User Role Editor - Version 4.39

Version Description

Download this release

Release Info

Developer shinephp
Plugin Icon 128x128 User Role Editor
Version 4.39
Comparing to
See all releases

Code changes from version 4.38 to 4.39

Files changed (13) hide show
  1. includes/classes/base-lib.php +57 -13
  2. includes/classes/capabilities-groups-manager.php +1 -4
  3. includes/classes/capability.php +0 -1
  4. includes/classes/grant-roles.php +1 -1
  5. includes/classes/protect-admin.php +12 -11
  6. includes/classes/settings.php +229 -0
  7. includes/classes/ure-lib.php +22 -116
  8. includes/classes/user-role-editor.php +25 -213
  9. includes/loader.php +2 -1
  10. includes/settings-template.php +7 -7
  11. readme.txt +9 -2
  12. uninstall.php +6 -1
  13. user-role-editor.php +2 -2
includes/classes/base-lib.php CHANGED
@@ -91,7 +91,10 @@ class URE_Base_Lib {
91
  global $wpdb;
92
 
93
  $network = get_current_site();
94
- $query = "SELECT blog_id FROM {$wpdb->blogs} WHERE site_id={$network->id} ORDER BY blog_id ASC";
 
 
 
95
  $blog_ids = $wpdb->get_col($query);
96
 
97
  return $blog_ids;
@@ -138,21 +141,32 @@ class URE_Base_Lib {
138
  public function get_request_var($var_name, $request_type = 'request', $var_type = 'string') {
139
 
140
  $result = 0;
141
- if ($request_type == 'get') {
142
- if (isset($_GET[$var_name])) {
143
- $result = filter_var($_GET[$var_name], FILTER_SANITIZE_STRING);
 
 
 
 
144
  }
145
- } else if ($request_type == 'post') {
146
- if (isset($_POST[$var_name])) {
147
- if ($var_type != 'checkbox') {
148
- $result = filter_var($_POST[$var_name], FILTER_SANITIZE_STRING);;
149
- } else {
150
- $result = 1;
 
151
  }
 
152
  }
153
- } else {
154
- if (isset($_REQUEST[$var_name])) {
155
- $result = filter_var($_REQUEST[$var_name], FILTER_SANITIZE_STRING);
 
 
 
 
 
156
  }
157
  }
158
 
@@ -281,6 +295,36 @@ class URE_Base_Lib {
281
  // end of get_short_list_str()
282
 
283
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
284
  /**
285
  * Private clone method to prevent cloning of the instance of the
286
  * *Singleton* instance.
91
  global $wpdb;
92
 
93
  $network = get_current_site();
94
+ $query = $wpdb->prepare(
95
+ "SELECT blog_id FROM {$wpdb->blogs}
96
+ WHERE site_id=%d ORDER BY blog_id ASC",
97
+ array($network->id));
98
  $blog_ids = $wpdb->get_col($query);
99
 
100
  return $blog_ids;
141
  public function get_request_var($var_name, $request_type = 'request', $var_type = 'string') {
142
 
143
  $result = 0;
144
+ $request_type = strtolower($request_type);
145
+ switch ($request_type) {
146
+ case 'get': {
147
+ if (isset($_GET[$var_name])) {
148
+ $result = filter_var($_GET[$var_name], FILTER_SANITIZE_STRING);
149
+ }
150
+ break;
151
  }
152
+ case 'post': {
153
+ if (isset($_POST[$var_name])) {
154
+ if ($var_type!='checkbox') {
155
+ $result = filter_var($_POST[$var_name], FILTER_SANITIZE_STRING);
156
+ } else {
157
+ $result = 1;
158
+ }
159
  }
160
+ break;
161
  }
162
+ case 'request': {
163
+ if (isset($_REQUEST[$var_name])) {
164
+ $result = filter_var($_REQUEST[$var_name], FILTER_SANITIZE_STRING);
165
+ }
166
+ break;
167
+ }
168
+ default: {
169
+ $result = -1; // Wrong request type value, possible mistake in a function call
170
  }
171
  }
172
 
295
  // end of get_short_list_str()
296
 
297
 
298
+ /**
299
+ * Prepare the list of integer or string values for usage in SQL query IN (val1, val2, ... , valN) claster
300
+ * @global wpdb $wpdb
301
+ * @param string $list_type: allowed values 'int', 'string'
302
+ * @param array $list_values: array of integers or strings
303
+ * @return string - comma separated values (CSV)
304
+ */
305
+ public static function esc_sql_in_list($list_type, $list_values) {
306
+ global $wpdb;
307
+
308
+ if (empty($list_values) || !is_array($list_values) || count($list_values)==0) {
309
+ return '';
310
+ }
311
+
312
+ if ($list_type=='int') {
313
+ $placeholder = '%d'; // Integer
314
+ } else {
315
+ $placeholder = '%s'; // String
316
+ }
317
+
318
+ $placeholders = array_fill(0, count($list_values), $placeholder);
319
+ $format_str = implode(',', $placeholders);
320
+
321
+ $result = $wpdb->prepare($format_str, $list_values);
322
+
323
+ return $result;
324
+ }
325
+ // end of esc_sql_in_list()
326
+
327
+
328
  /**
329
  * Private clone method to prevent cloning of the instance of the
330
  * *Singleton* instance.
includes/classes/capabilities-groups-manager.php CHANGED
@@ -225,10 +225,7 @@ class URE_Capabilities_Groups_Manager {
225
  $caps['manage_network_options'] = array('core', 'multisite', 'general');
226
  $caps['upgrade_network'] = array('core', 'multisite', 'general');
227
  }
228
-
229
- $caps['create_posts'] = array('core', 'posts');
230
- $caps['create_pages'] = array('core', 'pages');
231
-
232
  $caps = apply_filters('ure_built_in_wp_caps', $caps);
233
 
234
  $this->built_in_wp_caps = $caps;
225
  $caps['manage_network_options'] = array('core', 'multisite', 'general');
226
  $caps['upgrade_network'] = array('core', 'multisite', 'general');
227
  }
228
+
 
 
 
229
  $caps = apply_filters('ure_built_in_wp_caps', $caps);
230
 
231
  $this->built_in_wp_caps = $caps;
includes/classes/capability.php CHANGED
@@ -166,7 +166,6 @@ class URE_Capability {
166
  /**
167
  * Delete capability
168
  *
169
- * @global wpdb $wpdb
170
  * @global WP_Roles $wp_roles
171
  * @return string - information message
172
  */
166
  /**
167
  * Delete capability
168
  *
 
