- fixed member directory scripts enqueue;

- added integration with User Location extension;
- sanitize $_GET variables in wp-admin side;
This commit is contained in:
nikitasinelnikov
2020-02-12 12:36:47 +02:00
parent 7ab7a06b75
commit 2d36eaea36
15 changed files with 65 additions and 48 deletions
@@ -1,19 +1,19 @@
<?php if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
<?php if ( ! defined( 'ABSPATH' ) ) exit;
global $wpdb;
if ( isset($_REQUEST['_wp_http_referer']) ) {
$redirect = remove_query_arg(array('_wp_http_referer' ), wp_unslash( $_REQUEST['_wp_http_referer'] ) );
if ( isset( $_REQUEST['_wp_http_referer'] ) ) {
$redirect = remove_query_arg( array( '_wp_http_referer' ), wp_unslash( $_REQUEST['_wp_http_referer'] ) );
} else {
$redirect = get_admin_url(). 'admin.php?page=ultimatemember';
}
//remove extra query arg
if ( !empty( $_GET['_wp_http_referer'] ) ) {
um_js_redirect( remove_query_arg( array( '_wp_http_referer', '_wpnonce'), wp_unslash( $_SERVER['REQUEST_URI'] ) ) );
if ( ! empty( $_GET['_wp_http_referer'] ) ) {
um_js_redirect( remove_query_arg( array( '_wp_http_referer', '_wpnonce' ), wp_unslash( $_SERVER['REQUEST_URI'] ) ) );
}
if( ! class_exists( 'WP_List_Table' ) ) {
if ( ! class_exists( 'WP_List_Table' ) ) {
require_once( ABSPATH . 'wp-admin/includes/class-wp-list-table.php' );
}
@@ -320,9 +320,5 @@ $ListTable->wpc_set_pagination_args( array( 'total_items' => count( $emails ), '
<input type="hidden" name="page" value="um_options" />
<input type="hidden" name="tab" value="email" />
<?php if ( ! empty( $_GET['section'] ) ) { ?>
<input type="hidden" name="section" value="<?php echo esc_attr( $_GET['section'] ) ?>" />
<?php }
$ListTable->display(); ?>
<?php $ListTable->display(); ?>
</form>
@@ -3,7 +3,7 @@
global $wpdb;
if ( isset( $_REQUEST['_wp_http_referer'] ) ) {
$redirect = remove_query_arg(array('_wp_http_referer' ), wp_unslash( $_REQUEST['_wp_http_referer'] ) );
$redirect = remove_query_arg( array( '_wp_http_referer' ), wp_unslash( $_REQUEST['_wp_http_referer'] ) );
} else {
$redirect = get_admin_url(). 'admin.php?page=um_roles';
}
@@ -11,7 +11,7 @@ if ( isset( $_REQUEST['_wp_http_referer'] ) ) {
global $wp_roles;
if ( isset( $_GET['action'] ) ) {
switch ( $_GET['action'] ) {
switch ( sanitize_key( $_GET['action'] ) ) {
/* delete action */
case 'delete': {
$role_keys = array();
@@ -117,7 +117,7 @@ if ( ! empty( $_GET['_wp_http_referer'] ) ) {
}
$order_by = 'name';
$order = ( isset( $_GET['order'] ) && 'asc' == strtolower( $_GET['order'] ) ) ? 'ASC' : 'DESC';
$order = ( isset( $_GET['order'] ) && 'asc' == strtolower( sanitize_key( $_GET['order'] ) ) ) ? 'ASC' : 'DESC';
if ( ! class_exists( 'WP_List_Table' ) ) {
require_once( ABSPATH . 'wp-admin/includes/class-wp-list-table.php' );
@@ -487,7 +487,7 @@ $ListTable->um_set_pagination_args( array( 'total_items' => count( $roles ), 'pe
</h2>
<?php if ( ! empty( $_GET['msg'] ) ) {
switch( $_GET['msg'] ) {
switch( sanitize_key( $_GET['msg'] ) ) {
case 'd':
echo '<div id="message" class="updated fade"><p>' . __( 'User Role <strong>Deleted</strong> Successfully.', 'ultimate-member' ) . '</p></div>';
break;