示例#1
0
 public function displaySettingsPage()
 {
     $this->menuEditor->display_settings_page_header();
     if (!$this->outputMainTemplate()) {
         printf("[ %1\$s : Module \"%2\$s\" doesn't have a primary template. ]", __METHOD__, $this->moduleId);
     }
     $this->menuEditor->display_settings_page_footer();
 }
 public function ajaxSetVisibleUsers()
 {
     if (!check_ajax_referer(self::ajaxUpdateAction, false, false)) {
         die(__("Access denied. Invalid nonce.", 'admin-menu-editor'));
     }
     if (!$this->menuEditor->current_user_can_edit_menu()) {
         die(__("You don't have permission to use Admin Menu Editor Pro.", 'admin-menu-editor'));
     }
     $post = $this->menuEditor->get_post_params();
     $visibleUsers = json_decode(strval($post['visible_users']));
     $visibleUsers = array_unique(array_map('strval', $visibleUsers));
     $this->menuEditor->set_plugin_option('visible_users', $visibleUsers);
     die('OK');
 }
 public function ajax_search_users()
 {
     global $wpdb;
     /** @var wpdb $wpdb */
     global $wp_roles;
     if (!$this->wp_menu_editor->current_user_can_edit_menu()) {
         die($this->wp_menu_editor->json_encode(array('error' => __("You don't have permission to use Admin Menu Editor Pro.", 'admin-menu-editor'))));
     }
     if (!check_ajax_referer('search_users', false, false)) {
         die($this->wp_menu_editor->json_encode(array('error' => __("Access denied. Invalid nonce.", 'admin-menu-editor'))));
     }
     $query = strval($_GET['query']);
     $limit = intval($_GET['limit']);
     if ($limit > 50) {
         $limit = 50;
     }
     $capability_key = $wpdb->prefix . 'capabilities';
     $sql = "SELECT ID, user_login, display_name, meta_value as capabilities\n\t\t\t FROM {$wpdb->users} LEFT JOIN {$wpdb->usermeta}\n\t\t\t ON ({$wpdb->users}.ID = {$wpdb->usermeta}.user_id AND {$wpdb->usermeta}.meta_key = \"{$capability_key}\") ";
     if (!empty($query)) {
         $like = '%' . $wpdb->esc_like($query) . '%';
         $sql .= $wpdb->prepare(' WHERE (user_login LIKE %s) OR (display_name LIKE %s) ', $like, $like);
     }
     $sql .= ' LIMIT ' . ($limit + 1);
     //Ask for +1 result so that we know if there are additional results.
     $users = $wpdb->get_results($sql, ARRAY_A);
     $is_multisite = is_multisite();
     if (!isset($wp_roles)) {
         $wp_roles = new WP_Roles();
     }
     $results = array();
     foreach ($users as $user) {
         //Capabilities (when present) are stored as serialized PHP arrays.
         if (!empty($user['capabilities'])) {
             $capabilities = unserialize($user['capabilities']);
         } else {
             $capabilities = array();
         }
         //Get roles from capabilities.
         $roles = array_filter(array_keys($capabilities), array($wp_roles, 'is_role'));
         $results[] = array('id' => $user['ID'], 'user_login' => $user['user_login'], 'capabilities' => $capabilities, 'roles' => $roles, 'is_super_admin' => $is_multisite && is_super_admin($user['ID']), 'display_name' => $user['display_name']);
     }
     $more_results_available = false;
     if (count($results) > $limit) {
         $more_results_available = true;
         array_pop($results);
     }
     $response = array('users' => $results, 'moreResultsAvailable' => $more_results_available);
     die($this->wp_menu_editor->json_encode($response));
 }
示例#4
0
 /**
  * Output menu color CSS for the current custom menu.
  */
 public function ajax_output_menu_color_css()
 {
     $custom_menu = $this->wp_menu_editor->load_custom_menu();
     if (empty($custom_menu) || empty($custom_menu['color_css'])) {
         return;
     }
     header('Content-Type: text/css');
     header('X-Content-Type-Options: nosniff');
     //No really IE, it's CSS. Honest.
