diff --git a/assets/js/um-modal.js b/assets/js/um-modal.js index 96f376f6..01e6fb4b 100644 --- a/assets/js/um-modal.js +++ b/assets/js/um-modal.js @@ -102,6 +102,7 @@ jQuery(document).ready(function() { user_id = jQuery(this).parents('#um_upload_single').data('user_id'); } + var d; var form_id = 0; var mode = ''; if ( jQuery('div.um-field-image[data-key="' + key + '"]').length === 1 ) { diff --git a/assets/js/um-modal.min.js b/assets/js/um-modal.min.js index 980083c0..049c896f 100644 --- a/assets/js/um-modal.min.js +++ b/assets/js/um-modal.min.js @@ -1 +1 @@ -jQuery(document).ready(function(){jQuery(document).on("click",".um-popup-overlay",function(){remove_Modal()}),jQuery(document).on("click",'.um-modal-overlay, a[data-action="um_remove_modal"]',function(){um_remove_modal()}),jQuery(document).on("click",'a[data-modal^="um_"], span[data-modal^="um_"], .um-modal:not(:has(.um-form)) a',function(e){return e.preventDefault(),!1}),jQuery(document).on("click",".um-modal .um-single-file-preview a.cancel",function(e){e.preventDefault();var a=jQuery(this).parents(".um-modal-body"),t=jQuery(this).parents(".um-modal-body").find(".um-single-fileinfo a").attr("href"),i=a.find(".um-single-file-upload").data("set_mode");return jQuery.ajax({url:wp.ajax.settings.url,type:"post",data:{action:"um_remove_file",src:t,mode:i,nonce:um_scripts.nonce},success:function(){a.find(".um-single-file-preview").hide(),a.find(".ajax-upload-dragdrop").show(),a.find(".um-modal-btn.um-finish-upload").addClass("disabled"),um_modal_responsive()}}),!1}),jQuery(document).on("click",".um-modal .um-single-image-preview a.cancel",function(e){e.preventDefault();var a=jQuery(this).parents(".um-modal-body"),t=jQuery(this).parents(".um-modal-body").find(".um-single-image-preview img").attr("src"),i=a.find(".um-single-image-upload").data("set_mode");return jQuery.ajax({url:wp.ajax.settings.url,type:"post",data:{action:"um_remove_file",src:t,mode:i,nonce:um_scripts.nonce},success:function(){jQuery("img.cropper-hidden").cropper("destroy"),a.find(".um-single-image-preview img").attr("src",""),a.find(".um-single-image-preview").hide(),a.find(".ajax-upload-dragdrop").show(),a.find(".um-modal-btn.um-finish-upload").addClass("disabled"),um_modal_responsive()}}),!1}),jQuery(document).on("click",".um-finish-upload.file:not(.disabled)",function(){var e=jQuery(this).attr("data-key"),a=jQuery(this).parents(".um-modal-body").find(".um-single-file-preview").html();um_remove_modal(),jQuery(".um-single-file-preview[data-key="+e+"]").fadeIn().html(a);var t=jQuery(".um-field[data-key="+e+"]").find(".um-single-fileinfo a").data("file");jQuery(".um-single-file-preview[data-key="+e+"]").parents(".um-field").find(".um-btn-auto-width").html(jQuery(this).attr("data-change")),jQuery(".um-single-file-preview[data-key="+e+"]").parents(".um-field").find('input[type="hidden"]').val(t)}),jQuery(document).on("click",".um-finish-upload.image:not(.disabled)",function(){var a=jQuery(this),t=jQuery(this).attr("data-key"),e=jQuery(this).parents(".um-modal-body").find(".um-single-image-preview"),i=e.find("img").attr("src"),r=e.attr("data-coord"),u=e.find("img").data("file"),m=0;jQuery(this).parents("#um_upload_single").data("user_id")&&(m=jQuery(this).parents("#um_upload_single").data("user_id"));var n=0,o="";if(1===jQuery('div.um-field-image[data-key="'+t+'"]').length){var s=jQuery('div.um-field-image[data-key="'+t+'"]').closest(".um-form");n=s.find('input[name="form_id"]').val(),o=s.attr("data-mode")}r?(jQuery(this).html(jQuery(this).attr("data-processing")).addClass("disabled"),jQuery.ajax({url:wp.ajax.settings.url,type:"POST",dataType:"json",data:{action:"um_resize_image",src:i,coord:r,user_id:m,key:t,set_id:n,set_mode:o,nonce:um_scripts.nonce},success:function(e){e.success&&(d=new Date,"profile_photo"===t?jQuery(".um-profile-photo-img img").attr("src",e.data.image.source_url+"?"+d.getTime()):"cover_photo"===t&&(jQuery(".um-cover-e").empty().html(''),jQuery(".um").hasClass("um-editing")&&jQuery(".um-cover-overlay").show()),jQuery(".um-single-image-preview[data-key="+t+"]").fadeIn().find("img").attr("src",e.data.image.source_url+"?"+d.getTime()),um_remove_modal(),jQuery("img.cropper-invisible").remove(),jQuery(".um-single-image-preview[data-key="+t+"]").parents(".um-field").find(".um-btn-auto-width").html(a.attr("data-change")),jQuery(".um-single-image-preview[data-key="+t+"]").parents(".um-field").find('input[type="hidden"]').val(e.data.image.filename))}})):(d=new Date,jQuery(".um-single-image-preview[data-key="+t+"]").fadeIn().find("img").attr("src",i+"?"+d.getTime()),um_remove_modal(),jQuery(".um-single-image-preview[data-key="+t+"]").parents(".um-field").find(".um-btn-auto-width").html(a.attr("data-change")),jQuery(".um-single-image-preview[data-key="+t+"]").parents(".um-field").find("input[type=hidden]").val(u))}),jQuery(document.body).on("click",'a[data-modal^="um_"], span[data-modal^="um_"]',function(e){var a=jQuery(this).attr("data-modal"),t="normal";jQuery(this).data("modal-size")&&(t=jQuery(this).data("modal-size")),jQuery(this).data("modal-copy")&&(jQuery("#"+a).html(jQuery(this).parents(".um-field").find(".um-modal-hidden-content").html()),jQuery(this).parents(".um-profile-photo").attr("data-user_id")&&jQuery("#"+a).attr("data-user_id",jQuery(this).parents(".um-profile-photo").attr("data-user_id")),jQuery(this).parents(".um-cover").attr("data-ratio")&&jQuery("#"+a).attr("data-ratio",jQuery(this).parents(".um-cover").attr("data-ratio")),jQuery(this).parents(".um-cover").attr("data-user_id")&&jQuery("#"+a).attr("data-user_id",jQuery(this).parents(".um-cover").attr("data-user_id")),0'),jQuery(".um").hasClass("um-editing")&&jQuery(".um-cover-overlay").show()),jQuery(".um-single-image-preview[data-key="+i+"]").fadeIn().find("img").attr("src",e.data.image.source_url+"?"+a.getTime()),um_remove_modal(),jQuery("img.cropper-invisible").remove(),jQuery(".um-single-image-preview[data-key="+i+"]").parents(".um-field").find(".um-btn-auto-width").html(t.attr("data-change")),jQuery(".um-single-image-preview[data-key="+i+"]").parents(".um-field").find('input[type="hidden"]').val(e.data.image.filename))}})):(a=new Date,jQuery(".um-single-image-preview[data-key="+i+"]").fadeIn().find("img").attr("src",r+"?"+a.getTime()),um_remove_modal(),jQuery(".um-single-image-preview[data-key="+i+"]").parents(".um-field").find(".um-btn-auto-width").html(t.attr("data-change")),jQuery(".um-single-image-preview[data-key="+i+"]").parents(".um-field").find("input[type=hidden]").val(d))}),jQuery(document.body).on("click",'a[data-modal^="um_"], span[data-modal^="um_"]',function(e){var a=jQuery(this).attr("data-modal"),t="normal";jQuery(this).data("modal-size")&&(t=jQuery(this).data("modal-size")),jQuery(this).data("modal-copy")&&(jQuery("#"+a).html(jQuery(this).parents(".um-field").find(".um-modal-hidden-content").html()),jQuery(this).parents(".um-profile-photo").attr("data-user_id")&&jQuery("#"+a).attr("data-user_id",jQuery(this).parents(".um-profile-photo").attr("data-user_id")),jQuery(this).parents(".um-cover").attr("data-ratio")&&jQuery("#"+a).attr("data-ratio",jQuery(this).parents(".um-cover").attr("data-ratio")),jQuery(this).parents(".um-cover").attr("data-user_id")&&jQuery("#"+a).attr("data-user_id",jQuery(this).parents(".um-cover").attr("data-user_id")),0 $value ) { - - $key = sanitize_key( $key ); + // don't use sanitize_key here because of a key can be in Uppercase + $key = sanitize_text_field( $key ); // adding rows if ( 0 === strpos( $key, '_um_row_' ) ) { diff --git a/includes/admin/core/class-admin-notices.php b/includes/admin/core/class-admin-notices.php index 61a32bcd..50d7fe51 100644 --- a/includes/admin/core/class-admin-notices.php +++ b/includes/admin/core/class-admin-notices.php @@ -48,7 +48,8 @@ if ( ! class_exists( 'um\admin\core\Admin_Notices' ) ) { $this->need_upgrade(); $this->check_wrong_licenses(); - $this->reviews_notice(); + // removed for now to avoid the bad reviews + //$this->reviews_notice(); //$this->future_changed(); diff --git a/includes/core/class-access.php b/includes/core/class-access.php index 43f7ac18..5073d5bb 100644 --- a/includes/core/class-access.php +++ b/includes/core/class-access.php @@ -35,14 +35,6 @@ if ( ! class_exists( 'um\core\Access' ) ) { private $allow_access; - /** - * @var \WP_Post - */ - private $current_single_post; - - - private $ignore_terms_exclude = false; - private $ignore_exclude = false; @@ -55,62 +47,391 @@ if ( ! class_exists( 'um\core\Access' ) ) { $this->redirect_handler = false; $this->allow_access = false; - // callbacks for changing posts query - add_action( 'pre_get_posts', array( &$this, 'exclude_posts' ), 99, 1 ); - - add_filter( 'posts_where', array( &$this, 'exclude_posts_where' ), 10, 2 ); - - add_filter( 'get_next_post_where', array( &$this, 'exclude_navigation_posts' ), 99, 5 ); - add_filter( 'get_previous_post_where', array( &$this, 'exclude_navigation_posts' ), 99, 5 ); - add_filter( 'widget_posts_args', array( &$this, 'exclude_restricted_posts_widget' ), 99, 1 ); - - add_filter( 'wp_count_posts', array( &$this, 'custom_count_posts_handler' ), 99, 3 ); - add_filter( 'getarchives_where', array( &$this, 'exclude_restricted_posts_archives_widget' ), 99, 2 ); + // NEW HOOKS // callbacks for changing terms query add_action( 'pre_get_terms', array( &$this, 'exclude_hidden_terms_query' ), 99, 1 ); - // callbacks for changing comments query - add_action( 'pre_get_comments', array( &$this, 'exclude_posts_comments' ), 99, 1 ); - add_filter( 'comment_feed_where', array( &$this, 'exclude_posts_comments_feed' ), 99, 2 ); - add_filter( 'wp_count_comments', array( &$this, 'custom_comments_count_handler' ), 99, 2 ); - /* Disable comments if user has not permission to access current post */ - add_filter( 'comments_open', array( $this, 'disable_comments_open' ), 99, 2 ); - add_filter( 'get_comments_number', array( $this, 'disable_comments_open_number' ), 99, 2 ); + // Change recent posts widget query + add_filter( 'widget_posts_args', array( &$this, 'exclude_restricted_posts_widget' ), 99, 1 ); + // Exclude pages displayed by wp_list_pages function + add_filter( 'wp_list_pages_excludes', array( &$this, 'exclude_restricted_pages' ), 10, 1 ); + // Archives list change where based on restricted posts + add_filter( 'getarchives_where', array( &$this, 'exclude_restricted_posts_archives_widget' ), 99, 2 ); - //there is posts (Posts/Page/CPT) filtration if site is accessible - //there also will be redirects if they need - //protect posts types - add_filter( 'the_posts', array( &$this, 'filter_protected_posts' ), 99, 2 ); - //protect pages for wp_list_pages func - add_filter( 'get_pages', array( &$this, 'filter_protected_posts' ), 99, 2 ); + // Navigation line below the post content, change query to exclude restricted + add_filter( 'get_next_post_where', array( &$this, 'exclude_navigation_posts' ), 99, 5 ); + add_filter( 'get_previous_post_where', array( &$this, 'exclude_navigation_posts' ), 99, 5 ); + // callbacks for changing posts query + add_action( 'pre_get_posts', array( &$this, 'exclude_posts' ), 99, 1 ); + add_filter( 'posts_where', array( &$this, 'exclude_posts_where' ), 10, 2 ); + add_filter( 'wp_count_posts', array( &$this, 'custom_count_posts_handler' ), 99, 3 ); + + // change the title of the post add_filter( 'the_title', array( &$this, 'filter_restricted_post_title' ), 10, 2 ); + // change the content of the restricted post + add_filter( 'the_content', array( &$this, 'filter_restricted_post_content' ), 999999, 1 ); + // change the excerpt of the restricted post + add_filter( 'get_the_excerpt', array( &$this, 'filter_restricted_post_excerpt' ), 999999, 2 ); - //filter menu items - add_filter( 'wp_nav_menu_objects', array( &$this, 'filter_menu' ), 99, 2 ); - // blocks restrictions - add_filter( 'render_block', array( $this, 'restrict_blocks' ), 10, 2 ); - - //filter attachment + // filter attachment add_filter( 'wp_get_attachment_url', array( &$this, 'filter_attachment' ), 99, 2 ); add_filter( 'has_post_thumbnail', array( &$this, 'filter_post_thumbnail' ), 99, 3 ); - // turn on/off content replacement on the filter 'the_content' - add_action( 'get_header', array( &$this, 'replace_post_content_on' ), 12 ); - add_action( 'get_footer', array( &$this, 'replace_post_content_off' ), 8 ); - // turn on/off content replacement on the filter 'the_content' with the theme "Avada" - add_action( 'avada_before_body_content', array( &$this, 'replace_post_content_off' ), 8 ); - add_action( 'avada_before_main_container', array( &$this, 'replace_post_content_on' ), 12 ); - add_action( 'avada_after_main_content', array( &$this, 'replace_post_content_off' ), 8 ); + // comments queries + add_action( 'pre_get_comments', array( &$this, 'exclude_posts_comments' ), 99, 1 ); + add_filter( 'wp_count_comments', array( &$this, 'custom_comments_count_handler' ), 99, 2 ); + // comments RSS + add_filter( 'comment_feed_where', array( &$this, 'exclude_posts_comments_feed' ), 99, 2 ); + // Disable comments if user has not permission to access current post + add_filter( 'comments_open', array( $this, 'disable_comments_open' ), 99, 2 ); + add_filter( 'get_comments_number', array( $this, 'disable_comments_open_number' ), 99, 2 ); - //check the site's accessible more priority have Individual Post/Term Restriction settings + // filter menu items + add_filter( 'wp_nav_menu_objects', array( &$this, 'filter_menu' ), 99, 2 ); + + // Gutenberg blocks restrictions + add_filter( 'render_block', array( $this, 'restrict_blocks' ), 10, 2 ); + + // there is posts (Posts/Page/CPT) filtration if site is accessible + // there also will be redirects if they need + // protect posts types + add_filter( 'the_posts', array( &$this, 'filter_protected_posts' ), 99, 2 ); + // protect pages for wp_list_pages func + add_filter( 'get_pages', array( &$this, 'filter_protected_posts' ), 99, 2 ); + + // check the site's accessible more priority have Individual Post/Term Restriction settings add_action( 'template_redirect', array( &$this, 'template_redirect' ), 1000 ); add_action( 'um_access_check_individual_term_settings', array( &$this, 'um_access_check_individual_term_settings' ) ); add_action( 'um_access_check_global_settings', array( &$this, 'um_access_check_global_settings' ) ); } + /** + * Get array with restricted posts + * + * @param bool $force + * @param bool|array|string $post_types + * + * @return array + */ + function exclude_posts_array( $force = false, $post_types = false ) { + if ( $this->ignore_exclude ) { + return array(); + } + + static $cache = array(); + + $cache_key = $force ? 