Version Description
- [Important]Security vulnerability fix.
Download this release
Release Info
| Developer | syammohanm |
| Plugin |  WPFront User Role Editor |
| Version | 2.14.2 |
| Comparing to | |
| See all releases | |
Code changes from version 2.14.1 to 2.14.2
classes/class-wpfront-user-role-editor-add-edit.php
CHANGED
|
@@ -214,8 +214,18 @@ if (!class_exists('WPFront_User_Role_Editor_Add_Edit')) {
|
|
| 214 |
$deprecated = array_key_exists($key, WPFront_User_Role_Editor::$DEPRECATED_CAPABILITIES);
|
| 215 |
$other = array_key_exists($key, WPFront_User_Role_Editor::$OTHER_CAPABILITIES);
|
| 216 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 217 |
$caps_group[$key] = (OBJECT) array(
|
| 218 |
-
'caps' => $
|
| 219 |
'display_name' => $this->__($key),
|
| 220 |
'deprecated' => $deprecated,
|
| 221 |
'disabled' => !$this->is_editable, //!$this->is_editable || $deprecated, - to enable levels; for author drop down
|
| 214 |
$deprecated = array_key_exists($key, WPFront_User_Role_Editor::$DEPRECATED_CAPABILITIES);
|
| 215 |
$other = array_key_exists($key, WPFront_User_Role_Editor::$OTHER_CAPABILITIES);
|
| 216 |
|
| 217 |
+
//network caps check
|
| 218 |
+
$caps = array();
|
| 219 |
+
foreach ($value as $cap) {
|
| 220 |
+
if(strpos($cap, 'manage_network_') === 0) {
|
| 221 |
+
continue;
|
| 222 |
+
}
|
| 223 |
+
|
| 224 |
+
$caps[] = $cap;
|
| 225 |
+
}
|
| 226 |
+
|
| 227 |
$caps_group[$key] = (OBJECT) array(
|
| 228 |
+
'caps' => $caps,
|
| 229 |
'display_name' => $this->__($key),
|
| 230 |
'deprecated' => $deprecated,
|
| 231 |
'disabled' => !$this->is_editable, //!$this->is_editable || $deprecated, - to enable levels; for author drop down
|
classes/class-wpfront-user-role-editor-add-remove-capability.php
CHANGED
|
@@ -43,6 +43,7 @@ if (!class_exists('WPFront_User_Role_Editor_Add_Remove_Capability')) {
|
|
| 43 |
private $roles_type;
|
| 44 |
private $roles;
|
| 45 |
private $message;
|
|
|
|
| 46 |
|
| 47 |
public function add_remove_capability() {
|
| 48 |
|
|
@@ -56,6 +57,7 @@ if (!class_exists('WPFront_User_Role_Editor_Add_Remove_Capability')) {
|
|
| 56 |
$this->roles_type = 'all';
|
| 57 |
$this->roles = array();
|
| 58 |
$this->message = NULL;
|
|
|
|
| 59 |
|
| 60 |
if (!empty($_POST['add-remove-capability'])) {
|
| 61 |
$this->main->verify_nonce();
|
|
@@ -67,7 +69,7 @@ if (!class_exists('WPFront_User_Role_Editor_Add_Remove_Capability')) {
|
|
| 67 |
$this->roles_type = $_POST['roles_type'];
|
| 68 |
if ($this->roles_type === 'selected' && !empty($_POST['selected-roles']))
|
| 69 |
$this->roles = $_POST['selected-roles'];
|
| 70 |
-
|
| 71 |
if (!empty($this->capability)) {
|
| 72 |
$roles = array();
|
| 73 |
switch ($this->roles_type) {
|
|
@@ -83,6 +85,12 @@ if (!class_exists('WPFront_User_Role_Editor_Add_Remove_Capability')) {
|
|
| 83 |
$func = NULL;
|
| 84 |
switch ($this->action) {
|
| 85 |
case 'add':
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 86 |
$func = 'add_cap';
|
| 87 |
if (!isset($roles[self::ADMINISTRATOR_ROLE_KEY])) {
|
| 88 |
$roles[self::ADMINISTRATOR_ROLE_KEY] = TRUE;
|
|
@@ -98,14 +106,16 @@ if (!class_exists('WPFront_User_Role_Editor_Add_Remove_Capability')) {
|
|
| 98 |
break;
|
| 99 |
}
|
| 100 |
|
| 101 |
-
|
| 102 |
-
$
|
| 103 |
-
|
| 104 |
-
$role
|
|
|
|
|
|
|
| 105 |
}
|
|
|
|
|
|
|
| 106 |
