
  }
288
- // end of get_custom_post_type_capabilities()
289
 
290
 
291
- private function _get_all_custom_post_types_capabilities() {
292
 
293
- $post_edit_caps = $this->lib->get_edit_post_capabilities();
294
  $post_types = get_post_types(array(), 'objects');
295
  $_post_types = $this->lib->_get_post_types();
296
  $built_in_pt = array('post', 'page');
@@ -308,7 +333,7 @@ class URE_Capabilities_Groups_Manager {
308
  if (!isset($post_type->cap)) {
309
  continue;
310
  }
311
- $this->get_custom_post_type_capabilities($post_type, $post_edit_caps);
312
  }
313
 
314
  return $this->cpt_caps;
@@ -350,10 +375,10 @@ class URE_Capabilities_Groups_Manager {
350
  public function get_cap_groups($cap_id, $built_in_wp_caps=null) {
351
 
352
  if (isset($this->built_in_wp_caps[$cap_id])) {
353
- $groups = $built_in_wp_caps[$cap_id];
354
  } else {
355
  $groups = $this->get_groups_for_custom_cap($cap_id);
356
- }
357
  $groups = apply_filters('ure_custom_capability_groups', $groups, $cap_id);
358
  $groups[] = 'all'; // Every capability belongs to the 'all' group
359
  $groups = array_unique($groups);
33
 
34
  $this->lib = URE_Lib::get_instance();
35
  $this->_get_built_in_wp_caps();
36
+ $this->_get_all_custom_post_types_caps();
37
 
38
  }
39
  // end of __construct()
269
  } else {
270
  continue;
271
  }
272
+ if (isset($this->cpt_caps[$cap])) {
273
+ continue;
 
274
  }
275
+ $this->cpt_caps[$cap] = array();
276
+ if (!isset($this->built_in_wp_caps[$cap])) {
277
+ $this->cpt_caps[$cap][] = 'custom';
278
+ }
279
+ $this->cpt_caps[$cap][] = 'custom_post_types';
280
+ $this->cpt_caps[$cap][] = $post_type->name;
281
  }
282
  }
283
  // end of get_registered_cpt_caps()
284
+
285
+
286
+ private function add_group_to_edit_post_cap($post_type, $post_edit_caps) {
287
+
288
+ foreach($post_edit_caps as $cap_id) {
289
+ $this->built_in_wp_caps[$cap_id][] = $post_type->name;
290
+ if (!in_array('custom_post_types', $this->built_in_wp_caps[$cap_id])) {
291
+ $this->built_in_wp_caps[$cap_id][] = 'custom_post_types';
292
+ }
293
+ }
294
+
295
+ }
296
+ // end of add_group_to_edit_post_cap()
297
 
298
 
299
+ private function get_custom_post_type_caps($post_type, $post_edit_caps) {
300
  $pt_without_caps = $this->get_post_types_without_caps();
301
+ if (in_array($post_type->name, $pt_without_caps)) {
302
+ return;
303
  }
304
+
305
+ // take into account custom post types, which uses built-in post or page capabilities
306
+ if (in_array($post_type->capability_type, array('post', 'page'))) {
307
+ $this->add_group_to_edit_post_cap($post_type, $post_edit_caps);
308
+ return;
309
+ }
310
+
311
+ $this->get_registered_cpt_caps($post_type, $post_edit_caps);
312
  }
313
+ // end of get_custom_post_type_caps()
314
 
315
 
316
+ private function _get_all_custom_post_types_caps() {
317
 
318
+ $post_edit_caps = $this->lib->get_edit_post_capabilities();
319
  $post_types = get_post_types(array(), 'objects');
320
  $_post_types = $this->lib->_get_post_types();
321
  $built_in_pt = array('post', 'page');
333
  if (!isset($post_type->cap)) {
334
  continue;
335
  }
336
+ $this->get_custom_post_type_caps($post_type, $post_edit_caps);
337
  }
338
 
339
  return $this->cpt_caps;
375
  public function get_cap_groups($cap_id, $built_in_wp_caps=null) {
376
 
