Changes List User Role Editor Pro

[4.64.4] 15.12.2024

Core version: 4.64.4

  • Core version was updated to 4.64.4
  • Security Fix: Users – “Add Role”, “Revoke Role” buttons: Cross-Site request forgery to privilege escalation was possible due to missed nonce validation. This issue was discovered and responsibly reported by vgo0.

[4.64.3] 04.12.2024

Core version: 4.64.3

  • Update: Marked as compatible with WordPress 6.7.1
  • Core version was updated to 4.64.3
  • Fix: PHP Notice: “Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the user-role-editor domain was triggered too early.” was fixed (shown only for those who used own .mo translation file installed).
  • Fix: Miscellaneous translation functionality (l18n) usage enhancements were applied.

[4.64.2] 26.03.2024

Core version: 4.64.2

  • Update: Marked as compatible with WordPress 6.5
  • Update: Content view restrictions add-on: historically if field “For users” was empty, URE applies “Selected Roles” to the existing post (in case it was not assigned yet), but a default value set by user at URE Settings is applied in both cases, for new added and existing posts.
  • Fix: Posts/pages edit restrictions add-on: endless recursion calls issue (conflict with “The Events Calendar” plugin) was fixed.
  • Fix: Admin menu access add-on:
    – full URL (including domain) was used for some menu items. For this reason checkboxes of such menu items may lose selection in case of replication of admin menu restrictions to all subsites under WP multisite. Re-check your admin menu access settings just in case mentioned menu items became unchecked after this update.
    – strpos(): Passing null to parameter #1 ($haystack) of type string is deprecated in /wp-content/plugins/user-role-editor-pro/pro/includes/classes/admin-menu-view.php on line 253
  • Fix: wp-admin pages permissions viewer: Undefined array key -1 in /wp-content/plugins/user-role-editor-pro/pro/includes/classes/page-permissions-view.php on line 137
  • Fix: Deprecated: explode(): Passing null to parameter #2 ($string) of type string is deprecated in wp-content/plugins/user-role-editor-pro/pro/includes/classes/utils.php on line 181
  • Fix: Notice: Array to string conversion in wp-content/plugins/user-role-editor-pro/pro/includes/classes/posts-edit-access-user.php on line 965
  • Core version was updated to 4.64.2
  • Update: URE_Advertisement: rand() is replaced with wp_rand().
  • Update: URE_Ajax_Proccessor: json_encode() is replaced with wp_json_encode().
  • Update: User_Role_Editor::load_translation(): load_plugin_textdomain() is called with the 2nd parameter value false, instead of deprecated ”.
  • Update: URE_Lib::is_right_admin_path(): parse_url() is replaced with wp_parse_url().
  • Update: URE_Lib::user_is_admin() does not call WP_User::has_cap() to enhance performance.
  • Update: Plugin version was added to CSS loaded to the “Users”, “Users->User Role Editor”, “Settings->User Role Editor” pages.
  • Update: All JavaScript files are loaded in footer now.
  • Fix: “Users->Add New Users”. Unneeded extra ‘table’ HTML tags was removed (thanks to Alejandro A. for this bug report).

[4.64.1] 30.10.2023

Core version: 4.64.1

  • Fix: Notice shown by PHP 8.3 is removed: PHP Deprecated: Creation of dynamic property URE_Export_Single_Role::$editor is deprecated in wp-content/plugins/user-role-editor-pro/pro/includes/classes/export-single-role.php:23
  • Fix: Notice shown by PHP 8.3 is removed: PHP Deprecated: Creation of dynamic property PluginInfo_1_3::$requires_php is deprecated in /wp-content/plugins/user-role-editor-pro/pro/includes/plugin-update-checker.php on line 801
  • Fix: Notice shown by PHP 8.3 is removed: PHP Deprecated: Creation of dynamic property PluginInfo_1_3::$license_state is deprecated in /wp-content/plugins/user-role-editor-pro/pro/includes/plugin-update-checker.php on line 801
  • Fix: Notice shown by PHP 8.3 is removed: PHP Deprecated: Creation of dynamic property PluginInfo_1_3::$request_time_elapsed is deprecated in /wp-content/plugins/user-role-editor-pro/pro/includes/plugin-update-checker.php on line 801
  • Fix: Content view restrictions add-on: Undefined array key 0 in user-role-editor-pro/pro/includes/classes/post-types-own-caps.php on line 93
  • Update: filter ‘ure_check_updates’ was added. It’s return true by default. Return false from it to switch off automatic checking if new version of URE is available. It would be useful if you use URE behind corporate firewall and it does not have access to the Internet.
  • Core version was updated to 4.64.1
  • Fix: Notice shown by PHP 8.3 is removed: PHP Deprecated: Creation of dynamic property URE_Editor::$hide_pro_banner is deprecated in /wp-content/plugins/user-role-editor/includes/classes/editor.php on line 166
  • Fix: Notice shown by PHP 8.3 is removed: PHP Deprecated: Creation of dynamic property URE_Role_View::$caps_to_remove is deprecated in /wp-content/plugins/user-role-editor/includes/classes/role-view.php on line 23
  • Fix: Notice shown by PHP 8.3 is removed: PHP Deprecated: Function utf8_decode() is deprecated in /wp-content/plugins/user-role-editor-pro/includes/classes/editor.php on line 984

