Older Changes

[4.46] 16.05.2018

Core version: 4.42

  • Fix: Gravity Forms Access add-on:
    – “Fatal error: Maximum function nesting level of 256 reached, aborting!” raised in some cases was fixed.
    – Not allowed forms were excluded from top admin menu bar “Forms” recent forms list.
  • Core version was updated to 4.42:
  • Fix: Type checking was added (URE_Lib::restore_visual_composer_caps()) to fix “Warning: Invalid argument supplied for foreach() in …/user-role-editor-pro/includes/classes/ure-lib.php on line 315”.

[4.45] 07.05.2018

Core version: 4.41

  • New: WordPress Multisite: it’s possbile to automatically copy selected add-ons data from the main site to the new created subsite.
    Use custom filter ure_addons_to_copy_for_new_blog to build list of add-on, which data URE should copy.
  • Update: Admin menu access add-on:
    – menu item title was shown empty at “Admin menu” window, if it began from ‘<span’ HTML tag;
    – blocked menu item was not removed automatically if its submenu had the only item with the same link. It was possible in case menu item used another user capability then related submenu item.
  • Update: Content view restrictions add-on:
    – when you leave ‘Redirect to:’ parameter empty user is redirected to the login page and back to the initial URL after the successful login.
  • Update: Gravity Forms access add-on:
    – Function GFFormsModel::get_lead_table_name() call was replaced with GFFormsModel::get_entry_table_name() to provide compatibility with Gravity Forms v. 2.3+.
    – Gravity forms entry_detail page was added to the list of pages for which URE should control the list of available Gravity Forms.
  • Fix: Posts/Pages edit restrictions add-on:
    – infinite recursion was possible in some cases for ‘pre_get_posts’ action in posts-edit-access.php.
    – “Fatal error: Call to undefined method URE_Content_View_Restrictions::is_page_template_resticted_for_role() in content-view-restrictions.php on line 581” was fixed.
  • Core version was updated to 4.41:
  • New: URE changes currently selected role via AJAX request, without full page refresh.
  • Update: All WPBakery Visual Composer plugin custom user capabilities (started from ‘vc_access_rules_’) were excluded from processing by User Role Editor. Visual Composer loses settings made via its own “Role Manager” after the role update by User Role Editor in other case. The reason – Visual Composer stores not boolean values with user capabilities granted to the roles via own “Role Manager”. User Role Editor converted them to related boolean values during role(s) update.

[4.44] 06.04.2018

Core version: 4.40.3

  • Update: Integration with bbPress was enhanced.
  • Core version was updated to 4.40.3:
  • Update: bbPress detection and code for integration with it was updated to support multisite installations when URE is network activated but bbPress is activated on some sites of the network only. (Free version does not support bbPress roles. It excludes them from processing as bbPress creates them dynamically.)

[4.43] 04.04.2018

Core version: 4.40.1

  • Fix: Core version was reversed back to 4.40.1 due to fatal error cause by 4.40.2 update for some installations with active bbPress.

[4.42] 04.04.2018

Core version: 4.40.2

  • New: Content View Restrictions add-on:
    – New criteria “Page Templates” were added to content view restrictions for roles.
    – It’s possible to extend ‘Any User Role (logged in only)’ condition using custom filter ‘ure_is_user_logged_in’, in order to check the additional conditions, for example: date, user name, subdomain, etc.
  • Update: Admin menu access add-on: full admin menu copy creation code priority at ‘admin_menu’ hook was increased from 1000 to 9999. It should be executed after other plugins. MetaSlider plugin adds its admin menu with 9553 priority.
  • Fix: Content View Restrictions add-on:
    – “Redirect to URL” option did not work for pages.
    – pages linked to BuddyPress components (activity, groups, members) ignored restrictions set by URE.
  • Fix: Meta Boxes Access add-on: meta boxes blocking code hooked to the general ‘add_meta_boxes’ action fired too early and can not block meta boxes added via ‘add_meta_boxes_{post_type}’ hook executed later.
  • Core version was updated to 4.40.2:
  • Update: Load required .php files from the active bbPress plugin directly, as in some cases URE code may be executed earlier than they are loaded by bbPress.

