User Switching - Version 1.5.1

Version Description

Download this release

Release Info

Developer johnbillion
Plugin Icon 128x128 User Switching
Version 1.5.1
Comparing to
See all releases

Code changes from version 1.5.0 to 1.5.1

Files changed (3) hide show
  1. composer.json +3 -3
  2. readme.txt +2 -2
  3. user-switching.php +65 -30
composer.json CHANGED
@@ -26,13 +26,12 @@
26
  },
27
  "require-dev" : {
28
  "behat/mink-goutte-driver": "^1.2",
29
- "behat/mink-selenium2-driver": "^1.3",
30
  "dealerdirect/phpcodesniffer-composer-installer": "^0.5",
31
  "genesis/behat-fail-aid": "^2.0",
32
  "johnbillion/php-docs-standards": "^1.2",
33
- "paulgibbs/behat-wordpress-extension": "^3.1",
34
  "phpcompatibility/php-compatibility": "^9",
35
- "phpunit/phpunit": "^5",
36
  "roots/wordpress": "*",
37
  "vlucas/phpdotenv": "^3",
38
  "wp-cli/wp-cli-bundle": "^2.1",
@@ -44,6 +43,7 @@
44
  "vendor/bin/phpcs -nps --colors --report-code --report-summary --report-width=80 ."
45
  ],
46
  "test:ut": [
 
47
  "export WP_MULTISITE=0 && vendor/bin/phpunit --verbose --colors=always --exclude-group=ms-required",
48
  "export WP_MULTISITE=1 && vendor/bin/phpunit --verbose --colors=always --exclude-group=ms-excluded"
49
  ],
26
  },
27
  "require-dev" : {
28
  "behat/mink-goutte-driver": "^1.2",
 
29
  "dealerdirect/phpcodesniffer-composer-installer": "^0.5",
30
  "genesis/behat-fail-aid": "^2.0",
31
  "johnbillion/php-docs-standards": "^1.2",
32
+ "paulgibbs/behat-wordpress-extension": "dev-master",
33
  "phpcompatibility/php-compatibility": "^9",
34
+ "phpunit/phpunit": "^7",
35
  "roots/wordpress": "*",
36
  "vlucas/phpdotenv": "^3",
37
  "wp-cli/wp-cli-bundle": "^2.1",
43
  "vendor/bin/phpcs -nps --colors --report-code --report-summary --report-width=80 ."
44
  ],
45
  "test:ut": [
46
+ "vendor/bin/wp db reset --yes --path=tests/wordpress #",
47
  "export WP_MULTISITE=0 && vendor/bin/phpunit --verbose --colors=always --exclude-group=ms-required",
48
  "export WP_MULTISITE=1 && vendor/bin/phpunit --verbose --colors=always --exclude-group=ms-excluded"
49
  ],
readme.txt CHANGED
@@ -3,8 +3,8 @@
3
  Contributors: johnbillion
4
  Tags: users, profiles, user switching, fast user switching, multisite, buddypress, bbpress, become, user management, developer
5
  Requires at least: 3.7
6
- Tested up to: 5.1
7
- Stable tag: 1.5.0
8
  Requires PHP: 5.3
9
  License: GPL v2 or later
10
 
3
  Contributors: johnbillion
4
  Tags: users, profiles, user switching, fast user switching, multisite, buddypress, bbpress, become, user management, developer
5
  Requires at least: 3.7
6
+ Tested up to: 5.2
7
+ Stable tag: 1.5.1
8
  Requires PHP: 5.3
9
  License: GPL v2 or later
10
 
user-switching.php CHANGED
@@ -10,7 +10,7 @@
10
  *
11
  * Plugin Name: User Switching
12
  * Description: Instant switching between user accounts in WordPress
13
- * Version: 1.5.0
14
  * Plugin URI: https://johnblackbourn.com/wordpress-plugin-user-switching/
15
  * Author: John Blackbourn & contributors
16
  * Author URI: https://github.com/johnbillion/user-switching/graphs/contributors
@@ -50,7 +50,7 @@ class user_switching {
50
  add_filter( 'user_has_cap', array( $this, 'filter_user_has_cap' ), 10, 4 );
51
  add_filter( 'map_meta_cap', array( $this, 'filter_map_meta_cap' ), 10, 4 );
52
  add_filter( 'user_row_actions', array( $this, 'filter_user_row_actions' ), 10, 2 );
53
- add_action( 'plugins_loaded', array( $this, 'action_plugins_loaded' ) );
54
  add_action( 'init', array( $this, 'action_init' ) );
55
  add_action( 'all_admin_notices', array( $this, 'action_admin_notices' ), 1 );
56
  add_action( 'wp_logout', 'user_switching_clear_olduser_cookie' );
@@ -150,7 +150,7 @@ class user_switching {
150
 