'force' : 'default'; + + // `force` cache contains all restricted post IDs we can get them all from cache instead new queries + $force_cache_key = ''; + if ( 'default' === $cache_key ) { + $force_cache_key = 'force'; + } + + // make $post_types as array if string + if ( ! empty( $post_types ) ) { + $post_types = is_array( $post_types ) ? $post_types : array( $post_types ); + $cache_key .= md5( serialize( $post_types ) ); + if ( ! empty( $force_cache_key ) ) { + $force_cache_key .= md5( serialize( $post_types ) ); + } + } + + if ( array_key_exists( $cache_key, $cache ) ) { + return $cache[ $cache_key ]; + } + + $exclude_posts = array(); + if ( current_user_can( 'administrator' ) ) { + $cache[ $cache_key ] = $exclude_posts; + return $exclude_posts; + } + + // @todo using Object Cache `wp_cache_get()` `wp_cache_set()` functions + + // `force` cache contains all restricted post IDs we can get them all from cache instead new queries + if ( ! empty( $force_cache_key ) && array_key_exists( $force_cache_key, $cache ) ) { + $post_ids = $cache[ $force_cache_key ]; + + if ( ! empty( $post_ids ) ) { + foreach ( $post_ids as $post_id ) { + $content_restriction = $this->get_post_privacy_settings( $post_id ); + if ( ! empty( $content_restriction['_um_access_hide_from_queries'] ) ) { + array_push( $exclude_posts, $post_id ); + } + } + } + } else { + $restricted_posts = UM()->options()->get( 'restricted_access_post_metabox' ); + $restricted_posts = array_keys( $restricted_posts ); + if ( ! empty( $post_types ) ) { + $restricted_posts = array_intersect( $post_types, $restricted_posts ); + } + + if ( ! empty( $restricted_posts ) ) { + $this->ignore_exclude = true; + // exclude all posts assigned to current term without individual restriction settings + $post_ids = get_posts( + array( + 'fields' => 'ids', + 'post_status' => 'any', + 'post_type' => $restricted_posts, + 'numberposts' => -1, + 'meta_query' => array( + array( + 'key' => 'um_content_restriction', + 'compare' => 'EXISTS', + ), + ), + ) + ); + + $this->ignore_exclude = false; + } + + $post_ids = empty( $post_ids ) ? array() : $post_ids; + + $restricted_taxonomies = UM()->options()->get( 'restricted_access_taxonomy_metabox' ); + + if ( ! empty( $restricted_taxonomies ) ) { + $restricted_taxonomies = array_keys( $restricted_taxonomies ); + foreach ( $restricted_taxonomies as $k => $taxonomy ) { + if ( ! taxonomy_exists( $taxonomy ) ) { + unset( $restricted_taxonomies[ $k ] ); + } + } + $restricted_taxonomies = array_values( $restricted_taxonomies ); + + if ( ! empty( $post_types ) ) { + $taxonomies = array(); + foreach ( $post_types as $p_t ) { + $taxonomies = array_merge( $taxonomies, get_object_taxonomies( $p_t ) ); + } + $restricted_taxonomies = array_intersect( $taxonomies, $restricted_taxonomies ); + } + } + + if ( ! empty( $restricted_taxonomies ) ) { + global $wpdb; + + $terms = $wpdb->get_results( + "SELECT tm.term_id AS term_id, + tt.taxonomy AS taxonomy + FROM {$wpdb->termmeta} tm + LEFT JOIN {$wpdb->term_taxonomy} tt ON tt.term_id = tm.term_id + WHERE tm.meta_key = 'um_content_restriction' AND + tt.taxonomy IN('" . implode( "','", $restricted_taxonomies ) . "')", + ARRAY_A + ); + + if ( ! empty( $terms ) ) { + foreach ( $terms as $term ) { + if ( ! $this->is_restricted_term( $term['term_id'] ) ) { + continue; + } + + $this->ignore_exclude = true; + // exclude all posts assigned to current term without individual restriction settings + $posts = get_posts( + array( + 'fields' => 'ids', + 'post_status' => 'any', + 'numberposts' => -1, + 'tax_query' => array( + array( + 'taxonomy' => $term['taxonomy'], + 'field' => 'id', + 'terms' => $term['term_id'], + ), + ), + 'meta_query' => array( + 'relation' => 'OR', + array( + 'relation' => 'AND', + array( + 'key' => 'um_content_restriction', + 'value' => 's:26:"_um_custom_access_settings";s:1:"1"', + 'compare' => 'NOT LIKE', + ), + array( + 'key' => 'um_content_restriction', + 'value' => 's:26:"_um_custom_access_settings";b:1', + 'compare' => 'NOT LIKE', + ), + ), + array( + 'key' => 'um_content_restriction', + 'compare' => 'NOT EXISTS', + ), + ), + ) + ); + $this->ignore_exclude = false; + + if ( empty( $posts ) ) { + continue; + } + + $post_ids = array_merge( $post_ids, $posts ); + } + } + } + + if ( ! empty( $post_ids ) ) { + $post_ids = array_unique( $post_ids ); + + foreach ( $post_ids as $post_id ) { + // handle every post privacy setting based on post type maybe it's inactive for now + // if individual restriction is enabled then get post terms restriction settings + if ( $this->is_restricted( $post_id ) ) { + if ( true === $force ) { + array_push( $exclude_posts, $post_id ); + } else { + $content_restriction = $this->get_post_privacy_settings( $post_id ); + if ( ! empty( $content_restriction['_um_access_hide_from_queries'] ) ) { + array_push( $exclude_posts, $post_id ); + } + } + } + } + } + } + + $exclude_posts = apply_filters( 'um_exclude_restricted_posts_ids', $exclude_posts, $force ); + + $cache[ $cache_key ] = $exclude_posts; + return $exclude_posts; + } + + + + /** + * Get array with restricted terms + * + * @param \WP_Term_Query $query + * + * @return array + */ + function exclude_terms_array( $query ) { + $exclude = array(); + + $restricted_taxonomies = UM()->options()->get( 'restricted_access_taxonomy_metabox' ); + if ( ! empty( $restricted_taxonomies ) ) { + $restricted_taxonomies = array_keys( $restricted_taxonomies ); + foreach ( $restricted_taxonomies as $k => $taxonomy ) { + if ( ! taxonomy_exists( $taxonomy ) ) { + unset( $restricted_taxonomies[ $k ] ); + } + } + $restricted_taxonomies = array_values( $restricted_taxonomies ); + + if ( ! empty( $restricted_taxonomies ) ) { + $restricted_taxonomies = array_intersect( $query->query_vars['taxonomy'], $restricted_taxonomies ); + } + } + + if ( empty( $restricted_taxonomies ) ) { + return $exclude; + } + + $cache_key = md5( serialize( $restricted_taxonomies ) ); + + static $cache = array(); + + if ( array_key_exists( $cache_key, $cache ) ) { + return $cache[ $cache_key ]; + } + + $term_ids = get_terms( + array( + 'taxonomy' => $restricted_taxonomies, + 'hide_empty' => false, + 'fields' => 'ids', + 'meta_query' => array( + 'key' => 'um_content_restriction', + 'compare' => 'EXISTS', + ), + 'um_ignore_exclude' => true, + ) + ); + + if ( empty( $term_ids ) || is_wp_error( $term_ids ) ) { + $cache[ $cache_key ] = $exclude; + return $exclude; + } + + foreach ( $term_ids as $term_id ) { + if ( $this->is_restricted_term( $term_id ) ) { + $exclude[] = $term_id; + } + } + + $exclude = apply_filters( 'um_exclude_restricted_terms_ids', $exclude ); + $cache[ $cache_key ] = $exclude; + return $exclude; + } + + + /** + * @param \WP_Term_Query $query + */ + function exclude_hidden_terms_query( $query ) { + if ( current_user_can( 'administrator' ) || ! empty( $query->query_vars['um_ignore_exclude'] ) ) { + return; + } + + $exclude = $this->exclude_terms_array( $query ); + if ( ! empty( $exclude ) ) { + $query->query_vars['exclude'] = ! empty( $query->query_vars['exclude'] ) ? wp_parse_id_list( $query->query_vars['exclude'] ) : $exclude; + } + } + + + /** + * @param \WP_Query $query + */ + function exclude_posts( $query ) { + if ( current_user_can( 'administrator' ) ) { + return; + } + + // use these functions is_search() || is_admin() for getting force hide all posts + // don't handle `hide from WP_Query` and show 404 option for searching and wp-admin query + if ( $query->is_main_query() || ! empty( $query->query_vars['um_main_query'] ) ) { + $force = is_feed() || is_search() || is_admin(); + + if ( is_object( $query ) ) { + $is_singular = $query->is_singular(); + } else { + $is_singular = ! empty( $query->is_singular ) ? true : false; + } + + if ( ! $is_singular ) { + // need to know what post type is here + $q_values = ! empty( $query->query_vars['post_type'] ) ? $query->query_vars['post_type'] : array(); + if ( ! is_array( $q_values ) ) { + $q_values = explode( ',', $query->query_vars['post_type'] ); + } + + // 'any' will cause the query var to be ignored. + if ( in_array( 'any', $q_values, true ) || empty( $q_values ) ) { + $exclude_posts = $this->exclude_posts_array( $force ); + } else { + $exclude_posts = $this->exclude_posts_array( $force, $q_values ); + } + + if ( ! empty( $exclude_posts ) ) { + $post__not_in = $query->get( 'post__not_in', array() ); + $query->set( 'post__not_in', array_merge( wp_parse_id_list( $post__not_in ), $exclude_posts ) ); + } + } + } + } + + /** * Exclude restricted post from query if there is a single query that exclude post_not_in by default in \WP_Query * @@ -120,6 +441,10 @@ if ( ! class_exists( 'um\core\Access' ) ) { * @return mixed */ function exclude_posts_where( $where, $query ) { + if ( current_user_can( 'administrator' ) ) { + return $where; + } + if ( ! $query->is_main_query() ) { return $where; } @@ -138,75 +463,37 @@ if ( ! class_exists( 'um\core\Access' ) ) { /** - * Get array with restricted terms + * Change the posts count based on restriction settings * - * @return array + * @param object $counts Post counts + * @param string $type Post type + * @param string $perm The permission to determine if the posts are 'readable' + * by the current user. + * + * @return object */ - function exclude_terms_array() { - static $cache = false; - - if ( false !== $cache ) { - return $cache; - } - - $restricted_taxonomies = UM()->options()->get( 'restricted_access_taxonomy_metabox' ); - if ( empty( $restricted_taxonomies ) ) { - $cache = array(); - return array(); - } - - $this->ignore_terms_exclude = true; - $term_ids = get_terms( - array( - 'taxonomy' => array_keys( $restricted_taxonomies ), - 'hide_empty' => false, - 'fields' => 'ids', - 'meta_query' => array( - 'key' => 'um_content_restriction', - 'compare' => 'EXISTS', - ), - ) - ); - $this->ignore_terms_exclude = false; - - if ( empty( $term_ids ) || is_wp_error( $term_ids ) ) { - $cache = array(); - return array(); - } - - $exclude = array(); - foreach ( $term_ids as $term_id ) { - if ( $this->is_restricted_term( $term_id ) ) { - $exclude[] = $term_id; - } - } - - $cache = $exclude; - return $exclude; - } - - - function exclude_hidden_terms_query( $query ) { - if ( current_user_can( 'administrator' ) || $this->ignore_terms_exclude ) { - return; - } - - $exclude = $this->exclude_terms_array(); - if ( ! empty( $exclude ) ) { - $query->query_vars['exclude'] = ! empty( $query->query_vars['exclude'] ) ? wp_parse_id_list( $query->query_vars['exclude'] ) : $exclude; - } - } - - function custom_count_posts_handler( $counts, $type, $perm ) { - global $wpdb; - - $exclude_posts = $this->exclude_posts_array( is_admin() ); - if ( empty( $exclude_posts ) ) { + if ( current_user_can( 'administrator' ) ) { return $counts; } - $cache_key = _count_posts_cache_key( $type, $perm ); + global $wpdb; + + static $cache = array(); + + $cache_key = _count_posts_cache_key( $type, $perm ); + $force = is_feed() || is_search() || is_admin(); + $cache_key .= $force ? 