- fixed member directory scripts enqueue;

- added integration with User Location extension;
- sanitize $_GET variables in wp-admin side;
This commit is contained in:
nikitasinelnikov
2020-02-12 12:36:47 +02:00
parent 7ab7a06b75
commit 2d36eaea36
15 changed files with 65 additions and 48 deletions
+6 -2
View File
@@ -96,7 +96,8 @@ if ( ! class_exists( 'um\admin\core\Admin_Enqueue' ) ) {
*
*/
function enqueue_cpt_scripts() {
if ( ( isset( $_GET['post_type'] ) && 'um_form' == $_GET['post_type'] ) || ( isset( $_GET['post'] ) && 'um_form' == get_post_type( $_GET['post'] ) ) ) {
if ( ( isset( $_GET['post_type'] ) && 'um_form' == sanitize_key( $_GET['post_type'] ) ) ||
( isset( $_GET['post'] ) && 'um_form' == get_post_type( absint( $_GET['post'] ) ) ) ) {
$this->um_cpt_form_screen = true;
add_action( 'admin_footer', array( $this, 'admin_footer_scripts' ), 20 );
}
@@ -105,6 +106,9 @@ if ( ! class_exists( 'um\admin\core\Admin_Enqueue' ) ) {
}
/**
*
*/
function enqueue_frontend_preview_assets() {
//scripts for FRONTEND PREVIEW
if ( class_exists( 'WooCommerce' ) ) {
@@ -293,7 +297,7 @@ if ( ! class_exists( 'um\admin\core\Admin_Enqueue' ) ) {
$hide_footer = false;
global $pagenow, $post;
if ( ( 'post.php' == $pagenow || 'post-new.php' == $pagenow ) &&
( ( isset( $_GET['post_type'] ) && 'um_form' == $_GET['post_type'] ) ||
( ( isset( $_GET['post_type'] ) && 'um_form' == sanitize_key( $_GET['post_type'] ) ) ||
( isset( $post->post_type ) && 'um_form' == $post->post_type ) ) ) {
$hide_footer = true;
}
+1 -1
View File
@@ -191,7 +191,7 @@ if ( ! class_exists( 'um\admin\core\Admin_Menu' ) ) {
function um_roles_pages() {
if ( empty( $_GET['tab'] ) ) {
include_once um_path . 'includes/admin/core/list-tables/roles-list-table.php';
} elseif ( $_GET['tab'] == 'add' || $_GET['tab'] == 'edit' ) {
} elseif ( sanitize_key( $_GET['tab'] ) == 'add' || sanitize_key( $_GET['tab'] ) == 'edit' ) {
include_once um_path . 'includes/admin/templates/role/role-edit.php';
} else {
um_js_redirect( add_query_arg( array( 'page' => 'um_roles' ), get_admin_url( 'admin.php' ) ) );
+6 -5
View File
@@ -55,7 +55,7 @@ if ( ! class_exists( 'um\admin\core\Admin_Metabox' ) ) {
*/
function hide_metabox_restrict_content_shop( $hide ) {
if ( function_exists( 'wc_get_page_id' ) && ! empty( $_GET['post'] ) &&
$_GET['post'] == wc_get_page_id( 'shop' ) ) {
absint( $_GET['post'] ) == wc_get_page_id( 'shop' ) ) {
return true;
}
@@ -838,7 +838,7 @@ if ( ! class_exists( 'um\admin\core\Admin_Metabox' ) ) {
)
);
if ( ! isset( $_GET['id'] ) || 'administrator' != $_GET['id'] ) {
if ( ! isset( $_GET['id'] ) || 'administrator' != sanitize_key( $_GET['id'] ) ) {
$roles_metaboxes[] = array(
'id' => 'um-admin-form-home',
'title' => __( 'Homepage Options', 'ultimate-member' ),
@@ -925,11 +925,12 @@ if ( ! class_exists( 'um\admin\core\Admin_Metabox' ) ) {
$wp_caps_metabox = false;
if ( ! empty( $_GET['id'] ) ) {
$data = get_option( "um_role_{$_GET['id']}_meta" );
if ( ! empty( $data['_um_is_custom'] ) )
$data = get_option( 'um_role_' . sanitize_key( $_GET['id'] ) . '_meta' );
if ( ! empty( $data['_um_is_custom'] ) ) {
$wp_caps_metabox = true;
}
}
if ( 'add' == $_GET['tab'] || $wp_caps_metabox ) {
if ( 'add' == sanitize_key( $_GET['tab'] ) || $wp_caps_metabox ) {
$roles_metaboxes[] = array(
'id' => 'um-admin-form-wp-capabilities',
'title' => __( 'WP Capabilities', 'ultimate-member' ),
+2 -2
View File
@@ -578,8 +578,8 @@ if ( ! class_exists( 'um\admin\core\Admin_Notices' ) ) {
'message' => $message,
), 4 );
} else {
if ( isset( $_GET['msg'] ) && 'updated' == $_GET['msg'] ) {
if ( isset( $_GET['page'] ) && 'um_options' == $_GET['page'] ) {
