Version Description
Download this release
Release Info
| Developer | shinephp |
| Plugin |  User Role Editor |
| Version | 4.55.1 |
| Comparing to | |
| See all releases | |
Code changes from version 4.55 to 4.55.1
- includes/classes/uninstall.php +4 -4
- includes/classes/user-other-roles.php +44 -42
- readme.txt +5 -1
- user-role-editor.php +2 -2
includes/classes/uninstall.php
CHANGED
|
@@ -2,9 +2,9 @@
|
|
| 2 |
|
| 3 |
class URE_Uninstall {
|
| 4 |
|
| 5 |
-
|
| 6 |
-
|
| 7 |
-
|
| 8 |
|
| 9 |
public function __construct() {
|
| 10 |
|
|
@@ -16,7 +16,7 @@ class URE_Uninstall {
|
|
| 16 |
// end of __construct()
|
| 17 |
|
| 18 |
|
| 19 |
-
|
| 20 |
|
| 21 |
$this->options = array();
|
| 22 |
$this->options[] = 'ure_caps_readable';
|
| 2 |
|
| 3 |
class URE_Uninstall {
|
| 4 |
|
| 5 |
+
protected $lib = null;
|
| 6 |
+
protected $options = null;
|
| 7 |
+
protected $own_caps = null;
|
| 8 |
|
| 9 |
public function __construct() {
|
| 10 |
|
| 16 |
// end of __construct()
|
| 17 |
|
| 18 |
|
| 19 |
+
protected function init_options_list() {
|
| 20 |
|
| 21 |
$this->options = array();
|
| 22 |
$this->options[] = 'ure_caps_readable';
|
includes/classes/user-other-roles.php
CHANGED
|
@@ -287,85 +287,87 @@ class URE_User_Other_Roles {
|
|
| 287 |
// end of user_new_form()
|
| 288 |
|
| 289 |
|
| 290 |
-
|
| 291 |
-
|
| 292 |
-
|
|
|
|
|
|
|
| 293 |
|
| 294 |
-
if (!current_user_can('edit_users')) {
|
| 295 |
-
return
|
| 296 |
}
|
| 297 |
-
if (!current_user_can('edit_user', $user_id)) {
|
| 298 |
-
return
|
| 299 |
}
|
| 300 |
-
|
| 301 |
-
|
| 302 |
-
|
| 303 |
-
|
| 304 |
-
|
| 305 |
-
if (empty($_POST['ure_other_roles'])) { // there is no need in other roles, user did not selected them
|
| 306 |
-
return true;
|
| 307 |
}
|
| 308 |
|
| 309 |
-
$user = get_userdata($user_id);
|
| 310 |
-
$data = explode(',', str_replace(' ', '', $_POST['ure_other_roles']));
|
|
|
|
| 311 |
$ure_other_roles = array();
|
| 312 |
-
foreach($data as $role_id) {
|
| 313 |
-
if (
|
| 314 |
continue;
|
|
|
|
|
|
|
|
|
|
| 315 |
}
|
| 316 |
-
if (is_array($user->roles) && !in_array($role_id, $user->roles)) {
|
| 317 |
$ure_other_roles[] = $role_id;
|
| 318 |
}
|
| 319 |
}
|
| 320 |
-
foreach
|
| 321 |
-
$user->add_role($role);
|
| 322 |
}
|
| 323 |
|
| 324 |
-
return
|
| 325 |
}
|
| 326 |
// end of update()
|
| 327 |
|
| 328 |
|
| 329 |
private function add_default_other_roles($user_id) {
|
| 330 |
-
if (!current_user_can('edit_users')) {
|
| 331 |
return false;
|
| 332 |
}
|
| 333 |
-
if (!current_user_can('edit_user', $user_id)) {
|
| 334 |
return false;
|
| 335 |
}
|
| 336 |
|
| 337 |
-
$user = get_user_by('id', $user_id);
|
| 338 |
-
if (empty($user->ID)) {
|
| 339 |
-
return;
|
| 340 |
}
|
| 341 |
|
| 342 |
// Get default roles if any
|
| 343 |
-
$other_default_roles = $this->lib->get_option('other_default_roles', array());
|
| 344 |
-
if (count($other_default_roles) == 0) {
|
| 345 |
-
return;
|
| 346 |
}
|
| 347 |
-
foreach ($other_default_roles as $role) {
|
| 348 |
-
if (!isset($user->caps[$role])) {
|
| 349 |
-
$user->add_role($role);
|
| 350 |
}
|
| 351 |
}
|
| 352 |
}
|
| 353 |
-
|
| 354 |
// end of add_default_other_roles()
|
| 355 |
|
| 356 |
|
| 357 |
-
public function add_other_roles($user_id) {
|
| 358 |
|
| 359 |
-
if (empty($user_id)) {
|
| 360 |
-
return;
|
| 361 |
}
|
| 362 |
|
| 363 |
-
$result = $this->update($user_id);
|
| 364 |
-
if ($result) { // roles were
|
| 365 |
-
|
| 366 |
}
|
| 367 |
-
|
| 368 |
-
$this->add_default_other_roles($user_id);
|
| 369 |
}
|
| 370 |
// end of add_other_roles()
|
| 371 |
|
| 287 |
// end of user_new_form()
|
| 288 |
|
| 289 |
|
| 290 |
+
/*
|
| 291 |
+
