mirror of
https://github.com/10h30/ultimatemember.git
synced 2026-07-19 14:43:49 +09:00
- intermediate results with sanitizing form handlers;
This commit is contained in:
@@ -1,4 +1,6 @@
|
||||
<?php if ( ! defined( 'ABSPATH' ) ) exit;
|
||||
<?php if ( ! defined( 'ABSPATH' ) ) {
|
||||
exit;
|
||||
}
|
||||
|
||||
wp_enqueue_script( 'postbox' );
|
||||
wp_enqueue_media();
|
||||
@@ -42,7 +44,7 @@ do_action( 'um_roles_add_meta_boxes', 'um_role_meta' );
|
||||
*/
|
||||
do_action( 'um_roles_add_meta_boxes_um_role_meta' );
|
||||
|
||||
$data = array();
|
||||
$data = array();
|
||||
$option = array();
|
||||
global $wp_roles;
|
||||
|
||||
@@ -60,11 +62,11 @@ if ( ! empty( $_GET['id'] ) ) {
|
||||
|
||||
if ( ! empty( $_POST['role'] ) ) {
|
||||
|
||||
$id = '';
|
||||
$id = '';
|
||||
$redirect = '';
|
||||
$error = '';
|
||||
$error = '';
|
||||
|
||||
if ( 'add' == sanitize_key( $_GET['tab'] ) ) {
|
||||
if ( 'add' === sanitize_key( $_GET['tab'] ) ) {
|
||||
if ( ! wp_verify_nonce( $_POST['um_nonce'], 'um-add-role' ) ) {
|
||||
$error = __( 'Security Issue', 'ultimate-member' ) . '<br />';
|
||||
}
|
||||
@@ -76,155 +78,9 @@ if ( ! empty( $_POST['role'] ) ) {
|
||||
|
||||
if ( empty( $error ) ) {
|
||||
|
||||
$data = $_POST['role'];
|
||||
$data = UM()->admin()->sanitize_role_meta( $_POST['role'] );
|
||||
|
||||
$all_roles = array_keys( UM()->roles()->get_roles() );
|
||||
|
||||
if ( array_key_exists( '_um_priority', $data ) ) {
|
||||
$data['_um_priority'] = (int) $data['_um_priority'];
|
||||
}
|
||||
|
||||
if ( array_key_exists( '_um_can_access_wpadmin', $data ) ) {
|
||||
$data['_um_can_access_wpadmin'] = (bool) $data['_um_can_access_wpadmin'];
|
||||
}
|
||||
|
||||
if ( array_key_exists( '_um_can_not_see_adminbar', $data ) ) {
|
||||
$data['_um_can_not_see_adminbar'] = (bool) $data['_um_can_not_see_adminbar'];
|
||||
}
|
||||
|
||||
if ( array_key_exists( '_um_can_edit_everyone', $data ) ) {
|
||||
$data['_um_can_edit_everyone'] = (bool) $data['_um_can_edit_everyone'];
|
||||
}
|
||||
|
||||
if ( array_key_exists( '_um_can_edit_roles', $data ) && ! empty( $data['_um_can_edit_roles'] ) ) {
|
||||
$data['_um_can_edit_roles'] = array_filter( $data['_um_can_edit_roles'], function( $v, $k ) use ( $all_roles ) {
|
||||
return in_array( $v, $all_roles );
|
||||
}, ARRAY_FILTER_USE_BOTH );
|
||||
}
|
||||
|
||||
if ( array_key_exists( '_um_can_delete_everyone', $data ) ) {
|
||||
$data['_um_can_delete_everyone'] = (bool) $data['_um_can_delete_everyone'];
|
||||
}
|
||||
|
||||
if ( array_key_exists( '_um_can_delete_roles', $data ) && ! empty( $data['_um_can_delete_roles'] ) ) {
|
||||
$data['_um_can_delete_roles'] = array_filter( $data['_um_can_delete_roles'], function( $v, $k ) use ( $all_roles ) {
|
||||
return in_array( $v, $all_roles );
|
||||