[4.41] 06.02.2018

Core version: 4.40.1

  • New: Export-import module was rewritten:
    – Attention: New exported data format is not compatible with data exported by older versions.
    – Users->User Role Editor: Export/Import buttons applied to the single currently selected role only.
    – It’s possible to export/import add-ons data, like ‘Admin Menu’, ‘Posts Edit’, ‘Post View’, ‘Meta Boxes’.
    – Settings->Tools-> Export/Import buttons will work for all roles of current site (main site from the network admin) in the next version.
  • New: Content View Restrictions add-on: redirect to URL option was added for access error action.
  • Update: URE_Admin_Menu::load_menu_access_data_for_role() method was renamed to URE_Admin_Menu::load_data_for_role().
  • Update: URE_Admin_Menu::load_menu_access_data_for_user() method was renamed to URE_Admin_Menu::load_data_for_user().
  • Update: Page permissions viewer add-on: source code tracing was returned back (if available).
  • Update: Other roles access add-on: changes were applied for compatibility with PHP versions prior 5.5
  • Fix: Content View Restrictions add-on:
    – HTML layout issue was fixed at the “Action” section of post editor meta box.
    – Restrictions were not applied properly for WooCommerce products list via [products] shortcode as WooCommerce may cache query result of unrestricted user for 30 days and show that cached data to users with restricted view access.
  • Fix: Admin menu access add-on (URE_Admin_Menu_Access::update_menu()): bug in menu update may lead to the indefinite redirection loop as a blocked URL was selected as the 1st available menu item link.
  • Core version was updated to 4.40.1:
  • Update: use wp_roles() function from WordPress API instead of initializing $wp_roles global directly. wp_roles() function (introduced with WP 4.3) was included conditionally to URE code for backward compatibility with WordPress 4.0+
  • Fix: Bug was introduced by version 4.37 with users recalculation for “All” tab after excluding users with “administrator” role. Code worked incorrectly for Japanese locale.
  • Fix: WordPress multisite: bbPress plugin detection code was changed from checking bbPress API function existence to checking WordPress active plugins list. bbPress plugin activated for the site was not available yet for the network activated User Role Editor at the point of URE instance creation. URE did not work with bbPress roles as it should by design.

[4.40.1] 22.12.2017

Core version: 4.39

  • Fix: Content View Restrictions add-on: change of “For Users” field in post/page editor “Content View Restrictions” meta box was not saved properly after the 4.40 update.

[4.40] 20.12.2017

Core version: 4.39

  • New: Support was added for additional user capabilities introduced by WordPress versin 4.9: deactivate_plugins, install_languages, update_languages. There is a new section “Use additional capabilities” at Settings->User Role Editor->Additional Modules tab. Minimal required WordPress version: 4.9. ‘deactivate_plugin’ capability is mapped to ‘deactivate_plugins’, ‘activate_plugin’ – to ‘activate_plugins’.
  • Update: Admin menu access add-on: ‘paged’ argument was added as allowed by default for upload.php URL.
  • Fix: Admin menu access add-on: White-listed URL arguments were not taken into account in case URL started not with ‘admin.php’ and contained a ‘page’ argument.
  • Fix: Other roles access add-on: edit/delete user with blocked role via direct link (user-edit.php?user_id=ID or users.php?action=delete&user=ID) was not prohibited as expected.
  • Fix: Page permissions viewer add-on does not produce PHP notices and warnings in case ‘file’ index does not exist in a data return by debug_backtrace() function.
  • Update: Type checking enhanced for values received from a user input and for variable arguments inside database queries.
  • Update: Plugin settings management code moved to the separate URE_Settings_Pro class.
  • Update: “Settings->User Role Editor->Additional Modules” tab: if “Defaults for content view restrictions” section is visible when you click “Save”, it’s not hidden after the page refresh.
  • Core version was updated to 4.39:
  • Update: Plugin settings management code moved to the separate URE_Settings class.
  • Update: Own code to build usermeta db table name was excluded. A value from $wpdb->usermeta is used instead.
  • Update: Type checking enhanced for values received from a user input and for variable arguments inside database queries.

