WPFront User Role Editor - Version 3.2.1

Version Description

  • XSS fixes.
Download this release

Release Info

Developer syammohanm
Plugin Icon 128x128 WPFront User Role Editor
Version 3.2.1
Comparing to
See all releases

Code changes from version 3.1.0 to 3.2.1

Files changed (47) hide show
  1. assets/css/roles.css +1 -2
  2. includes/add-remove-cap/class-add-remove-cap.php +1 -1
  3. includes/add-remove-cap/template-add-remove-cap.php +5 -5
  4. includes/bulk-edit/class-bulk-edit.php +1 -1
  5. includes/bulk-edit/template-bulk-edit.php +2 -2
  6. includes/class-controller.php +1 -1
  7. includes/class-debug.php +88 -28
  8. includes/login-redirect/class-login-redirect-list-table.php +13 -13
  9. includes/login-redirect/class-login-redirect.php +1 -1
  10. includes/login-redirect/template-add-edit.php +5 -5
  11. includes/login-redirect/template-delete.php +2 -2
  12. includes/login-redirect/template-login-redirect.php +2 -2
  13. includes/media/class-media-permissions.php +1 -1
  14. includes/nav-menu/class-nav-menu-permissions.php +6 -6
  15. includes/post-type/class-abstract-post-type-custom-cap.php +6 -0
  16. includes/post-type/class-post-type-list-table.php +13 -13
  17. includes/post-type/class-post-type.php +1 -1
  18. includes/post-type/custom-caps/class-create-posts-capability.php +1 -1
  19. includes/post-type/custom-caps/class-read-others-capability.php +2 -2
  20. includes/post-type/template-add-edit.php +74 -72
  21. includes/post-type/template-delete.php +9 -6
  22. includes/post-type/template-post-type.php +5 -5
  23. includes/restore/class-restore.php +1 -1
  24. includes/restore/template-restore.php +5 -5
  25. includes/roles/class-roles-list.php +1 -1
  26. includes/roles/template-role-add-edit.php +9 -9
  27. includes/roles/template-role-delete.php +3 -3
  28. includes/roles/template-roles-list.php +15 -15
  29. includes/settings/class-options.php +5 -0
  30. includes/settings/template-options.php +2 -2
  31. includes/taxonomies/class-taxonomies-list-table.php +18 -18
  32. includes/taxonomies/class-taxonomies.php +1 -1
  33. includes/taxonomies/template-add-edit.php +12 -10
  34. includes/taxonomies/template-delete.php +16 -13
  35. includes/taxonomies/template-taxonomies.php +3 -3
  36. includes/users/class-assign-migrate.php +2 -2
  37. includes/users/class-user-permissions.php +2 -2
  38. includes/users/class-user-profile.php +1 -1
  39. includes/users/template-assign-migrate.php +3 -3
  40. includes/users/template-assign.php +4 -3
  41. includes/users/template-migrate.php +2 -2
  42. includes/users/template-user-profile-secondary-roles.php +2 -2
  43. includes/widget/class-widget-permissions.php +6 -6
  44. includes/wp/class-login-page-url.php +253 -0
  45. includes/wp/includes.php +3 -0
  46. readme.txt +16 -2
  47. wpfront-user-role-editor.php +4 -4
assets/css/roles.css CHANGED
@@ -505,7 +505,6 @@ div.wpfront-user-role-editor-post-type-extended-permission-legend {
505
  /* extended permissions end */
506
 
507
 
508
-
509
  /* bulk edit start */
510
 
511
  div.wrap.bulk-edit div.options p {
@@ -633,7 +632,7 @@ div.wrap.taxonomy-add-edit ul.chosen-choices {
633
  flex-wrap: wrap;
634
  }
635
 
636
- /* taxonomies screen start */
637
 
638
  .ui-tooltip {
639
  background: #ffffff;
505
  /* extended permissions end */
506
 
507
 
 
508
  /* bulk edit start */
509
 
510
  div.wrap.bulk-edit div.options p {
632
  flex-wrap: wrap;
633
  }
634
 
635
+ /* taxonomies screen end */
636
 
637
  .ui-tooltip {
638
  background: #ffffff;
includes/add-remove-cap/class-add-remove-cap.php CHANGED
@@ -78,7 +78,7 @@ if (!class_exists('\WPFront\URE\Bulk_Edit\WPFront_User_Role_Editor_Add_Remove_Ca
78
 
79
  protected function _register($controllers) {
80
  $debug = WPFront_User_Role_Editor_Debug::instance();
81
- $debug->add_setting('add-remove-cap', 'Add or Remove Capability');
82
 
83
  if($debug->is_disabled('add-remove-cap')) {
84
  return $controllers;
78
 
79
  protected function _register($controllers) {
80
  $debug = WPFront_User_Role_Editor_Debug::instance();
81
+ $debug->add_setting('add-remove-cap', __('Add or Remove Capability', 'wpfront-user-role-editor'), 20, __('Disables add or remove capability functionality.', 'wpfront-user-role-editor'));
82
 
83
  if($debug->is_disabled('add-remove-cap')) {
84
  return $controllers;
includes/add-remove-cap/template-add-remove-cap.php CHANGED
@@ -50,7 +50,7 @@ if(!class_exists('WPFront\URE\Bulk_Edit\WPFront_User_Role_Editor_Add_Remove_Cap_
50
  ?>
51
  <div class="wrap add-remove-capability">
52
  <?php $this->title(); ?>
53
- <form method="post" class="validate" action="<?php echo Bulk_Edit::instance()->get_screen_url(Add_Remove_Cap::instance()); ?>">
54
  <table class="form-table">
55
  <tbody>
56
  <?php $this->action_row(); ?>
@@ -81,7 +81,7 @@ if(!class_exists('WPFront\URE\Bulk_Edit\WPFront_User_Role_Editor_Add_Remove_Cap_
81
  if(!empty($this->error)) {
82
  Utils::notice_error($this->error);
83
  } elseif(isset($_GET['changes-saved'])) {
84
- Utils::notice_updated($_GET['changes-saved'] . ' ' . __('role(s) updated.', 'wpfront-user-role-editor'));
85
  }
86
  }
87
 
@@ -113,7 +113,7 @@ if(!class_exists('WPFront\URE\Bulk_Edit\WPFront_User_Role_Editor_Add_Remove_Cap_
113
  </label>
114
  </th>
115
  <td>
116
- <input class="regular-text" name="capability" type="text" id="capability" value="<?php echo $this->get_current_capability(); ?>" aria-required="true" />
117
  </td>
118
  </tr>
119
  <?php
@@ -152,7 +152,7 @@ if(!class_exists('WPFront\URE\Bulk_Edit\WPFront_User_Role_Editor_Add_Remove_Cap_
152
  $admin_role = $this->RolesHelperClass::get_display_name($this->RolesHelperClass::ADMINISTRATOR_ROLE_KEY);
153
  if(!empty($admin_role)) {
154
  ?>
155
- <label><input id="chk_admin" type="checkbox" disabled="true" <?php echo $this->get_current_action() === 'add' ? 'checked' : ''; ?> /><?php echo $admin_role; ?></label>
156
  <br />
157
  <?php
158
  }
@@ -161,7 +161,7 @@ if(!class_exists('WPFront\URE\Bulk_Edit\WPFront_User_Role_Editor_Add_Remove_Cap_
161
  $selected_roles = $this->get_current_selected_roles();
162
  foreach ($roles as $role_name => $role_display) {
163
  ?>
164
- <label><input type="checkbox" name="selected-roles[<?php echo $role_name; ?>]" <?php echo array_key_exists($role_name, $selected_roles) ? 'checked' : ''; ?> /><?php echo $role_display; ?></label>
165
  <br />
166
  <?php
167
  }
50
  ?>
51
  <div class="wrap add-remove-capability">
52
  <?php $this->title(); ?>
53
+ <form method="post" class="validate" action="<?php echo esc_attr(Bulk_Edit::instance()->get_screen_url(Add_Remove_Cap::instance())); ?>">
54
  <table class="form-table">
55
  <tbody>
56
  <?php $this->action_row(); ?>
81
  if(!empty($this->error)) {
82
  Utils::notice_error($this->error);
83
  } elseif(isset($_GET['changes-saved'])) {
84
+ Utils::notice_updated(sprintf(__('%d role(s) updated.', 'wpfront-user-role-editor'), $_GET['changes-saved']));
85
  }
86
  }
87
 
113
  </label>
114
  </th>
115
  <td>
116
+ <input class="regular-text" name="capability" type="text" id="capability" value="<?php echo esc_attr($this->get_current_capability()); ?>" aria-required="true" />
117
  </td>
118
  </tr>
119
  <?php
152
  $admin_role = $this->RolesHelperClass::get_display_name($this->RolesHelperClass::ADMINISTRATOR_ROLE_KEY);
153
  if(!empty($admin_role)) {
154
  ?>
155
+ <label><input id="chk_admin" type="checkbox" disabled="true" <?php echo $this->get_current_action() === 'add' ? 'checked' : ''; ?> /><?php echo esc_html($admin_role); ?></label>
156
  <br />
157
  <?php
158
  }
161
  $selected_roles = $this->get_current_selected_roles();
162
  foreach ($roles as $role_name => $role_display) {
163
  ?>
164
+ <label><input type="checkbox" name="selected-roles[<?php echo esc_attr($role_name); ?>]" <?php echo array_key_exists($role_name, $selected_roles) ? 'checked' : ''; ?> /><?php echo esc_html($role_display); ?></label>
165
  <br />
166
  <?php
167
  }
includes/bulk-edit/class-bulk-edit.php CHANGED
@@ -73,7 +73,7 @@ if (!class_exists('\WPFront\URE\Bulk_Edit\WPFront_User_Role_Editor_Bulk_Edit'))
73
 
74
  protected function initialize() {
75
  $debug = WPFront_User_Role_Editor_Debug::instance();
76
- $debug->add_setting('bulk-edit', 'Bulk Edit');
77
 
78
  if($debug->is_disabled('bulk-edit')) {
79
  return;
73
 
74
  protected function initialize() {
75
  $debug = WPFront_User_Role_Editor_Debug::instance();
76
+ $debug->add_setting('bulk-edit', __('Bulk Edit', 'wpfront-user-role-editor'), 120, __('Disables bulk edit functionality.', 'wpfront-user-role-editor'));
77
 
78
  if($debug->is_disabled('bulk-edit')) {
79
  return;
includes/bulk-edit/template-bulk-edit.php CHANGED
@@ -46,7 +46,7 @@ if(!class_exists('WPFront\URE\Bulk_Edit\WPFront_User_Role_Editor_Bulk_Edit_View'
46
  <div class="wrap bulk-edit">
47
  <?php $this->title(); ?>
48
  <form method="get">
49
- <input type="hidden" name="page" value="<?php echo Bulk_Edit::MENU_SLUG; ?>" />
50
  <div class="options">
51
  <?php $this->display_options(); ?>
52
  </div>
@@ -71,7 +71,7 @@ if(!class_exists('WPFront\URE\Bulk_Edit\WPFront_User_Role_Editor_Bulk_Edit_View'
71
  foreach ($controllers as $ctlr) {
72
  ?>
73
  <p>
74
- <label><input type="radio" name="screen" value="<?php echo $ctlr->get_key(); ?>" <?php echo $select ? 'checked' : '' ?> /><?php echo $ctlr->get_option_text(); ?></label>
75
  </p>
76
  <?php
77
  $select = false;
46
  <div class="wrap bulk-edit">
47
  <?php $this->title(); ?>
48
  <form method="get">
49
+ <input type="hidden" name="page" value="<?php echo esc_attr(Bulk_Edit::MENU_SLUG); ?>" />
50
  <div class="options">
51
  <?php $this->display_options(); ?>
52
  </div>
71
  foreach ($controllers as $ctlr) {
72
  ?>
73
  <p>
74
+ <label><input type="radio" name="screen" value="<?php echo esc_attr($ctlr->get_key()); ?>" <?php echo $select ? 'checked' : '' ?> /><?php echo esc_html($ctlr->get_option_text()); ?></label>
75
  </p>
76
  <?php
77
  $select = false;
includes/class-controller.php CHANGED
@@ -114,7 +114,7 @@ if (!class_exists('\WPFront\URE\WPFront_User_Role_Editor_Controller')) {
114
  $debug_values = call_user_func(array(static::class, 'get_debug_setting'));
115
 
116
  $debug = WPFront_User_Role_Editor_Debug::instance();
117
- $debug->add_setting($debug_values['key'], $debug_values['label']);
118
 
119
  $disabled = $debug->is_disabled($debug_values['key']);
120
 
114
  $debug_values = call_user_func(array(static::class, 'get_debug_setting'));
115
 
116
  $debug = WPFront_User_Role_Editor_Debug::instance();
117
+ $debug->add_setting($debug_values['key'], $debug_values['label'], $debug_values['position'], $debug_values['description']);
118
 
119
  $disabled = $debug->is_disabled($debug_values['key']);
120
 
includes/class-debug.php CHANGED
@@ -50,6 +50,10 @@ if (!class_exists('\WPFront\URE\WPFront_User_Role_Editor_Debug')) {
50
  protected $settings_key = 'debug-settings';
51
  protected $settings_obj = null;
52
  protected $options;
 
 
 
 
53
 
54
  public static function instance() {
55
  if (self::$instance === null) {
@@ -60,18 +64,18 @@ if (!class_exists('\WPFront\URE\WPFront_User_Role_Editor_Debug')) {
60
  }
61
 
62
  public static function init() {
63
- if(!defined('WP_DEBUG') || !WP_DEBUG) {
64
  return;
65
  }
66
-
67
  add_filter('wpfront_ure_settings_controllers', array(self::instance(), 'register_settings'), 10);
68
  }
69
 
70
  public function register_settings($controllers) {
71
- if(is_multisite() && !is_network_admin()) {
72
  return $controllers;
73
  }
74
-
75
  if (current_user_can('manage_options')) {
76
  $controllers[] = self::instance();
77
  }
@@ -95,12 +99,13 @@ if (!class_exists('\WPFront\URE\WPFront_User_Role_Editor_Debug')) {
95
  if (!empty($_POST['submit'])) {
96
  $settings_obj = new \stdClass();
97
  $settings = empty($_POST[$this->settings_key]) ? [] : $_POST[$this->settings_key];
98
- foreach ($this->debug_keys as $key => $label) {
99
- if(!empty($settings[$key])) {
100
- $settings_obj->$key = true;
 
101
  }
102
  }
103
-
104
  $this->get_options_obj()->set_network_option($this->settings_key, $settings_obj, '', false);
105
 
106
  if (wp_safe_redirect($parent->getControllerUrl($this) . '&changes-saved=true')) {
@@ -112,7 +117,32 @@ if (!class_exists('\WPFront\URE\WPFront_User_Role_Editor_Debug')) {
112
  }
113
 
114
  protected function set_help_tab() {
115
-
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
116
  }
117
 
118
  public function display_notices() {
@@ -132,15 +162,19 @@ if (!class_exists('\WPFront\URE\WPFront_User_Role_Editor_Debug')) {
132
  }
133
 
134
  protected function display_rows() {
135
- foreach ($this->debug_keys as $key => $label) {
 
 
 
 
136
  $label = sprintf(__('Disable %s', 'wpfront-user-role-editor'), $label);
137
 
138
  $disabled = $this->is_disabled($key);
139
  $checked = $disabled ? 'checked' : '';
140
  ?>
141
- <tr>
142
  <th scope="row">
143
- <?php echo $label; ?>
144
  </th>
145
  <td>
146
  <input type="checkbox" name="<?php echo esc_attr("{$this->settings_key}[$key]"); ?>" <?php echo $checked; ?> />
@@ -150,47 +184,73 @@ if (!class_exists('\WPFront\URE\WPFront_User_Role_Editor_Debug')) {
150
  }
151
  }
152
 
153
- public function add_setting($setting, $label = null) {
154
- if(!defined('WP_DEBUG') || !WP_DEBUG) {
155
  return false;
156
  }
157
-
158
  if (is_array($setting)) {
159
- $key = $setting['key'];
160
- $label = $setting['label'];
161
  } else {
162
- $key = $setting;
 
 
 
 
 
 
 
 
163
  }
164
 
165
- $this->debug_keys[$key] = $label;
166
 
167
  return true;
168
  }
169
 
170
  public function is_disabled($key) {
171
- if(!defined('WP_DEBUG') || !WP_DEBUG) {
172
- return false;
173
  }
174
-
175
  $obj = $this->get_settings_obj();
176
  return !empty($obj->$key);
177
  }
178
-
179
  protected function get_options_obj() {
180
- if(empty($this->options)) {
181
  $this->options = \WPFront\URE\Options\WPFront_User_Role_Editor_Options::instance();
182
  }
183
-
184
  return $this->options;
185
  }
186
-
187
  protected function get_settings_obj() {
188
- if($this->settings_obj === null) {
189
  $this->settings_obj = $this->get_options_obj()->get_network_option($this->settings_key, '');
190
  }
191
-
192
  return $this->settings_obj;
193
  }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
194
  }
195
 
196
  add_action('wpfront_ure_init', array(WPFront_User_Role_Editor_Debug::class, 'init'));
50
  protected $settings_key = 'debug-settings';
51
  protected $settings_obj = null;
52
  protected $options;
53
+ protected $debug_enabled = null;
54
+
55
+ protected function __construct(){
56
+ }
57
 
58
  public static function instance() {
59
  if (self::$instance === null) {
64
  }
65
 
66
  public static function init() {
67
+ if (self::$instance->debug_enabled() == false) {
68
  return;
69
  }
70
+
71
  add_filter('wpfront_ure_settings_controllers', array(self::instance(), 'register_settings'), 10);
72
  }
73
 