}, ARRAY_FILTER_USE_BOTH );
|
||||
}
|
||||
|
||||
if ( array_key_exists( '_um_can_edit_profile', $data ) ) {
|
||||
$data['_um_can_edit_profile'] = (bool) $data['_um_can_edit_profile'];
|
||||
}
|
||||
|
||||
if ( array_key_exists( '_um_can_delete_profile', $data ) ) {
|
||||
$data['_um_can_delete_profile'] = (bool) $data['_um_can_delete_profile'];
|
||||
}
|
||||
|
||||
if ( array_key_exists( '_um_can_view_all', $data ) ) {
|
||||
$data['_um_can_view_all'] = (bool) $data['_um_can_view_all'];
|
||||
}
|
||||
|
||||
if ( array_key_exists( '_um_can_view_roles', $data ) && ! empty( $data['_um_can_view_roles'] ) ) {
|
||||
$data['_um_can_view_roles'] = array_filter( $data['_um_can_view_roles'], function( $v, $k ) use ( $all_roles ) {
|
||||
return in_array( $v, $all_roles );
|
||||
}, ARRAY_FILTER_USE_BOTH );
|
||||
}
|
||||
|
||||
if ( array_key_exists( '_um_can_make_private_profile', $data ) ) {
|
||||
$data['_um_can_make_private_profile'] = (bool) $data['_um_can_make_private_profile'];
|
||||
}
|
||||
|
||||
if ( array_key_exists( '_um_can_access_private_profile', $data ) ) {
|
||||
$data['_um_can_access_private_profile'] = (bool) $data['_um_can_access_private_profile'];
|
||||
}
|
||||
|
||||
if ( array_key_exists( '_um_profile_noindex', $data ) ) {
|
||||
$data['_um_profile_noindex'] = $data['_um_profile_noindex'] !== '' ? (bool) $data['_um_profile_noindex'] : $data['_um_profile_noindex'];
|
||||
}
|
||||
|
||||
if ( array_key_exists( '_um_default_homepage', $data ) ) {
|
||||
$data['_um_default_homepage'] = (bool) $data['_um_default_homepage'];
|
||||
}
|
||||
|
||||
if ( array_key_exists( '_um_redirect_homepage', $data ) ) {
|
||||
$data['_um_redirect_homepage'] = esc_url_raw( $data['_um_redirect_homepage'] );
|
||||
}
|
||||
|
||||
if ( array_key_exists( '_um_status', $data ) ) {
|
||||
$data['_um_status'] = ! in_array( sanitize_key( $data['_um_status'] ), [ 'approved', 'checkmail', 'pending' ] ) ? 'approved' : sanitize_key( $data['_um_status'] );
|
||||
}
|
||||
|
||||
if ( array_key_exists( '_um_auto_approve_act', $data ) ) {
|
||||
$data['_um_auto_approve_act'] = ! in_array( sanitize_key( $data['_um_auto_approve_act'] ), [ 'redirect_profile', 'redirect_url' ] ) ? 'redirect_profile' : sanitize_key( $data['_um_auto_approve_act'] );
|
||||
}
|
||||
|
||||
if ( array_key_exists( '_um_auto_approve_url', $data ) ) {
|
||||
$data['_um_auto_approve_url'] = esc_url_raw( $data['_um_auto_approve_url'] );
|
||||
}
|
||||
|
||||
if ( array_key_exists( '_um_login_email_activate', $data ) ) {
|
||||
$data['_um_login_email_activate'] = (bool) $data['_um_login_email_activate'];
|
||||
}
|
||||
|
||||
if ( array_key_exists( '_um_checkmail_action', $data ) ) {
|
||||
$data['_um_checkmail_action'] = ! in_array( sanitize_key( $data['_um_checkmail_action'] ), [ 'show_message', 'redirect_url' ] ) ? 'show_message' : sanitize_key( $data['_um_checkmail_action'] );
