mirror of
https://github.com/10h30/ultimatemember.git
synced 2026-07-17 13:43:38 +09:00
- intermediate results with sanitizing form handlers;
This commit is contained in:
@@ -699,7 +699,7 @@ if ( ! class_exists( 'um\core\Access' ) ) {
|
||||
foreach ( $posts as $post ) {
|
||||
|
||||
//Woocommerce AJAX fixes....remove filtration on wc-ajax which goes to Front Page
|
||||
if ( ! empty( $_GET['wc-ajax'] ) && defined('WC_DOING_AJAX') && WC_DOING_AJAX /*&& $query->is_front_page()*/ ) {
|
||||
if ( ! empty( $_GET['wc-ajax'] ) && defined( 'WC_DOING_AJAX' ) && WC_DOING_AJAX ) {
|
||||
$filtered_posts[] = $post;
|
||||
continue;
|
||||
}
|
||||
@@ -1464,4 +1464,4 @@ if ( ! class_exists( 'um\core\Access' ) ) {
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -397,6 +397,8 @@ if ( ! class_exists( 'um\core\Account' ) ) {
|
||||
$this->current_tab = UM()->form()->post_form['_um_account_tab'];
|
||||
}
|
||||
|
||||
$this->current_tab = sanitize_key( $this->current_tab );
|
||||
|
||||
if ( ! isset( UM()->form()->errors ) ) {
|
||||
/**
|
||||
* UM hook
|
||||
@@ -971,4 +973,4 @@ if ( ! class_exists( 'um\core\Account' ) ) {
|
||||
return $is_required;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -50,7 +50,7 @@ if ( ! class_exists( 'um\core\Fields' ) ) {
|
||||
* Set value on form submission
|
||||
*/
|
||||
if ( isset( $_REQUEST[ $id ] ) ) {
|
||||
$checked = $_REQUEST[ $id ];
|
||||
$checked = (bool) $_REQUEST[ $id ];
|
||||
}
|
||||
|
||||
$class = $checked ? 'um-icon-android-checkbox-outline' : 'um-icon-android-checkbox-outline-blank';
|
||||
@@ -60,7 +60,7 @@ if ( ! class_exists( 'um\core\Fields' ) ) {
|
||||
|
||||
<div class="um-field um-field-c">
|
||||
<div class="um-field-area">
|
||||
<label class="um-field-checkbox <?php echo ( $checked ) ? 'active' : '' ?>">
|
||||
<label class="um-field-checkbox<?php echo $checked ? ' active' : '' ?>">
|
||||
<input type="checkbox" name="<?php echo esc_attr( $id ); ?>" value="1" <?php checked( $checked ) ?> />
|
||||
<span class="um-field-checkbox-state"><i class="<?php echo esc_attr( $class ) ?>"></i></span>
|
||||
<span class="um-field-checkbox-option"> <?php echo esc_html( $title ); ?></span>
|
||||
@@ -4761,4 +4761,4 @@ if ( ! class_exists( 'um\core\Fields' ) ) {
|
||||
return $html_atts;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -261,7 +261,7 @@ if ( ! class_exists( 'um\core\Files' ) ) {
|
||||
wp_send_json_error( __( 'Wrong mode', 'ultimate-member' ) );
|
||||
}
|
||||
|
||||
$src = $_POST['src'];
|
||||
$src = esc_url_raw( $_POST['src'] );
|
||||
if ( strstr( $src, '?' ) ) {
|
||||
$splitted = explode( '?', $src );
|
||||
$src = $splitted[0];
|
||||
@@ -286,7 +286,7 @@ if ( ! class_exists( 'um\core\Files' ) ) {
|
||||
|
||||
$is_temp = um_is_temp_upload( $src );
|
||||
if ( ! $is_temp ) {
|
||||
if ( ! empty( $_POST['filename'] ) && file_exists( UM()->uploader()->get_upload_user_base_dir( $user_id ) . DIRECTORY_SEPARATOR . $_POST['filename'] ) ) {
|
||||
if ( ! empty( $_POST['filename'] ) && file_exists( UM()->uploader()->get_upload_user_base_dir( $user_id ) . DIRECTORY_SEPARATOR . sanitize_file_name( $_POST['filename'] ) ) ) {
|
||||
wp_send_json_success();
|
||||
}
|
||||
}
|
||||
@@ -324,7 +324,7 @@ if ( ! class_exists( 'um\core\Files' ) ) {
|
||||
wp_send_json_error( esc_js( __( 'Invalid coordinates', 'ultimate-member' ) ) );
|
||||
}
|
||||
|
||||
$user_id = empty( $_REQUEST['user_id'] ) ? get_current_user_id() : $_REQUEST['user_id'];
|
||||
$user_id = empty( $_REQUEST['user_id'] ) ? get_current_user_id() : absint( $_REQUEST['user_id'] );
|
||||
|
||||
UM()->fields()->set_id = filter_input( INPUT_POST, 'set_id', FILTER_SANITIZE_NUMBER_INT );
|
||||
UM()->fields()->set_mode = filter_input( INPUT_POST, 'set_mode', FILTER_SANITIZE_STRING );
|
||||
@@ -334,13 +334,15 @@ if ( ! class_exists( 'um\core\Files' ) ) {
|
||||
wp_send_json_error( $ret );
|
||||
}
|
||||
|
||||
$src = esc_url_raw( $src );
|
||||
|
||||
$image_path = um_is_file_owner( $src, $user_id, true );
|
||||
if ( ! $image_path ) {
|
||||
wp_send_json_error( esc_js( __( 'Invalid file ownership', 'ultimate-member' ) ) );
|
||||
}
|
||||
|
||||
UM()->uploader()->replace_upload_dir = true;
|
||||
$output = UM()->uploader()->resize_image( $image_path, $src, $key, $user_id, $coord );
|
||||
$output = UM()->uploader()->resize_image( $image_path, $src, sanitize_text_field( $key ), $user_id, sanitize_text_field( $coord ) );
|
||||
UM()->uploader()->replace_upload_dir = false;
|
||||
|
||||
delete_option( "um_cache_userdata_{$user_id}" );
|
||||
@@ -358,13 +360,13 @@ if ( ! class_exists( 'um\core\Files' ) ) {
|
||||
$ret['error'] = null;
|
||||
$ret = array();
|
||||
|
||||
$id = $_POST['key'];
|
||||
$timestamp = $_POST['timestamp'];
|
||||
$nonce = $_POST['_wpnonce'];
|
||||
$id = sanitize_text_field( $_POST['key'] );
|
||||
$timestamp = absint( $_POST['timestamp'] );
|
||||
$nonce = sanitize_text_field( $_POST['_wpnonce'] );
|
||||
$user_id = empty( $_POST['user_id'] ) ? get_current_user_id() : absint( $_POST['user_id'] );
|
||||
|
||||
UM()->fields()->set_id = $_POST['set_id'];
|
||||
UM()->fields()->set_mode = $_POST['set_mode'];
|
||||
UM()->fields()->set_id = absint( $_POST['set_id'] );
|
||||
UM()->fields()->set_mode = sanitize_key( $_POST['set_mode'] );
|
||||
|
||||
if ( UM()->fields()->set_mode != 'register' && ! UM()->roles()->um_current_user_can( 'edit', $user_id ) ) {
|
||||
$ret['error'] = __( 'You have no permission to edit this user', 'ultimate-member' );
|
||||
@@ -437,12 +439,12 @@ if ( ! class_exists( 'um\core\Files' ) ) {
|
||||
die( json_encode( $ret ) );
|
||||
}*/
|
||||
|
||||
$nonce = $_POST['_wpnonce'];
|
||||
$id = $_POST['key'];
|
||||
$timestamp = $_POST['timestamp'];
|
||||
$nonce = sanitize_text_field( $_POST['_wpnonce'] );
|
||||
$id = sanitize_text_field( $_POST['key'] );
|
||||
$timestamp = absint( $_POST['timestamp'] );
|
||||
|
||||
UM()->fields()->set_id = $_POST['set_id'];
|
||||
UM()->fields()->set_mode = $_POST['set_mode'];
|
||||
UM()->fields()->set_id = absint( $_POST['set_id'] );
|
||||
UM()->fields()->set_mode = sanitize_key( $_POST['set_mode'] );
|
||||
|
||||
/**
|
||||
* UM hook
|
||||
@@ -1296,4 +1298,4 @@ if ( ! class_exists( 'um\core\Files' ) ) {
|
||||
|
||||
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -53,15 +53,28 @@ if ( ! class_exists( 'um\core\Form' ) ) {
|
||||
/**
|
||||
*
|
||||
*/
|
||||
function ajax_muted_action() {
|
||||
public function ajax_muted_action() {
|
||||
UM()->check_ajax_nonce();
|
||||
|
||||
/**
|
||||
* @var $user_id
|
||||
* @var $hook
|
||||
*/
|
||||
extract( $_REQUEST );
|
||||
|
||||
if ( ! UM()->roles()->um_current_user_can( 'edit', $user_id ) )
|
||||
die( __( 'You can not edit this user' ) );
|
||||
if ( isset( $user_id ) ) {
|
||||
$user_id = absint( $user_id );
|
||||
}
|
||||
|
||||
switch( $hook ) {
|
||||
if ( isset( $hook ) ) {
|
||||
$hook = sanitize_key( $hook );
|
||||
}
|
||||
|
||||
if ( ! UM()->roles()->um_current_user_can( 'edit', $user_id ) ) {
|
||||
die( esc_html__( 'You can not edit this user', 'ultimate-member' ) );
|
||||
}
|
||||
|
||||
switch ( $hook ) {
|
||||
default:
|
||||
/**
|
||||
* UM hook
|
||||
@@ -337,7 +350,7 @@ if ( ! class_exists( 'um\core\Form' ) ) {
|
||||
*/
|
||||
do_action( 'um_before_submit_form_post', $_POST );
|
||||
|
||||
$this->form_id = $_POST['form_id'];
|
||||
$this->form_id = absint( $_POST['form_id'] );
|
||||
$this->form_status = get_post_status( $this->form_id );
|
||||
|
||||
|
||||
@@ -408,10 +421,11 @@ if ( ! class_exists( 'um\core\Form' ) ) {
|
||||
$custom_field_roles = $this->custom_field_roles( $this->form_data['custom_fields'] );
|
||||
|
||||
if ( ! empty( $custom_field_roles ) ) {
|
||||
$role = $_POST['role'];
|
||||
|
||||
if ( is_array( $_POST['role'] ) ) {
|
||||
$role = current( $_POST['role'] );
|
||||
$role = sanitize_key( $role );
|
||||
} else {
|
||||
$role = sanitize_key( $_POST['role'] );
|
||||
}
|
||||
|
||||
global $wp_roles;
|
||||
@@ -664,4 +678,4 @@ if ( ! class_exists( 'um\core\Form' ) ) {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -70,12 +70,12 @@ if ( ! class_exists( 'um\core\Logout' ) ) {
|
||||
|
||||
add_filter( 'wp_safe_redirect_fallback', array( &$this, 'safe_redirect_default' ), 10, 2 );
|
||||
|
||||
if ( isset( $_REQUEST['redirect_to'] ) && $_REQUEST['redirect_to'] !== '' ) {
|
||||
if ( isset( $_REQUEST['redirect_to'] ) && '' !== $_REQUEST['redirect_to'] ) {
|
||||
wp_destroy_current_session();
|
||||
wp_logout();
|
||||
session_unset();
|
||||
exit( wp_safe_redirect( $_REQUEST['redirect_to'] ) );
|
||||
} else if ( um_user('after_logout') == 'redirect_home' ) {
|
||||
exit( wp_safe_redirect( esc_url_raw( $_REQUEST['redirect_to'] ) ) );
|
||||
} else if ( 'redirect_home' === um_user( 'after_logout' ) ) {
|
||||
wp_destroy_current_session();
|
||||
wp_logout();
|
||||
session_unset();
|
||||
@@ -120,4 +120,4 @@ if ( ! class_exists( 'um\core\Logout' ) ) {
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -571,7 +571,7 @@ if ( ! class_exists( 'um\core\Member_Directory_Meta' ) ) {
|
||||
|
||||
|
||||
if ( ! empty( $_POST['search'] ) ) {
|
||||
$search_line = trim( stripslashes( $_POST['search'] ) );
|
||||
$search_line = trim( stripslashes( sanitize_text_field( $_POST['search'] ) ) );
|
||||
|
||||
$searches = array();
|
||||
foreach ( $this->core_search_fields as $field ) {
|
||||
@@ -582,7 +582,7 @@ if ( ! class_exists( 'um\core\Member_Directory_Meta' ) ) {
|
||||
|
||||
$this->joins[] = "LEFT JOIN {$wpdb->prefix}um_metadata umm_search ON umm_search.user_id = u.ID";
|
||||
|
||||
$additional_search = apply_filters( 'um_member_directory_meta_general_search_meta_query', '', stripslashes( $_POST['search'] ) );
|
||||
$additional_search = apply_filters( 'um_member_directory_meta_general_search_meta_query', '', stripslashes( sanitize_text_field( $_POST['search'] ) ) );
|
||||
|
||||
