Changes List User Role Editor Pro

Changes list [03.11.2022]

Core version: 4.63.1

  • Update: Marked as compatible with WordPress version 6.1.
  • Fix: Navigation menu admin access add-on: Warning: Attempt to read property “slug” on int in /wp-content/plugins/user-role-editor-pro/pro/includes/classes/nav-menus-admin-access.php on line 73

Changes list [29.09.2022]

Core version: 4.63.1

  • Fix: Edit access restrictions add-on: Prohibit by selected posts ID list criteria worked incorrectly – all posts were prohibited instead of selected only.
  • Update: Edit access restrictions add-on: It skips Elementor’s internal custom post types to reduce general time execution.

Changes list [21.09.2022]

Core version: 4.63.1

  • Marked as compatible with WordPress version 6.0.2
  • Fix: It was possible to open a post from a prohibited post type for editing via direct link by post ID, like /wp-admin/post.php?post=NN&action=edit
  • Update: Admin menu access add-on: URL Parameters White List: convert parameter name to lower case before processing.
  • Update: German translation was updated.
  • Core version was updated to 4.63.1
  • Fix: PHP Warning: Attempt to read property “ID” on null in ./includes/classes/user-role-editor.php on line 369
  • Fix: Deprecated: Automatic conversion of false to array is deprecated in ./includes/classes/base-lib.php on line 212

[4.63] [03.08.2022]

Core version: 4.63

  • Update: Marked as compatible with WordPress 6.0.1
  • New: Edit restrictions access add-on: It’s possible allow/prohibit for role or user the selected post types: posts, pages, custom post types.
  • Fix: Content view restrictions add-on: Fatal error: Uncaught InvalidArgumentException: target should be an object with map method or an array in /wp-content/plugins/sitepress-multilingual-cms/vendor/wpml/fp/core/Fns.php:156
    URE tried to check if not logged-in user can edit the post, by its ID. This leaded to a problem inside WPML plugin code.
  • Fix: Content edit restrictions: “Force custom post types to use their own capabilities” option: URE automatically created custom post types unique capabilities later then “Fusion Builder” plugin did. ‘init’ action was replaced with ‘wp_loaded’ one.
  • Update: Content view restrictions add-on: restrictions are applied to the public custom post types only.
  • Update: Few notices (e.g. “Constant FILTER_SANITIZE_STRING is deprecated”) was fixed for better compatibility with PHP 8.1.
  • Core version was updated to version 4.63
  • New: It’s possible to translate custom role names using [PolyLang](https://wordpress.org/plugins/polylang/) plugin.
  • Update: URE does not sort roles in WordPress dropdown lists. In order to sort roles by name return ‘name’ from ‘ure_sort_wp_roles_list’ filter.
  • Update: User capabilities view page minor CSS enhancements.

[4.62.1] [29.03.2022]

Core version: 4.61.2

  • Update: Marked as compatible with WordPress 5.9.2
  • Fix: Gravity Forms edit access add-on:
    – Uncaught Error: Call to undefined method URE_GF_Access_User::get_fg_list() in /wp-content/plugins/user-role-editor-pro/pro/includes/classes/gf-access-user.php:211
    – All Gravity Forms were available for the user in spite of the restrictions set for him

[4.62] [07.03.2022]

Core version: 4.61.2

  • Update: Marked as compatible with WordPress 5.9.1
  • New: It’s possible to import all user roles at once from previously exported CSV file.
  • New: “Edit posts restrictions” add-on: It’s possible to replicate settings from the main site to all other subsites of the multisite network (Network admin->Users->User Role Editor->Update Network).
  • Core version was updated to version 4.61.2
  • Fix: “Users->Add New” page – other selected roles were not saved.
  • Update: URE uses WordPress notification styles for own operation result output.

[4.61] [26.01.2022]

Core version: 4.61.1

  • Update: Marked as compatible with WordPress 5.9
  • Update: PHP 7.3 is marked as required.
  • New: Gravity Forms Edit Access add-on: It’s possible to set what forms is allowed to edit for the selected role.
  • New: Content view restrictions add-on: [user_role_editor] shortcode “roles” and “except_roles” attributes supports the “no_role” value for logged-in users with “No role for this site” – without any role granted.
  • Fix: Content view restrictions add-on: PHP Warning: A non-numeric value encountered in /wp-content/plugins/user-role-editor-pro/pro/includes/classes/posts-view.php on line 224.
  • Fix: Meta boxes access add-on: PHP Warning: A non-numeric value encountered in /wp-content/plugins/user-role-editor-pro/pro/includes/classes/meta-boxes.php on line 452.
  • Core version was updated to version 4.61.1
  • Update: If installed PHP/WordPress version is lower than required one, script termination ( wp_die() ) was replaced with notice-warning admin notice output.
  • Update: “Settings->User Role Editor->Tools->Reset” button is additionally protected from the unintended/accidental usage by text input field. Manual input of “Permanently delete all custom user roles and capabilities” text is required to enable the “Reset” button.
  • Update: Partial code review and refactoring according with WordPress & PHP coding standards.
  • Fix: “Users->selected user->Capabilities” page: ‘select all’ checkbox did not work.