* Save additional user roles when user profile is updated, as WordPress itself doesn't know about them
|
| 292 |
+
* Returns different numbers for automatic testing purpose
|
| 293 |
+
*/
|
| 294 |
+
public function update( $user_id ) {
|
| 295 |
|
| 296 |
+
if ( !current_user_can('edit_users') ) {
|
| 297 |
+
return -1; // No permissions to edit users
|
| 298 |
}
|
| 299 |
+
if ( !current_user_can('edit_user', $user_id) ) {
|
| 300 |
+
return -1; // No permissions to edit this user
|
| 301 |
}
|
| 302 |
+
if ( !isset( $_POST['ure_other_roles'] ) ) {
|
| 303 |
+
return 3; // Add default other roles, there is no related data at the POST
|
| 304 |
+
}
|
| 305 |
+
if ( empty( $_POST['ure_other_roles'] ) ) {
|
| 306 |
+
return 1; // There is no need in processing of other roles. User did not select them
|
|
|
|
|
|
|
| 307 |
}
|
| 308 |
|
| 309 |
+
$user = get_userdata( $user_id );
|
| 310 |
+
$data = explode(',', str_replace(' ', '', $_POST['ure_other_roles'] ) );
|
| 311 |
+
$editable_roles = get_editable_roles();
|
| 312 |
$ure_other_roles = array();
|
| 313 |
+
foreach( $data as $role_id ) {
|
| 314 |
+
if ( empty( $role_id ) ) {
|
| 315 |
continue;
|
| 316 |
+
}
|
| 317 |
+
if ( !isset( $editable_roles[ $role_id ] ) ) {
|
| 318 |
+
return -2; // If the role isn't editable by the current user, stop processing - no permission to assign this role.
|
| 319 |
}
|
| 320 |
+
if ( is_array( $user->roles ) && !in_array( $role_id, $user->roles ) ) {
|
| 321 |
$ure_other_roles[] = $role_id;
|
| 322 |
}
|
| 323 |
}
|
| 324 |
+
foreach( $ure_other_roles as $role ) {
|
| 325 |
+
$user->add_role( $role );
|
| 326 |
}
|
| 327 |
|
| 328 |
+
return 2;
|
| 329 |
}
|
| 330 |
// end of update()
|
| 331 |
|
| 332 |
|
| 333 |
private function add_default_other_roles($user_id) {
|
| 334 |
+
if ( !current_user_can('edit_users') ) {
|
| 335 |
return false;
|
| 336 |
}
|
| 337 |
+
if ( !current_user_can('edit_user', $user_id) ) {
|
| 338 |
return false;
|
| 339 |
}
|
| 340 |
|
| 341 |
+
$user = get_user_by('id', $user_id );
|
| 342 |
+
if ( empty( $user->ID ) ) {
|
| 343 |
+
return true;
|
| 344 |
}
|
| 345 |
|
| 346 |
// Get default roles if any
|
| 347 |
+
$other_default_roles = $this->lib->get_option('other_default_roles', array() );
|
| 348 |
+
if ( count( $other_default_roles ) == 0 ) {
|
| 349 |
+
return true;
|
| 350 |
}
|
| 351 |
+
foreach ( $other_default_roles as $role ) {
|
| 352 |
+
if ( !isset( $user->caps[$role] ) ) {
|
| 353 |
+
$user->add_role( $role );
|
| 354 |
}
|
| 355 |
}
|
| 356 |
}
|
|
|
|
| 357 |
// end of add_default_other_roles()
|
| 358 |
|
| 359 |
|
| 360 |
+
public function add_other_roles( $user_id ) {
|
| 361 |
|
| 362 |
+
if ( empty( $user_id ) ) {
|
| 363 |
+
return false;
|
| 364 |
}
|
| 365 |
|
| 366 |
+
$result = $this->update( $user_id );
|
| 367 |
+
if ( $result==3 ) { // Other roles were not selected manually
|
| 368 |
+
$this->add_default_other_roles( $user_id );
|
| 369 |
}
|
| 370 |
+
|
|
|
|
| 371 |
}
|
| 372 |
// end of add_other_roles()
|
| 373 |
|
readme.txt
CHANGED
|
@@ -4,7 +4,7 @@ Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=vladi
|
|
| 4 |
Tags: user, role, editor, security, access, permission, capability
|
| 5 |
Requires at least: 4.0
|
| 6 |
Tested up to: 5.4.1
|
| 7 |
-
Stable tag: 4.55
|
| 8 |
Requires PHP: 5.6
|
| 9 |
License: GPLv2 or later
|
| 10 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
|
@@ -80,6 +80,10 @@ https://translate.wordpress.org/projects/wp-plugins/user-role-editor/
|
|
| 80 |
|
| 81 |
|
| 82 |
== Changelog =
|
|
|
|
|
|
|
|
|
|
|
|
|
| 83 |
= [4.55] 03.06.2020 =
|
| 84 |
* Update: User Role Editor uninstallation was refactored. It fully removes the ('ure_%') user capabilities from the user roles data.
