- added nonce fields;

This commit is contained in:
nikitozzzzzzz
2018-11-21 14:01:18 +02:00
parent 9b083d8243
commit 0ceab69793
44 changed files with 393 additions and 213 deletions
+16 -9
View File
@@ -292,9 +292,10 @@ if ( ! class_exists( 'um\admin\core\Admin_Builder' ) ) {
* Update the builder area
*/
function update_builder() {
UM()->admin()->check_ajax_nonce();
if ( ! is_user_logged_in() || ! current_user_can( 'manage_options' ) ) {
die( 'Please login as administrator' );
wp_send_json_error( __( 'Please login as administrator', 'ultimate-member' ) );
}
extract( $_POST );
@@ -605,8 +606,11 @@ if ( ! class_exists( 'um\admin\core\Admin_Builder' ) ) {
*
*/
function update_field() {
if ( ! is_user_logged_in() || ! current_user_can( 'manage_options' ) )
die( __('Please login as administrator','ultimate-member') );
UM()->admin()->check_ajax_nonce();
if ( ! is_user_logged_in() || ! current_user_can( 'manage_options' ) ) {
wp_send_json_error( __( 'Please login as administrator', 'ultimate-member' ) );
}
$output['error'] = null;
@@ -757,12 +761,14 @@ if ( ! class_exists( 'um\admin\core\Admin_Builder' ) ) {
*
*/
function dynamic_modal_content() {
$metabox = UM()->metabox();
UM()->admin()->check_ajax_nonce();
if ( ! is_user_logged_in() || ! current_user_can( 'manage_options' ) ) {
die( __( 'Please login as administrator', 'ultimate-member' ) );
wp_send_json_error( __( 'Please login as administrator', 'ultimate-member' ) );
}
$metabox = UM()->metabox();
/**
* @var $act_id
* @var $arg1
@@ -1131,12 +1137,14 @@ if ( ! class_exists( 'um\admin\core\Admin_Builder' ) ) {
* Retrieves dropdown/multi-select options from a callback function
*/
function populate_dropdown_options() {
$arr_options = array();
UM()->admin()->check_ajax_nonce();
if ( ! current_user_can('manage_options') ) {
wp_die( __( 'This is not possible for security reasons.', 'ultimate-member' ) );
if ( ! is_user_logged_in() || ! current_user_can( 'manage_options' ) ) {
wp_send_json_error( __( 'This is not possible for security reasons.', 'ultimate-member' ) );
}
$arr_options = array();
$um_callback_func = $_POST['um_option_callback'];
if ( empty( $um_callback_func ) ) {
$arr_options['status'] = 'empty';
@@ -1145,7 +1153,6 @@ if ( ! class_exists( 'um\admin\core\Admin_Builder' ) ) {
}
$arr_options['data'] = array();
if ( function_exists( $um_callback_func ) ) {
$arr_options['data'] = call_user_func( $um_callback_func );
}
+7 -4
View File
@@ -26,9 +26,11 @@ if ( ! class_exists( 'um\admin\core\Admin_DragDrop' ) ) {
* Update order of fields
*/
function update_order() {
UM()->admin()->check_ajax_nonce();
if ( ! is_user_logged_in() || ! current_user_can( 'manage_options' ) )
die( 'Please login as administrator' );
if ( ! is_user_logged_in() || ! current_user_can( 'manage_options' ) ) {
wp_send_json_error( __( 'Please login as administrator', 'ultimate-member' ) );
}
/**
* @var $form_id
@@ -43,8 +45,8 @@ if ( ! class_exists( 'um\admin\core\Admin_DragDrop' ) ) {
if ( ! empty( $fields ) ) {
foreach ( $fields as $key => $array ) {
if ( $array['type'] == 'row' ) {
$this->row_data[$key] = $array;