|
||||
}
|
||||
|
||||
if ( array_key_exists( '_um_checkmail_message', $data ) ) {
|
||||
$data['_um_checkmail_message'] = sanitize_textarea_field( $data['_um_checkmail_message'] );
|
||||
}
|
||||
|
||||
if ( array_key_exists( '_um_checkmail_url', $data ) ) {
|
||||
$data['_um_checkmail_url'] = esc_url_raw( $data['_um_checkmail_url'] );
|
||||
}
|
||||
|
||||
if ( array_key_exists( '_um_url_email_activate', $data ) ) {
|
||||
$data['_um_url_email_activate'] = esc_url_raw( $data['_um_url_email_activate'] );
|
||||
}
|
||||
|
||||
if ( array_key_exists( '_um_pending_action', $data ) ) {
|
||||
$data['_um_pending_action'] = ! in_array( sanitize_key( $data['_um_pending_action'] ), [ 'show_message', 'redirect_url' ] ) ? 'show_message' : sanitize_key( $data['_um_pending_action'] );
|
||||
}
|
||||
|
||||
if ( array_key_exists( '_um_pending_message', $data ) ) {
|
||||
$data['_um_pending_message'] = sanitize_textarea_field( $data['_um_pending_message'] );
|
||||
}
|
||||
|
||||
if ( array_key_exists( '_um_pending_url', $data ) ) {
|
||||
$data['_um_pending_url'] = esc_url_raw( $data['_um_pending_url'] );
|
||||
}
|
||||
|
||||
if ( array_key_exists( '_um_after_login', $data ) ) {
|
||||
$data['_um_after_login'] = ! in_array( sanitize_key( $data['_um_after_login'] ), [ 'redirect_profile', 'redirect_url', 'refresh', 'redirect_admin' ] ) ? 'redirect_profile' : sanitize_key( $data['_um_after_login'] );
|
||||
}
|
||||
|
||||
if ( array_key_exists( '_um_login_redirect_url', $data ) ) {
|
||||
$data['_um_login_redirect_url'] = esc_url_raw( $data['_um_login_redirect_url'] );
|
||||
}
|
||||
|
||||
if ( array_key_exists( '_um_after_logout', $data ) ) {
|
||||
$data['_um_after_logout'] = ! in_array( sanitize_key( $data['_um_after_logout'] ), [ 'redirect_home', 'redirect_url' ] ) ? 'redirect_home' : sanitize_key( $data['_um_after_logout'] );
|
||||
}
|
||||
|
||||
if ( array_key_exists( '_um_logout_redirect_url', $data ) ) {
|
||||
$data['_um_logout_redirect_url'] = esc_url_raw( $data['_um_logout_redirect_url'] );
|
||||
}
|
||||
|
||||
if ( array_key_exists( '_um_after_delete', $data ) ) {
|
||||
$data['_um_after_delete'] = ! in_array( sanitize_key( $data['_um_after_delete'] ), [ 'redirect_home', 'redirect_url' ] ) ? 'redirect_home' : sanitize_key( $data['_um_after_delete'] );
|
||||
}
|
||||
|
||||
if ( array_key_exists( '_um_delete_redirect_url', $data ) ) {
|
||||
$data['_um_delete_redirect_url'] = esc_url_raw( $data['_um_delete_redirect_url'] );
|
||||
}
|
||||
|
||||
if ( array_key_exists( 'wp_capabilities', $data ) && ! empty( $data['wp_capabilities'] ) ) {
|
||||
$data['wp_capabilities'] = array_map( 'boolval', array_filter( $data['wp_capabilities'] ) );
|
||||
}
|
||||
|
||||
