array(), ); } public function sanitize( array $data ): array { $roles_raw = isset( $data['roles'] ) && is_array( $data['roles'] ) ? $data['roles'] : array(); $roles = array(); foreach ( $roles_raw as $role_slug => $role_payload ) { $role_slug = sanitize_key( (string) $role_slug ); if ( '' === $role_slug ) { continue; } $hide_raw = array(); if ( is_array( $role_payload ) && isset( $role_payload['hide'] ) && is_array( $role_payload['hide'] ) ) { $hide_raw = $role_payload['hide']; } $hide = array(); foreach ( $hide_raw as $menu_slug ) { $menu_slug = trim( (string) $menu_slug ); if ( '' === $menu_slug ) { continue; } // Cap length and strip control chars; slugs can contain ?, =, & for query-style submenus. $menu_slug = preg_replace( '/[\x00-\x1f\x7f]/', '', $menu_slug ); $menu_slug = substr( $menu_slug, 0, 200 ); $hide[] = $menu_slug; } $roles[ $role_slug ] = array( 'hide' => array_values( array_unique( $hide ) ) ); } return array( 'roles' => $roles ); } public function register(): void { add_action( 'admin_menu', array( $this, 'apply_hides' ), 999 ); } public function apply_hides(): void { if ( defined( self::RECOVERY_CONSTANT ) && constant( self::RECOVERY_CONSTANT ) ) { return; } $user = wp_get_current_user(); if ( ! ( $user instanceof WP_User ) || 0 === (int) $user->ID ) { return; } $roles_settings = bw_dev()->settings()->get( $this->slug(), 'roles', array() ); if ( ! is_array( $roles_settings ) || empty( $roles_settings ) ) { return; } $to_hide = array(); foreach ( (array) $user->roles as $role ) { if ( ! isset( $roles_settings[ $role ] ) ) { continue; } $hide = isset( $roles_settings[ $role ]['hide'] ) && is_array( $roles_settings[ $role ]['hide'] ) ? $roles_settings[ $role ]['hide'] : array(); $to_hide = array_merge( $to_hide, $hide ); } foreach ( array_unique( $to_hide ) as $menu_slug ) { remove_menu_page( (string) $menu_slug ); } } /** * Return the list of top-level menu items currently registered for the * admin viewing the settings page. Each entry is [ slug => label ]. Skips * separators (entries whose slug is empty or whose title is "Separator"). */ private function enumerate_menu_items(): array { global $menu; $items = array(); if ( ! is_array( $menu ) ) { return $items; } foreach ( $menu as $item ) { if ( ! is_array( $item ) || count( $item ) < 3 ) { continue; } $title = isset( $item[0] ) ? (string) $item[0] : ''; $slug = isset( $item[2] ) ? (string) $item[2] : ''; if ( '' === $slug ) { continue; } if ( 0 === strpos( $slug, 'separator' ) ) { continue; } // Strip update / pending counts that WP appends to admin titles. $clean_title = trim( preg_replace( '/<.*$/s', '', wp_strip_all_tags( $title ) ) ); if ( '' === $clean_title ) { $clean_title = $slug; } $items[ $slug ] = $clean_title; } return $items; } public function render_tab(): void { $settings = bw_dev()->settings()->get( $this->slug(), 'roles', array() ); if ( ! is_array( $settings ) ) { $settings = array(); } $menu_items = $this->enumerate_menu_items(); $roles = wp_roles()->roles; $is_bypassed = defined( self::RECOVERY_CONSTANT ) && constant( self::RECOVERY_CONSTANT ); $base = BW_Dev_Settings::OPTION . '[' . $this->slug() . '][roles]'; ?>

' . esc_html( self::RECOVERY_CONSTANT ) . '' ); ?>

$role_data ) : ?>
$menu_label ) : ?>

options-general.php' ); ?> 

define( '', true );