377
  if (isset($this->built_in_wp_caps[$cap_id])) {
378
+ $groups = $built_in_wp_caps[$cap_id];
379
  } else {
380
  $groups = $this->get_groups_for_custom_cap($cap_id);
381
+ }
382
  $groups = apply_filters('ure_custom_capability_groups', $groups, $cap_id);
383
  $groups[] = 'all'; // Every capability belongs to the 'all' group
384
  $groups = array_unique($groups);
includes/classes/capability.php CHANGED
@@ -28,15 +28,31 @@ class URE_Capability {
28
 
29
 
30
  // sanitize user input for security
 
31
  public static function validate($cap_id_raw) {
32
  $match = array();
33
  $found = preg_match('/[A-Za-z0-9_\-]*/', $cap_id_raw, $match);
34
- if ( !$found || ($found && ($match[0]!=$cap_id_raw)) ) { // some non-alphanumeric charactes found!
35
- $result = false;
36
- } else {
37
- $result = true;
 
 
 
 
 
 
 
 
 
 
 
38
  }
39
- $data = array('result'=>$result, 'cap_id'=>strtolower($match[0]));
 
 
 
 
40
 
41
  return $data;
42
  }
@@ -63,7 +79,7 @@ class URE_Capability {
63
 
64
  $data = self::validate($_POST['capability_id']);
65
  if (!$data['result']) {
66
- return esc_html__('Error: Capability name must contain latin characters and digits only!', 'user-role-editor');
67
  }
68
 
69
  $cap_id = $data['cap_id'];
@@ -75,7 +91,7 @@ class URE_Capability {
75
  $admin_role = $lib->get_admin_role();
76
  $wp_roles->use_db = true;
77
  $wp_roles->add_cap($admin_role, $cap_id);
78
- $mess = sprintf(esc_html__('Capability %s is added successfully', 'user-role-editor'), $cap_id);
79
  } else {
80
  $mess = sprintf(esc_html__('Capability %s exists already', 'user-role-editor'), $cap_id);
81
  }
28
 
29
 
30
  // sanitize user input for security
31
+ // do not allow to use internally used capabilities
32
  public static function validate($cap_id_raw) {
33
  $match = array();
34
  $found = preg_match('/[A-Za-z0-9_\-]*/', $cap_id_raw, $match);
35
+ if (!$found || ($found && ($match[0]!=$cap_id_raw))) { // some non-alphanumeric charactes found!
36
+ $data = array(
37
+ 'result'=>false,
38
+ 'message'=>esc_html__('Error: Capability name must contain latin characters and digits only!', 'user-role-editor'),
39
+ 'cap_id'=>'');
40
+ return $data;
41
+ }
42
+
43
+ $cap_id = strtolower($match[0]);
44
+ if ($cap_id=='do_not_allow') {
45
+ $data = array(
46
+ 'result'=>false,
47
+ 'message'=>esc_html__('Error: this capability is used internally by WordPress', 'user-role-editor'),
48
+ 'cap_id'=>'do_not_allow');
49
+ return $data;
50
  }
51
+
52
+ $data = array(
53
+ 'result'=>true,
54
+ 'message'=>'Success',
55
+ 'cap_id'=>$cap_id);
56
 
57
  return $data;
58
  }
79
 
80
  $data = self::validate($_POST['capability_id']);
81
  if (!$data['result']) {
82
+ return $data['message'];
83
  }
84
 
85
  $cap_id = $data['cap_id'];
91
  $admin_role = $lib->get_admin_role();
92
  $wp_roles->use_db = true;
93
  $wp_roles->add_cap($admin_role, $cap_id);
94
+ $mess = sprintf(esc_html__('Capability %s was added successfully', 'user-role-editor'), $cap_id);
95
  } else {
96
  $mess = sprintf(esc_html__('Capability %s exists already', 'user-role-editor'), $cap_id);
97
  }
includes/classes/protect-admin.php CHANGED
@@ -181,12 +181,41 @@ class URE_Protect_Admin {
181
  // end of exclude_administrators()
182
 
183
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
184
  /*
185
  * Exclude view of users with Administrator role
186
  *
187
  */
188
  public function exclude_admins_view($views) {
189
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
190
  unset($views['administrator']);
191
 