151
  // Check authentication:
152
  if ( ! current_user_can( 'switch_to_user', $user_id ) ) {
153
- wp_die( esc_html__( 'Could not switch users.', 'user-switching' ) );
154
  }
155
 
156
  // Check intent:
@@ -175,7 +175,7 @@ class user_switching {
175
  }
176
  exit;
177
  } else {
178
- wp_die( esc_html__( 'Could not switch users.', 'user-switching' ) );
179
  }
180
  break;
181
 
@@ -184,12 +184,12 @@ class user_switching {
184
  // Fetch the originating user data:
185
  $old_user = self::get_old_user();
186
  if ( ! $old_user ) {
187
- wp_die( esc_html__( 'Could not switch users.', 'user-switching' ) );
188
  }
189
 
190
  // Check authentication:
191
  if ( ! self::authenticate_old_user( $old_user ) ) {
192
- wp_die( esc_html__( 'Could not switch users.', 'user-switching' ) );
193
  }
194
 
195
  // Check intent:
@@ -217,7 +217,7 @@ class user_switching {
217
  }
218
  exit;
219
  } else {
220
- wp_die( esc_html__( 'Could not switch users.', 'user-switching' ) );
221
  }
222
  break;
223
 
@@ -289,6 +289,10 @@ class user_switching {
289
  $old_user = self::get_old_user();
290
 
291
  if ( $old_user ) {
 
 
 
 
292
  ?>
293
  <div id="user_switching" class="updated notice is-dismissible">
294
  <p><span class="dashicons dashicons-admin-users" style="color:#56c234" aria-hidden="true"></span>
@@ -330,12 +334,19 @@ class user_switching {
330
  * @param bool $just_switched Whether the user made the switch on this page request.
331
  */
332
  $message = apply_filters( 'user_switching_switched_message', $message, $user, $old_user, $switch_back_url, $just_switched );
333
- // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped
334
- echo $message;
 
 
 
 
335
  ?>
336
  </p>
337
  </div>
338
  <?php
 
 
 
339
  } elseif ( isset( $_GET['user_switched'] ) ) {
340
  ?>
341
  <div id="user_switching" class="updated notice is-dismissible">
@@ -461,7 +472,7 @@ class user_switching {
461
  ) );
462
  }
463
 
464
- if ( ! is_admin() && is_author() ) {
465
  if ( $old_user ) {
466
  $wp_admin_bar->add_menu( array(
467
  'parent' => 'edit',
@@ -505,7 +516,11 @@ class user_switching {
505
  $url = add_query_arg( array(
506
  'redirect_to' => urlencode( self::current_url() ),
507
  ), self::switch_back_url( $old_user ) );
508
- echo '<li id="user_switching_switch_on"><a href="' . esc_url( $url ) . '">' . esc_html( $link ) . '</a></li>';
 
 
 
 
509
  }
510
  }
511
 
@@ -529,7 +544,11 @@ class user_switching {
529
  $url = add_query_arg( array(
530
  'redirect_to' => urlencode( self::current_url() ),
531
  ), self::switch_back_url( $old_user ) );
532
- echo '<p id="user_switching_switch_on"><a href="' . esc_url( $url ) . '">' . esc_html( $link ) . '</a></p>';
 
 
 
 
533
  }
534
  }
535
 
@@ -563,7 +582,11 @@ class user_switching {
563
 
564
  $message .= '<p class="message" id="user_switching_switch_on">';
565
  $message .= '<span class="dashicons dashicons-admin-users" style="color:#56c234" aria-hidden="true"></span> ';
566
- $message .= '<a href="' . esc_url( $url ) . '" onclick="window.location.href=\'' . esc_url( $url ) . '\';return false;">' . esc_html( $link ) . '</a>';
 
