mirror of
https://github.com/10h30/ultimatemember.git
synced 2026-07-16 13:13:33 +09:00
- intermediate results with sanitizing form handlers;
This commit is contained in:
@@ -781,7 +781,19 @@ if ( ! class_exists( 'um\admin\core\Admin_Builder' ) ) {
|
||||
*/
|
||||
extract( $_POST );
|
||||
|
||||
switch ( $act_id ) {
|
||||
if ( isset( $arg1 ) ) {
|
||||
$arg1 = sanitize_text_field( $arg1 );
|
||||
}
|
||||
|
||||
if ( isset( $arg2 ) ) {
|
||||
$arg2 = sanitize_text_field( $arg2 );
|
||||
}
|
||||
|
||||
if ( isset( $arg3 ) ) {
|
||||
$arg3 = sanitize_text_field( $arg3 );
|
||||
}
|
||||
|
||||
switch ( sanitize_key( $act_id ) ) {
|
||||
|
||||
default:
|
||||
|
||||
@@ -806,7 +818,7 @@ if ( ! class_exists( 'um\admin\core\Admin_Builder' ) ) {
|
||||
* }
|
||||
* ?>
|
||||
*/
|
||||
do_action( 'um_admin_ajax_modal_content__hook', $act_id );
|
||||
do_action( 'um_admin_ajax_modal_content__hook', sanitize_key( $act_id ) );
|
||||
/**
|
||||
* UM hook
|
||||
*
|
||||
@@ -824,7 +836,7 @@ if ( ! class_exists( 'um\admin\core\Admin_Builder' ) ) {
|
||||
* }
|
||||
* ?>
|
||||
*/
|
||||
do_action( "um_admin_ajax_modal_content__hook_{$act_id}" );
|
||||
do_action( "um_admin_ajax_modal_content__hook_" . sanitize_key( $act_id ) );
|
||||
|
||||
$output = ob_get_clean();
|
||||
break;
|
||||
@@ -1208,4 +1220,4 @@ if ( ! class_exists( 'um\admin\core\Admin_Builder' ) ) {
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -26,7 +26,7 @@ if ( ! class_exists( 'um\admin\core\Admin_DragDrop' ) ) {
|
||||
/**
|
||||
* Update order of fields
|
||||
*/
|
||||
function update_order() {
|
||||
public function update_order() {
|
||||
UM()->admin()->check_ajax_nonce();
|
||||
|
||||
if ( ! is_user_logged_in() || ! current_user_can( 'manage_options' ) ) {
|
||||
@@ -38,14 +38,18 @@ if ( ! class_exists( 'um\admin\core\Admin_DragDrop' ) ) {
|
||||
*/
|
||||
extract( $_POST );
|
||||
|
||||
if ( isset( $form_id ) ) {
|
||||
$form_id = absint( $form_id );
|
||||
}
|
||||
|
||||
$fields = UM()->query()->get_attr( 'custom_fields', $form_id );
|
||||
|
||||
$this->row_data = get_option( 'um_form_rowdata_' . $form_id, array() );
|
||||
$this->row_data = get_option( 'um_form_rowdata_' . $form_id, array() );
|
||||
$this->exist_rows = array();
|
||||
|
||||
if ( ! empty( $fields ) ) {
|
||||
foreach ( $fields as $key => $array ) {
|
||||
if ( $array['type'] == 'row' ) {
|
||||
if ( 'row' === $array['type'] ) {
|
||||
$this->row_data[ $key ] = $array;
|
||||
unset( $fields[ $key ] );
|
||||
}
|
||||
@@ -56,6 +60,8 @@ if ( ! class_exists( 'um\admin\core\Admin_DragDrop' ) ) {
|
||||
|
||||
foreach ( $_POST as $key => $value ) {
|
||||
|
||||
$key = sanitize_key( $key );
|
||||
|
||||
// adding rows
|
||||
if ( 0 === strpos( $key, '_um_row_' ) ) {
|
||||
|
||||
@@ -64,18 +70,18 @@ if ( ! class_exists( 'um\admin\core\Admin_DragDrop' ) ) {
|
||||
$row_id = str_replace( '_um_row_', '', $key );
|
||||
|
||||
$row_array = array(
|
||||
'type' => 'row',
|
||||
'id' => $value,
|
||||
'sub_rows' => $_POST[ '_um_rowsub_' . $row_id . '_rows' ],
|
||||
'cols' => $_POST[ '_um_rowcols_' . $row_id . '_cols' ],
|
||||
'origin' => $_POST[ '_um_roworigin_' . $row_id . '_val' ],
|
||||
'type' => 'row',
|
||||
'id' => sanitize_key( $value ),
|
||||
'sub_rows' => absint( $_POST[ '_um_rowsub_' . $row_id . '_rows' ] ),
|
||||
'cols' => absint( $_POST[ '_um_rowcols_' . $row_id . '_cols' ] ),
|
||||
'origin' => sanitize_key( $_POST[ '_um_roworigin_' . $row_id . '_val' ] ),
|
||||
);
|
||||
|
||||
$row_args = $row_array;
|
||||
|
||||
if ( isset( $this->row_data[ $row_array['origin'] ] ) ) {
|
||||
foreach ( $this->row_data[ $row_array['origin'] ] as $k => $v ) {
|
||||
if ( $k != 'position' && $k != 'metakey' ) {
|
||||
if ( 'position' !== $k && 'metakey' !== $k ) {
|
||||
$update_args[ $k ] = $v;
|
||||
}
|
||||
}
|
||||
@@ -93,7 +99,7 @@ if ( ! class_exists( 'um\admin\core\Admin_DragDrop' ) ) {
|
||||
if ( 0 === strpos( $key, 'um_position_' ) ) {
|
||||
$field_key = str_replace( 'um_position_', '', $key );
|
||||
if ( isset( $fields[ $field_key ] ) ) {
|
||||
$fields[ $field_key ]['position'] = $value;
|
||||
$fields[ $field_key ]['position'] = absint( $value );
|
||||
}
|
||||
}
|
||||
|
||||
@@ -101,7 +107,7 @@ if ( ! class_exists( 'um\admin\core\Admin_DragDrop' ) ) {
|
||||
if ( 0 === strpos( $key, 'um_row_' ) ) {
|
||||
$field_key = str_replace( 'um_row_', '', $key );
|
||||
if ( isset( $fields[ $field_key ] ) ) {
|
||||
$fields[ $field_key ]['in_row'] = $value;
|
||||
$fields[ $field_key ]['in_row'] = sanitize_key( $value );
|
||||
}
|
||||
}
|
||||
|
||||
