mirror of
https://github.com/10h30/ultimatemember.git
synced 2026-07-14 04:06:36 +09:00
- added nonce fields;
This commit is contained in:
@@ -129,7 +129,9 @@ if ( ! class_exists( 'um\core\Enqueue' ) ) {
|
||||
* }
|
||||
* ?>
|
||||
*/
|
||||
$localize_data = apply_filters( 'um_enqueue_localize_data', array() );
|
||||
$localize_data = apply_filters( 'um_enqueue_localize_data', array(
|
||||
'nonce' => wp_create_nonce( "um-frontend-nonce" ),
|
||||
) );
|
||||
wp_localize_script( 'um_scripts', 'um_scripts', $localize_data );
|
||||
|
||||
wp_register_script('um_members', $this->js_baseurl . 'um-members' . $this->suffix . '.js', array( 'jquery' ), ultimatemember_version, true );
|
||||
|
||||
@@ -4059,21 +4059,25 @@ if ( ! class_exists( 'um\core\Fields' ) ) {
|
||||
*
|
||||
*/
|
||||
function do_ajax_action() {
|
||||
if (!is_user_logged_in() || !current_user_can( 'manage_options' )) die( __( 'Please login as administrator', 'ultimate-member' ) );
|
||||
UM()->admin()->check_ajax_nonce();
|
||||
|
||||
if ( ! is_user_logged_in() || ! current_user_can( 'manage_options' ) ) {
|
||||
wp_send_json_error( __( 'Please login as administrator', 'ultimate-member' ) );
|
||||
}
|
||||
|
||||
extract( $_POST );
|
||||
|
||||
$output = null;
|
||||
|
||||
$position = array();
|
||||
if (!empty( $in_column )) {
|
||||
if ( ! empty( $in_column ) ) {
|
||||
$position['in_row'] = '_um_row_' . ( (int)$in_row + 1 );
|
||||
$position['in_sub_row'] = $in_sub_row;
|
||||
$position['in_column'] = $in_column;
|
||||
$position['in_group'] = $in_group;
|
||||
}
|
||||
|
||||
switch ($act_id) {
|
||||
switch ( $act_id ) {
|
||||
|
||||
case 'um_admin_duplicate_field':
|
||||
$this->duplicate_field( $arg1, $arg2 );
|
||||
|
||||
@@ -241,6 +241,8 @@ if ( ! class_exists( 'um\core\Files' ) ) {
|
||||
* Remove file by AJAX
|
||||
*/
|
||||
function ajax_remove_file() {
|
||||
UM()->check_ajax_nonce();
|
||||
|
||||
/**
|
||||
* @var $src
|
||||
*/
|
||||
@@ -255,6 +257,8 @@ if ( ! class_exists( 'um\core\Files' ) ) {
|
||||
* Resize image AJAX handler
|
||||
*/
|
||||
function ajax_resize_image() {
|
||||
UM()->check_ajax_nonce();
|
||||
|
||||
/**
|
||||
* @var $key
|
||||
* @var $src
|
||||
|
||||
@@ -50,6 +50,8 @@ if ( ! class_exists( 'um\core\Form' ) ) {
|
||||
*
|
||||
*/
|
||||
function ajax_muted_action() {
|
||||
UM()->check_ajax_nonce();
|
||||
|
||||
extract( $_REQUEST );
|
||||
|
||||
if ( ! UM()->roles()->um_current_user_can( 'edit', $user_id ) )
|
||||
@@ -86,7 +88,7 @@ if ( ! class_exists( 'um\core\Form' ) ) {
|
||||
*
|
||||
*/
|
||||
function ajax_select_options() {
|
||||
|
||||
UM()->check_ajax_nonce();
|
||||
|
||||
$arr_options = array();
|
||||
$arr_options['status'] = 'success';
|
||||
|
||||
@@ -45,6 +45,8 @@ if ( ! class_exists( 'um\core\Profile' ) ) {
|
||||
* Delete profile avatar AJAX handler
|
||||
*/
|
||||
function ajax_delete_profile_photo() {
|
||||
UM()->check_ajax_nonce();
|
||||
|
||||
/**
|
||||
* @var $user_id
|
||||
*/
|
||||
@@ -61,6 +63,8 @@ if ( ! class_exists( 'um\core\Profile' ) ) {
|
||||
* Delete cover photo AJAX handler
|
||||
*/
|
||||
function ajax_delete_cover_photo() {
|
||||
UM()->check_ajax_nonce();
|
||||
|
||||
/**
|
||||
* @var $user_id
|
||||
*/
|
||||
|
||||
@@ -39,6 +39,8 @@ if ( ! class_exists( 'um\core\Query' ) ) {
|
||||
* Ajax pagination for posts
|
||||
*/
|
||||
function ajax_paginate() {
|
||||
UM()->check_ajax_nonce();
|
||||
|
||||
/**
|
||||
* @var $hook
|
||||
* @var $args
|
||||
|
||||
@@ -82,6 +82,8 @@ if ( ! class_exists( 'um\core\User_posts' ) ) {
|
||||
*
|
||||
*/
|
||||
function load_posts() {
|
||||
UM()->check_ajax_nonce();
|
||||
|
||||
$author = ! empty( $_POST['author'] ) ? $_POST['author'] : get_current_user_id();
|
||||
$page = ! empty( $_POST['page'] ) ? $_POST['page'] : 0;
|
||||
|
||||
|
||||
@@ -87,8 +87,11 @@ if ( ! class_exists( 'um\core\User' ) ) {
|
||||
|
||||
add_action( 'init', array( &$this, 'check_membership' ), 10 );
|
||||
|
||||
add_action( 'delete_user', array( &$this, 'delete_user_handler' ), 10, 1 );
|
||||
add_action( 'wpmu_delete_user', array( &$this, 'delete_user_handler' ), 10, 1 );
|
||||
if ( is_multisite() ) {
|
||||
add_action( 'delete_user', array( &$this, 'delete_user_handler' ), 10, 1 );
|
||||
} else {
|
||||
add_action( 'wpmu_delete_user', array( &$this, 'delete_user_handler' ), 10, 1 );
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -96,6 +99,8 @@ if ( ! class_exists( 'um\core\User' ) ) {
|
||||
* @param $user_id
|
||||
*/
|
||||
function delete_user_handler( $user_id ) {
|
||||
error_log( '----------------' );
|
||||
error_log( $user_id );
|
||||
|
||||
um_fetch_user( $user_id );
|
||||
|
||||
|
||||
@@ -8,6 +8,8 @@ if ( ! defined( 'ABSPATH' ) ) exit;
|
||||
* @return boolean
|
||||
*/
|
||||
function ultimatemember_check_username_exists() {
|
||||
UM()->check_ajax_nonce();
|
||||
|
||||
$username = isset($_REQUEST['username']) ? $_REQUEST['username'] : '';
|
||||
$exists = username_exists( $username );
|
||||
|
||||
|
||||
Reference in New Issue
Block a user