74
  public function register_settings($controllers) {
75
+ if (is_multisite() && !is_network_admin()) {
76
  return $controllers;
77
  }
78
+
79
  if (current_user_can('manage_options')) {
80
  $controllers[] = self::instance();
81
  }
99
  if (!empty($_POST['submit'])) {
100
  $settings_obj = new \stdClass();
101
  $settings = empty($_POST[$this->settings_key]) ? [] : $_POST[$this->settings_key];
102
+ foreach ($this->debug_keys as $position => $setting) {
103
+ $key = $setting['key'];
104
+ if (!empty($settings[$key])) {
105
+ $settings_obj->$key = true;
106
  }
107
  }
108
+
109
  $this->get_options_obj()->set_network_option($this->settings_key, $settings_obj, '', false);
110
 
111
  if (wp_safe_redirect($parent->getControllerUrl($this) . '&changes-saved=true')) {
117
  }
118
 
119
  protected function set_help_tab() {
120
+ ksort($this->debug_keys);
121
+
122
+ $help = '';
123
+ foreach ($this->debug_keys as $position => $setting) {
124
+ $label = $setting['label'];
125
+ $description = $setting['description'];
126
+ $h = sprintf(__('<strong>Disable %s</strong>: %s', 'wpfront-user-role-editor'), $label, $description);
127
+ $help .= "<p>$h</p>";
128
+ }
129
+
130
+ $tabs = array(
131
+ array(
132
+ 'id' => 'overview',
133
+ 'title' => __('Overview', 'wpfront-user-role-editor'),
134
+ 'content' => $help
135
+ )
136
+ );
137
+
138
+ $sidebar = array(
139
+ array(
140
+ __('Documentation on Debug', 'wpfront-user-role-editor'),
141
+ 'debug/'
142
+ )
143
+ );
144
+
145
+ \WPFront\URE\WPFront_User_Role_Editor_Utils::set_help_tab($tabs, $sidebar);
146
  }
147
 
148
  public function display_notices() {
162
  }
163
 
164
  protected function display_rows() {
165
+ ksort($this->debug_keys);
166
+
167
+ foreach ($this->debug_keys as $position => $setting) {
168
+ $key = $setting['key'];
169
+ $label = $setting['label'];
170
  $label = sprintf(__('Disable %s', 'wpfront-user-role-editor'), $label);
171
 
172
  $disabled = $this->is_disabled($key);
173
  $checked = $disabled ? 'checked' : '';
174
  ?>
175
+ <tr data-priority="<?php echo esc_attr($position); ?>">
176
  <th scope="row">
177
+ <?php echo esc_html($label); ?>
178
  </th>
179
  <td>
180
  <input type="checkbox" name="<?php echo esc_attr("{$this->settings_key}[$key]"); ?>" <?php echo $checked; ?> />
184
  }
185
  }
186
 
187
+ public function add_setting($setting, $label = null, $position = null, $description = null) {
188
+ if ($this->debug_enabled() == false) {
189
  return false;
190
  }
191
+
192
  if (is_array($setting)) {
193
+ $position = $setting['position'];
 
194
  } else {
195
+ $setting = array('key' => $setting, 'label' => $label, 'description' => $description);
196
+ }
197
+
198
+ if (isset($this->debug_keys[$position])) {
199
+ $old = $this->debug_keys[$position]['key'];
200
+ $new = $setting['key'];
201
+ if($old != $new) {
202
+ throw new \Exception("Debug $position is already defined - $old/$new");
203
+ }
204
  }
205
 
206
+ $this->debug_keys[$position] = $setting;
207
 
208
  return true;
209
  }
210
 
211
  public function is_disabled($key) {
212
+ if ($this->debug_enabled() == false) {
213
+ return;
214
  }
215
+
216
  $obj = $this->get_settings_obj();
217
  return !empty($obj->$key);
218
  }
219
+
220
  protected function get_options_obj() {
221
+ if (empty($this->options)) {
222
  $this->options = \WPFront\URE\Options\WPFront_User_Role_Editor_Options::instance();
223
  }
224
+
225
  return $this->options;
226
  }
227
+
228
  protected function get_settings_obj() {
229
+ if ($this->settings_obj === null) {
230
  $this->settings_obj = $this->get_options_obj()->get_network_option($this->settings_key, '');
231
  }
232
+
233
  return $this->settings_obj;
234
  }
235
+
236
+ public function debug_enabled() {
237
+ if($this->debug_enabled !== null) {
238
+ return $this->debug_enabled;
239
+ }
240
+
241
+ $this->debug_enabled = false;
242
+
243
+ if (defined('WP_DEBUG') && WP_DEBUG) {
244
+ $this->debug_enabled = true;
245
+ }
246
+
247
+ if (defined('WPF_DEBUG') && WPF_DEBUG) {
248
+ $this->debug_enabled = true;
249
+ }
250
+
251
+ return $this->debug_enabled;
252
+ }
253
+
254
  }
255
 
256
  add_action('wpfront_ure_init', array(WPFront_User_Role_Editor_Debug::class, 'init'));
includes/login-redirect/class-login-redirect-list-table.php CHANGED
@@ -149,15 +149,15 @@ if (!class_exists('\WPFront\URE\Login_Redirect\WPFront_User_Role_Editor_Login_Re
149
  break;
150
 
151
  case 'priority':
152
- echo "<td $attributes>" . $item->priority . "</td>";
153
  break;
154
 
155
  case 'url':
156
- echo "<td $attributes>" . $this->format_url($item->url) . "</td>";
157
  break;
158
 
159
  case 'logout_url':
160
- echo "<td $attributes>" . $this->format_url($item->logout_url) . "</td>";
161
  break;
162
 
163
  case 'deny_wpadmin':
@@ -178,8 +178,8 @@ if (!class_exists('\WPFront\URE\Login_Redirect\WPFront_User_Role_Editor_Login_Re
178
  protected function cb_cell($item) {
179
  ?>
180
  <th scope="row" class="check-column">
181
- <label class="screen-reader-text" for="role_<?php echo $item->role; ?>"><?php echo sprintf(__('Select %s', 'wpfront-user-role-editor'), $item->role_display); ?></label>
182
- <input type="checkbox" id="role_<?php echo $item->role; ?>" name="roles[]" value="<?php echo esc_attr($item->role); ?>" />
183
  </th>
184
  <?php
185
  }
@@ -194,31 +194,31 @@ if (!class_exists('\WPFront\URE\Login_Redirect\WPFront_User_Role_Editor_Login_Re
194
  <td <?php echo $attributes; ?>>
195
  <?php
196
  if($can_edit) {
197
- $edit_link = LoginRedirect::instance()->get_edit_url($item->role);
198
  ?>
199
  <strong>
200
- <a href="<?php echo $edit_link; ?>" class="edit">
201
- <?php echo $item->role_display; ?>
202
  </a>
203
  </strong>
204
  <?php
205
  } else {
206
  ?>
207
  <strong>
208
- <?php echo $item->role_display; ?>
209
  </strong>
210
  <?php
211
  }
212
  $actions = array();
213
  if ($can_edit) {
214
- $edit_link = LoginRedirect::instance()->get_edit_url($item->role);
215
  $display = __('Edit', 'wpfront-user-role-editor');
216
- $actions['edit'] = "<a href='$edit_link'>$display</a>";
217
  }
218
  if (current_user_can('delete_login_redirects')) {
219
- $delete_link = LoginRedirect::instance()->get_delete_url($item->role);
220
  $display = __('Delete', 'wpfront-user-role-editor');
221
- $actions['delete'] = "<a href='$delete_link'>$display</a>";
222
  }
223
  echo $this->row_actions($actions);
224
  ?>
149
  break;
150
 
151
  case 'priority':
152
+ echo "<td $attributes>" . esc_html($item->priority) . "</td>";
153
  break;
154
 
155
  case 'url':
156
+ echo "<td $attributes>" . esc_html($this->format_url($item->url)) . "</td>";
157
  break;
158
 
159
  case 'logout_url':
160
+ echo "<td $attributes>" . esc_html($this->format_url($item->logout_url)) . "</td>";
161
  break;
162
 
163
  case 'deny_wpadmin':
178
  protected function cb_cell($item) {
179
  ?>
180
  <th scope="row" class="check-column">
181
+ <label class="screen-reader-text" for="role_<?php echo esc_attr($item->role); ?>"><?php echo sprintf(__('Select %s', 'wpfront-user-role-editor'), esc_html($item->role_display)); ?></label>
182
+ <input type="checkbox" id="role_<?php echo esc_attr($item->role); ?>" name="roles[]" value="<?php echo esc_attr($item->role); ?>" />
183
  </th>
184
  <?php
185
  }
194
  <td <?php echo $attributes; ?>>
195
  <?php
196
  if($can_edit) {
197
+ $edit_link = esc_url_raw(LoginRedirect::instance()->get_edit_url($item->role));
198
  ?>
199
  <strong>
200
+ <a href="<?php echo esc_attr($edit_link); ?>" class="edit">
201
+ <?php echo esc_html($item->role_display); ?>
202
  </a>
203
  </strong>
204
  <?php
205
  } else {
206
  ?>
207
  <strong>
208
+ <?php echo esc_html($item->role_display); ?>
209
  </strong>
210
  <?php
211
  }
212
  $actions = array();
213
  if ($can_edit) {
214
+ $edit_link = esc_url_raw(LoginRedirect::instance()->get_edit_url($item->role));
215
  $display = __('Edit', 'wpfront-user-role-editor');
216
+ $actions['edit'] = "<a href='".esc_attr($edit_link)."'>$display</a>";
217
  }
218
  if (current_user_can('delete_login_redirects')) {
219
+ $delete_link = esc_url_raw(LoginRedirect::instance()->get_delete_url($item->role));
220
  $display = __('Delete', 'wpfront-user-role-editor');
221
+ $actions['delete'] = "<a href='".esc_attr($delete_link)."'>$display</a>";
222
  }
223
  echo $this->row_actions($actions);
224
  ?>
includes/login-redirect/class-login-redirect.php CHANGED
@@ -637,7 +637,7 @@ if (!class_exists('\WPFront\URE\Login_Redirect\WPFront_User_Role_Editor_Login_Re
637
  }
638
 
639
  public static function get_debug_setting() {
640
- return array('key' => 'login-redirect', 'label' => 'Login Redirect');
641
  }
642
  }
643
 
637
  }
638
 
639
  public static function get_debug_setting() {
640
+ return array('key' => 'login-redirect', 'label' => __('Login Redirect', 'wpfront-user-role-editor'), 'position' => 60, 'description' => __('Disables the login redirect functionality.', 'wpfront-user-role-editor'));
641
  }
642
  }
643
 
includes/login-redirect/template-add-edit.php CHANGED
@@ -129,7 +129,7 @@ if(!class_exists('WPFront\URE\Login_Redirect\WPFront_User_Role_Editor_Login_Redi
129
  if($name == $current_role) {
130
  $selected = 'selected';
131
  }
132
- echo "<option value='$name' data-allowed='$role->allowed' $selected>$role->display_name</option>";
133
  }
134
  ?>
135
  </select>
@@ -139,7 +139,7 @@ if(!class_exists('WPFront\URE\Login_Redirect\WPFront_User_Role_Editor_Login_Redi
139
  <select name="role" id="login-redirect-role" disabled="true">
140
  <?php
141
  $display_name = LoginRedirect::instance()->get_role_display($this->role_entity->role);
142
- echo "<option>$display_name</option>";
143
  ?>
144
  </select>
145
  <?php
@@ -157,7 +157,7 @@ if(!class_exists('WPFront\URE\Login_Redirect\WPFront_User_Role_Editor_Login_Redi
157
  <?php echo __('Priority', 'wpfront-user-role-editor'); ?><span class="description"> (<?php echo __('required', 'wpfront-user-role-editor'); ?>)</span>
158
  </th>
159
  <td>
160
- <input id="login-redirect-priority" class="small-text" name="priority" type="number" value="<?php echo $this->get_current_priority(); ?>" aria-required="true" />
161
  </td>
162
  </tr>
163
  <?php
@@ -170,7 +170,7 @@ if(!class_exists('WPFront\URE\Login_Redirect\WPFront_User_Role_Editor_Login_Redi
170
  <?php echo __('Login Redirect URL', 'wpfront-user-role-editor'); ?><span class="description"> (<?php echo __('required', 'wpfront-user-role-editor'); ?>)</span>
171
  </th>
172
  <td>
173
- <input id="login-redirect-url" class="regular-text" name="url" type="text" value="<?php echo $this->get_current_url(); ?>" aria-required="true" />
174
  <br />
175
  <span class="description">[<?php echo __('Relative to home URL (recommended) or absolute URL.', 'wpfront-user-role-editor'); ?>]</span>
176
  </td>
@@ -185,7 +185,7 @@ if(!class_exists('WPFront\URE\Login_Redirect\WPFront_User_Role_Editor_Login_Redi
185
  <?php echo __('Logout Redirect URL', 'wpfront-user-role-editor'); ?>
186
  </th>
187
  <td>
188
- <input class="regular-text" name="logout_url" type="text" value="<?php echo $this->get_current_logout_url(); ?>" aria-required="true" />
189
  <br />
190
  <span class="description">[<?php echo __('Relative to home URL (recommended) or absolute URL.', 'wpfront-user-role-editor'); ?>]</span>
191
  </td>
129
  if($name == $current_role) {
130
  $selected = 'selected';
131
  }
132
+ echo "<option value='".esc_attr($name)."' data-allowed='".esc_attr($role->allowed)."' $selected>".esc_html($role->display_name)."</option>";
133
  }
134
  ?>
135
  </select>
139
  <select name="role" id="login-redirect-role" disabled="true">
140
  <?php
141
  $display_name = LoginRedirect::instance()->get_role_display($this->role_entity->role);
142
+ echo "<option>".esc_html($display_name)."</option>";
143
  ?>
144
  </select>
145
  <?php
157
  <?php echo __('Priority', 'wpfront-user-role-editor'); ?><span class="description"> (<?php echo __('required', 'wpfront-user-role-editor'); ?>)</span>
158
  </th>
159
  <td>
160
+ <input id="login-redirect-priority" class="small-text" name="priority" type="number" value="<?php echo esc_attr($this->get_current_priority()); ?>" aria-required="true" />
161
  </td>
162
  </tr>
163
  <?php
170
  <?php echo __('Login Redirect URL', 'wpfront-user-role-editor'); ?><span class="description"> (<?php echo __('required', 'wpfront-user-role-editor'); ?>)</span>
171
  </th>
172
  <td>
173
+ <input id="login-redirect-url" class="regular-text" name="url" type="text" value="<?php echo esc_attr($this->get_current_url()); ?>" aria-required="true" />
174
  <br />
175
  <span class="description">[<?php echo __('Relative to home URL (recommended) or absolute URL.', 'wpfront-user-role-editor'); ?>]</span>
176
  </td>
185
  <?php echo __('Logout Redirect URL', 'wpfront-user-role-editor'); ?>
186
  </th>
187
  <td>
188
+ <input class="regular-text" name="logout_url" type="text" value="<?php echo esc_attr($this->get_current_logout_url()); ?>" aria-required="true" />
189
  <br />
190
  <span class="description">[<?php echo __('Relative to home URL (recommended) or absolute URL.', 'wpfront-user-role-editor'); ?>]</span>
191
  </td>
includes/login-redirect/template-delete.php CHANGED
@@ -77,8 +77,8 @@ if(!class_exists('WPFront\URE\Login_Redirect\WPFront_User_Role_Editor_Login_Redi
77
  protected function roles_display() {
78
  foreach ($this->roles as $role) {
79
  $display = LoginRedirect::instance()->get_role_display($role);
80
- echo "<li><strong>$display</strong> [$role]</li>";
81
- echo "<input type='hidden' name='bulk-delete[$role]' />";
82
  }
83
  }
84
  }
77
  protected function roles_display() {
78
  foreach ($this->roles as $role) {
79
  $display = LoginRedirect::instance()->get_role_display($role);
80
+ echo "<li><strong>".esc_html($display)."</strong> [".esc_html($role)."]</li>";
81
+ echo "<input type='hidden' name='bulk-delete[".esc_attr($role)."]' />";
82
  }
83
  }
84
  }
includes/login-redirect/template-login-redirect.php CHANGED
@@ -54,7 +54,7 @@ if(!class_exists('WPFront\URE\Login_Redirect\WPFront_User_Role_Editor_Login_Redi
54
  $list_table->prepare_items();
55
  ?>
56
  <form action="" method="get" class="search-form">
57
- <input type="hidden" name="page" value="<?php echo LoginRedirect::MENU_SLUG; ?>" />
58
  <?php $list_table->search_box(__('Search', 'wpfront-user-role-editor'), 'login-redirect'); ?>
59
  </form>
60
  <form id="form-login-redirect" method='post'>
@@ -70,7 +70,7 @@ if(!class_exists('WPFront\URE\Login_Redirect\WPFront_User_Role_Editor_Login_Redi
70
  ?>
71
  <h2>
72
  <?php echo __('Login Redirects', 'wpfront-user-role-editor'); ?>
73
- <a href="<?php echo $this->get_add_new_url(); ?>" class="add-new-h2"><?php echo __('Add New', 'wpfront-user-role-editor'); ?></a>
74
  </h2>
75
  <?php
76
  }
54
  $list_table->prepare_items();
55
  ?>
56
  <form action="" method="get" class="search-form">
57
+ <input type="hidden" name="page" value="<?php echo esc_attr(LoginRedirect::MENU_SLUG); ?>" />
58
  <?php $list_table->search_box(__('Search', 'wpfront-user-role-editor'), 'login-redirect'); ?>
59
  </form>
60
  <form id="form-login-redirect" method='post'>
70
  ?>
71
  <h2>
72
  <?php echo __('Login Redirects', 'wpfront-user-role-editor'); ?>
73
+ <a href="<?php echo esc_attr($this->get_add_new_url()); ?>" class="add-new-h2"><?php echo __('Add New', 'wpfront-user-role-editor'); ?></a>
74
  </h2>
75
  <?php
76
  }
includes/media/class-media-permissions.php CHANGED
@@ -120,7 +120,7 @@ if (!class_exists('\WPFront\URE\Media\WPFront_User_Role_Editor_Media_Permissions
120
  }
121
 
