Older Changes

[4.26.1] 06.07.2016

Core version: 4.25.4

  • Fix: Admin menu access module: Posts sorting was not allowed for “block not selected” model. User was redirected to the dashboard when try to sort posts by title or date.
  • Fix: bbPress roles were missed from the list of roles available at User Role Editor.

[4.26] 05.07.2016

Core version: 4.25.4

  • Update: URE_KEY_CAPABILITY (allows to user to make anything with URE) constant was changed from ‘ure_edit_roles’ to ‘ure_manage_options’. It’s possible now to give to non-admin users the access to the User Role Editor without giving them access to the ‘administrator’ role and users with ‘administrator’ role.
  • Update: User receives full access to User Role Editor under WordPress multisite if he has ‘manage_network_plugins’ capability instead of ‘manager_network_users’ as it was earlier. This allows to give to a user ability to edit the network users without giving him access to the User Role Editor.
  • Update: Use WordPress’s global $current_site->blog_id to define main blog ID instead of selecting the 1st one from the sorted list of blogs.
  • New: Widgets Show Access additional module allows to manage which roles may see what widgets (more info…).
  • New: Admin menu access, Meta boxes access, Other roles access modules: functionality is available from the Network Admin Center for WordPress multisite. Data is updated for the main site. To replicate module data to other sites use ‘Network Update’ button.
  • New: Content edit restrictions: ure_post_edit_access_authors_list filter allows to modify authors list which posts should be allowed/prohibited for editing.
  • Fix: User was redirected to the main site instead of returning back to the Network Admin after update additional module data from the User Role Editor page opened under the Network Admin.
  • Fix: Content edit restrictions:
    – Subpages were restricted automatically up to 2nd level only. Full tree is processed now.
    – add orders by product owner function did not respect custom DB prefix, it used hard coded ‘wp_’ instead.
    – added bookings from “WC Booking” plugin by product owner, not only by booking author. Return false by ‘ure_edit_posts_access_add_bookings_by_product_owner’ filter to switch this behavior OFF.
    – forced “WC Booking” plugin do not suppress filters during booking products selection.
    – when ‘ure_auto_access_child_pages’ filter returned false, code returned void instead of unchanged posts list array.
  • Update: Custom post types own capabilities: moved code execution to the later priorities 98, 99 (comparing to earlier 11, 12) in order to exclude conflicts with plugins which register their custom post type with a later priority then a default 10.
  • Various code enhancements and optimization.

[4.25.1] 19.05.2016

Core version: 4.25.3

  • Fix: Content View Restrictions module:
    – Compatibility provided with WordPress versions earlier 4.4, which do not send ‘post’ parameter to “get_{$adjacent}_post_where” filter.
    – Conflict was resolved with WPML plugin. It adds ‘p’ parameter to the queries for a single post.Titles of restricted posts were viewable for that reason.
  • Fix: Admin menu access module:
    – If the 1st submenu item was blocked, menu item was renamed and lost its submenu with not blocked menu items.
  • New: Content Edit Restrictions module: filter ure_restrict_edit_post_type was added. It allows to exclude some post type (you don’t wish to restrict) from this module action.

[4.25] 05.05.2016

Core version: 4.25.2

  • New: Edit posts restrictions module:
    – It’s possible to set edit posts/pages/custom post types restrictions for roles.
    – Option ‘Own data only’ was added to allow to edit/see at admin just own posts/pages, custom post type items.
    – Support was added for “Woocommerce Bookings” plugin.
  • Fix: Edit posts restrictions module:
    – It was not possible to use revisions with ‘Allow’ model.
    – Edit restrictions were not applied to a user without ‘edit_posts’ or ‘edit_pages’ capability.
    – WooCommerce orders are filtered correctly if you restricted a user by authors(product owners) ID.
    It’s possible to switch off this extension via filter ‘ure_edit_posts_access_add_orders_by_product_owner’. It should return false for that.
    – Quant by views was shown wrong for some custom post types, e.g. WooCommerce Orders.
    – bulk update from posts list wrote to the user profile wrong data;
  • Fix: Admin menu access module:
    – ‘user-edit.php’ link was blocked by error with ‘block not selected’ model, which did not allow to edit a selected user.
    – access was allowed by error via direct URL to some menu items blocked with “block not selected” model.
    – Jetpack menu was not blocked. Admin menu copy creation is linked to the action with priority 999, to be executed after Jetpack,
    which uses priority 998 for some reason.
    – ‘UpdraftPlus’ topbar admin menu was not removed when ‘Settings->UpdraftPlus Backup’ menu item was blocked.
  • Fix: Content view restrictions module:
    – Prohibited posts titles/URLs were shown as ‘Previous’ or ‘Next’ links at the single post page.
  • Update: Edit posts restrictions module: bulk update is available for all custom post types, not for the posts and pages only as it was earlier.
  • Update: Admin menu access module:
    – Enhanced technique of blocking links: order and quant of URL parameters does not matter.
    – Admin menu copy is refreshed automatically after any plugin activation for synchronization with possible menu changes.
    – When menu item is not allowed, it’s replaced by the 1st allowed item from a child submenu or removed.
    – Multisite “My Sites” top bar admin menu does not show ‘Dashboard’ menu item for site if it’s blocked for that site.
    – Some plugins/themes produces Menu/Submenu glitches ((Ultimate, Avada) for users with changed permissions. Such menu inconsistencies are fixed automatically.
  • Update: Enhanced inner processing of custom post types list
  • Update: Uses 15 seconds transient cache in order to not count users without role twice when ‘restrict_manage_users’ action fires.
  • Update: URE fires action ‘profile_update’ after direct update of user permissions in order other plugins may catch such change.
  • Update: All URE’s PHP classes files were renamed and moved to the includes/classes subdirectory. Pro version part was moved under the “pro” directory.

[4.24.6] 15.04.2016

Core version: 4.25.1

  • Fix: Selected role’s capabilities list was returned back to old after click “Update” button. It was showed correctly according to the recent updates just after additional page refresh.
  • Update: deprecated function get_current_user_info() call was replaced with wp_get_current_user().

[4.24.5] 02.04.2016

Core version: 4.25

  • Important security update: Any registered user could get an administrator access. Thanks to John Muncaster for discovering and wisely reporting this vulnerability.
  • URE pages title tag was replaced from h2 to h1, for compatibility with other WordPress pages.

[4.24.4] 01.04.2016

Core version: 4.24.1

  • Fix: Content view restrictions module: Access error message was not shown with setting to show it. Post or page was excluded from the list of available content instead.
  • Fix: Admin menu access module:
    – ‘user-edit.php’ link was blocked by error with ‘block not selected’ model, which did not allow to edit a selected user.
    – admin menu copy is linked to the action with priority 1000 now, to be executed after Jetpack, which uses priority 998 for some reason.

[4.24.3] 23.03.2016

Core version: 4.24.1

  • Fix: PHP Notice: Undefined index: … in wp-contentpluginsuser-role-editor-proincludesproclassesadmin-menu-access.php on line 69
    Warning: Invalid argument supplied for foreach() in wp-content/plugins/user-role-editor-pro/includes/pro/classes/admin-menu-access.php on line 86
  • Update: Admin menu access module – conditions were optimized when backend admin menu copy is created.