mirror of
https://github.com/10h30/ultimatemember.git
synced 2026-07-17 05:33:36 +09:00
Merge branch 'master' of https://github.com/ultimatemember/ultimatemember into development/2.2.4
This commit is contained in:
@@ -416,8 +416,8 @@ if ( ! class_exists( 'um\admin\core\Admin_Metabox' ) ) {
|
||||
array(
|
||||
'id' => '_um_access_hide_from_queries',
|
||||
'type' => 'checkbox',
|
||||
'label' => __( 'Would you like to display 404 error on the term\'s archive page and terms\' posts single pages when users haven\'t access?', 'ultimate-member' ),
|
||||
'description' => __( 'Recommended to be enabled. Restricted term\'s archive page and all terms\' posts will be hidden by exclusion from WP Query. The safest and most effective method that hides post and its comments from all requests, RSS feeds, etc. on your site', 'ultimate-member' ),
|
||||
'label' => UM()->options()->get( 'disable_restriction_pre_queries' ) ? __( 'Hide from queries', 'ultimate-member' ) : __( 'Would you like to display 404 error on the term\'s archive page and terms\' posts single pages when users haven\'t access?', 'ultimate-member' ),
|
||||
'description' => UM()->options()->get( 'disable_restriction_pre_queries' ) ? __( 'Exclude only from WP queries results', 'ultimate-member' ) : __( 'Recommended to be enabled. Restricted term\'s archive page and all terms\' posts will be hidden by exclusion from WP Query. The safest and most effective method that hides post and its comments from all requests, RSS feeds, etc. on your site', 'ultimate-member' ),
|
||||
'value' => 1,
|
||||
'conditional' => array( '_um_accessible', '!=', '0' ),
|
||||
),
|
||||
@@ -431,7 +431,7 @@ if ( ! class_exists( 'um\admin\core\Admin_Metabox' ) ) {
|
||||
'0' => __( 'Show access restricted message', 'ultimate-member' ),
|
||||
'1' => __( 'Redirect user', 'ultimate-member' ),
|
||||
),
|
||||
'conditional' => array( '_um_access_hide_from_queries', '=', '0' ),
|
||||
'conditional' => UM()->options()->get( 'disable_restriction_pre_queries' ) ? '' : array( '_um_access_hide_from_queries', '=', '0' ),
|
||||
),
|
||||
array(
|
||||
'id' => '_um_restrict_by_custom_message',
|
||||
@@ -568,8 +568,8 @@ if ( ! class_exists( 'um\admin\core\Admin_Metabox' ) ) {
|
||||
array(
|
||||
'id' => '_um_access_hide_from_queries',
|
||||
'type' => 'checkbox',
|
||||
'label' => __( 'Would you like to display 404 error on the term\'s archive page and terms\' posts single pages when users haven\'t access?', 'ultimate-member' ),
|
||||
'description' => __( 'Recommended to be enabled. Restricted term\'s archive page and all terms\' posts will be hidden by exclusion from WP Query. The safest and most effective method that hides post and its comments from all requests, RSS feeds, etc. on your site', 'ultimate-member' ),
|
||||
'label' => UM()->options()->get( 'disable_restriction_pre_queries' ) ? __( 'Hide from queries', 'ultimate-member' ) : __( 'Would you like to display 404 error on the term\'s archive page and terms\' posts single pages when users haven\'t access?', 'ultimate-member' ),
|
||||
'description' => UM()->options()->get( 'disable_restriction_pre_queries' ) ? __( 'Exclude only from WP queries results', 'ultimate-member' ) : __( 'Recommended to be enabled. Restricted term\'s archive page and all terms\' posts will be hidden by exclusion from WP Query. The safest and most effective method that hides post and its comments from all requests, RSS feeds, etc. on your site', 'ultimate-member' ),