@@ -109,7 +115,7 @@ if ( ! class_exists( 'um\admin\core\Admin_DragDrop' ) ) {
|
||||
if ( 0 === strpos( $key, 'um_subrow_' ) ) {
|
||||
$field_key = str_replace( 'um_subrow_', '', $key );
|
||||
if ( isset( $fields[ $field_key ] ) ) {
|
||||
$fields[ $field_key ]['in_sub_row'] = $value;
|
||||
$fields[ $field_key ]['in_sub_row'] = sanitize_key( $value );
|
||||
}
|
||||
}
|
||||
|
||||
@@ -117,7 +123,7 @@ if ( ! class_exists( 'um\admin\core\Admin_DragDrop' ) ) {
|
||||
if ( 0 === strpos( $key, 'um_col_' ) ) {
|
||||
$field_key = str_replace( 'um_col_', '', $key );
|
||||
if ( isset( $fields[ $field_key ] ) ) {
|
||||
$fields[ $field_key ]['in_column'] = $value;
|
||||
$fields[ $field_key ]['in_column'] = absint( $value );
|
||||
}
|
||||
}
|
||||
|
||||
@@ -125,21 +131,20 @@ if ( ! class_exists( 'um\admin\core\Admin_DragDrop' ) ) {
|
||||
if ( 0 === strpos( $key, 'um_group_' ) ) {
|
||||
$field_key = str_replace( 'um_group_', '', $key );
|
||||
if ( isset( $fields[ $field_key ] ) ) {
|
||||
$fields[ $field_key ]['in_group'] = $value;
|
||||
$fields[ $field_key ]['in_group'] = absint( $value );
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
foreach ( $this->row_data as $k => $v ) {
|
||||
if ( ! in_array( $k, $this->exist_rows ) ) {
|
||||
if ( ! in_array( $k, $this->exist_rows, true ) ) {
|
||||
unset( $this->row_data[ $k ] );
|
||||
}
|
||||
}
|
||||
|
||||
update_option( 'um_existing_rows_' . $form_id, $this->exist_rows );
|
||||
|
||||
update_option( 'um_form_rowdata_' . $form_id , $this->row_data );
|
||||
update_option( 'um_form_rowdata_' . $form_id, $this->row_data );
|
||||
|
||||
UM()->query()->update_attr( 'custom_fields', $form_id, $fields );
|
||||
|
||||
@@ -149,11 +154,11 @@ if ( ! class_exists( 'um\admin\core\Admin_DragDrop' ) ) {
|
||||
/**
|
||||
* Load form to maintain form order
|
||||
*/
|
||||
function load_field_order() {
|
||||
public function load_field_order() {
|
||||
|
||||
$screen = get_current_screen();
|
||||
|
||||
if ( ! isset( $screen->id ) || $screen->id != 'um_form' ) {
|
||||
if ( ! isset( $screen->id ) || 'um_form' !== $screen->id ) {
|
||||
return;
|
||||
} ?>
|
||||
|
||||
@@ -235,4 +240,4 @@ if ( ! class_exists( 'um\admin\core\Admin_DragDrop' ) ) {
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -96,10 +96,10 @@ if ( ! class_exists( 'um\admin\core\Admin_Enqueue' ) ) {
|
||||
*
|
||||
*/
|
||||
function enqueue_cpt_scripts() {
|
||||
if ( ( isset( $_GET['post_type'] ) && 'um_form' == sanitize_key( $_GET['post_type'] ) ) ||
|
||||
( isset( $_GET['post'] ) && 'um_form' == get_post_type( absint( $_GET['post'] ) ) ) ) {
|
||||
if ( ( isset( $_GET['post_type'] ) && 'um_form' === sanitize_key( $_GET['post_type'] ) ) ||
|
||||
( isset( $_GET['post'] ) && 'um_form' === get_post_type( absint( $_GET['post'] ) ) ) ) {
|
||||
$this->um_cpt_form_screen = true;
|
||||
add_action( 'admin_footer', array( $this, 'admin_footer_scripts' ), 20 );
|
||||
add_action( 'admin_footer', array( $this, 'admin_footer_scripts' ), 20 );
|
||||
}
|
||||
|
||||
$this->post_page = true;
|
||||
@@ -296,9 +296,9 @@ if ( ! class_exists( 'um\admin\core\Admin_Enqueue' ) ) {
|
||||
//and WP calculate page height
|
||||
$hide_footer = false;
|
||||
global $pagenow, $post;
|
||||
if ( ( 'post.php' == $pagenow || 'post-new.php' == $pagenow ) &&
|
||||
( ( isset( $_GET['post_type'] ) && 'um_form' == sanitize_key( $_GET['post_type'] ) ) ||
|
||||
( isset( $post->post_type ) && 'um_form' == $post->post_type ) ) ) {
|
||||
if ( ( 'post.php' === $pagenow || 'post-new.php' === $pagenow ) &&
|
||||
( ( isset( $_GET['post_type'] ) && 'um_form' === sanitize_key( $_GET['post_type'] ) ) ||
|
||||
( isset( $post->post_type ) && 'um_form' === $post->post_type ) ) ) {
|
||||
$hide_footer = true;
|
||||
}
|
||||
|
||||
|
||||
@@ -191,7 +191,7 @@ if ( ! class_exists( 'um\admin\core\Admin_Menu' ) ) {
|
||||
function um_roles_pages() {
|
||||
if ( empty( $_GET['tab'] ) ) {
|
||||
include_once um_path . 'includes/admin/core/list-tables/roles-list-table.php';
|
||||
} elseif ( sanitize_key( $_GET['tab'] ) == 'add' || sanitize_key( $_GET['tab'] ) == 'edit' ) {
|
||||
} elseif ( 'add' === sanitize_key( $_GET['tab'] ) || 'edit' === sanitize_key( $_GET['tab'] ) ) {
|
||||
include_once um_path . 'includes/admin/templates/role/role-edit.php';
|
||||
} else {
|
||||
um_js_redirect( add_query_arg( array( 'page' => 'um_roles' ), get_admin_url( 'admin.php' ) ) );
|
||||
@@ -340,4 +340,4 @@ if ( ! class_exists( 'um\admin\core\Admin_Menu' ) ) {
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -195,7 +195,7 @@ if ( ! class_exists( 'um\admin\core\Admin_Metabox' ) ) {
|
||||
* @param $post_id
|
||||
