User Switching - Version 1.5.5

Version Description

Download this release

Release Info

Developer johnbillion
Plugin Icon 128x128 User Switching
Version 1.5.5
Comparing to
See all releases

Code changes from version 1.5.4 to 1.5.5

Files changed (3) hide show
  1. CODE_OF_CONDUCT.md +130 -0
  2. readme.md +56 -28
  3. user-switching.php +12 -1
CODE_OF_CONDUCT.md ADDED
@@ -0,0 +1,130 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+
2
+ # Contributor Covenant Code of Conduct
3
+
4
+ ## Our Pledge
5
+
6
+ We as members, contributors, and leaders pledge to make participation in our
7
+ community a harassment-free experience for everyone, regardless of age, body
8
+ size, visible or invisible disability, ethnicity, sex characteristics, gender
9
+ identity and expression, level of experience, education, socio-economic status,
10
+ nationality, personal appearance, race, religion, or sexual identity
11
+ and orientation.
12
+
13
+ We pledge to act and interact in ways that contribute to an open, welcoming,
14
+ diverse, inclusive, and healthy community.
15
+
16
+ ## Our Standards
17
+
18
+ Examples of behavior that contributes to a positive environment for our
19
+ community include:
20
+
21
+ * Demonstrating empathy and kindness toward other people
22
+ * Being respectful of differing opinions, viewpoints, and experiences
23
+ * Giving and gracefully accepting constructive feedback
24
+ * Accepting responsibility and apologizing to those affected by our mistakes,
25
+ and learning from the experience
26
+ * Focusing on what is best not just for us as individuals, but for the
27
+ overall community
28
+
29
+ Examples of unacceptable behavior include:
30
+
31
+ * The use of sexualized language or imagery, and sexual attention or
32
+ advances of any kind
33
+ * Trolling, insulting or derogatory comments, and personal or political attacks
34
+ * Public or private harassment
35
+ * Publishing others' private information, such as a physical or email
36
+ address, without their explicit permission
37
+ * Other conduct which could reasonably be considered inappropriate in a
38
+ professional setting
39
+
40
+ ## Enforcement Responsibilities
41
+
42
+ Community leaders are responsible for clarifying and enforcing our standards of
43
+ acceptable behavior and will take appropriate and fair corrective action in
44
+ response to any behavior that they deem inappropriate, threatening, offensive,
45
+ or harmful.
46
+
47
+ Community leaders have the right and responsibility to remove, edit, or reject
48
+ comments, commits, code, wiki edits, issues, and other contributions that are
49
+ not aligned to this Code of Conduct, and will communicate reasons for moderation
50
+ decisions when appropriate.
51
+
52
+ ## Scope
53
+
54
+ This Code of Conduct applies within all community spaces, and also applies when
55
+ an individual is officially representing the community in public spaces.
56
+ Examples of representing our community include using an official e-mail address,
57
+ posting via an official social media account, or acting as an appointed
58
+ representative at an online or offline event.
59
+
60
+ ## Enforcement
61
+
62
+ Instances of abusive, harassing, or otherwise unacceptable behavior may be
63
+ reported to the community leaders responsible for enforcement at
64
+ john@johnblackbourn.com.
65
+ All complaints will be reviewed and investigated promptly and fairly.
66
+
67
+ All community leaders are obligated to respect the privacy and security of the
68
+ reporter of any incident.
69
+
70
+ ## Enforcement Guidelines
71
+
72
+ Community leaders will follow these Community Impact Guidelines in determining
73
+ the consequences for any action they deem in violation of this Code of Conduct:
74
+
75
+ ### 1. Correction
76
+
77
+ **Community Impact**: Use of inappropriate language or other behavior deemed
78
+ unprofessional or unwelcome in the community.
79
+
80
+ **Consequence**: A private, written warning from community leaders, providing
81
+ clarity around the nature of the violation and an explanation of why the
82
+ behavior was inappropriate. A public apology may be requested.
83
+
84
+ ### 2. Warning
85
+
86
+ **Community Impact**: A violation through a single incident or series
87
+ of actions.
88
+
89
+ **Consequence**: A warning with consequences for continued behavior. No
90
+ interaction with the people involved, including unsolicited interaction with
91
+ those enforcing the Code of Conduct, for a specified period of time. This
92
+ includes avoiding interactions in community spaces as well as external channels
93
+ like social media. Violating these terms may lead to a temporary or
94
+ permanent ban.
95
+
96
+ ### 3. Temporary Ban
97
+
98
+ **Community Impact**: A serious violation of community standards, including
99
+ sustained inappropriate behavior.
100
+
101
+ **Consequence**: A temporary ban from any sort of interaction or public
102
+ communication with the community for a specified period of time. No public or
103
+ private interaction with the people involved, including unsolicited interaction
104
+ with those enforcing the Code of Conduct, is allowed during this period.
105
+ Violating these terms may lead to a permanent ban.
106
+
107
+ ### 4. Permanent Ban
108
+
109
+ **Community Impact**: Demonstrating a pattern of violation of community
110
+ standards, including sustained inappropriate behavior, harassment of an
111
+ individual, or aggression toward or disparagement of classes of individuals.
112
+
113
+ **Consequence**: A permanent ban from any sort of public interaction within
114
+ the community.
115
+
116
+ ## Attribution
117
+
118
+ This Code of Conduct is adapted from the [Contributor Covenant][homepage],
119
+ version 2.0, available at
120
+ https://www.contributor-covenant.org/version/2/0/code_of_conduct.html.
121
+
122
+ Community Impact Guidelines were inspired by [Mozilla's code of conduct
123
+ enforcement ladder](https://github.com/mozilla/diversity).
124
+
125
+ [homepage]: https://www.contributor-covenant.org
126
+
127
+ For answers to common questions about this code of conduct, see the FAQ at
128
+ https://www.contributor-covenant.org/faq. Translations are available at
129
+ https://www.contributor-covenant.org/translations.
130
+
readme.md CHANGED
@@ -1,8 +1,8 @@
1
- # User Switching #
2
 