122
  public static function get_debug_setting() {
123
- return array('key' => 'media-permissions', 'label' => 'Media Permissions');
124
  }
125
  }
126
 
120
  }
121
 
122
  public static function get_debug_setting() {
123
+ return array('key' => 'media-permissions', 'label' => __('Media Permissions', 'wpfront-user-role-editor'), 'position' => 150, 'description' => __('Disables all media permission capabilities.', 'wpfront-user-role-editor'));
124
  }
125
  }
126
 
includes/nav-menu/class-nav-menu-permissions.php CHANGED
@@ -170,10 +170,10 @@ if (!class_exists('\WPFront\URE\Nav_Menu\WPFront_User_Role_Editor_Nav_Menu_Permi
170
  <p class="description description-wide">
171
  <label><?php echo __('User Restrictions', 'wpfront-user-role-editor'); ?></label>
172
  <span class="user-restriction-container">
173
- <label><input class="user-restriction-type" type="radio" name="<?php echo 'user-restriction-type-' . $item_id; ?>" value="<?php echo self::$ALL_USERS; ?>" <?php echo $data->type === self::$ALL_USERS ? 'checked' : ''; ?> /><?php echo __('All Users', 'wpfront-user-role-editor'); ?></label>
174
- <label><input class="user-restriction-type" type="radio" name="<?php echo 'user-restriction-type-' . $item_id; ?>" value="<?php echo self::$LOGGEDIN_USERS; ?>" <?php echo $data->type === self::$LOGGEDIN_USERS ? 'checked' : ''; ?> /><?php echo __('Logged in Users', 'wpfront-user-role-editor'); ?></label>
175
- <label><input class="user-restriction-type" type="radio" name="<?php echo 'user-restriction-type-' . $item_id; ?>" value="<?php echo self::$GUEST_USERS; ?>" <?php echo $data->type === self::$GUEST_USERS ? 'checked' : ''; ?> /><?php echo __('Guest Users', 'wpfront-user-role-editor'); ?></label>
176
- <label><input class="user-restriction-type" type="radio" name="<?php echo 'user-restriction-type-' . $item_id; ?>" value="<?php echo self::$ROLE_USERS; ?>" <?php echo $data->type === self::$ROLE_USERS ? 'checked' : ''; ?> /><?php echo __('Users by Role', 'wpfront-user-role-editor'); ?></label>
177
  <span class="roles-container <?php echo $data->type === self::$ROLE_USERS ? '' : 'hidden'; ?>">
178
  <?php do_action('wp_nav_menu_item_custom_fields_roles_list', $item_id, $item, $depth, $args); ?>
179
  </span>
@@ -395,7 +395,7 @@ if (!class_exists('\WPFront\URE\Nav_Menu\WPFront_User_Role_Editor_Nav_Menu_Permi
395
 
396
  $checked = $checked ? 'checked' : '';
397
 
398
- echo "<input type='checkbox' name='$key' $checked />";
399
  }
400
 
401
  public function options_ui_update($key) {
@@ -452,7 +452,7 @@ if (!class_exists('\WPFront\URE\Nav_Menu\WPFront_User_Role_Editor_Nav_Menu_Permi
452
  }
453
 
454
  public static function get_debug_setting() {
455
- return array('key' => 'nav-menu-permissions', 'label' => 'Navigation Menu Permissions');
456
  }
457
 
458
  }
170
  <p class="description description-wide">
171
  <label><?php echo __('User Restrictions', 'wpfront-user-role-editor'); ?></label>
172
  <span class="user-restriction-container">
173
+ <label><input class="user-restriction-type" type="radio" name="<?php echo 'user-restriction-type-' . esc_attr($item_id); ?>" value="<?php echo self::$ALL_USERS; ?>" <?php echo $data->type === self::$ALL_USERS ? 'checked' : ''; ?> /><?php echo __('All Users', 'wpfront-user-role-editor'); ?></label>
174
+ <label><input class="user-restriction-type" type="radio" name="<?php echo 'user-restriction-type-' . esc_attr($item_id); ?>" value="<?php echo self::$LOGGEDIN_USERS; ?>" <?php echo $data->type === self::$LOGGEDIN_USERS ? 'checked' : ''; ?> /><?php echo __('Logged in Users', 'wpfront-user-role-editor'); ?></label>
175
+ <label><input class="user-restriction-type" type="radio" name="<?php echo 'user-restriction-type-' . esc_attr($item_id); ?>" value="<?php echo self::$GUEST_USERS; ?>" <?php echo $data->type === self::$GUEST_USERS ? 'checked' : ''; ?> /><?php echo __('Guest Users', 'wpfront-user-role-editor'); ?></label>
176
+ <label><input class="user-restriction-type" type="radio" name="<?php echo 'user-restriction-type-' . esc_attr($item_id); ?>" value="<?php echo self::$ROLE_USERS; ?>" <?php echo $data->type === self::$ROLE_USERS ? 'checked' : ''; ?> /><?php echo __('Users by Role', 'wpfront-user-role-editor'); ?></label>
177
  <span class="roles-container <?php echo $data->type === self::$ROLE_USERS ? '' : 'hidden'; ?>">
178
  <?php do_action('wp_nav_menu_item_custom_fields_roles_list', $item_id, $item, $depth, $args); ?>
179
  </span>
395
 
396
  $checked = $checked ? 'checked' : '';
397
 
398
+ echo "<input type='checkbox' name='".esc_attr($key)."' $checked />";
399
  }
400
 
401
  public function options_ui_update($key) {
452
  }
453
 
454
  public static function get_debug_setting() {
455
+ return array('key' => 'nav-menu-permissions', 'label' => __('Navigation Menu Permissions', 'wpfront-user-role-editor'), 'position' => 160, 'description' => __('Disables navigation menu permissions functionality.', 'wpfront-user-role-editor'));
456
  }
457
 
458
  }
includes/post-type/class-abstract-post-type-custom-cap.php CHANGED
@@ -317,6 +317,12 @@ if (!class_exists('\WPFront\URE\Post_Type\WPFront_User_Role_Editor_Post_Type_Cus
317
  $role_names = RolesHelper::get_roles();
318
  foreach ($role_names as $role_name) {
319
  $role = RolesHelper::get_role($role_name);
 
 
 
 
 
 
320
  if (isset($role->capabilities[$check_cap])) {
321
  if (!isset($role->capabilities[$cap])) {
322
  $role->add_cap($cap, $role->capabilities[$check_cap]);
317
  $role_names = RolesHelper::get_roles();
318
  foreach ($role_names as $role_name) {
319
  $role = RolesHelper::get_role($role_name);
320
+
321
+ if($check_cap === true) {
322
+ $role->add_cap($cap, true);
323
+ continue;
324
+ }
325
+
326
  if (isset($role->capabilities[$check_cap])) {
327
  if (!isset($role->capabilities[$cap])) {
328
  $role->add_cap($cap, $role->capabilities[$check_cap]);
includes/post-type/class-post-type-list-table.php CHANGED
@@ -167,7 +167,7 @@ if (!class_exists('\WPFront\URE\Post_Type\WPFront_User_Role_Editor_Post_Type_Lis
167
  <th scope="row" class="check-column">
168
  <?php if ($item->can_edit) { ?>
169
  <label class="screen-reader-text" for="post_type_select" ?></label>
170
- <input type="checkbox" id="post_type_<?php echo $item->name; ?>" name="post_types[]" value="<?php echo esc_attr($item->name); ?>" />
171
  <?php } ?>
172
  </th>
173
  <?php
@@ -179,47 +179,47 @@ if (!class_exists('\WPFront\URE\Post_Type\WPFront_User_Role_Editor_Post_Type_Lis
179
  <td <?php echo $attributes; ?>>
180
  <?php
181
  if ($item->can_edit) {
182
- $edit_link = $this->controller->get_edit_url($item->name);
183
  ?>
184
  <strong>
185
- <a href="<?php echo $edit_link; ?>" class="edit">
186
- <?php echo $item->name; ?>
187
  </a>
188
  </strong>
189
  <?php
190
  } else {
191
- ?> <?php echo $item->name; ?> <?php
192
  }
193
  $actions = array();
194
  if ($item->can_edit) {
195
  $edit_link = $this->controller->get_edit_url($item->name);
196
  $display = __('Edit', 'wpfront-user-role-editor');
197
- $actions['edit'] = "<a href='$edit_link'>$display</a>";
198
  }
199
  if ($item->can_delete) {
200
  $delete_link = $this->controller->get_delete_url($item->name);
201
  $display = __('Delete', 'wpfront-user-role-editor');
202
- $actions['delete'] = "<a href='$delete_link'>$display</a>";
203
  }
204
  if ($item->can_activate) {
205
  $activate_link = $this->controller->get_activate_url($item->name);
206
  $display = __('Activate', 'wpfront-user-role-editor');
207
- $actions['activate'] = "<a href='$activate_link'>$display</a>";
208
  }
209
  if ($item->can_deactivate) {
210
  $deactivate_link = $this->controller->get_deactivate_url($item->name);
211
  $display = __('Deactivate', 'wpfront-user-role-editor');
212
- $actions['deactivate'] = "<a href='$deactivate_link'>$display</a>";
213
  }
214
  if ($item->can_clone) {
215
  $clone_link = $this->controller->get_clone_url($item->name);
216
  $display = __('Clone', 'wpfront-user-role-editor');
217
- $actions['clone'] = "<a href='$clone_link'>$display</a>";
218
  }
219
  if ($item->can_restore) {
220
  $restore_link = $this->controller->get_restore_url($item->name);
221
  $display = __('Restore', 'wpfront-user-role-editor');
222
- $actions['restore'] = "<a href='$restore_link'>$display</a>";
223
  }
224
  echo $this->row_actions($actions);
225
  ?>
@@ -230,7 +230,7 @@ if (!class_exists('\WPFront\URE\Post_Type\WPFront_User_Role_Editor_Post_Type_Lis
230
  protected function label_cell($item) {
231
  ?>
232
  <td class="label column-label">
233
- <?php echo $item->label; ?>
234
  </td>
235
  <?php
236
  }
@@ -314,4 +314,4 @@ if (!class_exists('\WPFront\URE\Post_Type\WPFront_User_Role_Editor_Post_Type_Lis
314
  }
315
 
316
  }
317
-
167
  <th scope="row" class="check-column">
168
  <?php if ($item->can_edit) { ?>
169
  <label class="screen-reader-text" for="post_type_select" ?></label>
170
+ <input type="checkbox" id="post_type_<?php echo esc_attr($item->name); ?>" name="post_types[]" value="<?php echo esc_attr($item->name); ?>" />
171
  <?php } ?>
172
  </th>
173
  <?php
179
  <td <?php echo $attributes; ?>>
180
  <?php
181
  if ($item->can_edit) {
182
+ $edit_link = esc_url_raw($this->controller->get_edit_url($item->name));
183
  ?>
184
  <strong>
185
+ <a href="<?php echo esc_attr($edit_link); ?>" class="edit">
186
+ <?php echo esc_html($item->name); ?>
187
  </a>
188
  </strong>
189
  <?php
190
  } else {
191
+ ?> <?php echo esc_html($item->name); ?> <?php
192
  }
193
  $actions = array();
194
  if ($item->can_edit) {
195
  $edit_link = $this->controller->get_edit_url($item->name);
196
  $display = __('Edit', 'wpfront-user-role-editor');
197
+ $actions['edit'] = "<a href='".esc_attr($edit_link)."'>".esc_html($display)."</a>";
198
  }
199
  if ($item->can_delete) {
200
  $delete_link = $this->controller->get_delete_url($item->name);
201
  $display = __('Delete', 'wpfront-user-role-editor');
202
+ $actions['delete'] = "<a href='".esc_attr($delete_link)."'>".esc_html($display)."</a>";
203
  }
204
  if ($item->can_activate) {
205
  $activate_link = $this->controller->get_activate_url($item->name);
206
  $display = __('Activate', 'wpfront-user-role-editor');
207
+ $actions['activate'] = "<a href='".esc_attr($activate_link)."'>".esc_html($display)."</a>";
208
  }
209
  if ($item->can_deactivate) {
210
  $deactivate_link = $this->controller->get_deactivate_url($item->name);
211
  $display = __('Deactivate', 'wpfront-user-role-editor');
212
+ $actions['deactivate'] = "<a href='".esc_attr($deactivate_link)."'>".esc_html($display)."</a>";
213
  }
214
  if ($item->can_clone) {
215
  $clone_link = $this->controller->get_clone_url($item->name);
216
  $display = __('Clone', 'wpfront-user-role-editor');
217
+ $actions['clone'] = "<a href='".esc_attr($clone_link)."'>".esc_html($display)."</a>";
218
  }
219
  if ($item->can_restore) {
220
  $restore_link = $this->controller->get_restore_url($item->name);
221
  $display = __('Restore', 'wpfront-user-role-editor');
222
+ $actions['restore'] = "<a href='".esc_attr($restore_link)."'>".esc_html($display)."</a>";
223
  }
224
  echo $this->row_actions($actions);
225
  ?>
230
  protected function label_cell($item) {
231
  ?>
232
  <td class="label column-label">
233
+ <?php echo esc_html($item->label); ?>
234
  </td>
235
  <?php
236
  }
314
  }
315
 
316
  }
317
+
includes/post-type/class-post-type.php CHANGED
@@ -1362,7 +1362,7 @@ if (!class_exists('\WPFront\URE\Post_Type\WPFront_User_Role_Editor_Post_Type'))
1362
  }
1363
 
1364
  public static function get_debug_setting() {
1365
- return array('key' => 'post-type', 'label' => 'Post Types');
1366
  }
1367
 
1368
  }
1362
  }
1363
 
1364
  public static function get_debug_setting() {
1365
+ return array('key' => 'post-type', 'label' => __('Post Types', 'wpfront-user-role-editor'), 'position' => 90, 'description' => __('Disables all Post Type functionalities including custom capabilities.', 'wpfront-user-role-editor'));
1366
  }
1367
 
1368
  }
includes/post-type/custom-caps/class-create-posts-capability.php CHANGED
@@ -77,7 +77,7 @@ if (!class_exists('\WPFront\URE\Post_Type\Custom_Caps\WPFront_User_Role_Editor_C
77
  }
78
 
79
  protected function get_debug_setting() {
80
- return array('key' => 'create-custom-capability', 'label' => '"create" Capability');
81
  }
82
 
83
  }
77
  }
78
 
79
  protected function get_debug_setting() {
80
+ return array('key' => 'create-custom-capability', 'label' => __('"create" Capabilities', 'wpfront-user-role-editor'), 'position' => 30, 'description' => __('Disables all "create_" capabilities.', 'wpfront-user-role-editor'));
81
  }
82
 
83
  }
includes/post-type/custom-caps/class-read-others-capability.php CHANGED
@@ -69,7 +69,7 @@ if (!class_exists('\WPFront\URE\Post_Type\Custom_Caps\WPFront_User_Role_Editor_R
69
  * Returns the cap to check while defining role defaults.
70
  */
71
  protected function role_default_value_cap($post_type){
72
- return 'read';
73
  }
74
 
75
  protected function can_merge() {
@@ -77,7 +77,7 @@ if (!class_exists('\WPFront\URE\Post_Type\Custom_Caps\WPFront_User_Role_Editor_R
77
  }
78
 
79
  protected function get_debug_setting() {
80
- return array('key' => 'read_others-custom-capability', 'label' => '"read_others" Capability');
81
  }
82
 
83
 
69
  * Returns the cap to check while defining role defaults.
70
  */
71
  protected function role_default_value_cap($post_type){
72
+ return true;
73
  }
74
 
75
  protected function can_merge() {
77
  }
78
 
79
  protected function get_debug_setting() {
80
+ return array('key' => 'read_others-custom-capability', 'label' => __('"read_others" Capabilities', 'wpfront-user-role-editor'), 'position' => 40, 'description' => __('Disables all "read_others_" capabilities.', 'wpfront-user-role-editor'));
81
  }
82
 
83
 
includes/post-type/template-add-edit.php CHANGED
@@ -68,7 +68,7 @@ if (!class_exists('WPFront\URE\Post_Type\WPFront_User_Role_Editor_Post_Type_Add_
68
  $action = $this->controller->get_edit_url($this->post_type_data->name);
69
  }
70
  ?>
71
- <form method="post" class="validate" action="<?php echo $action; ?>">
72
  <?php $this->create_meta_boxes(); ?>
73
  <div id="poststuff">
74
  <div id="post-body" class="metabox-holder columns-2" style="display:flow-root">
@@ -746,8 +746,8 @@ if (!class_exists('WPFront\URE\Post_Type\WPFront_User_Role_Editor_Post_Type_Add_
746
  $prop_value = $value;
747
  }
748
  }
749
-
750
- if(empty($prop_value)) {
751
  $prop_value = $this->get_property_value($name);
752
  }
753
  $prop_current_value = $this->get_current_property_value($name);
@@ -844,13 +844,13 @@ if (!class_exists('WPFront\URE\Post_Type\WPFront_User_Role_Editor_Post_Type_Add_
844
  ?>
845
  <tr class="<?php echo!empty($obj->required) ? 'form-required ' : ''; ?>">
846
  <th scope="row">
847
- <?php echo $label; ?>
848
- <?php if (!empty($obj->required)) { ?>
849
  <span class="description"> (<?php echo __('required', 'wpfront-user-role-editor'); ?>)</span>
850
- <?php } ?>
851
  </th>
852
  <td>
853
- <input id="<?php echo $name; ?>" class="regular-text <?php echo $class; ?>" name="<?php echo $name; ?>" type="text" value="<?php echo $value; ?>" <?php echo $attr; ?> />
854
  <?php
855
  if (!empty($obj->help)) {
856
  $this->echo_help_tooltip($obj->help, $obj->help_current_value);
@@ -858,50 +858,52 @@ if (!class_exists('WPFront\URE\Post_Type\WPFront_User_Role_Editor_Post_Type_Add_
858
  ?>
859
  </td>
860
  </tr>
861
- <?php
862
- }
863
 