[4.39.1] 28.11.2017

Core version: 4.38

  • Fix: Posts/pages edit restrictions add-on: Posts/Pages view links ‘All/Mine/Published’ disappeared for user with administrator role. Some filter functions did not return values if edit restrictions are not applicable to a current user, administrator for example.

[4.39] 27.11.2017

Core version: 4.38

  • New: Admin menu access add-on: It’s possible to manage the allowed URL parameters list via “White list of URLs parameters’ link. This link is located at “Settings->User Role Editor->Additional Module” tab, just under “Activate Administrator Menu Access module” checkbox.
  • New: Posts/pages edit restrictions add-on: ‘ure_post_edit_access_terms_list’ custom filter allows to set a categories (terms) list (CSV) programmatically.
  • Update: Meta boxes access add-on supports WPML meta boxes now.
  • Update: Settings->User Role Editor->Additional Modules: section with defaults for Content View Restrictions add-on is shown/hidden by click on “Show Defaults…/Hide Defaults…” link.
  • Update: “Force custom post types use its own capabilities” option: custom post types are selected by enhanced criteria. Permissions was not changed earlier for CPT with a ‘page’ capability type.
  • Fix: Posts/pages edit restrictions add-on: excluded the cases, when edit restrictions would be applied to a user with superadmin priveleges.
  • Core version was updated to 4.38
  • Security: XSS vulnerability was fixed at URE’s options page. Bug was discovered and fixed at tab index value numeric type checking. Tab index value is additionally escaped before output also.
  • Security: Deprecated code for debug output to the .log file in case of database query error was removed.
  • Security: Multiple select jQuery plugin (https://github.com/wenzhixin/multiple-select/) was updated to the latest available version 1.2.1, which fixed XSS vulnerability, existed in earlier versions.

[4.38] 04.11.2017

Core version: 4.37

  • New: User permissions viewer add-on was added. It shows at the bottom of every admin backend (wp-admin) page the user capabilities list checked by this page and plugins hooked to it.
  • New: bbPress user capabilities are shown at User Role Editor under the separate group “Custom capabilities->bbPress” if bbPress plugin is active.
  • Update: Content edit restrictions add-on: removed unneeded current user admin permissions checking, which executed for any WordPress page.
  • Update: Admin menu access add-on: redirection code for blocked URL was enhanced.
  • Update: Content view restrictions add-on: hooks to WordPress with 999 priority instead of former 100 for better compatibility with other plugins.
  • Fix: Content view restrictions add-on: WP_Query query variable ‘post__not_in’ is set in case when ‘post__in’ is not set. Otherwise prohibited posts are excluded from existing ‘post__in’ array.
  • Fix: Other roles access add-on: Users with roles blocked for current user are excluded from the users list. Quantity of users of ‘All’ view (tab) at ‘Users’ page is decreased now for the quantity of hidden users.
  • Core version was updated to 4.37
  • New: New option was added. It’s possible to select permanent quant of capabilities columns at the “Settings->User Role Editor->General” tab.
  • Update: User capabilities are shown for custom post types which use the WordPress built-in ‘post’ or ‘page’ capability type. (0/0) was shown earlier instead of the quantity of user capabilities really used.
  • Update: Restriction was added for ‘do_not_allow’ user capability (used internally by WordPress). You can not add it manually.
  • Fix: URE hides users with ‘administrator’ role by default from any other user. Quantity of users of ‘All’ view (tab) at ‘Users’ page is decreased now for the quantity of hidden admins.

