mirror of
https://github.com/10h30/ultimatemember.git
synced 2026-07-13 11:46:27 +09:00
- sanitizing variables in wp-admin classes;
This commit is contained in:
@@ -183,16 +183,20 @@ if ( ! class_exists( 'um\admin\Admin' ) ) {
|
||||
* @param $action
|
||||
*/
|
||||
function duplicate_form( $action ) {
|
||||
if ( ! is_admin() || ! current_user_can('manage_options') ) die();
|
||||
if ( ! isset( $_REQUEST['post_id'] ) || ! is_numeric( $_REQUEST['post_id'] ) ) die();
|
||||
if ( ! is_admin() || ! current_user_can('manage_options') ) {
|
||||
die();
|
||||
}
|
||||
if ( ! isset( $_REQUEST['post_id'] ) || ! is_numeric( $_REQUEST['post_id'] ) ) {
|
||||
die();
|
||||
}
|
||||
|
||||
$post_id = $_REQUEST['post_id'];
|
||||
$post_id = absint( $_REQUEST['post_id'] );
|
||||
|
||||
$n = array(
|
||||
'post_type' => 'um_form',
|
||||
'post_title' => sprintf( __( 'Duplicate of %s', 'ultimate-member' ), get_the_title( $post_id ) ),
|
||||
'post_status' => 'publish',
|
||||
'post_author' => get_current_user_id(),
|
||||
'post_type' => 'um_form',
|
||||
'post_title' => sprintf( __( 'Duplicate of %s', 'ultimate-member' ), get_the_title( $post_id ) ),
|
||||
'post_status' => 'publish',
|
||||
'post_author' => get_current_user_id(),
|
||||
);
|
||||
|
||||
$n_id = wp_insert_post( $n );
|
||||
@@ -210,10 +214,10 @@ if ( ! class_exists( 'um\admin\Admin' ) ) {
|
||||
|
||||
}
|
||||
|
||||
delete_post_meta($n_id, '_um_core');
|
||||
delete_post_meta( $n_id, '_um_core' );
|
||||
|
||||
$url = admin_url('edit.php?post_type=um_form');
|
||||
$url = add_query_arg('update','form_duplicated',$url);
|
||||
$url = admin_url( 'edit.php?post_type=um_form' );
|
||||
$url = add_query_arg( 'update', 'form_duplicated', $url );
|
||||
|
||||
exit( wp_redirect( $url ) );
|
||||
|
||||
@@ -241,13 +245,19 @@ if ( ! class_exists( 'um\admin\Admin' ) ) {
|
||||
* @param $action
|
||||
*/
|
||||
function user_action( $action ) {
|
||||
if ( !is_admin() || !current_user_can( 'edit_users' ) ) die();
|
||||
if ( !isset( $_REQUEST['sub'] ) ) die();
|
||||
if ( !isset($_REQUEST['user_id']) ) die();
|
||||
if ( ! is_admin() || ! current_user_can( 'edit_users' ) ) {
|
||||
die();
|
||||
}
|
||||
if ( ! isset( $_REQUEST['sub'] ) ) {
|
||||
die();
|
||||
}
|
||||
if ( ! isset( $_REQUEST['user_id'] ) ) {
|
||||
die();
|
||||
}
|
||||
|
||||
um_fetch_user( $_REQUEST['user_id'] );
|
||||
um_fetch_user( absint( $_REQUEST['user_id'] ) );
|
||||
|
||||
$subaction = $_REQUEST['sub'];
|
||||
$subaction = sanitize_key( $_REQUEST['sub'] );
|
||||
|
||||
/**
|
||||
* UM hook
|
||||
@@ -268,7 +278,7 @@ if ( ! class_exists( 'um\admin\Admin' ) ) {
|
||||
* }
|
||||
* ?>
|
||||
*/
|
||||
do_action( "um_admin_user_action_hook", $subaction );
|
||||
do_action( 'um_admin_user_action_hook', $subaction );
|
||||
/**
|
||||
* UM hook
|
||||
*
|
||||
@@ -290,7 +300,7 @@ if ( ! class_exists( 'um\admin\Admin' ) ) {
|
||||
|
||||
um_reset_user();
|
||||
|
||||
wp_redirect( add_query_arg( 'update', 'user_updated', admin_url('?page=ultimatemember') ) );
|
||||
wp_redirect( add_query_arg( 'update', 'user_updated', admin_url( '?page=ultimatemember' ) ) );
|
||||
exit;
|
||||
|
||||
}
|
||||
@@ -317,6 +327,8 @@ if ( ! class_exists( 'um\admin\Admin' ) ) {
|
||||
*/
|
||||
function admin_init() {
|
||||
if ( is_admin() && current_user_can( 'manage_options' ) && ! empty( $_REQUEST['um_adm_action'] ) ) {
|
||||
$action = sanitize_key( $_REQUEST['um_adm_action'] );
|
||||
|
||||
/**
|
||||
* UM hook
|
||||
*
|
||||
@@ -336,7 +348,7 @@ if ( ! class_exists( 'um\admin\Admin' ) ) {
|
||||
* }
|
||||
* ?>
|
||||
*/
|
||||
do_action( "um_admin_do_action__", $_REQUEST['um_adm_action'] );
|
||||
do_action( 'um_admin_do_action__', $action );
|
||||
/**
|
||||
* UM hook
|
||||
*
|
||||
@@ -356,7 +368,7 @@ if ( ! class_exists( 'um\admin\Admin' ) ) {
|
||||
* }
|
||||
* ?>
|
||||
*/
|
||||
do_action( "um_admin_do_action__{$_REQUEST['um_adm_action']}", $_REQUEST['um_adm_action'] );
|
||||
do_action( "um_admin_do_action__{$action}", $action );
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user