|
||||
'value' => ! empty( $data['_um_access_hide_from_queries'] ) ? $data['_um_access_hide_from_queries'] : '',
|
||||
'conditional' => array( '_um_accessible', '!=', '0' ),
|
||||
),
|
||||
@@ -583,7 +583,7 @@ if ( ! class_exists( 'um\admin\core\Admin_Metabox' ) ) {
|
||||
'0' => __( 'Show access restricted message', 'ultimate-member' ),
|
||||
'1' => __( 'Redirect user', 'ultimate-member' ),
|
||||
),
|
||||
'conditional' => array( '_um_access_hide_from_queries', '=', '0' ),
|
||||
'conditional' => UM()->options()->get( 'disable_restriction_pre_queries' ) ? '' : array( '_um_access_hide_from_queries', '=', '0' ),
|
||||
),
|
||||
array(
|
||||
'id' => '_um_restrict_by_custom_message',
|
||||
|
||||
@@ -503,10 +503,17 @@ if ( ! class_exists( 'um\admin\core\Admin_Settings' ) ) {
|
||||
'conditional' => array( 'accessible', '=', 2 ),
|
||||
),
|
||||
array(
|
||||
'id' => 'restricted_access_post_title',
|
||||
'type' => 'text',
|
||||
'label' => __( 'Restricted Access Post Title', 'ultimate-member' ),
|
||||
'tooltip' => __( 'This is the post title shown to users that do not have permission to view the content', 'ultimate-member' ),
|
||||
'id' => 'restricted_post_title_replace',
|
||||
'type' => 'checkbox',
|
||||
'label' => __( 'Replace the restricted Post Title', 'ultimate-member' ),
|
||||
'tooltip' => __( 'Allow to replace the restricted post title to users that do not have permission to view the content', 'ultimate-member' ),
|
||||
),
|
||||
array(
|
||||
'id' => 'restricted_access_post_title',
|
||||
'type' => 'text',
|
||||
'label' => __( 'Restricted Access Post Title', 'ultimate-member' ),
|
||||
'tooltip' => __( 'This is the post title shown to users that do not have permission to view the content', 'ultimate-member' ),
|
||||
'conditional' => array( 'restricted_post_title_replace', '=', 1 ),
|
||||
),
|
||||
array(
|
||||
'id' => 'restricted_access_message',
|
||||
@@ -519,25 +526,28 @@ if ( ! class_exists( 'um\admin\core\Admin_Settings' ) ) {
|
||||
$settings_map = array_merge(
|
||||
$settings_map,
|
||||
array(
|
||||
'accessible' => array(
|
||||
'accessible' => array(
|
||||
'sanitize' => 'int',
|
||||
),
|
||||
'access_redirect' => array(
|
||||
'access_redirect' => array(
|
||||
'sanitize' => 'url',
|
||||
),
|
||||
'access_exclude_uris' => array(
|
||||
'access_exclude_uris' => array(
|
||||
'sanitize' => 'url',
|
||||
),
|
||||
'home_page_accessible' => array(
|
||||
'home_page_accessible' => array(
|
||||
'sanitize' => 'bool',
|
||||
),
|
||||
'category_page_accessible' => array(
|
||||
'category_page_accessible' => array(
|
||||
'sanitize' => 'bool',
|
||||
),
|
||||
'restricted_access_post_title' => array(
|
||||
'restricted_post_title_replace' => array(
|
||||
'sanitize' => 'bool',
|
||||
),
|
||||
'restricted_access_post_title' => array(
|
||||
'sanitize' => 'text',
|
||||
),
|
||||
'restricted_access_message' => array(
|
||||
'restricted_access_message' => array(
|
||||
'sanitize' => 'wp_kses',
|
||||
),
|
||||
)
|
||||
@@ -1751,6 +1761,14 @@ if ( ! class_exists( 'um\admin\core\Admin_Settings' ) ) {
|
||||
'2.0' => __( '2.0 version', 'ultimate-member' ),
|
||||
),
|
||||
),
|
||||
// backward compatibility option leave it disabled for better security and ability to exclude posts/terms pre-query
|
||||
// otherwise we filtering only results and restricted posts/terms can be visible