3
- Stable tag: 1.5.4
4
  Requires at least: 3.7
5
- Tested up to: 5.4
6
  Requires PHP: 5.3
7
  License: GPL v2 or later
8
  Tags: users, profiles, user switching, fast user switching, multisite, buddypress, bbpress, become, user management, developer
@@ -13,20 +13,21 @@ Contributors: johnbillion
13
  Instant switching between user accounts in WordPress.
14
 
15
  [![](https://img.shields.io/github/workflow/status/johnbillion/user-switching/Test/develop?style=flat-square)](https://github.com/johnbillion/user-switching/actions)
 
16
 
17
- ## Description ##
18
 
19
  This plugin allows you to quickly swap between user accounts in WordPress at the click of a button. You'll be instantly logged out and logged in as your desired user. This is handy for test environments where you regularly log out and in between different accounts, or for administrators who need to switch between multiple accounts.
20
 
21
- ### Features ###
22
 
23
  * Switch user: Instantly switch to any user account from the *Users* screen.
24
  * Switch back: Instantly switch back to your originating account.
25
  * Switch off: Log out of your account but retain the ability to instantly switch back in again.
26
- * It's completely secure (see the *Security* section below).
27
- * Compatible with WordPress, WordPress Multisite, WooCommerce, BuddyPress, and bbPress.
28
 
29
- ### Security ###
30
 
31
  * Only users with the ability to edit other users can switch user accounts. By default this is only Administrators on single site installations, and Super Admins on Multisite installations.
32
  * Passwords are not (and cannot be) revealed.
@@ -35,7 +36,7 @@ This plugin allows you to quickly swap between user accounts in WordPress at the
35
  * Full support for user session validation where appropriate.
36
  * Full support for administration over SSL (if applicable).
37
 
38
- ### Usage ###
39
 
40
  1. Visit the *Users* menu in WordPress and you'll see a *Switch To* link in the list of action links for each user.
41
  2. Click this and you will immediately switch into that user account.
@@ -43,7 +44,7 @@ This plugin allows you to quickly swap between user accounts in WordPress at the
43
 
44
  See the [FAQ](https://wordpress.org/plugins/user-switching/faq/) for information about the *Switch Off* feature.
45
 
46
- ### Privacy Statement ###
47
 
48
  User Switching makes use of browser cookies in order to allow users to switch to another account. Its cookies operate using the same mechanism as the authentication cookies in WordPress core, therefore their values contain the user's `user_login` field in plain text which should be treated as potentially personally identifiable information. The names of the cookies are:
49
 
@@ -53,61 +54,88 @@ User Switching makes use of browser cookies in order to allow users to switch to
53
 
54
  User Switching does not send data to any third party, nor does it include any third party resources, nor will it ever do so.
55
 
56
- ## Screenshots ##
 
 
 
 
 
 
 
 
 
 
 
 
 
 
57
 
58
  1. The *Switch To* link on the Users screen<br>![The Switch To link on the Users screen](.wordpress-org/screenshot-1.png)
59
 