}
|
| 107 |
-
|
| 108 |
-
$this->message = $this->__('Roles updated.');
|
| 109 |
}
|
| 110 |
}
|
| 111 |
|
| 43 |
private $roles_type;
|
| 44 |
private $roles;
|
| 45 |
private $message;
|
| 46 |
+
private $error;
|
| 47 |
|
| 48 |
public function add_remove_capability() {
|
| 49 |
|
| 57 |
$this->roles_type = 'all';
|
| 58 |
$this->roles = array();
|
| 59 |
$this->message = NULL;
|
| 60 |
+
$this->error = NULL;
|
| 61 |
|
| 62 |
if (!empty($_POST['add-remove-capability'])) {
|
| 63 |
$this->main->verify_nonce();
|
| 69 |
$this->roles_type = $_POST['roles_type'];
|
| 70 |
if ($this->roles_type === 'selected' && !empty($_POST['selected-roles']))
|
| 71 |
$this->roles = $_POST['selected-roles'];
|
| 72 |
+
|
| 73 |
if (!empty($this->capability)) {
|
| 74 |
$roles = array();
|
| 75 |
switch ($this->roles_type) {
|
| 85 |
$func = NULL;
|
| 86 |
switch ($this->action) {
|
| 87 |
case 'add':
|
| 88 |
+
//network caps check
|
| 89 |
+
if(strpos($this->capability, 'manage_network_') === 0) {
|
| 90 |
+
$this->error = $this->__('This capability is reserved for Super Admins and can not be added to site roles.');
|
| 91 |
+
break;
|
| 92 |
+
}
|
| 93 |
+
|
| 94 |
$func = 'add_cap';
|
| 95 |
if (!isset($roles[self::ADMINISTRATOR_ROLE_KEY])) {
|
| 96 |
$roles[self::ADMINISTRATOR_ROLE_KEY] = TRUE;
|
| 106 |
break;
|
| 107 |
}
|
| 108 |
|
| 109 |
+
if(!empty($func) && empty($this->error)) {
|
| 110 |
+
foreach ($roles as $key => $value) {
|
| 111 |
+
$role = get_role($key);
|
| 112 |
+
if (!empty($role)) {
|
| 113 |
+
$role->$func($this->capability);
|
| 114 |
+
}
|
| 115 |
}
|
| 116 |
+
|
| 117 |
+
$this->message = $this->__('Roles updated.');
|
| 118 |
}
|
|
|
|
|
|
|
| 119 |
}
|
| 120 |
}
|
| 121 |
|
classes/class-wpfront-user-role-editor.php
CHANGED
|
@@ -38,7 +38,7 @@ if (!class_exists('WPFront_User_Role_Editor')) {
|
|
| 38 |
class WPFront_User_Role_Editor extends WPFront_Base_URE {
|
| 39 |
|
| 40 |
//Constants
|
| 41 |
-
const VERSION = '2.14.
|
| 42 |
const OPTIONS_GROUP_NAME = 'wpfront-user-role-editor-options-group';
|
| 43 |
const OPTION_NAME = 'wpfront-user-role-editor-options';
|
| 44 |
const PLUGIN_SLUG = 'wpfront-user-role-editor';
|
| 38 |
class WPFront_User_Role_Editor extends WPFront_Base_URE {
|
| 39 |
|
| 40 |
//Constants
|
| 41 |
+
const VERSION = '2.14.2';
|
| 42 |
const OPTIONS_GROUP_NAME = 'wpfront-user-role-editor-options-group';
|
| 43 |
const OPTION_NAME = 'wpfront-user-role-editor-options';
|
| 44 |
const PLUGIN_SLUG = 'wpfront-user-role-editor';
|
readme.txt
CHANGED
|
@@ -3,9 +3,9 @@ Contributors: syammohanm
|
|
| 3 |
Donate link: https://wpfront.com/donate/
|
| 4 |
Tags: WordPress user role editor, user role editor, role editor, user role, role, WordPress user roles, user roles, roles, user roles editor, roles editor, role manager, roles manager, manage roles, manage role, access, capability, editor, permission, role, security, user, capability editor, capability manager, custom post types, custom post type permissions, custom post type capabilities, post type permissions, post type capabilities, menu editor, role menu, role menu editor, multisite roles, multisite role editor, multisite user roles, import roles, export roles
|
| 5 |
Requires at least: 4.4
|
| 6 |
-
Tested up to:
|
| 7 |
Requires PHP: 5.2.4
|
| 8 |
-
Stable tag: 2.14.