192
  return $views;
181
  // end of exclude_administrators()
182
 
183
 
184
+
185
+ private function extract_view_quantity($text) {
186
+ $match = array();
187
+ $result = preg_match('#\((.*?)\)#', $text, $match);
188
+ if ($result) {
189
+ $quantity = $match[1];
190
+ } else {
191
+ $quantity = 0;
192
+ }
193
+
194
+ return $quantity;
195
+ }
196
+ // end of extract_view_quantity()
197
+
198
+
199
  /*
200
  * Exclude view of users with Administrator role
201
  *
202
  */
203
  public function exclude_admins_view($views) {
204
 
205
+ if (!isset($views['administrator'])) {
206
+ return $views;
207
+ }
208
+
209
+ if (isset($views['all'])) {
210
+ // Decrease quant of all users to the quant of hidden admins
211
+ $admins_orig = $this->extract_view_quantity($views['administrator']);
212
+ $admins_int = str_replace(',', '', $admins_orig);
213
+ $all_orig = $this->extract_view_quantity($views['all']);
214
+ $all_orig_int = str_replace(',', '', $all_orig);
215
+ $all_new = $all_orig_int - $admins_int;
216
+ $views['all'] = str_replace($all_orig, $all_new, $views['all']);
217
+ }
218
+
219
  unset($views['administrator']);
220
 
221
  return $views;
includes/classes/ure-lib.php CHANGED
@@ -445,7 +445,7 @@ class URE_Lib extends URE_Base_Lib {
445
  } else {
446
  $value = get_site_transient('ure_caps_columns_quant');
447
  if ($value===false) {
448
- $value = 1;
449
  }
450
  }
451
 
445
  } else {
446
  $value = get_site_transient('ure_caps_columns_quant');
447
  if ($value===false) {
448
+ $value = $this->get_option('caps_columns_quant', 1);
449
  }
450
  }
451
 
includes/classes/user-other-roles.php CHANGED
@@ -78,7 +78,7 @@ class URE_User_Other_Roles {
78
  wp_enqueue_script('jquery-ui-dialog', '', array('jquery-ui-core', 'jquery-ui-button', 'jquery'));
79
  wp_register_script('ure-jquery-multiple-select', plugins_url('/js/jquery.multiple.select.js', URE_PLUGIN_FULL_PATH));
80
  wp_enqueue_script('ure-jquery-multiple-select');
81
- wp_register_script('ure-user-profile-other-roles', plugins_url('/js/ure-user-profile-other-roles.js', URE_PLUGIN_FULL_PATH));
82
  wp_enqueue_script('ure-user-profile-other-roles');
83
  wp_localize_script('ure-user-profile-other-roles', 'ure_data_user_profile_other_roles', array(
84
  'wp_nonce' => wp_create_nonce('user-role-editor'),
78
  wp_enqueue_script('jquery-ui-dialog', '', array('jquery-ui-core', 'jquery-ui-button', 'jquery'));
79
  wp_register_script('ure-jquery-multiple-select', plugins_url('/js/jquery.multiple.select.js', URE_PLUGIN_FULL_PATH));
80
  wp_enqueue_script('ure-jquery-multiple-select');
81
+ wp_register_script('ure-user-profile-other-roles', plugins_url('/js/user-profile-other-roles.js', URE_PLUGIN_FULL_PATH));
82
  wp_enqueue_script('ure-user-profile-other-roles');
83
  wp_localize_script('ure-user-profile-other-roles', 'ure_data_user_profile_other_roles', array(
84
  'wp_nonce' => wp_create_nonce('user-role-editor'),
includes/classes/user-role-editor.php CHANGED
@@ -277,9 +277,9 @@ class User_Role_Editor {
277
  }
278
 