$search_like_string = apply_filters( 'um_member_directory_meta_search_like_type', '%' . $search_line . '%', $search_line );
|
||||
|
||||
@@ -610,6 +610,9 @@ if ( ! class_exists( 'um\core\Member_Directory_Meta' ) ) {
|
||||
$i = 1;
|
||||
foreach ( $filter_query as $field => $value ) {
|
||||
|
||||
$field = sanitize_text_field( $field );
|
||||
$value = sanitize_text_field( $value );
|
||||
|
||||
$attrs = UM()->fields()->get_field( $field );
|
||||
// skip private invisible fields
|
||||
if ( ! um_can_view_field( $attrs ) ) {
|
||||
@@ -642,7 +645,7 @@ if ( ! class_exists( 'um\core\Member_Directory_Meta' ) ) {
|
||||
//}
|
||||
|
||||
$order = 'ASC';
|
||||
$sortby = ! empty( $_POST['sorting'] ) ? $_POST['sorting'] : $directory_data['sortby'];
|
||||
$sortby = ! empty( $_POST['sorting'] ) ? sanitize_text_field( $_POST['sorting'] ) : $directory_data['sortby'];
|
||||
$sortby = ( $sortby == 'other' ) ? $directory_data['sortby_custom'] : $sortby;
|
||||
|
||||
$custom_sort = array();
|
||||
@@ -755,7 +758,7 @@ if ( ! class_exists( 'um\core\Member_Directory_Meta' ) ) {
|
||||
}
|
||||
|
||||
$query_number = ( ! empty( $directory_data['max_users'] ) && $directory_data['max_users'] <= $profiles_per_page ) ? $directory_data['max_users'] : $profiles_per_page;
|
||||
$query_paged = ! empty( $_POST['page'] ) ? $_POST['page'] : 1;
|
||||
$query_paged = ! empty( $_POST['page'] ) ? absint( $_POST['page'] ) : 1;
|
||||
|
||||
$number = $query_number;
|
||||
if ( ! empty( $directory_data['max_users'] ) && $query_paged*$query_number > $directory_data['max_users'] ) {
|
||||
@@ -850,4 +853,4 @@ if ( ! class_exists( 'um\core\Member_Directory_Meta' ) ) {
|
||||
wp_send_json_success( $member_directory_response );
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -199,31 +199,31 @@ if ( ! class_exists( 'um\core\Member_Directory' ) ) {
|
||||
*
|
||||
* @return array
|
||||
*/
|
||||
function before_save_data( $value, $key, $post_id ) {
|
||||
public function before_save_data( $value, $key, $post_id ) {
|
||||
|
||||
$post = get_post( $post_id );
|
||||
|
||||
if ( $post->post_type == 'um_directory' ) {
|
||||
if ( 'um_directory' === $post->post_type ) {
|
||||
|
||||
if ( ! empty( $value ) && in_array( $key, array( '_um_view_types', '_um_roles', '_um_roles_can_search', '_um_roles_can_filter' ) ) ) {
|
||||
if ( ! empty( $value ) && in_array( $key, array( '_um_view_types', '_um_roles', '_um_roles_can_search', '_um_roles_can_filter' ), true ) ) {
|
||||
$value = array_keys( $value );
|
||||
} elseif ( $key == '_um_search_filters' ) {
|
||||
} elseif ( '_um_search_filters' === $key ) {
|
||||
|
||||
$temp_value = array();
|
||||
|
||||
if ( ! empty( $value ) ) {
|
||||
foreach ( $value as $k ) {
|
||||
$filter_type = $this->filter_types[ $k ];
|
||||
if ( ! empty( $filter_type ) ) {
|
||||
if ( $filter_type == 'slider' ) {
|
||||
if ( ! empty( $filter_type ) ) {
|
||||
if ( 'slider' === $filter_type ) {
|
||||
if ( ! empty( $_POST[ $k ] ) ) {
|
||||
$temp_value[ $k ] = $_POST[ $k ];
|
||||
}
|
||||
} elseif ( $filter_type == 'timepicker' || $filter_type == 'datepicker' ) {
|
||||
} elseif ( 'timepicker' === $filter_type || 'datepicker' === $filter_type ) {
|
||||
if ( ! empty( $_POST[ $k . '_from' ] ) && ! empty( $_POST[ $k . '_to' ] ) ) {
|
||||
$temp_value[ $k ] = array( $_POST[ $k . '_from' ], $_POST[ $k . '_to' ] );
|
||||
}
|
||||
} elseif ( $filter_type == 'select' ) {
|
||||
} elseif ( 'select' === $filter_type ) {
|
||||
if ( ! empty( $_POST[ $k ] ) ) {
|
||||
if ( is_array( $_POST[ $k ] ) ) {
|
||||
$temp_value[ $k ] = array_map( 'trim', $_POST[ $k ] );
|
||||
@@ -241,7 +241,7 @@ if ( ! class_exists( 'um\core\Member_Directory' ) ) {
|
||||
}
|
||||
|
||||
$value = $temp_value;
|
||||
} elseif ( $key == '_um_sorting_fields' ) {
|
||||
} elseif ( '_um_sorting_fields' === $key ) {
|
||||
if ( ! empty( $value['other_data'] ) ) {
|
||||
$other_data = $value['other_data'];
|
||||
unset( $value['other_data'] );
|
||||
@@ -254,15 +254,15 @@ if ( ! class_exists( 'um\core\Member_Directory' ) ) {
|
||||
$metalabel = wp_strip_all_tags( $other_data[ $k ]['label'] );
|
||||
}
|
||||
$row = array(
|
||||
$metakey => ! empty( $metalabel ) ? $metalabel : $metakey
|
||||
$metakey => ! empty( $metalabel ) ? $metalabel : $metakey,
|
||||
);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
} elseif ( $key == '_um_sortby_custom' ) {
|
||||
} elseif ( '_um_sortby_custom' === $key ) {
|
||||
$value = sanitize_text_field( $value );
|
||||
} elseif ( $key == '_um_sortby_custom_label' ) {
|
||||
} elseif ( '_um_sortby_custom_label' === $key ) {
|
||||
$value = wp_strip_all_tags( $value );
|
||||
}
|
||||
}
|
||||
@@ -518,7 +518,7 @@ if ( ! class_exists( 'um\core\Member_Directory' ) ) {
|
||||
break;
|
||||
}
|
||||
case 'text': {
|
||||
$filter_from_url = ! empty( $_GET[ 'filter_' . $filter . '_' . $unique_hash ] ) ? $_GET[ 'filter_' . $filter . '_' . $unique_hash ] : $default_value; ?>
|
||||
$filter_from_url = ! empty( $_GET[ 'filter_' . $filter . '_' . $unique_hash ] ) ? sanitize_text_field( $_GET[ 'filter_' . $filter . '_' . $unique_hash ] ) : $default_value; ?>
|
||||
<input type="text" autocomplete="off" id="<?php echo $filter; ?>" name="<?php echo $filter; ?>"
|
||||
placeholder="<?php esc_attr_e( stripslashes( $attrs['label'] ), 'ultimate-member' ); ?>"
|
||||
value="<?php echo esc_attr( $filter_from_url ) ?>" class="um-form-field"
|
||||
@@ -1224,7 +1224,7 @@ if ( ! class_exists( 'um\core\Member_Directory' ) ) {
|
||||
}
|
||||
|
||||
$this->query_args['number'] = ( ! empty( $directory_data['max_users'] ) && $directory_data['max_users'] <= $profiles_per_page ) ? $directory_data['max_users'] : $profiles_per_page;
|
||||
$this->query_args['paged'] = ! empty( $_POST['page'] ) ? $_POST['page'] : 1;
|
||||
$this->query_args['paged'] = ! empty( $_POST['page'] ) ? absint( $_POST['page'] ) : 1;
|
||||
}
|
||||
|
||||
|
||||
@@ -1236,7 +1236,7 @@ if ( ! class_exists( 'um\core\Member_Directory' ) ) {
|
||||
function sorting_query( $directory_data ) {
|
||||
// sort members by
|
||||
$this->query_args['order'] = 'ASC';
|
||||
$sortby = ! empty( $_POST['sorting'] ) ? $_POST['sorting'] : $directory_data['sortby'];
|
||||
$sortby = ! empty( $_POST['sorting'] ) ? sanitize_text_field( $_POST['sorting'] ) : $directory_data['sortby'];
|
||||
$sortby = ( $sortby == 'other' ) ? $directory_data['sortby_custom'] : $sortby;
|
||||
|
||||
$custom_sort = array();
|
||||
@@ -1428,7 +1428,7 @@ if ( ! class_exists( 'um\core\Member_Directory' ) ) {
|
||||
if ( ! empty( $_POST['search'] ) ) {
|
||||
// complex using with change_meta_sql function
|
||||
|
||||
$search = trim( stripslashes( $_POST['search'] ) );
|
||||
$search = trim( stripslashes( sanitize_text_field( $_POST['search'] ) ) );
|
||||
|
||||
$meta_query = array(
|
||||
'relation' => 'OR',
|
||||
@@ -1446,7 +1446,7 @@ if ( ! class_exists( 'um\core\Member_Directory' ) ) {
|
||||
),
|
||||
);
|
||||
|
||||
$meta_query = apply_filters( 'um_member_directory_general_search_meta_query', $meta_query, stripslashes( $_POST['search'] ) );
|
||||
$meta_query = apply_filters( 'um_member_directory_general_search_meta_query', $meta_query, stripslashes( sanitize_text_field( $_POST['search'] ) ) );
|
||||
|
||||
$this->query_args['meta_query'][] = $meta_query;
|
||||
|
||||
@@ -1471,7 +1471,7 @@ if ( ! class_exists( 'um\core\Member_Directory' ) ) {
|
||||
function change_meta_sql( $sql, $queries, $type, $primary_table, $primary_id_column, $context ) {
|
||||
if ( ! empty( $_POST['search'] ) ) {
|
||||
global $wpdb;
|
||||
$search = trim( stripslashes( $_POST['search'] ) );
|
||||
$search = trim( stripslashes( sanitize_text_field( $_POST['search'] ) ) );
|
||||
if ( ! empty( $search ) ) {
|
||||
|
||||
$meta_value = '%' . $wpdb->esc_like( $search ) . '%';
|
||||
@@ -1548,6 +1548,8 @@ if ( ! class_exists( 'um\core\Member_Directory' ) ) {
|
||||
|
||||
$this->is_search = true;
|
||||
foreach ( $filter_query as $field => $value ) {
|
||||
$field = sanitize_text_field( $field );
|
||||
$value = sanitize_text_field( $value );
|
||||
|
||||
$attrs = UM()->fields()->get_field( $field );
|
||||
// skip private invisible fields
|
||||
@@ -2066,7 +2068,7 @@ if ( ! class_exists( 'um\core\Member_Directory' ) ) {
|
||||
*/
|
||||
function calculate_pagination( $directory_data, $total_users ) {
|
||||
|
||||
$current_page = ! empty( $_POST['page'] ) ? $_POST['page'] : 1;
|
||||
$current_page = ! empty( $_POST['page'] ) ? absint( $_POST['page'] ) : 1;
|
||||
|
||||
$total_users = ( ! empty( $directory_data['max_users'] ) && $directory_data['max_users'] <= $total_users ) ? $directory_data['max_users'] : $total_users;
|
||||
|
||||
@@ -2320,7 +2322,7 @@ if ( ! class_exists( 'um\core\Member_Directory' ) ) {
|
||||
function pagination_changes( $user_query ) {
|
||||
global $wpdb;
|
||||
|
||||
$directory_id = $this->get_directory_by_hash( $_POST['directory_id'] );
|
||||
$directory_id = $this->get_directory_by_hash( sanitize_key( $_POST['directory_id'] ) );
|
||||
$directory_data = UM()->query()->post_data( $directory_id );
|
||||
|
||||
$qv = $user_query->query_vars;
|
||||
@@ -2367,7 +2369,7 @@ if ( ! class_exists( 'um\core\Member_Directory' ) ) {
|
||||
|
||||
global $wpdb;
|
||||
|
||||
$directory_id = $this->get_directory_by_hash( $_POST['directory_id'] );
|
||||
$directory_id = $this->get_directory_by_hash( sanitize_key( $_POST['directory_id'] ) );
|
||||
$directory_data = UM()->query()->post_data( $directory_id );
|
||||
|
||||
//predefined result for user without capabilities to see other members
|
||||
@@ -2619,4 +2621,4 @@ if ( ! class_exists( 'um\core\Member_Directory' ) ) {
|
||||
wp_send_json_success( array( 'field_html' => $html ) );
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -100,8 +100,9 @@ if ( ! class_exists( 'um\core\Options' ) ) {
|
||||
* @param $option_id
|
||||
*/
|
||||
function remove( $option_id ) {
|
