- intermediate results with sanitizing form handlers;

This commit is contained in:
Nikita Sinelnikov
2021-06-29 02:51:54 +03:00
parent 23d1b982a4
commit 07e664be80
63 changed files with 4337 additions and 2812 deletions
+10 -10
View File
@@ -347,8 +347,8 @@ if ( ! class_exists( 'um\core\User' ) ) {
}
if ( ! empty( $_POST['um-role'] ) && current_user_can( 'promote_users' ) ) {
if ( ! user_can( $user_id, $_POST['um-role'] ) ) {
UM()->roles()->set_role( $user_id, $_POST['um-role'] );
if ( ! user_can( $user_id, sanitize_key( $_POST['um-role'] ) ) ) {
UM()->roles()->set_role( $user_id, sanitize_key( $_POST['um-role'] ) );
}
}
@@ -368,8 +368,8 @@ if ( ! class_exists( 'um\core\User' ) ) {
}
if ( ! empty( $_POST['um-role'] ) && current_user_can( 'promote_users' ) ) {
if ( ! user_can( $user_id, $_POST['um-role'] ) ) {
UM()->roles()->set_role( $user_id, $_POST['um-role'] );
if ( ! user_can( $user_id, sanitize_key( $_POST['um-role'] ) ) ) {
UM()->roles()->set_role( $user_id, sanitize_key( $_POST['um-role'] ) );
}
}
@@ -383,7 +383,7 @@ if ( ! class_exists( 'um\core\User' ) ) {
function get_pending_users_count() {
$cached_users_queue = get_option( 'um_cached_users_queue' );
if ( $cached_users_queue > 0 && ! isset( $_REQUEST['delete_count'] ) ){
if ( $cached_users_queue > 0 && ! isset( $_REQUEST['delete_count'] ) ) {
return $cached_users_queue;
}
@@ -592,8 +592,8 @@ if ( ! class_exists( 'um\core\User' ) ) {
//if there custom 2 role not empty
if ( ! empty( $_POST['um-role'] ) && current_user_can( 'promote_users' ) ) {
$user = get_userdata( $user_id );
$user->add_role( $_POST['um-role'] );
UM()->user()->profile['role'] = $_POST['um-role'];
$user->add_role( sanitize_key( $_POST['um-role'] ) );
UM()->user()->profile['role'] = sanitize_key( $_POST['um-role'] );
UM()->user()->update_usermeta_info( 'role' );
}
@@ -641,9 +641,9 @@ if ( ! class_exists( 'um\core\User' ) ) {
if ( is_admin() ) {
if ( ! empty( $_POST['um-role'] ) && current_user_can( 'promote_users' ) ) {
$new_roles = array_merge( $new_roles, array( $_POST['um-role'] ) );
if ( ! user_can( $user_id, $_POST['um-role'] ) ) {
UM()->roles()->set_role( $user_id, $_POST['um-role'] );
$new_roles = array_merge( $new_roles, array( sanitize_key( $_POST['um-role'] ) ) );
if ( ! user_can( $user_id, sanitize_key( $_POST['um-role'] ) ) ) {
UM()->roles()->set_role( $user_id, sanitize_key( $_POST['um-role'] ) );
}
}
}