User Switching - Version 1.5.4

Version Description

Download this release

Release Info

Developer johnbillion
Plugin Icon 128x128 User Switching
Version 1.5.4
Comparing to
See all releases

Code changes from version 1.5.3 to 1.5.4

Files changed (3) hide show
  1. composer.json +0 -62
  2. readme.txt → readme.md +201 -31
  3. user-switching.php +12 -6
composer.json DELETED
@@ -1,62 +0,0 @@
1
- {
2
- "name" : "johnbillion/user-switching",
3
- "description": "Instant switching between user accounts in WordPress.",
4
- "homepage" : "https://github.com/johnbillion/user-switching",
5
- "type" : "wordpress-plugin",
6
- "license" : "GPL-2.0-or-later",
7
- "authors" : [
8
- {
9
- "name" : "John Blackbourn",
10
- "homepage": "https://johnblackbourn.com/"
11
- }
12
- ],
13
- "support": {
14
- "issues": "https://github.com/johnbillion/user-switching/issues",
15
- "forum": "https://wordpress.org/support/plugin/user-switching",
16
- "source": "https://github.com/johnbillion/user-switching"
17
- },
18
- "config": {
19
- "sort-packages": true
20
- },
21
- "extra": {
22
- "wordpress-install-dir": "tests/wordpress"
23
- },
24
- "require": {
25
- "composer/installers": "^1"
26
- },
27
- "require-dev" : {
28
- "behat/mink-goutte-driver": "^1.2",
29
- "dealerdirect/phpcodesniffer-composer-installer": "^0.5",
30
- "genesis/behat-fail-aid": "^2.0",
31
- "johnbillion/php-docs-standards": "^1.2",
32
- "paulgibbs/behat-wordpress-extension": "dev-master",
33
- "phpcompatibility/php-compatibility": "^9",
34
- "phpunit/phpunit": "^7",
35
- "roots/wordpress": "* || *",
36
- "vlucas/phpdotenv": "^3",
37
- "wp-cli/wp-cli-bundle": "^2.1",
38
- "wp-coding-standards/wpcs": "^2",
39
- "wp-phpunit/wp-phpunit": "* || *"
40
- },
41
- "scripts": {
42
- "post-update-cmd": [
43
- "@php -r \"! file_exists( 'tests/.env' ) && copy( 'tests/.env.dist', 'tests/.env' );\""
44
- ],
45
- "test:cs": [
46
- "vendor/bin/phpcs -nps --colors --report-code --report-summary --report-width=80 ."
47
- ],
48
- "test:ut": [
49
- "vendor/bin/wp db reset --yes --path=$(npm run --silent jq '.extra .\"wordpress-install-dir\"' composer.json -- -r) #",
50
- "export WP_MULTISITE=0 && vendor/bin/phpunit --verbose --colors=always --exclude-group=ms-required",
51
- "export WP_MULTISITE=1 && vendor/bin/phpunit --verbose --colors=always --exclude-group=ms-excluded"
52
- ],
53
- "test:ft": [
54
- "bin/test.sh"
55
- ],
56
- "test": [
57
- "@test:cs",
58
- "@test:ut",
59
- "@test:ft"
60
- ]
61
- }
62
- }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
readme.txt → readme.md RENAMED
@@ -1,20 +1,24 @@
1
- === User Switching ===
2
 
3
- Contributors: johnbillion
4
- Tags: users, profiles, user switching, fast user switching, multisite, buddypress, bbpress, become, user management, developer
5
- Requires at least: 3.7
6
- Tested up to: 5.3
7
- Stable tag: 1.5.3
8
- Requires PHP: 5.3
9
- License: GPL v2 or later
 
 
10
 
11
  Instant switching between user accounts in WordPress.
12
 
13
- == Description ==
 
 
14
 
15
  This plugin allows you to quickly swap between user accounts in WordPress at the click of a button. You'll be instantly logged out and logged in as your desired user. This is handy for test environments where you regularly log out and in between different accounts, or for administrators who need to switch between multiple accounts.
16
 