     //Enable browser caching.
     header('Cache-Control: public');
     header('Expires: Thu, 31 Dec ' . date('Y', strtotime('+1 year')) . ' 23:59:59 GMT');
     header('Pragma: cache');
     echo $custom_menu['color_css'];
     exit;
 }
    public function displayUsageNotice()
    {
        if (!$this->menuEditor->is_tab_open(self::TAB_SLUG)) {
            return;
        }
        //If the user has already made some changes, they probably don't need to see this notice any more.
        $settings = $this->getSettings();
        if (!empty($settings['plugins'])) {
            return;
        }
        //The notice is dismissible.
        if (get_site_option(self::HIDE_USAGE_NOTICE_FLAG, false)) {
            return;
        }
        echo '<div class="notice notice-info is-dismissible" id="ame-pv-usage-notice">
				<p>
					<strong>Tip:</strong> This screen lets you hide plugins from other users. 
					These settings only affect the "Plugins" page, not the admin menu or the dashboard.
				</p>
			 </div>';
    }
 function init()
 {
     $this->sitewide_options = true;
     //Set some plugin-specific options
     if (empty($this->option_name)) {
         $this->option_name = 'ws_menu_editor';
     }
     $this->defaults = array('hide_advanced_settings' => true, 'show_extra_icons' => false, 'custom_menu' => null, 'first_install_time' => null, 'display_survey_notice' => true, 'plugin_db_version' => 0, 'security_logging_enabled' => false, 'menu_config_scope' => $this->is_super_plugin() || !is_multisite() ? 'global' : 'site', 'plugin_access' => $this->is_super_plugin() ? 'super_admin' : 'manage_options', 'allowed_user_id' => null, 'plugins_page_allowed_user_id' => null, 'show_deprecated_hide_button' => true, 'dashboard_hiding_confirmation_enabled' => true, 'submenu_icons_enabled' => 'if_custom', 'ui_colour_scheme' => 'classic', 'visible_users' => array(), 'show_plugin_menu_notice' => true, 'unused_item_position' => 'relative', 'error_verbosity' => self::VERBOSITY_NORMAL);
     $this->serialize_with_json = false;
     //(Don't) store the options in JSON format
     //WP 4.3+ uses H1 headings for admin pages. Older versions use H2 instead.
     self::$admin_heading_tag = version_compare($GLOBALS['wp_version'], '4.3', '<') ? 'h2' : 'h1';
     $this->settings_link = 'options-general.php?page=menu_editor';
     $this->magic_hooks = true;
     //Run our hooks last (almost). Priority is less than PHP_INT_MAX mostly for defensive programming purposes.
     //Old PHP versions have known bugs related to large array keys, and WP might have undiscovered edge cases.
     $this->magic_hook_priority = PHP_INT_MAX - 10;
     /*
      * Menu blacklist. Any menu items that *exactly* match one of the URLs on this list will be ignored.
      * They won't show up in the editor or the admin menu, but they will remain accessible (caps permitting).
      *
      * This is a workaround for plugins that add a menu item and then remove it. Most plugins do this
      * to create "Welcome" or "What's New" pages that are accessible but don't appear in the admin menu.
      *
      * We can't automatically detect menus like that. Here's why:
      * 1) Most plugins remove them too late, e.g. in admin_head. By that point, output has already started.
      *    We need the finalize the list of menu items and their permissions before that.
      * 2) It's hard to automatically determine *why* a menu item was removed. We can't distinguish between
      *    cosmetic changes like the hidden "welcome" items and people removing menus to deny access.