$data = apply_filters( 'um_save_role_meta_sanitize', $data );
|
||||
|
||||
if ( 'add' == sanitize_key( $_GET['tab'] ) ) {
|
||||
if ( 'add' === sanitize_key( $_GET['tab'] ) ) {
|
||||
|
||||
$data['name'] = trim( esc_html( strip_tags( $data['name'] ) ) );
|
||||
|
||||
@@ -237,11 +93,11 @@ if ( ! empty( $_POST['role'] ) ) {
|
||||
} else {
|
||||
$auto_increment = UM()->options()->get( 'custom_roles_increment' );
|
||||
$auto_increment = ! empty( $auto_increment ) ? $auto_increment : 1;
|
||||
$id = 'custom_role_' . $auto_increment;
|
||||
$id = 'custom_role_' . $auto_increment;
|
||||
}
|
||||
|
||||
$redirect = add_query_arg( array( 'page'=>'um_roles', 'tab'=>'edit', 'id'=>$id, 'msg'=>'a' ), admin_url( 'admin.php' ) );
|
||||
} elseif ( 'edit' == sanitize_key( $_GET['tab'] ) && ! empty( $_GET['id'] ) ) {
|
||||
} elseif ( 'edit' === sanitize_key( $_GET['tab'] ) && ! empty( $_GET['id'] ) ) {
|
||||
$id = sanitize_key( $_GET['id'] );
|
||||
|
||||
$pre_role_meta = get_option( "um_role_{$id}_meta", array() );
|
||||
@@ -254,16 +110,16 @@ if ( ! empty( $_POST['role'] ) ) {
|
||||
|
||||
|
||||
$all_roles = array_keys( get_editable_roles() );
|
||||
if ( 'add' == sanitize_key( $_GET['tab'] ) ) {
|
||||
if ( in_array( 'um_' . $id, $all_roles ) || in_array( $id, $all_roles ) ) {
|
||||
if ( 'add' === sanitize_key( $_GET['tab'] ) ) {
|
||||
if ( in_array( 'um_' . $id, $all_roles, true ) || in_array( $id, $all_roles, true ) ) {
|
||||
$error .= __( 'Role already exists!', 'ultimate-member' ) . '<br />';
|
||||
}
|
||||
}
|
||||
|
||||
if ( '' == $error ) {
|
||||
if ( '' === $error ) {
|
||||
|
||||
if ( 'add' == sanitize_key( $_GET['tab'] ) ) {
|
||||
$roles = get_option( 'um_roles', array() );
|
||||
if ( 'add' === sanitize_key( $_GET['tab'] ) ) {
|
||||
$roles = get_option( 'um_roles', array() );
|
||||
$roles[] = $id;
|
||||
|
||||
update_option( 'um_roles', $roles );
|
||||
@@ -297,14 +153,30 @@ $screen_id = $current_screen->id; ?>
|
||||
|
||||
<div class="wrap">
|
||||
<h2>
|
||||
<?php echo ( 'add' == sanitize_key( $_GET['tab'] ) ) ? __( 'Add New Role', 'ultimate-member' ) : __( 'Edit Role', 'ultimate-member' ) ?>
|
||||
<?php if ( 'edit' == sanitize_key( $_GET['tab'] ) ) { ?>
|
||||
<a class="add-new-h2" href="<?php echo esc_url( add_query_arg( array( 'page' => 'um_roles', 'tab' => 'add' ), admin_url( 'admin.php' ) ) ) ?>"><?php _e( 'Add New', 'ultimate-member' ) ?></a>
|
||||
<?php } ?>
|
||||
<?php
|
||||
if ( 'add' === sanitize_key( $_GET['tab'] ) ) {
|
||||
esc_html_e( 'Add New Role', 'ultimate-member' );
|
||||
} elseif ( 'edit' === sanitize_key( $_GET['tab'] ) ) {
|
||||
esc_html_e( 'Edit Role', 'ultimate-member' );
|
||||
$add_new_link = add_query_arg(
|
||||
array(
|
||||
'page' => 'um_roles',
|
||||
'tab' => 'add',
|
||||
),
|
||||
admin_url( 'admin.php' )
