public function displaySettingsPage()
{
$this->menuEditor->display_settings_page_header();
if (!$this->outputMainTemplate()) {
printf("[ %1\$s : Module \"%2\$s\" doesn't have a primary template. ]", __METHOD__, $this->moduleId);
}
$this->menuEditor->display_settings_page_footer();
}
public function ajaxSetVisibleUsers()
{
if (!check_ajax_referer(self::ajaxUpdateAction, false, false)) {
die(__("Access denied. Invalid nonce.", 'admin-menu-editor'));
}
if (!$this->menuEditor->current_user_can_edit_menu()) {
die(__("You don't have permission to use Admin Menu Editor Pro.", 'admin-menu-editor'));
}
$post = $this->menuEditor->get_post_params();
$visibleUsers = json_decode(strval($post['visible_users']));
$visibleUsers = array_unique(array_map('strval', $visibleUsers));
$this->menuEditor->set_plugin_option('visible_users', $visibleUsers);
die('OK');
}
public function ajax_search_users()
{
global $wpdb;
/** @var wpdb $wpdb */
global $wp_roles;
if (!$this->wp_menu_editor->current_user_can_edit_menu()) {
die($this->wp_menu_editor->json_encode(array('error' => __("You don't have permission to use Admin Menu Editor Pro.", 'admin-menu-editor'))));
}
if (!check_ajax_referer('search_users', false, false)) {
die($this->wp_menu_editor->json_encode(array('error' => __("Access denied. Invalid nonce.", 'admin-menu-editor'))));
}
$query = strval($_GET['query']);
$limit = intval($_GET['limit']);
if ($limit > 50) {
$limit = 50;
}
$capability_key = $wpdb->prefix . 'capabilities';
$sql = "SELECT ID, user_login, display_name, meta_value as capabilities\n\t\t\t FROM {$wpdb->users} LEFT JOIN {$wpdb->usermeta}\n\t\t\t ON ({$wpdb->users}.ID = {$wpdb->usermeta}.user_id AND {$wpdb->usermeta}.meta_key = \"{$capability_key}\") ";
if (!empty($query)) {
$like = '%' . $wpdb->esc_like($query) . '%';
$sql .= $wpdb->prepare(' WHERE (user_login LIKE %s) OR (display_name LIKE %s) ', $like, $like);
}
$sql .= ' LIMIT ' . ($limit + 1);
//Ask for +1 result so that we know if there are additional results.
$users = $wpdb->get_results($sql, ARRAY_A);
$is_multisite = is_multisite();
if (!isset($wp_roles)) {
$wp_roles = new WP_Roles();
}
$results = array();
foreach ($users as $user) {
//Capabilities (when present) are stored as serialized PHP arrays.
if (!empty($user['capabilities'])) {
$capabilities = unserialize($user['capabilities']);
} else {
$capabilities = array();
}
//Get roles from capabilities.
$roles = array_filter(array_keys($capabilities), array($wp_roles, 'is_role'));
$results[] = array('id' => $user['ID'], 'user_login' => $user['user_login'], 'capabilities' => $capabilities, 'roles' => $roles, 'is_super_admin' => $is_multisite && is_super_admin($user['ID']), 'display_name' => $user['display_name']);
}
$more_results_available = false;
if (count($results) > $limit) {
$more_results_available = true;
array_pop($results);
}
$response = array('users' => $results, 'moreResultsAvailable' => $more_results_available);
die($this->wp_menu_editor->json_encode($response));
}
/**
* Output menu color CSS for the current custom menu.
*/
public function ajax_output_menu_color_css()
{
$custom_menu = $this->wp_menu_editor->load_custom_menu();
if (empty($custom_menu) || empty($custom_menu['color_css'])) {
return;
}
header('Content-Type: text/css');
header('X-Content-Type-Options: nosniff');
//No really IE, it's CSS. Honest.