unset( $fields[$key] );
$this->row_data[ $key ] = $array;
unset( $fields[ $key ] );
}
}
} else {
@@ -217,6 +219,7 @@ if ( ! class_exists( 'um\admin\core\Admin_DragDrop' ) ) {
<input type="hidden" name="form_id" id="form_id" value="<?php echo get_the_ID(); ?>" />
<input type="hidden" name="action" value="um_update_order" />
<input type="hidden" name="nonce" value="<?php echo wp_create_nonce( 'um-admin-nonce' ) ?>" />
<div class="um_update_order_fields">
+2 -3
View File
@@ -332,9 +332,8 @@ if ( ! class_exists( 'um\admin\core\Admin_Enqueue' ) ) {
* }
* ?>
*/
$localize_data = apply_filters('um_admin_enqueue_localize_data', array(
'ajaxurl' => admin_url( 'admin-ajax.php' ),
'nonce' => wp_create_nonce( "um-admin-nonce" )
$localize_data = apply_filters( 'um_admin_enqueue_localize_data', array(
'nonce' => wp_create_nonce( "um-admin-nonce" )
)
);
+11 -3
View File
@@ -76,7 +76,8 @@ if ( ! class_exists( 'um\admin\core\Admin_Menu' ) ) {
url: wp.ajax.settings.url,
type: 'post',
data: {
action: 'um_rated'
action: 'um_rated',
nonce: um_admin_scripts.nonce
},
success: function(){
@@ -98,8 +99,14 @@ if ( ! class_exists( 'um\admin\core\Admin_Menu' ) ) {
* When user clicks the review link in backend
*/
function ultimatemember_rated() {
UM()->admin()->check_ajax_nonce();
if ( ! is_user_logged_in() || ! current_user_can( 'manage_options' ) ) {
wp_send_json_error( __( 'Please login as administrator', 'ultimate-member' ) );
}
update_option( 'um_admin_footer_text_rated', 1 );
die();
wp_send_json_success();
}
@@ -109,8 +116,9 @@ if ( ! class_exists( 'um\admin\core\Admin_Menu' ) ) {
public function menu_order_count() {
global $menu, $submenu;
if ( ! current_user_can( 'list_users' ) )
if ( ! current_user_can( 'list_users' ) ) {
return;
}
$count = UM()->user()->get_pending_users_count();
if ( is_array( $menu ) ) {
+1 -5
View File
@@ -666,11 +666,7 @@ if ( ! class_exists( 'um\admin\core\Admin_Notices' ) ) {
function dismiss_notice() {
$nonce = isset( $_POST["nonce"] ) ? $_POST["nonce"] : "";
if ( ! wp_verify_nonce( $nonce, "um-admin-nonce" ) ) {
wp_send_json_error( esc_js( __( "Wrong Nonce", 'ultimate-member' ) ) );
}
UM()->admin()->check_ajax_nonce();
if ( empty( $_POST['key'] ) ) {
wp_send_json_error( __( 'Wrong Data', 'ultimate-member' ) );
+8 -2
View File
@@ -260,7 +260,8 @@ if ( ! class_exists( 'um\admin\core\Admin_Upgrade' ) ) {
type: 'POST',
dataType: 'json',
data: {
action: 'um_get_packages'
action: 'um_get_packages',
nonce: um_admin_scripts.nonce
},
success: function( response ) {
um_packages = response.data.packages;
@@ -290,7 +291,8 @@ if ( ! class_exists( 'um\admin\core\Admin_Upgrade' ) ) {
dataType: 'html',
data: {
action: 'um_run_package',
pack: pack
pack: pack,
nonce: um_admin_scripts.nonce
},
success: function( html ) {
um_add_upgrade_log( 'Package "' + pack + '" is ready. Start the execution...' );
@@ -334,6 +336,8 @@ if ( ! class_exists( 'um\admin\core\Admin_Upgrade' ) ) {
function ajax_run_package() {
UM()->admin()->check_ajax_nonce();
if ( empty( $_POST['pack'] ) ) {
exit('');
} else {
@@ -346,6 +350,8 @@ if ( ! class_exists( 'um\admin\core\Admin_Upgrade' ) ) {