279
  wp_enqueue_script('jquery-ui-dialog', '', array('jquery-ui-core','jquery-ui-button', 'jquery') );
280
- wp_register_script( 'ure-users-js', plugins_url( '/js/ure-users.js', URE_PLUGIN_FULL_PATH ) );
281
- wp_enqueue_script ( 'ure-users-js' );
282
- wp_localize_script( 'ure-users-js', 'ure_users_data', array(
283
  'wp_nonce' => wp_create_nonce('user-role-editor'),
284
  'move_from_no_role_title' => esc_html__('Change role for users without role', 'user-role-editor'),
285
  'to' => esc_html__('To:', 'user-role-editor'),
@@ -646,7 +646,10 @@ class User_Role_Editor {
646
  $this->lib->put_option('ure_confirm_role_update', $confirm_role_update);
647
 
648
  $edit_user_caps = $this->lib->get_request_var('edit_user_caps', 'checkbox');
649
- $this->lib->put_option('edit_user_caps', $edit_user_caps);
 
 
 
650
 
651
  do_action('ure_settings_update1');
652
 
@@ -764,6 +767,7 @@ class User_Role_Editor {
764
  $show_deprecated_caps = $this->lib->get_option('ure_show_deprecated_caps', 0);
765
  $confirm_role_update = $this->lib->get_option('ure_confirm_role_update', 1);
766
  $edit_user_caps = $this->lib->get_option('edit_user_caps', 1);
 
767
  $multisite = $this->lib->get('multisite');
768
  if ($multisite) {
769
  $allow_edit_users_to_not_super_admin = $this->lib->get_option('allow_edit_users_to_not_super_admin', 0);
@@ -848,9 +852,9 @@ class User_Role_Editor {
848
 
849
  wp_enqueue_script('jquery-ui-dialog', '', array('jquery-ui-core', 'jquery-ui-button', 'jquery'));
850
  wp_enqueue_script('jquery-ui-selectable', '', array('jquery-ui-core', 'jquery'));
851
- wp_register_script('ure-js', plugins_url('/js/ure-js.js', URE_PLUGIN_FULL_PATH));
852
- wp_enqueue_script('ure-js');
853
- wp_localize_script('ure-js', 'ure_data', array(
854
  'wp_nonce' => wp_create_nonce('user-role-editor'),
855
  'network_admin' => is_network_admin() ? 1 : 0,
856
  'page_url' => $page_url,
277
  }
278
 
279
  wp_enqueue_script('jquery-ui-dialog', '', array('jquery-ui-core','jquery-ui-button', 'jquery') );
280
+ wp_register_script( 'ure-users', plugins_url( '/js/users.js', URE_PLUGIN_FULL_PATH ) );
281
+ wp_enqueue_script ( 'ure-users' );
282
+ wp_localize_script( 'ure-users', 'ure_users_data', array(
283
  'wp_nonce' => wp_create_nonce('user-role-editor'),
284
  'move_from_no_role_title' => esc_html__('Change role for users without role', 'user-role-editor'),
285
  'to' => esc_html__('To:', 'user-role-editor'),
646
  $this->lib->put_option('ure_confirm_role_update', $confirm_role_update);
647
 
648
  $edit_user_caps = $this->lib->get_request_var('edit_user_caps', 'checkbox');
649
+ $this->lib->put_option('edit_user_caps', $edit_user_caps);
650
+
651
+ $caps_columns_quant = $this->lib->get_request_var('caps_columns_quant', 'checkbox');
652
+ $this->lib->put_option('caps_columns_quant', $caps_columns_quant);
653
 
654
  do_action('ure_settings_update1');
655
 
767
  $show_deprecated_caps = $this->lib->get_option('ure_show_deprecated_caps', 0);
768
  $confirm_role_update = $this->lib->get_option('ure_confirm_role_update', 1);
769
  $edit_user_caps = $this->lib->get_option('edit_user_caps', 1);
770
+ $caps_columns_quant = $this->lib->get_option('caps_columns_quant', 1);
771
  $multisite = $this->lib->get('multisite');
772
  if ($multisite) {
773
  $allow_edit_users_to_not_super_admin = $this->lib->get_option('allow_edit_users_to_not_super_admin', 0);
852
 