//Enable browser caching.
header('Cache-Control: public');
header('Expires: Thu, 31 Dec ' . date('Y', strtotime('+1 year')) . ' 23:59:59 GMT');
header('Pragma: cache');
echo $custom_menu['color_css'];
exit;
}
public function displayUsageNotice()
{
if (!$this->menuEditor->is_tab_open(self::TAB_SLUG)) {
return;
}
//If the user has already made some changes, they probably don't need to see this notice any more.
$settings = $this->getSettings();
if (!empty($settings['plugins'])) {
return;
}
//The notice is dismissible.
if (get_site_option(self::HIDE_USAGE_NOTICE_FLAG, false)) {
return;
}
echo '<div class="notice notice-info is-dismissible" id="ame-pv-usage-notice">
<p>
<strong>Tip:</strong> This screen lets you hide plugins from other users.
These settings only affect the "Plugins" page, not the admin menu or the dashboard.
</p>
</div>';
}
function init()
{
$this->sitewide_options = true;
//Set some plugin-specific options
if (empty($this->option_name)) {
$this->option_name = 'ws_menu_editor';
}
$this->defaults = array('hide_advanced_settings' => true, 'show_extra_icons' => false, 'custom_menu' => null, 'first_install_time' => null, 'display_survey_notice' => true, 'plugin_db_version' => 0, 'security_logging_enabled' => false, 'menu_config_scope' => $this->is_super_plugin() || !is_multisite() ? 'global' : 'site', 'plugin_access' => $this->is_super_plugin() ? 'super_admin' : 'manage_options', 'allowed_user_id' => null, 'plugins_page_allowed_user_id' => null, 'show_deprecated_hide_button' => true, 'dashboard_hiding_confirmation_enabled' => true, 'submenu_icons_enabled' => 'if_custom', 'ui_colour_scheme' => 'classic', 'visible_users' => array(), 'show_plugin_menu_notice' => true, 'unused_item_position' => 'relative', 'error_verbosity' => self::VERBOSITY_NORMAL);
$this->serialize_with_json = false;
//(Don't) store the options in JSON format
//WP 4.3+ uses H1 headings for admin pages. Older versions use H2 instead.
self::$admin_heading_tag = version_compare($GLOBALS['wp_version'], '4.3', '<') ? 'h2' : 'h1';
$this->settings_link = 'options-general.php?page=menu_editor';
$this->magic_hooks = true;
//Run our hooks last (almost). Priority is less than PHP_INT_MAX mostly for defensive programming purposes.
//Old PHP versions have known bugs related to large array keys, and WP might have undiscovered edge cases.
$this->magic_hook_priority = PHP_INT_MAX - 10;
/*
* Menu blacklist. Any menu items that *exactly* match one of the URLs on this list will be ignored.
* They won't show up in the editor or the admin menu, but they will remain accessible (caps permitting).
*
* This is a workaround for plugins that add a menu item and then remove it. Most plugins do this
* to create "Welcome" or "What's New" pages that are accessible but don't appear in the admin menu.
*
* We can't automatically detect menus like that. Here's why:
* 1) Most plugins remove them too late, e.g. in admin_head. By that point, output has already started.
* We need the finalize the list of menu items and their permissions before that.
* 2) It's hard to automatically determine *why* a menu item was removed. We can't distinguish between
* cosmetic changes like the hidden "welcome" items and people removing menus to deny access.