[4.37] 27.09.2017

  • Core version: 4.36.1
  • New: Required WordPress version was raised up to 4.4. Front-end menu access add-on does not support earlier WordPress versions.
  • New: Posts/pages edit restrictions add-on: User with restrictions by categories can use ‘Clone’ link from ‘Duplicate Post’ plugin. The 1st category available to a current user will be assigned automatically to a new created post copy in order to make this post editable to this user.
  • Fix: Posts/pages edit restrictions add-on: URE will extend automatically the list of allowed/restricted attachments for media library items, attached to allowed/restricted posts/pages/CPT.
  • Update: Content View Restrictions shortcode add-on: Shortcode [user_role_editor] was not processed/rendered by default for a user with ‘administrator’ role,
    following a logic “there are not restrictions for administrators”. It’s changed according to multiple user requests. Users with ‘administrator’ role will not see not rendered [user_role_editor]…[/user_role_editor] shortcode text at front-end starting with this update. It does not depend from a ‘ure_render_content_view_shortcode_for_admin’ filter value. All [user_role_editor] shortcodes are rendered for all users, including superadmin.
    It’s possible to change this default behavior via custom filter ‘ure_render_content_view_shortcode_for_admin’. It takes a single boolean parameter. Change it to FALSE in order a user with ‘administrator’ role can see a raw content instead of a rendered/restricted one.
  • Fix: Front end menu access add-on:
    – Access filter is applied for front-end only to get rid off accidental deletion of restricted menu items.
    – ‘wp_get_nav_menu_items’ filter is used now instead of ‘wp_nav_menu_objects’ one, which fires too late for case when some plugin uses own code to show WordPress navigation menu and do not uses wp_nav_menu() function from WordPress core.
    – URE does not override WordPress front-end menu output method as earlier, it uses reqexp to insert custom action to the right place of WordPress front-end menu output.
  • Fix: Admin menu access add-on:
    – User with ‘manage_categories’ capability, but without ‘edit_posts’ one, did not have access to the Posts->Categories, Posts->Tags menu items with active “Admin menu access” add-on.
    – ‘Block not selected’ model did not allow search and sort operations with categories and tags. User was redirected to the dashboard automatically.
  • Fix: Incompatibility issue with Advanced Custom Fields (ACF) plugin was fixed – meta boxes added by ACF were not recognized by “Widgets access” add-on.
  • Update: Direct access to the global $current_user variable is excluded from the code. Current user data is initialized via WordPress core functions wp_get_current_user() or get_current_user_id().
  • Update: Various unused pieces of code were removed.
  • Core version was updated to 4.36.1
  • Update: Direct access to the global $current_user variable is excluded from the code. Current user data is initialized via WordPress core functions wp_get_current_user() or get_current_user_id().
  • New: It’s possible to set any URE’s option value programmatically: use custom filter ‘ure_get_option_‘. It takes a single parameter with current/default value for required options. Full list of User Role Editor options is available here: https://www.role-editor.com/documentation/options-list
  • Update: Users page – Grant Roles. It’s possible to change just “Other roles” for multiple users and leave their primary roles untouched. Just leave a “Primary role” field empty. If you select the “- No role for this site -” option from a “Primary role” drop-down list, plugin will revoke all roles from the selected users.
  • Update: Options page screen help text was updated.
  • Fix: Additional (other) default roles set at URE’s settings page are not granted to a new user now, if they were deselected at a ‘Add New User’ page.

[4.36.1] 20.07.2017

Core version: 4.35.3

  • Core was updated to version 4.35.3:
  • Fix: Multiple roles assignment (including default roles) did not work at “Users->Add New” new-user.php (contexts: add-existing-user, add-new-user) page for WordPress multisite.