||||
if ( ! empty( $this->options[ $option_id ] ) )
|
||||
if ( ! empty( $this->options[ $option_id ] ) ) {
|
||||
unset( $this->options[ $option_id ] );
|
||||
}
|
||||
|
||||
update_option( 'um_options', $this->options );
|
||||
}
|
||||
@@ -157,4 +158,4 @@ if ( ! class_exists( 'um\core\Options' ) ) {
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -247,7 +247,7 @@ if ( ! class_exists( 'um\core\Password' ) ) {
|
||||
* @return bool
|
||||
*/
|
||||
function is_reset_request() {
|
||||
if ( um_is_core_page( 'password-reset' ) && isset( $_POST['_um_password_reset'] ) == 1 ) {
|
||||
if ( um_is_core_page( 'password-reset' ) && isset( $_POST['_um_password_reset'] ) ) {
|
||||
return true;
|
||||
}
|
||||
|
||||
@@ -262,7 +262,7 @@ if ( ! class_exists( 'um\core\Password' ) ) {
|
||||
* @return bool
|
||||
*/
|
||||
function is_change_request() {
|
||||
if ( isset( $_POST['_um_account'] ) == 1 && isset( $_POST['_um_account_tab'] ) && $_POST['_um_account_tab'] == 'password' ) {
|
||||
if ( isset( $_POST['_um_account'] ) == 1 && isset( $_POST['_um_account_tab'] ) && sanitize_key( $_POST['_um_account_tab'] ) === 'password' ) {
|
||||
return true;
|
||||
} elseif ( isset( $_POST['_um_password_change'] ) && $_POST['_um_password_change'] == 1 ) {
|
||||
return true;
|
||||
@@ -275,12 +275,12 @@ if ( ! class_exists( 'um\core\Password' ) ) {
|
||||
/**
|
||||
* Password page form
|
||||
*/
|
||||
function form_init() {
|
||||
public function form_init() {
|
||||
if ( um_is_core_page( 'password-reset' ) ) {
|
||||
UM()->fields()->set_mode = 'password';
|
||||
}
|
||||
|
||||
if ( um_is_core_page( 'password-reset' ) && isset( $_REQUEST['act'] ) && $_REQUEST['act'] == 'reset_password' ) {
|
||||
if ( um_is_core_page( 'password-reset' ) && isset( $_REQUEST['act'] ) && 'reset_password' === sanitize_key( $_REQUEST['act'] ) ) {
|
||||
wp_fix_server_vars();
|
||||
|
||||
$rp_cookie = 'wp-resetpass-' . COOKIEHASH;
|
||||
@@ -292,7 +292,7 @@ if ( ! class_exists( 'um\core\Password' ) ) {
|
||||
exit;
|
||||
}
|
||||
$rp_login = $userdata->user_login;
|
||||
$rp_key = wp_unslash( $_GET['hash'] );
|
||||
$rp_key = wp_unslash( sanitize_text_field( $_GET['hash'] ) );
|
||||
|
||||
$user = check_password_reset_key( $rp_key, $rp_login );
|
||||
|
||||
@@ -300,11 +300,11 @@ if ( ! class_exists( 'um\core\Password' ) ) {
|
||||
$this->setcookie( $rp_cookie, false );
|
||||
wp_redirect( add_query_arg( array( 'updated' => 'invalidkey' ), get_permalink() ) );
|
||||
} else {
|
||||
$value = sprintf( '%s:%s', $rp_login, wp_unslash( $_GET['hash'] ) );
|
||||
$value = sprintf( '%s:%s', $rp_login, wp_unslash( sanitize_text_field( $_GET['hash'] ) ) );
|
||||
$this->setcookie( $rp_cookie, $value );
|
||||
wp_safe_redirect( remove_query_arg( array( 'hash', 'user_id' ) ) );
|
||||
}
|
||||
|
||||
|
||||
exit;
|
||||
}
|
||||
|
||||
@@ -381,7 +381,6 @@ if ( ! class_exists( 'um\core\Password' ) ) {
|
||||
do_action( 'um_reset_password_process_hook', UM()->form()->post_form );
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
if ( $this->is_change_request() ) {
|
||||
@@ -432,7 +431,6 @@ if ( ! class_exists( 'um\core\Password' ) ) {
|
||||
do_action( 'um_change_password_process_hook', UM()->form()->post_form );
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
@@ -442,26 +440,25 @@ if ( ! class_exists( 'um\core\Password' ) ) {
|
||||
*
|
||||
* @param $args
|
||||
*/
|
||||
function um_reset_password_errors_hook( $args ) {
|
||||
|
||||
if ( $_POST[ UM()->honeypot ] != '' ) {
|
||||
wp_die( __( 'Hello, spam bot!', 'ultimate-member' ) );
|
||||
public function um_reset_password_errors_hook( $args ) {
|
||||
if ( '' !== $args[ UM()->honeypot ] ) {
|
||||
wp_die( esc_html__( 'Hello, spam bot!', 'ultimate-member' ) );
|
||||
}
|
||||
|
||||
$user = "";
|
||||
$user = '';
|
||||
|
||||
foreach ( $_POST as $key => $val ) {
|
||||
if ( strstr( $key, "username_b") ) {
|
||||
$user = trim( $val );
|
||||
foreach ( $args as $key => $val ) {
|
||||
if ( strstr( $key, 'username_b' ) ) {
|
||||
$user = trim( sanitize_text_field( $val ) );
|
||||
}
|
||||
}
|
||||
|
||||
if ( empty( $user ) ) {
|
||||
UM()->form()->add_error('username_b', __( 'Please provide your username or email', 'ultimate-member' ) );
|
||||
UM()->form()->add_error( 'username_b', __( 'Please provide your username or email', 'ultimate-member' ) );
|
||||
}
|
||||
|
||||
if ( ( ! is_email( $user ) && ! username_exists( $user ) ) || ( is_email( $user ) && ! email_exists( $user ) ) ) {
|
||||
UM()->form()->add_error('username_b', __( 'We can\'t find an account registered with that address or username','ultimate-member') );
|
||||
UM()->form()->add_error( 'username_b', __( 'We can\'t find an account registered with that address or username', 'ultimate-member' ) );
|
||||
} else {
|
||||
|
||||
if ( is_email( $user ) ) {
|
||||
@@ -471,21 +468,19 @@ if ( ! class_exists( 'um\core\Password' ) ) {
|
||||
}
|
||||
|
||||
$attempts = (int) get_user_meta( $user_id, 'password_rst_attempts', true );
|
||||
$is_admin = user_can( absint( $user_id ),'manage_options' );
|
||||
$is_admin = user_can( absint( $user_id ), 'manage_options' );
|
||||
|
||||
if ( UM()->options()->get( 'enable_reset_password_limit' ) ) { // if reset password limit is set
|
||||
|
||||
if ( UM()->options()->get( 'disable_admin_reset_password_limit' ) && $is_admin ) {
|
||||
// Triggers this when a user has admin capabilities and when reset password limit is disabled for admins
|
||||
} else {
|
||||
if ( ! ( UM()->options()->get( 'disable_admin_reset_password_limit' ) && $is_admin ) ) {
|
||||
// Doesn't trigger this when a user has admin capabilities and when reset password limit is disabled for admins
|
||||
$limit = UM()->options()->get( 'reset_password_limit_number' );
|
||||
if ( $attempts >= $limit ) {
|
||||
UM()->form()->add_error( 'username_b', __( 'You have reached the limit for requesting password change for this user already. Contact support if you cannot open the email','ultimate-member') );
|
||||
UM()->form()->add_error( 'username_b', __( 'You have reached the limit for requesting password change for this user already. Contact support if you cannot open the email', 'ultimate-member' ) );
|
||||
} else {
|
||||
update_user_meta( $user_id, 'password_rst_attempts', $attempts + 1 );
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
@@ -497,12 +492,12 @@ if ( ! class_exists( 'um\core\Password' ) ) {
|
||||
*
|
||||
* @param $args
|
||||
*/
|
||||
function um_reset_password_process_hook( $args ) {
|
||||
public function um_reset_password_process_hook( $args ) {
|
||||
$user = null;
|
||||
|
||||
foreach ( $_POST as $key => $val ) {
|
||||
if ( strstr( $key, "username_b" ) ) {
|
||||
$user = trim( $val );
|
||||
foreach ( $args as $key => $val ) {
|
||||
if ( strstr( $key, 'username_b' ) ) {
|
||||
$user = trim( sanitize_text_field( $val ) );
|
||||
}
|
||||
}
|
||||
|
||||
@@ -525,20 +520,27 @@ if ( ! class_exists( 'um\core\Password' ) ) {
|
||||
*
|
||||
* @param $args
|
||||
*/
|
||||
function um_change_password_errors_hook( $args ) {
|
||||
if ( isset( $_POST[ UM()->honeypot ] ) && $_POST[ UM()->honeypot ] != '' ) {
|
||||
wp_die( __( 'Hello, spam bot!', 'ultimate-member' ) );
|
||||
public function um_change_password_errors_hook( $args ) {
|
||||
if ( isset( $args[ UM()->honeypot ] ) && '' !== $args[ UM()->honeypot ] ) {
|
||||
wp_die( esc_html__( 'Hello, spam bot!', 'ultimate-member' ) );
|
||||
}
|
||||
|
||||
if ( ! is_user_logged_in() && isset( $args ) && ! um_is_core_page( 'password-reset' ) ||
|
||||
is_user_logged_in() && isset( $args['user_id'] ) && $args['user_id'] != get_current_user_id() ) {
|
||||
wp_die( __( 'This is not possible for security reasons.', 'ultimate-member' ) );
|
||||
is_user_logged_in() && isset( $args['user_id'] ) && absint( $args['user_id'] ) !== get_current_user_id() ) {
|
||||
wp_die( esc_html__( 'This is not possible for security reasons.', 'ultimate-member' ) );
|
||||
}
|
||||
|
||||
if ( isset( $args['user_password'] ) && empty( $args['user_password'] ) ) {
|
||||
UM()->form()->add_error( 'user_password', __( 'You must enter a new password', 'ultimate-member' ) );
|
||||
}
|
||||
|
||||
if ( isset( $args['user_password'] ) ) {
|
||||
$args['user_password'] = sanitize_text_field( $args['user_password'] );
|
||||
}
|
||||
if ( isset( $args['confirm_user_password'] ) ) {
|
||||
$args['confirm_user_password'] = sanitize_text_field( $args['confirm_user_password'] );
|
||||
}
|
||||
|
||||
if ( UM()->options()->get( 'reset_require_strongpass' ) ) {
|
||||
|
||||
if ( strlen( utf8_decode( $args['user_password'] ) ) < 8 ) {
|
||||
@@ -552,14 +554,13 @@ if ( ! class_exists( 'um\core\Password' ) ) {
|
||||
if ( ! UM()->validation()->strong_pass( $args['user_password'] ) ) {
|
||||
UM()->form()->add_error( 'user_password', __( 'Your password must contain at least one lowercase letter, one capital letter and one number', 'ultimate-member' ) );
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
if ( isset( $args['confirm_user_password'] ) && empty( $args['confirm_user_password'] ) ) {
|
||||
UM()->form()->add_error( 'confirm_user_password', __( 'You must confirm your new password', 'ultimate-member' ) );
|
||||
}
|
||||
|
||||
if ( isset( $args['user_password'] ) && isset( $args['confirm_user_password'] ) && $args['user_password'] != $args['confirm_user_password'] ) {
|
||||
if ( isset( $args['user_password'] ) && isset( $args['confirm_user_password'] ) && $args['user_password'] !== $args['confirm_user_password'] ) {
|
||||
UM()->form()->add_error( 'confirm_user_password', __( 'Your passwords do not match', 'ultimate-member' ) );
|
||||
}
|
||||
|
||||
@@ -571,13 +572,11 @@ if ( ! class_exists( 'um\core\Password' ) ) {
|
||||
*
|
||||
* @param $args
|
||||
*/
|
||||
function um_change_password_process_hook( $args ) {
|
||||
extract( $args );
|
||||
|
||||