864
- protected function dropdown_row($label, $name, $options, $value, $obj) {
865
- $attr = '';
866
- $placeholder = '';
867
- if (!empty($obj->attr)) {
868
- $attr .= $obj->attr . ' ';
869
- }
870
- if ($name === 'show_in_menu') {
871
- $placeholder = __('top level menu', 'wpfront-user-role-editor');
872
- }
873
- if ($name === 'has_archive' || $name === 'query_var') {
874
- if (isset($this->post_type_obj->name)) {
875
- $placeholder = $this->post_type_obj->name;
876
- }
877
- }
878
- ?>
879
  <tr>
880
  <th scope="row">
881
- <?php echo $label; ?>
882
  </th>
883
  <td>
884
- <select name="<?php echo $name; ?>" class="<?php echo!empty($obj->txt) ? 'has-depends' : ''; ?>" <?php echo $attr; ?> >
885
- <?php
886
- foreach ($options as $option) {
887
- $selected = $option->value === $value ? 'selected' : '';
888
- if ($option->value === true) {
889
- $option->value = '1';
890
- } elseif ($option->value === false) {
891
- $option->value = '0';
892
- }
893
- echo "<option value='{$option->value}' $selected>{$option->label}</option>";
894
- }
895
- ?>
896
- </select>
897
  <?php
898
- if (!empty($obj->txt)) {
899
- $txt_value = $obj->txt['value'];
900
- if (!empty($_POST['submit'])) { //on a POST with validation error, display POSTed value.
901
- $txt_value = $_POST[$obj->txt['name']];
 
 
902
  }
903
- ?>
904
- <input type="text" name="<?php echo $obj->txt['name']; ?>" placeholder="<?php echo $placeholder; ?>" value="<?php echo $txt_value; ?>" data-depends="<?php echo $name; ?>" data-depends-on="<?php echo $obj->txt['depends_on']; ?>" />
 
 
 
 
 
 
 
 
 
 
 
 
905
  <?php
906
  }
907
  ?>
@@ -911,45 +913,45 @@ if (!class_exists('WPFront\URE\Post_Type\WPFront_User_Role_Editor_Post_Type_Add_
911
  }
912
  ?>
913
  </tr>
914
- <?php
915
- }
916
 
917
- protected function multilist_row($label, $name, $values, $options, $obj) {
918
- if (empty($values)) {
919
- $values = [];
920
- }
921
- ?>
922
  <tr>
923
  <th scope="row">
924
- <?php
925
- echo $label;
926
- $placeholder = __('Choose From Options', 'wpfront-user-role-editor');
927
- ?>
928
- </th>
929
- <td>
930
- <select data-placeholder="<?php echo $placeholder; ?>" name="<?php echo $name; ?>[]" class="chosen-select" multiple>
931
  <?php
932
- foreach ($options as $value => $label) {
933
- $selected = in_array($value, $values) ? 'selected' : '';
934
- echo "<option value='$value' $selected>$label</option>";
935
- }
936
  ?>
937
- </select>
 
 
938
  <?php
939
- if (!empty($obj->help)) {
940
- $this->echo_help_tooltip($obj->help, $obj->help_current_value);
 
941
  }
942
  ?>
943
- </tr>
944
  <?php
945
- }
946
-
947
- protected function echo_help_tooltip($pretext, $current_value) {
948
- $title = esc_attr($pretext);
949
- if (!empty($this->post_type_obj)) {
950
- $title .= '<br />' . esc_attr(sprintf(__('Current value is "<b>%s</b>"', 'wpfront-user-role-editor'), $current_value));
951
  }
952
  ?>
 
 
 
 
 
 
 
 
 
 
953
  <i class="fa fa-question-circle-o" title="<?php echo $title; ?>"></i>
954
  <?php
955
  }
68
  $action = $this->controller->get_edit_url($this->post_type_data->name);
69
  }
70
  ?>
71
+ <form method="post" class="validate" action="<?php echo esc_attr($action); ?>">
72
  <?php $this->create_meta_boxes(); ?>
73
  <div id="poststuff">
74
  <div id="post-body" class="metabox-holder columns-2" style="display:flow-root">
746
  $prop_value = $value;
747
  }
748
  }
749
+
750
+ if (empty($prop_value)) {
751
  $prop_value = $this->get_property_value($name);
752
  }
753
  $prop_current_value = $this->get_current_property_value($name);
844
  ?>
845
  <tr class="<?php echo!empty($obj->required) ? 'form-required ' : ''; ?>">
846
  <th scope="row">
847
+ <?php echo esc_html($label); ?>
848
+ <?php if (!empty($obj->required)) { ?>
849
  <span class="description"> (<?php echo __('required', 'wpfront-user-role-editor'); ?>)</span>
850
+ <?php } ?>
851
  </th>
852
  <td>
853
+ <input id="<?php echo esc_attr($name); ?>" class="regular-text <?php echo $class; ?>" name="<?php echo esc_attr($name); ?>" type="text" value="<?php echo esc_attr($value); ?>" <?php echo $attr; ?> />
854
  <?php
855
  if (!empty($obj->help)) {
856
  $this->echo_help_tooltip($obj->help, $obj->help_current_value);
858
  ?>
859
  </td>
860
  </tr>
861
+ <?php
862
+ }
863
 
864
+ protected function dropdown_row($label, $name, $options, $value, $obj) {
865
+ $attr = '';
866
+ $placeholder = '';
867
+ if (!empty($obj->attr)) {
868
+ $attr .= $obj->attr . ' ';
869
+ }
870
+ if ($name === 'show_in_menu') {
871
+ $placeholder = __('top level menu', 'wpfront-user-role-editor');
872
+ }
873
+ if ($name === 'has_archive' || $name === 'query_var') {
874
+ if (isset($this->post_type_obj->name)) {
875
+ $placeholder = $this->post_type_obj->name;
876
+ }
877
+ }
878
+ ?>
879
  <tr>
880
  <th scope="row">
881
+ <?php echo esc_html($label); ?>
882
  </th>
883
  <td>
884
+ <select name="<?php echo esc_attr($name); ?>" class="<?php echo!empty($obj->txt) ? 'has-depends' : ''; ?>" <?php echo $attr; ?> >
 
 
 
 
 
 
 
 
 
 
 
 
885
  <?php
886
+ foreach ($options as $option) {
887
+ $selected = $option->value === $value ? 'selected' : '';
888
+ if ($option->value === true) {
889
+ $option->value = '1';
890
+ } elseif ($option->value === false) {
891
+ $option->value = '0';
892
  }
893
+ $option_value = esc_attr($option->value);
894
+ $option_label = esc_html($option->label);
895
+ echo "<option value='$option_value' $selected>$option_label</option>";
896
+ }
897
+ ?>
898
+ </select>
899
+ <?php
900
+ if (!empty($obj->txt)) {
901
+ $txt_value = $obj->txt['value'];
902
+ if (!empty($_POST['submit'])) { //on a POST with validation error, display POSTed value.
903
+ $txt_value = $_POST[$obj->txt['name']];
904
+ }
905
+ ?>
906
+ <input type="text" name="<?php echo esc_attr($obj->txt['name']); ?>" placeholder="<?php echo esc_attr($placeholder); ?>" value="<?php echo esc_attr($txt_value); ?>" data-depends="<?php echo esc_attr($name); ?>" data-depends-on="<?php echo esc_attr($obj->txt['depends_on']); ?>" />
907
  <?php
908
  }
909
  ?>
913
  }
914
  ?>
915
  </tr>
916
+ <?php
917
+ }
918
 
919
+ protected function multilist_row($label, $name, $values, $options, $obj) {
920
+ if (empty($values)) {
921
+ $values = [];
922
+ }
923
+ ?>
924
  <tr>
925
  <th scope="row">
 
 
 
 
 
 
 
926
  <?php
927
+ echo esc_html($label);
928
+ $placeholder = __('Choose From Options', 'wpfront-user-role-editor');
 
 
929
  ?>
930
+ </th>
931
+ <td>
932
+ <select data-placeholder="<?php echo esc_attr($placeholder); ?>" name="<?php echo esc_attr($name); ?>[]" class="chosen-select" multiple>
933
  <?php
934
+ foreach ($options as $value => $label) {
935
+ $selected = in_array($value, $values) ? 'selected' : '';
936
+ echo "<option value='".esc_attr($value)."' $selected>".esc_html($label)."</option>";
937
  }
938
  ?>
939
+ </select>
940
  <?php
941
+ if (!empty($obj->help)) {
942
+ $this->echo_help_tooltip($obj->help, $obj->help_current_value);
 
 
 
 
943
  }
944
  ?>
945
+ </tr>
946
+ <?php
947
+ }
948
+
949
+ protected function echo_help_tooltip($pretext, $current_value) {
950
+ $title = esc_attr($pretext);
951
+ if (!empty($this->post_type_obj)) {
952
+ $title .= '<br />' . esc_attr(sprintf(__('Current value is "<b>%s</b>"', 'wpfront-user-role-editor'), $current_value));
953
+ }
954
+ ?>
955
  <i class="fa fa-question-circle-o" title="<?php echo $title; ?>"></i>
956
  <?php
957
  }
includes/post-type/template-delete.php CHANGED
@@ -77,11 +77,11 @@ if (!class_exists('WPFront\URE\Post_Type\WPFront_User_Role_Editor_Post_Type_Dele
77
  <?php
78
  $this->title();
79
  ?>
80
- <form id="form-post-type" method="post" action="<?php echo $this->display['url']; ?>">
81
  <ol>
82
  <?php $this->post_types_display(); ?>
83
  </ol>
84
- <input type="hidden" name="action" value="<?php echo $this->display['action']; ?>" />
85
  <?php
86
  wp_nonce_field('bulk-action-view-post');
87
  submit_button($this->display['button_text'], 'button-secondary');
@@ -94,16 +94,19 @@ if (!class_exists('WPFront\URE\Post_Type\WPFront_User_Role_Editor_Post_Type_Dele
94
  protected function title() {
95
  ?>
96
  <h2>
97
- <?php echo $this->display['title']; ?>
98
- <p><?php echo $this->display['description']; ?></p>
99
  </h2>
100
  <?php
101
  }
102
 
103
  protected function post_types_display() {
104
  foreach ($this->post_type_entitties as $entity) {
105
- echo "<li>{$entity->label} [{$entity->name}]</li>";
106
- echo "<input type='hidden' name='post_types[]' value='{$entity->name}' />";
 
 
 
107
  }
108
  }
109
 
77
  <?php
78
  $this->title();
79
  ?>
80
+ <form id="form-post-type" method="post" action="<?php echo esc_attr($this->display['url']); ?>">
81
  <ol>
82
  <?php $this->post_types_display(); ?>
83
  </ol>
84
+ <input type="hidden" name="action" value="<?php echo esc_attr($this->display['action']); ?>" />
85
  <?php
86
  wp_nonce_field('bulk-action-view-post');
87
  submit_button($this->display['button_text'], 'button-secondary');
94
  protected function title() {
95
  ?>
96
  <h2>
97
+ <?php echo esc_html($this->display['title']); ?>
98
+ <p><?php echo esc_html($this->display['description']); ?></p>
99
  </h2>
100
  <?php
101
  }
102
 
103
  protected function post_types_display() {
104
  foreach ($this->post_type_entitties as $entity) {
105
+ $post_type_label = $entity->label;
106
+ $post_type_name = $entity->name;
107
+
108
+ echo "<li>".esc_html($post_type_label)." [".esc_html($post_type_name)."]</li>";
109
+ echo "<input type='hidden' name='post_types[]' value='".esc_attr($post_type_name)."' />";
110
  }
111
  }
112
 
includes/post-type/template-post-type.php CHANGED
@@ -68,7 +68,7 @@ if (!class_exists('WPFront\URE\Post_Type\WPFront_User_Role_Editor_Post_Type_List
68
  $list_table->prepare_items();
69
  ?>
70
  <form action="" method="get" class="search-form">
71
- <input type="hidden" name="page" value="<?php echo $this->controller::MENU_SLUG; ?>" />
72
  <?php $list_table->search_box(__('Search', 'wpfront-user-role-editor'), 'post-type'); ?>
73
  </form>
74
  <form id="form-post-type" method="post">
@@ -87,7 +87,7 @@ if (!class_exists('WPFront\URE\Post_Type\WPFront_User_Role_Editor_Post_Type_List
87
  echo __('Post Types', 'wpfront-user-role-editor');
88
  if (current_user_can('create_posttypes')) {
89
  ?>
90
- <a href="<?php echo $this->controller->get_add_new_url() ?>" class="add-new-h2"><?php echo __('Add New', 'wpfront-user-role-editor'); ?></a>
91
  <?php
92
  }
93
  ?>
@@ -104,7 +104,7 @@ if (!class_exists('WPFront\URE\Post_Type\WPFront_User_Role_Editor_Post_Type_List
104
  $active_filter = $this->PostType->get_active_list_filter();
105
  $filter_data = $this->PostType->get_list_filter_data();
106
  foreach ($filter_data as $key => $value) {
107
- $link_data[] = sprintf('<a href="%s" class="%s">%s <span class="count">(%s)</span></a>', $value['url'], ($active_filter == $key ? 'current' : ''), $value['display'], $value['count']);
108
  }
109
  echo implode('&#160;|&#160;</li><li> ', $link_data);
110
  ?>
@@ -120,10 +120,10 @@ if (!class_exists('WPFront\URE\Post_Type\WPFront_User_Role_Editor_Post_Type_List
120
 
121
  if (isset($_GET['post-type-activated'])) {
122
  $count = $_GET['post-type-activated'];
123
- Utils::notice_updated(sprintf(__('%d post type(s) activated successfully.', 'wpfront-user-role-editor'), $count));
124
  } elseif (isset($_GET['post-type-deactivated'])) {
125
  $count = $_GET['post-type-deactivated'];
126
- Utils::notice_updated(sprintf(__('%d post type(s) deactivated successfully.', 'wpfront-user-role-editor'), $count));
127
  } elseif (!empty($_GET['post-types-deleted'])) {
128
  Utils::notice_updated(__('Post type(s) deleted successfully.', 'wpfront-user-role-editor'));
129
  } elseif (!empty($_GET['post-type-added'])) {
68
  $list_table->prepare_items();
69
  ?>
70
  <form action="" method="get" class="search-form">
71
+ <input type="hidden" name="page" value="<?php echo esc_attr($this->controller::MENU_SLUG); ?>" />
72
  <?php $list_table->search_box(__('Search', 'wpfront-user-role-editor'), 'post-type'); ?>
73
  </form>
74
  <form id="form-post-type" method="post">
87
  echo __('Post Types', 'wpfront-user-role-editor');
88
  if (current_user_can('create_posttypes')) {
89
  ?>
90
+ <a href="<?php echo esc_attr($this->controller->get_add_new_url()) ?>" class="add-new-h2"><?php echo __('Add New', 'wpfront-user-role-editor'); ?></a>
91
  <?php
92
  }
93
  ?>
104
  $active_filter = $this->PostType->get_active_list_filter();
105
  $filter_data = $this->PostType->get_list_filter_data();
106
  foreach ($filter_data as $key => $value) {
107
+ $link_data[] = sprintf('<a href="%s" class="%s">%s <span class="count">(%s)</span></a>', esc_attr($value['url']), ($active_filter == $key ? 'current' : ''), esc_html($value['display']), esc_html($value['count']));
108
  }
109
  echo implode('&#160;|&#160;</li><li> ', $link_data);
110
  ?>
120
 
121
  if (isset($_GET['post-type-activated'])) {
122
  $count = $_GET['post-type-activated'];
123
+ Utils::notice_updated(sprintf(__('%d post type(s) activated successfully.', 'wpfront-user-role-editor'), intval($count)));
124
  } elseif (isset($_GET['post-type-deactivated'])) {
125
  $count = $_GET['post-type-deactivated'];
126
+ Utils::notice_updated(sprintf(__('%d post type(s) deactivated successfully.', 'wpfront-user-role-editor'), intval($count)));
127
  } elseif (!empty($_GET['post-types-deleted'])) {
128
  Utils::notice_updated(__('Post type(s) deleted successfully.', 'wpfront-user-role-editor'));
129
  } elseif (!empty($_GET['post-type-added'])) {
includes/restore/class-restore.php CHANGED
@@ -303,7 +303,7 @@ if (!class_exists('\WPFront\URE\Restore\WPFront_User_Role_Editor_Restore')) {
303
  }
304
 
305
  public static function get_debug_setting() {
306
- return array('key' => 'restore', 'label' => 'Restore');
307
  }
308
  }
309
 
303
  }
304
 
305
  public static function get_debug_setting() {
306
+ return array('key' => 'restore', 'label' => __('Restore', 'wpfront-user-role-editor'), 'position' => 50, 'description' => __('Disables users ability to restore WordPress built-in roles.', 'wpfront-user-role-editor'));
307
  }
308
  }
309
 
includes/restore/template-restore.php CHANGED
@@ -74,16 +74,16 @@ if(!class_exists('WPFront\URE\Restore\WPFront_User_Role_Editor_Restore_View')) {
74
  ?>
75
  <tr class="form-field">
76
  <th scope="row">
77
- <?php echo $display_name; ?>
78
  </th>
79
  <td>
80
- <button class="button button-primary restore-role" value="<?php echo $role_name; ?>"><?php echo __('Restore', 'wpfront-user-role-editor'); ?></button>
81
  <div class="restore-role-button-container">
82
- <button class="button restore-role-cancel" value="<?php echo $role_name; ?>"><?php echo __('Cancel', 'wpfront-user-role-editor'); ?></button>
83
- <button class="button restore-role-confirm" value="<?php echo $role_name; ?>"><?php echo __('Confirm', 'wpfront-user-role-editor'); ?></button>
84
  </div>
85
  <div class="restore-role-loader">
86
- <img src="<?php echo $this->WPFURE->get_asset_url('images/loading.gif'); ?>" />
87
  </div>
88
  <div class="restore-role-success">
89
  <button class="button button" disabled="true">
74
  ?>
75
  <tr class="form-field">
76
  <th scope="row">
77
+ <?php echo esc_html($display_name); ?>
78
  </th>
79
  <td>
80
+ <button class="button button-primary restore-role" value="<?php echo esc_attr($role_name); ?>"><?php echo __('Restore', 'wpfront-user-role-editor'); ?></button>
81
  <div class="restore-role-button-container">
82
+ <button class="button restore-role-cancel" value="<?php echo esc_attr($role_name); ?>"><?php echo __('Cancel', 'wpfront-user-role-editor'); ?></button>
83
+ <button class="button restore-role-confirm" value="<?php echo esc_attr($role_name); ?>"><?php echo __('Confirm', 'wpfront-user-role-editor'); ?></button>
84
  </div>
85
  <div class="restore-role-loader">
86
+ <img src="<?php echo esc_attr($this->WPFURE->get_asset_url('images/loading.gif')); ?>" />
87
  </div>
88
  <div class="restore-role-success">
89
  <button class="button button" disabled="true">
includes/roles/class-roles-list.php CHANGED
@@ -664,7 +664,7 @@ if (!class_exists('\WPFront\URE\Roles\WPFront_User_Role_Editor_Roles_List')) {
664
  }
665
 