[4.36] 18.07.2017

Core version: 4.35.2

  • New: Content view restrictions shortcode: ‘users’, ‘except_users’ attributes were added to the existing ‘user_role_editor’ shortcode. It’s possible to use digital user IDs or symbolic user logins, e.g. users=”11, 25, billy” or except_users=”18, peggy”.
  • Fix: Admin menu access add-on: submenu which is not linked to the main menu are removed now from internal URE Pro data structures to exclude PHP notices, like Undefined offset: 3 in wp-content/plugins/user-role-editor-pro/pro/includes/classes/admin-menu-access.php on line 214
  • Update: JavaScript code enhancements.
  • Core was updated to version 4.35.2:
  • Fix: Multiple default roles (if defined at URE’s settings) are selected automatically at ‘add-new-user’ page.
  • Update: Code enhancement for protection of users with ‘administrator’ role from each other. Current user can see his own record and edit own profile.

[4.35.2] 10.07.2017

Core version: 4.35.1

  • Fix: Gravity Forms access add-on: view of entries from prohibited forms via direct URL was not blocked.
  • Fix: Admin menu access add-on: It was not possible to block menu items when user had access to some submenu item, like “Categories”, but did not have access to a top level menu, like ‘Posts’. ‘Categories’ was shown in spite of it was configured as blocked.
  • Core was updated to version 4.35.1:
  • Fix: “Grant Roles” button at the bottom of “Users” page did not work as had the same ID as a similar button at the top of this page.
  • Update: when bbPress plugin is active, “Grant Roles” does not revoke bbPress role granted to user anymore.
  • Fix: The same ID “move_from_no_role” and “move_from_no_role_dialog” were output twice at “Users” page.

[4.35.1] 11.06.2017

Core version: 4.35

  • Fix: Posts/pages edit access add-on:
    – Child pages ID list selection algorithm was fixed and optimized.
    – ‘Mine’ view posts count shows valid quantity of current user posts.
  • Fix: All add-ons: class ‘ui-button-text’ was added to all ui-dialog (update, cancel) buttons.
  • Update:Core was updated to version 4.35:
  • Update: Bulk capabilities selection checkbox is not shown for ‘administrator’ role for single site WP, and is shown if current user is superadmin for multisite WP. It was done to exclude sudden revoke of all capabilities from the ‘administrator’ role.
  • Update: Full copy of JQuery UI 1.11.4 custom theme CSS file (jquery-ui.css) was included.
  • Fix: User->User Role Editor page apparently loads own jQuery UI CSS (instead of use of WordPress default one) in order to exclude the conflicts with themes and plugins which can load own jQuery UI CSS globally not for own pages only.
  • Fix: “Change Log” link was replaced with secure https://www.role-editor.com/changelog

[4.35] 04.06.2017

Core version: 4.34

  • New: Widgets admin access add-on: It’s possible to block access to sidebars.
  • Fix: Admin menu access add-on: “block not selected” model redirected user to the 1st available URL from allowed URLs with different letter case parameters, like admin.php?page=PopupBuilder
  • Update: Core version was updated to 4.34:
  • New: Multisite ‘upgrade_network’ capability support was added for compatibility with WordPress 4.8.
  • New: Multisite ‘delete_sites’ capability support was added.
  • Fix: jQuery UI CSS was updated to fix minor view inconsistency at the URE’s Settings page.
  • Fix: “Reset” presentation code remainders were removed from the main User Role Editor page.
  • Fix: ‘manage_links’ capability was included into a wrong subgroup instead of “Core->General”. It was a mistake in the capabilities group counters for that reason.