 
 
 
567
  $message .= '</p>';
568
  }
569
 
@@ -573,9 +596,9 @@ class user_switching {
573
  /**
574
  * Adds a 'Switch To' link to each list of user actions on the Users screen.
575
  *
576
- * @param string[] $actions The actions to display for this user row.
577
  * @param WP_User $user The user object displayed in this row.
578
- * @return string[] The actions to display for this user row.
579
  */
580
  public function filter_user_row_actions( array $actions, WP_User $user ) {
581
  $link = self::maybe_switch_url( $user );
@@ -584,7 +607,11 @@ class user_switching {
584
  return $actions;
585
  }
586
 
587
- $actions['switch_to_user'] = '<a href="' . esc_url( $link ) . '">' . esc_html__( 'Switch&nbsp;To', 'user-switching' ) . '</a>';
 
 
 
 
588
 
589
  return $actions;
590
  }
@@ -646,11 +673,13 @@ class user_switching {
646
  'redirect_to' => urlencode( bbp_get_user_profile_url( $user->ID ) ),
647
  ), $link );
648
 
649
- ?>
650
- <ul id="user_switching_switch_to">
651
- <li><a href="<?php echo esc_url( $link ); ?>"><?php esc_html_e( 'Switch&nbsp;To', 'user-switching' ); ?></a></li>
652
- </ul>
653
- <?php
 
 
654
  }
655
 
656
  /**
@@ -658,8 +687,8 @@ class user_switching {
658
  *
659
  * @link https://core.trac.wordpress.org/ticket/23367
660
  *
661
- * @param string[] $args List of removable query arguments.
662
- * @return string[] Updated list of removable query arguments.
663
  */
664
  public function filter_removable_query_args( array $args ) {
665
  return array_merge( $args, array(
@@ -733,7 +762,7 @@ class user_switching {
733
  * @return string The current URL.
734
  */
735
  public static function current_url() {
736
- return ( is_ssl() ? 'https://' : 'http://' ) . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']; // @codingStandardsIgnoreLine
737
  }
738
 
739
  /**
@@ -803,7 +832,7 @@ class user_switching {
803
  *
804
  * @param bool[] $user_caps Array of key/value pairs where keys represent a capability name and boolean values
805
  * represent whether the user has that capability.
806
- * @param string[] $required_caps Required primitive capabilities for the requested capability.
807
  * @param array $args {
808
  * Arguments that accompany the requested capability check.
809
  *
@@ -812,10 +841,14 @@ class user_switching {
812
  * @type mixed ...$2 Optional second and further parameters.
813
  * }
814
  * @param WP_User $user Concerned user object.
815
- * @return bool[] Concerned user's capabilities.
816
  */
817
  public function filter_user_has_cap( array $user_caps, array $required_caps, array $args, WP_User $user ) {
818
  if ( 'switch_to_user' === $args[0] ) {
 
 
 
 
819
  if ( array_key_exists( 'switch_users', $user_caps ) ) {
820
  $user_caps['switch_to_user'] = $user_caps['switch_users'];
821
  return $user_caps;
@@ -843,7 +876,7 @@ class user_switching {
843
  *
844
  * It affects nothing else as Super Admins can do everything by default.
845
  *
846
- * @param string[] $required_caps Required primitive capabilities for the requested capability.
847
  * @param string $cap Capability or meta capability being checked.
848
  * @param int $user_id Concerned user ID.
849
  * @param array $args {
@@ -851,11 +884,13 @@ class user_switching {
851
  *
852
  * @type mixed ...$0 Optional second and further parameters.
853
  * }
854
- * @return string[] Required capabilities for the requested action.
855
  */
856
  public function filter_map_meta_cap( array $required_caps, $cap, $user_id, array $args ) {
857
- if ( ( 'switch_to_user' === $cap ) && ( $args[0] === $user_id ) ) {
858
- $required_caps[] = 'do_not_allow';
 