666
  public static function get_debug_setting() {
667
- return array('key' => 'roles', 'label' => 'All Roles & Add New');
668
  }
669
  }
670
 
664
  }
665
 
666
  public static function get_debug_setting() {
667
+ return array('key' => 'roles', 'label' => __('All Roles & Add New', 'wpfront-user-role-editor'), 'position' => 10, 'description' => __('Disables all roles actions and also users ability to create new role.', 'wpfront-user-role-editor'));
668
  }
669
  }
670
 
includes/roles/template-role-add-edit.php CHANGED
@@ -71,8 +71,8 @@ if (!class_exists('WPFront\URE\Roles\WPFront_User_Role_Editor_Role_Add_Edit_View
71
  $role_name = $role_data['role_name'];
72
  $read_only = $role_data['is_readonly'];
73
  ?>
74
- <input type="hidden" id="role-add-edit-role-name" name="role-add-edit-role-name" value="<?php echo $role_name; ?>" />
75
- <input type="hidden" id="role-add-edit-is-readonly" name="role-add-edit-is-readonly" value="<?php echo $read_only; ?>" />
76
  </form>
77
  </div>
78
  <?php $this->scripts(); ?>
@@ -127,7 +127,7 @@ if (!class_exists('WPFront\URE\Roles\WPFront_User_Role_Editor_Role_Add_Edit_View
127
  </label>
128
  </th>
129
  <td>
130
- <input name="display_name" type="text" id="display_name" value="<?php echo $this->get_role_display_name(); ?>" aria-required="true" <?php echo $this->is_role_display_name_disabled() ? 'disabled' : ''; ?> />
131
  </td>
132
  </tr>
133
  <tr class="form-field form-required <?php echo $this->is_role_name_valid() ? '' : 'form-invalid' ?>">
@@ -137,7 +137,7 @@ if (!class_exists('WPFront\URE\Roles\WPFront_User_Role_Editor_Role_Add_Edit_View
137
  </label>
138
  </th>
139
  <td>
140
- <input name="role_name" type="text" id="role_name" value="<?php echo $this->get_role_name(); ?>" aria-required="true" <?php echo $this->is_role_name_disabled() ? 'disabled' : ''; ?> />
141
  </td>
142
  </tr>
143
  </tbody>
@@ -164,7 +164,7 @@ if (!class_exists('WPFront\URE\Roles\WPFront_User_Role_Editor_Role_Add_Edit_View
164
  <?php
165
  $roles = $this->get_copy_from_roles();
166
  foreach ($roles as $name => $display) {
167
- printf('<option value="%s">%s</option>', $name, $display);
168
  }
169
  ?>
170
  </select>
@@ -234,13 +234,13 @@ if (!class_exists('WPFront\URE\Roles\WPFront_User_Role_Editor_Role_Add_Edit_View
234
  $help_url = apply_filters("wpfront_ure_capability_{$cap}_ui_help_link", $help_url, $cap);
235
  ?>
236
  <div>
237
- <input type="checkbox" class="allow" id="<?php echo 'cap-' . $cap . '-allow'; ?>" name="capabilities[<?php echo $cap; ?>][allow]" <?php echo $value->disabled ? 'disabled' : '' ?> <?php echo $this->is_cap_granted($cap) ? 'checked' : '' ?> />
238
- <input type="checkbox" class="deny hidden" id="<?php echo 'cap-' . $cap . '-deny'; ?>" name="capabilities[<?php echo $cap; ?>][deny]" <?php echo $value->disabled ? 'disabled' : '' ?> <?php echo $this->is_cap_denied($cap) ? 'checked' : '' ?> />
239
- <label class="cap-label cap-label-<?php echo $cap; ?> <?php echo $enabled ? '' : 'disabled'; ?> <?php echo $this->is_cap_denied($cap) ? 'denied' : '' ?>" data-cap="<?php echo $cap; ?>" title="<?php echo $cap; ?>"><?php echo esc_html($cap); ?></label>
240
  <?php
241
  if (!empty($help_url)) {
242
  ?>
243
- <a target="_blank" href="<?php echo $help_url; ?>">
244
  <i class="fa fa-question-circle-o"></i>
245
  </a>
246
  <?php
71
  $role_name = $role_data['role_name'];
72
  $read_only = $role_data['is_readonly'];
73
  ?>
74
+ <input type="hidden" id="role-add-edit-role-name" name="role-add-edit-role-name" value="<?php echo esc_attr($role_name); ?>" />
75
+ <input type="hidden" id="role-add-edit-is-readonly" name="role-add-edit-is-readonly" value="<?php echo esc_attr($read_only); ?>" />
76
  </form>
77
  </div>
78
  <?php $this->scripts(); ?>
127
  </label>
128
  </th>
129
  <td>
130
+ <input name="display_name" type="text" id="display_name" value="<?php echo esc_attr($this->get_role_display_name()); ?>" aria-required="true" <?php echo $this->is_role_display_name_disabled() ? 'disabled' : ''; ?> />
131
  </td>
132
  </tr>
133
  <tr class="form-field form-required <?php echo $this->is_role_name_valid() ? '' : 'form-invalid' ?>">
137
  </label>
138
  </th>
139
  <td>
140
+ <input name="role_name" type="text" id="role_name" value="<?php echo esc_attr($this->get_role_name()); ?>" aria-required="true" <?php echo $this->is_role_name_disabled() ? 'disabled' : ''; ?> />
141
  </td>
142
  </tr>
143
  </tbody>
164
  <?php
165
  $roles = $this->get_copy_from_roles();
166
  foreach ($roles as $name => $display) {
167
+ printf('<option value="%s">%s</option>', esc_attr($name), esc_html($display));
168
  }
169
  ?>
170
  </select>
234
  $help_url = apply_filters("wpfront_ure_capability_{$cap}_ui_help_link", $help_url, $cap);
235
  ?>
236
  <div>
237
+ <input type="checkbox" class="allow" id="<?php echo 'cap-' . esc_attr($cap) . '-allow'; ?>" name="capabilities[<?php echo esc_attr($cap); ?>][allow]" <?php echo $value->disabled ? 'disabled' : '' ?> <?php echo $this->is_cap_granted($cap) ? 'checked' : '' ?> />
238
+ <input type="checkbox" class="deny hidden" id="<?php echo 'cap-' . esc_attr($cap) . '-deny'; ?>" name="capabilities[<?php echo esc_attr($cap); ?>][deny]" <?php echo $value->disabled ? 'disabled' : '' ?> <?php echo $this->is_cap_denied($cap) ? 'checked' : '' ?> />
239
+ <label class="cap-label cap-label-<?php echo esc_attr($cap); ?> <?php echo $enabled ? '' : 'disabled'; ?> <?php echo $this->is_cap_denied($cap) ? 'denied' : '' ?>" data-cap="<?php echo esc_attr($cap); ?>" title="<?php echo esc_attr($cap); ?>"><?php echo esc_html($cap); ?></label>
240
  <?php
241
  if (!empty($help_url)) {
242
  ?>
243
+ <a target="_blank" href="<?php echo esc_attr($help_url); ?>">
244
  <i class="fa fa-question-circle-o"></i>
245
  </a>
246
  <?php
includes/roles/template-role-delete.php CHANGED
@@ -87,12 +87,12 @@ if(!class_exists('WPFront\URE\Roles\WPFront_User_Role_Editor_Role_Delete_View'))
87
  }
88
 
89
  protected function display_role_data($data) {
90
- printf('%s: <strong>%s</strong> [<strong>%s</strong>]', __('Role', 'wpfront-user-role-editor'), $data->name, $data->display_name);
91
  if(!empty($data->status_message)) {
92
- printf(' - <strong>%s</strong>', $data->status_message);
93
  }
94
  ?>
95
- <input type="hidden" name="delete-roles[<?php echo $data->name; ?>]" value="1" />
96
  <?php
97
  }
98
 
87
  }
88
 
89
  protected function display_role_data($data) {
90
+ printf('%s: <strong>%s</strong> [<strong>%s</strong>]', __('Role', 'wpfront-user-role-editor'), esc_html($data->name), esc_html($data->display_name));
91
  if(!empty($data->status_message)) {
92
+ printf(' - <strong>%s</strong>', esc_html($data->status_message));
93
  }
94
  ?>
95
+ <input type="hidden" name="delete-roles[<?php echo esc_attr($data->name); ?>]" value="1" />
96
  <?php
97
  }
98
 
includes/roles/template-roles-list.php CHANGED
@@ -103,7 +103,7 @@ if(!class_exists('WPFront\URE\Roles\WPFront_User_Role_Editor_Roles_List_View'))
103
  $active_filter = $this->get_active_list_filter();
104
  $filter_data = $this->RolesList->get_list_filter_data();
105
  foreach ($filter_data as $key => $value) {
106
- $link_data[] = sprintf('<a href="%s" class="%s">%s <span class="count">(%s)</span></a>', $value['url'], ($active_filter == $key ? 'current' : ''), $value['display'], $value['count']);
107
  }
108
  echo implode('&#160;|&#160;</li><li> ', $link_data);
109
  ?>
@@ -116,7 +116,7 @@ if(!class_exists('WPFront\URE\Roles\WPFront_User_Role_Editor_Roles_List_View'))
116
  ?>
117
  <p class = "search-box">
118
  <label class = "screen-reader-text" for = "role-search-input"><?php echo __('Search Roles', 'wpfront-user-role-editor') . ':'; ?></label>
119
- <input type="search" id="role-search-input" name="s" value="<?php echo $this->get_search_term(); ?>">
120
  <input type="submit" name="search-submit" id="search-submit" class="button" value="<?php echo __('Search Roles', 'wpfront-user-role-editor'); ?>">
121
  </p>
122
  <?php
@@ -173,7 +173,7 @@ if(!class_exists('WPFront\URE\Roles\WPFront_User_Role_Editor_Roles_List_View'))
173
  <th scope="col" id="%1$s" class="manage-column column-%1$s num">
174
  <a><span>%2$s</span></a>
175
  </th>
176
- ', $key, $value);
177
  }
178
  ?>
179
  </tr>
@@ -209,8 +209,8 @@ if(!class_exists('WPFront\URE\Roles\WPFront_User_Role_Editor_Roles_List_View'))
209
  ?>
210
  <th scope="row" class="check-column">
211
  <?php if($is_editable) { ?>
212
- <label class="screen-reader-text" for="cb-select-<?php echo $role_name; ?>"><?php echo sprintf(__('Select %s', 'wpfront-user-role-editor'), $display_name) ?></label>
213
- <input type="checkbox" name="selected-roles[<?php echo $role_name; ?>]" id="cb-select-<?php echo $role_name; ?>" />
214
  <?php } ?>
215
  </th>
216
  <?php
@@ -218,10 +218,10 @@ if(!class_exists('WPFront\URE\Roles\WPFront_User_Role_Editor_Roles_List_View'))
218
 
219
  protected function cell_display_name($role_name, $value) {
220
  $display_name = $value['display_name'];
221
- $edit_url = $value['edit_url'];
222
  $is_editable = $value['is_editable'];
223
- $delete_url = $value['delete_url'];
224
- $set_default_url = $value['set_default_url'];
225
  ?>
226
  <td class="displayname column-displayname">
227
  <strong>
@@ -229,7 +229,7 @@ if(!class_exists('WPFront\URE\Roles\WPFront_User_Role_Editor_Roles_List_View'))
229
  if (empty($edit_url))
230
  echo $display_name;
231
  else
232
- printf('<a href="%s">%s</a>', $edit_url, $display_name);
233
  ?>
234
  </strong>
235
  <br />
@@ -244,10 +244,10 @@ if(!class_exists('WPFront\URE\Roles\WPFront_User_Role_Editor_Roles_List_View'))
244
  <?php
245
  $links = array();
246
  if (!empty($edit_url)) {
247
- $links[] = sprintf('<span class="edit"><a href="%s">%s</a></span>', $edit_url, ($is_editable ? __('Edit', 'wpfront-user-role-editor') : __('View', 'wpfront-user-role-editor')));
248
  }
249
  if (!empty($delete_url)) {
250
- $links[] = sprintf('<span class="delete"><a href="%s">%s</a></span>', $delete_url, __('Delete', 'wpfront-user-role-editor'));
251
  }
252
  if (!empty($set_default_url)) {
253
  $text = __('Default', 'wpfront-user-role-editor');
@@ -256,7 +256,7 @@ if(!class_exists('WPFront\URE\Roles\WPFront_User_Role_Editor_Roles_List_View'))
256
  } else {
257
  $text = '+' . $text;
258
  }
259
- $links[] = sprintf('<span class="set-default"><a href="%s">%s</a></span>', $set_default_url, $text);
260
  }
261
  $custom_links = apply_filters('role_row_actions', array(), get_role($role_name));
262
  foreach ($custom_links as $link_key => $link_value) {
@@ -271,7 +271,7 @@ if(!class_exists('WPFront\URE\Roles\WPFront_User_Role_Editor_Roles_List_View'))
271
  protected function cell_role_name($role_name, $value) {
272
  ?>
273
  <td class="rolename column-rolename">
274
- <?php echo $role_name; ?>
275
  </td>
276
  <?php
277
  }
@@ -305,7 +305,7 @@ if(!class_exists('WPFront\URE\Roles\WPFront_User_Role_Editor_Roles_List_View'))
305
  protected function cell_user_count($user_count) {
306
  ?>
307
  <td class="usercount column-usercount num">
308
- <?php echo $user_count; ?>
309
  </td>
310
  <?php
311
  }
@@ -313,7 +313,7 @@ if(!class_exists('WPFront\URE\Roles\WPFront_User_Role_Editor_Roles_List_View'))
313
  protected function cell_caps_count($caps_count) {
314
  ?>
315
  <td class="capscount column-capscount num">
316
- <?php echo $caps_count; ?>
317
  </td>
318
  <?php
319
  }
103
  $active_filter = $this->get_active_list_filter();
104
  $filter_data = $this->RolesList->get_list_filter_data();
105
  foreach ($filter_data as $key => $value) {
106
+ $link_data[] = sprintf('<a href="%s" class="%s">%s <span class="count">(%s)</span></a>', esc_attr($value['url']), ($active_filter == $key ? 'current' : ''), esc_html($value['display']), esc_html($value['count']));
107
  }
108
  echo implode('&#160;|&#160;</li><li> ', $link_data);
109
  ?>
116
  ?>
117
  <p class = "search-box">
118
  <label class = "screen-reader-text" for = "role-search-input"><?php echo __('Search Roles', 'wpfront-user-role-editor') . ':'; ?></label>
119
+ <input type="search" id="role-search-input" name="s" value="<?php echo esc_attr($this->get_search_term()); ?>">
120
  <input type="submit" name="search-submit" id="search-submit" class="button" value="<?php echo __('Search Roles', 'wpfront-user-role-editor'); ?>">
121
  </p>
122
  <?php
173
  <th scope="col" id="%1$s" class="manage-column column-%1$s num">
174
  <a><span>%2$s</span></a>
175
  </th>
176
+ ', esc_attr($key), esc_html($value));
177
  }
178
  ?>
179
  </tr>
209
  ?>
210
  <th scope="row" class="check-column">
211
  <?php if($is_editable) { ?>
212
+ <label class="screen-reader-text" for="cb-select-<?php echo esc_attr($role_name); ?>"><?php echo sprintf(__('Select %s', 'wpfront-user-role-editor'), esc_html($display_name)) ?></label>
213
+ <input type="checkbox" name="selected-roles[<?php echo esc_attr($role_name); ?>]" id="cb-select-<?php echo esc_html($role_name); ?>" />
214
  <?php } ?>
215
  </th>
216
  <?php
218
 