60
  2. The *Switch To* link on a user's profile<br>![The Switch To link on a user's profile](.wordpress-org/screenshot-2.png)
61
 
62
- ## Frequently Asked Questions ##
63
 
64
- ### What does "Switch off" mean? ###
65
 
66
  Switching off logs you out of your account but retains your user ID in an authentication cookie so you can switch straight back without having to log in again manually. It's akin to switching to no user, and being able to switch back.
67
 
68
  The *Switch Off* link can be found in your profile menu in the WordPress toolbar. Once you've switched off you'll see a *Switch back* link on the Log In screen and in the footer of your site.
69
 
70
- ### Does this plugin work with WordPress Multisite? ###
71
 
72
  Yes, and you'll also be able to switch users from the Users screen in Network Admin.
73
 
74
- ### Does this plugin work with BuddyPress? ###
75
 
76
  Yes, and you'll also be able to switch users from member profile screens and the member listing screen.
77
 
78
- ### Does this plugin work with bbPress? ###
79
 
80
  Yes, and you'll also be able to switch users from member profile screens.
81
 
82
- ### Does this plugin work with WooCommerce? ###
83
 
84
  Yes, but for maximum compatibility you should use WooCommerce version 3.6 or later.
85
 
86
- ### Does this plugin work if my site is using a two-factor authentication plugin? ###
87
 
88
  Yes, mostly.
89
 
90
  One exception I'm aware of is [Duo Security](https://wordpress.org/plugins/duo-wordpress/). If you're using this plugin, you should install the [User Switching for Duo Security](https://github.com/johnbillion/user-switching-duo-security) add-on plugin which will prevent the two-factor authentication prompt from appearing when you switch between users.
91
 
92
- ### What capability does a user need in order to switch accounts? ###
93
 
94
  A user needs the `edit_users` capability in order to switch user accounts. By default only Administrators have this capability, and with Multisite enabled only Super Admins have this capability.
95
 
96
- ### Can the ability to switch accounts be granted to other users or roles? ###
97
 
98
  Yes. The `switch_users` meta capability can be explicitly granted to a user or a role to allow them to switch users regardless of whether or not they have the `edit_users` capability. For practical purposes, the user or role will also need the `list_users` capability so they can access the Users menu in the WordPress admin area.
99
 
100
  If you know what you're doing with user capabilities, this capability can also be denied from a user or role to prevent the ability to switch users, regardless of whether or not they have the `edit_users` capability.
101
 
102
- ### Can regular admins on Multisite installations switch accounts? ###
 
 
 
 
 
 
 
 
 
 
 
 
 
103
 
104
  No. This can be enabled though by installing the [User Switching for Regular Admins](https://github.com/johnbillion/user-switching-for-regular-admins) plugin.
105
 
106
- ### Can I switch users directly from the admin toolbar? ###
107
 
108
  Yes, there's a third party add-on plugin for this: [Admin Bar User Switching](https://wordpress.org/plugins/admin-bar-user-switching/).
109
 
110
- ### Are any plugin actions called when a user switches account? ###
111
 
112
  Yes. When a user switches to another account, the `switch_to_user` hook is called:
113
 
@@ -162,6 +190,11 @@ In addition, User Switching respects the following filters from WordPress core w
162
 
163
  ## Changelog ##
164
 
 
 
 
 
 
165
  ### 1.5.4 ###
166
 
167
  * Fix a cookie issue caused by Jetpack 8.1.1 which prevented switching back to the original user.
@@ -230,11 +263,6 @@ In addition, User Switching respects the following filters from WordPress core w
230
  * Docblock improvements.
231
  * Coding standards improvements.
232
 
233
- ### 0.6.3 ###
234
-
235
- - Lithuanian translation by Tommixoft.
236
-
237
-
238
  ### 0.6.2 ###
239
 
240
  - Polish translation by Bartosz Arendt.
1
+ # User Switching
2
 
3
+ Stable tag: 1.5.5
4
  Requires at least: 3.7
5
+ Tested up to: 5.5
6
  Requires PHP: 5.3
7
  License: GPL v2 or later
8
  Tags: users, profiles, user switching, fast user switching, multisite, buddypress, bbpress, become, user management, developer
13
  Instant switching between user accounts in WordPress.
14
 
15
  [![](https://img.shields.io/github/workflow/status/johnbillion/user-switching/Test/develop?style=flat-square)](https://github.com/johnbillion/user-switching/actions)
16
+ [![](https://img.shields.io/badge/ethical-open%20source-4baaaa.svg?style=flat-square)](#ethical-open-source)
17
 