if ( isset( $_POST['_um_password_change'] ) && $_POST['_um_password_change'] == 1 ) {
|
||||
public function um_change_password_process_hook( $args ) {
|
||||
if ( isset( $args['_um_password_change'] ) && $args['_um_password_change'] == 1 ) {
|
||||
|
||||
$rp_cookie = 'wp-resetpass-' . COOKIEHASH;
|
||||
$user = get_userdata( $args['user_id'] );
|
||||
$user = get_userdata( absint( $args['user_id'] ) );
|
||||
|
||||
if ( isset( $_COOKIE[ $rp_cookie ] ) && 0 < strpos( $_COOKIE[ $rp_cookie ], ':' ) ) {
|
||||
list( $rp_login, $rp_key ) = explode( ':', wp_unslash( $_COOKIE[ $rp_cookie ] ), 2 );
|
||||
@@ -586,7 +585,7 @@ if ( ! class_exists( 'um\core\Password' ) ) {
|
||||
$user = false;
|
||||
} else {
|
||||
$user = check_password_reset_key( $rp_key, $rp_login );
|
||||
if ( isset( $_POST['user_password'] ) && ! hash_equals( $rp_key, $_POST['rp_key'] ) ) {
|
||||
if ( isset( $args['user_password'] ) && ! hash_equals( $rp_key, $args['rp_key'] ) ) {
|
||||
$user = false;
|
||||
}
|
||||
}
|
||||
@@ -617,7 +616,7 @@ if ( ! class_exists( 'um\core\Password' ) ) {
|
||||
do_action( 'validate_password_reset', $errors, $user );
|
||||
|
||||
if ( ( ! $errors->get_error_code() ) ) {
|
||||
reset_password( $user, $args['user_password'] );
|
||||
reset_password( $user, sanitize_text_field( $args['user_password'] ) );
|
||||
|
||||
// send the Password Changed Email
|
||||
UM()->user()->password_changed();
|
||||
@@ -653,9 +652,9 @@ if ( ! class_exists( 'um\core\Password' ) ) {
|
||||
* }
|
||||
* ?>
|
||||
*/
|
||||
do_action( 'um_after_changing_user_password', $args['user_id'] );
|
||||
do_action( 'um_after_changing_user_password', absint( $args['user_id'] ) );
|
||||
|
||||
exit( wp_redirect( um_get_core_page('login', 'password_changed' ) ) );
|
||||
exit( wp_redirect( um_get_core_page( 'login', 'password_changed' ) ) );
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -714,4 +713,4 @@ if ( ! class_exists( 'um\core\Password' ) ) {
|
||||
return $replace_placeholders;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -175,15 +175,15 @@ if ( ! class_exists( 'um\core\Permalinks' ) ) {
|
||||
/**
|
||||
* Activates an account via email
|
||||
*/
|
||||
function activate_account_via_email_link() {
|
||||
if ( isset( $_REQUEST['act'] ) && $_REQUEST['act'] == 'activate_via_email' && isset( $_REQUEST['hash'] ) && is_string( $_REQUEST['hash'] ) && strlen( $_REQUEST['hash'] ) == 40 &&
|
||||
public function activate_account_via_email_link() {
|
||||
if ( isset( $_REQUEST['act'] ) && 'activate_via_email' === sanitize_key( $_REQUEST['act'] ) && isset( $_REQUEST['hash'] ) && is_string( $_REQUEST['hash'] ) && strlen( $_REQUEST['hash'] ) == 40 &&
|
||||
isset( $_REQUEST['user_id'] ) && is_numeric( $_REQUEST['user_id'] ) ) { // valid token
|
||||
|
||||
$user_id = absint( $_REQUEST['user_id'] );
|
||||
delete_option( "um_cache_userdata_{$user_id}" );
|
||||
|
||||
$account_secret_hash = get_user_meta( $user_id, 'account_secret_hash', true );
|
||||
if ( empty( $account_secret_hash ) || strtolower( $_REQUEST['hash'] ) !== strtolower( $account_secret_hash ) ) {
|
||||
if ( empty( $account_secret_hash ) || strtolower( sanitize_text_field( $_REQUEST['hash'] ) ) !== strtolower( $account_secret_hash ) ) {
|
||||
wp_die( __( 'This activation link is expired or have already been used.', 'ultimate-member' ) );
|
||||
}
|
||||
|
||||
@@ -536,4 +536,4 @@ if ( ! class_exists( 'um\core\Permalinks' ) ) {
|
||||
return $url;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -55,16 +55,17 @@ if ( ! class_exists( 'um\core\Profile' ) ) {
|
||||
/**
|
||||
* Delete profile avatar AJAX handler
|
||||
*/
|
||||
function ajax_delete_profile_photo() {
|
||||
public function ajax_delete_profile_photo() {
|
||||
UM()->check_ajax_nonce();
|
||||
|
||||
/**
|
||||
* @var $user_id
|
||||
*/
|
||||
extract( $_REQUEST );
|
||||
if ( ! array_key_exists( 'user_id', $_REQUEST ) ) {
|
||||
wp_send_json_error( __( 'Invalid data', 'ultimate-member' ) );
|
||||
}
|
||||
|
||||
$user_id = absint( $_REQUEST['user_id'] );
|
||||
|
||||
if ( ! UM()->roles()->um_current_user_can( 'edit', $user_id ) ) {
|
||||
die( __( 'You can not edit this user' ) );
|
||||
die( esc_html__( 'You can not edit this user', 'ultimate-member' ) );
|
||||
}
|
||||
|
||||
UM()->files()->delete_core_user_photo( $user_id, 'profile_photo' );
|
||||
@@ -74,16 +75,17 @@ if ( ! class_exists( 'um\core\Profile' ) ) {
|
||||
/**
|
||||
* Delete cover photo AJAX handler
|
||||
*/
|
||||
function ajax_delete_cover_photo() {
|
||||
public function ajax_delete_cover_photo() {
|
||||
UM()->check_ajax_nonce();
|
||||
|
||||
/**
|
||||
* @var $user_id
|
||||
*/
|
||||
extract( $_REQUEST );
|
||||
if ( ! array_key_exists( 'user_id', $_REQUEST ) ) {
|
||||
wp_send_json_error( __( 'Invalid data', 'ultimate-member' ) );
|
||||
}
|
||||
|
||||
$user_id = absint( $_REQUEST['user_id'] );
|
||||
|
||||
if ( ! UM()->roles()->um_current_user_can( 'edit', $user_id ) ) {
|
||||
die( __( 'You can not edit this user' ) );
|
||||
die( esc_html__( 'You can not edit this user', 'ultimate-member' ) );
|
||||
}
|
||||
|
||||
UM()->files()->delete_core_user_photo( $user_id, 'cover_photo' );
|
||||
@@ -95,15 +97,18 @@ if ( ! class_exists( 'um\core\Profile' ) ) {
|
||||
*
|
||||
* @return array
|
||||
*/
|
||||
function tabs_privacy() {
|
||||
$privacy = apply_filters( 'um_profile_tabs_privacy_list', array(
|
||||
0 => __( 'Anyone', 'ultimate-member' ),
|
||||
1 => __( 'Guests only', 'ultimate-member' ),
|
||||
2 => __( 'Members only', 'ultimate-member' ),
|
||||
3 => __( 'Only the owner', 'ultimate-member' ),
|
||||
4 => __( 'Only specific roles', 'ultimate-member' ),
|
||||
5 => __( 'Owner and specific roles', 'ultimate-member' ),
|
||||
) );
|
||||
public function tabs_privacy() {
|
||||
$privacy = apply_filters(
|
||||
'um_profile_tabs_privacy_list',
|
||||
array(
|
||||
0 => __( 'Anyone', 'ultimate-member' ),
|
||||
1 => __( 'Guests only', 'ultimate-member' ),
|
||||
2 => __( 'Members only', 'ultimate-member' ),
|
||||
3 => __( 'Only the owner', 'ultimate-member' ),
|
||||
4 => __( 'Only specific roles', 'ultimate-member' ),
|
||||
5 => __( 'Owner and specific roles', 'ultimate-member' ),
|
||||
)
|
||||
);
|
||||
|
||||
return $privacy;
|
||||
}
|
||||
@@ -505,4 +510,4 @@ if ( ! class_exists( 'um\core\Profile' ) ) {
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -29,7 +29,7 @@ if ( ! class_exists( 'um\core\Query' ) ) {
|
||||
/**
|
||||
* Query constructor.
|
||||
*/
|
||||
function __construct() {
|
||||
public function __construct() {
|
||||
|
||||
|
||||
}
|
||||
@@ -38,7 +38,7 @@ if ( ! class_exists( 'um\core\Query' ) ) {
|
||||
/**
|
||||
* Ajax pagination for posts
|
||||
*/
|
||||
function ajax_paginate() {
|
||||
public function ajax_paginate() {
|
||||
UM()->check_ajax_nonce();
|
||||
|
||||
/**
|
||||
|
||||
@@ -382,21 +382,25 @@ if ( ! class_exists( 'um\core\Roles_Capabilities' ) ) {
|
||||
function get_priority_user_role( $user_id ) {
|
||||
$user = get_userdata( $user_id );
|
||||
|
||||
if ( empty( $user->roles ) )
|
||||
if ( empty( $user->roles ) ) {
|
||||
return false;
|
||||
}
|
||||
|
||||
// User has roles so look for a UM Role one
|
||||
$um_roles_keys = get_option( 'um_roles', array() );
|
||||
|
||||
if ( ! empty( $um_roles_keys ) ) {
|
||||
$um_roles_keys = array_map( function( $item ) {
|
||||
return 'um_' . $item;
|
||||
}, $um_roles_keys );
|
||||
$um_roles_keys = array_map(
|
||||
function( $item ) {
|
||||
return 'um_' . $item;
|
||||
},
|
||||
$um_roles_keys
|
||||
);
|
||||
}
|
||||
|
||||
$orders = array();
|
||||
foreach ( array_values( $user->roles ) as $userrole ) {
|
||||
if ( ! empty( $um_roles_keys ) && in_array( $userrole, $um_roles_keys ) ) {
|
||||
if ( ! empty( $um_roles_keys ) && in_array( $userrole, $um_roles_keys, true ) ) {
|
||||
$userrole_metakey = substr( $userrole, 3 );
|
||||
} else {
|
||||
$userrole_metakey = $userrole;
|
||||
@@ -727,4 +731,4 @@ if ( ! class_exists( 'um\core\Roles_Capabilities' ) ) {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -161,18 +161,16 @@ if ( ! class_exists( 'um\core\Shortcodes' ) ) {
|
||||
*/
|
||||
function parse_shortcode_args( $args ) {
|
||||
if ( $this->message_mode == true ) {
|
||||
|
||||
if ( ! empty( $_REQUEST['um_role'] ) ) {
|
||||
$args['template'] = 'message';
|
||||
$roleID = esc_attr( $_REQUEST['um_role'] );
|
||||
$roleID = sanitize_key( $_REQUEST['um_role'] );
|
||||
$role = UM()->roles()->role_data( $roleID );
|
||||
|
||||
if ( ! empty( $role ) && ! empty( $role["status"] ) ) {
|
||||
$message_key = $role["status"] . '_message';
|
||||
if ( ! empty( $role ) && ! empty( $role['status'] ) ) {
|
||||
$message_key = $role['status'] . '_message';
|
||||
$this->custom_message = ! empty( $role[ $message_key ] ) ? stripslashes( $role[ $message_key ] ) : '';
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
foreach ( $args as $k => $v ) {
|
||||
@@ -676,7 +674,7 @@ if ( ! class_exists( 'um\core\Shortcodes' ) ) {
|
||||
extract( $args, EXTR_SKIP );
|
||||
|
||||
//not display on admin preview
|
||||
if ( empty( $_POST['act_id'] ) || $_POST['act_id'] != 'um_admin_preview_form' ) {
|
||||
if ( empty( $_POST['act_id'] ) || sanitize_key( $_POST['act_id'] ) !== 'um_admin_preview_form' ) {
|
||||
|
||||
$enable_loggedin_registration = apply_filters( 'um_registration_for_loggedin_users', false, $args );
|
||||
|
||||
@@ -1266,7 +1264,7 @@ if ( ! class_exists( 'um\core\Shortcodes' ) ) {
|
||||
|
||||
$hash = UM()->member_directory()->get_directory_hash( $directory_id );
|
||||
|
||||
$query[ 'search_' . $hash ] = ! empty( $_GET[ 'search_' . $hash ] ) ? $_GET[ 'search_' . $hash ] : '';
|
||||
$query[ 'search_' . $hash ] = ! empty( $_GET[ 'search_' . $hash ] ) ? sanitize_text_field( $_GET[ 'search_' . $hash ] ) : '';
|
||||
}
|
||||
|
||||
if ( empty( $query ) ) {
|
||||
|
||||
@@ -103,8 +103,8 @@ if ( ! class_exists( 'um\core\User_posts' ) ) {