169
  * @global WP_Roles $wp_roles
170
  * @return string - information message
171
  */
includes/classes/grant-roles.php CHANGED
@@ -201,7 +201,7 @@ class URE_Grant_Roles {
201
  }
202
 
203
  $lib = URE_Lib::get_instance();
204
- $user_id = $lib->get_request_var('user_id', 'post', 'int');
205
  if (empty($user_id)) {
206
  $answer = array('result'=>'error', 'message'=>esc_html__('Wrong request, valid user ID was missed', 'user-role-editor'));
207
  return $answer;
201
  }
202
 
203
  $lib = URE_Lib::get_instance();
204
+ $user_id = (int) $lib->get_request_var('user_id', 'post', 'int');
205
  if (empty($user_id)) {
206
  $answer = array('result'=>'error', 'message'=>esc_html__('Wrong request, valid user ID was missed', 'user-role-editor'));
207
  return $answer;
includes/classes/protect-admin.php CHANGED
@@ -80,11 +80,12 @@ class URE_Protect_Admin {
80
  return false;
81
  }
82
 
83
- $table_name = $this->lib->get_usermeta_table_name();
84
- $meta_key = $wpdb->prefix . 'capabilities';
85
- $query = "SELECT count(*)
86
- FROM $table_name
87
- WHERE user_id=$user_id AND meta_key='$meta_key' AND meta_value like '%administrator%'";
 
88
  $has_admin_role = $wpdb->get_var($query);
89
  if ($has_admin_role > 0) {
90
  $result = true;
@@ -124,7 +125,7 @@ class URE_Protect_Admin {
124
  $user_keys = array('user_id', 'user');
125
  foreach ($user_keys as $user_key) {
126
  $access_deny = false;
127
- $user_id = $this->lib->get_request_var($user_key, 'get');
128
  if (empty($user_id)) { // check the next key
129
  continue;
130
  }
@@ -166,12 +167,12 @@ class URE_Protect_Admin {
166
 
167
  // get user_id of users with 'Administrator' role
168
  $current_user_id = get_current_user_id();
169
- $tableName = $this->lib->get_usermeta_table_name();
170
  $meta_key = $wpdb->prefix . 'capabilities';
171
- $admin_role_key = '%"administrator"%';
172
- $query = "SELECT user_id
173
- FROM $tableName
174
- WHERE user_id!={$current_user_id} AND meta_key='{$meta_key}' AND meta_value like '{$admin_role_key}'";
 
175
  $ids_arr = $wpdb->get_col($query);
176
  if (is_array($ids_arr) && count($ids_arr) > 0) {
177
  $ids = implode(',', $ids_arr);
80
  return false;
81
  }
82
 
83
+ $meta_key = $wpdb->prefix .'capabilities';
84
+ $query = $wpdb->prepare(
85
+ "SELECT count(*)
86
+ FROM {$wpdb->usermeta}
87
+ WHERE user_id=%d AND meta_key=%s AND meta_value like %s",
88
+ array($user_id, $meta_key, '%administrator%'));
89
  $has_admin_role = $wpdb->get_var($query);
90
  if ($has_admin_role > 0) {
91
  $result = true;
125
  $user_keys = array('user_id', 'user');
126
  foreach ($user_keys as $user_key) {
127
  $access_deny = false;
128
+ $user_id = (int) $this->lib->get_request_var($user_key, 'get', 'int');
129
  if (empty($user_id)) { // check the next key
130
  continue;
131
  }
167
 
168
  // get user_id of users with 'Administrator' role
169
  $current_user_id = get_current_user_id();
 