function ajax_get_packages() {
UM()->admin()->check_ajax_nonce();
$update_versions = $this->need_run_upgrades();
wp_send_json_success( array( 'packages' => $update_versions ) );
}
+2
View File
@@ -1,5 +1,7 @@
<?php
function um_upgrade_usermetaquery1339() {
UM()->admin()->check_ajax_nonce();
include 'usermeta_query.php';
update_option( 'um_last_version_upgrade', '1.3.39' );
+3 -2
View File
@@ -5,11 +5,12 @@
um_add_upgrade_log( 'Upgrade Usermeta...' );
jQuery.ajax({
url: '<?php echo admin_url( 'admin-ajax.php' ) ?>',
url: wp.ajax.settings.url,
type: 'POST',
dataType: 'json',
data: {
action: 'um_usermetaquery1339'
action: 'um_usermetaquery1339',
nonce: um_admin_scripts.nonce
},
success: function( response ) {
if ( typeof response.data != 'undefined' ) {
@@ -1,5 +1,7 @@
<?php
function um_upgrade_styles20beta1() {
UM()->admin()->check_ajax_nonce();
um_maybe_unset_time_limit();
include 'styles.php';
@@ -8,6 +10,8 @@ function um_upgrade_styles20beta1() {
function um_upgrade_user_roles20beta1() {
UM()->admin()->check_ajax_nonce();
um_maybe_unset_time_limit();
/**
* @var $response_roles_data
@@ -19,7 +23,10 @@ function um_upgrade_user_roles20beta1() {
function um_upgrade_get_users_per_role20beta1() {
UM()->admin()->check_ajax_nonce();
um_maybe_unset_time_limit();
if ( ! empty( $_POST['key_in_meta'] ) ) {
$args = array(
'meta_query' => array(
@@ -43,6 +50,8 @@ function um_upgrade_get_users_per_role20beta1() {
function um_upgrade_update_users_per_page20beta1() {
UM()->admin()->check_ajax_nonce();
um_maybe_unset_time_limit();
if ( ! empty( $_POST['key_in_meta'] ) && ! empty( $_POST['role_key'] ) && ! empty( $_POST['page'] ) ) {
$users_per_page = 100;
@@ -85,6 +94,8 @@ function um_upgrade_update_users_per_page20beta1() {
function um_upgrade_content_restriction20beta1() {
UM()->admin()->check_ajax_nonce();
um_maybe_unset_time_limit();
include 'content_restriction.php';
@@ -94,6 +105,8 @@ function um_upgrade_content_restriction20beta1() {
function um_upgrade_settings20beta1() {
UM()->admin()->check_ajax_nonce();
um_maybe_unset_time_limit();
include 'settings.php';
@@ -102,6 +115,8 @@ function um_upgrade_settings20beta1() {
function um_upgrade_menus20beta1() {
UM()->admin()->check_ajax_nonce();
um_maybe_unset_time_limit();
include 'menus.php';
@@ -110,6 +125,8 @@ function um_upgrade_menus20beta1() {
function um_upgrade_mc_lists20beta1() {
UM()->admin()->check_ajax_nonce();
um_maybe_unset_time_limit();
include 'mc_lists.php';
@@ -118,6 +135,8 @@ function um_upgrade_mc_lists20beta1() {
function um_upgrade_social_login20beta1() {
UM()->admin()->check_ajax_nonce();
um_maybe_unset_time_limit();
include 'social_login.php';
@@ -126,6 +145,8 @@ function um_upgrade_social_login20beta1() {
function um_upgrade_cpt20beta1() {
UM()->admin()->check_ajax_nonce();
um_maybe_unset_time_limit();
include 'um_cpt.php';
@@ -134,6 +155,8 @@ function um_upgrade_cpt20beta1() {
function um_upgrade_get_forums20beta1() {
UM()->admin()->check_ajax_nonce();
um_maybe_unset_time_limit();
remove_all_actions( 'pre_get_posts' );
@@ -149,6 +172,8 @@ function um_upgrade_get_forums20beta1() {