 
859
  }
860
  return $required_caps;
861
  }
10
  *
11
  * Plugin Name: User Switching
12
  * Description: Instant switching between user accounts in WordPress
13
+ * Version: 1.5.1
14
  * Plugin URI: https://johnblackbourn.com/wordpress-plugin-user-switching/
15
  * Author: John Blackbourn & contributors
16
  * Author URI: https://github.com/johnbillion/user-switching/graphs/contributors
50
  add_filter( 'user_has_cap', array( $this, 'filter_user_has_cap' ), 10, 4 );
51
  add_filter( 'map_meta_cap', array( $this, 'filter_map_meta_cap' ), 10, 4 );
52
  add_filter( 'user_row_actions', array( $this, 'filter_user_row_actions' ), 10, 2 );
53
+ add_action( 'plugins_loaded', array( $this, 'action_plugins_loaded' ), 1 );
54
  add_action( 'init', array( $this, 'action_init' ) );
55
  add_action( 'all_admin_notices', array( $this, 'action_admin_notices' ), 1 );
56
  add_action( 'wp_logout', 'user_switching_clear_olduser_cookie' );
150
 
151
  // Check authentication:
152
  if ( ! current_user_can( 'switch_to_user', $user_id ) ) {
153
+ wp_die( esc_html__( 'Could not switch users.', 'user-switching' ), 403 );
154
  }
155
 
156
  // Check intent:
175
  }
176
  exit;
177
  } else {
178
+ wp_die( esc_html__( 'Could not switch users.', 'user-switching' ), 404 );
179
  }
180
  break;
181
 
184
  // Fetch the originating user data:
185
  $old_user = self::get_old_user();
186
  if ( ! $old_user ) {
187
+ wp_die( esc_html__( 'Could not switch users.', 'user-switching' ), 400 );
188
  }
189
 
190
  // Check authentication:
191
  if ( ! self::authenticate_old_user( $old_user ) ) {
192
+ wp_die( esc_html__( 'Could not switch users.', 'user-switching' ), 403 );
193
  }
194
 
195
  // Check intent:
217
  }
218
  exit;
219
  } else {
220
+ wp_die( esc_html__( 'Could not switch users.', 'user-switching' ), 404 );
221
  }
222
  break;
223
 
289
  $old_user = self::get_old_user();
290
 
291
  if ( $old_user ) {
292
+ $switched_locale = false;
293
+ if ( function_exists( 'get_user_locale' ) ) {
294
+ $switched_locale = switch_to_locale( get_user_locale( $old_user ) );
295
+ }
296
  ?>
297
  <div id="user_switching" class="updated notice is-dismissible">
298
  <p><span class="dashicons dashicons-admin-users" style="color:#56c234" aria-hidden="true"></span>
334
  * @param bool $just_switched Whether the user made the switch on this page request.
335
  */
336
  $message = apply_filters( 'user_switching_switched_message', $message, $user, $old_user, $switch_back_url, $just_switched );
337
+
338
+ echo wp_kses( $message, array(
339
+ 'a' => array(
340
+ 'href' => array(),
341
+ ),
342
+ ) );
343
  ?>
344
  </p>
345
  </div>
346
  <?php
347
+ if ( $switched_locale ) {
348
+ restore_previous_locale();
349
+ }
350
  } elseif ( isset( $_GET['user_switched'] ) ) {
351
  ?>
352
  <div id="user_switching" class="updated notice is-dismissible">
472
  ) );
473
  }
474
 
475
+ if ( ! is_admin() && is_author() && ( get_queried_object() instanceof WP_User ) ) {
476
  if ( $old_user ) {
477
  $wp_admin_bar->add_menu( array(
478
  'parent' => 'edit',
516
  $url = add_query_arg( array(
517
  'redirect_to' => urlencode( self::current_url() ),
518
  ), self::switch_back_url( $old_user ) );
519
+ printf(
520
+ '<li id="user_switching_switch_on"><a href="%s">%s</a></li>',
521
+ esc_url( $url ),
522
+ esc_html( $link )
523
+ );
524
  }
525
  }
526
 
544
  $url = add_query_arg( array(
545
  'redirect_to' => urlencode( self::current_url() ),
546
  ), self::switch_back_url( $old_user ) );
547
+ printf(
548
+ '<p id="user_switching_switch_on"><a href="%s">%s</a></p>',
549
+ esc_url( $url ),
550
+ esc_html( $link )
551
+ );
552
  }
553
  }
554
 