|
||||
function load_posts() {
|
||||
UM()->check_ajax_nonce();
|
||||
|
||||
$author = ! empty( $_POST['author'] ) ? $_POST['author'] : get_current_user_id();
|
||||
$page = ! empty( $_POST['page'] ) ? $_POST['page'] : 0;
|
||||
$author = ! empty( $_POST['author'] ) ? absint( $_POST['author'] ) : get_current_user_id();
|
||||
$page = ! empty( $_POST['page'] ) ? absint( $_POST['page'] ) : 0;
|
||||
|
||||
$args = array(
|
||||
'post_type' => 'post',
|
||||
@@ -244,4 +244,4 @@ if ( ! class_exists( 'um\core\User_posts' ) ) {
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -347,8 +347,8 @@ if ( ! class_exists( 'um\core\User' ) ) {
|
||||
}
|
||||
|
||||
if ( ! empty( $_POST['um-role'] ) && current_user_can( 'promote_users' ) ) {
|
||||
if ( ! user_can( $user_id, $_POST['um-role'] ) ) {
|
||||
UM()->roles()->set_role( $user_id, $_POST['um-role'] );
|
||||
if ( ! user_can( $user_id, sanitize_key( $_POST['um-role'] ) ) ) {
|
||||
UM()->roles()->set_role( $user_id, sanitize_key( $_POST['um-role'] ) );
|
||||
}
|
||||
}
|
||||
|
||||
@@ -368,8 +368,8 @@ if ( ! class_exists( 'um\core\User' ) ) {
|
||||
}
|
||||
|
||||
if ( ! empty( $_POST['um-role'] ) && current_user_can( 'promote_users' ) ) {
|
||||
if ( ! user_can( $user_id, $_POST['um-role'] ) ) {
|
||||
UM()->roles()->set_role( $user_id, $_POST['um-role'] );
|
||||
if ( ! user_can( $user_id, sanitize_key( $_POST['um-role'] ) ) ) {
|
||||
UM()->roles()->set_role( $user_id, sanitize_key( $_POST['um-role'] ) );
|
||||
}
|
||||
}
|
||||
|
||||
@@ -383,7 +383,7 @@ if ( ! class_exists( 'um\core\User' ) ) {
|
||||
function get_pending_users_count() {
|
||||
|
||||
$cached_users_queue = get_option( 'um_cached_users_queue' );
|
||||
if ( $cached_users_queue > 0 && ! isset( $_REQUEST['delete_count'] ) ){
|
||||
if ( $cached_users_queue > 0 && ! isset( $_REQUEST['delete_count'] ) ) {
|
||||
return $cached_users_queue;
|
||||
}
|
||||
|
||||
@@ -592,8 +592,8 @@ if ( ! class_exists( 'um\core\User' ) ) {
|
||||
//if there custom 2 role not empty
|
||||
if ( ! empty( $_POST['um-role'] ) && current_user_can( 'promote_users' ) ) {
|
||||
$user = get_userdata( $user_id );
|
||||
$user->add_role( $_POST['um-role'] );
|
||||
UM()->user()->profile['role'] = $_POST['um-role'];
|
||||
$user->add_role( sanitize_key( $_POST['um-role'] ) );
|
||||
UM()->user()->profile['role'] = sanitize_key( $_POST['um-role'] );
|
||||
UM()->user()->update_usermeta_info( 'role' );
|
||||
}
|
||||
|
||||
@@ -641,9 +641,9 @@ if ( ! class_exists( 'um\core\User' ) ) {
|
||||
|
||||
if ( is_admin() ) {
|
||||
if ( ! empty( $_POST['um-role'] ) && current_user_can( 'promote_users' ) ) {
|
||||
$new_roles = array_merge( $new_roles, array( $_POST['um-role'] ) );
|
||||
if ( ! user_can( $user_id, $_POST['um-role'] ) ) {
|
||||
UM()->roles()->set_role( $user_id, $_POST['um-role'] );
|
||||
$new_roles = array_merge( $new_roles, array( sanitize_key( $_POST['um-role'] ) ) );
|
||||
if ( ! user_can( $user_id, sanitize_key( $_POST['um-role'] ) ) ) {
|
||||
UM()->roles()->set_role( $user_id, sanitize_key( $_POST['um-role'] ) );
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,4 +1,6 @@
|
||||
<?php if ( ! defined( 'ABSPATH' ) ) exit;
|
||||
<?php if ( ! defined( 'ABSPATH' ) ) {
|
||||
exit;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
@@ -7,161 +9,182 @@
|
||||
* @param array $args
|
||||
*/
|
||||
function um_submit_account_errors_hook( $args ) {
|
||||
if ( ! isset( $_POST['_um_account'] ) && ! isset( $_POST['_um_account_tab'] ) ) {
|
||||
if ( ! isset( $args['_um_account'] ) && ! isset( $args['_um_account_tab'] ) ) {
|
||||
return;
|
||||
}
|
||||
|
||||
if ( ! wp_verify_nonce( $_POST[ 'um_account_nonce_' . $_POST['_um_account_tab'] ], 'um_update_account_' . $_POST['_um_account_tab'] ) ) {
|
||||
UM()->form()->add_error('um_account_security', __( 'Are you hacking? Please try again!', 'ultimate-member' ) );
|
||||
$tab = sanitize_key( $args['_um_account_tab'] );
|
||||
|
||||
if ( ! wp_verify_nonce( $args[ 'um_account_nonce_' . $tab ], 'um_update_account_' . $tab ) ) {
|
||||
UM()->form()->add_error( 'um_account_security', __( 'Are you hacking? Please try again!', 'ultimate-member' ) );
|
||||
}
|
||||
|
||||
$user = get_user_by( 'login', um_user( 'user_login' ) );
|
||||
|
||||
if ( isset( $_POST['_um_account_tab'] ) ) {
|
||||
switch ( $_POST['_um_account_tab'] ) {
|
||||
case 'delete': {
|
||||
// delete account
|
||||
if ( UM()->account()->current_password_is_required( 'delete' ) ) {
|
||||
if ( strlen( trim( $_POST['single_user_password'] ) ) == 0 ) {
|
||||
UM()->form()->add_error( 'single_user_password', __( 'You must enter your password', 'ultimate-member' ) );
|
||||
} else {
|
||||
if ( ! wp_check_password( $_POST['single_user_password'], $user->data->user_pass, $user->data->ID ) ) {
|
||||
UM()->form()->add_error( 'single_user_password', __( 'This is not your password', 'ultimate-member' ) );
|
||||
}
|
||||
switch ( $tab ) {
|
||||
case 'delete': {
|
||||
// delete account
|
||||
if ( UM()->account()->current_password_is_required( 'delete' ) ) {
|
||||
if ( strlen( trim( sanitize_text_field( $args['single_user_password'] ) ) ) === 0 ) {
|
||||
UM()->form()->add_error( 'single_user_password', __( 'You must enter your password', 'ultimate-member' ) );
|
||||
} else {
|
||||
if ( ! wp_check_password( sanitize_text_field( $args['single_user_password'] ), $user->data->user_pass, $user->data->ID ) ) {
|
||||
UM()->form()->add_error( 'single_user_password', __( 'This is not your password', 'ultimate-member' ) );
|
||||
}
|
||||
}
|
||||
|
||||
UM()->account()->current_tab = 'delete';
|
||||
|
||||
break;
|
||||
}
|
||||
|
||||
case 'password': {
|
||||
UM()->account()->current_tab = 'delete';
|
||||
|
||||
// change password
|
||||
UM()->account()->current_tab = 'password';
|
||||
|
||||
if ( empty( $_POST['user_password'] ) ) {
|
||||
UM()->form()->add_error('user_password', __( 'Password is required', 'ultimate-member' ) );
|
||||
return;
|
||||
}
|
||||
|
||||
if ( empty( $_POST['confirm_user_password'] ) ) {
|
||||
UM()->form()->add_error('user_password', __( 'Password confirmation is required', 'ultimate-member' ) );
|
||||
return;
|
||||
}
|
||||
|
||||
if ( ! empty( $_POST['user_password'] ) && ! empty( $_POST['confirm_user_password'] ) ) {
|
||||
|
||||
if ( UM()->account()->current_password_is_required( 'password' ) ) {
|
||||
if ( empty( $_POST['current_user_password'] ) ) {
|
||||
UM()->form()->add_error('current_user_password', __( 'This is not your password', 'ultimate-member' ) );
|
||||
return;
|
||||
} else {
|
||||
if ( ! wp_check_password( $_POST['current_user_password'], $user->data->user_pass, $user->data->ID ) ) {
|
||||
UM()->form()->add_error('current_user_password', __( 'This is not your password', 'ultimate-member' ) );
|
||||
return;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if ( $_POST['user_password'] != $_POST['confirm_user_password'] && $_POST['user_password'] ) {
|
||||
UM()->form()->add_error('user_password', __( 'Your new password does not match', 'ultimate-member' ) );
|
||||
return;
|
||||
}
|
||||
|
||||
if ( UM()->options()->get( 'account_require_strongpass' ) ) {
|
||||
if ( strlen( utf8_decode( $_POST['user_password'] ) ) < 8 ) {
|
||||
UM()->form()->add_error( 'user_password', __( 'Your password must contain at least 8 characters', 'ultimate-member' ) );
|
||||
}
|
||||
|
||||
if ( strlen( utf8_decode( $_POST['user_password'] ) ) > 30 ) {
|
||||
UM()->form()->add_error( 'user_password', __( 'Your password must contain less than 30 characters', 'ultimate-member' ) );
|
||||
}
|
||||
|
||||
if ( ! UM()->validation()->strong_pass( $_POST['user_password'] ) ) {
|
||||
UM()->form()->add_error( 'user_password', __( 'Your password must contain at least one lowercase letter, one capital letter and one number', 'ultimate-member' ) );
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
break;
|
||||
}
|
||||
|
||||
case 'account':
|
||||
case 'general': {
|
||||
// errors on general tab
|
||||
|
||||
$account_name_require = UM()->options()->get( 'account_name_require' );
|
||||
|
||||
if ( ! empty( $_POST['user_login'] ) && ! validate_username( $_POST['user_login'] ) ) {
|
||||
UM()->form()->add_error('user_login', __( 'Your username is invalid', 'ultimate-member' ) );
|
||||
return;
|
||||
}
|
||||
|
||||
if ( isset( $_POST['first_name'] ) && ( strlen( trim( $_POST['first_name'] ) ) == 0 && $account_name_require ) ) {
|
||||
UM()->form()->add_error( 'first_name', __( 'You must provide your first name', 'ultimate-member' ) );
|
||||
}
|
||||
|
||||
if ( isset( $_POST['last_name'] ) && ( strlen( trim( $_POST['last_name'] ) ) == 0 && $account_name_require ) ) {
|
||||
UM()->form()->add_error( 'last_name', __( 'You must provide your last name', 'ultimate-member' ) );
|
||||
}
|
||||
|
||||
if ( isset( $_POST['user_email'] ) ) {
|
||||
|
||||
if ( strlen( trim( $_POST['user_email'] ) ) == 0 ) {
|
||||
UM()->form()->add_error( 'user_email', __( 'You must provide your e-mail', 'ultimate-member' ) );
|
||||
}
|
||||
|
||||
if ( ! is_email( $_POST['user_email'] ) ) {
|
||||
UM()->form()->add_error( 'user_email', __( 'Please provide a valid e-mail', 'ultimate-member' ) );
|
||||
}
|
||||
|
||||
if ( email_exists( $_POST['user_email'] ) && email_exists( $_POST['user_email'] ) != get_current_user_id() ) {
|
||||
UM()->form()->add_error( 'user_email', __( 'Email already linked to another account', 'ultimate-member' ) );
|
||||
}
|
||||
}
|
||||
|
||||
// check account password
|
||||
if ( UM()->account()->current_password_is_required( 'general' ) ) {
|
||||
if ( strlen( trim( $_POST['single_user_password'] ) ) == 0 ) {
|
||||
UM()->form()->add_error('single_user_password', __( 'You must enter your password', 'ultimate-member' ) );
|
||||
} else {
|
||||
if ( ! wp_check_password( $_POST['single_user_password'], $user->data->user_pass, $user->data->ID ) ) {