* @param $post
|
||||
*/
|
||||
function save_metabox_custom( $post_id, $post ) {
|
||||
public function save_metabox_custom( $post_id, $post ) {
|
||||
// validate nonce
|
||||
if ( ! isset( $_POST['um_admin_save_metabox_custom_nonce'] ) ||
|
||||
! wp_verify_nonce( $_POST['um_admin_save_metabox_custom_nonce'], basename( __FILE__ ) ) ) {
|
||||
@@ -313,7 +313,9 @@ if ( ! class_exists( 'um\admin\core\Admin_Metabox' ) ) {
|
||||
}
|
||||
|
||||
if ( ! empty( $_POST['um_content_restriction'] ) && is_array( $_POST['um_content_restriction'] ) ) {
|
||||
update_post_meta( $post_id, 'um_content_restriction', $_POST['um_content_restriction'] );
|
||||
$restriction_meta = UM()->admin()->sanitize_post_restriction_meta( $_POST['um_content_restriction'] );
|
||||
|
||||
update_post_meta( $post_id, 'um_content_restriction', $restriction_meta );
|
||||
} else {
|
||||
delete_post_meta( $post_id, 'um_content_restriction' );
|
||||
}
|
||||
@@ -340,7 +342,9 @@ if ( ! class_exists( 'um\admin\core\Admin_Metabox' ) ) {
|
||||
}
|
||||
|
||||
if ( ! empty( $_POST['um_content_restriction'] ) && is_array( $_POST['um_content_restriction'] ) ) {
|
||||
update_post_meta( $post_id, 'um_content_restriction', $_POST['um_content_restriction'] );
|
||||
$restriction_meta = UM()->admin()->sanitize_post_restriction_meta( $_POST['um_content_restriction'] );
|
||||
|
||||
update_post_meta( $post_id, 'um_content_restriction', $restriction_meta );
|
||||
} else {
|
||||
delete_post_meta( $post_id, 'um_content_restriction' );
|
||||
}
|
||||
@@ -666,7 +670,9 @@ if ( ! class_exists( 'um\admin\core\Admin_Metabox' ) ) {
|
||||
}
|
||||
|
||||
if ( ! empty( $_REQUEST['um_content_restriction'] ) && is_array( $_REQUEST['um_content_restriction'] ) ) {
|
||||
update_term_meta( $termID, 'um_content_restriction', $_REQUEST['um_content_restriction'] );
|
||||
$restriction_meta = UM()->admin()->sanitize_term_restriction_meta( $_REQUEST['um_content_restriction'] );
|
||||
|
||||
update_term_meta( $termID, 'um_content_restriction', $restriction_meta );
|
||||
} else {
|
||||
delete_term_meta( $termID, 'um_content_restriction' );
|
||||
}
|
||||
@@ -851,7 +857,7 @@ if ( ! class_exists( 'um\admin\core\Admin_Metabox' ) ) {
|
||||
)
|
||||
);
|
||||
|
||||
if ( ! isset( $_GET['id'] ) || 'administrator' != sanitize_key( $_GET['id'] ) ) {
|
||||
if ( ! isset( $_GET['id'] ) || 'administrator' !== sanitize_key( $_GET['id'] ) ) {
|
||||
$roles_metaboxes[] = array(
|
||||
'id' => 'um-admin-form-home',
|
||||
'title' => __( 'Homepage Options', 'ultimate-member' ),
|
||||
@@ -1094,13 +1100,14 @@ if ( ! class_exists( 'um\admin\core\Admin_Metabox' ) ) {
|
||||
delete_post_meta( $post_id, '_um_search_filters_gmt' );
|
||||
|
||||
//save metadata
|
||||
foreach ( $_POST['um_metadata'] as $k => $v ) {
|
||||
$metadata = UM()->admin()->sanitize_member_directory_meta( $_POST['um_metadata'] );
|
||||
foreach ( $metadata as $k => $v ) {
|
||||
|
||||
if ( $k == '_um_show_these_users' && trim( $_POST['um_metadata'][ $k ] ) ) {
|
||||
if ( $k == '_um_show_these_users' && trim( $v ) ) {
|
||||
$v = preg_split( '/[\r\n]+/', $v, -1, PREG_SPLIT_NO_EMPTY );
|
||||
}
|
||||
|
||||
if ( $k == '_um_exclude_these_users' && trim( $_POST['um_metadata'][ $k ] ) ) {
|
||||
if ( $k == '_um_exclude_these_users' && trim( $v ) ) {
|
||||
$v = preg_split( '/[\r\n]+/', $v, -1, PREG_SPLIT_NO_EMPTY );
|
||||
}
|
||||
|
||||
@@ -1172,7 +1179,11 @@ if ( ! class_exists( 'um\admin\core\Admin_Metabox' ) ) {
|
||||
|
||||
// save
|
||||
delete_post_meta( $post_id, '_um_profile_metafields' );
|
||||
foreach ( $_POST['form'] as $k => $v ) {
|
||||
|
||||
|
||||
$form_meta = UM()->admin()->sanitize_form_meta( $_POST['form'] );
|
||||
|
||||
foreach ( $form_meta as $k => $v ) {
|
||||
if ( strstr( $k, '_um_' ) ) {
|
||||
if ( $k === '_um_is_default' ) {
|
||||
$mode = UM()->query()->get_attr( 'mode', $post_id );
|
||||
@@ -2411,4 +2422,4 @@ if ( ! class_exists( 'um\admin\core\Admin_Metabox' ) ) {
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -146,9 +146,9 @@ if ( ! class_exists( 'um\admin\core\Admin_Navmenu' ) ) {
|
||||
|
||||
|
||||
/**
|
||||
* @param $menu_id
|
||||
* @param $menu_item_db_id
|
||||
* @param $menu_item_args
|
||||
* @param int $menu_id
|
||||
* @param int $menu_item_db_id
|
||||
* @param array $menu_item_args
|
||||
*/
|
||||
function _save( $menu_id, $menu_item_db_id, $menu_item_args ) {
|
||||
if ( defined( 'DOING_AJAX' ) && DOING_AJAX ) {
|
||||
@@ -167,7 +167,7 @@ if ( ! class_exists( 'um\admin\core\Admin_Navmenu' ) ) {
|
||||
if ( ! empty( $_POST[ $key ][ $menu_item_db_id ] ) ) {
|
||||
// Do some checks here...
