From 5ddbdc8a3c8e6fd0ce8c2852d9d1b8de56cae0e9 Mon Sep 17 00:00:00 2001 From: jonfalcon Date: Sun, 31 Jan 2016 09:39:02 -0800 Subject: [PATCH 1/5] Fix validation for change password --- core/um-actions-account.php | 4 ++-- core/um-actions-global.php | 31 ++++++++++++++++--------------- 2 files changed, 18 insertions(+), 17 deletions(-) diff --git a/core/um-actions-account.php b/core/um-actions-account.php index ec7a97d2..429dc90b 100644 --- a/core/um-actions-account.php +++ b/core/um-actions-account.php @@ -101,8 +101,8 @@ $ultimatemember->account->current_tab = 'general'; // change password - if ( $_POST['current_user_password'] != '' ) { - if ( !wp_check_password( $_POST['current_user_password'], um_user('user_pass'), um_user('ID') ) ) { + if ( $_POST['current_user_password'] != '' || $_POST['user_password'] != '' || $_POST['confirm_user_password'] != '') { + if ( $_POST['current_user_password'] == '' || !wp_check_password( $_POST['current_user_password'], um_user('user_pass'), um_user('ID') ) ) { $ultimatemember->form->add_error('current_user_password', __('This is not your password','ultimatemember') ); $ultimatemember->account->current_tab = 'password'; } else { // correct password diff --git a/core/um-actions-global.php b/core/um-actions-global.php index a587e9bd..33590af9 100644 --- a/core/um-actions-global.php +++ b/core/um-actions-global.php @@ -1,55 +1,56 @@ - + '; - + ?> - +

- + - + - + - + - + Date: Sun, 31 Jan 2016 11:31:46 -0800 Subject: [PATCH 2/5] Fix invalid role --- core/um-form.php | 66 ++++++++++++++++++++++++------------------------ 1 file changed, 33 insertions(+), 33 deletions(-) diff --git a/core/um-form.php b/core/um-form.php index 4f19c2aa..4bb9a6fe 100644 --- a/core/um-form.php +++ b/core/um-form.php @@ -3,23 +3,23 @@ class UM_Form { public $form_suffix; - + function __construct() { - + $this->post_form = null; $this->form_suffix = null; - + $this->errors = null; - + $this->processing = null; - + add_action('init', array(&$this, 'form_init'), 2); - + add_action('init', array(&$this, 'field_declare'), 10); - + } - + /*** *** @add errors ***/ @@ -28,7 +28,7 @@ class UM_Form { $this->errors[$key] = $error; } } - + /*** *** @has error ***/ @@ -37,7 +37,7 @@ class UM_Form { return true; return false; } - + /*** *** @declare all fields ***/ @@ -49,38 +49,38 @@ class UM_Form { $this->all_fields = null; } } - + /*** *** @Checks that we've a form ***/ function form_init(){ global $ultimatemember; - + if ( isset( $_SERVER['REQUEST_METHOD'] ) ) { $http_post = ('POST' == $_SERVER['REQUEST_METHOD']); } else { $http_post = 'POST'; } - + if ( $http_post && !is_admin() && isset( $_POST['form_id'] ) && is_numeric($_POST['form_id']) ) { $this->form_id = $_POST['form_id']; $this->form_status = get_post_status( $this->form_id ); - + if ( $this->form_status == 'publish' ) { /* save entire form as global */ $this->post_form = $_POST; - + $this->post_form = $this->beautify( $this->post_form ); $this->form_data = $ultimatemember->query->post_data( $this->form_id ); - + $this->post_form['submitted'] = $this->post_form; - + $this->post_form = array_merge( $this->form_data, $this->post_form ); - if ( isset( $this->form_data['role'] ) && $_POST['role'] != $this->form_data['role'] ) { + if ( isset( $this->form_data['role'] ) && ( (boolean) $this->form_data['role'] ) && $_POST['role'] != $this->form_data['role'] ) { wp_die( __( 'This is not possible for security reasons.','ultimatemember') ); } else { if ( isset( $this->form_data['custom_fields'] ) && strstr( $this->form_data['custom_fields'], 'role_' ) ) { @@ -99,10 +99,10 @@ class UM_Form { wp_die('Hello, spam bot!'); if ( !in_array( $this->form_data['mode'], array('login') ) ) { - + $form_timestamp = trim($_POST['timestamp']); $live_timestamp = current_time( 'timestamp' ); - + if ( $form_timestamp == '' && um_get_option('enable_timebot') == 1 ) wp_die( __('Hello, spam bot!') ); @@ -110,30 +110,30 @@ class UM_Form { wp_die( __('Whoa, slow down! You\'re seeing this message because you tried to submit a form too fast and we think you might be a spam bot. If you are a real human being please wait a few seconds before submitting the form. Thanks!') ); } - + /* Continue based on form mode - pre-validation */ - + do_action('um_submit_form_errors_hook', $this->post_form ); do_action("um_submit_form_{$this->post_form['mode']}", $this->post_form ); } - + } } - + /*** *** @Beautify form data ***/ function beautify( $form ){ - + if (isset($form['form_id'])){ - + $this->form_suffix = '-' . $form['form_id']; - + $this->processing = $form['form_id']; - + foreach($form as $key => $value){ if (strstr($key, $this->form_suffix) ) { $a_key = str_replace( $this->form_suffix, '', $key); @@ -141,12 +141,12 @@ class UM_Form { unset($form[$key]); } } - + } - + return $form; } - + /*** *** @Display Form Type as Text ***/ @@ -165,5 +165,5 @@ class UM_Form { } return $output; } - -} \ No newline at end of file + +} From 4e6b513adab0d740afeba0fc9a017ddaac0f0015 Mon Sep 17 00:00:00 2001 From: jonfalcon Date: Sun, 31 Jan 2016 11:52:44 -0800 Subject: [PATCH 3/5] Fix email locale tempalte path --- core/um-mail.php | 48 +++++++++++++++++++++++++----------------------- 1 file changed, 25 insertions(+), 23 deletions(-) diff --git a/core/um-mail.php b/core/um-mail.php index b4d8e0e1..95cafc26 100644 --- a/core/um-mail.php +++ b/core/um-mail.php @@ -5,37 +5,39 @@ class UM_Mail { function __construct() { add_filter('mandrill_nl2br', array(&$this, 'mandrill_nl2br') ); - + $this->force_plain_text = ''; - + } - + /*** *** @mandrill compatibility ***/ function mandrill_nl2br($nl2br, $message = '') { - + // text emails if ( !um_get_option('email_html') ) { $nl2br = true; } - + return $nl2br; } - + /*** *** @check If template exists ***/ function email_template( $template, $args = array() ) { $lang = ''; - + if ( function_exists('icl_get_current_language') ) { if ( icl_get_current_language() != 'en' ) { $lang = icl_get_current_language() . '/'; } + } else { + $lang = get_locale(); } - + if ( file_exists( get_stylesheet_directory() . '/ultimate-member/templates/email/' . $lang . $template . '.html' ) ) { return get_stylesheet_directory() . '/ultimate-member/templates/email/' . $lang . $template . '.html'; } @@ -45,30 +47,30 @@ class UM_Mail { } else { $path = um_path . 'templates/email/' . $lang; } - + if ( file_exists( $path . $template . '.html' ) ) { return $path . $template . '.html'; } - + return false; - + } - + /*** *** @sends an email to any user ***/ function send( $email, $template=null, $args = array() ) { - + if ( !$template ) return; if ( um_get_option( $template . '_on' ) != 1 ) return; if ( !is_email( $email ) ) return; - + $this->attachments = null; $this->headers = 'From: '. um_get_option('mail_from') .' <'. um_get_option('mail_from_addr') .'>' . "\r\n"; $this->subject = um_get_option( $template . '_sub' ); $this->subject = um_convert_tags( $this->subject, $args ); - + if ( isset( $args['admin'] ) || isset( $args['plain_text'] ) ) { $this->force_plain_text = 'forced'; } @@ -80,31 +82,31 @@ class UM_Mail { } else { $this->message = um_get_option( $template ); } - + // Convert tags in body $this->message = um_convert_tags( $this->message, $args ); // Send mail wp_mail( $email, $this->subject, $this->message, $this->headers, $this->attachments ); remove_filter( 'wp_mail_content_type', array(&$this, 'set_content_type') ); - + // reset globals $this->force_plain_text = ''; - + } - + /*** *** @maybe sending HTML emails ***/ function set_content_type( $content_type ) { if ( $this->force_plain_text == 'forced' ) return 'text/plain'; - + if ( um_get_option('email_html') ) return 'text/html'; - + return 'text/plain'; } - -} \ No newline at end of file + +} From 9ee8fca0cb573bdb15974efd6c1ae92ff11f3242 Mon Sep 17 00:00:00 2001 From: jonfalcon Date: Sun, 31 Jan 2016 12:01:23 -0800 Subject: [PATCH 4/5] Add filter hook for email template path --- core/um-mail.php | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/core/um-mail.php b/core/um-mail.php index 95cafc26..90819252 100644 --- a/core/um-mail.php +++ b/core/um-mail.php @@ -29,6 +29,7 @@ class UM_Mail { ***/ function email_template( $template, $args = array() ) { $lang = ''; + $template_path = false; if ( function_exists('icl_get_current_language') ) { if ( icl_get_current_language() != 'en' ) { @@ -39,7 +40,7 @@ class UM_Mail { } if ( file_exists( get_stylesheet_directory() . '/ultimate-member/templates/email/' . $lang . $template . '.html' ) ) { - return get_stylesheet_directory() . '/ultimate-member/templates/email/' . $lang . $template . '.html'; + $template_path = get_stylesheet_directory() . '/ultimate-member/templates/email/' . $lang . $template . '.html'; } if ( isset( $args['path'] ) ) { @@ -49,10 +50,10 @@ class UM_Mail { } if ( file_exists( $path . $template . '.html' ) ) { - return $path . $template . '.html'; + $template_path = $path . $template . '.html'; } - return false; + return apply_filters( 'um_email_template_path', $template_path, $template, $args ); } From 99c55a224c9dc7850f8914a7cb4eb7bc56fbb78c Mon Sep 17 00:00:00 2001 From: jonfalcon Date: Sun, 31 Jan 2016 13:39:49 -0800 Subject: [PATCH 5/5] Fix account page using other user's info --- core/um-account.php | 172 ++++++++++++++++++++++---------------------- 1 file changed, 87 insertions(+), 85 deletions(-) diff --git a/core/um-account.php b/core/um-account.php index 2a786194..1750a8ae 100644 --- a/core/um-account.php +++ b/core/um-account.php @@ -3,44 +3,44 @@ class UM_Account { function __construct() { - + add_shortcode('ultimatemember_account', array(&$this, 'ultimatemember_account'), 1); - + add_filter('um_account_page_default_tabs_hook', array(&$this, 'core_tabs'), 1); - + add_action('template_redirect', array(&$this, 'account'), 10001 ); - + add_action('template_redirect', array(&$this, 'form_init'), 10002); - + add_filter('um_predefined_fields_hook', array(&$this,'predefined_fields_hook'),1 ); $this->current_tab = 'general'; } - + /*** *** @get core account tabs ***/ function core_tabs() { - + $tabs[100]['general']['icon'] = 'um-faicon-user'; $tabs[100]['general']['title'] = __('Account','ultimatemember'); - + $tabs[200]['password']['icon'] = 'um-faicon-asterisk'; $tabs[200]['password']['title'] = __('Change Password','ultimatemember'); - + $tabs[300]['privacy']['icon'] = 'um-faicon-lock'; $tabs[300]['privacy']['title'] = __('Privacy','ultimatemember'); - + $tabs[400]['notifications']['icon'] = 'um-faicon-envelope'; $tabs[400]['notifications']['title'] = __('Notifications','ultimatemember'); - + $tabs[9999]['delete']['icon'] = 'um-faicon-trash-o'; $tabs[9999]['delete']['title'] = __('Delete Account','ultimatemember'); - + return $tabs; } - + /*** *** @account page form ***/ @@ -48,17 +48,17 @@ class UM_Account { global $ultimatemember; if ( um_submitting_account_page() ) { - + $ultimatemember->form->post_form = $_POST; do_action('um_submit_account_errors_hook', $ultimatemember->form->post_form ); - + if ( !isset($ultimatemember->form->errors) ) { - + if ( get_query_var('um_tab') ) { $this->current_tab = get_query_var('um_tab'); } - + do_action('um_submit_account_details', $ultimatemember->form->post_form ); } @@ -66,177 +66,179 @@ class UM_Account { } } - + /*** *** @can access account page ***/ function account(){ global $ultimatemember; - + if ( um_is_core_page('account') && !is_user_logged_in() ) { exit( wp_redirect( add_query_arg('redirect_to', urlencode( um_get_core_page('account') ) , um_get_core_page('login') ) ) ); } - + if ( um_is_core_page('account') ) { - + $ultimatemember->fields->set_mode = 'account'; - + $ultimatemember->fields->editing = true; - + if ( get_query_var('um_tab') ) { $this->current_tab = get_query_var('um_tab'); } - + } - + } - + /*** *** @get tab link ***/ function tab_link( $id ) { - + if ( get_option('permalink_structure') ) { - + $url = trailingslashit( untrailingslashit( um_get_core_page('account') ) ); $url = $url . $id . '/'; - + } else { - + $url = add_query_arg( 'um_tab', $id, um_get_core_page('account') ); - + } - + return $url; } - + /*** *** @Add class based on shortcode ***/ function get_class( $mode ){ - + global $ultimatemember; - + $classes = 'um-'.