'force' : ''; + + if ( array_key_exists( $cache_key, $cache ) ) { + return $cache[ $cache_key ]; + } + + $exclude_posts = $this->exclude_posts_array( $force, array( $type ) ); + if ( empty( $exclude_posts ) ) { + $cache[ $cache_key ] = $counts; + return $counts; + } $query = "SELECT post_status, COUNT( * ) AS num_posts FROM {$wpdb->posts} WHERE post_type = %s"; @@ -232,21 +519,368 @@ if ( ! class_exists( 'um\core\Access' ) ) { } $counts = (object) $counts; - wp_cache_set( $cache_key, $counts, 'counts' ); + $cache[ $cache_key ] = $counts; return $counts; } + /** + * Exclude restricted posts in Recent Posts widget + * + * @param array $array Query args + * + * @return array + */ + function exclude_restricted_posts_widget( $array ) { + if ( current_user_can( 'administrator' ) ) { + return $array; + } + + $exclude_posts = $this->exclude_posts_array( false, 'post' ); + if ( ! empty( $exclude_posts ) ) { + $post__not_in = ! empty( $array['post__not_in'] ) ? $array['post__not_in'] : array(); + $array['post__not_in'] = array_merge( wp_parse_id_list( $post__not_in ), $exclude_posts ); + } + + return $array; + } + + + /** + * Exclude restricted posts in Recent Posts widget + * + * @param array $array Query args + * + * @return array + */ + function exclude_restricted_pages( $array ) { + if ( current_user_can( 'administrator' ) ) { + return $array; + } + + $exclude_posts = $this->exclude_posts_array( false, 'page' ); + if ( ! empty( $exclude_posts ) ) { + $array = array_merge( $array, $exclude_posts ); + } + + return $array; + } + + + /** + * Exclude restricted posts in widgets + * + * @param string $sql_where + * @param array $parsed_args + * + * @return string + */ + function exclude_restricted_posts_archives_widget( $sql_where, $parsed_args ) { + if ( current_user_can( 'administrator' ) ) { + return $sql_where; + } + + $exclude_posts = $this->exclude_posts_array( false, $parsed_args['post_type'] ); + if ( ! empty( $exclude_posts ) ) { + $exclude_string = implode( ',', $exclude_posts ); + $sql_where .= ' AND ID NOT IN ( ' . $exclude_string . ' )'; + } + + return $sql_where; + } + + + /** + * Exclude posts from next, previous navigation + * + * @param string $where + * @param bool $in_same_term + * @param array $excluded_terms + * @param string $taxonomy. + * @param \WP_Post $post + * + * @return string + */ + function exclude_navigation_posts( $where, $in_same_term, $excluded_terms, $taxonomy, $post ) { + if ( current_user_can( 'administrator' ) ) { + return $where; + } + + $exclude_posts = $this->exclude_posts_array( false, $post->post_type ); + if ( ! empty( $exclude_posts ) ) { + $exclude_string = implode( ',', $exclude_posts ); + $where .= ' AND ID NOT IN ( ' . $exclude_string . ' )'; + } + + return $where; + } + + + /** + * Replace titles of restricted posts + * + * @param string $title + * @param int|null $id + * + * @return string + */ + function filter_restricted_post_title( $title, $id = null ) { + if ( current_user_can( 'administrator' ) ) { + return $title; + } + + if ( ! isset( $id ) ) { + return $title; + } + + if ( ! is_numeric( $id ) ) { + $id = absint( $id ); + } + + $ignore = apply_filters( 'um_ignore_restricted_title', false, $id ); + if ( $ignore ) { + return $title; + } + + if ( $this->is_restricted( $id ) ) { + $restricted_global_title = UM()->options()->get( 'restricted_access_post_title' ); + $title = stripslashes( $restricted_global_title ); + } + + return $title; + } + + + /** + * Replace content of restricted posts + * + * @param string $content + * + * @return string + */ + function filter_restricted_post_content( $content ) { + if ( current_user_can( 'administrator' ) ) { + return $content; + } + + $id = get_the_ID(); + if ( ! $id || is_admin() ) { + return $content; + } + + $ignore = apply_filters( 'um_ignore_restricted_content', false, $id ); + if ( $ignore ) { + return $content; + } + + if ( $this->is_restricted( $id ) ) { + $restriction = $this->get_post_privacy_settings( $id ); + + if ( ! isset( $restriction['_um_restrict_by_custom_message'] ) || '0' == $restriction['_um_restrict_by_custom_message'] ) { + $content = stripslashes( UM()->options()->get( 'restricted_access_message' ) ); + } elseif ( '1' == $restriction['_um_restrict_by_custom_message'] ) { + $content = ! empty( $restriction['_um_restrict_custom_message'] ) ? stripslashes( $restriction['_um_restrict_custom_message'] ) : ''; + } + } + + return $content; + } + + + /** + * Replace excerpt of restricted posts + * + * @param string $post_excerpt + * @param \WP_Post $post + * + * @return string + */ + function filter_restricted_post_excerpt( $post_excerpt, $post ) { + if ( empty( $post ) ) { + return $post_excerpt; + } + + if ( current_user_can( 'administrator' ) || is_admin() ) { + return $post_excerpt; + } + + $ignore = apply_filters( 'um_ignore_restricted_excerpt', false, $post->ID ); + if ( $ignore ) { + return $post_excerpt; + } + + if ( $this->is_restricted( $post->ID ) ) { + $post_excerpt = ''; + } + + return $post_excerpt; + } + + + /** + * Hide attachment if the post is restricted + * + * @param string $url + * @param int $attachment_id + * + * @return boolean|string + */ + function filter_attachment( $url, $attachment_id ) { + if ( current_user_can( 'administrator' ) ) { + return $url; + } + + return ( $attachment_id && $this->is_restricted( $attachment_id ) ) ? false : $url; + } + + + /** + * Hide attachment if the post is restricted + * + * @param $has_thumbnail + * @param $post + * @param $thumbnail_id + * + * @return bool + */ + function filter_post_thumbnail( $has_thumbnail, $post, $thumbnail_id ) { + if ( current_user_can( 'administrator' ) ) { + return $has_thumbnail; + } + + if ( $this->is_restricted( $thumbnail_id ) ) { + $has_thumbnail = false; + } elseif ( ! empty( $post ) && ! empty( $post->ID ) ) { + if ( $this->is_restricted( $post->ID ) ) { + $has_thumbnail = false; + } + } else { + $post_id = get_the_ID(); + if ( false !== $post_id && $this->is_restricted( $post_id ) ) { + $has_thumbnail = false; + } + } + + $has_thumbnail = apply_filters( 'um_restrict_post_thumbnail', $has_thumbnail, $post, $thumbnail_id ); + + return $has_thumbnail; + } + + + + /** + * Exclude comments from restricted posts in widgets + * + * @param \WP_Comment_Query $query + */ + function exclude_posts_comments( $query ) { + if ( current_user_can( 'administrator' ) ) { + return; + } + + if ( ! empty( $query->query_vars['post_id'] ) ) { + $exclude_posts = array(); + if ( $this->is_restricted( $query->query_vars['post_id'] ) ) { + $exclude_posts[] = $query->query_vars['post_id']; + } + } else { + $q_values = ! empty( $query->query_vars['post_type'] ) ? $query->query_vars['post_type'] : array(); + if ( ! is_array( $q_values ) ) { + $q_values = explode( ',', $query->query_vars['post_type'] ); + } + + // 'any' will cause the query var to be ignored. + if ( in_array( 'any', $q_values, true ) || empty( $q_values ) ) { + $exclude_posts = $this->exclude_posts_array( true, $this->get_available_comments_post_types() ); + } else { + $exclude_posts = $this->exclude_posts_array( true, $q_values ); + } + } + + if ( ! empty( $exclude_posts ) ) { + $post__not_in = ! empty( $query->query_vars['post__not_in'] ) ? $query->query_vars['post__not_in'] : array(); + $query->query_vars['post__not_in'] = array_merge( wp_parse_id_list( $post__not_in ), $exclude_posts ); + } + } + + + /** + * @return array + */ + function get_available_comments_post_types() { + global $wp_taxonomies; + + $restricted_posts = UM()->options()->get( 'restricted_access_post_metabox' ); + $restricted_posts = array_keys( $restricted_posts ); + + $restricted_taxonomies = UM()->options()->get( 'restricted_access_taxonomy_metabox' ); + if ( ! empty( $restricted_taxonomies ) ) { + $restricted_taxonomies = array_keys( $restricted_taxonomies ); + foreach ( $restricted_taxonomies as $k => $taxonomy ) { + if ( taxonomy_exists( $taxonomy ) ) { + $restricted_posts = array_merge( $restricted_posts, $wp_taxonomies[ $taxonomy ]->object_type ); + } + } + } + + $restricted_posts = array_unique( $restricted_posts ); + foreach ( $restricted_posts as $k => $post_type ) { + if ( 'closed' === get_default_comment_status( $post_type ) ) { + unset( $restricted_posts[ $k ] ); + } + } + + $restricted_posts = array_values( $restricted_posts ); + + return $restricted_posts; + } + + + /** + * Exclude comments from comments feed + * + * @param string $where + * @param \WP_Query $query + * + * @return string + */ + function exclude_posts_comments_feed( $where, $query ) { + if ( current_user_can( 'administrator' ) ) { + return $where; + } + + $exclude_posts = $this->exclude_posts_array( true, $this->get_available_comments_post_types() ); + if ( ! empty( $exclude_posts ) ) { + $exclude_string = implode( ',', $exclude_posts ); + $where .= ' AND comment_post_ID NOT IN ( ' . $exclude_string . ' )'; + } + + return $where; + } + + + /** + * @param object $stats + * @param int $post_id Post ID. Can be 0 for the whole website + * + * @return object + */ function custom_comments_count_handler( $stats, $post_id ) { - if ( ! empty( $stats ) ) { + if ( ! empty( $stats ) || current_user_can( 'administrator' ) ) { return $stats; } - $exclude_posts = $this->exclude_posts_array( true ); - - if ( empty( $exclude_posts ) ) { - return $stats; + if ( $post_id === 0 ) { + $exclude_posts = $this->exclude_posts_array( true, $this->get_available_comments_post_types() ); + if ( empty( $exclude_posts ) ) { + return $stats; + } + } else { + $exclude_posts = array(); + if ( $this->is_restricted( $post_id ) ) { + $exclude_posts[] = $post_id; + } } $stats = $this->get_comment_count( $post_id, $exclude_posts ); @@ -259,6 +893,12 @@ if ( ! class_exists( 'um\core\Access' ) ) { } + /** + * @param int $post_id + * @param array $exclude_posts + * + * @return array + */ function get_comment_count( $post_id = 0, $exclude_posts = array() ) { static $cache = array(); @@ -334,1245 +974,6 @@ if ( ! class_exists( 'um\core\Access' ) ) { } - /** - * @param array $restriction - * - * @return bool - */ - function um_custom_restriction( $restriction ) { - /** - * UM hook - * - * @type filter - * @title um_custom_restriction - * @description Extend Sort Types for Member Directory - * @input_vars - * [{"var":"$custom_restriction","type":"bool","desc":"Custom Restriction"}, - * {"var":"$restriction","type":"array","desc":"Restriction settings"}] - * @change_log - * ["Since: 2.0"] - * @usage add_filter( 'um_custom_restriction', 'function_name', 10, 2 ); - * @example - * - */ - return apply_filters( 'um_custom_restriction', true, $restriction ); - } - - - /** - * Check individual term Content Restriction settings - */ - function um_access_check_individual_term_settings() { - //check only tax|tags|categories - skip archive, author, and date lists - if ( ! ( is_tax() || is_tag() || is_category() ) ) { - return; - } - - $term_id = null; - if ( is_tag() ) { - $term_id = get_query_var( 'tag_id' ); - } elseif ( is_category() ) { - $term_id = get_query_var( 'cat' ); - } elseif ( is_tax() ) { - $tax_name = get_query_var( 'taxonomy' ); - - $term_name = get_query_var( 'term' ); - $term = get_term_by( 'slug', $term_name, $tax_name ); - - $term_id = ! empty( $term->term_id ) ? $term->term_id : $term_id; - } - - if ( ! isset( $term_id ) ) { - return; - } - - if ( $this->is_restricted_term( $term_id, true ) ) { - add_filter( 'tag_template', array( &$this, 'taxonomy_message' ), 10, 3 ); - add_filter( 'archive_template', array( &$this, 'taxonomy_message' ), 10, 3 ); - add_filter( 'category_template', array( &$this, 'taxonomy_message' ), 10, 3 ); - add_filter( 'taxonomy_template', array( &$this, 'taxonomy_message' ), 10, 3 ); - - $restriction = get_term_meta( $term_id, 'um_content_restriction', true ); - if ( '1' == $restriction['_um_noaccess_action'] ) { - $curr = UM()->permalinks()->get_current_url(); - - if ( ! isset( $restriction['_um_access_redirect'] ) || '0' == $restriction['_um_access_redirect'] ) { - - $this->redirect_handler = $this->set_referer( esc_url( add_query_arg( 'redirect_to', urlencode_deep( $curr ), um_get_core_page( 'login' ) ) ), 'individual_term' ); - - } elseif ( '1' == $restriction['_um_access_redirect'] ) { - - if ( ! empty( $restriction['_um_access_redirect_url'] ) ) { - $redirect = $restriction['_um_access_redirect_url']; - } else { - $redirect = esc_url( add_query_arg( 'redirect_to', urlencode_deep( $curr ), um_get_core_page( 'login' ) ) ); - } - - $this->redirect_handler = $this->set_referer( $redirect, 'individual_term' ); - - } - } - } - } - - - /** - * @param $template - * @param $type - * @param $templates - * - * @return string - */ - function taxonomy_message( $template, $type, $templates ) { - return UM()->locate_template( 'restricted-taxonomy.php' ); - } - - - /** - * Check global accessible settings - */ - function um_access_check_global_settings() { - global $post; - - $curr = UM()->permalinks()->get_current_url(); - $ms_empty_role_access = is_multisite() && is_user_logged_in() && !UM()->roles()->get_priority_user_role( um_user('ID') ); - - if ( is_front_page() ) { - if ( is_user_logged_in() && ! $ms_empty_role_access ) { - - $user_default_homepage = um_user( 'default_homepage' ); - if ( ! empty( $user_default_homepage ) ) { - return; - } - - $redirect_homepage = um_user( 'redirect_homepage' ); - /** - * UM hook - * - * @type filter - * @title um_custom_homepage_redirect_url - * @description Change custom homepage redirect - * @input_vars - * [{"var":"$url","type":"string","desc":"Redirect URL"}, - * {"var":"$id","type":"int","desc":"User ID"}] - * @change_log - * ["Since: 2.0"] - * @usage - * - * @example - * - */ - $redirect_homepage = apply_filters( 'um_custom_homepage_redirect_url', $redirect_homepage, um_user( 'ID' ) ); - $redirect_to = ! empty( $redirect_homepage ) ? $redirect_homepage : um_get_core_page( 'user' ); - $this->redirect_handler = $this->set_referer( esc_url( add_query_arg( 'redirect_to', urlencode_deep( $curr ), $redirect_to ) ), "custom_homepage" ); - - } else { - $access = UM()->options()->get( 'accessible' ); - - if ( $access == 2 ) { - //global settings for accessible home page - $home_page_accessible = UM()->options()->get( 'home_page_accessible' ); - - if ( $home_page_accessible == 0 ) { - //get redirect URL if not set get login page by default - $redirect = UM()->options()->get( 'access_redirect' ); - if ( ! $redirect ) { - $redirect = um_get_core_page( 'login' ); - } - - $this->redirect_handler = $this->set_referer( esc_url( add_query_arg( 'redirect_to', urlencode_deep( $curr ), $redirect ) ), 'global' ); - } else { - $this->allow_access = true; - return; - } - } - } - } elseif ( is_category() ) { - if ( ! is_user_logged_in() || $ms_empty_role_access ) { - - $access = UM()->options()->get( 'accessible' ); - - if ( $access == 2 ) { - //global settings for accessible home page - $category_page_accessible = UM()->options()->get( 'category_page_accessible' ); - if ( $category_page_accessible == 0 ) { - //get redirect URL if not set get login page by default - $redirect = UM()->options()->get( 'access_redirect' ); - if ( ! $redirect ) { - $redirect = um_get_core_page( 'login' ); - } - - $this->redirect_handler = $this->set_referer( esc_url( add_query_arg( 'redirect_to', urlencode_deep( $curr ), $redirect ) ), 'global' ); - } else { - $this->allow_access = true; - return; - } - } - } - } - - $access = UM()->options()->get( 'accessible' ); - - if ( $access == 2 && ( ! is_user_logged_in() || $ms_empty_role_access ) ) { - - //build exclude URLs pages - $redirects = array(); - $redirects[] = trim( untrailingslashit( UM()->options()->get( 'access_redirect' ) ) ); - - $exclude_uris = UM()->options()->get( 'access_exclude_uris' ); - if ( ! empty( $exclude_uris ) ) { - $exclude_uris = array_map( 'trim', $exclude_uris ); - $redirects = array_merge( $redirects, $exclude_uris ); - } - - $redirects = array_unique( $redirects ); - - $current_url = UM()->permalinks()->get_current_url( get_option( 'permalink_structure' ) ); - $current_url = untrailingslashit( $current_url ); - $current_url_slash = trailingslashit( $current_url ); - - if ( ! ( isset( $post->ID ) && ( in_array( $current_url, $redirects ) || in_array( $current_url_slash, $redirects ) ) ) ) { - //if current page not in exclude URLs - //get redirect URL if not set get login page by default - $redirect = UM()->options()->get( 'access_redirect' ); - if ( ! $redirect ) { - $redirect = um_get_core_page( 'login' ); - } - - $this->redirect_handler = $this->set_referer( esc_url( add_query_arg( 'redirect_to', urlencode_deep( $curr ), $redirect ) ), 'global' ); - } else { - $this->redirect_handler = false; - $this->allow_access = true; - } - } - } - - - /** - * Set custom access actions and redirection - * - * Old global restrict content logic - */ - function template_redirect() { - global $post, $wp_query; - - //if we logged by administrator it can access to all content - if ( current_user_can( 'administrator' ) ) { - return; - } - - if ( is_object( $wp_query ) ) { - $is_singular = $wp_query->is_singular(); - } else { - $is_singular = ! empty( $wp_query->is_singular ) ? true : false; - } - - //if we use individual restrict content options skip this function - if ( $is_singular && $this->singular_page ) { - return; - } - - //also skip if we currently at wp-admin or 404 page - if ( is_admin() || is_404() ) { - return; - } - - //also skip if we currently at UM Register|Login|Reset Password pages - if ( um_is_core_post( $post, 'register' ) || - um_is_core_post( $post, 'password-reset' ) || - um_is_core_post( $post, 'login' ) ) { - return; - } - - /** - * UM hook - * - * @type action - * @title um_roles_add_meta_boxes_um_role_meta - * @description Check terms individual restrict options - * @change_log - * ["Since: 2.0"] - * @usage add_action( 'um_access_check_individual_term_settings', 'function_name', 10 ); - * @example - * - */ - do_action( 'um_access_check_individual_term_settings' ); - //exit from function if term page is accessible - if ( $this->check_access() ) { - return; - } - - /** - * UM hook - * - * @type action - * @title um_access_check_global_settings - * @description Check global restrict content options - * @change_log - * ["Since: 2.0"] - * @usage add_action( 'um_access_check_global_settings', 'function_name', 10 ); - * @example - * - */ - do_action( 'um_access_check_global_settings' ); - - $this->check_access(); - } - - - /** - * Check access - * - * @return bool - */ - function check_access() { - if ( $this->allow_access === true ) { - return true; - } - - if ( $this->redirect_handler ) { - wp_redirect( $this->redirect_handler ); exit; - } - - return false; - } - - - /** - * Sets a custom access referer in a redirect URL - * - * @param string $url - * @param string $referer - * - * @return string - */ - function set_referer( $url, $referer ) { - - /** - * UM hook - * - * @type filter - * @title um_access_enable_referer - * @description Access Referrer Enable/Disable - * @input_vars - * [{"var":"$referrer","type":"bool","desc":"Access referrer"}] - * @change_log - * ["Since: 2.0"] - * @usage add_filter( 'um_access_enable_referer', 'function_name', 10, 1 ); - * @example - * - */ - $enable_referer = apply_filters( 'um_access_enable_referer', false ); - if ( ! $enable_referer ) { - return $url; - } - - $url = add_query_arg( 'um_ref', $referer, $url ); - return $url; - } - - - /** - * User can some of the roles array - * Restrict content new logic - * - * @param $user_id - * @param $roles - * @return bool - */ - function user_can( $user_id, $roles ) { - $user_can = false; - - if ( ! empty( $roles ) ) { - foreach ( $roles as $key => $value ) { - if ( ! empty( $value ) && user_can( $user_id, $key ) ) { - $user_can = true; - break; - } - } - } - - return $user_can; - } - - - /** - * Get privacy settings for post - * return false if post is not private - * Restrict content new logic - * - * @param \WP_Post|int $post Post ID or object - * @return bool|array - */ - function get_post_privacy_settings( $post ) { - static $cache = array(); - - $cache_key = is_numeric( $post ) ? $post : $post->ID; - - if ( isset( $cache[ $cache_key ] ) ) { - return $cache[ $cache_key ]; - } - - if ( is_numeric( $post ) ) { - $post = get_post( $post ); - } - - //if logged in administrator all pages are visible - if ( current_user_can( 'administrator' ) ) { - $cache[ $cache_key ] = false; - return false; - } - - $exclude = false; - //exclude from privacy UM default pages (except Members list and User(Profile) page) - if ( ! empty( $post->post_type ) && $post->post_type === 'page' ) { - - if ( um_is_core_post( $post, 'login' ) || um_is_core_post( $post, 'register' ) || - um_is_core_post( $post, 'account' ) || um_is_core_post( $post, 'logout' ) || - um_is_core_post( $post, 'password-reset' ) || ( is_user_logged_in() && um_is_core_post( $post, 'user' ) ) ) - $exclude = true; - } - - $exclude = apply_filters( 'um_exclude_posts_from_privacy', $exclude, $post ); - if ( $exclude ) { - $cache[ $cache_key ] = false; - return false; - } - - $restricted_posts = UM()->options()->get( 'restricted_access_post_metabox' ); - - if ( ! empty( $post->post_type ) && ! empty( $restricted_posts[ $post->post_type ] ) ) { - $restriction = get_post_meta( $post->ID, 'um_content_restriction', true ); - - if ( ! empty( $restriction['_um_custom_access_settings'] ) ) { - if ( ! isset( $restriction['_um_accessible'] ) ) { - $restricted_taxonomies = UM()->options()->get( 'restricted_access_taxonomy_metabox' ); - - //get all taxonomies for current post type - $taxonomies = get_object_taxonomies( $post ); - - //get all post terms - $terms = array(); - if ( ! empty( $taxonomies ) ) { - foreach ( $taxonomies as $taxonomy ) { - if ( empty( $restricted_taxonomies[ $taxonomy ] ) ) { - continue; - } - - $this->ignore_terms_exclude = true; - $terms = array_merge( $terms, wp_get_post_terms( $post->ID, $taxonomy, array( 'fields' => 'ids' ) ) ); - $this->ignore_terms_exclude = false; - } - } - - //get restriction options for first term with privacy settigns - foreach ( $terms as $term_id ) { - $restriction = get_term_meta( $term_id, 'um_content_restriction', true ); - - if ( ! empty( $restriction['_um_custom_access_settings'] ) ) { - if ( ! isset( $restriction['_um_accessible'] ) ) { - continue; - } else { - $cache[ $cache_key ] = $restriction; - return $restriction; - } - } - } - - $cache[ $cache_key ] = false; - return false; - } else { - - // set default redirect if Profile page is restricted for not-logged in users and showing message instead of redirect - // this snippet was added to make the same action for {site_url}/user and {site_url}/user/{user_slug} URLs - // by default {site_url}/user is redirected to Homepage in rewrite rules because hasn't found username in query when user is not logged in - if ( ! is_user_logged_in() && um_is_core_post( $post, 'user' ) && $restriction['_um_accessible'] == '2' && $restriction['_um_noaccess_action'] == '0' ) { - if ( isset( $restriction['_um_access_roles'] ) ) { - $restriction = array( - '_um_accessible' => '2', - '_um_access_roles' => $restriction['_um_access_roles'], - '_um_noaccess_action' => '1', - '_um_access_redirect' => '1', - '_um_access_redirect_url' => get_home_url( get_current_blog_id() ) - ); - } else { - $restriction = array( - '_um_accessible' => '2', - '_um_noaccess_action' => '1', - '_um_access_redirect' => '1', - '_um_access_redirect_url' => get_home_url( get_current_blog_id() ) - ); - } - } - - $restriction = apply_filters( 'um_post_content_restriction_settings', $restriction, $post ); - - $cache[ $cache_key ] = $restriction; - return $restriction; - } - } - } - - //post hasn't privacy settings....check all terms of this post - $restricted_taxonomies = UM()->options()->get( 'restricted_access_taxonomy_metabox' ); - - //get all taxonomies for current post type - $taxonomies = get_object_taxonomies( $post ); - - //get all post terms - $terms = array(); - if ( ! empty( $taxonomies ) ) { - foreach ( $taxonomies as $taxonomy ) { - if ( empty( $restricted_taxonomies[ $taxonomy ] ) ) { - continue; - } - - $this->ignore_terms_exclude = true; - $terms = array_merge( $terms, wp_get_post_terms( $post->ID, $taxonomy, array( 'fields' => 'ids' ) ) ); - $this->ignore_terms_exclude = false; - } - } - - //get restriction options for first term with privacy settings - foreach ( $terms as $term_id ) { - $restriction = get_term_meta( $term_id, 'um_content_restriction', true ); - - if ( ! empty( $restriction['_um_custom_access_settings'] ) ) { - if ( ! isset( $restriction['_um_accessible'] ) ) { - continue; - } else { - $cache[ $cache_key ] = $restriction; - return $restriction; - } - } - } - - $cache[ $cache_key ] = false; - //post is public - return false; - } - - - /** - * Replace titles of restricted posts - * - * @param string $title - * @param int|null $id - * - * @return string - */ - function filter_restricted_post_title( $title, $id = null ) { - if ( ! isset( $id ) ) { - return $title; - } - - if ( ! is_numeric( $id ) ) { - $id = absint( $id ); - } - - if ( $this->is_restricted( $id ) ) { - $ignore = apply_filters( 'um_ignore_restricted_title', false, $id ); - if ( $ignore ) { - return $title; - } - - $restricted_global_title = UM()->options()->get( 'restricted_access_post_title' ); - $title = stripslashes( $restricted_global_title ); - } - - return $title; - } - - - /** - * Protect Post Types in query - * Restrict content new logic - * - * @param $posts - * @param \WP_Query $query - * @return array - */ - function filter_protected_posts( $posts, $query ) { - $filtered_posts = array(); - - //if empty - if ( empty( $posts ) || is_admin() ) { - return $posts; - } - - if ( current_user_can( 'administrator' ) ) { - return $posts; - } - - $restricted_global_message = UM()->options()->get( 'restricted_access_message' ); - $restricted_global_title = UM()->options()->get( 'restricted_access_post_title' ); - - if ( is_object( $query ) ) { - $is_singular = $query->is_singular(); - } else { - $is_singular = ! empty( $query->is_singular ) ? true : false; - } - - //other filter - foreach ( $posts as $post ) { - - $original_post = $post; - - //Woocommerce AJAX fixes....remove filtration on wc-ajax which goes to Front Page - if ( ! empty( $_GET['wc-ajax'] ) && defined( 'WC_DOING_AJAX' ) && WC_DOING_AJAX ) { - $filtered_posts[] = $post; - continue; - } - - $restriction = $this->get_post_privacy_settings( $post ); - - if ( ! $restriction ) { - $filtered_posts[] = $post; - continue; - } - - //post is private - if ( '0' == $restriction['_um_accessible'] ) { - $this->singular_page = true; - $filtered_posts[] = $post; - continue; - } elseif ( '1' == $restriction['_um_accessible'] ) { - //if post for not logged in users and user is not logged in - if ( ! is_user_logged_in() ) { - $this->singular_page = true; - - $filtered_posts[] = $post; - continue; - } else { - - if ( empty( $is_singular ) ) { - //if not single query when exclude if set _um_access_hide_from_queries - if ( empty( $restriction['_um_access_hide_from_queries'] ) ) { - - if ( ! isset( $restriction['_um_restrict_by_custom_message'] ) || '0' == $restriction['_um_restrict_by_custom_message'] ) { - $post->post_content = stripslashes( $restricted_global_message ); - $post->post_title = stripslashes( $restricted_global_title ); - $post->post_excerpt = ''; - } elseif ( '1' == $restriction['_um_restrict_by_custom_message'] ) { - $post->post_content = ! empty( $restriction['_um_restrict_custom_message'] ) ? stripslashes( $restriction['_um_restrict_custom_message'] ) : ''; - $post->post_title = stripslashes( $restricted_global_title ); - $post->post_excerpt = ''; - } - - $post = apply_filters( 'um_restricted_archive_post', $post, $restriction, $original_post ); - $filtered_posts[] = $post; - continue; - } - } else { - $this->singular_page = true; - - //if single post query - if ( ! isset( $restriction['_um_noaccess_action'] ) || '0' == $restriction['_um_noaccess_action'] ) { - - if ( ! isset( $restriction['_um_restrict_by_custom_message'] ) || '0' == $restriction['_um_restrict_by_custom_message'] ) { - $post->post_content = stripslashes( $restricted_global_message ); - $post->post_title = stripslashes( $restricted_global_title ); - } elseif ( '1' == $restriction['_um_restrict_by_custom_message'] ) { - $post->post_content = ! empty( $restriction['_um_restrict_custom_message'] ) ? stripslashes( $restriction['_um_restrict_custom_message'] ) : ''; - $post->post_title = stripslashes( $restricted_global_title ); - } - - $post = apply_filters( 'um_restricted_singular_post', $post, $restriction, $original_post ); - - $this->current_single_post = $post; - - /** - * UM hook - * - * @type action - * @title um_access_fix_external_post_content - * @description Hook for 3-d party content filtration - * @change_log - * ["Since: 2.0"] - * @usage add_action( 'um_access_fix_external_post_content', 'function_name', 10 ); - * @example - * - */ - do_action( 'um_access_fix_external_post_content' ); - - add_filter( 'single_template', array( &$this, 'woocommerce_template' ), 9999999, 1 ); - - $filtered_posts[] = $post; - continue; - } elseif ( '1' == $restriction['_um_noaccess_action'] ) { - $curr = UM()->permalinks()->get_current_url(); - - if ( ! isset( $restriction['_um_access_redirect'] ) || '0' == $restriction['_um_access_redirect'] ) { - - exit( wp_redirect( esc_url( add_query_arg( 'redirect_to', urlencode_deep( $curr ), um_get_core_page( 'login' ) ) ) ) ); - - } elseif ( '1' == $restriction['_um_access_redirect'] ) { - - if ( ! empty( $restriction['_um_access_redirect_url'] ) ) { - $redirect = $restriction['_um_access_redirect_url']; - } else { - $redirect = esc_url( add_query_arg( 'redirect_to', urlencode_deep( $curr ), um_get_core_page( 'login' ) ) ); - } - - exit( wp_redirect( $redirect ) ); - } - - } - } - } - } elseif ( '2' == $restriction['_um_accessible'] ) { - //if post for logged in users and user is not logged in - if ( is_user_logged_in() ) { - - $custom_restrict = $this->um_custom_restriction( $restriction ); - - if ( empty( $restriction['_um_access_roles'] ) || false === array_search( '1', $restriction['_um_access_roles'] ) ) { - if ( $custom_restrict ) { - $this->singular_page = true; - - $filtered_posts[] = $post; - continue; - } - } else { - $user_can = $this->user_can( get_current_user_id(), $restriction['_um_access_roles'] ); - - if ( isset( $user_can ) && $user_can && $custom_restrict ) { - $this->singular_page = true; - - $filtered_posts[] = $post; - continue; - } - } - - if ( empty( $is_singular ) ) { - //if not single query when exclude if set _um_access_hide_from_queries - if ( empty( $restriction['_um_access_hide_from_queries'] ) ) { - - if ( ! isset( $restriction['_um_restrict_by_custom_message'] ) || '0' == $restriction['_um_restrict_by_custom_message'] ) { - $post->post_content = stripslashes( $restricted_global_message ); - $post->post_title = stripslashes( $restricted_global_title ); - $post->post_excerpt = ''; - } elseif ( '1' == $restriction['_um_restrict_by_custom_message'] ) { - $post->post_content = ! empty( $restriction['_um_restrict_custom_message'] ) ? stripslashes( $restriction['_um_restrict_custom_message'] ) : ''; - $post->post_title = stripslashes( $restricted_global_title ); - $post->post_excerpt = ''; - } - - $post = apply_filters( 'um_restricted_archive_post', $post, $restriction, $original_post ); - - $filtered_posts[] = $post; - continue; - } - } else { - $this->singular_page = true; - - //if single post query - if ( ! isset( $restriction['_um_noaccess_action'] ) || '0' == $restriction['_um_noaccess_action'] ) { - - if ( ! isset( $restriction['_um_restrict_by_custom_message'] ) || '0' == $restriction['_um_restrict_by_custom_message'] ) { - $post->post_content = stripslashes( $restricted_global_message ); - $post->post_title = stripslashes( $restricted_global_title ); - - $this->current_single_post = $post; - - if ( 'attachment' == $post->post_type ) { - remove_filter( 'the_content', 'prepend_attachment' ); - } - } elseif ( '1' == $restriction['_um_restrict_by_custom_message'] ) { - $post->post_content = ! empty( $restriction['_um_restrict_custom_message'] ) ? stripslashes( $restriction['_um_restrict_custom_message'] ) : ''; - $post->post_title = stripslashes( $restricted_global_title ); - - $this->current_single_post = $post; - - if ( 'attachment' == $post->post_type ) { - remove_filter( 'the_content', 'prepend_attachment' ); - } - } - - $post = apply_filters( 'um_restricted_singular_post', $post, $restriction, $original_post ); - - /** - * UM hook - * - * @type action - * @title um_access_fix_external_post_content - * @description Hook for 3-d party content filtration - * @change_log - * ["Since: 2.0"] - * @usage add_action( 'um_access_fix_external_post_content', 'function_name', 10 ); - * @example - * - */ - do_action( 'um_access_fix_external_post_content' ); - - add_filter( 'single_template', array( &$this, 'woocommerce_template' ), 9999999, 1 ); - - $filtered_posts[] = $post; - continue; - } elseif ( '1' == $restriction['_um_noaccess_action'] ) { - - $curr = UM()->permalinks()->get_current_url(); - - if ( ! isset( $restriction['_um_access_redirect'] ) || '0' == $restriction['_um_access_redirect'] ) { - - exit( wp_redirect( esc_url( add_query_arg( 'redirect_to', urlencode_deep( $curr ), um_get_core_page( 'login' ) ) ) ) ); - - } elseif ( '1' == $restriction['_um_access_redirect'] ) { - - if ( ! empty( $restriction['_um_access_redirect_url'] ) ) { - $redirect = $restriction['_um_access_redirect_url']; - } else { - $redirect = esc_url( add_query_arg( 'redirect_to', urlencode_deep( $curr ), um_get_core_page( 'login' ) ) ); - } - - exit( wp_redirect( $redirect ) ); - } - - } - } - - } else { - - if ( empty( $is_singular ) ) { - if ( empty( $restriction['_um_access_hide_from_queries'] ) ) { - - if ( ! isset( $restriction['_um_restrict_by_custom_message'] ) || '0' == $restriction['_um_restrict_by_custom_message'] ) { - $post->post_content = stripslashes( $restricted_global_message ); - $post->post_title = stripslashes( $restricted_global_title ); - $post->post_excerpt = ''; - } elseif ( '1' == $restriction['_um_restrict_by_custom_message'] ) { - $post->post_content = ! empty( $restriction['_um_restrict_custom_message'] ) ? stripslashes( $restriction['_um_restrict_custom_message'] ) : ''; - $post->post_title = stripslashes( $restricted_global_title ); - $post->post_excerpt = ''; - } - - $post = apply_filters( 'um_restricted_archive_post', $post, $restriction, $original_post ); - - $filtered_posts[] = $post; - continue; - } - } else { - $this->singular_page = true; - - //if single post query - if ( ! isset( $restriction['_um_noaccess_action'] ) || '0' == $restriction['_um_noaccess_action'] ) { - - if ( ! isset( $restriction['_um_restrict_by_custom_message'] ) || '0' == $restriction['_um_restrict_by_custom_message'] ) { - $post->post_content = stripslashes( $restricted_global_message ); - $post->post_title = stripslashes( $restricted_global_title ); - - $this->current_single_post = $post; - - if ( 'attachment' == $post->post_type ) { - remove_filter( 'the_content', 'prepend_attachment' ); - } - } elseif ( '1' == $restriction['_um_restrict_by_custom_message'] ) { - $post->post_content = ! empty( $restriction['_um_restrict_custom_message'] ) ? stripslashes( $restriction['_um_restrict_custom_message'] ) : ''; - $post->post_title = stripslashes( $restricted_global_title ); - - $this->current_single_post = $post; - - if ( 'attachment' == $post->post_type ) { - remove_filter( 'the_content', 'prepend_attachment' ); - } - } - - $post = apply_filters( 'um_restricted_singular_post', $post, $restriction, $original_post ); - - /** - * UM hook - * - * @type action - * @title um_access_fix_external_post_content - * @description Hook for 3-d party content filtration - * @change_log - * ["Since: 2.0"] - * @usage add_action( 'um_access_fix_external_post_content', 'function_name', 10 ); - * @example - * - */ - do_action( 'um_access_fix_external_post_content' ); - - add_filter( 'single_template', array( &$this, 'woocommerce_template' ), 9999999, 1 ); - - $filtered_posts[] = $post; - continue; - } elseif ( '1' == $restriction['_um_noaccess_action'] ) { - - $curr = UM()->permalinks()->get_current_url(); - - if ( ! isset( $restriction['_um_access_redirect'] ) || '0' == $restriction['_um_access_redirect'] ) { - - exit( wp_redirect( esc_url( add_query_arg( 'redirect_to', urlencode_deep( $curr ), um_get_core_page( 'login' ) ) ) ) ); - - } elseif ( '1' == $restriction['_um_access_redirect'] ) { - - if ( ! empty( $restriction['_um_access_redirect_url'] ) ) { - $redirect = $restriction['_um_access_redirect_url']; - } else { - $redirect = esc_url( add_query_arg( 'redirect_to', urlencode_deep( $curr ), um_get_core_page( 'login' ) ) ); - } - - exit( wp_redirect( $redirect ) ); - } - } - } - } - } - } - - return $filtered_posts; - } - - - /** - * Get array with restricted posts - * - * @param bool $force - * - * @return array - */ - function exclude_posts_array( $force = false ) { - static $cache = array( - 'force' => false, - 'default' => false, - ); - - $cache_key = $force ? 'force' : 'default'; - - if ( false !== $cache[ $cache_key ] ) { - return $cache[ $cache_key ]; - } - - $exclude_posts = array(); - if ( current_user_can( 'administrator' ) || $this->ignore_exclude ) { - $cache[ $cache_key ] = $exclude_posts; - return $exclude_posts; - } - - // @todo using Object Cache `wp_cache_get()` `wp_cache_set()` functions - - global $wpdb; - - $restricted_posts = UM()->options()->get( 'restricted_access_post_metabox' ); - if ( ! empty( $restricted_posts ) ) { - $this->ignore_exclude = true; - // exclude all posts assigned to current term without individual restriction settings - $post_ids = get_posts( - array( - 'fields' => 'ids', - 'post_status' => 'any', - 'post_type' => array_keys( $restricted_posts ), - 'numberposts' => -1, - 'meta_query' => array( - array( - 'key' => 'um_content_restriction', - 'compare' => 'EXISTS', - ), - ), - ) - ); - - $this->ignore_exclude = false; - } - - $post_ids = empty( $post_ids ) ? array() : $post_ids; - - $restricted_taxonomies = UM()->options()->get( 'restricted_access_taxonomy_metabox' ); - - if ( ! empty( $restricted_taxonomies ) ) { - $terms = $wpdb->get_results( - "SELECT tm.term_id AS term_id, - tt.taxonomy AS taxonomy - FROM {$wpdb->termmeta} tm - LEFT JOIN {$wpdb->term_taxonomy} tt ON tt.term_id = tm.term_id - WHERE tm.meta_key = 'um_content_restriction' AND - tt.taxonomy IN('" . implode( "','", array_keys( $restricted_taxonomies ) ) . "')", - ARRAY_A - ); - - if ( ! empty( $terms ) ) { - foreach ( $terms as $term ) { - if ( ! $this->is_restricted_term( $term['term_id'] ) ) { - continue; - } - - $this->ignore_exclude = true; - // exclude all posts assigned to current term without individual restriction settings - $posts = get_posts( - array( - 'fields' => 'ids', - 'post_status' => 'any', - 'numberposts' => -1, - 'tax_query' => array( - array( - 'taxonomy' => $term['taxonomy'], - 'field' => 'id', - 'terms' => $term['term_id'], - ), - ), - 'meta_query' => array( - 'relation' => 'OR', - array( - 'relation' => 'AND', - array( - 'key' => 'um_content_restriction', - 'value' => 's:26:"_um_custom_access_settings";s:1:"1"', - 'compare' => 'NOT LIKE', - ), - array( - 'key' => 'um_content_restriction', - 'value' => 's:26:"_um_custom_access_settings";b:1', - 'compare' => 'NOT LIKE', - ), - ), - array( - 'key' => 'um_content_restriction', - 'compare' => 'NOT EXISTS', - ), - ), - ) - ); - $this->ignore_exclude = false; - - if ( empty( $posts ) ) { - continue; - } - - $post_ids = array_merge( $post_ids, $posts ); - } - } - } - - if ( ! empty( $post_ids ) ) { - $post_ids = array_unique( $post_ids ); - - foreach ( $post_ids as $post_id ) { - // handle every post privacy setting based on post type maybe it's inactive for now - // if individual restriction is enabled then get post terms restriction settings - if ( $this->is_restricted( $post_id ) ) { - if ( true === $force ) { - array_push( $exclude_posts, $post_id ); - } else { - $content_restriction = $this->get_post_privacy_settings( $post_id ); - if ( ! empty( $content_restriction['_um_access_hide_from_queries'] ) ) { - array_push( $exclude_posts, $post_id ); - } - } - } - } - } - - $cache[ $cache_key ] = $exclude_posts; - return $exclude_posts; - } - - - /** - * Exclude posts from query - * - * @param \WP_Query $query - */ - function exclude_posts( $query ) { - if ( $query->is_main_query() ) { - $exclude_posts = $this->exclude_posts_array( is_admin() ); - if ( ! empty( $exclude_posts ) ) { - $post__not_in = $query->get( 'post__not_in', array() ); - $query->set( 'post__not_in', array_merge( wp_parse_id_list( $post__not_in ), $exclude_posts ) ); - } - } - } - - - /** - * Exclude comments from restricted posts in widgets - * - * @param \WP_Comment_Query $query - */ - function exclude_posts_comments( $query ) { - $exclude_posts = $this->exclude_posts_array( true ); - if ( ! empty( $exclude_posts ) ) { - $post__not_in = ! empty( $query->query_vars['post__not_in'] ) ? $query->query_vars['post__not_in'] : array(); - $query->query_vars['post__not_in'] = array_merge( wp_parse_id_list( $post__not_in ), $exclude_posts ); - } - } - - - /** - * Exclude comments from comments feed - * - * @param string $where - * @param \WP_Query $query - * - * @return string - */ - function exclude_posts_comments_feed( $where, $query ) { - $exclude_posts = $this->exclude_posts_array( true ); - if ( ! empty( $exclude_posts ) ) { - $exclude_string = implode( ',', $exclude_posts ); - $where .