[4.34.3] 23.05.2017

Core version: 4.33.1

  • Fix: Content view restrictions add-on: PHP notice was removed: Undefined variable: self in /wp-content/plugins/user-role-editor-pro/pro/includes/classes/content-view-restrictions.php on line 795

[4.34.2] 22.05.2017

Core version: 4.33.1

  • New: Posts/pages edit restrictions add-on: custom filter ‘ure_edit_posts_access_restriction_type’ was added. It allows to modify on a fly the restriction type for current user: 1 – prohibit, 2 – allow.
  • Update: “Use jQuery UI CSS from jQuery CDN” option was removed from the “General” tab of User Role Editor Pro Settings page.
  • Fix: Content view restrictions add-on:
    – URE_Content_View_Restrictions::current_user_can_view() returned incorrect result for some restrictions settings.;
    – URE_Content_View_Restrictions_Posts_List::do_not_restrict_editors() could intercept with Posts/pages edit restrictions add-on by recursive call of view filter when WP_Query selects posts available for editing.
    – ure_restrict_content_view_for_authors_and_editors filter was ignored for single page content.
  • Update: Core version was updated to 4.33.1
  • Update: Core version: “Reset” button moved from the “Users->User Role Editor” main page to the “Settings->User Role Editor->Tools” tab.
  • Update: Core version: “Users->Grant Roles” button worked only for superadmin or user with ‘ure_manage_options’ capability. User with ‘edit_users’ can use this feature now.
  • Update: Core version: Settings tabs and dialog windows style sheets was updated to jQuery UI 1.11.4 default theme.
  • New: Core version: Boolean filter ‘ure_bulk_grant_roles’ allows to not show “Users->Grant Roles” button if you don’t need it.
  • New: Core version: Boolean filter ‘ure_users_select_primary_role’ can hide ‘Primary role’ selection controls from the user profile edit page.
  • New: Core version: Boolean filter ‘ure_users_show_wp_change_role’ can hide “Change Role” bulk action selection control from the Users page. So it’s possible to configure permissions for user who can change just other roles of a user without changing his primary role.
  • Fix: Buttons “Users->Without Roles”, “Users->Grant Roles” are shown only to the users with ‘edit_users’ capability.
  • Fix: Transients caching was removed from URE_Lib::_get_post_types() function. It cached post types list too early in some cases.

[4.34.1] 24.04.2017

Core version: 4.32.3

  • Fix: Front end menu access add-on: a lot of pages became restricted for front-end menu due to logic mistake in an access checking code. As a result related menu items were hidden from menu without a visible reason.

[4.34] 21.04.2017

Core version: 4.32.3

  • New: Front end menu access add-on:
    – “Not logged-in and logged-in users with selected roles” option was added.
    – menu items with links to the posts/pages prohibited for view for current user by “Content view restrictions” add-on with 404 HTTP error action are excluded from menu automatically.
  • New: Content view restrictions add-on:
    – Shortcode [user_role_editor] roles / except_roles attributes support ‘&&’ role ID separator. For example roles=”subscriber && customer” means that user should have both roles simultaneously, comparing to the roles=”subscriber, customer” which works for subscribers or customers or (subscribers and customers).
    – public static method URE_Content_View_Restrictions::current_user_can_view($post_id) was added. It returns boolean value.
  • Update: Content view restrictions add-on:
    – roles list opened at the post level is sorted by alphabet.
    – Singleton pattern was applied to the URE_Content_View_Restrictions_Posts_List class.
  • Update: Admin menu access add-on: “block not selected model”: support was added for URL parameters added to users.php by “Ultimate Member” plugin.
  • Fix: Content view restrictions add-on:
    – default setting for access error action “return HTTP 404 error” was not always applied to the new added post.
    – categories/tags/terms group selection checkboxes work separately now for every term group – categories, tags, etc.
  • Fix: bbPress role support was broken, even administrator did not see bbPress menu and user roles in some cases while User Role Editor Pro was active.
  • Fix: Admin menu access add-on: “block not selected model” did not allow to delete users and use other core WordPress functionality at “users.php’ page redirecting user to the 1st available admin menu item.