|
||||
$value = is_array( $_POST[ $key ][ $menu_item_db_id ] ) ?
|
||||
array_keys( $_POST[ $key ][ $menu_item_db_id ] ) : $_POST[ $key ][ $menu_item_db_id ];
|
||||
array_map( 'sanitize_key', array_keys( $_POST[ $key ][ $menu_item_db_id ] ) ) : (int) $_POST[ $key ][ $menu_item_db_id ];
|
||||
} else {
|
||||
$value = null;
|
||||
}
|
||||
|
||||
@@ -580,8 +580,8 @@ if ( ! class_exists( 'um\admin\core\Admin_Notices' ) ) {
|
||||
'message' => $message,
|
||||
), 4 );
|
||||
} else {
|
||||
if ( isset( $_GET['msg'] ) && 'updated' == sanitize_key( $_GET['msg'] ) ) {
|
||||
if ( isset( $_GET['page'] ) && 'um_options' == sanitize_key( $_GET['page'] ) ) {
|
||||
if ( isset( $_GET['msg'] ) && 'updated' === sanitize_key( $_GET['msg'] ) ) {
|
||||
if ( isset( $_GET['page'] ) && 'um_options' === sanitize_key( $_GET['page'] ) ) {
|
||||
$this->add_notice( 'settings_upgrade', array(
|
||||
'class' => 'updated',
|
||||
'message' => '<p>' . __( 'Settings successfully upgraded', 'ultimate-member' ) . '</p>',
|
||||
@@ -697,4 +697,4 @@ if ( ! class_exists( 'um\admin\core\Admin_Notices' ) ) {
|
||||
wp_send_json_success();
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
@@ -306,13 +306,13 @@ if ( ! class_exists( 'um\admin\core\Admin_Users' ) ) {
|
||||
* @param $query
|
||||
* @return mixed
|
||||
*/
|
||||
function sort_by_newest( $query ) {
|
||||
public function sort_by_newest( $query ) {
|
||||
global $pagenow;
|
||||
|
||||
if ( is_admin() && $pagenow == 'users.php' ) {
|
||||
if ( is_admin() && 'users.php' === $pagenow ) {
|
||||
if ( ! isset( $_REQUEST['orderby'] ) ) {
|
||||
$query->query_vars["order"] = 'desc';
|
||||
$query->query_orderby = " ORDER BY user_registered " . ( $query->query_vars["order"] == 'desc' ? 'desc ' : 'asc ' ); //set sort order
|
||||
$query->query_vars['order'] = 'desc';
|
||||
$query->query_orderby = ' ORDER BY user_registered ' . ( 'desc' === $query->query_vars['order'] ? 'desc ' : 'asc ' ); //set sort order
|
||||
}
|
||||
}
|
||||
|
||||
@@ -326,13 +326,13 @@ if ( ! class_exists( 'um\admin\core\Admin_Users' ) ) {
|
||||
* @param $query
|
||||
* @return mixed
|
||||
*/
|
||||
function filter_users_by_status( $query ) {
|
||||
public function filter_users_by_status( $query ) {
|
||||
global $wpdb, $pagenow;
|
||||
if ( is_admin() && $pagenow == 'users.php' && ! empty( $_REQUEST['um_status'] ) ) {
|
||||
if ( is_admin() && 'users.php' === $pagenow && ! empty( $_REQUEST['um_status'] ) ) {
|
||||
|
||||
$status = sanitize_key( $_REQUEST['um_status'] );
|
||||
|
||||
if ( $status == 'needs-verification' ) {
|
||||
|
||||
if ( 'needs-verification' === $status ) {
|
||||
$query->query_where = str_replace('WHERE 1=1',
|
||||
"WHERE 1=1 AND {$wpdb->users}.ID IN (
|
||||
SELECT {$wpdb->usermeta}.user_id FROM $wpdb->usermeta
|
||||
@@ -349,7 +349,6 @@ if ( ! class_exists( 'um\admin\core\Admin_Users' ) ) {
|
||||
$query->query_where
|
||||
);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
return $query;
|
||||
@@ -360,9 +359,9 @@ if ( ! class_exists( 'um\admin\core\Admin_Users' ) ) {
|
||||
* Add status links to WP Users List Table
|
||||
*
|
||||
* @param $views
|
||||
* @return array|mixed|void
|
||||
* @return array
|
||||
*/
|
||||
function add_status_links( $views ) {
|
||||
public function add_status_links( $views ) {
|
||||
remove_filter( 'pre_user_query', array( &$this, 'filter_users_by_status' ) );
|
||||
|
||||
$old_views = $views;
|
||||
@@ -375,17 +374,17 @@ if ( ! class_exists( 'um\admin\core\Admin_Users' ) ) {
|
||||
}
|
||||
|
||||
$status = array(
|
||||
'approved' => __( 'Approved', 'ultimate-member' ),
|
||||
'awaiting_admin_review' => __( 'Pending review', 'ultimate-member' ),
|
||||
'awaiting_email_confirmation' => __( 'Waiting e-mail confirmation', 'ultimate-member' ),
|
||||
'inactive' => __( 'Inactive', 'ultimate-member' ),
|
||||
'rejected' => __( 'Rejected', 'ultimate-member' )
|
||||
'approved' => __( 'Approved', 'ultimate-member' ),
|
||||
'awaiting_admin_review' => __( 'Pending review', 'ultimate-member' ),
|
||||
'awaiting_email_confirmation' => __( 'Waiting e-mail confirmation', 'ultimate-member' ),
|
||||
'inactive' => __( 'Inactive', 'ultimate-member' ),
|
||||
'rejected' => __( 'Rejected', 'ultimate-member' ),
|
||||
);
|
||||