17
- = Features =
18
 
19
  * Switch user: Instantly switch to any user account from the *Users* screen.
20
  * Switch back: Instantly switch back to your originating account.
@@ -22,7 +26,7 @@ This plugin allows you to quickly swap between user accounts in WordPress at the
22
  * It's completely secure (see the *Security* section below).
23
  * Compatible with WordPress, WordPress Multisite, WooCommerce, BuddyPress, and bbPress.
24
 
25
- = Security =
26
 
27
  * Only users with the ability to edit other users can switch user accounts. By default this is only Administrators on single site installations, and Super Admins on Multisite installations.
28
  * Passwords are not (and cannot be) revealed.
@@ -31,7 +35,7 @@ This plugin allows you to quickly swap between user accounts in WordPress at the
31
  * Full support for user session validation where appropriate.
32
  * Full support for administration over SSL (if applicable).
33
 
34
- = Usage =
35
 
36
  1. Visit the *Users* menu in WordPress and you'll see a *Switch To* link in the list of action links for each user.
37
  2. Click this and you will immediately switch into that user account.
@@ -39,7 +43,7 @@ This plugin allows you to quickly swap between user accounts in WordPress at the
39
 
40
  See the [FAQ](https://wordpress.org/plugins/user-switching/faq/) for information about the *Switch Off* feature.
41
 
42
- = Privacy Statement =
43
 
44
  User Switching makes use of browser cookies in order to allow users to switch to another account. Its cookies operate using the same mechanism as the authentication cookies in WordPress core, therefore their values contain the user's `user_login` field in plain text which should be treated as potentially personally identifiable information. The names of the cookies are:
45
 
@@ -49,60 +53,61 @@ User Switching makes use of browser cookies in order to allow users to switch to
49
 
50
  User Switching does not send data to any third party, nor does it include any third party resources, nor will it ever do so.
51
 
52
- == Screenshots ==
 
 
53
 
54
- 1. The *Switch To* link on the Users screen
55
- 2. The *Switch To* link on a user's profile
56
 
57
- == Frequently Asked Questions ==
58
 
59
- = What does "Switch off" mean? =
60
 
61
  Switching off logs you out of your account but retains your user ID in an authentication cookie so you can switch straight back without having to log in again manually. It's akin to switching to no user, and being able to switch back.
62
 
63
  The *Switch Off* link can be found in your profile menu in the WordPress toolbar. Once you've switched off you'll see a *Switch back* link on the Log In screen and in the footer of your site.
64
 
65
- = Does this plugin work with WordPress Multisite? =
66
 
67
  Yes, and you'll also be able to switch users from the Users screen in Network Admin.
68
 
69
- = Does this plugin work with BuddyPress? =
70
 
71
  Yes, and you'll also be able to switch users from member profile screens and the member listing screen.
72
 
73
- = Does this plugin work with bbPress? =
74
 
75
  Yes, and you'll also be able to switch users from member profile screens.
76
 
77
- = Does this plugin work with WooCommerce? =
78
 
79
  Yes, but for maximum compatibility you should use WooCommerce version 3.6 or later.
80
 
81
- = Does this plugin work if my site is using a two-factor authentication plugin? =
82
 
83
  Yes, mostly.
84
 
85
  One exception I'm aware of is [Duo Security](https://wordpress.org/plugins/duo-wordpress/). If you're using this plugin, you should install the [User Switching for Duo Security](https://github.com/johnbillion/user-switching-duo-security) add-on plugin which will prevent the two-factor authentication prompt from appearing when you switch between users.
86
 
87
- = What capability does a user need in order to switch accounts? =
88
 
89
  A user needs the `edit_users` capability in order to switch user accounts. By default only Administrators have this capability, and with Multisite enabled only Super Admins have this capability.
90
 
91
- = Can the ability to switch accounts be granted to other users or roles? =
92
 
93
  Yes. The `switch_users` meta capability can be explicitly granted to a user or a role to allow them to switch users regardless of whether or not they have the `edit_users` capability. For practical purposes, the user or role will also need the `list_users` capability so they can access the Users menu in the WordPress admin area.
94
 