853
  wp_enqueue_script('jquery-ui-dialog', '', array('jquery-ui-core', 'jquery-ui-button', 'jquery'));
854
  wp_enqueue_script('jquery-ui-selectable', '', array('jquery-ui-core', 'jquery'));
855
+ wp_register_script('ure', plugins_url('/js/ure.js', URE_PLUGIN_FULL_PATH));
856
+ wp_enqueue_script('ure');
857
+ wp_localize_script('ure', 'ure_data', array(
858
  'wp_nonce' => wp_create_nonce('user-role-editor'),
859
  'network_admin' => is_network_admin() ? 1 : 0,
860
  'page_url' => $page_url,
includes/classes/woocommerce-capabilities.php CHANGED
@@ -34,8 +34,8 @@ class URE_Woocommerce_Capabilities {
34
  private static function add_base_caps(&$caps, $group, $subgroup, $cap_type) {
35
 
36
  $cap_types = $cap_type .'s';
37
- $caps['edit_'. $cap_type] = array('custom', $group, $subgroup, $cap_type);
38
- $caps['read_'. $cap_type] = array('custom', $group, $subgroup, $cap_type);
39
  $caps['delete_'. $cap_type] = array('custom', $group, $subgroup, $cap_type);
40
  $caps['edit_'. $cap_types] = array('custom', $group, $subgroup, $cap_type);
41
  $caps['edit_others_'. $cap_types] = array('custom', $group, $subgroup, $cap_type);
@@ -49,7 +49,8 @@ class URE_Woocommerce_Capabilities {
49
  $caps['edit_published_'. $cap_types] = array('custom', $group, $subgroup, $cap_type);
50
 
51
  }
52
- // end of add_caps()
 
53
 
54
  /**
55
  * Returns full list of WooCommerce plugin user capabilities
@@ -101,7 +102,7 @@ class URE_Woocommerce_Capabilities {
101
 
102
  /**
103
  * This custom post types use capabilities from the other custom post types
104
- * So we should define capabilities set for theme manually
105
  * @return array()
106
  */
107
  public static function get_post_types_without_caps() {
34
  private static function add_base_caps(&$caps, $group, $subgroup, $cap_type) {
35
 
36
  $cap_types = $cap_type .'s';
37
+ $caps['edit_'. $cap_type] = array('custom', 'custom_post_types', $group, $subgroup, $cap_type);
38
+ $caps['read_'. $cap_type] = array('custom', 'custom_post_types', $group, $subgroup, $cap_type);
39
  $caps['delete_'. $cap_type] = array('custom', $group, $subgroup, $cap_type);
40
  $caps['edit_'. $cap_types] = array('custom', $group, $subgroup, $cap_type);
41
  $caps['edit_others_'. $cap_types] = array('custom', $group, $subgroup, $cap_type);
49
  $caps['edit_published_'. $cap_types] = array('custom', $group, $subgroup, $cap_type);
50
 
51
  }
52
+ // end of add_base_caps()
53
+
54
 
55
  /**
56
  * Returns full list of WooCommerce plugin user capabilities
102
 
103
  /**
104
  * This custom post types use capabilities from the other custom post types
105
+ * So we should define capabilities set for them manually
106
  * @return array()
107
  */
108
  public static function get_post_types_without_caps() {
includes/settings-template.php CHANGED
@@ -96,6 +96,19 @@ if (!$license_key_only) {
96
  <td>
97
  </td>
98
  </tr>
 
 
 
 
 
 
 
 
 
 
 
 
 
99
 
100
  <?php
101
  }
96
  <td>
97
  </td>
98
  </tr>
99
+ <tr>
100
+ <td>
101
+ <?php esc_html_e('Show capabilities in', 'user-role-editor'); ?>&nbsp;
102
+ <select name="caps_columns_quant" id="caps_columns_quant">
103
+ <option value="1" <?php selected(1, $caps_columns_quant);?> >1</option>
104
+ <option value="2" <?php selected(2, $caps_columns_quant);?> >2</option>
105
+ <option value="3" <?php selected(3, $caps_columns_quant);?> >3</option>
106
+ </select>
107
+ <?php esc_html_e('columns', 'user-role-editor'); ?>
108
+ </td>
109
+ <td>
110
+ </td>
111
+ </tr>
112
 