|
||||
);
|
||||
?>
|
||||
<a class="add-new-h2" href="<?php echo esc_url( $add_new_link ); ?>">
|
||||
<?php esc_html_e( 'Add New', 'ultimate-member' ); ?>
|
||||
</a>
|
||||
<?php
|
||||
}
|
||||
?>
|
||||
</h2>
|
||||
|
||||
<?php if ( ! empty( $_GET['msg'] ) ) {
|
||||
switch( sanitize_key( $_GET['msg'] ) ) {
|
||||
<?php
|
||||
if ( ! empty( $_GET['msg'] ) ) {
|
||||
switch ( sanitize_key( $_GET['msg'] ) ) {
|
||||
case 'a':
|
||||
echo '<div id="message" class="updated fade"><p>' . __( 'User Role <strong>Added</strong> Successfully.', 'ultimate-member' ) . '</p></div>';
|
||||
break;
|
||||
@@ -316,13 +188,13 @@ $screen_id = $current_screen->id; ?>
|
||||
|
||||
if ( ! empty( $error ) ) { ?>
|
||||
<div id="message" class="error fade">
|
||||
<p><?php echo $error ?></p>
|
||||
<p><?php echo $error; ?></p>
|
||||
</div>
|
||||
<?php } ?>
|
||||
|
||||
<form id="um_edit_role" action="" method="post">
|
||||
<input type="hidden" name="role[id]" value="<?php echo isset( $_GET['id'] ) ? esc_attr( sanitize_key( $_GET['id'] ) ) : '' ?>" />
|
||||
<?php if ( 'add' == sanitize_key( $_GET['tab'] ) ) { ?>
|
||||
<?php if ( 'add' === sanitize_key( $_GET['tab'] ) ) { ?>
|
||||
<input type="hidden" name="role[_um_is_custom]" value="1" />
|
||||
<input type="hidden" name="um_nonce" value="<?php echo esc_attr( wp_create_nonce( 'um-add-role' ) ) ?>" />
|
||||
<?php } else { ?>
|
||||
@@ -335,7 +207,7 @@ $screen_id = $current_screen->id; ?>
|
||||
<div id="post-body-content">
|
||||
<div id="titlediv">
|
||||
<div id="titlewrap">
|
||||
<?php if ( 'add' == sanitize_key( $_GET['tab'] ) ) { ?>
|
||||
<?php if ( 'add' === sanitize_key( $_GET['tab'] ) ) { ?>
|
||||
<label for="title" class="screen-reader-text"><?php _e( 'Title', 'ultimate-member' ) ?></label>
|
||||
<input type="text" name="role[name]" placeholder="<?php esc_attr_e( 'Enter Title Here', 'ultimate-member' ) ?>" id="title" value="<?php echo isset( $data['name'] ) ? $data['name'] : '' ?>" />
|
||||
<?php } else { ?>
|
||||
@@ -345,11 +217,18 @@ $screen_id = $current_screen->id; ?>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<?php
|
||||
$object = array(
|
||||
'data' => $data,
|
||||
'option' => $option,
|
||||
);
|
||||
?>
|
||||
|
||||
<div id="postbox-container-1" class="postbox-container">
|
||||
<?php do_meta_boxes( 'um_role_meta', 'side', array( 'data' => $data, 'option' => $option ) ); ?>
|
||||
<?php do_meta_boxes( 'um_role_meta', 'side', $object ); ?>
|
||||
</div>
|
||||
<div id="postbox-container-2" class="postbox-container">
|
||||
<?php do_meta_boxes( 'um_role_meta', 'normal', array( 'data' => $data, 'option' => $option ) ); ?>
|
||||
<?php do_meta_boxes( 'um_role_meta', 'normal', $object ); ?>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
Reference in New Issue
Block a user