|
||||
array(
|
||||
'id' => 'disable_restriction_pre_queries',
|
||||
'type' => 'checkbox',
|
||||
'label' => __( 'Disable pre-queries for restriction content logic (advanced)', 'ultimate-member' ),
|
||||
'tooltip' => __( 'Please enable this option only in the cases when you have big or unnecessary queries on your site with active restriction logic. If you want to exclude posts only from the results queries instead of pre_get_posts and fully-hidden post logic also please enable this option. It activates the restriction content logic until 2.2.x version without latest security enhancements', 'ultimate-member' ),
|
||||
),
|
||||
$same_page_update,
|
||||
array(
|
||||
'id' => 'uninstall_on_delete',
|
||||
|
||||
@@ -81,8 +81,8 @@ if ( ! defined( 'ABSPATH' ) ) {
|
||||
array(
|
||||
'id' => '_um_access_hide_from_queries',
|
||||
'type' => 'checkbox',
|
||||
'label' => __( 'Would you like to display 404 page when users haven\'t access?', 'ultimate-member' ),
|
||||
'tooltip' => __( 'Recommended to be enabled. Restricted post will be hidden by exclusion from WP Query. The safest and most effective method that hides post and its comments from all requests, RSS feeds, etc. on your site', 'ultimate-member' ),
|
||||
'label' => UM()->options()->get( 'disable_restriction_pre_queries' ) ? __( 'Hide from queries', 'ultimate-member' ) : __( 'Would you like to display 404 page when users haven\'t access?', 'ultimate-member' ),
|
||||
'tooltip' => UM()->options()->get( 'disable_restriction_pre_queries' ) ? __( 'Exclude only from WP queries results', 'ultimate-member' ) : __( 'Recommended to be enabled. Restricted post will be hidden by exclusion from WP Query. The safest and most effective method that hides post and its comments from all requests, RSS feeds, etc. on your site', 'ultimate-member' ),
|
||||
'value' => ! empty( $data['_um_access_hide_from_queries'] ) ? $data['_um_access_hide_from_queries'] : '',
|
||||
'conditional' => array( '_um_accessible', '!=', '0' ),
|
||||
),
|
||||
@@ -96,7 +96,7 @@ if ( ! defined( 'ABSPATH' ) ) {
|
||||
'0' => __( 'Show access restricted message', 'ultimate-member' ),
|
||||
'1' => __( 'Redirect user', 'ultimate-member' ),
|
||||
),
|
||||
'conditional' => array( '_um_access_hide_from_queries', '=', '0' ),
|
||||
'conditional' => UM()->options()->get( 'disable_restriction_pre_queries' ) ? '' : array( '_um_access_hide_from_queries', '=', '0' ),
|
||||
),
|
||||
array(
|
||||
'id' => '_um_restrict_by_custom_message',
|
||||
|
||||
@@ -512,6 +512,7 @@ if ( ! class_exists( 'um\Config' ) ) {
|
||||
//settings defaults
|
||||
$this->settings_defaults = array(
|
||||
'restricted_access_post_metabox' => array( 'post' => 1, 'page' => 1 ),
|
||||
'disable_restriction_pre_queries' => 0,
|
||||
'uninstall_on_delete' => 0,
|
||||
'permalink_base' => 'user_login',
|
||||
'display_name' => 'full_name',
|
||||
@@ -543,6 +544,7 @@ if ( ! class_exists( 'um\Config' ) ) {
|
||||
'access_exclude_uris' => array(),
|
||||
'home_page_accessible' => 1,
|
||||
'category_page_accessible' => 1,
|
||||
'restricted_post_title_replace' => 1,
|
||||
'restricted_access_post_title' => __( 'Restricted content', 'ultimate-member' ),
|
||||
'restricted_access_message' => '',
|
||||
'restricted_blocks' => 0,
|
||||
|
||||
@@ -105,6 +105,30 @@ if ( ! class_exists( 'um\core\Access' ) ) {
|
||||
add_action( 'template_redirect', array( &$this, 'template_redirect' ), 1000 );