|
| 9 |
License: GPLv3
|
| 10 |
License URI: http://www.gnu.org/licenses/gpl-3.0.html
|
| 11 |
|
|
@@ -90,6 +90,9 @@ This plugin doesn’t collect any personal information. For more information ple
|
|
| 90 |
|
| 91 |
== Changelog ==
|
| 92 |
|
|
|
|
|
|
|
|
|
|
| 93 |
= 2.14.1 =
|
| 94 |
* Logout redirect added.
|
| 95 |
* Secondary roles on Add New User added.
|
|
@@ -243,6 +246,9 @@ This plugin doesn’t collect any personal information. For more information ple
|
|
| 243 |
|
| 244 |
== Upgrade Notice ==
|
| 245 |
|
|
|
|
|
|
|
|
|
|
| 246 |
= 2.14.1 =
|
| 247 |
* New features added.
|
| 248 |
|
| 3 |
Donate link: https://wpfront.com/donate/
|
| 4 |
Tags: WordPress user role editor, user role editor, role editor, user role, role, WordPress user roles, user roles, roles, user roles editor, roles editor, role manager, roles manager, manage roles, manage role, access, capability, editor, permission, role, security, user, capability editor, capability manager, custom post types, custom post type permissions, custom post type capabilities, post type permissions, post type capabilities, menu editor, role menu, role menu editor, multisite roles, multisite role editor, multisite user roles, import roles, export roles
|
| 5 |
Requires at least: 4.4
|
| 6 |
+
Tested up to: 5.0.3
|
| 7 |
Requires PHP: 5.2.4
|
| 8 |
+
Stable tag: 2.14.2
|
| 9 |
License: GPLv3
|
| 10 |
License URI: http://www.gnu.org/licenses/gpl-3.0.html
|
| 11 |
|
| 90 |
|
| 91 |
== Changelog ==
|
| 92 |
|
| 93 |
+
= 2.14.2 =
|
| 94 |
+
* [Important]Security vulnerability fix.
|
| 95 |
+
|
| 96 |
= 2.14.1 =
|
| 97 |
* Logout redirect added.
|
| 98 |
* Secondary roles on Add New User added.
|
| 246 |
|
| 247 |
== Upgrade Notice ==
|
| 248 |
|
| 249 |
+
= 2.14.2 =
|
| 250 |
+
* This update is highly recommended because of a security vulnerability fix, mainly affecting multisite installations, reported by WordPress.
|
| 251 |
+
|
| 252 |
= 2.14.1 =
|
| 253 |
* New features added.
|
| 254 |
|
templates/add-remove-capability.php
CHANGED
|
@@ -40,6 +40,15 @@ if (!defined('ABSPATH')) {
|
|
| 40 |
<?php echo $this->__('Add/Remove Capability'); ?>
|
| 41 |
</h2>
|
| 42 |
<?php
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 43 |
if (!empty($this->message)) {
|
| 44 |
?>
|
| 45 |
<div class="updated">
|
| 40 |
<?php echo $this->__('Add/Remove Capability'); ?>
|
| 41 |
</h2>
|
| 42 |
<?php
|
| 43 |
+
if (!empty($this->error)) {
|
| 44 |
+
?>
|
| 45 |
+
<div class="error">
|
| 46 |
+
<p><?php echo $this->error; ?></p>
|
| 47 |
+
</div>
|
| 48 |
+
<?php
|
| 49 |
+
}
|
| 50 |
+
?>
|
| 51 |
+
<?php
|
| 52 |
if (!empty($this->message)) {
|
| 53 |
?>
|
| 54 |
<div class="updated">
|
wpfront-user-role-editor.php
CHANGED
|
@@ -4,7 +4,7 @@
|
|
| 4 |
* Plugin Name: WPFront User Role Editor
|
| 5 |
* Plugin URI: http://wpfront.com/user-role-editor-pro/
|
| 6 |
* Description: Allows you to manage user roles.
|
| 7 |
-
* Version: 2.14.
|
| 8 |
* Author: Syam Mohan
|
| 9 |
* Author URI: http://wpfront.com
|
| 10 |
* License: GPL v3
|
| 4 |
* Plugin Name: WPFront User Role Editor
|
| 5 |
* Plugin URI: http://wpfront.com/user-role-editor-pro/
|
| 6 |
* Description: Allows you to manage user roles.
|
| 7 |
+
* Version: 2.14.2
|
| 8 |
* Author: Syam Mohan
|
| 9 |
* Author URI: http://wpfront.com
|
| 10 |
* License: GPL v3
|