[4.33] 03.04.2017

Core version: 4.32.3

  • New: Content view restrictions add-on: authors list and own data only options were added for roles.
  • Fix: Content view restrictions add-on:
    – filter by categories may work incorrectly due to mistake in the SQL query;
    – content-view-restrictions-controller.php used not existed function URE_Lib_Pro::filter_int_array().
  • Update: Admin menu access add-on: parameters added by ‘Enable media replace’ plugin were registered as allowed for upload.php link. Earlier ‘Replace’ link was blocked with a redirection to the 1st available menu item.
  • Fix: Admin menu access add-on: “Block not selected” model:
    – search a user at “Users” page was finished by the automatic redirection to the 1st available menu item (Dashboard, etc.). The list of allowed parameters for ‘Users’ page was extended for the search and sort parameters used at this page by WordPress core.
    – selection of ‘Media Library->Add new’ menu item was resulted by removing of ‘Upload Files’ tab at a dialog opened by “Add Media” button from the post/page editor screen.
  • Fix: Bulk grant to users multiple roles JavaScript code is loaded now for users.php page only, not globally.
  • Fix: nonexistent html_esc__() function was called instead of valid esc_html__() one at pro/includes/classes/posts-edit-access-bulk-action.php file.
  • Fix: “Users->Grant Roles” button did not work with switched off option “Count Users without role” at “Settings->User Role Editor->Additional Modules” tab. “JQuery UI” library was not loaded.
  • Fix: Boolean false was sent to WordPress core wp_enqueue_script() function as the 2nd parameter instead of an empty string. We should respect the type of parameter which code author supposed to use initially.
  • Update: minimal PHP version was raised to 5.3.

[4.32.3] 10.03.2017

Core version: 4.32.1

  • New: Button “Grant Roles” allows to “Assign multiple roles to the selected users” directly from the “Users” page.
  • Update: Singleton template was applied to the main class User Role Editor Pro. While GLOBALS[‘user-role-editor’] reference to the instance of User_Role_Editor_Pro class is still available for the compatibility reasons, call to User_Role_Editor_Pro::get_instance() is the best way now to get a reference to the instance of User_Role_Editor_Pro class.
  • Fix: Content view restrictions add-on: PHP notice “Undefined index: ure_post_access_error_action in content-view-restrictions-controller.php” was removed.
  • Fix: ‘unfiltered_html’ capability was added to the ‘General’ capabilities group.

[4.32.2] 10.02.2017

Core version: 4.31.1

  • Fix: Content view restrictions add-on: restrictions were applied too early, some theme or plugin could replace ‘access error’ message from URE with original protected content.
  • Fix: Posts edit restrictions add-on: User with restrictions saws a full list of Media Library items in case he did not have own attachments in the list of allowed posts, minor code enhancements.
  • Fix: Fix: Admin menu access add-on: Code responsible for a legacy data format conversion was excluded.
  • Fix: It’s possible to translate license key states: “Active, Expired, Invalid”.

[4.32.1] 07.01.2017

Core version: 4.31.1

  • Fix: Plugins access add-on: User with ‘activate_plugins’ capability but empty allowed plugins list did not see any plugins. When a restriction is not set, user should see a full plugins list.
  • Update: Front-end menu access add-on: It works now according to the given permissions, if current user is a site admin too.
  • Update: Posts edit access add-on: It’s possible to modify posts/pages, custom post type ID list via filter ‘ure_edit_posts_access_id_list‘. ID list is a comma separated list of integers.

[4.32] 06.01.2017

Core version: 4.31.1

  • New: Plugins access add-on:
    – It’s possible to restrict access to the list of plugins available for activation/deactivation for the role.
    – It’s possible to change selection model: allow access to the selected or not selected plugins.
  • Fix: bbPress roles changes were not saved.
  • Fix: Admin menu access add-on: List of allowed URL parameters checked under “blocked not selected” model was extended for parameters used by Gravity Forms plugin.
  • Fix: WP transients get/set were removed from URE_Own_Capabilities class. It leaded to the MySQL deadlock in some cases.
  • Update: Base_Lib::get_request_var() sanitizes user input by PHP’s filter_var() in addition to WordPress core’s esc_attr().