      */
     $this->menu_url_blacklist = array('index.php?page=wprss-welcome' => true, 'index.php?page=affwp-getting-started' => true, 'index.php?page=affwp-what-is-new' => true, 'index.php?page=affwp-credits' => true, 'index.php?page=bp-about' => true, 'index.php?page=bp-credits' => true, 'index.php?page=dwqa-about' => true, 'index.php?page=dwqa-changelog' => true, 'index.php?page=dwqa-credits' => true, 'index.php?page=nf-about' => true, 'index.php?page=nf-changelog' => true, 'index.php?page=nf-getting-started' => true, 'index.php?page=nf-credits' => true);
     //AJAXify screen options
     add_action('wp_ajax_ws_ame_save_screen_options', array($this, 'ajax_save_screen_options'));
     //AJAXify hints and warnings
     add_action('wp_ajax_ws_ame_hide_hint', array($this, 'ajax_hide_hint'));
     add_action('wp_ajax_ws_ame_disable_dashboard_hiding_confirmation', array($this, 'ajax_disable_dashboard_hiding_confirmation'));
     //Retrieve a list of pages via AJAX.
     add_action('wp_ajax_ws_ame_get_pages', array($this, 'ajax_get_pages'));
     //Get details about a specific page via AJAX.
     add_action('wp_ajax_ws_ame_get_page_details', array($this, 'ajax_get_page_details'));
     //Make sure we have access to the original, un-mangled request data.
     //This is necessary because WordPress will stupidly apply "magic quotes"
     //to the request vars even if this PHP misfeature is disabled.
     $this->capture_request_vars();
     add_action('admin_enqueue_scripts', array($this, 'enqueue_menu_fix_script'));
     //Enqueue miscellaneous helper scripts and styles.
     add_action('admin_enqueue_scripts', array($this, 'enqueue_helper_scripts'));
     add_action('admin_print_styles', array($this, 'enqueue_helper_styles'));
     //Make sure our scripts load before other plugins' scripts.
     add_action('admin_print_scripts', array($this, 'move_editor_scripts_to_top'));
     //User survey
     add_action('admin_notices', array($this, 'display_survey_notice'));
     //Tell first-time users where they can find the plugin settings page.
     add_action('all_admin_notices', array($this, 'display_plugin_menu_notice'));
     //Workaround for buggy plugins that unintentionally remove user roles.
     /** @see WPMenuEditor::get_user_roles */
     add_action('set_current_user', array($this, 'update_current_user_cache'), 1, 0);
     //Run before most plugins.
     add_action('updated_user_meta', array($this, 'clear_user_role_cache'), 10, 2);
     add_action('deleted_user_meta', array($this, 'clear_user_role_cache'), 10, 2);
     //There's also a "set_user_role" hook, but it's only called by WP_User::set_role and not WP_User::add_role.
     //It's also redundant - WP_User::set_role updates user meta, so the above hooks already cover it.
     //Multisite: Clear role and capability caches when switching to another site.
     add_action('switch_blog', array($this, 'clear_site_specific_caches'), 10, 0);
     //Utility actions. Modules can use them in their templates.
     add_action('admin_menu_editor-display_tabs', array($this, 'display_editor_tabs'));
     add_action('admin_menu_editor-display_header', array($this, 'display_settings_page_header'));
     add_action('admin_menu_editor-display_footer', array($this, 'display_settings_page_footer'));
     //Modules
     include dirname(__FILE__) . '/../modules/actor-selector/actor-selector.php';
     new ameActorSelector($this);
     include dirname(__FILE__) . '/../modules/plugin-visibility/plugin-visibility.php';
     new amePluginVisibility($this);
     $proModuleDirectory = AME_ROOT_DIR . '/extras/modules';
     if (@is_dir($proModuleDirectory)) {
         //The widget module requires PHP 5.3.
         if (version_compare(phpversion(), '5.3', '>=') && is_file($proModuleDirectory . '/dashboard-widget-editor/load.php')) {
             require_once $proModuleDirectory . '/dashboard-widget-editor/load.php';
             new ameWidgetEditor($this);
         }
         if (is_file($proModuleDirectory . '/super-users/super-users.php')) {
             require $proModuleDirectory . '/super-users/super-users.php';
             new ameSuperUsers($this);
         }
     }
     //Set up the tabs for the menu editor page.
     $this->tabs = apply_filters('admin_menu_editor-tabs', array('editor' => 'Admin Menu'));
     //The "Settings" tab is always last.
     $this->tabs['settings'] = 'Settings';
 }