User Switching - Version 1.5.6

Version Description

Release Info

Developer	johnbillion
Plugin	User Switching
Version	1.5.6
Comparing to
See all releases

Code changes from version 1.5.5 to 1.5.6

Files changed (2) hide show

readme.md +64 -11
user-switching.php +10 -12

readme.md CHANGED Viewed

	@@ -1,19 +1,21 @@
1	# User Switching
2
3	- Stable tag: 1.5.5
4	Requires at least: 3.7
5	- Tested up to: 5.5
6	Requires PHP: 5.3
7	License: GPL v2 or later
8	Tags: users, profiles, user switching, fast user switching, multisite, buddypress, bbpress, become, user management, developer
9	Contributors: johnbillion

10
11	![](.wordpress-org/banner-1544x500.png)
12
13	Instant switching between user accounts in WordPress.
14
15	- [![](https://img.shields.io/~~github~~/~~workflow/status/johnbillion/user~~-~~switching/Test/develop~~?style=~~flat~~-~~square~~)](~~https://github.com/johnbillion/user~~-~~switching/actions~~)
16	- [![](https://img.shields.io/~~badge~~/~~ethical~~-~~open%20source-4baaaa.svg~~?style=~~flat~~-~~square~~)](~~#ethical~~-~~open-source~~)

17
18	## Description
19
	@@ -44,6 +46,13 @@ This plugin allows you to quickly swap between user accounts in WordPress at the
44
45	See the [FAQ](https://wordpress.org/plugins/user-switching/faq/) for information about the Switch Off feature.
46







47	### Privacy Statement
48
49	User Switching makes use of browser cookies in order to allow users to switch to another account. Its cookies operate using the same mechanism as the authentication cookies in WordPress core, therefore their values contain the user's `user_login` field in plain text which should be treated as potentially personally identifiable information. The names of the cookies are:
	@@ -112,7 +121,47 @@ A user needs the `edit_users` capability in order to switch user accounts. By de
112
113	Yes. The `switch_users` meta capability can be explicitly granted to a user or a role to allow them to switch users regardless of whether or not they have the `edit_users` capability. For practical purposes, the user or role will also need the `list_users` capability so they can access the Users menu in the WordPress admin area.
114
115	- If ~~you~~ ~~know~~ ~~what~~ ~~you're~~ ~~doing~~ ~~with~~ ~~user capabilities, this capability can also~~ be denied from ~~a user or role to prevent the ability to switch~~ users~~, regardless of whether or not they have the `edit_users` capability.~~








































116
117	### Does this plugin allow a user to frame another user for an action?
118
	@@ -188,11 +237,20 @@ In addition, User Switching respects the following filters from WordPress core w
188	* `login_redirect` when switching to another user.
189	* `logout_redirect` when switching off.
190




191	## Changelog ##
192





193	### 1.5.5 ###
194
195	- * Added the `user_switching_in_footer` filter to disable output in footer on front end. ~~Thanks @pierreminik.~~
196	* Documentation additions and improvements.
197
198	### 1.5.4 ###
	@@ -263,11 +321,6 @@ In addition, User Switching respects the following filters from WordPress core w
263	* Docblock improvements.
264	* Coding standards improvements.
265
266	- ### 0.6.2 ###
267	-
268	- - Polish translation by Bartosz Arendt.
269	-
270	-
271	### 0.6.1 ###
272
273	- Slovak translation by Max Samael.


1	# User Switching
2
3	+ Stable tag: 1.5.6
4	Requires at least: 3.7
5	+ Tested up to: 5.7
6	Requires PHP: 5.3
7	License: GPL v2 or later
8	Tags: users, profiles, user switching, fast user switching, multisite, buddypress, bbpress, become, user management, developer
9	Contributors: johnbillion
10	+ Donate link: https://github.com/sponsors/johnbillion
11
12	![](.wordpress-org/banner-1544x500.png)
13
14	Instant switching between user accounts in WordPress.
15
16	+ [![](https://img.shields.io/badge/ethical-open%20source-4baaaa.svg?style=for-the-badge)](#ethical-open-source)
17	+ [![](https://img.shields.io/wordpress/plugin/installs/user-switching?style=for-the-badge)](https://wordpress.org/plugins/user-switching/)
18	+ [![](https://img.shields.io/github/workflow/status/johnbillion/user-switching/Test/develop?style=for-the-badge)](https://github.com/johnbillion/user-switching/actions)
19
20	## Description
21

46
47	See the [FAQ](https://wordpress.org/plugins/user-switching/faq/) for information about the Switch Off feature.
48
49	+ ### Other Plugins
50	+
51	+ I maintain several other plugins for developers. Check them out:
52	+
53	+ * [Query Monitor](https://wordpress.org/plugins/query-monitor/) is the developer tools panel for WordPress
54	+ * [WP Crontrol](https://wordpress.org/plugins/wp-crontrol/) lets you view and control what's happening in the WP-Cron system
55	+
56	### Privacy Statement
57
58	User Switching makes use of browser cookies in order to allow users to switch to another account. Its cookies operate using the same mechanism as the authentication cookies in WordPress core, therefore their values contain the user's `user_login` field in plain text which should be treated as potentially personally identifiable information. The names of the cookies are:

121
122	Yes. The `switch_users` meta capability can be explicitly granted to a user or a role to allow them to switch users regardless of whether or not they have the `edit_users` capability. For practical purposes, the user or role will also need the `list_users` capability so they can access the Users menu in the WordPress admin area.
123
124	+ ### Can the ability to switch accounts be denied from users?
125	+
126	+ Yes. User capabilities in WordPress can be set to `false` to deny them from a user. Denying the `switch_users` capability prevents the user from switching users, even if they have the `edit_users` capability.
127	+
128	+ add_filter( 'user_has_cap', function( $allcaps, $caps, $args, $user ) {
129	+ if ( 'switch_to_user' === $args[0] ) {
130	+ if ( my_condition() ) {
131	+ $allcaps['switch_users'] = false;
132	+ }
133	+ }
134	+ return $allcaps;
135	+ }, 9, 4 );
136	+
137	+ Note that this needs to happen before User Switching's own capability filtering, hence the priority of `9`.
138	+
139	+ ### Can I add a custom "Switch To" link to my own plugin or theme?
140	+
141	+ Yes. Use the `user_switching::maybe_switch_url()` method for this. It takes care of authentication and returns a nonce-protected URL for the current user to switch into the provided user account.
142	+
143	+ if ( method_exists( 'user_switching', 'maybe_switch_url' ) ) {
144	+ $url = user_switching::maybe_switch_url( $target_user );
145	+ if ( $url ) {
146	+ printf(
147	+ '<a href="%1$s">Switch to %2$s</a>',
148	+ $url,
149	+ $target_user->display_name
150	+ );
151	+ }
152	+ }
153	+
154	+ ### Can I determine whether the current user switched into their account?
155	+
156	+ Yes. Use the `current_user_switched()` function for this.
157	+
158	+ if ( function_exists( 'current_user_switched' ) ) {
159	+ $switched_user = current_user_switched();
160	+ if ( $switched_user ) {
161	+ // User is logged in and has switched into their account.
162	+ // $switched_user is the WP_User object for their originating user.
163	+ }
164	+ }
165
166	### Does this plugin allow a user to frame another user for an action?
167

237	* `login_redirect` when switching to another user.
238	* `logout_redirect` when switching off.
239
240	+ ### Do you accept donations?
241	+
242	+ [I am accepting sponsorships via the GitHub Sponsors program](https://johnblackbourn.com/donations/) and any support you can give will help me maintain this plugin and keep it free for everyone.
243	+
244	## Changelog ##
245
246	+ ### 1.5.6 ###
247	+
248	+ * Add a class to the table row on the user edit screen.
249	+ * Updated docs.
250	+
251	### 1.5.5 ###
252
253	+ * Added the `user_switching_in_footer` filter to disable output in footer on front end.
254	* Documentation additions and improvements.
255
256	### 1.5.4 ###

321	* Docblock improvements.
322	* Coding standards improvements.
323





324	### 0.6.1 ###
325
326	- Slovak translation by Max Samael.