18
+ ## Description
19
 
20
  This plugin allows you to quickly swap between user accounts in WordPress at the click of a button. You'll be instantly logged out and logged in as your desired user. This is handy for test environments where you regularly log out and in between different accounts, or for administrators who need to switch between multiple accounts.
21
 
22
+ ### Features
23
 
24
  * Switch user: Instantly switch to any user account from the *Users* screen.
25
  * Switch back: Instantly switch back to your originating account.
26
  * Switch off: Log out of your account but retain the ability to instantly switch back in again.
27
+ * Switching between users is secure (see the *Security* section below).
28
+ * Compatible with WordPress, WordPress Multisite, WooCommerce, BuddyPress, bbPress, and most two-factor authentication plugins.
29
 
30
+ ### Security
31
 
32
  * Only users with the ability to edit other users can switch user accounts. By default this is only Administrators on single site installations, and Super Admins on Multisite installations.
33
  * Passwords are not (and cannot be) revealed.
36
  * Full support for user session validation where appropriate.
37
  * Full support for administration over SSL (if applicable).
38
 
39
+ ### Usage
40
 
41
  1. Visit the *Users* menu in WordPress and you'll see a *Switch To* link in the list of action links for each user.
42
  2. Click this and you will immediately switch into that user account.
44
 
45
  See the [FAQ](https://wordpress.org/plugins/user-switching/faq/) for information about the *Switch Off* feature.
46
 
47
+ ### Privacy Statement
48
 
49
  User Switching makes use of browser cookies in order to allow users to switch to another account. Its cookies operate using the same mechanism as the authentication cookies in WordPress core, therefore their values contain the user's `user_login` field in plain text which should be treated as potentially personally identifiable information. The names of the cookies are:
50
 
54
 
55
  User Switching does not send data to any third party, nor does it include any third party resources, nor will it ever do so.
56
 
57
+ See also the FAQ for some questions relating to privacy and safety when switching between users.
58
+
59
+ ### Ethical Open Source
60
+
61
+ User Switching is considered **Ethical Open Source** because it meets all of the criteria of [The Ethical Source Definition (ESD)](https://ethicalsource.dev/definition/):
62
+
63
+ 1. It benefits the commons.
64
+ 2. It is created in the open.
65
+ 3. Its community is welcoming and just.
66
+ 4. It puts accessibility first.
67
+ 5. It prioritizes user safety.
68
+ 6. It protects user privacy.
69
+ 7. It encourages fair compensation.
70
+
71
+ ## Screenshots
72
 
73
  1. The *Switch To* link on the Users screen<br>![The Switch To link on the Users screen](.wordpress-org/screenshot-1.png)
74
 
75
  2. The *Switch To* link on a user's profile<br>![The Switch To link on a user's profile](.wordpress-org/screenshot-2.png)
76
 
77
+ ## Frequently Asked Questions
78
 
79
+ ### What does "Switch off" mean?
80
 
81
  Switching off logs you out of your account but retains your user ID in an authentication cookie so you can switch straight back without having to log in again manually. It's akin to switching to no user, and being able to switch back.
82
 
83
  The *Switch Off* link can be found in your profile menu in the WordPress toolbar. Once you've switched off you'll see a *Switch back* link on the Log In screen and in the footer of your site.
84
 
85
+ ### Does this plugin work with WordPress Multisite?
86
 
87
  Yes, and you'll also be able to switch users from the Users screen in Network Admin.
88
 
89
+ ### Does this plugin work with BuddyPress?
90
 
91
  Yes, and you'll also be able to switch users from member profile screens and the member listing screen.
92
 
93
+ ### Does this plugin work with bbPress?
94
 
95
  Yes, and you'll also be able to switch users from member profile screens.
96
 
97
+ ### Does this plugin work with WooCommerce?
98
 
99
  Yes, but for maximum compatibility you should use WooCommerce version 3.6 or later.
100
 
101
+ ### Does this plugin work if my site is using a two-factor authentication plugin?
102
 
103
  Yes, mostly.
104
 
105
  One exception I'm aware of is [Duo Security](https://wordpress.org/plugins/duo-wordpress/). If you're using this plugin, you should install the [User Switching for Duo Security](https://github.com/johnbillion/user-switching-duo-security) add-on plugin which will prevent the two-factor authentication prompt from appearing when you switch between users.
106
 
107
+ ### What capability does a user need in order to switch accounts?
108
 
109
  A user needs the `edit_users` capability in order to switch user accounts. By default only Administrators have this capability, and with Multisite enabled only Super Admins have this capability.
110
 
111
+ ### Can the ability to switch accounts be granted to other users or roles?
112
 