|
||||
UM()->query()->count_users_by_status( 'unassigned' );
|
||||
|
||||
foreach ( $status as $k => $v ) {
|
||||
if ( isset( $_REQUEST['um_status'] ) && sanitize_key( $_REQUEST['um_status'] ) == $k ) {
|
||||
if ( isset( $_REQUEST['um_status'] ) && sanitize_key( $_REQUEST['um_status'] ) === $k ) {
|
||||
$current = 'class="current"';
|
||||
} else {
|
||||
$current = '';
|
||||
@@ -429,11 +428,11 @@ if ( ! class_exists( 'um\admin\core\Admin_Users' ) ) {
|
||||
|
||||
// hide filters with not accessible roles
|
||||
if ( ! current_user_can( 'administrator' ) ) {
|
||||
$wp_roles = wp_roles();
|
||||
$wp_roles = wp_roles();
|
||||
$can_view_roles = um_user( 'can_view_roles' );
|
||||
if ( ! empty( $can_view_roles ) ) {
|
||||
foreach ( $wp_roles->get_names() as $this_role => $name ) {
|
||||
if ( ! in_array( $this_role, $can_view_roles ) ) {
|
||||
if ( ! in_array( $this_role, $can_view_roles, true ) ) {
|
||||
unset( $views[ $this_role ] );
|
||||
}
|
||||
}
|
||||
@@ -447,20 +446,20 @@ if ( ! class_exists( 'um\admin\core\Admin_Users' ) ) {
|
||||
/**
|
||||
* Bulk user editing actions
|
||||
*/
|
||||
function um_bulk_users_edit() {
|
||||
public function um_bulk_users_edit() {
|
||||
// bulk edit users
|
||||
if ( ! empty( $_REQUEST['users'] ) && ! empty( $_REQUEST['um_bulkedit'] ) && ! empty( $_REQUEST['um_bulk_action'] ) ) {
|
||||
|
||||
$rolename = UM()->roles()->get_priority_user_role( get_current_user_id() );
|
||||
$role = get_role( $rolename );
|
||||
$role = get_role( $rolename );
|
||||
|
||||
if ( ! current_user_can( 'edit_users' ) && ! $role->has_cap( 'edit_users' ) ) {
|
||||
wp_die( __( 'You do not have enough permissions to do that.', 'ultimate-member' ) );
|
||||
if ( ! current_user_can( 'edit_users' ) && ! $role->has_cap( 'edit_users' ) ) {
|
||||
wp_die( esc_html__( 'You do not have enough permissions to do that.', 'ultimate-member' ) );
|
||||
}
|
||||
|
||||
check_admin_referer( 'bulk-users' );
|
||||
|
||||
$users = array_map( 'absint', (array) $_REQUEST['users'] );
|
||||
$users = array_map( 'absint', (array) $_REQUEST['users'] );
|
||||
$bulk_action = current( array_filter( $_REQUEST['um_bulk_action'] ) );
|
||||
|
||||
foreach ( $users as $user_id ) {
|
||||
@@ -552,4 +551,4 @@ if ( ! class_exists( 'um\admin\core\Admin_Users' ) ) {
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,11 +1,13 @@
|
||||
<?php if ( ! defined( 'ABSPATH' ) ) exit;
|
||||
<?php if ( ! defined( 'ABSPATH' ) ) {
|
||||
exit;
|
||||
}
|
||||
|
||||
global $wpdb;
|
||||
|
||||
if ( isset( $_REQUEST['_wp_http_referer'] ) ) {
|
||||
$redirect = remove_query_arg( array( '_wp_http_referer' ), wp_unslash( $_REQUEST['_wp_http_referer'] ) );
|
||||
} else {
|
||||
$redirect = get_admin_url(). 'admin.php?page=um_roles';
|
||||
$redirect = get_admin_url() . 'admin.php?page=um_roles';
|
||||
}
|
||||
|
||||
global $wp_roles;
|
||||
@@ -16,9 +18,9 @@ if ( isset( $_GET['action'] ) ) {
|
||||
case 'delete': {
|
||||
$role_keys = array();
|
||||
if ( isset( $_REQUEST['id'] ) ) {
|
||||
check_admin_referer( 'um_role_delete' . sanitize_key( $_REQUEST['id'] ) . get_current_user_id() );
|
||||
check_admin_referer( 'um_role_delete' . sanitize_key( $_REQUEST['id'] ) . get_current_user_id() );
|
||||
$role_keys = (array) sanitize_key( $_REQUEST['id'] );
|
||||
} elseif( isset( $_REQUEST['item'] ) ) {
|
||||
} elseif ( isset( $_REQUEST['item'] ) ) {
|
||||
check_admin_referer( 'bulk-' . sanitize_key( __( 'Roles', 'ultimate-member' ) ) );
|
||||
$role_keys = array_map( 'sanitize_key', $_REQUEST['item'] );
|
||||
}
|
||||
@@ -40,7 +42,7 @@ if ( isset( $_GET['action'] ) ) {
|
||||
delete_option( "um_role_{$role_key}_meta" );
|
||||
$um_roles = array_diff( $um_roles, array( $role_key ) );
|
||||
|
||||
$roleID = 'um_' . $role_key;
|
||||
$roleID = 'um_' . $role_key;
|
||||
$um_custom_roles[] = $roleID;
|
||||
|
||||
//check if role exist before removing it
|
||||
@@ -51,11 +53,11 @@ if ( isset( $_GET['action'] ) ) {
|
||||
|
||||
//set for users with deleted roles role "Subscriber"
|
||||
$args = array(
|
||||
'blog_id' => get_current_blog_id(),
|
||||
'role__in' => $um_custom_roles,
|
||||
'number' => -1,
|
||||
'count_total' => false,
|
||||
'fields' => 'ids',
|
||||
'blog_id' => get_current_blog_id(),