170
  $meta_key = $wpdb->prefix . 'capabilities';
171
+ $query = $wpdb->prepare(
172
+ "SELECT user_id
173
+ FROM {$wpdb->usermeta}
174
+ WHERE user_id!=%d AND meta_key=%s AND meta_value like %s",
175
+ array($current_user_id, $meta_key, '%administrator%'));
176
  $ids_arr = $wpdb->get_col($query);
177
  if (is_array($ids_arr) && count($ids_arr) > 0) {
178
  $ids = implode(',', $ids_arr);
includes/classes/settings.php ADDED
@@ -0,0 +1,229 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+ /**
3
+ * Settings manager
4
+ *
5
+ * Project: User Role Editor WordPress plugin
6
+ *
7
+ * Author: Vladimir Garagulya
8
+ * email: support@role-editor.com
9
+ *
10
+ **/
11
+ class URE_Settings {
12
+
13
+ protected static function get_action() {
14
+
15
+ $action = 'show';
16
+ $update_buttons = array(
17
+ 'ure_settings_update',
18
+ 'ure_addons_settings_update',
19
+ 'ure_settings_ms_update',
20
+ 'ure_default_roles_update',
21
+ 'ure_reset_roles_exec');
22
+ foreach($update_buttons as $update_button) {
23
+ if (!isset($_POST[$update_button])) {
24
+ continue;
25
+ }
26
+ if (!wp_verify_nonce($_POST['_wpnonce'], 'user-role-editor')) {
27
+ wp_die('Security check failed');
28
+ }
29
+ $action = $update_button;
30
+ break;
31
+ }
32
+
33
+ return $action;
34
+
35
+ }
36
+ // end of get_settings_action()
37
+
38
+
39
+ /**
40
+ * Update General Options tab
41
+ */
42
+ protected static function update_general_options() {
43
+
44
+ $lib = URE_Lib::get_instance();
45
+ if (defined('URE_SHOW_ADMIN_ROLE') && (URE_SHOW_ADMIN_ROLE == 1)) {
46
+ $show_admin_role = 1;
47
+ } else {
48
+ $show_admin_role = $lib->get_request_var('show_admin_role', 'post', 'checkbox');
49
+ }
50
+ $lib->put_option('show_admin_role', $show_admin_role);
51
+
52
+ $caps_readable = $lib->get_request_var('caps_readable', 'post', 'checkbox');
53
+ $lib->put_option('ure_caps_readable', $caps_readable);
54
+
55
+ $show_deprecated_caps = $lib->get_request_var('show_deprecated_caps', 'post', 'checkbox');
56
+ $lib->put_option('ure_show_deprecated_caps', $show_deprecated_caps);
57
+
58
+ $confirm_role_update = $lib->get_request_var('confirm_role_update', 'post', 'checkbox');
59
+ $lib->put_option('ure_confirm_role_update', $confirm_role_update);
60
+
61
+ $edit_user_caps = $lib->get_request_var('edit_user_caps', 'post', 'checkbox');
62
+ $lib->put_option('edit_user_caps', $edit_user_caps);
63
+
64
+ $caps_columns_quant = (int) $lib->get_request_var('caps_columns_quant', 'post', 'int');
65
+ $lib->put_option('caps_columns_quant', $caps_columns_quant);
66
+
67
+ do_action('ure_settings_update1');
68
+
69
+ $lib->flush_options();
70
+ $lib->show_message(esc_html__('User Role Editor options are updated', 'user-role-editor'));
71
+
72
+ }
73
+ // end of update_general_options()
74
+
75
+
76
+ /**
77
+ * Update Additional Modules Options tab
78
+ */
79
+ protected static function update_addons_options() {
80
+
81
+ $lib = URE_Lib::get_instance();
82
+ $multisite = $lib->get('multisite');
83
+ if (!$multisite) {
84
+ $count_users_without_role = $lib->get_request_var('count_users_without_role', 'post', 'checkbox');
85
+ $lib->put_option('count_users_without_role', $count_users_without_role);
86
+ }
87
+ do_action('ure_settings_update2');
88
+
89
+ $lib->flush_options();
90
+ $lib->show_message(esc_html__('User Role Editor options are updated', 'user-role-editor'));
91
+ }
92
+ // end of update_addons_options()
93
+
94
+
95
+ protected static function update_default_roles() {
96
+ global $wp_roles;
97
+
98
+ $lib = URE_Lib::get_instance();
99
+
100
+ // Primary default role
101
+ $primary_default_role = $lib->get_request_var('default_user_role', 'post');
102
+ if (!empty($primary_default_role) && isset($wp_roles->role_objects[$primary_default_role]) && $primary_default_role !== 'administrator') {
103
+ update_option('default_role', $primary_default_role);
104
+ }
105
+
106
+ // Other default roles
107
+ $other_default_roles = array();
108
+ foreach($_POST as $key=>$value) {
109
+ $prefix = substr($key, 0, 8);
110
+ if ($prefix!=='wp_role_') {
111
+ continue;
112
+ }
113
+ $role_id = substr($key, 8);
114
+ if ($role_id!=='administrator' && isset($wp_roles->role_objects[$role_id])) {
115
+ $other_default_roles[] = $role_id;
116
+ }
117
+ } // foreach()
118
+ $lib->put_option('other_default_roles', $other_default_roles, true);
119
+
120
+ $lib->show_message(esc_html__('Default Roles are updated', 'user-role-editor'));
121
+ }
122
+ // end of update_default_roles()
123
+
124
+
125
+ protected static function update_multisite_options() {
126
+
127
+ $lib = URE_Lib::get_instance();
128
+
129
+ $multisite = $lib->get('multisite');
130
+ if (!$multisite) {
131
+ return;
132
+ }
133
+
134
+ $allow_edit_users_to_not_super_admin = $lib->get_request_var('allow_edit_users_to_not_super_admin', 'post', 'checkbox');
135
+ $lib->put_option('allow_edit_users_to_not_super_admin', $allow_edit_users_to_not_super_admin);
136
+
137
+ do_action('ure_settings_ms_update');
138
+
139
+ $lib->flush_options();
140
+ $lib->show_message(esc_html__('User Role Editor options are updated', 'user-role-editor'));
141
+
142
+ }
143
+ // end of update_multisite_options()
144
+
145
+
146
+ protected static function reset_roles() {
147
+
148
+ $lib = URE_Lib::get_instance();
149
+ $lib->reset_user_roles();
150
+ $lib->put_option('other_default_roles', array(), true);
151
+ $lib->show_message(esc_html__('Tools: Reset: User Roles were initialized', 'user-role-editor'));
152
+ }
153
+ // end of reset_roles()
154
+
155
+
156
+ private static function controller() {
157
+
158
+ $action = self::get_action();
159
+ switch ($action) {
160
+ case 'ure_settings_update':
161
+ self::update_general_options();
162
+ break;
163
+ case 'ure_addons_settings_update':
164
+ self::update_addons_options();
165
+ break;
166
+ case 'ure_settings_ms_update':
167
+ self::update_multisite_options();
168
+ break;
169
+ case 'ure_default_roles_update':
170
+ self::update_default_roles();
171
+ break;
172
+ case 'ure_reset_roles_exec':
173
+ self::reset_roles();
174
+ break;
175
+ case 'show':
176
+ default:
177
+ ;
178
+ } // switch()
179
+
180
+ }
181
+ // end of controller()
182
+
183
+
184
+ public static function show() {
185
+
186
+ $lib = URE_Lib::get_instance();
187
+ self::controller();
188
+
189
+ if (defined('URE_SHOW_ADMIN_ROLE') && (URE_SHOW_ADMIN_ROLE == 1)) {
190
+ $show_admin_role = 1;
191
+ } else {
192
+ $show_admin_role = $lib->get_option('show_admin_role', 0);
193
+ }
194
+ $caps_readable = $lib->get_option('ure_caps_readable', 0);
195
+ $show_deprecated_caps = $lib->get_option('ure_show_deprecated_caps', 0);
196
+ $confirm_role_update = $lib->get_option('ure_confirm_role_update', 1);
197
+ $edit_user_caps = $lib->get_option('edit_user_caps', 1);
198
+ $caps_columns_quant = $lib->get_option('caps_columns_quant', 1);
199
+ $multisite = $lib->get('multisite');
200
+ if ($multisite) {
201
+ $allow_edit_users_to_not_super_admin = $lib->get_option('allow_edit_users_to_not_super_admin', 0);
202
+ } else {
203
+ $count_users_without_role = $lib->get_option('count_users_without_role', 0);
204
+ }
205
+
206
+ $lib->get_default_role();
207
+ $view = new URE_Role_View();
208
+ $view->role_default_prepare_html(0);
209
+
210
+ $ure_tab_idx = (int) $lib->get_request_var('ure_tab_idx', 'post', 'int');
211
+
212
+ do_action('ure_settings_load');
213
+
214
+ if ($multisite && is_network_admin()) {
215
+ $link = 'settings.php';
216
+ } else {
217
+ $link = 'options-general.php';
218
+ }
219
+
220
+ $active_for_network = $lib->get('active_for_network');
221
+ $license_key_only = $multisite && is_network_admin() && !$active_for_network;
222
+
223
+
224
+ require_once(URE_PLUGIN_DIR . 'includes/settings-template.php');
225
+ }
226
+ // end of show()
227
+
228
+ }
229
+ // end of URE_Settings class
includes/classes/ure-lib.php CHANGED
@@ -526,46 +526,10 @@ class URE_Lib extends URE_Base_Lib {
526
 