[4.64] [08.08.2023]

Core version: 4.64

  • Fix: PHP Warning: Trying to access array offset on value of type bool in /wp-content/plugins/user-role-editor-pro/pro/includes/classes/admin-menu-access.php on line 356.
  • Fix: PHP Warning: Undefined array key “message” in /wp-content/plugins/user-role-editor-pro/pro/includes/classes/ajax-processor.php on line 228.
  • Update: Admin menu access add-on: Block “Sales Reports” menu automatically, if WooCommerce->Reports menu item is blocked.
  • Core version was updated to 4.64
  • Fix: Missed ‘message’ parameter was added to response for AJAX query. It fixed the potential PHP Warning: Undefined array key “message” in expressions like “strpos( $data[‘message’], …
  • Update: “Show capabilities in human readable form” checkbox switches between capability 2 text forms without full page reloading using JavaScript.

[4.63.5] [28.03.2023]

Core version: 4.63.3

  • Fix: Content view restrictions add-on: Now a CVR meta box is added to a term edit page after checking of ‘ure_content_view_access’ permission.
  • Update: Front-end menu view add-on: CSS was changed for URE controls
    to not overlap with other elements.
  • Core version was updated to 4.63.3
  • Fix: PHP version 8.2 showed warning: Creation of dynamic property User_Role_Editor::$settings_page_hook is deprecated : wp-content/plugins/user-role-editor/includes/classes/user-role-editor.php:603
  • Fix: PHP Fatal error: Uncaught TypeError: in_array(): Argument #2 ($haystack) must be of type array, int given in /www/wp-content/plugins/user-role-editor/includes/classes/view.php:81
  • Fix: PHP Parse error: syntax error, unexpected ‘:’, expecting ‘;’ or ‘{‘: wp-content/plugins/user-role-editor/includes/classes/base-lib.php on line 119, type declarations were removed for compatibility with older PHP versions.

[4.63.4] [16.12.2022]

Core version: 4.63.2

  • Update: array_merge() function is replaced with wrapper ure_array_merge(), to exclude fatal error: Argument #2 must be of type array.
  • Fix: Edit posts restrictions add-on:

    – Full list of posts was shown for user with “Own data only” turned ON in case user did not have any own post.
    – Full list of terms/categories was available at the post editor for selection for user with restricted access by terms/categories.
  • Fix: PHP Fatal error: Uncaught TypeError: array_key_exists(): Argument #2 ($array) must be of type array, null given in /wp-content/plugins/user-role-editor-pro/pro/includes/classes/admin-menu-
    view.php:380
  • Fix: PHP Warning: Trying to access array offset on value of type bool in /wp-content/plugins/user-role-editor-pro/pro/includes/classes/admin-menu-access.php on line 353
  • Core version was updated to 4.63.2
  • Update: symbols ‘{}$’ are removed from capability name before use it for internal purpose, to exclude cases like when one of plugins broke URE work adding capability like ‘edit_{$type}s’.
  • Update: array_merge() function is replaced with wrapper ure_array_merge(), to exclude fatal error: Argument #2 must be of type array.

[4.63.3] [03.11.2022]

Core version: 4.63.1

  • Update: Marked as compatible with WordPress version 6.1.
  • Fix: Navigation menu admin access add-on: Warning: Attempt to read property “slug” on int in /wp-content/plugins/user-role-editor-pro/pro/includes/classes/nav-menus-admin-access.php on line 73

[4.63.2] [29.09.2022]

Core version: 4.63.1

  • Fix: Edit access restrictions add-on: Prohibit by selected posts ID list criteria worked incorrectly – all posts were prohibited instead of selected only.
  • Update: Edit access restrictions add-on: It skips Elementor’s internal custom post types to reduce general time execution.