95
  If you know what you're doing with user capabilities, this capability can also be denied from a user or role to prevent the ability to switch users, regardless of whether or not they have the `edit_users` capability.
96
 
97
- = Can regular admins on Multisite installations switch accounts? =
98
 
99
  No. This can be enabled though by installing the [User Switching for Regular Admins](https://github.com/johnbillion/user-switching-for-regular-admins) plugin.
100
 
101
- = Can I switch users directly from the admin toolbar? =
102
 
103
  Yes, there's a third party add-on plugin for this: [Admin Bar User Switching](https://wordpress.org/plugins/admin-bar-user-switching/).
104
 
105
- = Are any plugin actions called when a user switches account? =
106
 
107
  Yes. When a user switches to another account, the `switch_to_user` hook is called:
108
 
@@ -154,8 +159,173 @@ In addition, User Switching respects the following filters from WordPress core w
154
 
155
  * `login_redirect` when switching to another user.
156
  * `logout_redirect` when switching off.
157
- * `send_auth_cookies` before setting any cookies.
158
 
159
- == Changelog ==
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
160
 
161
- For User Switching's changelog, please see [the Releases page on GitHub](https://github.com/johnbillion/user-switching/releases).
1
+ # User Switching #
2
 
3
+ Stable tag: 1.5.4
4
+ Requires at least: 3.7
5
+ Tested up to: 5.4
6
+ Requires PHP: 5.3
7
+ License: GPL v2 or later
8
+ Tags: users, profiles, user switching, fast user switching, multisite, buddypress, bbpress, become, user management, developer
9
+ Contributors: johnbillion
10
+
11
+ ![](.wordpress-org/banner-1544x500.png)
12
 
13
  Instant switching between user accounts in WordPress.
14
 
15
+ [![](https://img.shields.io/github/workflow/status/johnbillion/user-switching/Test/develop?style=flat-square)](https://github.com/johnbillion/user-switching/actions)
16
+
17
+ ## Description ##
18
 
19
  This plugin allows you to quickly swap between user accounts in WordPress at the click of a button. You'll be instantly logged out and logged in as your desired user. This is handy for test environments where you regularly log out and in between different accounts, or for administrators who need to switch between multiple accounts.
20
 
21
+ ### Features ###
22
 
23
  * Switch user: Instantly switch to any user account from the *Users* screen.
24
  * Switch back: Instantly switch back to your originating account.
26
  * It's completely secure (see the *Security* section below).
27
  * Compatible with WordPress, WordPress Multisite, WooCommerce, BuddyPress, and bbPress.
28
 
29
+ ### Security ###
30
 
31
  * Only users with the ability to edit other users can switch user accounts. By default this is only Administrators on single site installations, and Super Admins on Multisite installations.
32
  * Passwords are not (and cannot be) revealed.
35
  * Full support for user session validation where appropriate.
36
  * Full support for administration over SSL (if applicable).
37
 
38
+ ### Usage ###
39
 
40
  1. Visit the *Users* menu in WordPress and you'll see a *Switch To* link in the list of action links for each user.
41
  2. Click this and you will immediately switch into that user account.
43
 
44
  See the [FAQ](https://wordpress.org/plugins/user-switching/faq/) for information about the *Switch Off* feature.
45
 
46
+ ### Privacy Statement ###
47
 
48
  User Switching makes use of browser cookies in order to allow users to switch to another account. Its cookies operate using the same mechanism as the authentication cookies in WordPress core, therefore their values contain the user's `user_login` field in plain text which should be treated as potentially personally identifiable information. The names of the cookies are:
49
 
53
 
54
  User Switching does not send data to any third party, nor does it include any third party resources, nor will it ever do so.
55
 
56
+ ## Screenshots ##
57
+
58
+ 1. The *Switch To* link on the Users screen<br>![The Switch To link on the Users screen](.wordpress-org/screenshot-1.png)
59
 
60
+ 2. The *Switch To* link on a user's profile<br>![The Switch To link on a user's profile](.wordpress-org/screenshot-2.png)
 