527
  public function get_usermeta_table_name() {
528
  global $wpdb;
529
-
530
- $table_name = (!$this->multisite && defined('CUSTOM_USER_META_TABLE')) ? CUSTOM_USER_META_TABLE : $wpdb->usermeta;
531
-
532
- return $table_name;
533
  }
534
  // end of get_usermeta_table_name()
535
-
536
-
537
- /**
538
- * Check if user has "Administrator" role assigned
539
- *
540
- * @global wpdb $wpdb
541
- * @param int $user_id
542
- * @return boolean returns true is user has Role "Administrator"
543
- */
544
- public function has_administrator_role($user_id) {
545
- global $wpdb;
546
-
547
- if (empty($user_id) || !is_numeric($user_id)) {
548
- return false;
549
- }
550
-
551
- $table_name = $this->get_usermeta_table_name();
552
- $meta_key = $wpdb->prefix . 'capabilities';
553
- $query = "SELECT count(*)
554
- FROM $table_name
555
- WHERE user_id=$user_id AND meta_key='$meta_key' AND meta_value like '%administrator%'";
556
- $has_admin_role = $wpdb->get_var($query);
557
- if ($has_admin_role > 0) {
558
- $result = true;
559
- } else {
560
- $result = false;
561
- }
562
- // cache checking result for the future use
563
- $this->lib->user_to_check[$user_id] = $result;
564
-
565
- return $result;
566
- }
567
-
568
- // end of has_administrator_role()
569
 
570
 
571
  /**
@@ -640,54 +604,6 @@ class URE_Lib extends URE_Base_Lib {
640
  // end of get_editable_user_roles()
641
 
642
 
643
- /*
644
- // restores User Roles from the backup record
645
- protected function restore_user_roles()
646
- {
647
- global $wpdb, $wp_roles;
648
-
649
- $error_message = 'Error! ' . __('Database operation error. Check log file.', 'user-role-editor');
650
- $option_name = $wpdb->prefix . 'user_roles';
651
- $backup_option_name = $wpdb->prefix . 'backup_user_roles';
652
- $query = "select option_value
653
- from $wpdb->options
654
- where option_name='$backup_option_name'
655
- limit 0, 1";
656
- $option_value = $wpdb->get_var($query);
657
- if ($wpdb->last_error) {
658
- return $error_message;
659
- }
660
- if ($option_value) {
661
- $query = "update $wpdb->options
662
- set option_value='$option_value'
663
- where option_name='$option_name'
664
- limit 1";
665
- $record = $wpdb->query($query);
666
- if ($wpdb->last_error) {
667
- return $error_message;
668
- }
669
- $wp_roles = new WP_Roles();
670
- $reload_link = wp_get_referer();
671
- $reload_link = remove_query_arg('action', $reload_link);
672
- $reload_link = esc_url_raw(add_query_arg('action', 'roles_restore_note', $reload_link));
673
- ?>
674
- <script type="text/javascript" >
675
- document.location = '<?php echo $reload_link; ?>';
676
- </script>
677
- <?php
678
- $mess = '';
679
- } else {
680
- $mess = __('No backup data. It is created automatically before the first role data update.', 'user-role-editor');
681
- }
682
- if (isset($_REQUEST['user_role'])) {
683
- unset($_REQUEST['user_role']);
684
- }
685
-
686
- return $mess;
687
- }
688
- // end of restore_user_roles()
689
- */
690
-
691
  protected function convert_caps_to_readable($caps_name)
692
  {
693
 
@@ -698,39 +614,29 @@ class URE_Lib extends URE_Base_Lib {
698
  }
699
  // ure_ConvertCapsToReadable
700
 
701
-
702
- public function make_roles_backup() {
703
- global $wpdb;
 
 
 
 
 
 
 
704
 
 
 
705
  // check if backup user roles record exists already
706
- $backup_option_name = $wpdb->prefix . 'backup_user_roles';
707
- $query = "select option_id
708
- from $wpdb->options
709
- where option_name='$backup_option_name'
710
- limit 0, 1";
711
- $option_id = $wpdb->get_var($query);
712
- if ($wpdb->last_error) {
713
- return false;
714
- }
715
- if (!$option_id) {
716
- $roles_option_name = $wpdb->prefix.'user_roles';
717
- $query = "select option_value
718
- from $wpdb->options
719
- where option_name='$roles_option_name' limit 0,1";
720
- $serialized_roles = $wpdb->get_var($query);
721
- // create user roles record backup
722
- $query = "insert into $wpdb->options
723
- (option_name, option_value, autoload)
724
- values ('$backup_option_name', '$serialized_roles', 'no')";
725
- $record = $wpdb->query($query);
726
- if ($wpdb->last_error) {
727
- return false;
728
- }
729
  }
 
 
730
 
731
- return true;
732
  }
733
- // end of ure_make_roles_backup()
734
 
735
 
736
  protected function role_contains_caps_not_allowed_for_simple_admin($role_id) {
@@ -1294,7 +1200,7 @@ class URE_Lib extends URE_Base_Lib {
1294
 
1295
  /**
1296
  * Update roles for all network using direct database access - quicker in several times
1297
- *
1298
  * @global wpdb $wpdb
1299
  * @return boolean
1300
  */
@@ -2139,7 +2045,7 @@ class URE_Lib extends URE_Base_Lib {
2139
  public function get_ure_page_url() {
2140
  $page_url = URE_WP_ADMIN_URL . URE_PARENT . '?page=users-' . URE_PLUGIN_FILE;
2141
  $object = $this->get_request_var('object', 'get');
2142
- $user_id = $this->get_request_var('user_id', 'get', 'int');
2143
  if ($object=='user' && $user_id>0) {
2144
  $page_url .= '&object=user&user_id='. $user_id;
2145
  }
526
 
527
  public function get_usermeta_table_name() {
528
  global $wpdb;
529
+
530
+ return $wpdb->usermeta;
 
 
531
  }
532
  // end of get_usermeta_table_name()
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
533
 
534
 
535
  /**
604
  // end of get_editable_user_roles()
605
 
606
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
607
  protected function convert_caps_to_readable($caps_name)
608
  {
609
 
614
  }
615
  // ure_ConvertCapsToReadable
616
 
617
+ /**
618
+ * Create backup record for the WordPress user roles
619
+ * Run once on URE activation
620
+ *
621
+ * @global wpdb $wpdb
622
+ * @global WP_Roles $wp_roles
623
+ * @return type
624
+ */
625
+ public function backup_wp_roles() {
626
+ global $wpdb, $wp_roles;
627
 