[4.60.2] [21.09.2021]

Core version: 4.60.2

  • Update: Marked as compatible with WordPress 5.8.1
  • Fix: Admin menu access add-on: Blocked admin menu item “SEO->Workouts” (from Yoast SEO plugin) was still available as main menu item.
  • Fix: Multisite: Add-ons data from the main site were not replicated to subsites after click “Update Network” button from the “Network Admin->Users->User Role
    Editor”.
  • Fix: Navigation menus access add-on:
    – PHP Warning: Undefined variable $result in /wp-content/plugins/user-role-editor-pro/pro/includes/classes/nav-menus-admin-controller.php on line 28
    – PHP Fatal error: Uncaught TypeError: Unsupported operand types: string + string in /wp-content/plugins/user-role-editor-pro/pro/includes/classes/nav-menus-admin-view.php:146
  • Core version was updated to version 4.60.2.b1
  • New: URE user capability ‘ure_edit_gravityforms_access’ was added (for future use).
  • Fix: Multisite: URE_Editor::is_full_network_sync() returned FALSE, instead TRUE for the AJAX call, while call was made from the Network Admin (wp-admin/network/).

[4.60.1] [21.07.2021]

Core version: 4.60.1

  • Update: Marked as compatible with WordPress 5.8.
  • Fix: Edit restrictions add-on: If one of the pages on hierarchy tree was not published (draft) it may become unavailable for editing in spite of user can (is allowed) edit the parent page.
  • Core version was updated to version 4.60.1
  • Fix: PHP Notice: Undefined property: URE_User_View::$multisite in /wp-content/plugins/user-role-editor/includes/classes/user-view.php on line 145

[4.60] [28.06.2021]

Core version: 4.60

  • Fix: “Multisite: User lost granted roles after click “Users->Capabilities->Update Network”.
  • New: Edit posts/pages/custom post types restrictions add-on: new custom filters were added: ‘ure_post_edit_access_restricted_taxonomies’, ‘ure_post_edit_access_allowed_terms’, ‘ure_post_edit_access_terms_to_exclude’.
  • Update: Edit posts/pages/custom post types restrictions add-on:
    – It is compatible now with “Admin Columns” and “Advanced Custom Fields” plugins. “Admin columns” plugin did not showed “Advanced Custom Fields” managed column values, when URE applied edit restrictions. URE excludes now from edit restrictions ACF plugins custom post types ‘acf-field-group’ and ‘acf-field’.
    – It is compatible now with “Contact Form 7” plugin. You can restrict access to the CF7 plugin records the same way as to any other custom post type.
  • Core version was updated to version 4.60
  • New: Notification box was replaced with one based on the jpillora/nofifyjs jQuery plugin. It does not move down page content. It disappears automatically after 5 seconds. Click on it to remove it manually.
  • Fix: “Add capability” shows warning styled notification when needed (invalid characters, etc.) instead of a successful one.
  • Fix: Capabilities group uncheck and revert selection is blocked for the administrator role to exclude accident deletion of permissions from administrator role.

[4.59.4] [12.05.2021]

Core version: 4.59.1

  • New: Multisite: it’s possible to leave selected roles for selected subsites unchanged after “Update Network” applied. Add filter ‘ure_network_update_leave_roles’ and return from it the array like this one – array( (int) blog_id => array(‘role_id1’, ‘role_id2’, … );
  • Update: Posts/pages, custom post types edit restrictions add-on: child posts auto access takes into account all existing hierarchical post types, not only pages as earlier. Use ‘ure_auto_access_children_for_hierarchical_post_types’ filter in order to change this. It takes the single input parameter $hierarchical_post_types – the list of existing public hierarchical post types.
  • Core version was updated to version 4.59.1
  • New: Multisite: When update role at the main site with “Apply to all sites” option and PHP constant URE_MULTISITE_DIRECT_UPDATE === 1 (update roles directly in database, not via WordPress API), URE overwrites all subsite roles with roles from the main site. It’s possible now to leave selected role(s) for selected subsite(s) unchanged: add filter ‘ure_network_update_leave_roles’ and return from it the array like this one – array( (int) blog_id => array(‘role_id1’, ‘role_id2’, … );
  • Update: “Other roles” section is available now only for users with ‘promote_users’ capability.
  • Update: Notice at the top of URE page about action result is not removed automatically after 7 seconds as earlier.
  • Update: ‘ure_sort_wp_roles_list’ filter accepts these values for the single input parameter: false – leave roles list as it is; true or ‘id’ – sort roles list by role ID; ‘name’ – sort roles by role name in the alphabetical order.