$mode; - + if ( is_admin() ) { $classes .= ' um-in-admin'; } - + if ( $ultimatemember->fields->editing == true ) { $classes .= ' um-editing'; } - + if ( $ultimatemember->fields->viewing == true ) { $classes .= ' um-viewing'; } - + $classes = apply_filters('um_form_official_classes__hook', $classes); return $classes; } - + /*** *** @get tab output ***/ function get_tab_output( $id ) { global $ultimatemember; - + $output = null; - + switch( $id ) { - + case 'notifications': - + $output = apply_filters("um_account_content_hook_{$id}", $output); return $output; - + break; case 'privacy': - + $args = 'profile_privacy,hide_in_members'; $args = apply_filters('um_account_tab_privacy_fields', $args ); - + $fields = $ultimatemember->builtin->get_specific_fields( $args ); foreach( $fields as $key => $data ){ $output .= $ultimatemember->fields->edit_field( $key, $data ); } - + return $output; - + break; - + case 'delete': - + $args = 'single_user_password'; - + $fields = $ultimatemember->builtin->get_specific_fields( $args ); foreach( $fields as $key => $data ){ $output .= $ultimatemember->fields->edit_field( $key, $data ); } - + return $output; - + break; - + case 'general': - + $args = 'user_login,first_name,last_name,user_email'; - + if ( !um_get_option('account_name') ) { $args = 'user_login,user_email'; } - + if ( !um_get_option('account_email') && !um_user('can_edit_everyone') ) { $args = str_replace(',user_email','', $args ); } - + $fields = $ultimatemember->builtin->get_specific_fields( $args ); foreach( $fields as $key => $data ){ $output .= $ultimatemember->fields->edit_field( $key, $data ); } - + return $output; - + break; - + case 'password': - + $args = 'user_password'; - + $fields = $ultimatemember->builtin->get_specific_fields( $args ); foreach( $fields as $key => $data ){ $output .= $ultimatemember->fields->edit_field( $key, $data ); } - + return $output; - + break; - + default : - + $output = apply_filters("um_account_content_hook_{$id}", $output); return $output; - + break; } } - + /*** *** @Shortcode ***/ function ultimatemember_account( $args = array() ) { return $this->load( $args ); } - + /*** *** @Load a module with global function ***/ function load( $args ) { - + global $ultimatemember; - + + $ultimatemember->user->set( get_current_user_id() ); + ob_start(); $defaults = array( @@ -245,35 +247,35 @@ class UM_Account { 'form_id' => 'um_account_id', ); $args = wp_parse_args( $args, $defaults ); - + if ( isset( $args['use_globals'] ) && $args['use_globals'] == 1 ) { $args = array_merge( $args, $this->get_css_args( $args ) ); } else { $args = array_merge( $this->get_css_args( $args ), $args ); } - + $args = apply_filters('um_account_shortcode_args_filter', $args); extract( $args, EXTR_SKIP ); - + do_action("um_pre_{$mode}_shortcode", $args); - + do_action("um_before_form_is_loaded", $args); - + do_action("um_before_{$mode}_form_is_loaded", $args); - + $this->template_load( $template, $args ); - + if ( !is_admin() && !defined( 'DOING_AJAX' ) ) { $this->dynamic_css( $args ); } - + $output = ob_get_contents(); ob_end_clean(); return $output; } - + /*** *** @Get dynamic css args ***/ @@ -282,7 +284,7 @@ class UM_Account { $arr = array_merge( $arr, array( 'form_id' => $args['form_id'], 'mode' => $args['mode'] ) ); return $arr; } - + /*** *** @Load dynamic css ***/ @@ -315,7 +317,7 @@ class UM_Account { if( ! $account_hide_in_directory ){ unset( $predefined_fields['hide_in_members'] ); } - + return $predefined_fields; } -} \ No newline at end of file +}