628
+ $site_id = get_current_blog_id();
629
+ $backup_roles_key = $wpdb->get_blog_prefix($site_id) .'backup_user_roles';
630
  // check if backup user roles record exists already
631
+ $result = get_option($backup_roles_key, false);
632
+ if (!empty($result)) {
633
+ return;
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
634
  }
635
+
636
+ update_option($backup_roles_key, $wp_roles->roles, false);
637
 
 
638
  }
639
+ // end of backup_wp_roles()
640
 
641
 
642
  protected function role_contains_caps_not_allowed_for_simple_admin($role_id) {
1200
 
1201
  /**
1202
  * Update roles for all network using direct database access - quicker in several times
1203
+ * Execution speed is critical for large multi-site networks.
1204
  * @global wpdb $wpdb
1205
  * @return boolean
1206
  */
2045
  public function get_ure_page_url() {
2046
  $page_url = URE_WP_ADMIN_URL . URE_PARENT . '?page=users-' . URE_PLUGIN_FILE;
2047
  $object = $this->get_request_var('object', 'get');
2048
+ $user_id = (int) $this->get_request_var('user_id', 'get', 'int');
2049
  if ($object=='user' && $user_id>0) {
2050
  $page_url .= '&object=user&user_id='. $user_id;
2051
  }
includes/classes/user-role-editor.php CHANGED
@@ -401,33 +401,31 @@ class User_Role_Editor {
401
  * @param int $user_id
402
  *
403
  */
404
- public function duplicate_roles_for_new_blog($blog_id)
405
- {
406
-
407
- global $wpdb, $wp_roles;
408
-
409
- // get Id of 1st (main) blog
410
- $main_blog_id = $this->lib->get_main_blog_id();
411
- if ( empty($main_blog_id) ) {
412
- return;
 
 
 
 
 
 
 
 
 
 
 
413
  }
414
- $current_blog = $wpdb->blogid;
415
- switch_to_blog( $main_blog_id );
416
- $main_roles = new WP_Roles(); // get roles from primary blog
417
- $default_role = get_option('default_role'); // get default role from primary blog
418
- switch_to_blog($blog_id); // switch to the new created blog
419
- $main_roles->use_db = false; // do not touch DB
420
- $main_roles->add_cap('administrator', 'dummy_123456'); // just to save current roles into new blog
421
- $main_roles->role_key = $wp_roles->role_key;
422
- $main_roles->use_db = true; // save roles into new blog DB
423
- $main_roles->remove_cap('administrator', 'dummy_123456'); // remove unneeded dummy capability
424
- update_option('default_role', $default_role); // set default role for new blog as it set for primary one
425
- switch_to_blog($current_blog); // return to blog where we were at the begin
426
- }
427
- // end of duplicate_roles_for_new_blog()
428
 
429
-
430
- /**
431
  * Filter out URE plugin from not admin users to prevent its not authorized deactivation
432
  * @param type array $plugins plugins list
433
  * @return type array $plugins updated plugins list
@@ -598,202 +596,16 @@ class User_Role_Editor {
598
  }
599
 
600
  // end of network_plugin_menu()
601
-
602
-
603
- protected function get_settings_action() {
604
-
605
- $action = 'show';
606
- $update_buttons = array(
607
- 'ure_settings_update',
608
- 'ure_addons_settings_update',
609
- 'ure_settings_ms_update',
610
- 'ure_default_roles_update',
611
- 'ure_reset_roles_exec');
612
- foreach($update_buttons as $update_button) {
613
- if (!isset($_POST[$update_button])) {
614
- continue;
615
- }
616
- if (!wp_verify_nonce($_POST['_wpnonce'], 'user-role-editor')) {
617
- wp_die('Security check failed');
618
- }
619
- $action = $update_button;
620
- break;
621
- }
622
-
623
- return $action;
624
-
625
- }
626
- // end of get_settings_action()
627
-
628
- /**
629
- * Update General Options tab
630
- */
631
- protected function update_general_options() {
632
- if (defined('URE_SHOW_ADMIN_ROLE') && (URE_SHOW_ADMIN_ROLE == 1)) {
633
- $show_admin_role = 1;
634
- } else {
635
- $show_admin_role = $this->lib->get_request_var('show_admin_role', 'checkbox');
636
- }
637
- $this->lib->put_option('show_admin_role', $show_admin_role);
638
-
639
- $caps_readable = $this->lib->get_request_var('caps_readable', 'checkbox');
640
- $this->lib->put_option('ure_caps_readable', $caps_readable);
641
-
642
- $show_deprecated_caps = $this->lib->get_request_var('show_deprecated_caps', 'checkbox');
643
- $this->lib->put_option('ure_show_deprecated_caps', $show_deprecated_caps);
644
-
645
- $confirm_role_update = $this->lib->get_request_var('confirm_role_update', 'checkbox');
646
- $this->lib->put_option('ure_confirm_role_update', $confirm_role_update);
647
-
648
- $edit_user_caps = $this->lib->get_request_var('edit_user_caps', 'checkbox');
649
- $this->lib->put_option('edit_user_caps', $edit_user_caps);
650
-
651
- $caps_columns_quant = $this->lib->get_request_var('caps_columns_quant', 'checkbox');
652
- $this->lib->put_option('caps_columns_quant', $caps_columns_quant);
653
-
654
- do_action('ure_settings_update1');
655
-
656
- $this->lib->flush_options();
657
- $this->lib->show_message(esc_html__('User Role Editor options are updated', 'user-role-editor'));
658
 