[4.59.3] [07.04.2021]

Core version: 4.59

  • New: custom filter ‘ure_set_cpt_own_caps‘ was added. It takes 2 input parameters: $do_it (bool, TRUE by default) and $post_type (string). Return FALSE for this filter in order to leave the default capability type for selected custom post type when option “Force custom post types to use their own capabilities” is turned ON at URE’s options. If custom post type capabilities are not changed, related taxonomy capabilities are not changed too.
  • New: custom filter ‘ure_set_cpt_taxonomy_own_caps‘ was added. It takes 3 input parameters: $do_it (bool, TRUE by default), $taxonomy (string, like ‘product_cat’) and $post_type (string, like ‘product’). Return FALSE for this filter in order to leave the default capabilities for selected taxonomy even if related custom post type will get own capabilities when option “Force custom post types to use their own capabilities” is turned ON at URE’s options.
  • Update: PHP constant URE_WP_ADMIN_URL was replaced with direct ‘admin_url()’ call to respect the ‘admin_url’ filter applied at get_admin_url() function.
  • Core version was updated to 4.59
  • Update: Editing roles and capabilities granted to selected user (“Capabilities” link under user row at the “Users” list) executes ‘add_user_role’ or ‘remove_user_role’ actions only in case it really grants or revokes roles and/or capabilities.
    Previous versions fully revoked and granted again all roles during user permissions update even in case roles list was not changed. It was leaded to the false execution of the mentioned add/remove role actions.

[4.59.2] [02.03.2021]

Core version: 4.58.3

  • Fix: “Multisite -> Update Network” did not work due to bug in version 4.59.
  • Fix: Posts/pages, custom post types edit restrictions add-on:
    – Restricted user can some times see a full list of posts or pages due to internal caching issue.
    – Media Library restricted items list did not take into account authors ID list restriction criteria for images loaded directly to the Media Library, which does not have parent posts.
    – When products editing is restricted by product category/tag, product variations shown by “Admin Columns Pro – WooCommerce” plugin were not available. Now, if product is allowed, then related variations are allowed automatically too.
  • Update: Option “Force custom post types to use their own capabilities” replaces default capabilities for the custom taxonomies also. It takes the slug of the 1st post type associated with such taxonomy (e.g. ‘video’) and builds own capabilities this way: manage_terms->manage_video_terms, edit_terms->edit_video_terms, delete_terms->delete_video_terms, assign_terms->assign_video_terms. URE automatically adds such capabilities to the ‘administrator’ role. You have to grant these new capabilities to other roles manually.
  • Update: ‘edit_css’ capability is mapped to ‘unfiltered_html’ for WordPress multisite, in case ‘Enable “unfiltered_html” capability’ option is turned ON at the URE’s settings ‘Multisite’ tab. This automatically enables for a single site (blog/subsite) admin the ‘Additional CSS’ tab at the ‘Appearance->Customize’ page.
  • Update: Admin menu access add-on: New custom filter ‘ure_admin_menu_access_not_block_url‘ is available. It allows to whitelist not selected URL (without path, like admin.php?page=mlw_quiz_options), which is not presented at the admin menu and it’s not possible to select them with the “Block not Selected” model.
  • Core version was updated to 4.58.3
  • Update: URE automatically adds custom taxonomies capabilities to administrator role before opening “Users->User Role Editor” page.
  • Fix: Role changes were not saved with option “Confirm role update” switched off.

[4.59.1] [26.01.2021]

Core version: 4.58.2

  • Fix: Import single role: Uncaught TypeError: $ is not a function at HTMLDivElement.Import (import-single-role.js?ver=4.59:46) was fixed.

[4.59] [24.01.2021]

Core version: 4.58.2

  • Update: Admin menu access add-on: Update button saves changes via AJAX without full page reload.
  • Update: Nav menus admin access add-on: Update button saves changes via AJAX without full page reload.
  • Update: Widgets admin access add-on: Update button saves changes via AJAX without full page reload.
  • Update: All JavaScript files are loaded with URE plugin version number as a query string for cache busting purpose.
  • Fix: Widgets admin access add-on: “PHP Warning: A non-numeric value encountered in /wp-content/plugins/user-role-editor-pro/pro/includes/classes/widgets-admin-view.php on line 189” was fixed.
  • Fix: “JQMIGRATE: jQuery.fn.click() event shorthand is deprecated” notice was fixed.
  • Fix: “JQMIGRATE: jQuery.fn.submit() event shorthand is deprecated” notice was fixed.
  • Core version was updated to 4.58.2
  • Update: Users->User Role Editor: Update button saves changes via AJAX without full page reload.
  • Fix: New user registered via frontend (wp-login.php?action=register) automatically receives additional (other) default role(s) according to selection made at User Role Editor settings “Other default roles” tab.
  • Fix: “JQMIGRATE: jquery.fn.resize() event shorthand is deprecated” notice was fixed.
  • Fix: “JQMIGRATE: Number-typed values are deprecated for jQuery.fn.css( (property name), value )” notice was fixed.

Older Changes