113
  <?php
114
  }
js/{ure-js.js → ure.js} RENAMED
File without changes
js/{ure-user-profile-other-roles.js → user-profile-other-roles.js} RENAMED
File without changes
js/{ure-users.js → users.js} RENAMED
File without changes
license.txt CHANGED
@@ -1,6 +1,6 @@
1
  User Role Editor WordPress plugin
2
 
3
- Copyright 2009-2017 by Vladimir Garagulya - vladimir@shinephp.com
4
 
5
  This program is free software; you can redistribute it and/or modify
6
  it under the terms of the GNU General Public License as published by
1
  User Role Editor WordPress plugin
2
 
3
+ Copyright 2009-2017 by Vladimir Garagulia - support@role-editor.com
4
 
5
  This program is free software; you can redistribute it and/or modify
6
  it under the terms of the GNU General Public License as published by
readme.txt CHANGED
@@ -3,8 +3,8 @@ Contributors: shinephp
3
  Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=vladimir%40shinephp%2ecom&lc=RU&item_name=ShinePHP%2ecom&item_number=User%20Role%20Editor%20WordPress%20plugin&currency_code=USD&bn=PP%2dDonationsBF%3abtn_donateCC_LG%2egif%3aNonHosted
4
  Tags: user, role, editor, security, access, permission, capability
5
  Requires at least: 4.0
6
- Tested up to: 4.8.2
7
- Stable tag: 4.36.1
8
  License: GPLv2 or later
9
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
10
 
@@ -79,6 +79,12 @@ https://translate.wordpress.org/projects/wp-plugins/user-role-editor/
79
 
80
  == Changelog =
81
 
 
 
 
 
 
 
82
  = [4.36.1] 02.10.2017 =
83
  * Update: Direct access to the global $current_user variable was excluded. Current user data is initialized via WordPress core functions wp_get_current_user() or get_current_user_id().
84
 
@@ -146,80 +152,7 @@ https://translate.wordpress.org/projects/wp-plugins/user-role-editor/
146
  * Fix: WP transients get/set were removed from URE_Own_Capabilities class. It leaded to the MySQL deadlock in some cases.
147
  * Update: Base_Lib::get_request_var() sanitizes user input by PHP's filter_var() in addition to WordPress core's esc_attr().
148
 