|
||||
UM()->form()->add_error('single_user_password', __( 'This is not your password', 'ultimate-member' ) );
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
break;
|
||||
}
|
||||
|
||||
default:
|
||||
/**
|
||||
* UM hook
|
||||
*
|
||||
* @type action
|
||||
* @title um_submit_account_{$tab}_tab_errors_hook
|
||||
* @description On submit account current $tab validation
|
||||
* @change_log
|
||||
* ["Since: 2.0"]
|
||||
* @usage add_action( 'um_submit_account_{$tab}_tab_errors_hook', 'function_name', 10 );
|
||||
* @example
|
||||
* <?php
|
||||
* add_action( 'um_submit_account_{$tab}_tab_errors_hook', 'my_submit_account_tab_errors', 10 );
|
||||
* function my_submit_account_tab_errors() {
|
||||
* // your code here
|
||||
* }
|
||||
* ?>
|
||||
*/
|
||||
do_action( 'um_submit_account_' . $_POST['_um_account_tab'] . '_tab_errors_hook' );
|
||||
break;
|
||||
break;
|
||||
}
|
||||
|
||||
UM()->account()->current_tab = $_POST['_um_account_tab'];
|
||||
case 'password': {
|
||||
|
||||
// change password
|
||||
UM()->account()->current_tab = 'password';
|
||||
|
||||
if ( isset( $args['user_password'] ) ) {
|
||||
$args['user_password'] = sanitize_text_field( $args['user_password'] );
|
||||
}
|
||||
|
||||
if ( isset( $args['confirm_user_password'] ) ) {
|
||||
$args['confirm_user_password'] = sanitize_text_field( $args['confirm_user_password'] );
|
||||
}
|
||||
|
||||
if ( empty( $args['user_password'] ) ) {
|
||||
UM()->form()->add_error( 'user_password', __( 'Password is required', 'ultimate-member' ) );
|
||||
return;
|
||||
}
|
||||
|
||||
if ( empty( $args['confirm_user_password'] ) ) {
|
||||
UM()->form()->add_error( 'user_password', __( 'Password confirmation is required', 'ultimate-member' ) );
|
||||
return;
|
||||
}
|
||||
|
||||
if ( ! empty( $args['user_password'] ) && ! empty( $args['confirm_user_password'] ) ) {
|
||||
|
||||
if ( UM()->account()->current_password_is_required( 'password' ) ) {
|
||||
if ( empty( $args['current_user_password'] ) ) {
|
||||
UM()->form()->add_error( 'current_user_password', __( 'This is not your password', 'ultimate-member' ) );
|
||||
return;
|
||||
} else {
|
||||
if ( ! wp_check_password( $args['current_user_password'], $user->data->user_pass, $user->data->ID ) ) {
|
||||
UM()->form()->add_error( 'current_user_password', __( 'This is not your password', 'ultimate-member' ) );
|
||||
return;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if ( $args['user_password'] && $args['user_password'] !== $args['confirm_user_password'] ) {
|
||||
UM()->form()->add_error( 'user_password', __( 'Your new password does not match', 'ultimate-member' ) );
|
||||
return;
|
||||
}
|
||||
|
||||
if ( UM()->options()->get( 'account_require_strongpass' ) ) {
|
||||
if ( strlen( utf8_decode( $args['user_password'] ) ) < 8 ) {
|
||||
UM()->form()->add_error( 'user_password', __( 'Your password must contain at least 8 characters', 'ultimate-member' ) );
|
||||
}
|
||||
|
||||
if ( strlen( utf8_decode( $args['user_password'] ) ) > 30 ) {
|
||||
UM()->form()->add_error( 'user_password', __( 'Your password must contain less than 30 characters', 'ultimate-member' ) );
|
||||
}
|
||||
|
||||
if ( ! UM()->validation()->strong_pass( $args['user_password'] ) ) {
|
||||
UM()->form()->add_error( 'user_password', __( 'Your password must contain at least one lowercase letter, one capital letter and one number', 'ultimate-member' ) );
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
break;
|
||||
}
|
||||
|
||||
case 'account':
|
||||
case 'general': {
|
||||
// errors on general tab
|
||||
$account_name_require = UM()->options()->get( 'account_name_require' );
|
||||
|
||||
if ( isset( $args['user_login'] ) ) {
|
||||
$args['user_login'] = sanitize_text_field( $args['user_login'] );
|
||||
}
|
||||
if ( isset( $args['first_name'] ) ) {
|
||||
$args['first_name'] = sanitize_text_field( $args['first_name'] );
|
||||
}
|
||||
if ( isset( $args['last_name'] ) ) {
|
||||
$args['last_name'] = sanitize_text_field( $args['last_name'] );
|
||||
}
|
||||
if ( isset( $args['user_email'] ) ) {
|
||||
$args['user_email'] = sanitize_email( $args['user_email'] );
|
||||
}
|
||||
if ( isset( $args['single_user_password'] ) ) {
|
||||
$args['single_user_password'] = sanitize_text_field( $args['single_user_password'] );
|
||||
}
|
||||
|
||||
if ( ! empty( $args['user_login'] ) && ! validate_username( $args['user_login'] ) ) {
|
||||
UM()->form()->add_error( 'user_login', __( 'Your username is invalid', 'ultimate-member' ) );
|
||||
return;
|
||||
}
|
||||
|
||||
if ( isset( $args['first_name'] ) && ( strlen( trim( $args['first_name'] ) ) === 0 && $account_name_require ) ) {
|
||||
UM()->form()->add_error( 'first_name', __( 'You must provide your first name', 'ultimate-member' ) );
|
||||
}
|
||||
|
||||
if ( isset( $args['last_name'] ) && ( strlen( trim( $args['last_name'] ) ) === 0 && $account_name_require ) ) {
|
||||
UM()->form()->add_error( 'last_name', __( 'You must provide your last name', 'ultimate-member' ) );
|
||||
}
|
||||
|
||||
if ( isset( $args['user_email'] ) ) {
|
||||
|
||||
if ( strlen( trim( $args['user_email'] ) ) === 0 ) {
|
||||
UM()->form()->add_error( 'user_email', __( 'You must provide your e-mail', 'ultimate-member' ) );
|
||||
}
|
||||
|
||||
if ( ! is_email( $args['user_email'] ) ) {
|
||||
UM()->form()->add_error( 'user_email', __( 'Please provide a valid e-mail', 'ultimate-member' ) );
|
||||
}
|
||||
|
||||
if ( email_exists( $args['user_email'] ) && email_exists( $args['user_email'] ) !== get_current_user_id() ) {
|
||||
UM()->form()->add_error( 'user_email', __( 'Email already linked to another account', 'ultimate-member' ) );
|
||||
}
|
||||
}
|
||||
|
||||
// check account password
|
||||
if ( UM()->account()->current_password_is_required( 'general' ) ) {
|
||||
if ( strlen( trim( $args['single_user_password'] ) ) === 0 ) {
|
||||
UM()->form()->add_error( 'single_user_password', __( 'You must enter your password', 'ultimate-member' ) );
|
||||
} else {
|
||||
if ( ! wp_check_password( $args['single_user_password'], $user->data->user_pass, $user->data->ID ) ) {
|
||||
UM()->form()->add_error( 'single_user_password', __( 'This is not your password', 'ultimate-member' ) );
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
break;
|
||||
}
|
||||
|
||||
default:
|
||||
/**
|
||||
* UM hook
|
||||
*
|
||||
* @type action
|
||||
* @title um_submit_account_{$tab}_tab_errors_hook
|
||||
* @description On submit account current $tab validation
|
||||
* @change_log
|
||||
* ["Since: 2.0"]
|
||||
* @usage add_action( 'um_submit_account_{$tab}_tab_errors_hook', 'function_name', 10 );
|
||||
* @example
|
||||
* <?php
|
||||
* add_action( 'um_submit_account_{$tab}_tab_errors_hook', 'my_submit_account_tab_errors', 10 );
|
||||
* function my_submit_account_tab_errors() {
|
||||
* // your code here
|
||||
* }
|
||||
* ?>
|
||||
*/
|
||||
do_action( 'um_submit_account_' . $tab . '_tab_errors_hook' );
|
||||
break;
|
||||
}
|
||||
|
||||
UM()->account()->current_tab = $tab;
|
||||
}
|
||||
add_action( 'um_submit_account_errors_hook', 'um_submit_account_errors_hook' );
|
||||
|
||||
@@ -172,16 +195,16 @@ add_action( 'um_submit_account_errors_hook', 'um_submit_account_errors_hook' );
|
||||
* @param $args
|
||||
*/
|
||||
function um_submit_account_details( $args ) {
|
||||
$tab = ( get_query_var('um_tab') ) ? get_query_var('um_tab') : 'general';
|
||||
$tab = ( get_query_var( 'um_tab' ) ) ? get_query_var( 'um_tab' ) : 'general';
|
||||
|
||||
$current_tab = isset( $_POST['_um_account_tab'] ) ? $_POST['_um_account_tab']: '';
|
||||
$current_tab = isset( $args['_um_account_tab'] ) ? sanitize_key( $args['_um_account_tab'] ) : '';
|
||||
|
||||
$user_id = um_user('ID');
|
||||
$user_id = um_user( 'ID' );
|
||||
|
||||
//change password account's tab
|
||||
if ( 'password' == $current_tab && $_POST['user_password'] && $_POST['confirm_user_password'] ) {
|
||||
if ( 'password' === $current_tab && $args['user_password'] && $args['confirm_user_password'] ) {
|
||||
|
||||
$changes['user_pass'] = $_POST['user_password'];
|
||||
$changes['user_pass'] = sanitize_text_field( $args['user_password'] );
|
||||
|
||||
$args['user_id'] = $user_id;
|
||||
|
||||
@@ -195,16 +218,20 @@ function um_submit_account_details( $args ) {
|
||||
|
||||
wp_set_password( $changes['user_pass'], $user_id );
|
||||
|
||||
wp_signon( array( 'user_login' => um_user( 'user_login' ), 'user_password' => $changes['user_pass'] ) );
|
||||
wp_signon(
|
||||
array(
|
||||
'user_login' => um_user( 'user_login' ),
|
||||
'user_password' => $changes['user_pass'],
|
||||
)
|
||||
);
|
||||
}
|
||||
|
||||
|
||||
// delete account
|
||||
if ( 'delete' == $current_tab ) {
|
||||
if ( 'delete' === $current_tab ) {
|
||||
if ( current_user_can( 'delete_users' ) || um_user( 'can_delete_profile' ) ) {
|
||||
UM()->user()->delete();
|
||||
|
||||
if ( um_user( 'after_delete' ) && um_user( 'after_delete' ) == 'redirect_home' ) {
|
||||
if ( um_user( 'after_delete' ) && um_user( 'after_delete' ) === 'redirect_home' ) {
|
||||
um_redirect_home();
|
||||
} elseif ( um_user( 'delete_redirect_url' ) ) {
|
||||
/**
|
||||
@@ -271,26 +298,40 @@ function um_submit_account_details( $args ) {
|
||||
}
|
||||
|
||||
$changes = array();
|
||||
foreach ( $_POST as $k => $v ) {
|
||||
if ( ! in_array( $k, $arr_fields ) ) {
|
||||
foreach ( $args as $k => $v ) {
|
||||
if ( ! in_array( $k, $arr_fields, true ) ) {
|
||||
continue;
|
||||
}
|
||||
|
||||
if ( $k == 'single_user_password' ) {
|
||||
if ( 'single_user_password' === $k ) {
|
||||
continue;
|
||||
}
|
||||
|
||||
if ( 'user_login' === $k ) {
|
||||
$v = sanitize_user( $v );
|
||||
} elseif ( 'first_name' === $k ) {
|
||||
$v = sanitize_text_field( $v );
|
||||
} elseif ( 'last_name' === $k ) {
|
||||
$v = sanitize_text_field( $v );
|
||||
} elseif ( 'user_email' === $k ) {