if ( isset( $_GET['msg'] ) && 'updated' == sanitize_key( $_GET['msg'] ) ) {
if ( isset( $_GET['page'] ) && 'um_options' == sanitize_key( $_GET['page'] ) ) {
$this->add_notice( 'settings_upgrade', array(
'class' => 'updated',
'message' => '<p>' . __( 'Settings successfully upgraded', 'ultimate-member' ) . '</p>',
+1 -1
View File
@@ -1415,7 +1415,7 @@ if ( ! class_exists( 'um\admin\core\Admin_Settings' ) ) {
$current_tab = empty( $_GET['tab'] ) ? '' : urldecode( $_GET['tab'] );
$current_subtab = empty( $_GET['section'] ) ? '' : urldecode( $_GET['section'] );
$settings_struct = $this->settings_structure[$current_tab];
$settings_struct = $this->settings_structure[ $current_tab ];
//remove not option hidden fields
if ( ! empty( $settings_struct['fields'] ) ) {
@@ -1,19 +1,19 @@
<?php if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
<?php if ( ! defined( 'ABSPATH' ) ) exit;
global $wpdb;
if ( isset($_REQUEST['_wp_http_referer']) ) {
$redirect = remove_query_arg(array('_wp_http_referer' ), wp_unslash( $_REQUEST['_wp_http_referer'] ) );
if ( isset( $_REQUEST['_wp_http_referer'] ) ) {
$redirect = remove_query_arg( array( '_wp_http_referer' ), wp_unslash( $_REQUEST['_wp_http_referer'] ) );
} else {
$redirect = get_admin_url(). 'admin.php?page=ultimatemember';
}
//remove extra query arg
if ( !empty( $_GET['_wp_http_referer'] ) ) {
um_js_redirect( remove_query_arg( array( '_wp_http_referer', '_wpnonce'), wp_unslash( $_SERVER['REQUEST_URI'] ) ) );
if ( ! empty( $_GET['_wp_http_referer'] ) ) {
um_js_redirect( remove_query_arg( array( '_wp_http_referer', '_wpnonce' ), wp_unslash( $_SERVER['REQUEST_URI'] ) ) );
}
if( ! class_exists( 'WP_List_Table' ) ) {
if ( ! class_exists( 'WP_List_Table' ) ) {
require_once( ABSPATH . 'wp-admin/includes/class-wp-list-table.php' );
}
@@ -320,9 +320,5 @@ $ListTable->wpc_set_pagination_args( array( 'total_items' => count( $emails ), '
<input type="hidden" name="page" value="um_options" />
<input type="hidden" name="tab" value="email" />
<?php if ( ! empty( $_GET['section'] ) ) { ?>
<input type="hidden" name="section" value="<?php echo esc_attr( $_GET['section'] ) ?>" />
<?php }
$ListTable->display(); ?>
<?php $ListTable->display(); ?>
</form>
@@ -3,7 +3,7 @@
global $wpdb;
if ( isset( $_REQUEST['_wp_http_referer'] ) ) {
$redirect = remove_query_arg(array('_wp_http_referer' ), wp_unslash( $_REQUEST['_wp_http_referer'] ) );
$redirect = remove_query_arg( array( '_wp_http_referer' ), wp_unslash( $_REQUEST['_wp_http_referer'] ) );
} else {
$redirect = get_admin_url(). 'admin.php?page=um_roles';
}
@@ -11,7 +11,7 @@ if ( isset( $_REQUEST['_wp_http_referer'] ) ) {
global $wp_roles;
if ( isset( $_GET['action'] ) ) {
switch ( $_GET['action'] ) {
switch ( sanitize_key( $_GET['action'] ) ) {
/* delete action */
case 'delete': {
$role_keys = array();
@@ -117,7 +117,7 @@ if ( ! empty( $_GET['_wp_http_referer'] ) ) {
}
$order_by = 'name';
$order = ( isset( $_GET['order'] ) && 'asc' == strtolower( $_GET['order'] ) ) ? 'ASC' : 'DESC';
$order = ( isset( $_GET['order'] ) && 'asc' == strtolower( sanitize_key( $_GET['order'] ) ) ) ? 'ASC' : 'DESC';
if ( ! class_exists( 'WP_List_Table' ) ) {
require_once( ABSPATH . 'wp-admin/includes/class-wp-list-table.php' );
@@ -487,7 +487,7 @@ $ListTable->um_set_pagination_args( array( 'total_items' => count( $roles ), 'pe
</h2>
<?php if ( ! empty( $_GET['msg'] ) ) {
switch( $_GET['msg'] ) {
switch( sanitize_key( $_GET['msg'] ) ) {
case 'd':
echo '<div id="message" class="updated fade"><p>' . __( 'User Role <strong>Deleted</strong> Successfully.', 'ultimate-member' ) . '</p></div>';
break;