149
- = [4.31] 14.12.2016 =
150
- * New: It's possible to remove unused user capabilities by list.
151
- * Fix: There was no support for installations with the hidden/changed URL to wp-admin. URE uses 'admin_url()' now to get and check admin URL, instead of direct comparing URL with 'wp-admin' string.
152
- * Fix: Deprecated capabilities were shown in some cases at the 'Core' group even with "Show deprecated capabilities" mode switched off.
153
- * Update: Capability groups CSS classes are prefixed with 'ure-' in order to minimize possible CSS conflicts with other plugins/themes which may load styles with the same classes globally and break URE's markup.
154
-
155
- = [4.30] 01.12.2016 =
156
- * Update: compatible with WordPress 4.7
157
- * New: "Granted Only" checkbox to the right from the "Quick Filter" input control allows to show only granted capabilities for the selected role or user.
158
-
159
- = [4.29] 10.11.2016 =
160
- * New: User Role Editor own user capabilities are grouped separately under Custom capabilities.
161
- * Update: URE_Lib::is_super_admin() uses WordPress core is_super_admin() for multisite setup only. Superadmin is a user with 'administrator' role in the case of single site WordPress installation.
162
- This is the difference with the WordPress core which counts as a superadmin (for single site WP installation) any user with a 'delete_users' capability.
163
- * Update: BaseLib::option_selected() calls were replaced with the calls of a similar selected() function from WordPress core.
164
-
165
- = [4.28] 20.10.2016 =
166
- * New: WooCommerce plugin user capabilities (if exist) are grouped separately under Custom capabilities.
167
- * Update: Temporally raised permissions flag is taken into account when checking, if user has a superadmin privileges. WordPress is_super_admin() function was replaced with custom wrapper to define if current user is a real superadmin or just a local admin with the temporally raised (add/edit users pages) permissions.
168
-
169
- = [4.27.2] 15.09.2016 =
170
- * Update: There was a conflict with plugins which use a '|' character at the custom user capabilities: e.g. 'Nginx Helper | Config' from "Nginx Helper' plugin.
171
- * Fix: PHP notice was removed: Undefined property: URE_Role_View::$multisite in wp-content/plugins/user-role-editor/includes/classes/view.php on line 143
172
- * Fix: WordPress multisite: Settings link under the URE plugin at the plugins list leads to the network admin now, not to the the single site settings page, which does not exist.
173
- * Fix: WordPress multisite: conflict with "Visual Composer" plugin was resolved: single site administrators could now use Visual Composer editor.
174
- * Fix: WordPress multisite: changed role name was not replicated to other sites when user clicked "Update" with "Apply to All Sites" option turned ON.
175
-
176
- = [4.27.1] 22.08.2016 =
177
- * Update: There was a conflict with plugins which use a '/' character at the custom user capabilities: e.g. vc_access_rules_backend_editor/disabled_ce_editor from Visual Composer.
178
- * Update: add/delete, escape, validate user capability code extracted from URE_Lib to the separate URE_Capability class
179
-
180
- = [4.27] 18.08.2016 =
181
- * New: Total/Granted counters were added to the capabilities groups titles.
182
- * New: "Columns" drop-down menu allows to change capabilities section layout to 1, 2 or 3 columns.
183
- * New: Capabilities section is limited in height and has independent scrollbar.
184
- * Update: User Role Editor page markup was updated to use more available space on page.
185
- * Update: URE_Ajax_Processor class allows to differentiate required user permissions according to action submitted by user.
186
- * Fix: CSS updated to exclude text overlapping at capabilities groups section when custom post type name is not fitted into 1 line.
187
- * Fix: required JavaScript files were not loaded at "Network Admin->Settings->User Role Editor" page.
188
-
189
- = [4.26.3] 25.07.2016 =
190
- * Fix: Selecting a sub-group/list of caps does make the ure_select_all_caps checkbox select all within that group, but checking that box when at the "All" top-level group did not work.
191
- * Fix: Notice: Undefined property: URE_Role_View::$apply_to_all
192
-
193
- = [4.26.1] 14.07.2016 =
194
- * Fix: some bugs, like 'undefined property' notices, etc.
195
-
196
- = [4.26] 14.07.2016 =
197
- * New: User capabilities were groupd by functionality for more convenience.
198
- * Update: URE_KEY_CAPABILITY constant was changed from 'ure_edit_roles' to 'ure_manage_options'. To make possible for non-admin users access to the User Role Editor without access to the 'administrator' role and users with 'administrator' role.
199
- * Update: User receives full access to User Role Editor under WordPress multisite if he has 'manage_network_plugins' capability instead of 'manager_network_users' as earlier. This allows to give user ability to edit network users without giving him access to the User Role Editor.
200
- * Update: Multisite: use WordPress's global $current_site->blog_id to define main blog ID instead of selecting the 1st one from the sorted list of blogs.
201
- * Update: use WP transients at URE_Lib::_get_post_types() to reduce response time.
202
- * Update: various internal optimizations.
203
-
204
- = [4.25.2] 03.05.2016 =
205
- * Update: Enhanced inner processing of available custom post types list.
206
- * Update: Uses 15 seconds transient cache in order to not count users without role twice when 'restrict_manage_users' action fires.
207
- * Update: URE fires action 'profile_update' after direct update of user permissions in order other plugins may catch such change.
208
- * Update: All URE's PHP classes files renamed and moved to the includes/classes subdirectory
209
-
210
- = [4.25.1] 15.04.2016 =
211
- * Fix: Selected role's capabilities list was returned back to old after click "Update" button. It was showed correctly according to the recent updates just after additional page refresh.
212
- * Update: deprecated function get_current_user_info() call was replaced with wp_get_current_user().
213
-
214
- = [4.25] 02.04.2016 =
215
- * Important security update: Any registered user could get an administrator access. Thanks to [John Muncaster](http://johnmuncaster.com/) for discovering and wisely reporting it.
216
- * URE pages title tag was replaced from h2 to h1, for compatibility with other WordPress pages.
217
- * Fix: "Assign role to the users without role" feature ignored role selected by user.
218
- * Fix: PHP fatal error (line 34) was raised at uninstall.php for WordPress multisite.
219
- * Update: action priority 99 was added for role additional options hook action setup.
220
-
221
-
222
- Click [here](https://www.role-editor.com/changelog)</a> to look at [the full list of changes](https://www.role-editor.com/changelog) of User Role Editor plugin.
223
 