= ' AND comment_post_ID NOT IN ( ' . $exclude_string . ' )'; - } - - return $where; - } - - - /** - * Exclude posts from next, previous navigation - * - * @param string $where - * @param bool $in_same_term - * @param array $excluded_terms - * @param string $taxonomy. - * @param \WP_Post $post - * - * @return string - */ - function exclude_navigation_posts( $where, $in_same_term, $excluded_terms, $taxonomy, $post ) { - $exclude_posts = $this->exclude_posts_array(); - if ( ! empty( $exclude_posts ) ) { - $exclude_string = implode( ',', $exclude_posts ); - $where .= ' AND ID NOT IN ( ' . $exclude_string . ' )'; - } - - return $where; - } - - - /** - * Exclude restricted posts in widgets - * - * @param array $array - * - * @return array - */ - function exclude_restricted_posts_widget( $array ) { - $exclude_posts = $this->exclude_posts_array(); - if ( ! empty( $exclude_posts ) ) { - $post__not_in = ! empty( $array['post__not_in'] ) ? $array['post__not_in'] : array(); - $array['post__not_in'] = array_merge( wp_parse_id_list( $post__not_in ), $exclude_posts ); - } - - return $array; - } - - - /** - * Exclude restricted posts in widgets - * - * @param string $sql_where - * @param array $parsed_args - * - * @return string - */ - function exclude_restricted_posts_archives_widget( $sql_where, $parsed_args ) { - $exclude_posts = $this->exclude_posts_array(); - if ( ! empty( $exclude_posts ) ) { - $exclude_string = implode( ',', $exclude_posts ); - $sql_where .= ' AND ID NOT IN ( ' . $exclude_string . ' )'; - } - - return $sql_where; - } - - - /** - * @param string $single_template - * - * @return string - */ - function woocommerce_template( $single_template ) { - if ( ! UM()->dependencies()->woocommerce_active_check() ) { - return $single_template; - } - - if ( is_product() ) { - remove_filter( 'template_include', array( 'WC_Template_Loader', 'template_loader' ) ); - } - - return $single_template; - } - - - /** - * Replace the content on the filter 'the_content' - * - * @param $content - * @return string - */ - function replace_post_content( $content ) { - if ( ! empty( $this->current_single_post ) ) { - $content = $this->current_single_post->post_content; - } - return $content; - } - - - /** - * Turn on the content replacement on the filter 'the_content' - * - * @hooked get_header 12 - * @since 2.1.17 - */ - public function replace_post_content_on() { - add_filter( 'the_content', array( $this, 'replace_post_content' ), 9999, 1 ); - } - - - /** - * Turn off the content replacement on the filter 'the_content' - * - * @hooked get_footer - * @since 2.1.17 - */ - public function replace_post_content_off() { - remove_filter( 'the_content', array( $this, 'replace_post_content' ), 9999 ); - } - - /** * Disable comments if user has not permission to access this post * @@ -1581,6 +982,10 @@ if ( ! class_exists( 'um\core\Access' ) ) { * @return boolean */ function disable_comments_open( $open, $post_id ) { + if ( current_user_can( 'administrator' ) ) { + return $open; + } + static $cache = array(); if ( isset( $cache[ $post_id ] ) ) { @@ -1607,6 +1012,10 @@ if ( ! class_exists( 'um\core\Access' ) ) { * @return boolean */ function disable_comments_open_number( $count, $post_id ) { + if ( current_user_can( 'administrator' ) ) { + return $count; + } + static $cache_number = array(); if ( isset( $cache_number[ $post_id ] ) ) { @@ -1625,194 +1034,6 @@ if ( ! class_exists( 'um\core\Access' ) ) { } - /** - * Is post restricted? - * - * @param int $post_id - * @return bool - */ - function is_restricted( $post_id ) { - static $cache = array(); - - if ( isset( $cache[ $post_id ] ) ) { - return $cache[ $post_id ]; - } - - if ( current_user_can( 'administrator' ) ) { - $cache[ $post_id ] = false; - return false; - } - - $restricted = true; - - $restriction = $this->get_post_privacy_settings( $post_id ); - if ( ! $restriction ) { - $restricted = false; - } else { - if ( '0' == $restriction['_um_accessible'] ) { - //post is private - $restricted = false; - } elseif ( '1' == $restriction['_um_accessible'] ) { - //if post for not logged in users and user is not logged in - if ( ! is_user_logged_in() ) { - $restricted = false; - } - } elseif ( '2' == $restriction['_um_accessible'] ) { - //if post for logged in users and user is not logged in - if ( is_user_logged_in() ) { - $custom_restrict = $this->um_custom_restriction( $restriction ); - - if ( empty( $restriction['_um_access_roles'] ) || false === array_search( '1', $restriction['_um_access_roles'] ) ) { - if ( $custom_restrict ) { - $restricted = false; - } - } else { - $user_can = $this->user_can( get_current_user_id(), $restriction['_um_access_roles'] ); - - if ( $user_can && $custom_restrict ) { - $restricted = false; - } - } - } - } - } - - $cache[ $post_id ] = $restricted; - - return $restricted; - } - - - /** - * Is term restricted? - * - * @param int $term_id - * @param bool $on_term_page - * @return bool - */ - function is_restricted_term( $term_id, $on_term_page = false ) { - static $cache = array(); - - if ( isset( $cache[ $term_id ] ) ) { - return $cache[ $term_id ]; - } - - if ( current_user_can( 'administrator' ) ) { - $cache[ $term_id ] = false; - return false; - } - - $restricted_taxonomies = UM()->options()->get( 'restricted_access_taxonomy_metabox' ); - if ( empty( $restricted_taxonomies ) ) { - $cache[ $term_id ] = false; - return false; - } - - $term = get_term( $term_id ); - if ( empty( $term->taxonomy ) || empty( $restricted_taxonomies[ $term->taxonomy ] ) ) { - $cache[ $term_id ] = false; - return false; - } - - $restricted = true; - - // $this->allow_access = true only in case if the - - $restriction = get_term_meta( $term_id, 'um_content_restriction', true ); - if ( empty( $restriction ) ) { - $restricted = false; - } else { - if ( empty( $restriction['_um_custom_access_settings'] ) ) { - $restricted = false; - } else { - if ( '0' == $restriction['_um_accessible'] ) { - //term is private - $restricted = false; - if ( $on_term_page ) { - $this->allow_access = true; - } - } elseif ( '1' == $restriction['_um_accessible'] ) { - //if term for not logged in users and user is not logged in - if ( ! is_user_logged_in() ) { - $restricted = false; - if ( $on_term_page ) { - $this->allow_access = true; - } - } - } elseif ( '2' == $restriction['_um_accessible'] ) { - //if term for logged in users and user is not logged in - if ( is_user_logged_in() ) { - $custom_restrict = $this->um_custom_restriction( $restriction ); - - if ( empty( $restriction['_um_access_roles'] ) || false === array_search( '1', $restriction['_um_access_roles'] ) ) { - if ( $custom_restrict ) { - $restricted = false; - if ( $on_term_page ) { - $this->allow_access = true; - } - } - } else { - $user_can = $this->user_can( get_current_user_id(), $restriction['_um_access_roles'] ); - - if ( $user_can && $custom_restrict ) { - $restricted = false; - if ( $on_term_page ) { - $this->allow_access = true; - } - } - } - } - } - } - } - - $cache[ $term_id ] = $restricted; - return $restricted; - } - - - /** - * Hide attachment if the post is restricted - * - * @param string $url - * @param int $attachment_id - * - * @return boolean|string - */ - function filter_attachment( $url, $attachment_id ) { - return ( $attachment_id && $this->is_restricted( $attachment_id ) ) ? false : $url; - } - - - /** - * Hide attachment if the post is restricted - * - * @param $has_thumbnail - * @param $post - * @param $thumbnail_id - * - * @return bool - */ - function filter_post_thumbnail( $has_thumbnail, $post, $thumbnail_id ) { - if ( $this->is_restricted( $thumbnail_id ) ) { - $has_thumbnail = false; - } elseif ( ! empty( $post ) && ! empty( $post->ID ) ) { - if ( $this->is_restricted( $post->ID ) ) { - $has_thumbnail = false; - } - } else { - $post_id = get_the_ID(); - if ( $this->is_restricted( $post_id ) ) { - $has_thumbnail = false; - } - } - - $has_thumbnail = apply_filters( 'um_restrict_post_thumbnail', $has_thumbnail, $post, $thumbnail_id ); - - return $has_thumbnail; - } - - /** * Protect Post Types in menu query * Restrict content new logic @@ -1835,15 +1056,28 @@ if ( ! class_exists( 'um\core\Access' ) ) { //other filter foreach ( $menu_items as $menu_item ) { if ( ! empty( $menu_item->object_id ) && ! empty( $menu_item->object ) ) { - if ( ! $this->is_restricted( $menu_item->object_id ) ) { - $filtered_items[] = $menu_item; - continue; - } else { - $restriction_settings = $this->get_post_privacy_settings( $menu_item->object_id ); - if ( empty( $restriction_settings['_um_access_hide_from_queries'] ) ) { + if ( isset( $menu_item->type ) && 'taxonomy' === $menu_item->type ) { + if ( ! $this->is_restricted_term( $menu_item->object_id ) ) { $filtered_items[] = $menu_item; continue; } + } elseif ( isset( $menu_item->type ) && 'post_type' === $menu_item->type ) { + if ( ! $this->is_restricted( $menu_item->object_id ) ) { + $filtered_items[] = $menu_item; + continue; + } else { + $restriction_settings = $this->get_post_privacy_settings( $menu_item->object_id ); + if ( empty( $restriction_settings['_um_access_hide_from_queries'] ) ) { + $filtered_items[] = $menu_item; + continue; + } + } + } elseif ( isset( $menu_item->type ) && 'custom' === $menu_item->type ) { + $filtered_items[] = $menu_item; + continue; + } else { + $filtered_items[] = $menu_item; + continue; } } else { //add all other posts @@ -1941,5 +1175,836 @@ if ( ! class_exists( 'um\core\Access' ) ) { return $block_content; } + + /** + * Protect Post Types in query + * Restrict content new logic + * + * @param $posts + * @param \WP_Query $query + * @return array + */ + function filter_protected_posts( $posts, $query ) { + if ( current_user_can( 'administrator' ) ) { + return $posts; + } + + //Woocommerce AJAX fixes....remove filtration on wc-ajax which goes to Front Page + if ( ! empty( $_GET['wc-ajax'] ) && defined( 'WC_DOING_AJAX' ) && WC_DOING_AJAX ) { + return $posts; + } + + //if empty + if ( empty( $posts ) || is_admin() ) { + return $posts; + } + + if ( is_object( $query ) ) { + $is_singular = $query->is_singular(); + } else { + $is_singular = ! empty( $query->is_singular ) ? true : false; + } + + if ( is_object( $query ) && is_a( $query, '\WP_Query' ) && + ( $query->is_main_query() || ! empty( $query->query_vars['um_main_query'] ) ) ) { + if ( $is_singular ) { + if ( $this->is_restricted( $posts[0]->ID ) ) { + $content_restriction = $this->get_post_privacy_settings( $posts[0]->ID ); + if ( ! empty( $content_restriction['_um_access_hide_from_queries'] ) ) { + unset( $posts[0] ); + return $posts; + } + } + } + } + + $filtered_posts = array(); + + //other filter + foreach ( $posts as $post ) { + if ( is_user_logged_in() && isset( $post->post_author ) && $post->post_author == get_current_user_id() ) { + $filtered_posts[] = $post; + continue; + } + + $restriction = $this->get_post_privacy_settings( $post ); + if ( ! $restriction ) { + $filtered_posts[] = $post; + continue; + } + + if ( $is_singular ) { + $this->singular_page = true; + } + + if ( ! $this->is_restricted( $post->ID ) ) { + $filtered_posts[] = $post; + continue; + } else { + if ( $is_singular ) { + if ( ! isset( $restriction['_um_noaccess_action'] ) || '0' == $restriction['_um_noaccess_action'] ) { + if ( empty( $restriction['_um_access_hide_from_queries'] ) ) { + /** + * UM hook + * + * @type action + * @title um_access_fix_external_post_content + * @description Hook for 3-d party content filtration + * @change_log + * ["Since: 2.0"] + * @usage add_action( 'um_access_fix_external_post_content', 'function_name', 10 ); + * @example + * + */ + do_action( 'um_access_fix_external_post_content' ); + + $filtered_posts[] = $post; + continue; + } + } elseif ( '1' == $restriction['_um_noaccess_action'] ) { + $curr = UM()->permalinks()->get_current_url(); + + if ( ! isset( $restriction['_um_access_redirect'] ) || '0' == $restriction['_um_access_redirect'] ) { + + exit( wp_redirect( esc_url( add_query_arg( 'redirect_to', urlencode_deep( $curr ), um_get_core_page( 'login' ) ) ) ) ); + + } elseif ( '1' == $restriction['_um_access_redirect'] ) { + + if ( ! empty( $restriction['_um_access_redirect_url'] ) ) { + $redirect = $restriction['_um_access_redirect_url']; + } else { + $redirect = esc_url( add_query_arg( 'redirect_to', urlencode_deep( $curr ), um_get_core_page( 'login' ) ) ); + } + + exit( wp_redirect( $redirect ) ); + } + } + } else { + if ( empty( $restriction['_um_access_hide_from_queries'] ) ) { + $filtered_posts[] = $post; + continue; + } + } + } + } + + return $filtered_posts; + } + + + /** + * Set custom access actions and redirection + * + * Old global restrict content logic + */ + function template_redirect() { + global $post, $wp_query; + + //if we logged by administrator it can access to all content + if ( current_user_can( 'administrator' ) ) { + return; + } + + if ( is_object( $wp_query ) ) { + $is_singular = $wp_query->is_singular(); + } else { + $is_singular = ! empty( $wp_query->is_singular ) ? true : false; + } + + //if we use individual restrict content options skip this function + if ( $is_singular && $this->singular_page ) { + return; + } + + //also skip if we currently at wp-admin or 404 page + if ( is_admin() || is_404() ) { + return; + } + + //also skip if we currently at UM Register|Login|Reset Password pages + if ( um_is_core_post( $post, 'register' ) || + um_is_core_post( $post, 'password-reset' ) || + um_is_core_post( $post, 'login' ) ) { + return; + } + + /** + * UM hook + * + * @type action + * @title um_roles_add_meta_boxes_um_role_meta + * @description Check terms individual restrict options + * @change_log + * ["Since: 2.0"] + * @usage add_action( 'um_access_check_individual_term_settings', 'function_name', 10 ); + * @example + * + */ + do_action( 'um_access_check_individual_term_settings' ); + //exit from function if term page is accessible + if ( $this->check_access() ) { + return; + } + + /** + * UM hook + * + * @type action + * @title um_access_check_global_settings + * @description Check global restrict content options + * @change_log + * ["Since: 2.0"] + * @usage add_action( 'um_access_check_global_settings', 'function_name', 10 ); + * @example + * + */ + do_action( 'um_access_check_global_settings' ); + + $this->check_access(); + } + + + /** + * Check individual term Content Restriction settings + */ + function um_access_check_individual_term_settings() { + //check only tax|tags|categories - skip archive, author, and date lists + if ( ! ( is_tax() || is_tag() || is_category() ) ) { + return; + } + + $term_id = null; + if ( is_tag() ) { + $term_id = get_query_var( 'tag_id' ); + } elseif ( is_category() ) { + $term_id = get_query_var( 'cat' ); + } elseif ( is_tax() ) { + $tax_name = get_query_var( 'taxonomy' ); + + $term_name = get_query_var( 'term' ); + $term = get_term_by( 'slug', $term_name, $tax_name ); + + $term_id = ! empty( $term->term_id ) ? $term->term_id : $term_id; + } + + if ( ! isset( $term_id ) ) { + return; + } + + if ( $this->is_restricted_term( $term_id, true ) ) { + $restriction = get_term_meta( $term_id, 'um_content_restriction', true ); + if ( '1' == $restriction['_um_noaccess_action'] ) { + $curr = UM()->permalinks()->get_current_url(); + + if ( ! isset( $restriction['_um_access_redirect'] ) || '0' == $restriction['_um_access_redirect'] ) { + + $this->redirect_handler = $this->set_referer( esc_url( add_query_arg( 'redirect_to', urlencode_deep( $curr ), um_get_core_page( 'login' ) ) ), 'individual_term' ); + + } elseif ( '1' == $restriction['_um_access_redirect'] ) { + + if ( ! empty( $restriction['_um_access_redirect_url'] ) ) { + $redirect = $restriction['_um_access_redirect_url']; + } else { + $redirect = esc_url( add_query_arg( 'redirect_to', urlencode_deep( $curr ), um_get_core_page( 'login' ) ) ); + } + + $this->redirect_handler = $this->set_referer( $redirect, 'individual_term' ); + + } + } else { + add_filter( 'tag_template', array( &$this, 'taxonomy_message' ), 10, 3 ); + add_filter( 'archive_template', array( &$this, 'taxonomy_message' ), 10, 3 ); + add_filter( 'category_template', array( &$this, 'taxonomy_message' ), 10, 3 ); + add_filter( 'taxonomy_template', array( &$this, 'taxonomy_message' ), 10, 3 ); + } + } + } + + + /** + * @param $template + * @param $type + * @param $templates + * + * @return string + */ + function taxonomy_message( $template, $type, $templates ) { + return UM()->locate_template( 'restricted-taxonomy.php' ); + } + + + /** + * Check global accessible settings + */ + function um_access_check_global_settings() { + global $post; + + $curr = UM()->permalinks()->get_current_url(); + $ms_empty_role_access = is_multisite() && is_user_logged_in() && ! UM()->roles()->get_priority_user_role( um_user( 'ID' ) ); + + if ( is_front_page() ) { + if ( is_user_logged_in() && ! $ms_empty_role_access ) { + + $user_default_homepage = um_user( 'default_homepage' ); + if ( ! empty( $user_default_homepage ) ) { + return; + } + + $redirect_homepage = um_user( 'redirect_homepage' ); + /** + * UM hook + * + * @type filter + * @title um_custom_homepage_redirect_url + * @description Change custom homepage redirect + * @input_vars + * [{"var":"$url","type":"string","desc":"Redirect URL"}, + * {"var":"$id","type":"int","desc":"User ID"}] + * @change_log + * ["Since: 2.0"] + * @usage + * + * @example + * + */ + $redirect_homepage = apply_filters( 'um_custom_homepage_redirect_url', $redirect_homepage, um_user( 'ID' ) ); + $redirect_to = ! empty( $redirect_homepage ) ? $redirect_homepage : um_get_core_page( 'user' ); + $this->redirect_handler = $this->set_referer( esc_url( add_query_arg( 'redirect_to', urlencode_deep( $curr ), $redirect_to ) ), 'custom_homepage' ); + + } else { + $access = UM()->options()->get( 'accessible' ); + + if ( $access == 2 ) { + //global settings for accessible home page + $home_page_accessible = UM()->options()->get( 'home_page_accessible' ); + + if ( $home_page_accessible == 0 ) { + //get redirect URL if not set get login page by default + $redirect = UM()->options()->get( 'access_redirect' ); + if ( ! $redirect ) { + $redirect = um_get_core_page( 'login' ); + } + + $this->redirect_handler = $this->set_referer( esc_url( add_query_arg( 'redirect_to', urlencode_deep( $curr ), $redirect ) ), 'global' ); + } else { + $this->allow_access = true; + return; + } + } + } + } elseif ( is_category() ) { + if ( ! is_user_logged_in() || $ms_empty_role_access ) { + + $access = UM()->options()->get( 'accessible' ); + + if ( $access == 2 ) { + //global settings for accessible home page + $category_page_accessible = UM()->options()->get( 'category_page_accessible' ); + if ( $category_page_accessible == 0 ) { + //get redirect URL if not set get login page by default + $redirect = UM()->options()->get( 'access_redirect' ); + if ( ! $redirect ) { + $redirect = um_get_core_page( 'login' ); + } + + $this->redirect_handler = $this->set_referer( esc_url( add_query_arg( 'redirect_to', urlencode_deep( $curr ), $redirect ) ), 'global' ); + } else { + $this->allow_access = true; + return; + } + } + } + } + + $access = UM()->options()->get( 'accessible' ); + + if ( $access == 2 && ( ! is_user_logged_in() || $ms_empty_role_access ) ) { + + //build exclude URLs pages + $redirects = array(); + $redirects[] = trim( untrailingslashit( UM()->options()->get( 'access_redirect' ) ) ); + + $exclude_uris = UM()->options()->get( 'access_exclude_uris' ); + if ( ! empty( $exclude_uris ) ) { + $exclude_uris = array_map( 'trim', $exclude_uris ); + $redirects = array_merge( $redirects, $exclude_uris ); + } + + $redirects = array_unique( $redirects ); + + $current_url = UM()->permalinks()->get_current_url( get_option( 'permalink_structure' ) ); + $current_url = untrailingslashit( $current_url ); + $current_url_slash = trailingslashit( $current_url ); + + if ( ! ( isset( $post->ID ) && ( in_array( $current_url, $redirects ) || in_array( $current_url_slash, $redirects ) ) ) ) { + //if current page not in exclude URLs + //get redirect URL if not set get login page by default + $redirect = UM()->options()->get( 'access_redirect' ); + if ( ! $redirect ) { + $redirect = um_get_core_page( 'login' ); + } + + $this->redirect_handler = $this->set_referer( esc_url( add_query_arg( 'redirect_to', urlencode_deep( $curr ), $redirect ) ), 'global' ); + } else { + $this->redirect_handler = false; + $this->allow_access = true; + } + } + } + + + /** + * Check access + * + * @return bool + */ + function check_access() { + if ( $this->allow_access === true ) { + return true; + } + + if ( $this->redirect_handler ) { + wp_redirect( $this->redirect_handler ); + exit; + } + + return false; + } + + + /** + * Sets a custom access referer in a redirect URL + * + * @param string $url + * @param string $referer + * + * @return string + */ + function set_referer( $url, $referer ) { + + /** + * UM hook + * + * @type filter + * @title um_access_enable_referer + * @description Access Referrer Enable/Disable + * @input_vars + * [{"var":"$referrer","type":"bool","desc":"Access referrer"}] + * @change_log + * ["Since: 2.0"] + * @usage add_filter( 'um_access_enable_referer', 'function_name', 10, 1 ); + * @example + * + */ + $enable_referer = apply_filters( 'um_access_enable_referer', false ); + if ( ! $enable_referer ) { + return $url; + } + + $url = add_query_arg( 'um_ref', $referer, $url ); + return $url; + } + + + /** + * Get privacy settings for post + * return false if post is not private + * Restrict content new logic + * + * @param \WP_Post|int $post Post ID or object + * @return bool|array + */ + function get_post_privacy_settings( $post ) { + // break for incorrect post + if ( empty( $post ) ) { + return false; + } + + static $cache = array(); + + $cache_key = is_numeric( $post ) ? $post : $post->ID; + + if ( isset( $cache[ $cache_key ] ) ) { + return $cache[ $cache_key ]; + } + + if ( is_numeric( $post ) ) { + $post = get_post( $post ); + } + + //if logged in administrator all pages are visible + if ( current_user_can( 'administrator' ) ) { + $cache[ $cache_key ] = false; + return false; + } + + $exclude = false; + //exclude from privacy UM default pages (except Members list and User(Profile) page) + if ( ! empty( $post->post_type ) && $post->post_type === 'page' ) { + + if ( um_is_core_post( $post, 'login' ) || um_is_core_post( $post, 'register' ) || + um_is_core_post( $post, 'account' ) || um_is_core_post( $post, 'logout' ) || + um_is_core_post( $post, 'password-reset' ) || ( is_user_logged_in() && um_is_core_post( $post, 'user' ) ) ) + $exclude = true; + } + + $exclude = apply_filters( 'um_exclude_posts_from_privacy', $exclude, $post ); + if ( $exclude ) { + $cache[ $cache_key ] = false; + return false; + } + + $restricted_posts = UM()->options()->get( 'restricted_access_post_metabox' ); + + if ( ! empty( $post->post_type ) && ! empty( $restricted_posts[ $post->post_type ] ) ) { + $restriction = get_post_meta( $post->ID, 'um_content_restriction', true ); + + if ( ! empty( $restriction['_um_custom_access_settings'] ) ) { + if ( ! isset( $restriction['_um_accessible'] ) ) { + $restricted_taxonomies = UM()->options()->get( 'restricted_access_taxonomy_metabox' ); + + //get all taxonomies for current post type + $taxonomies = get_object_taxonomies( $post ); + + //get all post terms + $terms = array(); + if ( ! empty( $taxonomies ) ) { + foreach ( $taxonomies as $taxonomy ) { + if ( empty( $restricted_taxonomies[ $taxonomy ] ) ) { + continue; + } + + $terms = array_merge( $terms, wp_get_post_terms( $post->ID, $taxonomy, array( 'fields' => 'ids', 'um_ignore_exclude' => true, ) ) ); + } + } + + //get restriction options for first term with privacy settigns + foreach ( $terms as $term_id ) { + $restriction = get_term_meta( $term_id, 'um_content_restriction', true ); + + if ( ! empty( $restriction['_um_custom_access_settings'] ) ) { + if ( ! isset( $restriction['_um_accessible'] ) ) { + continue; + } else { + $cache[ $cache_key ] = $restriction; + return $restriction; + } + } + } + + $cache[ $cache_key ] = false; + return false; + } else { + + // set default redirect if Profile page is restricted for not-logged in users and showing message instead of redirect + // this snippet was added to make the same action for {site_url}/user and {site_url}/user/{user_slug} URLs + // by default {site_url}/user is redirected to Homepage in rewrite rules because hasn't found username in query when user is not logged in + if ( ! is_user_logged_in() && um_is_core_post( $post, 'user' ) && $restriction['_um_accessible'] == '2' && $restriction['_um_noaccess_action'] == '0' ) { + if ( isset( $restriction['_um_access_roles'] ) ) { + $restriction = array( + '_um_accessible' => '2', + '_um_access_roles' => $restriction['_um_access_roles'], + '_um_noaccess_action' => '1', + '_um_access_redirect' => '1', + '_um_access_redirect_url' => get_home_url( get_current_blog_id() ) + ); + } else { + $restriction = array( + '_um_accessible' => '2', + '_um_noaccess_action' => '1', + '_um_access_redirect' => '1', + '_um_access_redirect_url' => get_home_url( get_current_blog_id() ) + ); + } + } + + $restriction = apply_filters( 'um_post_content_restriction_settings', $restriction, $post ); + + $cache[ $cache_key ] = $restriction; + return $restriction; + } + } + } + + //post