|
||||
'role__in' => $um_custom_roles,
|
||||
'number' => -1,
|
||||
'count_total' => false,
|
||||
'fields' => 'ids',
|
||||
);
|
||||
$users_to_subscriber = get_users( $args );
|
||||
if ( ! empty( $users_to_subscriber ) ) {
|
||||
@@ -70,7 +72,12 @@ if ( isset( $_GET['action'] ) ) {
|
||||
|
||||
//update user role if it's empty
|
||||
if ( empty( $object_user->roles ) ) {
|
||||
wp_update_user( array( 'ID' => $user_id, 'role' => 'subscriber' ) );
|
||||
wp_update_user(
|
||||
array(
|
||||
'ID' => $user_id,
|
||||
'role' => 'subscriber',
|
||||
)
|
||||
);
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -85,7 +92,7 @@ if ( isset( $_GET['action'] ) ) {
|
||||
if ( isset( $_REQUEST['id'] ) ) {
|
||||
check_admin_referer( 'um_role_reset' . sanitize_key( $_REQUEST['id'] ) . get_current_user_id() );
|
||||
$role_keys = (array) sanitize_key( $_REQUEST['id'] );
|
||||
} elseif( isset( $_REQUEST['item'] ) ) {
|
||||
} elseif ( isset( $_REQUEST['item'] ) ) {
|
||||
check_admin_referer( 'bulk-' . sanitize_key( __( 'Roles', 'ultimate-member' ) ) );
|
||||
$role_keys = array_map( 'sanitize_key', $_REQUEST['item'] );
|
||||
}
|
||||
@@ -98,7 +105,7 @@ if ( isset( $_GET['action'] ) ) {
|
||||
$role_meta = get_option( "um_role_{$role_key}_meta" );
|
||||
|
||||
if ( ! empty( $role_meta['_um_is_custom'] ) ) {
|
||||
unset( $role_keys[ array_search( $role_key, $role_keys ) ] );
|
||||
unset( $role_keys[ array_search( $role_key, $role_keys, true ) ] );
|
||||
continue;
|
||||
}
|
||||
|
||||
@@ -113,14 +120,14 @@ if ( isset( $_GET['action'] ) ) {
|
||||
|
||||
//remove extra query arg
|
||||
if ( ! empty( $_GET['_wp_http_referer'] ) ) {
|
||||
um_js_redirect( remove_query_arg( array( '_wp_http_referer', '_wpnonce'), wp_unslash( $_SERVER['REQUEST_URI'] ) ) );
|
||||
um_js_redirect( remove_query_arg( array( '_wp_http_referer', '_wpnonce' ), wp_unslash( $_SERVER['REQUEST_URI'] ) ) );
|
||||
}
|
||||
|
||||
$order_by = 'name';
|
||||
$order = ( isset( $_GET['order'] ) && 'asc' == strtolower( sanitize_key( $_GET['order'] ) ) ) ? 'ASC' : 'DESC';
|
||||
$order = ( isset( $_GET['order'] ) && 'asc' === strtolower( sanitize_key( $_GET['order'] ) ) ) ? 'ASC' : 'DESC';
|
||||
|
||||
if ( ! class_exists( 'WP_List_Table' ) ) {
|
||||
require_once( ABSPATH . 'wp-admin/includes/class-wp-list-table.php' );
|
||||
require_once ABSPATH . 'wp-admin/includes/class-wp-list-table.php';
|
||||
}
|
||||
|
||||
|
||||
@@ -171,11 +178,11 @@ class UM_Roles_List_Table extends WP_List_Table {
|
||||
*
|
||||
* @param array $args
|
||||
*/
|
||||
function __construct( $args = array() ){
|
||||
function __construct( $args = array() ) {
|
||||
$args = wp_parse_args( $args, array(
|
||||
'singular' => __( 'item', 'ultimate-member' ),
|
||||
'plural' => __( 'items', 'ultimate-member' ),
|
||||
'ajax' => false
|
||||
'singular' => __( 'item', 'ultimate-member' ),
|
||||
'plural' => __( 'items', 'ultimate-member' ),
|
||||
'ajax' => false,
|
||||
) );
|
||||
|
||||
$this->no_items_message = $args['plural'] . ' ' . __( 'not found.', 'ultimate-member' );
|
||||
@@ -199,9 +206,9 @@ class UM_Roles_List_Table extends WP_List_Table {
|
||||
*
|
||||
*/
|
||||
function prepare_items() {
|
||||
$columns = $this->get_columns();
|
||||
$hidden = array();
|
||||
$sortable = $this->get_sortable_columns();
|
||||
$columns = $this->get_columns();
|
||||
$hidden = array();
|
||||
$sortable = $this->get_sortable_columns();
|
||||
$this->_column_headers = array( $columns, $hidden, $sortable );
|
||||
}
|
||||
|
||||
@@ -236,11 +243,11 @@ class UM_Roles_List_Table extends WP_List_Table {
|
||||
*/
|
||||
function set_sortable_columns( $args = array() ) {
|
||||
$return_args = array();
|
||||
foreach( $args as $k=>$val ) {
|
||||
if( is_numeric( $k ) ) {
|
||||
$return_args[ $val ] = array( $val, $val == $this->default_sorting_field );
|
||||
} else if( is_string( $k ) ) {
|
||||
$return_args[ $k ] = array( $val, $k == $this->default_sorting_field );
|
||||
foreach ( $args as $k => $val ) {
|
||||
if ( is_numeric( $k ) ) {
|
||||
$return_args[ $val ] = array( $val, $val === $this->default_sorting_field );
|
||||
} elseif ( is_string( $k ) ) {
|
||||
$return_args[ $k ] = array( $val, $k === $this->default_sorting_field );
|
||||