|
| 85 |
|
| 4 |
Tags: user, role, editor, security, access, permission, capability
|
| 5 |
Requires at least: 4.0
|
| 6 |
Tested up to: 5.4.1
|
| 7 |
+
Stable tag: 4.55.1
|
| 8 |
Requires PHP: 5.6
|
| 9 |
License: GPLv2 or later
|
| 10 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
| 80 |
|
| 81 |
|
| 82 |
== Changelog =
|
| 83 |
+
= [4.55.1] 06.06.2020 =
|
| 84 |
+
* Security fix: User with 'edit_users' capability could assign to another user a role not included into the editable roles list. This fix is required to install ASAP for all sites which have user(s) with 'edit_users' capability granted not via 'administrator' role.
|
| 85 |
+
* Update: URE_Uninstall class properties were made 'protected' to be accessible in URE_Uninstall_Pro class included into the Pro version.
|
| 86 |
+
|
| 87 |
= [4.55] 03.06.2020 =
|
| 88 |
* Update: User Role Editor uninstallation was refactored. It fully removes the ('ure_%') user capabilities from the user roles data.
|
| 89 |
|
user-role-editor.php
CHANGED
|
@@ -3,7 +3,7 @@
|
|
| 3 |
Plugin Name: User Role Editor
|
| 4 |
Plugin URI: https://www.role-editor.com
|
| 5 |
Description: Change/add/delete WordPress user roles and capabilities.
|
| 6 |
-
Version: 4.55
|
| 7 |
Author: Vladimir Garagulya
|
| 8 |
Author URI: https://www.role-editor.com
|
| 9 |
Text Domain: user-role-editor
|
|
@@ -23,7 +23,7 @@ if ( defined( 'URE_PLUGIN_URL' ) ) {
|
|
| 23 |
wp_die( 'It seems that other version of User Role Editor is active. Please deactivate it before use this version' );
|
| 24 |
}
|
| 25 |
|
| 26 |
-
define( 'URE_VERSION', '4.55' );
|
| 27 |
define( 'URE_PLUGIN_URL', plugin_dir_url( __FILE__ ) );
|
| 28 |
define( 'URE_PLUGIN_DIR', plugin_dir_path( __FILE__ ) );
|
| 29 |
define( 'URE_PLUGIN_BASE_NAME', plugin_basename( __FILE__ ) );
|
| 3 |
Plugin Name: User Role Editor
|
| 4 |
Plugin URI: https://www.role-editor.com
|
| 5 |
Description: Change/add/delete WordPress user roles and capabilities.
|
| 6 |
+
Version: 4.55.1
|
| 7 |
Author: Vladimir Garagulya
|
| 8 |
Author URI: https://www.role-editor.com
|
| 9 |
Text Domain: user-role-editor
|
| 23 |
wp_die( 'It seems that other version of User Role Editor is active. Please deactivate it before use this version' );
|
| 24 |
}
|
| 25 |
|
| 26 |
+
define( 'URE_VERSION', '4.55.1' );
|
| 27 |
define( 'URE_PLUGIN_URL', plugin_dir_url( __FILE__ ) );
|
| 28 |
define( 'URE_PLUGIN_DIR', plugin_dir_path( __FILE__ ) );
|
| 29 |
define( 'URE_PLUGIN_BASE_NAME', plugin_basename( __FILE__ ) );
|