61
 
62
+ ## Frequently Asked Questions ##
63
 
64
+ ### What does "Switch off" mean? ###
65
 
66
  Switching off logs you out of your account but retains your user ID in an authentication cookie so you can switch straight back without having to log in again manually. It's akin to switching to no user, and being able to switch back.
67
 
68
  The *Switch Off* link can be found in your profile menu in the WordPress toolbar. Once you've switched off you'll see a *Switch back* link on the Log In screen and in the footer of your site.
69
 
70
+ ### Does this plugin work with WordPress Multisite? ###
71
 
72
  Yes, and you'll also be able to switch users from the Users screen in Network Admin.
73
 
74
+ ### Does this plugin work with BuddyPress? ###
75
 
76
  Yes, and you'll also be able to switch users from member profile screens and the member listing screen.
77
 
78
+ ### Does this plugin work with bbPress? ###
79
 
80
  Yes, and you'll also be able to switch users from member profile screens.
81
 
82
+ ### Does this plugin work with WooCommerce? ###
83
 
84
  Yes, but for maximum compatibility you should use WooCommerce version 3.6 or later.
85
 
86
+ ### Does this plugin work if my site is using a two-factor authentication plugin? ###
87
 
88
  Yes, mostly.
89
 
90
  One exception I'm aware of is [Duo Security](https://wordpress.org/plugins/duo-wordpress/). If you're using this plugin, you should install the [User Switching for Duo Security](https://github.com/johnbillion/user-switching-duo-security) add-on plugin which will prevent the two-factor authentication prompt from appearing when you switch between users.
91
 
92
+ ### What capability does a user need in order to switch accounts? ###
93
 
94
  A user needs the `edit_users` capability in order to switch user accounts. By default only Administrators have this capability, and with Multisite enabled only Super Admins have this capability.
95
 
96
+ ### Can the ability to switch accounts be granted to other users or roles? ###
97
 
98
  Yes. The `switch_users` meta capability can be explicitly granted to a user or a role to allow them to switch users regardless of whether or not they have the `edit_users` capability. For practical purposes, the user or role will also need the `list_users` capability so they can access the Users menu in the WordPress admin area.
99
 
100
  If you know what you're doing with user capabilities, this capability can also be denied from a user or role to prevent the ability to switch users, regardless of whether or not they have the `edit_users` capability.
101
 
102
+ ### Can regular admins on Multisite installations switch accounts? ###
103
 
104
  No. This can be enabled though by installing the [User Switching for Regular Admins](https://github.com/johnbillion/user-switching-for-regular-admins) plugin.
105
 
106
+ ### Can I switch users directly from the admin toolbar? ###
107
 
108
  Yes, there's a third party add-on plugin for this: [Admin Bar User Switching](https://wordpress.org/plugins/admin-bar-user-switching/).
109
 
110
+ ### Are any plugin actions called when a user switches account? ###
111
 
112
  Yes. When a user switches to another account, the `switch_to_user` hook is called:
113
 
159
 
160
  * `login_redirect` when switching to another user.
161
  * `logout_redirect` when switching off.
 