user-switching.php CHANGED Viewed

	@@ -10,7 +10,7 @@
10	*
11	* Plugin Name: User Switching
12	* Description: Instant switching between user accounts in WordPress
13	- * Version: 1.5.5
14	* Plugin URI: https://johnblackbourn.com/wordpress-plugin-user-switching/
15	* Author: John Blackbourn & contributors
16	* Author URI: https://github.com/johnbillion/user-switching/graphs/contributors
	@@ -104,7 +104,7 @@ class user_switching {
104	}
105
106	?>
107	- <tr>
108	<th scope="row"><?php echo esc_html_x( 'User Switching', 'User Switching title on user profile screen', 'user-switching' ); ?></th>
109	<td><a id="user_switching_switcher" href="<?php echo esc_url( $link ); ?>"><?php esc_html_e( 'Switch To', 'user-switching' ); ?></a></td>
110	</tr>
	@@ -112,11 +112,11 @@ class user_switching {
112	}
113
114	/**
115	- * Returns whether ~~or not~~ the current logged in user is being remembered in the form of a persistent browser cookie
116	* (ie. they checked the 'Remember Me' check box when they logged in). This is used to persist the 'remember me'
117	* value when the user switches to another user.
118	*
119	- * @return bool Whether the current user is being 'remembered' ~~or not~~.
120	*/
121	public static function remember() {
122	/** This filter is documented in wp-includes/pluggable.php */
	@@ -808,7 +808,7 @@ class user_switching {
808	}
809
810	/**
811	- * Returns whether ~~or not~~ User Switching's equivalent of the 'logged_in' cookie should be secure.
812	*
813	* This is used to set the 'secure' flag on the old user cookie, for enhanced security.
814	*
	@@ -821,11 +821,11 @@ class user_switching {
821	}
822
823	/**
824	- * Returns whether ~~or not~~ User Switching's equivalent of the 'auth' cookie should be secure.
825	*
826	- * This is used to determine whether to set a secure auth cookie ~~or not~~.
827	*
828	- * @return bool ~~Should~~ the auth cookie be secure?
829	*/
830	public static function secure_auth_cookie() {
831	return ( is_ssl() && ( 'https' === parse_url( wp_login_url(), PHP_URL_SCHEME ) ) );
	@@ -989,7 +989,6 @@ if ( ! function_exists( 'user_switching_set_olduser_cookie' ) ) {
989	*
990	* @param string $auth_cookie JSON-encoded array of authentication cookie values.
991	* @param int $expiration The time when the authentication cookie expires as a UNIX timestamp.
992	- * Default is 48 hours from now.
993	* @param int $old_user_id User ID.
994	* @param string $scheme Authentication scheme. Values include 'auth' or 'secure_auth'.
995	* @param string $token User's session token to use for the latest cookie.
	@@ -1005,9 +1004,8 @@ if ( ! function_exists( 'user_switching_set_olduser_cookie' ) ) {
1005	*
1006	* @param string $olduser_cookie The old user cookie value.
1007	* @param int $expiration The time when the logged-in authentication cookie expires as a UNIX timestamp.
1008	- * Default is 48 hours from now.
1009	* @param int $old_user_id User ID.
1010	- * @param string $scheme Authentication scheme. ~~Default~~ '~~logged_in~~'.
1011	* @param string $token User's session token to use for this cookie.
1012	*/
1013	do_action( 'set_olduser_cookie', $olduser_cookie, $expiration, $old_user_id, $scheme, $token );
	@@ -1242,7 +1240,7 @@ if ( ! function_exists( 'switch_off_user' ) ) {
1242
1243	if ( ! function_exists( 'current_user_switched' ) ) {
1244	/**
1245	- * Returns whether ~~or not~~ the current user switched into their account.
1246	*
1247	* @return false\|WP_User False if the user isn't logged in or they didn't switch in; old user object (which evaluates to
1248	* true) if the user switched into the current user account.


10	*
11	* Plugin Name: User Switching
12	* Description: Instant switching between user accounts in WordPress
13	+ * Version: 1.5.6
14	* Plugin URI: https://johnblackbourn.com/wordpress-plugin-user-switching/
15	* Author: John Blackbourn & contributors
16	* Author URI: https://github.com/johnbillion/user-switching/graphs/contributors

104	}
105
106	?>
107	+ <tr class="user-switching-wrap">
108	<th scope="row"><?php echo esc_html_x( 'User Switching', 'User Switching title on user profile screen', 'user-switching' ); ?></th>
109	<td><a id="user_switching_switcher" href="<?php echo esc_url( $link ); ?>"><?php esc_html_e( 'Switch To', 'user-switching' ); ?></a></td>
110	</tr>

112	}
113
114	/**
115	+ * Returns whether the current logged in user is being remembered in the form of a persistent browser cookie
116	* (ie. they checked the 'Remember Me' check box when they logged in). This is used to persist the 'remember me'
117	* value when the user switches to another user.
118	*
119	+ * @return bool Whether the current user is being 'remembered'.
120	*/
121	public static function remember() {
122	/** This filter is documented in wp-includes/pluggable.php */

808	}
809
810	/**
811	+ * Returns whether User Switching's equivalent of the 'logged_in' cookie should be secure.
812	*
813	* This is used to set the 'secure' flag on the old user cookie, for enhanced security.
814	*

821	}
822
823	/**
824	+ * Returns whether User Switching's equivalent of the 'auth' cookie should be secure.
825	*
826	+ * This is used to determine whether to set a secure auth cookie.
827	*
828	+ * @return bool Whether the auth cookie should be secure.
829	*/
830	public static function secure_auth_cookie() {
831	return ( is_ssl() && ( 'https' === parse_url( wp_login_url(), PHP_URL_SCHEME ) ) );

989	*
990	* @param string $auth_cookie JSON-encoded array of authentication cookie values.
991	* @param int $expiration The time when the authentication cookie expires as a UNIX timestamp.

992	* @param int $old_user_id User ID.
993	* @param string $scheme Authentication scheme. Values include 'auth' or 'secure_auth'.
994	* @param string $token User's session token to use for the latest cookie.

1004	*
1005	* @param string $olduser_cookie The old user cookie value.
1006	* @param int $expiration The time when the logged-in authentication cookie expires as a UNIX timestamp.

1007	* @param int $old_user_id User ID.
1008	+ * @param string $scheme Authentication scheme. Values include 'auth' or 'secure_auth'.
1009	* @param string $token User's session token to use for this cookie.
1010	*/
1011	do_action( 'set_olduser_cookie', $olduser_cookie, $expiration, $old_user_id, $scheme, $token );

1240
1241	if ( ! function_exists( 'current_user_switched' ) ) {
1242	/**
1243	+ * Returns whether the current user switched into their account.
1244	*
1245	* @return false\|WP_User False if the user isn't logged in or they didn't switch in; old user object (which evaluates to
1246	* true) if the user switched into the current user account.