[4.63.1] [21.09.2022]

Core version: 4.63.1

  • Marked as compatible with WordPress version 6.0.2
  • Fix: It was possible to open a post from a prohibited post type for editing via direct link by post ID, like /wp-admin/post.php?post=NN&action=edit
  • Update: Admin menu access add-on: URL Parameters White List: convert parameter name to lower case before processing.
  • Update: German translation was updated.
  • Core version was updated to 4.63.1
  • Fix: PHP Warning: Attempt to read property “ID” on null in ./includes/classes/user-role-editor.php on line 369
  • Fix: Deprecated: Automatic conversion of false to array is deprecated in ./includes/classes/base-lib.php on line 212

[4.63] [03.08.2022]

Core version: 4.63

  • Update: Marked as compatible with WordPress 6.0.1
  • New: Edit restrictions access add-on: It’s possible allow/prohibit for role or user the selected post types: posts, pages, custom post types.
  • Fix: Content view restrictions add-on: Fatal error: Uncaught InvalidArgumentException: target should be an object with map method or an array in /wp-content/plugins/sitepress-multilingual-cms/vendor/wpml/fp/core/Fns.php:156
    URE tried to check if not logged-in user can edit the post, by its ID. This leaded to a problem inside WPML plugin code.
  • Fix: Content edit restrictions: “Force custom post types to use their own capabilities” option: URE automatically created custom post types unique capabilities later then “Fusion Builder” plugin did. ‘init’ action was replaced with ‘wp_loaded’ one.
  • Update: Content view restrictions add-on: restrictions are applied to the public custom post types only.
  • Update: Few notices (e.g. “Constant FILTER_SANITIZE_STRING is deprecated”) was fixed for better compatibility with PHP 8.1.
  • Core version was updated to version 4.63
  • New: It’s possible to translate custom role names using [PolyLang](https://wordpress.org/plugins/polylang/) plugin.
  • Update: URE does not sort roles in WordPress dropdown lists. In order to sort roles by name return ‘name’ from ‘ure_sort_wp_roles_list’ filter.
  • Update: User capabilities view page minor CSS enhancements.

[4.62.1] [29.03.2022]

Core version: 4.61.2

  • Update: Marked as compatible with WordPress 5.9.2
  • Fix: Gravity Forms edit access add-on:
    – Uncaught Error: Call to undefined method URE_GF_Access_User::get_fg_list() in /wp-content/plugins/user-role-editor-pro/pro/includes/classes/gf-access-user.php:211
    – All Gravity Forms were available for the user in spite of the restrictions set for him

[4.62] [07.03.2022]

Core version: 4.61.2

  • Update: Marked as compatible with WordPress 5.9.1
  • New: It’s possible to import all user roles at once from previously exported CSV file.
  • New: “Edit posts restrictions” add-on: It’s possible to replicate settings from the main site to all other subsites of the multisite network (Network admin->Users->User Role Editor->Update Network).
  • Core version was updated to version 4.61.2
  • Fix: “Users->Add New” page – other selected roles were not saved.
  • Update: URE uses WordPress notification styles for own operation result output.

[4.61] [26.01.2022]

Core version: 4.61.1

  • Update: Marked as compatible with WordPress 5.9
  • Update: PHP 7.3 is marked as required.
  • New: Gravity Forms Edit Access add-on: It’s possible to set what forms is allowed to edit for the selected role.
  • New: Content view restrictions add-on: [user_role_editor] shortcode “roles” and “except_roles” attributes supports the “no_role” value for logged-in users with “No role for this site” – without any role granted.
  • Fix: Content view restrictions add-on: PHP Warning: A non-numeric value encountered in /wp-content/plugins/user-role-editor-pro/pro/includes/classes/posts-view.php on line 224.
  • Fix: Meta boxes access add-on: PHP Warning: A non-numeric value encountered in /wp-content/plugins/user-role-editor-pro/pro/includes/classes/meta-boxes.php on line 452.
  • Core version was updated to version 4.61.1
  • Update: If installed PHP/WordPress version is lower than required one, script termination ( wp_die() ) was replaced with notice-warning admin notice output.
  • Update: “Settings->User Role Editor->Tools->Reset” button is additionally protected from the unintended/accidental usage by text input field. Manual input of “Permanently delete all custom user roles and capabilities” text is required to enable the “Reset” button.
  • Update: Partial code review and refactoring according with WordPress & PHP coding standards.
  • Fix: “Users->selected user->Capabilities” page: ‘select all’ checkbox did not work.

Older Changes