113
  Yes. The `switch_users` meta capability can be explicitly granted to a user or a role to allow them to switch users regardless of whether or not they have the `edit_users` capability. For practical purposes, the user or role will also need the `list_users` capability so they can access the Users menu in the WordPress admin area.
114
 
115
  If you know what you're doing with user capabilities, this capability can also be denied from a user or role to prevent the ability to switch users, regardless of whether or not they have the `edit_users` capability.
116
 
117
+ ### Does this plugin allow a user to frame another user for an action?
118
+
119
+ Potentially yes, but User Switching includes some safety protections for this and there are further precautions you can take as a site administrator:
120
+
121
+ * User Switching stores the ID of the originating user in the new session for the user they switch to. Although this session does not persist by default when they subsequently switch back, there will be a record of this ID if your MySQL server has query logging enabled.
122
+ * User Switching stores the login name of the originating user in an authentication cookie (see the Privacy Statement for more information). If your server access logs store cookie data, there will be a record of this login name (along with the IP address) for each access request.
123
+ * You can install an audit trail plugin such as Simple History, WP Activity Log, or Stream, all of which have built-in support for User Switching and all of which log an entry when a user switches into another account.
124
+ * User Switching triggers an action when a user switches account, switches off, or switches back (see below). You can use these actions to perform additional logging for safety purposes depending on your requirements.
125
+
126
+ One or more of the above should allow you to correlate an action with the originating user when a user switches account, should you need to.
127
+
128
+ Bear in mind that even without the User Switching plugin in use, any user who has the ability to edit another user can still frame another user for an action by, for example, changing their password and manually logging into that account. If you are concerned about users abusing others, you should take great care when granting users administrative rights.
129
+
130
+ ### Can regular admins on Multisite installations switch accounts?
131
 
132
  No. This can be enabled though by installing the [User Switching for Regular Admins](https://github.com/johnbillion/user-switching-for-regular-admins) plugin.
133
 
134
+ ### Can I switch users directly from the admin toolbar?
135
 
136
  Yes, there's a third party add-on plugin for this: [Admin Bar User Switching](https://wordpress.org/plugins/admin-bar-user-switching/).
137
 
138
+ ### Are any plugin actions called when a user switches account?
139
 
140
  Yes. When a user switches to another account, the `switch_to_user` hook is called:
141
 
190
 
191
  ## Changelog ##
192
 
193
+ ### 1.5.5 ###
194
+
195
+ * Added the `user_switching_in_footer` filter to disable output in footer on front end. Thanks @pierreminik.
196
+ * Documentation additions and improvements.
197
+
198
  ### 1.5.4 ###
199
 
200
  * Fix a cookie issue caused by Jetpack 8.1.1 which prevented switching back to the original user.
263
  * Docblock improvements.
264
  * Coding standards improvements.
265
 
 
 
 
 
 
266
  ### 0.6.2 ###
267
 
268
  - Polish translation by Bartosz Arendt.
user-switching.php CHANGED
@@ -10,7 +10,7 @@
10
  *
11
  * Plugin Name: User Switching
12
  * Description: Instant switching between user accounts in WordPress
13
- * Version: 1.5.4
14
  * Plugin URI: https://johnblackbourn.com/wordpress-plugin-user-switching/
15
  * Author: John Blackbourn & contributors
16
  * Author URI: https://github.com/johnbillion/user-switching/graphs/contributors
@@ -549,6 +549,17 @@ class user_switching {
549
  return;
550
  }
551
 
 
 
 
 
 
 
 
 
 
 
 
552
  $old_user = self::get_old_user();
553
 
554
  if ( $old_user instanceof WP_User ) {
10
  *
11
  * Plugin Name: User Switching
12
  * Description: Instant switching between user accounts in WordPress
13
+ * Version: 1.5.5
14
  * Plugin URI: https://johnblackbourn.com/wordpress-plugin-user-switching/
15
  * Author: John Blackbourn & contributors
16
  * Author URI: https://github.com/johnbillion/user-switching/graphs/contributors
549
  return;
550
  }
551
 
552
+ /**
553
+ * Allows the 'Switch back to {user}' link in the WordPress footer to be disabled.
554
+ *
555
+ * @since 1.5.5
556
+ *
557
+ * @param bool $show_in_footer Whether to show the 'Switch back to {user}' link in footer.
558
+ */
559
+ if ( ! apply_filters( 'user_switching_in_footer', true ) ) {
560
+ return;
561
+ }
562
+
563
  $old_user = self::get_old_user();
564
 
565
  if ( $old_user instanceof WP_User ) {