|
||||
add_action( 'um_access_check_individual_term_settings', array( &$this, 'um_access_check_individual_term_settings' ) );
|
||||
add_action( 'um_access_check_global_settings', array( &$this, 'um_access_check_global_settings' ) );
|
||||
|
||||
|
||||
add_action( 'plugins_loaded', array( &$this, 'disable_restriction_pre_queries' ), 1 );
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Rollback function for old business logic to avoid security enhancements with 404 errors
|
||||
*/
|
||||
function disable_restriction_pre_queries() {
|
||||
if ( ! UM()->options()->get( 'disable_restriction_pre_queries' ) ) {
|
||||
return;
|
||||
}
|
||||
|
||||
remove_action( 'pre_get_terms', array( &$this, 'exclude_hidden_terms_query' ), 99 );
|
||||
remove_filter( 'widget_posts_args', array( &$this, 'exclude_restricted_posts_widget' ), 99 );
|
||||
remove_filter( 'wp_list_pages_excludes', array( &$this, 'exclude_restricted_pages' ), 10 );
|
||||
remove_filter( 'getarchives_where', array( &$this, 'exclude_restricted_posts_archives_widget' ), 99 );
|
||||
remove_filter( 'get_next_post_where', array( &$this, 'exclude_navigation_posts' ), 99 );
|
||||
remove_filter( 'get_previous_post_where', array( &$this, 'exclude_navigation_posts' ), 99 );
|
||||
remove_action( 'pre_get_posts', array( &$this, 'exclude_posts' ), 99 );
|
||||
remove_filter( 'posts_where', array( &$this, 'exclude_posts_where' ), 10 );
|
||||
remove_filter( 'wp_count_posts', array( &$this, 'custom_count_posts_handler' ), 99 );
|
||||
remove_filter( 'the_title', array( &$this, 'filter_restricted_post_title' ), 10 );
|
||||
}
|
||||
|
||||
|
||||
@@ -166,9 +190,11 @@ if ( ! class_exists( 'um\core\Access' ) ) {
|
||||
}
|
||||
} else {
|
||||
$restricted_posts = UM()->options()->get( 'restricted_access_post_metabox' );
|
||||
$restricted_posts = array_keys( $restricted_posts );
|
||||
if ( ! empty( $post_types ) ) {
|
||||
$restricted_posts = array_intersect( $post_types, $restricted_posts );
|
||||
if ( ! empty( $restricted_posts ) ) {
|
||||
$restricted_posts = array_keys( $restricted_posts );
|
||||
if ( ! empty( $post_types ) ) {
|
||||
$restricted_posts = array_intersect( $post_types, $restricted_posts );
|
||||
}
|
||||
}
|
||||
|
||||
if ( ! empty( $restricted_posts ) ) {
|
||||
@@ -626,6 +652,10 @@ if ( ! class_exists( 'um\core\Access' ) ) {
|
||||
* @return string
|
||||
*/
|
||||
function filter_restricted_post_title( $title, $id = null ) {
|
||||
if ( ! UM()->options()->get( 'restricted_post_title_replace' ) ) {
|
||||
return $title;
|
||||
}
|
||||
|
||||
if ( current_user_can( 'administrator' ) ) {
|
||||
return $title;
|
||||
}
|
||||
@@ -812,6 +842,9 @@ if ( ! class_exists( 'um\core\Access' ) ) {
|
||||
global $wp_taxonomies;
|
||||
|
||||
$restricted_posts = UM()->options()->get( 'restricted_access_post_metabox' );
|
||||
if ( empty( $restricted_posts ) ) {
|
||||
$restricted_posts = array();
|
||||
}
|
||||
$restricted_posts = array_keys( $restricted_posts );
|
||||
|
||||
$restricted_taxonomies = UM()->options()->get( 'restricted_access_taxonomy_metabox' );
|
||||
@@ -1067,7 +1100,7 @@ if ( ! class_exists( 'um\core\Access' ) ) {
|
||||
continue;
|
||||
} else {
|
||||
$restriction_settings = $this->get_post_privacy_settings( $menu_item->object_id );
|
||||
if ( empty( $restriction_settings['_um_access_hide_from_queries'] ) ) {
|
||||