|
||||
$v = sanitize_email( $v );
|
||||
} elseif ( 'user_password' === $k ) {
|
||||
$v = sanitize_text_field( $v );
|
||||
} elseif ( 'hide_in_members' === $k ) {
|
||||
$v = array_map( 'sanitize_text_field', $v );
|
||||
}
|
||||
|
||||
$changes[ $k ] = $v;
|
||||
}
|
||||
|
||||
if ( isset( $changes['hide_in_members'] ) ) {
|
||||
if ( UM()->member_directory()->get_hide_in_members_default() ) {
|
||||
if ( $changes['hide_in_members'] == __( 'Yes', 'ultimate-member' ) || $changes['hide_in_members'] == 'Yes' || array_intersect( array( 'Yes', __( 'Yes', 'ultimate-member' ) ), $changes['hide_in_members'] ) ) {
|
||||
if ( __( 'Yes', 'ultimate-member' ) === $changes['hide_in_members'] || 'Yes' === $changes['hide_in_members'] || array_intersect( array( 'Yes', __( 'Yes', 'ultimate-member' ) ), $changes['hide_in_members'] ) ) {
|
||||
delete_user_meta( $user_id, 'hide_in_members' );
|
||||
unset( $changes['hide_in_members'] );
|
||||
}
|
||||
} else {
|
||||
if ( $changes['hide_in_members'] == __( 'No', 'ultimate-member' ) || $changes['hide_in_members'] == 'No' || array_intersect( array( 'No', __( 'No', 'ultimate-member' ) ), $changes['hide_in_members'] ) ) {
|
||||
if ( __( 'No', 'ultimate-member' ) === $changes['hide_in_members'] || 'No' === $changes['hide_in_members'] || array_intersect( array( 'No', __( 'No', 'ultimate-member' ) ), $changes['hide_in_members'] ) ) {
|
||||
delete_user_meta( $user_id, 'hide_in_members' );
|
||||
unset( $changes['hide_in_members'] );
|
||||
}
|
||||
@@ -667,19 +708,20 @@ function um_request_user_data() {
|
||||
wp_send_json_error( __( 'Wrong request.', 'ultimate-member' ) );
|
||||
}
|
||||
|
||||
$user_id = get_current_user_id();
|
||||
$password = ! empty( $_POST['password'] ) ? $_POST['password'] : '';
|
||||
$user = get_userdata( $user_id );
|
||||
$hash = $user->data->user_pass;
|
||||
$user_id = get_current_user_id();
|
||||
$password = ! empty( $_POST['password'] ) ? sanitize_text_field( $_POST['password'] ) : '';
|
||||
$user = get_userdata( $user_id );
|
||||
$hash = $user->data->user_pass;
|
||||
$request_action = sanitize_key( $_POST['request_action'] );
|
||||
|
||||
if ( $_POST['request_action'] == 'um-export-data' ) {
|
||||
if ( 'um-export-data' === $request_action ) {
|
||||
if ( UM()->account()->current_password_is_required( 'privacy_download_data' ) ) {
|
||||
if ( ! wp_check_password( $password, $hash ) ) {
|
||||
$answer = esc_html__( 'The password you entered is incorrect.', 'ultimate-member' );
|
||||
wp_send_json_success( array( 'answer' => $answer ) );
|
||||
}
|
||||
}
|
||||
} elseif ( $_POST['request_action'] == 'um-erase-data' ) {
|
||||
} elseif ( 'um-erase-data' === $request_action ) {
|
||||
if ( UM()->account()->current_password_is_required( 'privacy_erase_data' ) ) {
|
||||
if ( ! wp_check_password( $password, $hash ) ) {
|
||||
$answer = esc_html__( 'The password you entered is incorrect.', 'ultimate-member' );
|
||||
@@ -688,13 +730,13 @@ function um_request_user_data() {
|
||||
}
|
||||
}
|
||||
|
||||
if ( $_POST['request_action'] == 'um-export-data' ) {
|
||||
if ( 'um-export-data' === $request_action ) {
|
||||
$request_id = wp_create_user_request( $user->data->user_email, 'export_personal_data' );
|
||||
} elseif ( $_POST['request_action'] == 'um-erase-data' ) {
|
||||
} elseif ( 'um-erase-data' === $request_action ) {
|
||||
$request_id = wp_create_user_request( $user->data->user_email, 'remove_personal_data' );
|
||||
}
|
||||
|
||||
if ( ! isset( $request_id ) || empty( $request_id ) ) {
|
||||
if ( ! isset( $request_id ) || empty( $request_id ) ) {
|
||||
wp_send_json_error( __( 'Wrong request.', 'ultimate-member' ) );
|
||||
}
|
||||
|
||||
@@ -707,4 +749,4 @@ function um_request_user_data() {
|
||||
|
||||
wp_send_json_success( array( 'answer' => $answer ) );
|
||||
}
|
||||
add_action( 'wp_ajax_um_request_user_data', 'um_request_user_data' );
|
||||
add_action( 'wp_ajax_um_request_user_data', 'um_request_user_data' );
|
||||
|
||||
@@ -10,7 +10,7 @@ if ( ! defined( 'ABSPATH' ) ) exit;
|
||||
function ultimatemember_check_username_exists() {
|
||||
UM()->check_ajax_nonce();
|
||||
|
||||
$username = isset( $_REQUEST['username'] ) ? $_REQUEST['username'] : '';
|
||||
$username = isset( $_REQUEST['username'] ) ? sanitize_user( $_REQUEST['username'] ) : '';
|
||||
$exists = username_exists( $username );
|
||||
|
||||
/**
|
||||
@@ -46,4 +46,4 @@ function ultimatemember_check_username_exists() {
|
||||
die();
|
||||
}
|
||||
add_action('wp_ajax_nopriv_ultimatemember_check_username_exists', 'ultimatemember_check_username_exists');
|
||||
add_action('wp_ajax_ultimatemember_check_username_exists', 'ultimatemember_check_username_exists');
|
||||
add_action('wp_ajax_ultimatemember_check_username_exists', 'ultimatemember_check_username_exists');
|
||||
|
||||
@@ -1,5 +1,6 @@
|
||||
<?php if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
|
||||
|
||||
<?php if ( ! defined( 'ABSPATH' ) ) {
|
||||
exit;
|
||||
}
|
||||
|
||||
/**
|
||||
* Processes the requests of UM actions
|
||||
@@ -18,29 +19,25 @@ function um_action_request_process() {
|
||||
return;
|
||||
}
|
||||
|
||||
if ( isset( $_REQUEST['uid'] ) && ! UM()->user()->user_exists_by_id( absint( $_REQUEST['uid'] ) ) ) {
|
||||
return;
|
||||
}
|
||||
|
||||
if ( isset( $_REQUEST['uid'] ) ) {
|
||||
if ( is_super_admin( $_REQUEST['uid'] ) ) {
|
||||
wp_die( __( 'Super administrators can not be modified.', 'ultimate-member' ) );
|
||||
}
|
||||
}
|
||||
|
||||
// if ( isset( $_REQUEST['um_action'] ) && $_REQUEST['um_action'] != "edit" && ! current_user_can( 'edit_users' ) ) {
|
||||
// wp_die( __( 'You do not have enough permissions to do that.','ultimate-member') );
|
||||
// }
|
||||
$action = sanitize_key( $_REQUEST['um_action'] );
|
||||
|
||||
$uid = 0;
|
||||
if ( isset( $_REQUEST['uid'] ) ) {
|
||||
$uid = absint( $_REQUEST['uid'] );
|
||||
}
|
||||
|
||||
$role = get_role( UM()->roles()->get_priority_user_role( get_current_user_id() ) );
|
||||
if ( ! empty( $uid ) && ! UM()->user()->user_exists_by_id( $uid ) ) {
|
||||
return;
|
||||
}
|
||||
|
||||
if ( ! empty( $uid ) && is_super_admin( $uid ) ) {
|
||||
wp_die( esc_html__( 'Super administrators can not be modified.', 'ultimate-member' ) );
|
||||
}
|
||||
|
||||
$role = get_role( UM()->roles()->get_priority_user_role( get_current_user_id() ) );
|
||||
$can_edit_users = current_user_can( 'edit_users' ) && $role->has_cap( 'edit_users' );
|
||||
|
||||
switch ( $_REQUEST['um_action'] ) {
|
||||
switch ( $action ) {
|
||||
default:
|
||||
/**
|
||||
* UM hook
|
||||
@@ -62,7 +59,7 @@ function um_action_request_process() {
|
||||
* }
|
||||
* ?>
|
||||
*/
|
||||
do_action( 'um_action_user_request_hook', $_REQUEST['um_action'], $uid );
|
||||
do_action( 'um_action_user_request_hook', $action, $uid );
|
||||
break;
|
||||
|
||||
case 'edit':
|
||||
@@ -89,7 +86,7 @@ function um_action_request_process() {
|
||||
|
||||
case 'um_reject_membership':
|
||||
if ( ! $can_edit_users ) {
|
||||
wp_die( __( 'You do not have permission to make this action.', 'ultimate-member' ) );
|
||||
wp_die( esc_html__( 'You do not have permission to make this action.', 'ultimate-member' ) );
|
||||
}
|
||||
|
||||
um_fetch_user( $uid );
|
||||
@@ -100,7 +97,7 @@ function um_action_request_process() {
|
||||
case 'um_approve_membership':
|
||||
case 'um_reenable':
|
||||
if ( ! $can_edit_users ) {
|
||||
wp_die( __( 'You do not have permission to make this action.', 'ultimate-member' ) );
|
||||
wp_die( esc_html__( 'You do not have permission to make this action.', 'ultimate-member' ) );
|
||||
}
|
||||
|
||||
add_filter( 'um_template_tags_patterns_hook', array( UM()->password(), 'add_placeholder' ), 10, 1 );
|
||||
@@ -113,7 +110,7 @@ function um_action_request_process() {
|
||||
|
||||
case 'um_put_as_pending':
|
||||
if ( ! $can_edit_users ) {
|
||||
wp_die( __( 'You do not have permission to make this action.', 'ultimate-member' ) );
|
||||
wp_die( esc_html__( 'You do not have permission to make this action.', 'ultimate-member' ) );
|
||||
}
|
||||
|
||||
um_fetch_user( $uid );
|
||||
@@ -123,7 +120,7 @@ function um_action_request_process() {
|
||||
|
||||
case 'um_resend_activation':
|
||||
if ( ! $can_edit_users ) {
|
||||
wp_die( __( 'You do not have permission to make this action.', 'ultimate-member' ) );
|
||||
wp_die( esc_html__( 'You do not have permission to make this action.', 'ultimate-member' ) );
|
||||
}
|
||||
|
||||
add_filter( 'um_template_tags_patterns_hook', array( UM()->user(), 'add_activation_placeholder' ), 10, 1 );
|
||||
@@ -136,7 +133,7 @@ function um_action_request_process() {
|
||||
|
||||
case 'um_deactivate':
|
||||
if ( ! $can_edit_users ) {
|
||||
wp_die( __( 'You do not have permission to make this action.', 'ultimate-member' ) );
|
||||
wp_die( esc_html__( 'You do not have permission to make this action.', 'ultimate-member' ) );
|
||||
}
|
||||
|
||||
um_fetch_user( $uid );
|
||||
@@ -146,7 +143,7 @@ function um_action_request_process() {
|
||||
|
||||
case 'um_delete':
|
||||
if ( ! UM()->roles()->um_current_user_can( 'delete', $uid ) ) {
|
||||
wp_die( __( 'You do not have permission to delete this user.', 'ultimate-member' ) );
|
||||
wp_die( esc_html__( 'You do not have permission to delete this user.', 'ultimate-member' ) );
|
||||
}
|
||||
|
||||
um_fetch_user( $uid );
|
||||
@@ -156,4 +153,4 @@ function um_action_request_process() {
|
||||
|
||||
}
|
||||
}
|
||||
add_action( 'template_redirect', 'um_action_request_process', 10000 );
|
||||
add_action( 'template_redirect', 'um_action_request_process', 10000 );
|
||||
|
||||
@@ -127,7 +127,7 @@ function um_submit_form_errors_hook_logincheck( $args ) {
|
||||
um_fetch_user( $user_id );
|
||||
|
||||
$status = um_user( 'account_status' ); // account status
|
||||
switch( $status ) {
|
||||
switch ( $status ) {
|
||||
|
||||
// If user can't login to site...