224
 
225
  == Additional Documentation ==
3
  Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=vladimir%40shinephp%2ecom&lc=RU&item_name=ShinePHP%2ecom&item_number=User%20Role%20Editor%20WordPress%20plugin&currency_code=USD&bn=PP%2dDonationsBF%3abtn_donateCC_LG%2egif%3aNonHosted
4
  Tags: user, role, editor, security, access, permission, capability
5
  Requires at least: 4.0
6
+ Tested up to: 4.9
7
+ Stable tag: 4.37
8
  License: GPLv2 or later
9
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
10
 
79
 
80
  == Changelog =
81
 
82
+ = [4.37] 01.11.2017 =
83
+ * New: New option was added to the "Settings->User Role Editor->General" tab. It's possible to set a default value for a quant of columns at capabilities section of the main User Role Editor page.
84
+ * Update: User capabilities are shown for custom post types which use the WordPress built-in 'post' or 'page' capability type. (0/0) was shown earlier instead of the quantity of user capabilities really used.
85
+ * Update: Restriction was added for 'do_not_allow' user capability (used internally by WordPress). You can not add it manually.
86
+ * Fix: URE hides users with 'administrator' role by default from any other user. Quantity of users of 'All' view (tab) at 'Users' page is decreased now for the quantity of hidden administrators.
87
+
88
  = [4.36.1] 02.10.2017 =
89
  * Update: Direct access to the global $current_user variable was excluded. Current user data is initialized via WordPress core functions wp_get_current_user() or get_current_user_id().
90
 
152
  * Fix: WP transients get/set were removed from URE_Own_Capabilities class. It leaded to the MySQL deadlock in some cases.
153
  * Update: Base_Lib::get_request_var() sanitizes user input by PHP's filter_var() in addition to WordPress core's esc_attr().
154
 
155
+ For full list of changes applied to User Role Editor plugin look changelog.txt file.
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
156
 
157
 
158
  == Additional Documentation ==
user-role-editor.php CHANGED
@@ -3,10 +3,10 @@
3
  Plugin Name: User Role Editor
4
  Plugin URI: https://www.role-editor.com
5
  Description: Change/add/delete WordPress user roles and capabilities.
6
- Version: 4.36.1
7
  Author: Vladimir Garagulya
8
  Author URI: https://www.role-editor.com
9
- Text Domain: ure
10
  Domain Path: /lang/
11
  */
12
 
@@ -23,7 +23,7 @@ if (defined('URE_PLUGIN_URL')) {
23
  wp_die('It seems that other version of User Role Editor is active. Please deactivate it before use this version');
24
  }
25
 
26
- define('URE_VERSION', '4.36.1');
27
  define('URE_PLUGIN_URL', plugin_dir_url(__FILE__));
28
  define('URE_PLUGIN_DIR', plugin_dir_path(__FILE__));
29
  define('URE_PLUGIN_BASE_NAME', plugin_basename(__FILE__));
3
  Plugin Name: User Role Editor
4
  Plugin URI: https://www.role-editor.com
5
  Description: Change/add/delete WordPress user roles and capabilities.
6
+ Version: 4.37
7
  Author: Vladimir Garagulya
8
  Author URI: https://www.role-editor.com
9
+ Text Domain: user-role-editor
10
  Domain Path: /lang/
11
  */
12
 
23
  wp_die('It seems that other version of User Role Editor is active. Please deactivate it before use this version');
24
  }
25
 
26
+ define('URE_VERSION', '4.37');
27
  define('URE_PLUGIN_URL', plugin_dir_url(__FILE__));
28
  define('URE_PLUGIN_DIR', plugin_dir_path(__FILE__));
29
  define('URE_PLUGIN_BASE_NAME', plugin_basename(__FILE__));