hasn't privacy settings....check all terms of this post + $restricted_taxonomies = UM()->options()->get( 'restricted_access_taxonomy_metabox' ); + + //get all taxonomies for current post type + $taxonomies = get_object_taxonomies( $post ); + + //get all post terms + $terms = array(); + if ( ! empty( $taxonomies ) ) { + foreach ( $taxonomies as $taxonomy ) { + if ( empty( $restricted_taxonomies[ $taxonomy ] ) ) { + continue; + } + + $terms = array_merge( $terms, wp_get_post_terms( $post->ID, $taxonomy, array( 'fields' => 'ids', 'um_ignore_exclude' => true, ) ) ); + } + } + + //get restriction options for first term with privacy settings + foreach ( $terms as $term_id ) { + $restriction = get_term_meta( $term_id, 'um_content_restriction', true ); + + if ( ! empty( $restriction['_um_custom_access_settings'] ) ) { + if ( ! isset( $restriction['_um_accessible'] ) ) { + continue; + } else { + $cache[ $cache_key ] = $restriction; + return $restriction; + } + } + } + + $cache[ $cache_key ] = false; + //post is public + return false; + } + + + /** + * Helper for checking if the user can some of the roles array + * + * @param $user_id + * @param $roles + * @return bool + */ + function user_can( $user_id, $roles ) { + $user_can = false; + + if ( ! empty( $roles ) ) { + foreach ( $roles as $key => $value ) { + if ( ! empty( $value ) && user_can( $user_id, $key ) ) { + $user_can = true; + break; + } + } + } + + return $user_can; + } + + + /** + * Helper for 3rd-party integrations with content restriction settings + * + * @param array $restriction + * + * @return bool + */ + function um_custom_restriction( $restriction ) { + /** + * UM hook + * + * @type filter + * @title um_custom_restriction + * @description Extend Sort Types for Member Directory + * @input_vars + * [{"var":"$custom_restriction","type":"bool","desc":"Custom Restriction"}, + * {"var":"$restriction","type":"array","desc":"Restriction settings"}] + * @change_log + * ["Since: 2.0"] + * @usage add_filter( 'um_custom_restriction', 'function_name', 10, 2 ); + * @example + * + */ + return apply_filters( 'um_custom_restriction', true, $restriction ); + } + + + /** + * Is post restricted? + * + * @param int $post_id + * @return bool + */ + function is_restricted( $post_id ) { + // break for incorrect post + if ( empty( $post_id ) ) { + return false; + } + + static $cache = array(); + + if ( isset( $cache[ $post_id ] ) ) { + return $cache[ $post_id ]; + } + + if ( current_user_can( 'administrator' ) ) { + $cache[ $post_id ] = false; + return false; + } + + $post = get_post( $post_id ); + if ( is_user_logged_in() && isset( $post->post_author ) && $post->post_author == get_current_user_id() ) { + $cache[ $post_id ] = false; + return false; + } + + $restricted = true; + + $restriction = $this->get_post_privacy_settings( $post_id ); + if ( ! $restriction ) { + $restricted = false; + } else { + if ( '0' == $restriction['_um_accessible'] ) { + //post is private + $restricted = false; + } elseif ( '1' == $restriction['_um_accessible'] ) { + //if post for not logged in users and user is not logged in + if ( ! is_user_logged_in() ) { + $restricted = false; + } + } elseif ( '2' == $restriction['_um_accessible'] ) { + //if post for logged in users and user is not logged in + if ( is_user_logged_in() ) { + $custom_restrict = $this->um_custom_restriction( $restriction ); + + if ( empty( $restriction['_um_access_roles'] ) || false === array_search( '1', $restriction['_um_access_roles'] ) ) { + if ( $custom_restrict ) { + $restricted = false; + } + } else { + $user_can = $this->user_can( get_current_user_id(), $restriction['_um_access_roles'] ); + + if ( $user_can && $custom_restrict ) { + $restricted = false; + } + } + } + } + } + + $restricted = apply_filters( 'um_is_restricted_post', $restricted, $post_id ); + + $cache[ $post_id ] = $restricted; + + return $restricted; + } + + + /** + * Is term restricted? + * + * @param int $term_id + * @param bool $on_term_page + * @return bool + */ + function is_restricted_term( $term_id, $on_term_page = false ) { + static $cache = array(); + + if ( isset( $cache[ $term_id ] ) ) { + return $cache[ $term_id ]; + } + + if ( current_user_can( 'administrator' ) ) { + $cache[ $term_id ] = false; + return false; + } + + $restricted_taxonomies = UM()->options()->get( 'restricted_access_taxonomy_metabox' ); + if ( empty( $restricted_taxonomies ) ) { + $cache[ $term_id ] = false; + return false; + } + + $term = get_term( $term_id ); + if ( empty( $term->taxonomy ) || empty( $restricted_taxonomies[ $term->taxonomy ] ) ) { + $cache[ $term_id ] = false; + return false; + } + + $restricted = true; + + // $this->allow_access = true only in case if the + + $restriction = get_term_meta( $term_id, 'um_content_restriction', true ); + if ( empty( $restriction ) ) { + $restricted = false; + } else { + if ( empty( $restriction['_um_custom_access_settings'] ) ) { + $restricted = false; + } else { + if ( '0' == $restriction['_um_accessible'] ) { + //term is private + $restricted = false; + if ( $on_term_page ) { + $this->allow_access = true; + } + } elseif ( '1' == $restriction['_um_accessible'] ) { + //if term for not logged in users and user is not logged in + if ( ! is_user_logged_in() ) { + $restricted = false; + if ( $on_term_page ) { + $this->allow_access = true; + } + } + } elseif ( '2' == $restriction['_um_accessible'] ) { + //if term for logged in users and user is not logged in + if ( is_user_logged_in() ) { + $custom_restrict = $this->um_custom_restriction( $restriction ); + + if ( empty( $restriction['_um_access_roles'] ) || false === array_search( '1', $restriction['_um_access_roles'] ) ) { + if ( $custom_restrict ) { + $restricted = false; + if ( $on_term_page ) { + $this->allow_access = true; + } + } + } else { + $user_can = $this->user_can( get_current_user_id(), $restriction['_um_access_roles'] ); + + if ( $user_can && $custom_restrict ) { + $restricted = false; + if ( $on_term_page ) { + $this->allow_access = true; + } + } + } + } + } + } + } + + $restricted = apply_filters( 'um_is_restricted_term', $restricted, $term_id, $on_term_page ); + + $cache[ $term_id ] = $restricted; + return $restricted; + } } } diff --git a/includes/core/class-external-integrations.php b/includes/core/class-external-integrations.php index db6c1698..2d33de79 100644 --- a/includes/core/class-external-integrations.php +++ b/includes/core/class-external-integrations.php @@ -29,6 +29,7 @@ if ( ! class_exists( 'um\core\External_Integrations' ) ) { add_action( 'um_access_fix_external_post_content', array( &$this, 'bbpress_no_access_message_fix' ), 10 ); add_action( 'um_access_fix_external_post_content', array( &$this, 'forumwp_fix' ), 11 ); + add_action( 'um_access_fix_external_post_content', array( &$this, 'woocommerce_fix' ), 12 ); add_filter( 'um_localize_permalink_filter', array( &$this, 'um_localize_permalink_filter' ), 10, 2 ); add_filter( 'icl_ls_languages', array( &$this, 'um_core_page_wpml_permalink' ), 10, 1 ); @@ -151,6 +152,30 @@ if ( ! class_exists( 'um\core\External_Integrations' ) ) { } + /** + * Fixed Woocommerce access to Products message + */ + function woocommerce_fix() { + if ( UM()->dependencies()->woocommerce_active_check() ) { + add_filter( 'single_template', array( &$this, 'woocommerce_template' ), 9999999, 1 ); + } + } + + + /** + * @param string $single_template + * + * @return string + */ + function woocommerce_template( $single_template ) { + if ( is_product() ) { + remove_filter( 'template_include', array( 'WC_Template_Loader', 'template_loader' ) ); + } + + return $single_template; + } + + /** * @param $profile_url * @param $page_id @@ -558,4 +583,4 @@ if ( ! class_exists( 'um\core\External_Integrations' ) ) { } -} \ No newline at end of file +} diff --git a/includes/core/class-fields.php b/includes/core/class-fields.php index aa10f02e..8ecc9915 100644 --- a/includes/core/class-fields.php +++ b/includes/core/class-fields.php @@ -709,6 +709,12 @@ if ( ! class_exists( 'um\core\Fields' ) ) { return ''; } + if ( 'profile' === $this->set_mode ) { + if ( ! isset( UM()->form()->post_form['profile_nonce'] ) || false === wp_verify_nonce( UM()->form()->post_form['profile_nonce'], 'um-profile-nonce' . UM()->user()->target_id ) ) { + return ''; + } + } + return stripslashes_deep( UM()->form()->post_form[ $key ] ); } elseif ( um_user( $key ) && $this->editing == true ) { @@ -2416,10 +2422,10 @@ if ( ! class_exists( 'um\core\Fields' ) ) { } elseif( isset( $data['label'] ) ) { $placeholder = sprintf( __( 'Confirm %s', 'ultimate-member' ), $data['label'] ); } - + $output .= ''; - + $output .= ''; @@ -2591,7 +2597,8 @@ if ( ! class_exists( 'um\core\Fields' ) ) { $output .= ob_get_clean(); $output .= '
' . $placeholder . ''; } else { - $output .= ''; + $textarea_field_value = ! empty( $data['html'] ) ? $field_value : strip_tags( $field_value ); + $output .= ''; } $output .= ''; @@ -2621,7 +2628,7 @@ if ( ! class_exists( 'um\core\Fields' ) ) { $output .= '
'; $output .= ''; - + if ( $this->is_error( $key ) ) { $output .= $this->field_error( $this->show_error( $key ) ); } elseif ( $this->is_notice( $key ) ) { @@ -3878,6 +3885,11 @@ if ( ! class_exists( 'um\core\Fields' ) ) { UM()->form()->form_suffix = '-' . $this->global_args['form_id']; $this->set_mode = $mode; + + if ( 'profile' === $mode ) { + UM()->form()->nonce = wp_create_nonce( 'um-profile-nonce' . UM()->user()->target_id ); + } + $this->set_id = $this->global_args['form_id']; $this->field_icons = ( isset( $this->global_args['icons'] ) ) ? $this->global_args['icons'] : 'label'; @@ -4122,6 +4134,9 @@ if ( ! class_exists( 'um\core\Fields' ) ) { if ( ! empty( $res ) ) { $res = stripslashes( $res ); } + if ( 'description' === $data['metakey'] ) { + $res = nl2br( $res ); + } $data['is_view_field'] = true; /** diff --git a/includes/core/class-form.php b/includes/core/class-form.php index 0f8081ce..e601be2a 100644 --- a/includes/core/class-form.php +++ b/includes/core/class-form.php @@ -32,6 +32,9 @@ if ( ! class_exists( 'um\core\Form' ) ) { var $post_form = null; + var $nonce = null; + + /** * Form constructor. */ @@ -331,14 +334,18 @@ if ( ! class_exists( 'um\core\Form' ) ) { if ( $http_post && ! is_admin() && isset( $_POST['form_id'] ) && is_numeric( $_POST['form_id'] ) ) { - $this->form_id = absint( $_POST['form_id'] ); - $this->form_status = get_post_status( $this->form_id ); - $this->form_data = UM()->query()->post_data( $this->form_id ); + $this->form_id = absint( $_POST['form_id'] ); + if ( 'um_form' !== get_post_type( $this->form_id ) ) { + return; + } + $this->form_status = get_post_status( $this->form_id ); if ( 'publish' !== $this->form_status ) { return; } + $this->form_data = UM()->query()->post_data( $this->form_id ); + /** * UM hook * @@ -579,7 +586,7 @@ if ( ! class_exists( 'um\core\Form' ) ) { $form[ $k ] = (int) $form[ $k ]; break; case 'textarea': - if ( ! empty( $field['html'] ) ) { + if ( ! empty( $field['html'] ) || ( UM()->profile()->get_show_bio_key( $form ) === $k && UM()->options()->get( 'profile_show_html_bio' ) ) ) { $form[ $k ] = wp_kses_post( $form[ $k ] ); } else { $form[ $k ] = sanitize_textarea_field( $form[ $k ] ); diff --git a/includes/core/class-user-posts.php b/includes/core/class-user-posts.php index 33fb2374..afd50a03 100644 --- a/includes/core/class-user-posts.php +++ b/includes/core/class-user-posts.php @@ -29,11 +29,12 @@ if ( ! class_exists( 'um\core\User_posts' ) ) { */ function add_posts() { $args = array( - 'post_type' => 'post', - 'posts_per_page' => 10, - 'offset' => 0, - 'author' => um_get_requested_user(), - 'post_status' => array( 'publish' ) + 'post_type' => 'post', + 'posts_per_page' => 10, + 'offset' => 0, + 'author' => um_get_requested_user(), + 'post_status' => array( 'publish' ), + 'um_main_query' => true, ); /** @@ -107,11 +108,12 @@ if ( ! class_exists( 'um\core\User_posts' ) ) { $page = ! empty( $_POST['page'] ) ? absint( $_POST['page'] ) : 0; $args = array( - 'post_type' => 'post', - 'posts_per_page' => 10, - 'offset' => ( $page - 1 ) * 10, - 'author' => $author, - 'post_status' => array( 'publish' ) + 'post_type' => 'post', + 'posts_per_page' => 10, + 'offset' => ( $page - 1 ) * 10, + 'author' => $author, + 'post_status' => array( 'publish' ), + 'um_main_query' => true, ); /** diff --git a/includes/core/um-actions-profile.php b/includes/core/um-actions-profile.php index 0233e127..92ccf3e5 100644 --- a/includes/core/um-actions-profile.php +++ b/includes/core/um-actions-profile.php @@ -629,7 +629,7 @@ function um_editing_user_id_input( $args ) { if ( UM()->fields()->editing == 1 && UM()->fields()->set_mode == 'profile' && UM()->user()->target_id ) { ?> - + ID ) ) { @@ -39,4 +39,4 @@ - \ No newline at end of file + diff --git a/ultimate-member.php b/ultimate-member.php index 6abe8418..8a630fee 100644 --- a/ultimate-member.php +++ b/ultimate-member.php @@ -3,7 +3,7 @@ Plugin Name: Ultimate Member Plugin URI: http://ultimatemember.com/ Description: The easiest way to create powerful online communities and beautiful user profiles with WordPress -Version: 2.2.3-beta +Version: 2.2.3 Author: Ultimate Member Author URI: http://ultimatemember.com/ Text Domain: ultimate-member