*/
$this->menu_url_blacklist = array('index.php?page=wprss-welcome' => true, 'index.php?page=affwp-getting-started' => true, 'index.php?page=affwp-what-is-new' => true, 'index.php?page=affwp-credits' => true, 'index.php?page=bp-about' => true, 'index.php?page=bp-credits' => true, 'index.php?page=dwqa-about' => true, 'index.php?page=dwqa-changelog' => true, 'index.php?page=dwqa-credits' => true, 'index.php?page=nf-about' => true, 'index.php?page=nf-changelog' => true, 'index.php?page=nf-getting-started' => true, 'index.php?page=nf-credits' => true);
//AJAXify screen options
add_action('wp_ajax_ws_ame_save_screen_options', array($this, 'ajax_save_screen_options'));
//AJAXify hints and warnings
add_action('wp_ajax_ws_ame_hide_hint', array($this, 'ajax_hide_hint'));
add_action('wp_ajax_ws_ame_disable_dashboard_hiding_confirmation', array($this, 'ajax_disable_dashboard_hiding_confirmation'));
//Retrieve a list of pages via AJAX.
add_action('wp_ajax_ws_ame_get_pages', array($this, 'ajax_get_pages'));
//Get details about a specific page via AJAX.
add_action('wp_ajax_ws_ame_get_page_details', array($this, 'ajax_get_page_details'));
//Make sure we have access to the original, un-mangled request data.
//This is necessary because WordPress will stupidly apply "magic quotes"
//to the request vars even if this PHP misfeature is disabled.
$this->capture_request_vars();
add_action('admin_enqueue_scripts', array($this, 'enqueue_menu_fix_script'));
//Enqueue miscellaneous helper scripts and styles.
add_action('admin_enqueue_scripts', array($this, 'enqueue_helper_scripts'));
add_action('admin_print_styles', array($this, 'enqueue_helper_styles'));
//Make sure our scripts load before other plugins' scripts.
add_action('admin_print_scripts', array($this, 'move_editor_scripts_to_top'));
//User survey
add_action('admin_notices', array($this, 'display_survey_notice'));
//Tell first-time users where they can find the plugin settings page.
add_action('all_admin_notices', array($this, 'display_plugin_menu_notice'));
//Workaround for buggy plugins that unintentionally remove user roles.
/** @see WPMenuEditor::get_user_roles */
add_action('set_current_user', array($this, 'update_current_user_cache'), 1, 0);
//Run before most plugins.
add_action('updated_user_meta', array($this, 'clear_user_role_cache'), 10, 2);
add_action('deleted_user_meta', array($this, 'clear_user_role_cache'), 10, 2);
//There's also a "set_user_role" hook, but it's only called by WP_User::set_role and not WP_User::add_role.
//It's also redundant - WP_User::set_role updates user meta, so the above hooks already cover it.
//Multisite: Clear role and capability caches when switching to another site.
add_action('switch_blog', array($this, 'clear_site_specific_caches'), 10, 0);
//Utility actions. Modules can use them in their templates.
add_action('admin_menu_editor-display_tabs', array($this, 'display_editor_tabs'));
add_action('admin_menu_editor-display_header', array($this, 'display_settings_page_header'));
add_action('admin_menu_editor-display_footer', array($this, 'display_settings_page_footer'));
//Modules
include dirname(__FILE__) . '/../modules/actor-selector/actor-selector.php';
new ameActorSelector($this);
include dirname(__FILE__) . '/../modules/plugin-visibility/plugin-visibility.php';
new amePluginVisibility($this);
$proModuleDirectory = AME_ROOT_DIR . '/extras/modules';
if (@is_dir($proModuleDirectory)) {
//The widget module requires PHP 5.3.
if (version_compare(phpversion(), '5.3', '>=') && is_file($proModuleDirectory . '/dashboard-widget-editor/load.php')) {
require_once $proModuleDirectory . '/dashboard-widget-editor/load.php';
new ameWidgetEditor($this);
}
if (is_file($proModuleDirectory . '/super-users/super-users.php')) {
require $proModuleDirectory . '/super-users/super-users.php';
new ameSuperUsers($this);
}
}
//Set up the tabs for the menu editor page.
$this->tabs = apply_filters('admin_menu_editor-tabs', array('editor' => 'Admin Menu'));
//The "Settings" tab is always last.
$this->tabs['settings'] = 'Settings';
}