659
- }
660
- // end of update_general_options()
661
-
662
-
663
- /**
664
- * Update Additional Modules Options tab
665
- */
666
- protected function update_addons_options() {
667
- $multisite = $this->lib->get('multisite');
668
- if (!$multisite) {
669
- $count_users_without_role = $this->lib->get_request_var('count_users_without_role', 'checkbox');
670
- $this->lib->put_option('count_users_without_role', $count_users_without_role);
671
- }
672
- do_action('ure_settings_update2');
673
-
674
- $this->lib->flush_options();
675
- $this->lib->show_message(esc_html__('User Role Editor options are updated', 'user-role-editor'));
676
- }
677
- // end of update_addons_options()
678
-
679
-
680
- protected function update_default_roles() {
681
- global $wp_roles;
682
-
683
- // Primary default role
684
- $primary_default_role = $this->lib->get_request_var('default_user_role', 'post');
685
- if (!empty($primary_default_role) && isset($wp_roles->role_objects[$primary_default_role]) && $primary_default_role !== 'administrator') {
686
- update_option('default_role', $primary_default_role);
687
- }
688
-
689
- // Other default roles
690
- $other_default_roles = array();
691
- foreach($_POST as $key=>$value) {
692
- $prefix = substr($key, 0, 8);
693
- if ($prefix!=='wp_role_') {
694
- continue;
695
- }
696
- $role_id = substr($key, 8);
697
- if ($role_id!=='administrator' && isset($wp_roles->role_objects[$role_id])) {
698
- $other_default_roles[] = $role_id;
699
- }
700
- } // foreach()
701
- $this->lib->put_option('other_default_roles', $other_default_roles, true);
702
-
703
- $this->lib->show_message(esc_html__('Default Roles are updated', 'user-role-editor'));
704
- }
705
- // end of update_default_roles()
706
-
707
-
708
- protected function update_multisite_options() {
709
- $multisite = $this->lib->get('multisite');
710
- if (!$multisite) {
711
- return;
712
- }
713
-
714
- $allow_edit_users_to_not_super_admin = $this->lib->get_request_var('allow_edit_users_to_not_super_admin', 'checkbox');
715
- $this->lib->put_option('allow_edit_users_to_not_super_admin', $allow_edit_users_to_not_super_admin);
716
-
717
- do_action('ure_settings_ms_update');
718
-
719
- $this->lib->flush_options();
720
- $this->lib->show_message(esc_html__('User Role Editor options are updated', 'user-role-editor'));
721
-
722
- }
723
- // end of update_multisite_options()
724
-
725
-
726
- protected function reset_roles() {
727
- $this->lib->reset_user_roles();
728
- $this->lib->put_option('other_default_roles', array(), true);
729
- $this->lib->show_message(esc_html__('Tools: Reset: User Roles were initialized', 'user-role-editor'));
730
- }
731
- // end of reset_roles()
732
-
733
 
734
  public function settings() {
735
  $settings_capability = URE_Own_Capabilities::get_settings_capability();
736
  if (!current_user_can($settings_capability)) {
737
  wp_die(esc_html__( 'You do not have sufficient permissions to manage options for User Role Editor.', 'user-role-editor' ));
738
  }
739
- $action = $this->get_settings_action();
740
- switch ($action) {
741
- case 'ure_settings_update':
742
- $this->update_general_options();
743
- break;
744
- case 'ure_addons_settings_update':
745
- $this->update_addons_options();
746
- break;
747
- case 'ure_settings_ms_update':
748
- $this->update_multisite_options();
749
- break;
750
- case 'ure_default_roles_update':
751
- $this->update_default_roles();
752
- break;
753
- case 'ure_reset_roles_exec':
754
- $this->reset_roles();
755
- break;
756
- case 'show':
757
- default:
758
- ;
759
- } // switch()
760
-
761
- if (defined('URE_SHOW_ADMIN_ROLE') && (URE_SHOW_ADMIN_ROLE == 1)) {
762
- $show_admin_role = 1;
763
- } else {
764
- $show_admin_role = $this->lib->get_option('show_admin_role', 0);
765
- }
766
- $caps_readable = $this->lib->get_option('ure_caps_readable', 0);
767
- $show_deprecated_caps = $this->lib->get_option('ure_show_deprecated_caps', 0);
768
- $confirm_role_update = $this->lib->get_option('ure_confirm_role_update', 1);
769
- $edit_user_caps = $this->lib->get_option('edit_user_caps', 1);
770
- $caps_columns_quant = $this->lib->get_option('caps_columns_quant', 1);
771
- $multisite = $this->lib->get('multisite');
772
- if ($multisite) {
773
- $allow_edit_users_to_not_super_admin = $this->lib->get_option('allow_edit_users_to_not_super_admin', 0);
774
- } else {
775
- $count_users_without_role = $this->lib->get_option('count_users_without_role', 0);
776
- }
777
-
778
- $this->lib->get_default_role();
779
- $view = new URE_Role_View();
780
- $view->role_default_prepare_html(0);
781
 
782
- $ure_tab_idx = (int) $this->lib->get_request_var('ure_tab_idx', 'post', 'int');
783
 
784
- do_action('ure_settings_load');
785
-
786
- if ($multisite && is_network_admin()) {
787
- $link = 'settings.php';
788
- } else {
789
- $link = 'options-general.php';
790
- }
791
-
792
- $active_for_network = $this->lib->get('active_for_network');
793
- $license_key_only = $multisite && is_network_admin() && !$active_for_network;
794
-
795
-
796
- require_once(URE_PLUGIN_DIR . 'includes/settings-template.php');
797
  }
798
  // end of settings()
799
 
@@ -835,7 +647,7 @@ class User_Role_Editor {
835
  */
836
  function setup() {
837
 
838
- $this->lib->make_roles_backup();
839
  URE_Own_Capabilities::init_caps();
840
 
841
  $task_queue = URE_Task_Queue::get_instance();
401
  * @param int $user_id
402
  *
403
  */
404
+ public function duplicate_roles_for_new_blog($blog_id) {
405
+ global $wpdb, $wp_roles;
406
+
407
+ // get Id of 1st (main) blog
408
+ $main_blog_id = $this->lib->get_main_blog_id();
409
+ if (empty($main_blog_id)) {
410
+ return;
411
+ }
412
+ $current_blog = $wpdb->blogid;
413
+ switch_to_blog($main_blog_id);
414
+ $main_roles = new WP_Roles(); // get roles from primary blog
415
+ $default_role = get_option('default_role'); // get default role from primary blog
416
+ switch_to_blog($blog_id); // switch to the new created blog
417
+ $main_roles->use_db = false; // do not touch DB
418
+ $main_roles->add_cap('administrator', 'dummy_123456'); // just to save current roles into new blog
419
+ $main_roles->role_key = $wp_roles->role_key;
420
+ $main_roles->use_db = true; // save roles into new blog DB
421
+ $main_roles->remove_cap('administrator', 'dummy_123456'); // remove unneeded dummy capability
422
+ update_option('default_role', $default_role); // set default role for new blog as it set for primary one
423
+ switch_to_blog($current_blog); // return to blog where we were at the begin
424
  }
425
+ // end of duplicate_roles_for_new_blog()
426
+
 
 
 
 
 
 
 
 
 
 
 