} else {
|
||||
continue;
|
||||
}
|
||||
@@ -336,21 +343,21 @@ class UM_Roles_List_Table extends WP_List_Table {
|
||||
function column_title( $item ) {
|
||||
$actions = array();
|
||||
|
||||
$actions['edit'] = '<a href="admin.php?page=um_roles&tab=edit&id=' . $item['key'] . '">' . __( 'Edit', 'ultimate-member' ). '</a>';
|
||||
$actions['edit'] = '<a href="admin.php?page=um_roles&tab=edit&id=' . esc_attr( $item['key'] ) . '">' . __( 'Edit', 'ultimate-member' ) . '</a>';
|
||||
|
||||
if ( ! empty( $item['_um_is_custom'] ) ) {
|
||||
$actions['delete'] = '<a href="admin.php?page=um_roles&action=delete&id=' . $item['key'] . '&_wpnonce=' . wp_create_nonce( 'um_role_delete' . $item['key'] . get_current_user_id() ) . '" onclick="return confirm( \'' . __( 'Are you sure you want to delete this role?', 'ultimate-member' ) . '\' );">' . __( 'Delete', 'ultimate-member' ). '</a>';
|
||||
$actions['delete'] = '<a href="admin.php?page=um_roles&action=delete&id=' . esc_attr( $item['key'] ) . '&_wpnonce=' . wp_create_nonce( 'um_role_delete' . $item['key'] . get_current_user_id() ) . '" onclick="return confirm( \'' . __( 'Are you sure you want to delete this role?', 'ultimate-member' ) . '\' );">' . __( 'Delete', 'ultimate-member' ) . '</a>';
|
||||
} else {
|
||||
$role_meta = get_option( "um_role_{$item['key']}_meta" );
|
||||
|
||||
if ( ! empty( $role_meta ) ) {
|
||||
$actions['reset'] = '<a href="admin.php?page=um_roles&action=reset&id=' . $item['key'] . '&_wpnonce=' . wp_create_nonce( 'um_role_reset' . $item['key'] . get_current_user_id() ) . '" onclick="return confirm( \'' . __( 'Are you sure you want to reset UM role meta?', 'ultimate-member' ) . '\' );">' . __( 'Reset UM Role meta', 'ultimate-member' ). '</a>';
|
||||
$actions['reset'] = '<a href="admin.php?page=um_roles&action=reset&id=' . esc_attr( $item['key'] ) . '&_wpnonce=' . wp_create_nonce( 'um_role_reset' . $item['key'] . get_current_user_id() ) . '" onclick="return confirm( \'' . __( 'Are you sure you want to reset UM role meta?', 'ultimate-member' ) . '\' );">' . __( 'Reset UM Role meta', 'ultimate-member' ) . '</a>';
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
||||
return sprintf('%1$s %2$s', '<strong><a class="row-title" href="admin.php?page=um_roles&tab=edit&id=' . $item['key'] . '">' . stripslashes( $item['name'] ) . '</a></strong>', $this->row_actions( $actions ) );
|
||||
return sprintf('%1$s %2$s', '<strong><a class="row-title" href="admin.php?page=um_roles&tab=edit&id=' . esc_attr( $item['key'] ) . '">' . stripslashes( $item['name'] ) . '</a></strong>', $this->row_actions( $actions ) );
|
||||
}
|
||||
|
||||
|
||||
@@ -487,7 +494,7 @@ $ListTable->um_set_pagination_args( array( 'total_items' => count( $roles ), 'pe
|
||||
</h2>
|
||||
|
||||
<?php if ( ! empty( $_GET['msg'] ) ) {
|
||||
switch( sanitize_key( $_GET['msg'] ) ) {
|
||||
switch ( sanitize_key( $_GET['msg'] ) ) {
|
||||
case 'd':
|
||||
echo '<div id="message" class="updated fade"><p>' . __( 'User Role <strong>Deleted</strong> Successfully.', 'ultimate-member' ) . '</p></div>';
|
||||
break;
|
||||
@@ -498,4 +505,4 @@ $ListTable->um_set_pagination_args( array( 'total_items' => count( $roles ), 'pe
|
||||
<input type="hidden" name="page" value="um_roles" />
|
||||
<?php $ListTable->display(); ?>
|
||||
</form>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
@@ -32,7 +32,7 @@ function um_upgrade_get_users_per_role20beta1() {
|
||||
'meta_query' => array(
|
||||
array(
|
||||
'key' => 'role',
|
||||
'value' => $_POST['key_in_meta']
|
||||
'value' => sanitize_key( $_POST['key_in_meta'] ),
|
||||
)
|
||||
),
|
||||
'number' => '',
|
||||
@@ -62,10 +62,10 @@ function um_upgrade_update_users_per_page20beta1() {
|
||||
'meta_query' => array(
|
||||
array(
|
||||
'key' => 'role',
|
||||
'value' => $_POST['key_in_meta']
|
||||
'value' => sanitize_key( $_POST['key_in_meta'] ),
|
||||
)
|
||||
),
|
||||
'paged' => $_POST['page'],
|
||||
'paged' => absint( $_POST['page'] ),
|
||||
'number' => $users_per_page,
|
||||
);
|
||||
$all_users = get_users( $args );
|
||||
@@ -74,17 +74,17 @@ function um_upgrade_update_users_per_page20beta1() {
|
||||
foreach ( $all_users as $k => $user ) {
|
||||
$user_object = get_userdata( $user->ID );
|
||||
|
||||
