WordPress.org
Get WordPress

Plugin Directory

Changeset 3100024


Ignore:
Timestamp:
06/09/2024 12:25:48 PM (18 months ago)
Author:
iqbalrony
Message:

Releasing version 1.1.0

Location:
wp-user-switch
Files:
21 added
5 edited

Legend:

Unmodified
Added
Removed

  • wp-user-switch/trunk/assets/css/main.css

    r2237142 r3100024  
    11/*Front End*/
     2html.elementor-html .wpus_front_list {
     3    display: none;
     4}
     5
    26.wpus_front_list {
    37    position: fixed;

  • wp-user-switch/trunk/inc/functions.php

    r3049510 r3100024  
    7979                  continue;
    8080              }
     81
     82              $user_caps_count = wpus_user_caps_count( $user->data->ID );
     83              if ( ! wpus_check_caps_level( $user_caps_count ) ) {
     84                  // checking user capabilities. user only able to switch account to a same or lower permission role
     85                  continue;
     86              }
     87
    8188              $switch_url = admin_url( 'admin.php?page=' ) .
    8289                  WP_USERSWITCH_MENU_PAGE_SLUG .
     
    129136    return false;
    130137}
     138
     139function wpus_user_caps_count( $user_id ) {
     140    // $user = get_user_by( 'login', $user_id );
     141    $user = get_user_by( 'id', $user_id );
     142    $user_cap_count = count( (array) $user->allcaps );
     143    return $user_cap_count;
     144}
     145
     146function wpus_check_caps_level( $user_caps_count ) {
     147    $switched_user = wpus_get_switched_user();
     148    $switched_user_cap_count = count( (array) $switched_user->allcaps );
     149
     150    return ( $user_caps_count <= $switched_user_cap_count );
     151}

  • wp-user-switch/trunk/inc/user-switch.php

    r3049510 r3100024  
    109109        foreach ( get_users() as $user ) {
    110110            if ( wpus_is_switcher_admin() !== true && array_key_exists( 'manage_options', $user->allcaps ) == true ) {
     111                continue;
     112            }
     113
     114            $user_caps_count = wpus_user_caps_count( $user->data->ID );
     115            if ( ! wpus_check_caps_level( $user_caps_count ) ) {
     116                // checking user capabilities. user only able to switch account to a same or lower permission role
    111117                continue;
    112118            }
     
    146152                if ( ! wp_verify_nonce( $_REQUEST['wpus_nonce'], 'wp_user_switch_req' ) ) return;
    147153
     154                $user_caps_count = wpus_user_caps_count( $_REQUEST['wpus_userid'] );
     155                $allow_to_switch = wpus_check_caps_level( $user_caps_count );
     156
    148157                $username = sanitize_user( $_REQUEST['wpus_username'] );
    149                 $userid = esc_html( $_REQUEST['wpus_userid'] );
     158                $requested_userid = esc_html( $_REQUEST['wpus_userid'] );
     159
    150160                wp_clear_auth_cookie();
     161
    151162                $user = get_user_by( 'login', $username );
    152                 $user_id = esc_html( $user->ID );
    153                 if ( $userid != $user_id ) return;
    154 
    155                 wp_set_current_user( $user_id, $username );
    156                 wp_set_auth_cookie( $user_id );
     163                $database_user_id = esc_html( $user->ID );
     164
     165                if ( $requested_userid != $database_user_id ) return;
     166                if ( ! $allow_to_switch ) return;
     167
     168                wp_set_current_user( $database_user_id, $username );
     169                wp_set_auth_cookie( $database_user_id );
    157170                $redirect_loc = admin_url( 'admin.php?page=' ) . WP_USERSWITCH_MENU_PAGE_SLUG;
    158                 if ( $_REQUEST['redirect'] ) {
     171                if ( isset( $_REQUEST['redirect'] ) && $_REQUEST['redirect'] ) {
    159172                    $redirect_loc = ( isset( $_SERVER['HTTPS'] ) && $_SERVER['HTTPS'] === 'on' ? "https" : "http" ) . '://' . $_SERVER['HTTP_HOST'] . $_REQUEST['redirect'];
    160173                }
    161174
    162                 wp_redirect( $redirect_loc );
     175                wp_safe_redirect( $redirect_loc );
    163176                exit();
    164177            }

  • wp-user-switch/trunk/readme.txt

    r3049513 r3100024  
    22Plugin Name: WP User Switch
    33Contributors: iqbalrony
    4 Version: 1.0.5
     4Version: 1.1.0
    55License: GPLv2 or later
    66License URI: https://www.gnu.org/licenses/gpl-2.0.html
    77Requires PHP: 5.6
    88Requires at least: 4.5
    9 Tested up to: 6.2
    10 Stable tag: 1.0.5
     9Tested up to: 6.5
     10Stable tag: 1.1.0
    1111Tags: WP User Switch, User Switch, User Switching, Switch User, Switching Account
    1212
     
    7373== Changelog ==
    7474
     75= 1.1.0
     76
     77- Update: Security improvement for user switch.
     78
    7579= 1.0.5
    7680

  • wp-user-switch/trunk/wp-user-switch.php

    r3049510 r3100024  
    55 * Author: IqbalRony
    66 * Author URI: http://www.iqbalrony.com
    7  * Version: 1.0.5
     7 * Version: 1.1.0
    88 * License: GPLv2 or later
    99 * License URI: https://www.gnu.org/licenses/gpl-2.0.html
     
    1919 */
    2020if (!defined('WP_USERSWITCH_VERSION')) {
    21     define('WP_USERSWITCH_VERSION', '1.0.5');
     21    define('WP_USERSWITCH_VERSION', '1.1.0');
    2222}
    2323/**
Note: See TracChangeset for help on using the changeset viewer.