 
427
 
428
+ /**
 
429
  * Filter out URE plugin from not admin users to prevent its not authorized deactivation
430
  * @param type array $plugins plugins list
431
  * @return type array $plugins updated plugins list
596
  }
597
 
598
  // end of network_plugin_menu()
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
599
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
600
 
601
  public function settings() {
602
  $settings_capability = URE_Own_Capabilities::get_settings_capability();
603
  if (!current_user_can($settings_capability)) {
604
  wp_die(esc_html__( 'You do not have sufficient permissions to manage options for User Role Editor.', 'user-role-editor' ));
605
  }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
606
 
607
+ URE_Settings::show();
608
 
 
 
 
 
 
 
 
 
 
 
 
 
 
609
  }
610
  // end of settings()
611
 
647
  */
648
  function setup() {
649
 
650
+ $this->lib->backup_wp_roles();
651
  URE_Own_Capabilities::init_caps();
652
 
653
  $task_queue = URE_Task_Queue::get_instance();
includes/loader.php CHANGED
@@ -3,7 +3,7 @@
3
  * Load related files
4
  * Project: User Role Editor WordPress plugin
5
  *
6
- * Author: Vladimir Garagulya
7
  * email: support@role-editor.com
8
  *
9
  **/
@@ -28,5 +28,6 @@ require_once(URE_PLUGIN_DIR .'includes/classes/view.php');
28
  require_once(URE_PLUGIN_DIR .'includes/classes/role-view.php');
29
  require_once(URE_PLUGIN_DIR .'includes/classes/tools.php');
30
  require_once(URE_PLUGIN_DIR .'includes/classes/user-view.php');
 
31
  require_once(URE_PLUGIN_DIR .'includes/classes/user-role-editor.php');
32
 
3
  * Load related files
4
  * Project: User Role Editor WordPress plugin
5
  *
6
+ * Author: Vladimir Garagulia
7
  * email: support@role-editor.com
8
  *
9
  **/
28
  require_once(URE_PLUGIN_DIR .'includes/classes/role-view.php');
29
  require_once(URE_PLUGIN_DIR .'includes/classes/tools.php');
30
  require_once(URE_PLUGIN_DIR .'includes/classes/user-view.php');
31
+ require_once(URE_PLUGIN_DIR .'includes/classes/settings.php');
32
  require_once(URE_PLUGIN_DIR .'includes/classes/user-role-editor.php');
33
 
includes/settings-template.php CHANGED
@@ -22,7 +22,7 @@ $tabs_index = array();
22
  <?php
23
  $tabs_index['1'] = 0;
24
  if (!$license_key_only) {
25
- if ($this->lib->is_pro() || !$multisite) {
26
  ?>
27
  <li><a href="#ure_tabs-2"><?php esc_html_e('Additional Modules', 'user-role-editor'); ?></a></li>
28
  <?php
@@ -32,7 +32,7 @@ if (!$license_key_only) {
32
  <li><a href="#ure_tabs-3"><?php esc_html_e('Default Roles', 'user-role-editor'); ?></a></li>
33
  <?php
34
  $tabs_index['3'] = count($tabs_index);
35
- if ($multisite && ($this->lib->is_pro() || $this->lib->is_super_admin())) {
36
  ?>
37
  <li><a href="#ure_tabs-4"><?php esc_html_e('Multisite', 'user-role-editor'); ?></a></li>
38
  <?php
@@ -126,7 +126,7 @@ if (!$license_key_only) {
126
  </div> <!-- ure_tabs-1 -->
127
  <?php
128
  if (!$license_key_only) {
129
- if ($this->lib->is_pro() || !$multisite) {
130
  ?>
131
 
132
  <div id="ure_tabs-2">
@@ -175,7 +175,7 @@ if (!$multisite) {
175
  ?>
176
  <?php esc_html_e('Other default roles for new registered user: ', 'user-role-editor'); ?>
177
  <div id="other_default_roles">
178
- <?php $this->lib->show_other_default_roles(); ?>
179
  </div>
180
  <?php
181
  if ($multisite) {
@@ -192,14 +192,14 @@ if (!$multisite) {
192
  </div> <!-- ure_tabs-3 -->
193
 
194
  <?php
195
- if ( $multisite && ($this->lib->is_pro() || $this->lib->is_super_admin())) {
196
  ?>
197
  <div id="ure_tabs-4">
198
  <div id="ure-settings-form-ms">
199
  <form name="ure_settings_ms" method="post" action="<?php echo $link; ?>?page=settings-<?php echo URE_PLUGIN_FILE; ?>" >
200
  <table id="ure_settings_ms">
201
  <?php
202
- if ($this->lib->is_super_admin()) {
203
  ?>
204
  <tr>
205
  <td>
@@ -235,7 +235,7 @@ if (!$multisite) {
235
  </div> <!-- ure_tabs-5 -->
236
 
237
  <div id="ure_tabs-6">
238
- <?php $this->lib->about(); ?>
239
  </div> <!-- ure_tabs-6 -->
240
  </div> <!-- ure_tabs -->
241
  </div>
22
  <?php
23
  $tabs_index['1'] = 0;
24
  if (!$license_key_only) {
25
+ if ($lib->is_pro() || !$multisite) {
26
  ?>
27
  <li><a href="#ure_tabs-2"><?php esc_html_e('Additional Modules', 'user-role-editor'); ?></a></li>
28
  <?php
32
  <li><a href="#ure_tabs-3"><?php esc_html_e('Default Roles', 'user-role-editor'); ?></a></li>
33
  <?php
34
  $tabs_index['3'] = count($tabs_index);
35
+ if ($multisite && ($lib->is_pro() || $lib->is_super_admin())) {
36
  ?>
37
  <li><a href="#ure_tabs-4"><?php esc_html_e('Multisite', 'user-role-editor'); ?></a></li>
38
  <?php
126
  </div> <!-- ure_tabs-1 -->
127
  <?php
128
  if (!$license_key_only) {
129
+ if ($lib->is_pro() || !$multisite) {
130
  ?>
131
 
132
  <div id="ure_tabs-2">
175
  ?>
176
  <?php esc_html_e('Other default roles for new registered user: ', 'user-role-editor'); ?>
177
  <div id="other_default_roles">
178
+ <?php $lib->show_other_default_roles(); ?>
179
  </div>
180
  <?php
181
  if ($multisite) {
192
  </div> <!-- ure_tabs-3 -->
193
 