582
 
583
  $message .= '<p class="message" id="user_switching_switch_on">';
584
  $message .= '<span class="dashicons dashicons-admin-users" style="color:#56c234" aria-hidden="true"></span> ';
585
+ $message .= sprintf(
586
+ '<a href="%1$s" onclick="window.location.href=\'%1$s\';return false;">%2$s</a>',
587
+ esc_url( $url ),
588
+ esc_html( $link )
589
+ );
590
  $message .= '</p>';
591
  }
592
 
596
  /**
597
  * Adds a 'Switch To' link to each list of user actions on the Users screen.
598
  *
599
+ * @param string[] $actions Array of actions to display for this user row.
600
  * @param WP_User $user The user object displayed in this row.
601
+ * @return string[] Array of actions to display for this user row.
602
  */
603
  public function filter_user_row_actions( array $actions, WP_User $user ) {
604
  $link = self::maybe_switch_url( $user );
607
  return $actions;
608
  }
609
 
610
+ $actions['switch_to_user'] = sprintf(
611
+ '<a href="%s">%s</a>',
612
+ esc_url( $link ),
613
+ esc_html__( 'Switch&nbsp;To', 'user-switching' )
614
+ );
615
 
616
  return $actions;
617
  }
673
  'redirect_to' => urlencode( bbp_get_user_profile_url( $user->ID ) ),
674
  ), $link );
675
 
676
+ echo '<ul id="user_switching_switch_to">';
677
+ printf(
678
+ '<li><a href="%s">%s</a></li>',
679
+ esc_url( $link ),
680
+ esc_html__( 'Switch&nbsp;To', 'user-switching' )
681
+ );
682
+ echo '</ul>';
683
  }
684
 
685
  /**
687
  *
688
  * @link https://core.trac.wordpress.org/ticket/23367
689
  *
690
+ * @param string[] $args Array of removable query arguments.
691
+ * @return string[] Updated array of removable query arguments.
692
  */
693
  public function filter_removable_query_args( array $args ) {
694
  return array_merge( $args, array(
762
  * @return string The current URL.
763
  */
764
  public static function current_url() {
765
+ return ( is_ssl() ? 'https://' : 'http://' ) . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
766
  }
767
 
768
  /**
832
  *
833
  * @param bool[] $user_caps Array of key/value pairs where keys represent a capability name and boolean values
834
  * represent whether the user has that capability.
835
+ * @param string[] $required_caps Array of required primitive capabilities for the requested capability.
836
  * @param array $args {
837
  * Arguments that accompany the requested capability check.
838
  *
841
  * @type mixed ...$2 Optional second and further parameters.
842
  * }
843
  * @param WP_User $user Concerned user object.
844
+ * @return bool[] Array of concerned user's capabilities.
845
  */
846
  public function filter_user_has_cap( array $user_caps, array $required_caps, array $args, WP_User $user ) {
847
  if ( 'switch_to_user' === $args[0] ) {
848
+ if ( empty( $args[2] ) ) {
849
+ $user_caps['switch_to_user'] = false;
850
+ return $user_caps;
851
+ }
852
  if ( array_key_exists( 'switch_users', $user_caps ) ) {
853
  $user_caps['switch_to_user'] = $user_caps['switch_users'];
854
  return $user_caps;
876
  *
877
  * It affects nothing else as Super Admins can do everything by default.
878
  *
879
+ * @param string[] $required_caps Array of required primitive capabilities for the requested capability.
880
  * @param string $cap Capability or meta capability being checked.
881
  * @param int $user_id Concerned user ID.
882
  * @param array $args {
884
  *
885
  * @type mixed ...$0 Optional second and further parameters.
886
  * }
887
+ * @return string[] Array of required capabilities for the requested action.
888
  */
889
  public function filter_map_meta_cap( array $required_caps, $cap, $user_id, array $args ) {
890
+ if ( 'switch_to_user' === $cap ) {
891
+ if ( empty( $args[0] ) || $args[0] === $user_id ) {
892
+ $required_caps[] = 'do_not_allow';
893
+ }
894
  }
895
  return $required_caps;
896
  }