if ( UM()->options()->get( 'disable_restriction_pre_queries' ) || empty( $restriction_settings['_um_access_hide_from_queries'] ) ) {
|
||||
$filtered_items[] = $menu_item;
|
||||
continue;
|
||||
}
|
||||
@@ -1208,7 +1241,7 @@ if ( ! class_exists( 'um\core\Access' ) ) {
|
||||
if ( is_object( $query ) && is_a( $query, '\WP_Query' ) &&
|
||||
( $query->is_main_query() || ! empty( $query->query_vars['um_main_query'] ) ) ) {
|
||||
if ( $is_singular ) {
|
||||
if ( $this->is_restricted( $posts[0]->ID ) ) {
|
||||
if ( ! UM()->options()->get( 'disable_restriction_pre_queries' ) && $this->is_restricted( $posts[0]->ID ) ) {
|
||||
$content_restriction = $this->get_post_privacy_settings( $posts[0]->ID );
|
||||
if ( ! empty( $content_restriction['_um_access_hide_from_queries'] ) ) {
|
||||
unset( $posts[0] );
|
||||
@@ -1243,7 +1276,7 @@ if ( ! class_exists( 'um\core\Access' ) ) {
|
||||
} else {
|
||||
if ( $is_singular ) {
|
||||
if ( ! isset( $restriction['_um_noaccess_action'] ) || '0' == $restriction['_um_noaccess_action'] ) {
|
||||
if ( empty( $restriction['_um_access_hide_from_queries'] ) ) {
|
||||
if ( UM()->options()->get( 'disable_restriction_pre_queries' ) || empty( $restriction['_um_access_hide_from_queries'] ) ) {
|
||||
/**
|
||||
* UM hook
|
||||
*
|
||||
@@ -1285,7 +1318,7 @@ if ( ! class_exists( 'um\core\Access' ) ) {
|
||||
}
|
||||
}
|
||||
} else {
|
||||
if ( empty( $restriction['_um_access_hide_from_queries'] ) ) {
|
||||
if ( UM()->options()->get( 'disable_restriction_pre_queries' ) || empty( $restriction['_um_access_hide_from_queries'] ) ) {
|
||||
$filtered_posts[] = $post;
|
||||
continue;
|
||||
}
|
||||
|
||||
@@ -1669,13 +1669,15 @@ function um_is_myprofile() {
|
||||
/**
|
||||
* Returns the edit profile link
|
||||
*
|
||||
* @param int $user_id
|
||||
*
|
||||
* @return string
|
||||
*/
|
||||
function um_edit_profile_url() {
|
||||
function um_edit_profile_url( $user_id = null ) {
|
||||
if ( um_is_core_page( 'user' ) ) {
|
||||
$url = UM()->permalinks()->get_current_url();
|
||||
} else {
|
||||
$url = um_user_profile_url();
|
||||
$url = isset( $user_id ) ? um_user_profile_url( $user_id ) : um_user_profile_url();
|
||||
}
|
||||
|
||||
$url = remove_query_arg( 'profiletab', $url );
|
||||
|
||||
@@ -166,6 +166,8 @@ The plugin works with popular caching plugins by automatically excluding Ultimat
|
||||
* Enhancements:
|
||||
|
||||
- Added: 'um_ignore_restricted_title' hook for workaround show post title of the restricted post
|
||||
- Added: Disable pre-queries for restriction content logic ('disable_restriction_pre_queries') option for backward compatibility with business logic where 404 error for restricted content isn't a good way
|
||||
- Added: Replace the restricted Post Title ('restricted_post_title_replace') option for ability to disable restricted post's title replace
|
||||
|
||||
* Bugfixes:
|
||||
|
||||
@@ -181,6 +183,7 @@ The plugin works with popular caching plugins by automatically excluding Ultimat
|
||||
- Fixed: The "Assignment to constant variable" JS error on some sites
|
||||
- Fixed: Keep description formatting in a view mode
|
||||
- Fixed: Profile form nonce handling, security enhancement
|
||||
- Fixed: `um_edit_profile_url()`` function and added $user_id attribute
|
||||
- Optimized: Restriction content handlers, avoid queries duplicates or unnecessary queries
|
||||
|
||||
= 2.2.2: August 3, 2021 =
|
||||
|
||||
Reference in New Issue
Block a user