219
  protected function cell_display_name($role_name, $value) {
220
  $display_name = $value['display_name'];
221
+ $edit_url = esc_url_raw(($value['edit_url']));
222
  $is_editable = $value['is_editable'];
223
+ $delete_url = esc_url_raw($value['delete_url']);
224
+ $set_default_url = esc_url_raw($value['set_default_url']);
225
  ?>
226
  <td class="displayname column-displayname">
227
  <strong>
229
  if (empty($edit_url))
230
  echo $display_name;
231
  else
232
+ printf('<a href="%s">%s</a>', esc_attr($edit_url), esc_html($display_name));
233
  ?>
234
  </strong>
235
  <br />
244
  <?php
245
  $links = array();
246
  if (!empty($edit_url)) {
247
+ $links[] = sprintf('<span class="edit"><a href="%s">%s</a></span>', esc_attr($edit_url), ($is_editable ? __('Edit', 'wpfront-user-role-editor') : __('View', 'wpfront-user-role-editor')));
248
  }
249
  if (!empty($delete_url)) {
250
+ $links[] = sprintf('<span class="delete"><a href="%s">%s</a></span>', esc_attr($delete_url), __('Delete', 'wpfront-user-role-editor'));
251
  }
252
  if (!empty($set_default_url)) {
253
  $text = __('Default', 'wpfront-user-role-editor');
256
  } else {
257
  $text = '+' . $text;
258
  }
259
+ $links[] = sprintf('<span class="set-default"><a href="%s">%s</a></span>', esc_attr($set_default_url), esc_html($text));
260
  }
261
  $custom_links = apply_filters('role_row_actions', array(), get_role($role_name));
262
  foreach ($custom_links as $link_key => $link_value) {
271
  protected function cell_role_name($role_name, $value) {
272
  ?>
273
  <td class="rolename column-rolename">
274
+ <?php echo esc_html($role_name); ?>
275
  </td>
276
  <?php
277
  }
305
  protected function cell_user_count($user_count) {
306
  ?>
307
  <td class="usercount column-usercount num">
308
+ <?php echo esc_html($user_count); ?>
309
  </td>
310
  <?php
311
  }
313
  protected function cell_caps_count($caps_count) {
314
  ?>
315
  <td class="capscount column-capscount num">
316
+ <?php echo esc_html($caps_count); ?>
317
  </td>
318
  <?php
319
  }
includes/settings/class-options.php CHANGED
@@ -294,6 +294,11 @@ if (!class_exists('WPFront\URE\Options\WPFront_User_Role_Editor_Options')) {
294
 
295
  return $this->get_self_url(['key' => $ctrl->getKey()]);
296
  }
 
 
 
 
 
297
 
298
  }
299
 
294
 
295
  return $this->get_self_url(['key' => $ctrl->getKey()]);
296
  }
297
+
298
+ public function admin_print_scripts() {
299
+ wp_enqueue_script('jquery-ui-core');
300
+ wp_enqueue_script('jquery-ui-autocomplete');
301
+ }
302
 
303
  }
304
 
includes/settings/template-options.php CHANGED
@@ -64,13 +64,13 @@ if (!class_exists('WPFront\URE\Roles\WPFront_User_Role_Editor_Options_View')) {
64
  $url = '#!';
65
  }
66
  ?>
67
- <a class="<?php echo $class; ?>" href="<?php echo $url; ?>"><?php echo $ctrl->getTitle(); ?></a>
68
  <?php
69
  }
70
  ?>
71
  </nav>
72
  <div>
73
- <form method="post" action="<?php echo $parent->getControllerUrl($current); ?>">
74
  <?php wp_nonce_field('save-settings'); ?>
75
  <div class="inside">
76
  <?php echo $current->view_callback(); ?>
64
  $url = '#!';
65
  }
66
  ?>
67
+ <a class="<?php echo esc_attr($class); ?>" href="<?php echo esc_attr($url); ?>"><?php echo esc_html($ctrl->getTitle()); ?></a>
68
  <?php
69
  }
70
  ?>
71
  </nav>
72
  <div>
73
+ <form method="post" action="<?php echo esc_attr($parent->getControllerUrl($current)); ?>">
74
  <?php wp_nonce_field('save-settings'); ?>
75
  <div class="inside">
76
  <?php echo $current->view_callback(); ?>
includes/taxonomies/class-taxonomies-list-table.php CHANGED
@@ -167,7 +167,7 @@ if (!class_exists('\WPFront\URE\Taxonomies\WPFront_User_Role_Editor_Taxonomies_L
167
  <th scope="row" class="check-column">
168
  <?php if ($item->can_edit) { ?>
169
  <label class="screen-reader-text" for="taxonomy_select" ?></label>
170
- <input type="checkbox" id="taxonomy_<?php echo $item->name; ?>" name="taxonomies[]" value="<?php echo esc_attr($item->name); ?>" />
171
  <?php } ?>
172
  </th>
173
  <?php
@@ -179,46 +179,46 @@ if (!class_exists('\WPFront\URE\Taxonomies\WPFront_User_Role_Editor_Taxonomies_L
179
  <td <?php echo $attributes; ?>>
180
  <?php
181
  if ($item->can_edit) {
182
- $edit_link = $this->controller->get_edit_url($item->name);
183
  ?>
184
  <strong>
185
- <a href="<?php echo $edit_link; ?>" class="edit">
186
- <?php echo $item->name; ?>
187
  </a>
188
  </strong>
189
  <?php
190
  } else {
191
- ?> <?php echo $item->name; ?> <?php
192
  } $actions = array();
193
  if ($item->can_edit) {
194
- $edit_link = $this->controller->get_edit_url($item->name);
195
  $display = __('Edit', 'wpfront-user-role-editor');
196
- $actions['edit'] = "<a href='$edit_link'>$display</a>";
197
  }
198
  if ($item->can_delete) {
199
- $delete_link = $this->controller->get_delete_url($item->name);
200
  $display = __('Delete', 'wpfront-user-role-editor');
201
- $actions['delete'] = "<a href='$delete_link'>$display</a>";
202
  }
203
  if ($item->can_activate) {
204
- $activate_link = $this->controller->get_activate_url($item->name);
205
  $display = __('Activate', 'wpfront-user-role-editor');
206
- $actions['activate'] = "<a href='$activate_link'>$display</a>";
207
  }
208
  if ($item->can_deactivate) {
209
- $deactivate_link = $this->controller->get_deactivate_url($item->name);
210
  $display = __('Deactivate', 'wpfront-user-role-editor');
211
- $actions['deactivate'] = "<a href='$deactivate_link'>$display</a>";
212
  }
213
  if ($item->can_clone) {
214
- $clone_link = $this->controller->get_clone_url($item->name);
215
  $display = __('Clone', 'wpfront-user-role-editor');
216
- $actions['clone'] = "<a href='$clone_link'>$display</a>";
217
  }
218
  if ($item->can_restore) {
219
- $restore_link = $this->controller->get_restore_url($item->name);
220
  $display = __('Restore', 'wpfront-user-role-editor');
221
- $actions['restore'] = "<a href='$restore_link'>$display</a>";
222
  }
223
  echo $this->row_actions($actions);
224
  ?>
@@ -229,7 +229,7 @@ if (!class_exists('\WPFront\URE\Taxonomies\WPFront_User_Role_Editor_Taxonomies_L
229
  protected function label_cell($item) {
230
  ?>
231
  <td class="label column-label">
232
- <?php echo $item->label; ?>
233
  </td>
234
  <?php
235
  }
167
  <th scope="row" class="check-column">
168
  <?php if ($item->can_edit) { ?>
169
  <label class="screen-reader-text" for="taxonomy_select" ?></label>
170
+ <input type="checkbox" id="taxonomy_<?php echo esc_attr($item->name); ?>" name="taxonomies[]" value="<?php echo esc_attr($item->name); ?>" />
171
  <?php } ?>
172
  </th>
173
  <?php
179
  <td <?php echo $attributes; ?>>
180
  <?php
181
  if ($item->can_edit) {
182
+ $edit_link = esc_url_raw($this->controller->get_edit_url($item->name));
183
  ?>
184
  <strong>
185
+ <a href="<?php echo esc_attr($edit_link); ?>" class="edit">
186
+ <?php echo esc_html($item->name); ?>
187
  </a>
188
  </strong>
189
  <?php
190
  } else {
191
+ ?> <?php echo esc_html($item->name); ?> <?php
192
  } $actions = array();
193
  if ($item->can_edit) {
194
+ $edit_link = esc_url_raw($this->controller->get_edit_url($item->name));
195
  $display = __('Edit', 'wpfront-user-role-editor');
196
+ $actions['edit'] = "<a href='".esc_attr($edit_link)."'>".esc_html($display)."</a>";
197
  }
198
  if ($item->can_delete) {
199
+ $delete_link = esc_url_raw($this->controller->get_delete_url($item->name));
200
  $display = __('Delete', 'wpfront-user-role-editor');
201
+ $actions['delete'] = "<a href='".esc_attr($delete_link)."'>".esc_html($display)."</a>";
202
  }
203
  if ($item->can_activate) {
204
+ $activate_link = esc_url_raw($this->controller->get_activate_url($item->name));
205
  $display = __('Activate', 'wpfront-user-role-editor');
206
+ $actions['activate'] = "<a href='".esc_attr($activate_link)."'>".esc_html($display)."</a>";
207
  }
208
  if ($item->can_deactivate) {
209
+ $deactivate_link = esc_url_raw($this->controller->get_deactivate_url($item->name));
210
  $display = __('Deactivate', 'wpfront-user-role-editor');
211
+ $actions['deactivate'] = "<a href='".esc_attr($deactivate_link)."'>".esc_html($display)."</a>";
212
  }
213
  if ($item->can_clone) {
214
+ $clone_link = esc_url_raw($this->controller->get_clone_url($item->name));
215
  $display = __('Clone', 'wpfront-user-role-editor');
216
+ $actions['clone'] = "<a href='".esc_attr($clone_link)."'>".esc_html($display)."</a>";
217
  }
218
  if ($item->can_restore) {
219
+ $restore_link = esc_url_raw($this->controller->get_restore_url($item->name));
220
  $display = __('Restore', 'wpfront-user-role-editor');
221
+ $actions['restore'] = "<a href='".esc_attr($restore_link)."'>".esc_html($display)."</a>";
222
  }
223
  echo $this->row_actions($actions);
224
  ?>
229
  protected function label_cell($item) {
230
  ?>
231
  <td class="label column-label">
232
+ <?php echo esc_html($item->label); ?>
233
  </td>
234
  <?php
235
  }
includes/taxonomies/class-taxonomies.php CHANGED
@@ -1216,7 +1216,7 @@ if (!class_exists('\WPFront\URE\Taxonomies\WPFront_User_Role_Editor_Taxonomies')
1216
  }
1217
 
1218
  public static function get_debug_setting() {
1219
- return array('key' => 'taxonomies', 'label' => 'Taxonomies');
1220
  }
1221
 
1222
  }
1216
  }
1217
 
1218
  public static function get_debug_setting() {
1219
+ return array('key' => 'taxonomies', 'label' => __('Taxonomies', 'wpfront-user-role-editor'), 'position' => 100, 'description' => __('Disables all taxonomy functionalities.', 'wpfront-user-role-editor'));
1220
  }
1221
 
1222
  }
includes/taxonomies/template-add-edit.php CHANGED
@@ -68,7 +68,7 @@ if (!class_exists('WPFront\URE\Taxonomies\WPFront_User_Role_Editor_Taxonomies_Ad
68
  $action = $this->controller->get_edit_url($this->taxonomy_data->name);
69
  }
70
  ?>
71
- <form method="post" class="validate" action="<?php echo $action; ?>">
72
  <?php $this->create_meta_boxes(); ?>
73
  <div id="poststuff">
74
  <div id="post-body" class="metabox-holder columns-2" style="display:flow-root">
@@ -617,13 +617,13 @@ if (!class_exists('WPFront\URE\Taxonomies\WPFront_User_Role_Editor_Taxonomies_Ad
617
  ?>
618
  <tr class="<?php echo!empty($obj->required) ? 'form-required ' : ''; ?>">
619
  <th scope="row">
620
- <?php echo $label; ?>
621
  <?php if (!empty($obj->required)) { ?>
622
  <span class="description"> (<?php echo __('required', 'wpfront-user-role-editor'); ?>)</span>
623
  <?php } ?>
624
  </th>
625
  <td>
626
- <input class="regular-text <?php echo $class; ?>" name="<?php echo $name; ?>" type="text" value="<?php echo $value; ?>" <?php echo $attr; ?> />
627
  <?php
628
  if (!empty($obj->help)) {
629
  $this->echo_help_tooltip($obj->help, $obj->help_current_value);
@@ -647,11 +647,11 @@ if (!class_exists('WPFront\URE\Taxonomies\WPFront_User_Role_Editor_Taxonomies_Ad
647
  ?>
648
  </th>
649
  <td>
650
- <select data-placeholder="<?php echo $placeholder; ?>" name="<?php echo $name; ?>[]" class="chosen-select" multiple>
651
  <?php
652
  foreach ($options as $value => $label) {
653
  $selected = in_array($value, $values) ? 'selected' : '';
654
- echo "<option value='$value' $selected>$label</option>";
655
  }
656
  ?>
657
  </select>
@@ -673,10 +673,10 @@ if (!class_exists('WPFront\URE\Taxonomies\WPFront_User_Role_Editor_Taxonomies_Ad
673
  ?>
674
  <tr>
675
  <th scope="row">
676
- <?php echo $label; ?>
677
  </th>
678
  <td>
679
- <select id="<?php echo $name; ?>" name="<?php echo $name; ?>" class="<?php echo!empty($obj->txt) ? 'has-depends' : ''; ?>" <?php echo $attr; ?> >
680
  <?php
681
  foreach ($options as $option) {
682
  $selected = $option->value === $value ? 'selected' : '';
@@ -685,8 +685,10 @@ if (!class_exists('WPFront\URE\Taxonomies\WPFront_User_Role_Editor_Taxonomies_Ad
685
  } elseif ($option->value === false) {
686
  $option->value = '0';
687
  }
688
- echo "<option value='{$option->value}' $selected>{$option->label}</option>";
689
- }
 
 
690
  ?>
691
  </select>
692
  <?php
@@ -696,7 +698,7 @@ if (!class_exists('WPFront\URE\Taxonomies\WPFront_User_Role_Editor_Taxonomies_Ad
696
  $txt_value = $_POST[$obj->txt['name']];
697
  }
698
  ?>
699
- <input type="text" name="<?php echo $obj->txt['name']; ?>" placeholder="<?php echo $placeholder; ?>" value="<?php echo $txt_value; ?>" data-depends="<?php echo $name; ?>" data-depends-on="<?php echo $obj->txt['depends_on']; ?>" />
700
  <?php
701
  }
702
  ?>
68
  $action = $this->controller->get_edit_url($this->taxonomy_data->name);
69
  }
70
  ?>
71
+ <form method="post" class="validate" action="<?php echo esc_attr($action); ?>">
72
  <?php $this->create_meta_boxes(); ?>
73
  <div id="poststuff">
74
  <div id="post-body" class="metabox-holder columns-2" style="display:flow-root">
617
  ?>
618
  <tr class="<?php echo!empty($obj->required) ? 'form-required ' : ''; ?>">
619
  <th scope="row">
620
+ <?php echo esc_html($label); ?>
621
  <?php if (!empty($obj->required)) { ?>
622
  <span class="description"> (<?php echo __('required', 'wpfront-user-role-editor'); ?>)</span>
623
  <?php } ?>
624
  </th>
625
  <td>
626
+ <input class="regular-text <?php echo $class; ?>" name="<?php echo esc_attr($name); ?>" type="text" value="<?php echo esc_attr($value); ?>" <?php echo $attr; ?> />
627
  <?php
628
  if (!empty($obj->help)) {
629
  $this->echo_help_tooltip($obj->help, $obj->help_current_value);
647
  ?>
648
  </th>
649
  <td>
650
+ <select data-placeholder="<?php echo esc_attr($placeholder); ?>" name="<?php echo esc_attr($name); ?>[]" class="chosen-select" multiple>
651
  <?php
652
  foreach ($options as $value => $label) {
653
  $selected = in_array($value, $values) ? 'selected' : '';
654
+ echo "<option value='".esc_attr($value)."' $selected>".esc_html($label)."</option>";
655
  }
656
  ?>
657
  </select>
673
  ?>
674
  <tr>
675
  <th scope="row">
676
+ <?php echo esc_html($label); ?>
677
  </th>
678
  <td>
679
+ <select id="<?php echo esc_attr($name); ?>" name="<?php echo esc_attr($name); ?>" class="<?php echo!empty($obj->txt) ? 'has-depends' : ''; ?>" <?php echo $attr; ?> >
680
  <?php
681
  foreach ($options as $option) {
682
  $selected = $option->value === $value ? 'selected' : '';
685
  } elseif ($option->value === false) {
686
  $option->value = '0';
687
  }
688
+ $option_value=esc_attr($option->value);
689
+ $option_label=esc_html($option->label);
690
+ echo "<option value='$option_value' $selected>$option_label</option>";
691
+ }
692
  ?>
693
  </select>
694
  <?php
698
  $txt_value = $_POST[$obj->txt['name']];
699
  }
700
  ?>
701
+ <input type="text" name="<?php echo esc_attr($obj->txt['name']); ?>" placeholder="<?php echo esc_attr($placeholder); ?>" value="<?php echo esc_attr($txt_value); ?>" data-depends="<?php echo esc_attr($name); ?>" data-depends-on="<?php echo esc_attr($obj->txt['depends_on']); ?>" />
702
  <?php
703
  }
704
  ?>
includes/taxonomies/template-delete.php CHANGED
@@ -52,20 +52,20 @@ if (!class_exists('WPFront\URE\Taxonomies\WPFront_User_Role_Editor_Taxonomy_Dele
52
  public function __construct($controller, $entities, $view = 'delete') {
53
  $this->controller = $controller;
54
  $this->taxonomy_entitties = $entities;
55
-
56
  $this->display['action'] = $view;
57
  switch ($view) {
58
  case 'restore':
59
  $this->display['url'] = $this->controller->get_restore_url(null);
60
  $this->display['button_text'] = __('Confirm Restore', 'wpfront-user-role-editor');
61
- $this->display['title'] = __('Restore Taxonomy', 'wpfront-user-role-editor');
62
- $this->display['description'] = __('The following taxonomies will be restored.', 'wpfront-user-role-editor');
63
  break;
64
-
65
  default:
66
  $this->display['url'] = $this->controller->get_delete_url(null);
67
  $this->display['button_text'] = __('Confirm Delete', 'wpfront-user-role-editor');
68
- $this->display['title'] = __('Delete Taxonomy', 'wpfront-user-role-editor');
69
  $this->display['description'] = __('The following Taxonomies will be deleted.', 'wpfront-user-role-editor');
70
  break;
71
  }
@@ -77,13 +77,13 @@ if (!class_exists('WPFront\URE\Taxonomies\WPFront_User_Role_Editor_Taxonomy_Dele
77
  <?php
78
  $this->title();
79
  ?>
80
- <form id="form-taxonomy" method="post" action="<?php echo $this->display['url']; ?>">
81
  <ol>
82
  <?php $this->taxonomy_display(); ?>
83
  </ol>
84
- <input type="hidden" name="action" value="<?php echo $this->display['action']; ?>" />
85
  <?php
86
- wp_nonce_field('bulk-action-view-taxonomy');
87
  submit_button($this->display['button_text'], 'button-secondary');
88
  ?>
89
  </form>
@@ -94,19 +94,22 @@ if (!class_exists('WPFront\URE\Taxonomies\WPFront_User_Role_Editor_Taxonomy_Dele
94
  protected function title() {
95
  ?>
96
  <h2>
97
- <?php echo $this->display['title']; ?>
98
- <p><?php echo $this->display['description']; ?></p>
99
  </h2>
100
  <?php
101
  }
102
 