|
||||
case 'inactive':
|
||||
@@ -135,7 +135,7 @@ function um_submit_form_errors_hook_logincheck( $args ) {
|
||||
case 'awaiting_email_confirmation':
|
||||
case 'rejected':
|
||||
um_reset_user();
|
||||
exit( wp_redirect( add_query_arg( 'err', esc_attr( $status ), UM()->permalinks()->get_current_url() ) ) );
|
||||
exit( wp_redirect( add_query_arg( 'err', esc_attr( $status ), UM()->permalinks()->get_current_url() ) ) );
|
||||
break;
|
||||
|
||||
}
|
||||
@@ -183,10 +183,10 @@ add_action( 'wp_login', 'um_store_lastlogin_timestamp_' );
|
||||
function um_user_login( $args ) {
|
||||
extract( $args );
|
||||
|
||||
$rememberme = ( isset( $args['rememberme'] ) && 1 == $args['rememberme'] && isset( $_REQUEST['rememberme'] ) ) ? 1 : 0;
|
||||
$rememberme = ( isset( $args['rememberme'] ) && 1 == $args['rememberme'] && isset( $_REQUEST['rememberme'] ) ) ? 1 : 0;
|
||||
|
||||
if ( ( UM()->options()->get( 'deny_admin_frontend_login' ) && ! isset( $_GET['provider'] ) ) && strrpos( um_user('wp_roles' ), 'administrator' ) !== false ) {
|
||||
wp_die( __( 'This action has been prevented for security measures.', 'ultimate-member' ) );
|
||||
wp_die( esc_html__( 'This action has been prevented for security measures.', 'ultimate-member' ) );
|
||||
}
|
||||
|
||||
UM()->user()->auto_login( um_user( 'ID' ), $rememberme );
|
||||
@@ -475,4 +475,4 @@ add_action( 'um_after_login_fields', 'um_after_login_submit', 1001 );
|
||||
function um_add_login_fields( $args ) {
|
||||
echo UM()->fields()->display( 'login', $args );
|
||||
}
|
||||
add_action( 'um_main_login_fields', 'um_add_login_fields', 100 );
|
||||
add_action( 'um_main_login_fields', 'um_add_login_fields', 100 );
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
<?php
|
||||
// Exit if accessed directly
|
||||
if ( ! defined( 'ABSPATH' ) ) exit;
|
||||
<?php if ( ! defined( 'ABSPATH' ) ) {
|
||||
exit;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
@@ -13,7 +13,7 @@ function um_browser_url_redirect_to( $args ) {
|
||||
|
||||
if ( ! empty( $_REQUEST['redirect_to'] ) ) {
|
||||
|
||||
$url = $_REQUEST['redirect_to'];
|
||||
$url = esc_url_raw( $_REQUEST['redirect_to'] );
|
||||
|
||||
} elseif ( ! empty( $args['after_login'] ) ) {
|
||||
|
||||
@@ -75,12 +75,12 @@ add_action( 'um_after_form_fields', 'um_browser_url_redirect_to' );
|
||||
function um_add_update_notice( $args ) {
|
||||
extract( $args );
|
||||
|
||||
$output = '';
|
||||
$err = '';
|
||||
$output = '';
|
||||
$err = '';
|
||||
$success = '';
|
||||
|
||||
if ( ! empty( $_REQUEST['updated'] ) && ! UM()->form()->errors ) {
|
||||
switch ( $_REQUEST['updated'] ) {
|
||||
switch ( sanitize_key( $_REQUEST['updated'] ) ) {
|
||||
default:
|
||||
/**
|
||||
* UM hook
|
||||
@@ -104,7 +104,7 @@ function um_add_update_notice( $args ) {
|
||||
* }
|
||||
* ?>
|
||||
*/
|
||||
$success = apply_filters( 'um_custom_success_message_handler', $success, $_REQUEST['updated'] );
|
||||
$success = apply_filters( 'um_custom_success_message_handler', $success, sanitize_key( $_REQUEST['updated'] ) );
|
||||
break;
|
||||
|
||||
case 'account':
|
||||
@@ -123,7 +123,7 @@ function um_add_update_notice( $args ) {
|
||||
}
|
||||
|
||||
if ( ! empty( $_REQUEST['err'] ) && ! UM()->form()->errors ) {
|
||||
switch( $_REQUEST['err'] ) {
|
||||
switch( sanitize_key( $_REQUEST['err'] ) ) {
|
||||
|
||||
default:
|
||||
/**
|
||||
@@ -148,7 +148,7 @@ function um_add_update_notice( $args ) {
|
||||
* }
|
||||
* ?>
|
||||
*/
|
||||
$err = apply_filters( 'um_custom_error_message_handler', $err, $_REQUEST['err'] );
|
||||
$err = apply_filters( 'um_custom_error_message_handler', $err, sanitize_key( $_REQUEST['err'] ) );
|
||||
if ( ! $err ) {
|
||||
$err = __( 'An error has been encountered', 'ultimate-member' );
|
||||
}
|
||||
@@ -203,4 +203,4 @@ function um_add_update_notice( $args ) {
|
||||
|
||||
echo $output;
|
||||
}
|
||||
add_action( 'um_before_form', 'um_add_update_notice', 500 );
|
||||
add_action( 'um_before_form', 'um_add_update_notice', 500 );
|
||||
|
||||
@@ -168,16 +168,16 @@ function um_profile_content_main( $args ) {
|
||||
*/
|
||||
do_action( 'um_after_form', $args );
|
||||
|
||||
} else { ?>
|
||||
|
||||
} else {
|
||||
?>
|
||||
<div class="um-profile-note">
|
||||
<span>
|
||||
<i class="um-faicon-lock"></i>
|
||||
<?php echo $can_view; ?>
|
||||
</span>
|
||||
</div>
|
||||
|
||||
<?php }
|
||||
<?php
|
||||
}
|
||||
}
|
||||
add_action( 'um_profile_content_main', 'um_profile_content_main' );
|
||||
|
||||
@@ -1732,4 +1732,4 @@ function um_profile_menu( $args ) {
|
||||
}
|
||||
|
||||
}
|
||||
add_action( 'um_profile_menu', 'um_profile_menu', 9 );
|
||||
add_action( 'um_profile_menu', 'um_profile_menu', 9 );
|
||||
|
||||
@@ -1,13 +1,12 @@
|
||||
<?php
|
||||
// Exit if accessed directly
|
||||
if ( ! defined( 'ABSPATH' ) ) exit;
|
||||
<?php if ( ! defined( 'ABSPATH' ) ) {
|
||||
exit;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Checks if user can access the backend
|
||||
*/
|
||||
function um_block_wpadmin_by_user_role() {
|
||||
|
||||
global $pagenow;
|
||||
|
||||
if ( is_admin() && ! defined( 'DOING_AJAX' ) ) {
|
||||
@@ -49,4 +48,4 @@ add_filter( 'show_admin_bar', 'um_control_admin_bar', 9999, 1 );
|
||||
function um_force_admin_bar() {
|
||||
um_reset_user();
|
||||
}
|
||||
add_action( 'wp_footer', 'um_force_admin_bar' );
|
||||
add_action( 'wp_footer', 'um_force_admin_bar' );
|
||||
|
||||
@@ -1,4 +1,6 @@
|
||||
<?php if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
|
||||
<?php if ( ! defined( 'ABSPATH' ) ) {
|
||||
exit;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
@@ -55,7 +57,7 @@ function um_profile_field_filter_hook__youtube_video( $value, $data ) {
|
||||
if ( empty( $value ) ) {
|
||||
return '';
|
||||
}
|
||||
$value = ( strstr( $value, 'http') || strstr( $value, '://' ) ) ? um_youtube_id_from_url( $value ) : $value;
|
||||
$value = ( strstr( $value, 'http' ) || strstr( $value, '://' ) ) ? um_youtube_id_from_url( $value ) : $value;
|
||||
$value = '<div class="um-youtube">
|
||||
<iframe width="600" height="450" src="https://www.youtube.com/embed/' . $value . '" frameborder="0" allowfullscreen></iframe>
|
||||
</div>';
|
||||
@@ -78,9 +80,9 @@ function um_profile_field_filter_hook__vimeo_video( $value, $data ) {
|
||||
return '';
|
||||
}
|
||||
|
||||
$value = ( !is_numeric( $value ) ) ? (int) substr(parse_url($value, PHP_URL_PATH), 1) : $value;
|
||||
$value = ! is_numeric( $value ) ? (int) substr( parse_url( $value, PHP_URL_PATH ), 1 ) : $value;
|
||||
$value = '<div class="um-vimeo">
|
||||
<iframe src="https://player.vimeo.com/video/'. $value . '" width="600" height="450" frameborder="0" webkitallowfullscreen mozallowfullscreen allowfullscreen></iframe>
|
||||
<iframe src="https://player.vimeo.com/video/' . $value . '" width="600" height="450" frameborder="0" webkitallowfullscreen mozallowfullscreen allowfullscreen></iframe>
|
||||
</div>';
|
||||
return $value;
|
||||
}
|
||||
@@ -341,10 +343,10 @@ function um_profile_field_filter_hook__( $value, $data, $type = '' ) {
|
||||
return '';
|
||||
}
|
||||
|
||||
if ( ( isset( $data['validate'] ) && $data['validate'] != '' && strstr( $data['validate'], 'url' ) ) || ( isset( $data['type'] ) && $data['type'] == 'url' ) ) {
|
||||
if ( ( isset( $data['validate'] ) && $data['validate'] !== '' && strstr( $data['validate'], 'url' ) ) || ( isset( $data['type'] ) && $data['type'] == 'url' ) ) {
|
||||
$alt = ( isset( $data['url_text'] ) && !empty( $data['url_text'] ) ) ? $data['url_text'] : $value;
|
||||
$url_rel = ( isset( $data['url_rel'] ) && $data['url_rel'] == 'nofollow' ) ? 'rel="nofollow"' : '';
|
||||
if( !strstr( $value, 'http' )
|
||||
if ( ! strstr( $value, 'http' )
|
||||
&& !strstr( $value, '://' )
|
||||
&& !strstr( $value, 'www.' )
|
||||
&& !strstr( $value, '.com' )
|
||||
@@ -363,13 +365,9 @@ function um_profile_field_filter_hook__( $value, $data, $type = '' ) {
|
||||
}
|
||||
|
||||
|
||||
if ( isset( $data['validate'] ) && $data['validate'] == 'skype' ) {
|
||||
if ( ! ( isset( $data['validate'] ) && $data['validate'] == 'skype' ) ) {
|
||||
|
||||
$value = $value;
|
||||
|
||||
} else {
|
||||
|
||||
if ( strpos($value, 'http://') !== 0 ) {
|
||||
if ( strpos( $value, 'http://' ) !== 0 ) {
|
||||
$value = 'http://' . $value;
|
||||
}
|
||||
$data['url_target'] = ( isset( $data['url_target'] ) ) ? $data['url_target'] : '_blank';
|
||||
@@ -456,7 +454,7 @@ function um_get_custom_field_array( $array, $fields ) {
|
||||
$condition_metakey = $fields[ $value[1] ]['metakey'];
|
||||
|
||||
if ( isset( $_POST[ $condition_metakey ] ) ) {
|
||||
$cond_value = ( $fields[ $value[1] ]['type'] == 'radio' ) ? $_POST[ $condition_metakey ][0] : $_POST[ $condition_metakey ];
|
||||
$cond_value = ( $fields[ $value[1] ]['type'] === 'radio' ) ? $_POST[ $condition_metakey ][0] : $_POST[ $condition_metakey ];
|
||||
list( $visibility, $parent_key, $op, $parent_value ) = $value;
|
||||
|
||||
if ( $visibility == 'hide' ) {
|
||||
@@ -849,4 +847,4 @@ function um_edit_url_field_value( $value, $key ) {
|
||||
$value = esc_attr( $value );
|
||||
return $value;
|
||||
}
|
||||
add_filter( 'um_edit_url_field_value', 'um_edit_url_field_value', 10, 2 );
|
||||
add_filter( 'um_edit_url_field_value', 'um_edit_url_field_value', 10, 2 );
|
||||
|
||||
@@ -1,4 +1,6 @@
|
||||
<?php if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
|
||||
<?php if ( ! defined( 'ABSPATH' ) ) {
|
||||
exit;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
@@ -10,16 +12,18 @@
|
||||
*/
|
||||
function um_whitelisted_wpadmin_access( $allowed ) {
|
||||
$ips = UM()->options()->get( 'wpadmin_allow_ips' );
|
||||
|
||||
if ( !$ips )
|
||||
|
||||
if ( ! $ips ) {
|
||||
return $allowed;
|
||||
|
||||
$ips = array_map("rtrim", explode("\n", $ips));
|
||||
}
|
||||
|
||||
$ips = array_map( 'rtrim', explode( "\n", $ips ) );
|
||||
$user_ip = um_user_ip();
|
||||
|
||||
if ( in_array( $user_ip, $ips ) )
|
||||
if ( in_array( $user_ip, $ips, true ) ) {
|
||||
$allowed = 1;
|
||||
|
||||
}
|
||||
|
||||
return $allowed;
|
||||
}
|
||||
add_filter( 'um_whitelisted_wpadmin_access', 'um_whitelisted_wpadmin_access' );
|
||||
@@ -35,7 +39,7 @@ add_filter( 'um_whitelisted_wpadmin_access', 'um_whitelisted_wpadmin_access' );
|
||||
function um_custom_wp_err_messages( $message ) {
|
||||
|
||||
if ( ! empty( $_REQUEST['err'] ) ) {
|
||||
switch( $_REQUEST['err'] ) {
|
||||
switch ( sanitize_key( $_REQUEST['err'] ) ) {
|
||||
case 'blocked_email':
|
||||
$err = __( 'This email address has been blocked.', 'ultimate-member' );
|
||||
break;
|
||||
@@ -126,4 +130,4 @@ function um_lostpassword_url( $lostpassword_url ) {
|
||||
|
||||
return $lostpassword_url;
|
||||
}
|
||||
add_filter( 'lostpassword_url', 'um_lostpassword_url', 10, 1 );
|
||||
add_filter( 'lostpassword_url', 'um_lostpassword_url', 10, 1 );
|
||||
|
||||
Reference in New Issue
Block a user