function um_upgrade_update_forum_per_page20beta1() {
UM()->admin()->check_ajax_nonce();
um_maybe_unset_time_limit();
if ( ! empty( $_POST['page'] ) ) {
@@ -205,6 +230,8 @@ function um_upgrade_update_forum_per_page20beta1() {
function um_upgrade_get_products20beta1() {
UM()->admin()->check_ajax_nonce();
um_maybe_unset_time_limit();
$wc_products = get_posts( array(
@@ -218,6 +245,8 @@ function um_upgrade_get_products20beta1() {
function um_upgrade_update_products_per_page20beta1() {
UM()->admin()->check_ajax_nonce();
um_maybe_unset_time_limit();
if ( ! empty( $_POST['page'] ) ) {
@@ -296,6 +325,8 @@ function um_upgrade_update_products_per_page20beta1() {
function um_upgrade_email_templates20beta1() {
UM()->admin()->check_ajax_nonce();
um_maybe_unset_time_limit();
include 'email_templates.php';
+45 -30
View File
@@ -13,11 +13,12 @@
um_add_upgrade_log( '<?php echo esc_js( __( 'Upgrade Styles...', 'ultimate-member' ) ) ?>' );
jQuery.ajax({
url: '<?php echo admin_url( 'admin-ajax.php' ) ?>',
url: wp.ajax.settings.url,
type: 'POST',
dataType: 'json',
data: {
action: 'um_styles20beta1'
action: 'um_styles20beta1',
nonce: um_admin_scripts.nonce
},
success: function( response ) {
if ( typeof response.data != 'undefined' ) {
@@ -36,11 +37,12 @@
function upgrade_roles() {
um_add_upgrade_log( '<?php echo esc_js( __( 'Upgrade Roles...', 'ultimate-member' ) ) ?>' );
jQuery.ajax({
url: '<?php echo admin_url( 'admin-ajax.php' ) ?>',
url: wp.ajax.settings.url,
type: 'POST',
dataType: 'json',
data: {
action: 'um_user_roles20beta1'
action: 'um_user_roles20beta1',
nonce: um_admin_scripts.nonce
},
success: function( response ) {
if ( typeof response.data != 'undefined' ) {
@@ -70,12 +72,13 @@
var role = um_roles_data.shift();
um_add_upgrade_log( '<?php echo esc_js( __( 'Getting ', 'ultimate-member' ) ) ?>"' + role.role_key + '"<?php echo esc_js( __( ' users...', 'ultimate-member' ) ) ?>' );
jQuery.ajax({
url: '<?php echo admin_url( 'admin-ajax.php' ) ?>',
url: wp.ajax.settings.url,
type: 'POST',
dataType: 'json',
data: {
action: 'um_get_users_per_role20beta1',
key_in_meta: role.key_in_meta
key_in_meta: role.key_in_meta,
nonce: um_admin_scripts.nonce
},
success: function( response ) {
if ( typeof response.data.count != 'undefined' ) {
@@ -103,14 +106,15 @@
function update_user_per_page( role_key, key_in_meta ) {
if ( current_page <= users_pages ) {
jQuery.ajax({
url: '<?php echo admin_url( 'admin-ajax.php' ) ?>',
url: wp.ajax.settings.url,
type: 'POST',
dataType: 'json',
data: {
action: 'um_update_users_per_page20beta1',
role_key: role_key,
key_in_meta: key_in_meta,
page: current_page
page: current_page,
nonce: um_admin_scripts.nonce
},
success: function( response ) {
if ( typeof response.data != 'undefined' ) {
@@ -135,11 +139,12 @@
um_add_upgrade_log( '<?php echo esc_js( __( 'Upgrade Content Restriction Settings...', 'ultimate-member' ) ) ?>' );
jQuery.ajax({
url: '<?php echo admin_url( 'admin-ajax.php' ) ?>',
url: wp.ajax.settings.url,
type: 'POST',
dataType: 'json',
data: {
action: 'um_content_restriction20beta1'
action: 'um_content_restriction20beta1',