103
  protected function taxonomy_display() {
104
  foreach ($this->taxonomy_entitties as $entity) {
105
- echo "<li>{$entity->label} [{$entity->name}]</li>";
106
- echo "<input type='hidden' name='taxonomies[]' value='{$entity->name}' />";
 
 
 
107
  }
108
  }
109
 
110
  }
111
 
112
- }
52
  public function __construct($controller, $entities, $view = 'delete') {
53
  $this->controller = $controller;
54
  $this->taxonomy_entitties = $entities;
55
+
56
  $this->display['action'] = $view;
57
  switch ($view) {
58
  case 'restore':
59
  $this->display['url'] = $this->controller->get_restore_url(null);
60
  $this->display['button_text'] = __('Confirm Restore', 'wpfront-user-role-editor');
61
+ $this->display['title'] = __('Restore Taxonomy', 'wpfront-user-role-editor');
62
+ $this->display['description'] = __('The following taxonomies will be restored.', 'wpfront-user-role-editor');
63
  break;
64
+
65
  default:
66
  $this->display['url'] = $this->controller->get_delete_url(null);
67
  $this->display['button_text'] = __('Confirm Delete', 'wpfront-user-role-editor');
68
+ $this->display['title'] = __('Delete Taxonomy', 'wpfront-user-role-editor');
69
  $this->display['description'] = __('The following Taxonomies will be deleted.', 'wpfront-user-role-editor');
70
  break;
71
  }
77
  <?php
78
  $this->title();
79
  ?>
80
+ <form id="form-taxonomy" method="post" action="<?php echo esc_attr($this->display['url']); ?>">
81
  <ol>
82
  <?php $this->taxonomy_display(); ?>
83
  </ol>
84
+ <input type="hidden" name="action" value="<?php echo esc_attr($this->display['action']); ?>" />
85
  <?php
86
+ wp_nonce_field('bulk-action-view-taxonomy');
87
  submit_button($this->display['button_text'], 'button-secondary');
88
  ?>
89
  </form>
94
  protected function title() {
95
  ?>
96
  <h2>
97
+ <?php echo esc_html($this->display['title']); ?>
98
+ <p><?php echo esc_html($this->display['description']); ?></p>
99
  </h2>
100
  <?php
101
  }
102
 
103
  protected function taxonomy_display() {
104
  foreach ($this->taxonomy_entitties as $entity) {
105
+ $taxonomy_label = $entity->label;
106
+ $taxonomy_name = $entity->name;
107
+
108
+ echo "<li>".esc_html($taxonomy_label)." [".esc_html($taxonomy_name)."]</li>";
109
+ echo "<input type='hidden' name='taxonomies[]' value='".esc_attr($taxonomy_name)."' />";
110
  }
111
  }
112
 
113
  }
114
 
115
+ }
includes/taxonomies/template-taxonomies.php CHANGED
@@ -68,7 +68,7 @@ if (!class_exists('WPFront\URE\Taxonomies\WPFront_User_Role_Editor_Taxonomies_Li
68
  $list_table->prepare_items();
69
  ?>
70
  <form action="" method="get" class="search-form">
71
- <input type="hidden" name="page" value="<?php echo $this->controller::MENU_SLUG; ?>" />
72
  <?php $list_table->search_box(__('Search', 'wpfront-user-role-editor'), 'taxonomies'); ?>
73
  </form>
74
  <form id="form-taxonomy" method="post">
@@ -89,7 +89,7 @@ if (!class_exists('WPFront\URE\Taxonomies\WPFront_User_Role_Editor_Taxonomies_Li
89
  $active_filter = $this->controller->get_active_list_filter();
90
  $filter_data = $this->controller->get_list_filter_data();
91
  foreach ($filter_data as $key => $value) {
92
- $link_data[] = sprintf('<a href="%s" class="%s">%s <span class="count">(%s)</span></a>', $value['url'], ($active_filter == $key ? 'current' : ''), $value['display'], $value['count']);
93
  }
94
  echo implode('&#160;|&#160;</li><li> ', $link_data);
95
  ?>
@@ -105,7 +105,7 @@ if (!class_exists('WPFront\URE\Taxonomies\WPFront_User_Role_Editor_Taxonomies_Li
105
  echo __('Taxonomies', 'wpfront-user-role-editor');
106
  if (current_user_can('create_taxonomies')) {
107
  ?>
108
- <a href="<?php echo $this->controller->get_add_new_url() ?>" class="add-new-h2"><?php echo __('Add New', 'wpfront-user-role-editor'); ?></a>
109
  <?php
110
  }
111
  ?>
68
  $list_table->prepare_items();
69
  ?>
70
  <form action="" method="get" class="search-form">
71
+ <input type="hidden" name="page" value="<?php echo esc_attr($this->controller::MENU_SLUG); ?>" />
72
  <?php $list_table->search_box(__('Search', 'wpfront-user-role-editor'), 'taxonomies'); ?>
73
  </form>
74
  <form id="form-taxonomy" method="post">
89
  $active_filter = $this->controller->get_active_list_filter();
90
  $filter_data = $this->controller->get_list_filter_data();
91
  foreach ($filter_data as $key => $value) {
92
+ $link_data[] = sprintf('<a href="%s" class="%s">%s <span class="count">(%s)</span></a>', esc_attr($value['url']), ($active_filter == $key ? 'current' : ''), esc_html($value['display']), esc_html($value['count']));
93
  }
94
  echo implode('&#160;|&#160;</li><li> ', $link_data);
95
  ?>
105
  echo __('Taxonomies', 'wpfront-user-role-editor');
106
  if (current_user_can('create_taxonomies')) {
107
  ?>
108
+ <a href="<?php echo esc_attr($this->controller->get_add_new_url()) ?>" class="add-new-h2"><?php echo __('Add New', 'wpfront-user-role-editor'); ?></a>
109
  <?php
110
  }
111
  ?>
includes/users/class-assign-migrate.php CHANGED
@@ -89,7 +89,7 @@ if (!class_exists('\WPFront\URE\Assign_Migrate\WPFront_User_Role_Editor_Assign_M
89
  public function initialize() {
90
 
91
  $debug = WPFront_User_Role_Editor_Debug::instance();
92
- $debug->add_setting('assign-migrate', 'Assign / Migrate');
93
 
94
  if ($debug->is_disabled('assign-migrate')) {
95
  return;
@@ -471,7 +471,7 @@ if (!class_exists('\WPFront\URE\Assign_Migrate\WPFront_User_Role_Editor_Assign_M
471
  }
472
 
473
  public function assign_roles_user_autocomplete_callback() {
474
- $search_string = $_GET['term'];
475
 
476
  $args = array(
477
  'search' => '*' . $search_string . '*',
89
  public function initialize() {
90
 
91
  $debug = WPFront_User_Role_Editor_Debug::instance();
92
+ $debug->add_setting('assign-migrate', __('Assign/Migrate Role', 'wpfront-user-role-editor'), 210, __('Disables role assignment and role migration functionalities.', 'wpfront-user-role-editor'));
93
 
94
  if ($debug->is_disabled('assign-migrate')) {
95
  return;
471
  }
472
 
473
  public function assign_roles_user_autocomplete_callback() {
474
+ $search_string = $_REQUEST['term'];
475
 
476
  $args = array(
477
  'search' => '*' . $search_string . '*',
includes/users/class-user-permissions.php CHANGED
@@ -119,10 +119,10 @@ if (!class_exists('\WPFront\URE\User_Permissions\WPFront_User_Role_Editor_User_P
119
  }
120
 
121
  public static function get_debug_setting() {
122
- return array('key' => 'user-permissions', 'label' => 'User Permissions');
123
  }
124
  }
125
 
126
  WPFront_User_Role_Editor_User_Permissions::load();
127
 
128
- }
119
  }
120
 
121
  public static function get_debug_setting() {
122
+ return array('key' => 'user-permissions', 'label' => __('User Level Permissions', 'wpfront-user-role-editor'), 'position' => 190, 'description' => __('Disables all user level permissions.', 'wpfront-user-role-editor'));
123
  }
124
  }
125
 
126
  WPFront_User_Role_Editor_User_Permissions::load();
127
 
128
+ }
includes/users/class-user-profile.php CHANGED
@@ -448,7 +448,7 @@ if (!class_exists('\WPFront\URE\Assign_Migrate\WPFront_User_Role_Editor_User_Pro
448
  }
449
 
450
  public static function get_debug_setting() {
451
- return array('key' => 'user-profile', 'label' => 'User Profile Functions');
452
  }
453
  }
454
 
448
  }
449
 
450
  public static function get_debug_setting() {
451
+ return array('key' => 'user-profile', 'label' => __('User Profile Functions', 'wpfront-user-role-editor'), 'position' => 200, 'description' => __('Disables all user profile functionalities.', 'wpfront-user-role-editor'));
452
  }
453
  }
454
 
includes/users/template-assign-migrate.php CHANGED
@@ -69,7 +69,7 @@ if(!class_exists('WPFront\URE\Assign_Migrate\WPFront_User_Role_Editor_Assign_Mig
69
  $current_role = $this->get_current_primary_role();
70
  foreach ($roles as $name => $display) {
71
  $selected = $name === $current_role ? 'selected' : '';
72
- echo "<option $selected value='$name'>$display</option>";
73
  }
74
  ?>
75
  </select>
@@ -92,8 +92,8 @@ if(!class_exists('WPFront\URE\Assign_Migrate\WPFront_User_Role_Editor_Assign_Mig
92
  ?>
93
  <div class="role-list-item">
94
  <label>
95
- <input type="checkbox" name="secondary-roles[<?php echo $name; ?>]" <?php echo $checked; ?> />
96
- <?php echo $display; ?>
97
  </label>
98
  </div>
99
  <?php
69
  $current_role = $this->get_current_primary_role();
70
  foreach ($roles as $name => $display) {
71
  $selected = $name === $current_role ? 'selected' : '';
72
+ echo "<option $selected value='".esc_attr($name)."'>".esc_html($display)."</option>";
73
  }
74
  ?>
75
  </select>
92
  ?>
93
  <div class="role-list-item">
94
  <label>
95
+ <input type="checkbox" name="secondary-roles[<?php echo esc_attr($name); ?>]" <?php echo $checked; ?> />
96
+ <?php echo esc_html($display); ?>
97
  </label>
98
  </div>
99
  <?php
includes/users/template-assign.php CHANGED
@@ -51,7 +51,7 @@ if (!class_exists('WPFront\URE\Assign_Migrate\WPFront_User_Role_Editor_Assign_Vi
51
  $this->title();
52
  $this->display_notices();
53
  ?>
54
- <form method="post" action="<?php echo AssignMigrate::instance()->get_self_url(); ?>">
55
  <?php
56
  $this->form_table();
57
  wp_nonce_field('assign-roles');
@@ -118,8 +118,8 @@ if (!class_exists('WPFront\URE\Assign_Migrate\WPFront_User_Role_Editor_Assign_Vi
118
  }
119
  ?>
120
 
121
- <input type="text" id="assign-users-list" name="assign-user" placeholder="<?php echo __('Search User...', 'wpfront-user-role-editor'); ?>" value="<?php echo $value; ?>">
122
- <input type="hidden" id="assign-users-list-hidden" name="assign-user-id" value="<?php echo $user_id; ?>">
123
 
124
  <?php
125
  }
@@ -198,6 +198,7 @@ if (!class_exists('WPFront\URE\Assign_Migrate\WPFront_User_Role_Editor_Assign_Vi
198
  $.ajax({
199
  url: ajaxurl,
200
  dataType: "json",
 
201
  data: {
202
  action: "wpfront_user_role_editor_assign_roles_user_autocomplete",
203
  term: request.term
51
  $this->title();
52
  $this->display_notices();
53
  ?>
54
+ <form method="post" action="<?php echo esc_attr(AssignMigrate::instance()->get_self_url()); ?>">
55
  <?php
56
  $this->form_table();
57
  wp_nonce_field('assign-roles');
118
  }
119
  ?>
120
 
121
+ <input type="text" id="assign-users-list" name="assign-user" placeholder="<?php echo __('Search User...', 'wpfront-user-role-editor'); ?>" value="<?php echo esc_attr($value); ?>">
122
+ <input type="hidden" id="assign-users-list-hidden" name="assign-user-id" value="<?php echo esc_attr($user_id); ?>">
123
 
124
  <?php
125
  }
198
  $.ajax({
199
  url: ajaxurl,
200
  dataType: "json",
201
+ type: "POST",
202
  data: {
203
  action: "wpfront_user_role_editor_assign_roles_user_autocomplete",
204
  term: request.term
includes/users/template-migrate.php CHANGED
@@ -49,7 +49,7 @@ if(!class_exists('WPFront\URE\Assign_Migrate\WPFront_User_Role_Editor_Migrate_Vi
49
  $this->title();
50
  $this->display_notices();
51
  ?>
52
- <form method="post" action="<?php echo AssignMigrate::instance()->get_self_url(); ?>">
53
  <?php
54
  $this->form_table();
55
  wp_nonce_field('migrate-users');
@@ -114,7 +114,7 @@ if(!class_exists('WPFront\URE\Assign_Migrate\WPFront_User_Role_Editor_Migrate_Vi
114
  $current_role = $this->get_current_from_primary_role();
115
  foreach ($roles as $name => $display) {
116
  $selected = $name === $current_role ? 'selected' : '';
117
- echo "<option $selected value='$name'>$display</option>";
118
  }
119
  ?>
120
  </select>
49
  $this->title();
50
  $this->display_notices();
51
  ?>
52
+ <form method="post" action="<?php echo esc_attr(AssignMigrate::instance()->get_self_url()); ?>">
53
  <?php
54
  $this->form_table();
55
  wp_nonce_field('migrate-users');
114
  $current_role = $this->get_current_from_primary_role();
115
  foreach ($roles as $name => $display) {
116
  $selected = $name === $current_role ? 'selected' : '';
117
+ echo "<option $selected value='".esc_attr($name)."'>".esc_html($display)."</option>";
118
  }
119
  ?>
120
  </select>
includes/users/template-user-profile-secondary-roles.php CHANGED
@@ -99,8 +99,8 @@ if(!class_exists('WPFront\URE\Assign_Migrate\WPFront_User_Role_Editor_User_Profi
99
  ?>
100
  <div class="role-container">
101
  <label>
102
- <input type="checkbox" name="wpfront-secondary-roles[<?php echo $name; ?>]" <?php echo $checked; ?> />
103
- <?php echo $display; ?>
104
  </label>
105
  </div>
106
  <?php
99
  ?>
100
  <div class="role-container">
101
  <label>
102
+ <input type="checkbox" name="wpfront-secondary-roles[<?php echo esc_attr($name); ?>]" <?php echo $checked; ?> />
103
+ <?php echo esc_html($display); ?>
104
  </label>
105
  </div>
106
  <?php
includes/widget/class-widget-permissions.php CHANGED
@@ -147,15 +147,15 @@ if (!class_exists('\WPFront\URE\Widget\WPFront_User_Role_Editor_Widget_Permissio
147
  <p>
148
  <label><?php echo __('User Restrictions', 'wpfront-user-role-editor'); ?></label>
149
  <span class="user-restriction-container">
150
- <label><input class="user-restriction-type" type="radio" name="<?php echo $widget->get_field_name('user-restriction-type'); ?>" value="<?php echo self::$ALL_USERS; ?>" <?php echo $data->type === self::$ALL_USERS ? 'checked' : ''; ?> /><?php echo __('All Users', 'wpfront-user-role-editor'); ?></label>
151
- <label><input class="user-restriction-type" type="radio" name="<?php echo $widget->get_field_name('user-restriction-type'); ?>" value="<?php echo self::$LOGGEDIN_USERS; ?>" <?php echo $data->type === self::$LOGGEDIN_USERS ? 'checked' : ''; ?> /><?php echo __('Logged in Users', 'wpfront-user-role-editor'); ?></label>
152
- <label><input class="user-restriction-type" type="radio" name="<?php echo $widget->get_field_name('user-restriction-type'); ?>" value="<?php echo self::$GUEST_USERS; ?>" <?php echo $data->type === self::$GUEST_USERS ? 'checked' : ''; ?> /><?php echo __('Guest Users', 'wpfront-user-role-editor'); ?></label>
153
- <label><input class="user-restriction-type" type="radio" name="<?php echo $widget->get_field_name('user-restriction-type'); ?>" value="<?php echo self::$ROLE_USERS; ?>" <?php echo $data->type === self::$ROLE_USERS ? 'checked' : ''; ?> /><?php echo __('Users by Role', 'wpfront-user-role-editor'); ?></label>
154
  <span class="roles-container <?php echo $data->type === self::$ROLE_USERS ? '' : 'hidden'; ?>">
155
  <?php do_action('wp_widget_permissions_custom_fields_roles_list', $widget, $return, $instance); ?>
156
  </span>
157
  <?php if ($widget->number !== '__i__') { ?>
158
- <span id="<?php echo $widget->get_field_id('in-title-access-type'); ?>" class="in-title-access-type hidden">&nbsp;(<?php echo $this->get_title_text($data); ?>)</span>
159
  <?php } ?>
160
  </span>
161
  </p>
@@ -367,7 +367,7 @@ if (!class_exists('\WPFront\URE\Widget\WPFront_User_Role_Editor_Widget_Permissio
367
  }
368
 