162
 
163
+ ## Changelog ##
164
+
165
+ ### 1.5.4 ###
166
+
167
+ * Fix a cookie issue caused by Jetpack 8.1.1 which prevented switching back to the original user.
168
+
169
+ ### 1.5.3 ###
170
+
171
+ * Remove usage of a method that's been deprecated in WordPress 5.3
172
+
173
+ ### 1.5.2 ###
174
+
175
+ * Set the correct `lang` attribute on User Switching's admin notice.
176
+ * Move the WooCommerce session forgetting to an action callback so it can be unhooked if necessary.
177
+
178
+
179
+ ### 1.5.1 ###
180
+
181
+ * Add appropriate HTTP response codes to the error states.
182
+ * Display User Switching's messages in the original user's locale.
183
+ * Increase the priority of the hook that sets up the cookie constants. See #40.
184
+ * Don't attempt to output the 'Switch To' link on author archives when the queried object isn't a user. See #39.
185
+
186
+
187
+ ### 1.5.0 ###
188
+
189
+ * Add support for forgetting WooCommerce sessions when switching between users. Requires WooCommerce 3.6+.
190
+
191
+
192
+ ### 1.4.2 ###
193
+
194
+ * Don't attempt to add the `Switch To` link to the admin toolbar when viewing an author archive in the admin area. This prevents a fatal error occurring when filtering custom post type listing screens by authors in the admin area.
195
+
196
+ ### 1.4.1 ###
197
+
198
+ * Add a `Switch To` link to the Edit User admin toolbar menu when viewing an author archive.
199
+ * Add a `Switch back` link to the Edit User admin toolbar menu when viewing an author archive and you're already switched.
200
+
201
+ ### 1.4.0 ###
202
+
203
+ * Add support for user session retention, reuse, and destruction when switching to and back from other user accounts.
204
+ * Add support for the `switch_users` meta capability for fine grained control over the ability to switch user accounts.
205
+ * More code and documentation quality improvements.
206
+
207
+ ### 1.3.1 ###
208
+
209
+ * Add support for the `X-Redirect-By` header in WordPress 5.0.
210
+ * Allow User Switching's admin notices to be dismissed.
211
+ * Introduce a privacy statement.
212
+
213
+
214
+ ### 1.3.0 ###
215
+
216
+ * Update the BuddyPress compatibility.
217
+ * Various code and inline docs improvements.
218
+
219
+
220
+ ### 1.2.0 ###
221
+
222
+ * Improve the Switch Back functionality when the interim login window is shown.
223
+ * Always show the `Switch Back` link in the Meta widget if it's present.
224
+
225
+
226
+ ### 1.1.0 ###
227
+
228
+ * Introduce a `user_switching_switched_message` filter to allow customisation of the message displayed to switched users in the admin area.
229
+ * Switch to safe redirects for extra paranoid hardening.
230
+ * Docblock improvements.
231
+ * Coding standards improvements.
232
+
233
+ ### 0.6.3 ###
234
+
235
+ - Lithuanian translation by Tommixoft.
236
+
237
+
238
+ ### 0.6.2 ###
239
+
240
+ - Polish translation by Bartosz Arendt.
241
+
242
+
243
+ ### 0.6.1 ###
244
+
245
+ - Slovak translation by Max Samael.
246
+
247
+
248
+ ### 0.6 ###
249
+
250
+ - More intuitive redirecting after switching.
251
+ - Avoid a BuddyPress bug preventing Switch To buttons from appearing.
252
+ - Added a template function: `current_user_switched()` which lets you know if the current user switched into their account.
253
+ - Added some hooks: `switch_to_user`, `switch_back_user` and `switch_off_user`, fired when appropriate.
254
+
255
+
256
+ ### 0.5.2 ###
257
+
258
+ - Farsi (Persian) translation by Amin Ab.
259
+ - Display switch back links in Network Admin and login screen.
260
+ - Avoid a BuddyPress bug preventing Switch To buttons from appearing.
261
+
262
+
263
+ ### 0.5.1 ###
264
+
265
+ - Toolbar tweaks for WordPress 3.3.
266
+
267
+
268
+ ### 0.5.1.1 ###
269
+
270
+ - Chinese Simplified translation by Sparanoid.
271
+
272
+
273
+ ### 0.5.1.2 ###
274
+
275
+ - German translation by Ralph Stenzel.
276
+
277
+
278
+ ### 0.5 ###
279
+
280
+ - New "Switch off" function: Log out and log instantly back in again when needed (see the FAQ).
281
+
282
+
283
+ ### 0.4.1 ###
284
+
285
+ - Support for upcoming changes to the admin bar in WordPress 3.3.
286
+
287
+
288
+ ### 0.4 ###
289
+
290
+ - Add some extended support for BuddyPress.
291
+ - Add some extended support for Multisite.
292
+ - Fix a permissions problem for users with no privileges.
293
+ - Fix a PHP warning when used as a mu-plugin (thanks Scribu).
294
+
295
+
296
+ ### 0.3.2 ###
297
+
298
+ - Fix the 'Switch back to' menu item in the WordPress admin bar (WordPress 3.1+).
299
+ - Fix a formatting issue on the user profile page.
300
+
301
+
302
+ ### 0.3.1 ###
303
+
304
+ - Prevent admins switching to multisite super admin accounts.
305
+
306
+
307
+ ### 0.3 ###
308
+
309
+ - Adds an admin bar menu item (WordPress 3.1+) for switching back to the user you switched from.
310
+
311
+
312
+ ### 0.2.2 ###
313
+
314
+ - Respect the current 'Remember me' setting when switching users.
315
+ - Redirect to home page instead of admin screen if the user you're switching to has no privileges.
316
+
317
+
318
+ ### 0.2.1 ###
319
+
320
+ - Edge case bugfix to prevent 'Switch back to...' message appearing when it shouldn't.
321
+
322
+
323
+ ### 0.2 ###
324
+
325
+ - Functionality for switching back to user you switched from.
326
+
327
+
328
+ ### 0.1 ###
329
+
330
+ - Initial release.
331
 