nonce: um_admin_scripts.nonce
},
success: function( response ) {
if ( typeof response.data != 'undefined' ) {
@@ -160,11 +165,12 @@
um_add_upgrade_log( '<?php echo esc_js( __( 'Upgrade Settings...', 'ultimate-member' ) ) ?>' );
jQuery.ajax({
url: '<?php echo admin_url( 'admin-ajax.php' ) ?>',
url: wp.ajax.settings.url,
type: 'POST',
dataType: 'json',
data: {
action: 'um_settings20beta1'
action: 'um_settings20beta1',
nonce: um_admin_scripts.nonce
},
success: function( response ) {
if ( typeof response.data != 'undefined' ) {
@@ -185,11 +191,12 @@
um_add_upgrade_log( '<?php echo esc_js( __( 'Upgrade Menu Items...', 'ultimate-member' ) ) ?>' );
jQuery.ajax({
url: '<?php echo admin_url( 'admin-ajax.php' ) ?>',
url: wp.ajax.settings.url,
type: 'POST',
dataType: 'json',
data: {
action: 'um_menus20beta1'
action: 'um_menus20beta1',
nonce: um_admin_scripts.nonce
},
success: function( response ) {
if ( typeof response.data != 'undefined' ) {
@@ -210,11 +217,12 @@
um_add_upgrade_log( '<?php echo esc_js( __( 'Upgrade Mailchimp Lists...', 'ultimate-member' ) ) ?>' );
jQuery.ajax({
url: '<?php echo admin_url( 'admin-ajax.php' ) ?>',
url: wp.ajax.settings.url,
type: 'POST',
dataType: 'json',
data: {
action: 'um_mc_lists20beta1'
action: 'um_mc_lists20beta1',
nonce: um_admin_scripts.nonce
},
success: function( response ) {
if ( typeof response.data != 'undefined' ) {
@@ -235,11 +243,12 @@
um_add_upgrade_log( '<?php echo esc_js( __( 'Upgrade Social Login Forms...', 'ultimate-member' ) ) ?>' );
jQuery.ajax({
url: '<?php echo admin_url( 'admin-ajax.php' ) ?>',
url: wp.ajax.settings.url,
type: 'POST',
dataType: 'json',
data: {
action: 'um_social_login20beta1'
action: 'um_social_login20beta1',
nonce: um_admin_scripts.nonce
},
success: function( response ) {
if ( typeof response.data != 'undefined' ) {
@@ -260,11 +269,12 @@
um_add_upgrade_log( '<?php echo esc_js( __( 'Upgrade UM Custom Post Types...', 'ultimate-member' ) ) ?>' );
jQuery.ajax({
url: '<?php echo admin_url( 'admin-ajax.php' ) ?>',
url: wp.ajax.settings.url,
type: 'POST',
dataType: 'json',
data: {
action: 'um_cpt20beta1'
action: 'um_cpt20beta1',
nonce: um_admin_scripts.nonce
},
success: function( response ) {
if ( typeof response.data != 'undefined' ) {
@@ -286,11 +296,12 @@
um_add_upgrade_log( '<?php echo esc_js( __( 'Get bbPress Forums count...', 'ultimate-member' ) ) ?>' );
current_page = 1;
jQuery.ajax({
url: '<?php echo admin_url( 'admin-ajax.php' ) ?>',
url: wp.ajax.settings.url,
type: 'POST',
dataType: 'json',
data: {
action: 'um_get_forums20beta1'
action: 'um_get_forums20beta1',
nonce: um_admin_scripts.nonce
},
success: function( response ) {
if ( typeof response.data != 'undefined' ) {
@@ -313,12 +324,13 @@
function update_forums_per_page() {
if ( current_page <= forums_pages ) {
jQuery.ajax({
url: '<?php echo admin_url( 'admin-ajax.php' ) ?>',
url: wp.ajax.settings.url,
type: 'POST',
dataType: 'json',
data: {
action: 'um_update_forum_per_page20beta1',
page: current_page
page: current_page,
nonce: um_admin_scripts.nonce
},
success: function( response ) {
if ( typeof response.data != 'undefined' ) {