369
  public static function get_debug_setting() {
370
- return array('key' => 'widget-permissions', 'label' => 'Widget Permissions');
371
  }
372
 
373
  }
147
  <p>
148
  <label><?php echo __('User Restrictions', 'wpfront-user-role-editor'); ?></label>
149
  <span class="user-restriction-container">
150
+ <label><input class="user-restriction-type" type="radio" name="<?php echo esc_attr($widget->get_field_name('user-restriction-type')); ?>" value="<?php echo self::$ALL_USERS; ?>" <?php echo $data->type === self::$ALL_USERS ? 'checked' : ''; ?> /><?php echo __('All Users', 'wpfront-user-role-editor'); ?></label>
151
+ <label><input class="user-restriction-type" type="radio" name="<?php echo esc_attr($widget->get_field_name('user-restriction-type')); ?>" value="<?php echo self::$LOGGEDIN_USERS; ?>" <?php echo $data->type === self::$LOGGEDIN_USERS ? 'checked' : ''; ?> /><?php echo __('Logged in Users', 'wpfront-user-role-editor'); ?></label>
152
+ <label><input class="user-restriction-type" type="radio" name="<?php echo esc_attr($widget->get_field_name('user-restriction-type')); ?>" value="<?php echo self::$GUEST_USERS; ?>" <?php echo $data->type === self::$GUEST_USERS ? 'checked' : ''; ?> /><?php echo __('Guest Users', 'wpfront-user-role-editor'); ?></label>
153
+ <label><input class="user-restriction-type" type="radio" name="<?php echo esc_attr($widget->get_field_name('user-restriction-type')); ?>" value="<?php echo self::$ROLE_USERS; ?>" <?php echo $data->type === self::$ROLE_USERS ? 'checked' : ''; ?> /><?php echo __('Users by Role', 'wpfront-user-role-editor'); ?></label>
154
  <span class="roles-container <?php echo $data->type === self::$ROLE_USERS ? '' : 'hidden'; ?>">
155
  <?php do_action('wp_widget_permissions_custom_fields_roles_list', $widget, $return, $instance); ?>
156
  </span>
157
  <?php if ($widget->number !== '__i__') { ?>
158
+ <span id="<?php echo esc_attr($widget->get_field_id('in-title-access-type')); ?>" class="in-title-access-type hidden">&nbsp;(<?php echo esc_html($this->get_title_text($data)); ?>)</span>
159
  <?php } ?>
160
  </span>
161
  </p>
367
  }
368
 
369
  public static function get_debug_setting() {
370
+ return array('key' => 'widget-permissions', 'label' => __('Widget Permissions', 'wpfront-user-role-editor'), 'position' => 170, 'description' => __('Disables widget permissions functionality.', 'wpfront-user-role-editor'));
371
  }
372
 
373
  }
includes/wp/class-login-page-url.php ADDED
@@ -0,0 +1,253 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+
3
+ /*
4
+ WPFront User Role Editor Plugin
5
+ Copyright (C) 2014, WPFront.com
6
+ Website: wpfront.com
7
+ Contact: syam@wpfront.com
8
+
9
+ WPFront User Role Editor Plugin is distributed under the GNU General Public License, Version 3,
10
+ June 2007. Copyright (C) 2007 Free Software Foundation, Inc., 51 Franklin
11
+ St, Fifth Floor, Boston, MA 02110, USA
12
+
13
+ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
14
+ ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
15
+ WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
16
+ DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
17
+ ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
18
+ (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
19
+ LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
20
+ ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
21
+ (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
22
+ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
23
+ */
24
+
25
+ /**
26
+ * Controller for WPFront User Role Editor Login Page Url.
27
+ *
28
+ * @author Syam Mohan <syam@wpfront.com>
29
+ * @copyright 2014 WPFront.com
30
+ */
31
+
32
+ namespace WPFront\URE\WP;
33
+
34
+ if (!defined('ABSPATH')) {
35
+ exit();
36
+ }
37
+
38
+ use \WPFront\URE\Options\WPFront_User_Role_Editor_Options as Options;
39
+ use \WPFront\URE\WPFront_User_Role_Editor_Debug;
40
+
41
+ if (!class_exists('\WPFront\URE\WP\WPFront_User_Role_Editor_Login_Page_Url')) {
42
+
43
+ /**
44
+ * Login_Page_Url class
45
+ *
46
+ * @author Syam Mohan <syam@wpfront.com>
47
+ * @copyright 2014 WPFront.com
48
+ */
49
+ class WPFront_User_Role_Editor_Login_Page_Url {
50
+
51
+ protected static $instance = null;
52
+
53
+ /**
54
+ * Singleton instance.
55
+ *
56
+ * @return WPFront_User_Role_Editor_Login_Page_Url
57
+ */
58
+ public static function instance() {
59
+ if (self::$instance === null) {
60
+ self::$instance = new WPFront_User_Role_Editor_Login_Page_Url ();
61
+ }
62
+
63
+ return self::$instance;
64
+ }
65
+
66
+ /**
67
+ * Hooks into wpfront_ure_init.
68
+ */
69
+ public static function init() {
70
+ $debug = WPFront_User_Role_Editor_Debug::instance();
71
+ $debug->add_setting('login_page_url', __('Login Page URL', 'wpfront-user-role-editor'), 220, __('Disables Login Page URL functionality.', 'wpfront-user-role-editor'));
72
+
73
+ if ($debug->is_disabled('login_page_url')) {
74
+ return;
75
+ }
76
+
77
+ $instance = self::instance();
78
+
79
+ add_action('admin_init', array($instance, 'admin_init'));
80
+ add_filter('wpfront_ure_options_register_ui_field', array($instance, 'wpfront_ure_options_register_ui_field'), 50, 1);
81
+ /* Set custom login page */
82
+ add_filter('login_url', array($instance, 'login_page_url_callback'), PHP_INT_MAX, 1);
83
+ }
84
+
85
+ /**
86
+ * Adds ajax functions on admin_init
87
+ */
88
+ public function admin_init() {
89
+ add_action('wp_ajax_wpfront_user_role_editor_login_page_url_autocomplete', array(self::instance(), 'autocomplete_callback'));
90
+ }
91
+
92
+ /**
93
+ * Hooks on options class to display ui.
94
+ *
95
+ * @param array $option_keys
96
+ */
97
+ public function wpfront_ure_options_register_ui_field($option_keys) {
98
+ $option_keys['login_page_url'] = '';
99
+
100
+ add_action('wpfront_ure_options_ui_field_login_page_url_label', array($this, 'options_ui_label'));
101
+ add_action('wpfront_ure_options_ui_field_login_page_url', array($this, 'options_ui_field'));
102
+ add_action('wpfront_ure_options_ui_field_login_page_url_update', array($this, 'login_page_url_options_ui_update'));
103
+ add_action('wpfront_ure_options_ui_field_login_page_url_help', array($this, 'options_ui_help'));
104
+
105
+ return $option_keys;
106
+ }
107
+
108
+ public function options_ui_label() {
109
+ echo __('Login Page URL', 'wpfront-user-role-editor');
110
+ }
111
+
112
+ public function options_ui_field() {
113
+ $key = 'login_page_url';
114
+ $id = '';
115
+ $title = '';
116
+
117
+ $post_data = $this->login_page_url();
118
+ if (!empty($post_data)) {
119
+ if (!empty(intval($post_data))) {
120
+ $p = get_post($post_data);
121
+ if (!empty($p->ID) && $p->post_status == 'publish') {
122
+ $id = $p->ID;
123
+ $title = $p->post_title;
124
+ }
125
+ } else {
126
+ $title = $post_data;
127
+ }
128
+ }
129
+
130
+ $title = esc_attr($title);
131
+ echo "<input type='text' name='$key' id='login_page_url' value='$title' class='regular-text' >";
132
+ /* hidden field to store selected post type id */
133
+ echo "<input type='hidden' name='login_page_url_selected_post_id' id='login_page_url_selected_post_id' value='$id' >";
134
+ ?>
135
+ <script type="text/javascript">
136
+ (function ($) {
137
+
138
+ $(function () {
139
+ $("#login_page_url").autocomplete({
140
+ source: function (request, response) {
141
+ $.ajax({
142
+ url: ajaxurl,
143
+ dataType: "json",
144
+ type: "POST",
145
+ data: {
146
+ action: "wpfront_user_role_editor_login_page_url_autocomplete",
147
+ term: request.term
148
+ },
149
+ success: function (data) {
150
+ response(data);
151
+ },
152
+ error: function (response) {
153
+ console.log(response.responseText);
154
+ },
155
+ });
156
+ },
157
+ select: function (event, ui) {
158
+ $(this).val(ui.item.label);
159
+ $("#login_page_url_selected_post_id").val(ui.item.value);
160
+ return false;
161
+ },
162
+ change: function (event, ui) {
163
+ if (!ui.item) {
164
+ $("#login_page_url_selected_post_id").val('');
165
+ }
166
+ },
167
+ minLength: 2,
168
+ });
169
+ });
170
+
171
+ })(jQuery);
172
+ </script>
173
+
174
+ <?php
175
+
176
+ }
177
+
178
+ public function autocomplete_callback() {
179
+ $search_string = $_REQUEST['term'];
180
+
181
+ $args = array(
182
+ 's' => $search_string,
183
+ 'post_type' => 'any',
184
+ 'post_status' => 'publish',
185
+ 'posts_per_page' => 10
186
+ );
187
+ $post_found = get_posts($args);
188
+
189
+ $post_title = array();
190
+ foreach ($post_found as $posts) {
191
+ $post_title[] = array(
192
+ "label" => $posts->post_title,
193
+ "value" => $posts->ID
194
+ );
195
+ }
196
+
197
+ echo json_encode($post_title);
198
+ exit();
199
+ }
200
+
201
+ public function login_page_url_options_ui_update() {
202
+ $key = 'login_page_url';
203
+
204
+ if (!empty($_POST['login_page_url_selected_post_id'])) {
205
+ $value = intval($_POST['login_page_url_selected_post_id']);
206
+ } else {
207
+ $value = $_POST[$key];
208
+ }
209
+
210
+ Options::instance()->set_option($key, $value);
211
+ }
212
+
213
+ public function options_ui_help() {
214
+ return '<strong>' . __('Login Page URL', 'wpfront-user-role-editor') . '</strong>: ' . __('Select the login page or enter a URL to set the login page of your site.', 'wpfront-user-role-editor');
215
+ }
216
+
217
+ /**
218
+ * Returns id or url.
219
+ *
220
+ * @return int/string
221
+ */
222
+ public function login_page_url() {
223
+ return Options::instance()->get_option('login_page_url');
224
+ }
225
+
226
+ /**
227
+ * Returns login url.
228
+ *
229
+ * @return string
230
+ */
231
+ public function login_page_url_callback($login_url) {
232
+ $post_data = $this->login_page_url();
233
+
234
+ if (empty($post_data)) {
235
+ return $login_url;
236
+ }
237
+
238
+ if (!empty(intval($post_data))) {
239
+ $post = get_post($post_data);
240
+ if (empty($post->ID) || $post->post_status != 'publish') {
241
+ return $login_url;
242
+ }
243
+
244
+ return get_permalink($post);
245
+ }
246
+
247
+ return $post_data;
248
+ }
249
+
250
+ }
251
+
252
+ add_action('wpfront_ure_init', array(WPFront_User_Role_Editor_Login_Page_Url::class, 'init'));
253
+ }
includes/wp/includes.php ADDED
@@ -0,0 +1,3 @@
 
 
 
1
+ <?php
2
+
3
+ require_once dirname(__FILE__) . '/class-login-page-url.php';
readme.txt CHANGED
@@ -3,9 +3,9 @@ Contributors: syammohanm
3
  Donate link: https://wpfront.com/donate/
4
  Tags: WordPress user role editor, user role editor, role editor, user role, role, WordPress user roles, user roles, roles, user roles editor, roles editor, role manager, roles manager, manage roles, manage role, capability, permission, role, security, user, capability editor, capability manager, custom post types, custom post type permissions, custom post type capabilities, post type permissions, post type capabilities, menu editor, role menu, role menu editor, multisite roles, multisite role editor, multisite user roles, import roles, export roles
5
  Requires at least: 5.0
6
- Tested up to: 5.8.1
7
  Requires PHP: 7.0
8
- Stable tag: 3.1.0
9
  License: GPLv3
10
  License URI: http://www.gnu.org/licenses/gpl-3.0.html
11
 
@@ -90,6 +90,14 @@ This plugin doesn't collect any personal information. For more information pleas
90
 
91
  == Changelog ==
92
 
 
 
 
 
 
 
 
 
93
  = 3.1.0 =
94
  * Debug functionality added.
95
  * Assign/Migrate UI change.
@@ -268,6 +276,12 @@ This plugin doesn't collect any personal information. For more information pleas
268
 
269
  == Upgrade Notice ==
270
 
 
 
 
 
 
 
271
  = 3.1.0 =
272
  * Compatibility and bug fixes.
273
 
3
  Donate link: https://wpfront.com/donate/
4
  Tags: WordPress user role editor, user role editor, role editor, user role, role, WordPress user roles, user roles, roles, user roles editor, roles editor, role manager, roles manager, manage roles, manage role, capability, permission, role, security, user, capability editor, capability manager, custom post types, custom post type permissions, custom post type capabilities, post type permissions, post type capabilities, menu editor, role menu, role menu editor, multisite roles, multisite role editor, multisite user roles, import roles, export roles
5
  Requires at least: 5.0
6
+ Tested up to: 6.1
7
  Requires PHP: 7.0
8
+ Stable tag: 3.2.1
9
  License: GPLv3
10
  License URI: http://www.gnu.org/licenses/gpl-3.0.html
11
 
90
 
91
  == Changelog ==
92
 
93
+ = 3.2.1 =
94
+ * XSS fixes.
95
+
96
+ = 3.2.0 =
97
+ * Extended Permissions Precedence option.
98
+ * Login page URL option.
99
+ * Compatibility fixes.
100
+
101
  = 3.1.0 =
102
  * Debug functionality added.
103
  * Assign/Migrate UI change.
276
 
277
  == Upgrade Notice ==
278
 
279
+ = 3.2.1 =
280
+ * XSS fixes.
281
+
282
+ = 3.2.0 =
283
+ * Compatibility fixes.
284
+
285
  = 3.1.0 =
286
  * Compatibility and bug fixes.
287
 
wpfront-user-role-editor.php CHANGED
@@ -4,7 +4,7 @@
4
  * Plugin Name: WPFront User Role Editor
5
  * Plugin URI: http://wpfront.com/user-role-editor-pro/
6
  * Description: Allows you to manage your site's security using user role permissions.
7
- * Version: 3.1.0.10272
8
  * Requires at least: 5.0
9
  * Requires PHP: 7.0
10
  * Author: Syam Mohan
@@ -46,17 +46,15 @@ if (!class_exists('\WPFront\URE\WPFront_User_Role_Editor')) {
46
 
47
  class WPFront_User_Role_Editor {
48
 
49
- const VERSION = '3.1.0.10272';
50
  const PLUGIN_SLUG = 'wpfront-user-role-editor';
51
 
52
  protected static $instance = null;
53
-
54
  protected $plugin_url = null;
55
  protected $plugin_dir = null;
56
  protected $includes_dir = null;
57
  protected $plugin_basename = null;
58
  protected $plugin_file = null;
59
-
60
  protected $parent_menu_slug = null;
61
 
62
  protected function __construct() {
@@ -121,10 +119,12 @@ if (!class_exists('\WPFront\URE\WPFront_User_Role_Editor')) {
121
  require_once $this->includes_dir . 'shortcodes/class-shortcodes.php';
122
  require_once $this->includes_dir . 'post-type/class-post-type.php';
123
  require_once $this->includes_dir . 'taxonomies/class-taxonomies.php';
 
124
  require_once $this->includes_dir . 'go-pro/class-go-pro.php';
125
 
126
  require_once $this->includes_dir . 'integration/plugins/class-wpfront-user-role-editor-plugin-integration.php';
127
 
 
128
  if (file_exists($this->includes_dir . 'ppro/includes.php')) {
129
  require_once $this->includes_dir . 'ppro/includes.php';
130
  }
4
  * Plugin Name: WPFront User Role Editor
5
  * Plugin URI: http://wpfront.com/user-role-editor-pro/
6
  * Description: Allows you to manage your site's security using user role permissions.
7
+ * Version: 3.2.1.11184
8
  * Requires at least: 5.0
9
  * Requires PHP: 7.0
10
  * Author: Syam Mohan
46
 
47
  class WPFront_User_Role_Editor {
48
 
49
+ const VERSION = '3.2.1.11184';
50
  const PLUGIN_SLUG = 'wpfront-user-role-editor';
51
 
52
  protected static $instance = null;
 
53
  protected $plugin_url = null;
54
  protected $plugin_dir = null;
55
  protected $includes_dir = null;
56
  protected $plugin_basename = null;
57
  protected $plugin_file = null;
 
58
  protected $parent_menu_slug = null;
59
 
60
  protected function __construct() {
119
  require_once $this->includes_dir . 'shortcodes/class-shortcodes.php';
120
  require_once $this->includes_dir . 'post-type/class-post-type.php';
121
  require_once $this->includes_dir . 'taxonomies/class-taxonomies.php';
122
+ require_once $this->includes_dir . 'wp/includes.php';
123
  require_once $this->includes_dir . 'go-pro/class-go-pro.php';
124
 
125
  require_once $this->includes_dir . 'integration/plugins/class-wpfront-user-role-editor-plugin-integration.php';
126
 
127
+
128
  if (file_exists($this->includes_dir . 'ppro/includes.php')) {
129
  require_once $this->includes_dir . 'ppro/includes.php';
130
  }