if ( ! in_array( $_POST['role_key'], $all_wp_roles ) ) {
|
||||
$user_object->add_role( 'um_' . $_POST['role_key'] );
|
||||
if ( ! in_array( sanitize_key( $_POST['role_key'] ), $all_wp_roles ) ) {
|
||||
$user_object->add_role( 'um_' . sanitize_key( $_POST['role_key'] ) );
|
||||
} else {
|
||||
if ( ! in_array( $_POST['role_key'], (array) $user_object->roles ) ) {
|
||||
$user_object->add_role( $_POST['role_key'] );
|
||||
if ( ! in_array( sanitize_key( $_POST['role_key'] ), (array) $user_object->roles ) ) {
|
||||
$user_object->add_role( sanitize_key( $_POST['role_key'] ) );
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
$from = ( $_POST['page'] * $users_per_page ) - $users_per_page + 1;
|
||||
$to = $_POST['page'] * $users_per_page;
|
||||
$from = ( absint( $_POST['page'] ) * $users_per_page ) - $users_per_page + 1;
|
||||
$to = absint( $_POST['page'] ) * $users_per_page;
|
||||
|
||||
wp_send_json_success( array( 'message' => sprintf( __( 'Users from %s to %s was upgraded successfully...', 'ultimate-member' ), $from, $to ) ) );
|
||||
} else {
|
||||
@@ -184,7 +184,7 @@ function um_upgrade_update_forum_per_page20beta1() {
|
||||
$p_query = new WP_Query;
|
||||
$bb_forums = $p_query->query( array(
|
||||
'post_type' => 'forum',
|
||||
'paged' => $_POST['page'],
|
||||
'paged' => absint( $_POST['page'] ),
|
||||
'posts_per_page' => $posts_per_page,
|
||||
'fields' => 'ids'
|
||||
) );
|
||||
@@ -212,8 +212,8 @@ function um_upgrade_update_forum_per_page20beta1() {
|
||||
}
|
||||
}
|
||||
|
||||
$from = ( $_POST['page'] * $posts_per_page ) - $posts_per_page + 1;
|
||||
$to = $_POST['page'] * $posts_per_page;
|
||||
$from = ( absint( $_POST['page'] ) * $posts_per_page ) - $posts_per_page + 1;
|
||||
$to = absint( $_POST['page'] ) * $posts_per_page;
|
||||
|
||||
wp_send_json_success( array( 'message' => sprintf( __( 'Forums from %s to %s was upgraded successfully...', 'ultimate-member' ), $from, $to ) ) );
|
||||
} else {
|
||||
@@ -250,7 +250,7 @@ function um_upgrade_update_products_per_page20beta1() {
|
||||
$p_query = new WP_Query;
|
||||
$wc_products = $p_query->query( array(
|
||||
'post_type' => 'product',
|
||||
'paged' => $_POST['page'],
|
||||
'paged' => absint( $_POST['page'] ),
|
||||
'posts_per_page' => $posts_per_page,
|
||||
'fields' => 'ids'
|
||||
) );
|
||||
@@ -299,8 +299,8 @@ function um_upgrade_update_products_per_page20beta1() {
|
||||
}
|
||||
}
|
||||
|
||||
$from = ( $_POST['page'] * $posts_per_page ) - $posts_per_page + 1;
|
||||
$to = $_POST['page'] * $posts_per_page;
|
||||
$from = ( absint( $_POST['page'] ) * $posts_per_page ) - $posts_per_page + 1;
|
||||
$to = absint( $_POST['page'] ) * $posts_per_page;
|
||||
|
||||
wp_send_json_success( array( 'message' => sprintf( __( 'Woocommerce Products from %s to %s was upgraded successfully...', 'ultimate-member' ), $from, $to ) ) );
|
||||
} else {
|
||||
@@ -321,4 +321,4 @@ function um_upgrade_email_templates20beta1() {
|
||||
delete_option( 'um_roles_associations' );
|
||||
|
||||
wp_send_json_success( array( 'message' => __( 'Email Templates was upgraded successfully', 'ultimate-member' ) ) );
|
||||
}
|
||||
}
|
||||
|
||||
@@ -36,7 +36,7 @@ function um_upgrade_metadata_per_user213beta3() {
|
||||
ORDER BY u.ID
|
||||
LIMIT %d, %d
|
||||
) as dt",
|
||||
( $_POST['page'] - 1 ) * $per_page,
|
||||
( absint( $_POST['page'] ) - 1 ) * $per_page,
|
||||
$per_page
|
||||
), ARRAY_A );
|
||||
|
||||
@@ -112,8 +112,8 @@ function um_upgrade_metadata_per_user213beta3() {
|
||||
}
|
||||
}
|
||||
|
||||
$from = ( $_POST['page'] * $per_page ) - $per_page + 1;
|
||||
$to = $_POST['page'] * $per_page;
|
||||
$from = ( absint( $_POST['page'] ) * $per_page ) - $per_page + 1;
|
||||
$to = absint( $_POST['page'] ) * $per_page;
|
||||
|
||||
wp_send_json_success( array( 'message' => sprintf( __( 'Metadata from %s to %s users were upgraded successfully...', 'ultimate-member' ), $from, $to ) ) );
|
||||
}
|
||||
@@ -144,4 +144,4 @@ KEY meta_value_indx (um_value(191))
|
||||
|
||||
update_option( 'um_last_version_upgrade', '2.1.3-beta3' );
|
||||
wp_send_json_success( array( 'message' => __( 'Usermeta table was upgraded successfully', 'ultimate-member' ) ) );
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user