@@ -346,11 +358,12 @@
current_page = 1;
jQuery.ajax({
url: '<?php echo admin_url( 'admin-ajax.php' ) ?>',
url: wp.ajax.settings.url,
type: 'POST',
dataType: 'json',
data: {
action: 'um_get_products20beta1'
action: 'um_get_products20beta1',
nonce: um_admin_scripts.nonce
},
success: function( response ) {
if ( typeof response.data != 'undefined' ) {
@@ -373,12 +386,13 @@
function update_products_per_page() {
if ( current_page <= products_pages ) {
jQuery.ajax({
url: '<?php echo admin_url( 'admin-ajax.php' ) ?>',
url: wp.ajax.settings.url,
type: 'POST',
dataType: 'json',
data: {
action: 'um_update_products_per_page20beta1',
page: current_page
page: current_page,
nonce: um_admin_scripts.nonce
},
success: function( response ) {
if ( typeof response.data != 'undefined' ) {
@@ -402,11 +416,12 @@
function upgrade_email_templates() {
um_add_upgrade_log( '<?php echo esc_js( __( 'Upgrade Email Templates...', 'ultimate-member' ) ) ?>' );
jQuery.ajax({
url: '<?php echo admin_url( 'admin-ajax.php' ) ?>',
url: wp.ajax.settings.url,
type: 'POST',
dataType: 'json',
data: {
action: 'um_email_templates20beta1'
action: 'um_email_templates20beta1',
nonce: um_admin_scripts.nonce
},
success: function( response ) {
if ( typeof response.data != 'undefined' ) {
+4
View File
@@ -1,5 +1,7 @@
<?php
function um_upgrade_styles2010() {
UM()->admin()->check_ajax_nonce();
um_maybe_unset_time_limit();
include 'styles.php';
@@ -8,6 +10,8 @@ function um_upgrade_styles2010() {
function um_upgrade_cache2010() {
UM()->admin()->check_ajax_nonce();
um_maybe_unset_time_limit();
UM()->user()->remove_cache_all_users();
+6 -4
View File
@@ -6,11 +6,12 @@
um_add_upgrade_log( '<?php echo esc_js( __( 'Upgrade Styles...', 'ultimate-member' ) ) ?>' );
jQuery.ajax({
url: '<?php echo admin_url( 'admin-ajax.php' ) ?>',
url: wp.ajax.settings.url,
type: 'POST',
dataType: 'json',
data: {
action: 'um_styles2010'
action: 'um_styles2010',
nonce: um_admin_scripts.nonce
},
success: function( response ) {
if ( typeof response.data != 'undefined' ) {
@@ -30,11 +31,12 @@
function um_clear_cache2010() {
um_add_upgrade_log( '<?php echo esc_js( __( 'Clear Users Cache...', 'ultimate-member' ) ) ?>' );
jQuery.ajax({
url: '<?php echo admin_url( 'admin-ajax.php' ) ?>',
url: wp.ajax.settings.url,
type: 'POST',
dataType: 'json',
data: {
action: 'um_cache2010'
action: 'um_cache2010',
nonce: um_admin_scripts.nonce
},
success: function( response ) {
if ( typeof response.data != 'undefined' ) {
+2
View File
@@ -1,5 +1,7 @@
<?php
function um_upgrade_tempfolder2024() {
UM()->admin()->check_ajax_nonce();
um_maybe_unset_time_limit();
UM()->files()->remove_dir( UM()->files()->upload_temp );
+3 -2
View File
@@ -6,11 +6,12 @@
um_add_upgrade_log( '<?php echo esc_js( __( 'Purge temp files dir...', 'ultimate-member' ) ) ?>' );
jQuery.ajax({
url: '<?php echo admin_url( 'admin-ajax.php' ) ?>',
url: wp.ajax.settings.url,
type: 'POST',
dataType: 'json',
data: {
action: 'um_tempfolder2024'
action: 'um_tempfolder2024',
nonce: um_admin_scripts.nonce
},
success: function( response ) {
if ( typeof response.data != 'undefined' ) {