 
user-switching.php CHANGED
@@ -5,12 +5,12 @@
5
  * @package user-switching
6
  * @link https://github.com/johnbillion/user-switching
7
  * @author John Blackbourn <john@johnblackbourn.com>
8
- * @copyright 2009-2019 John Blackbourn
9
  * @license GPL v2 or later
10
  *
11
  * Plugin Name: User Switching
12
  * Description: Instant switching between user accounts in WordPress
13
- * Version: 1.5.3
14
  * Plugin URI: https://johnblackbourn.com/wordpress-plugin-user-switching/
15
  * Author: John Blackbourn & contributors
16
  * Author URI: https://github.com/johnbillion/user-switching/graphs/contributors
@@ -1001,8 +1001,14 @@ if ( ! function_exists( 'user_switching_set_olduser_cookie' ) ) {
1001
  */
1002
  do_action( 'set_olduser_cookie', $olduser_cookie, $expiration, $old_user_id, $scheme, $token );
1003
 
1004
- /** This filter is documented in wp-includes/pluggable.php */
1005
- if ( ! apply_filters( 'send_auth_cookies', true ) ) {
 
 
 
 
 
 
1006
  return;
1007
  }
1008
 
@@ -1030,8 +1036,8 @@ if ( ! function_exists( 'user_switching_clear_olduser_cookie' ) ) {
1030
  */
1031
  do_action( 'clear_olduser_cookie' );
1032
 
1033
- /** This filter is documented in wp-includes/pluggable.php */
1034
- if ( ! apply_filters( 'send_auth_cookies', true ) ) {
1035
  return;
1036
  }
1037
 
5
  * @package user-switching
6
  * @link https://github.com/johnbillion/user-switching
7
  * @author John Blackbourn <john@johnblackbourn.com>
8
+ * @copyright 2009-2020 John Blackbourn
9
  * @license GPL v2 or later
10
  *
11
  * Plugin Name: User Switching
12
  * Description: Instant switching between user accounts in WordPress
13
+ * Version: 1.5.4
14
  * Plugin URI: https://johnblackbourn.com/wordpress-plugin-user-switching/
15
  * Author: John Blackbourn & contributors
16
  * Author URI: https://github.com/johnbillion/user-switching/graphs/contributors
1001
  */
1002
  do_action( 'set_olduser_cookie', $olduser_cookie, $expiration, $old_user_id, $scheme, $token );
1003
 
1004
+ /**
1005
+ * Allows preventing auth cookies from actually being sent to the client.
1006
+ *
1007
+ * @since 1.5.4
1008
+ *
1009
+ * @param bool $send Whether to send auth cookies to the client.
1010
+ */
1011
+ if ( ! apply_filters( 'user_switching_send_auth_cookies', true ) ) {
1012
  return;
1013
  }
1014
 
1036
  */
1037
  do_action( 'clear_olduser_cookie' );
1038
 
1039
+ /** This filter is documented in user-switching.php */
1040
+ if ( ! apply_filters( 'user_switching_send_auth_cookies', true ) ) {
1041
  return;
1042
  }
1043