194
  <?php
195
+ if ( $multisite && ($lib->is_pro() || $lib->is_super_admin())) {
196
  ?>
197
  <div id="ure_tabs-4">
198
  <div id="ure-settings-form-ms">
199
  <form name="ure_settings_ms" method="post" action="<?php echo $link; ?>?page=settings-<?php echo URE_PLUGIN_FILE; ?>" >
200
  <table id="ure_settings_ms">
201
  <?php
202
+ if ($lib->is_super_admin()) {
203
  ?>
204
  <tr>
205
  <td>
235
  </div> <!-- ure_tabs-5 -->
236
 
237
  <div id="ure_tabs-6">
238
+ <?php $lib->about(); ?>
239
  </div> <!-- ure_tabs-6 -->
240
  </div> <!-- ure_tabs -->
241
  </div>
readme.txt CHANGED
@@ -3,8 +3,8 @@ Contributors: shinephp
3
  Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=vladimir%40shinephp%2ecom&lc=RU&item_name=ShinePHP%2ecom&item_number=User%20Role%20Editor%20WordPress%20plugin&currency_code=USD&bn=PP%2dDonationsBF%3abtn_donateCC_LG%2egif%3aNonHosted
4
  Tags: user, role, editor, security, access, permission, capability
5
  Requires at least: 4.0
6
- Tested up to: 4.9
7
- Stable tag: 4.38
8
  License: GPLv2 or later
9
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
10
 
@@ -41,6 +41,7 @@ Do you need more functionality with quality support in a real time? Do you wish
41
  <li>Per form users access management for Gravity Forms plugin.</li>
42
  <li>Shortcode to show enclosed content to the users with selected roles only.</li>
43
  <li>Posts and pages view restrictions for selected roles.</li>
 
44
  </ul>
45
  Pro version is advertisement free. Premium support is included.
46
 
@@ -79,6 +80,12 @@ https://translate.wordpress.org/projects/wp-plugins/user-role-editor/
79
 
80
  == Changelog =
81
 
 
 
 
 
 
 
82
  = [4.38] 27.11.2017 =
83
  * Security: XSS vulnerability was fixed at URE's options page. Bug was discovered and fixed at tab index value numeric type checking. Tab index value is additionally escaped before output also.
84
  * Security: Deprecated code for debug output to the .log file in case of database query error was removed.
3
  Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=vladimir%40shinephp%2ecom&lc=RU&item_name=ShinePHP%2ecom&item_number=User%20Role%20Editor%20WordPress%20plugin&currency_code=USD&bn=PP%2dDonationsBF%3abtn_donateCC_LG%2egif%3aNonHosted
4
  Tags: user, role, editor, security, access, permission, capability
5
  Requires at least: 4.0
6
+ Tested up to: 4.9.1
7
+ Stable tag: 4.39
8
  License: GPLv2 or later
9
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
10
 
41
  <li>Per form users access management for Gravity Forms plugin.</li>
42
  <li>Shortcode to show enclosed content to the users with selected roles only.</li>
43
  <li>Posts and pages view restrictions for selected roles.</li>
44
+ <li>Admin back-end pages permissions viewer</li>
45
  </ul>
46
  Pro version is advertisement free. Premium support is included.
47
 
80
 
81
  == Changelog =
82
 
83
+ = [4.39] 19.12.2017 =
84
+ * Update: Plugin settings management code moved to the separate URE_Settings class.
85
+ * Update: 'create_posts', 'create_pages' user capabilities are not added by default to WordPress built-in capabilities groups as they are supported by the Pro version only.
86
+ * Update: Type checking enhanced for values received from a user input and for variable arguments inside database queries.
87
+ * Update: Own code to build usermeta db table name was excluded. A value from $wpdb->usermeta is used instead.
88
+
89
  = [4.38] 27.11.2017 =
90
  * Security: XSS vulnerability was fixed at URE's options page. Bug was discovered and fixed at tab index value numeric type checking. Tab index value is additionally escaped before output also.
91
  * Security: Deprecated code for debug output to the .log file in case of database query error was removed.
uninstall.php CHANGED
@@ -32,7 +32,12 @@ if (!is_multisite()) {
32
  } else {
33
  $old_blog = $wpdb->blogid;
34
  // Get all blog ids
35
- $blogIds = $wpdb->get_col("SELECT blog_id FROM $wpdb->blogs");
 
 
 
 
 
36
  foreach ($blogIds as $blog_id) {
37
  switch_to_blog($blog_id);
38
  ure_delete_options();
32
  } else {
33
  $old_blog = $wpdb->blogid;
34
  // Get all blog ids
35
+ $network = get_current_site();
36
+ $query = $wpdb->prepare(
37
+ "SELECT blog_id FROM {$wpdb->blogs} WHERE site_id=%d",
38
+ array($network->id)
39
+ );
40
+ $blogIds = $wpdb->get_col($query);
41
  foreach ($blogIds as $blog_id) {
42
  switch_to_blog($blog_id);
43
  ure_delete_options();
user-role-editor.php CHANGED
@@ -3,7 +3,7 @@
3
  Plugin Name: User Role Editor
4
  Plugin URI: https://www.role-editor.com
5
  Description: Change/add/delete WordPress user roles and capabilities.
6
- Version: 4.38
7
  Author: Vladimir Garagulya
8
  Author URI: https://www.role-editor.com
9
  Text Domain: user-role-editor
@@ -23,7 +23,7 @@ if (defined('URE_PLUGIN_URL')) {
23
  wp_die('It seems that other version of User Role Editor is active. Please deactivate it before use this version');
24
  }
25
 
26
- define('URE_VERSION', '4.38');
27
  define('URE_PLUGIN_URL', plugin_dir_url(__FILE__));
28
  define('URE_PLUGIN_DIR', plugin_dir_path(__FILE__));
29
  define('URE_PLUGIN_BASE_NAME', plugin_basename(__FILE__));
3
  Plugin Name: User Role Editor
4
  Plugin URI: https://www.role-editor.com
5
  Description: Change/add/delete WordPress user roles and capabilities.
6
+ Version: 4.39
7
  Author: Vladimir Garagulya
8
  Author URI: https://www.role-editor.com
9
  Text Domain: user-role-editor
23
  wp_die('It seems that other version of User Role Editor is active. Please deactivate it before use this version');
24
  }
25
 
26
+ define('URE_VERSION', '4.39');
27
  define('URE_PLUGIN_URL', plugin_dir_url(__FILE__));
28
  define('URE_PLUGIN_DIR', plugin_dir_path(__FILE__));
29
  define('URE_PLUGIN_BASE_NAME', plugin_basename(__FILE__));