- xss security fix;

This commit is contained in:
nikitasinelnikov
2019-07-11 18:50:41 +03:00
parent 1014b0ffaa
commit 17acd0eb82
5 changed files with 57 additions and 25 deletions
+5 -2
View File
@@ -1444,9 +1444,12 @@ function um_profile_menu( $args ) {
$active_subnav = ( UM()->profile()->active_subnav() ) ? UM()->profile()->active_subnav() : $tab['subnav_default']; ?>
<div class="um-profile-subnav">
<?php foreach ( $tab['subnav'] as $id_s => $subtab ) { ?>
<?php foreach ( $tab['subnav'] as $id_s => $subtab ) {
<a href="<?php echo add_query_arg( 'subnav', $id_s ); ?>" class="<?php if ( $active_subnav == $id_s ) echo 'active'; ?>">
$subnav_link = add_query_arg( 'subnav', $id_s );
$subnav_link = apply_filters( 'um_user_profile_subnav_link', $subnav_link, $id_s, $subtab ); ?>
<a href="<?php echo $subnav_link; ?>" class="<?php if ( $active_subnav == $id_s ) echo 'active'; ?>">
<?php echo $subtab; ?>
</a>
+18 -1
View File
@@ -59,4 +59,21 @@ function um_account_disable_name_fields( $fields ){
return $fields;
}
add_filter( "um_get_field__first_name","um_account_disable_name_fields", 10 ,1 );
add_filter( "um_get_field__last_name","um_account_disable_name_fields", 10 ,1 );
add_filter( "um_get_field__last_name","um_account_disable_name_fields", 10 ,1 );
/**
* Sanitize inputs on Account update
*
* @param $data
*
* @return mixed
*/
function um_account_sanitize_data( $data ) {
foreach ( $data as $key => $value ) {
$data[ $key ] = trim( esc_html( strip_tags( $value ) ) );
}
return $data;
}
add_filter( 'um_account_pre_updating_profile_array', 'um_account_sanitize_data', 10, 1 );