Merge pull request #1491 from ultimatemember/security/CVE-2024-2765

CVE 2024 2765
This commit is contained in:
Mykyta Synelnikov
2024-04-02 17:30:11 +03:00
committed by GitHub
9 changed files with 44 additions and 41 deletions
+1 -1
View File
@@ -331,7 +331,7 @@ if ( ! class_exists( 'um\admin\Secure' ) ) {
$val .= '<div><small>' . esc_html__( 'Blocked Due to Suspicious Activity', 'ultimate-member' ) . '</small></div>';
$nonce = wp_create_nonce( 'um-security-restore-account-nonce-' . $user_id );
$restore_account_url = admin_url( 'users.php?user_id=' . $user_id . '&um_secure_restore_account=1&_wpnonce=' . $nonce );
$action = ' &#183; <a href=" ' . esc_attr( $restore_account_url ) . ' " onclick=\'return confirm("' . esc_js( __( 'Are you sure that you want to restore this account after getting flagged for suspicious activity?', 'ultimate-member' ) ) . '");\'><small>' . esc_html__( 'Restore Account', 'ultimate-member' ) . '</small></a>';
$action = ' &#183; <a href=" ' . esc_url( $restore_account_url ) . ' " onclick=\'return confirm("' . esc_js( __( 'Are you sure that you want to restore this account after getting flagged for suspicious activity?', 'ultimate-member' ) ) . '");\'><small>' . esc_html__( 'Restore Account', 'ultimate-member' ) . '</small></a>';
if ( ! empty( $datetime ) ) {
$val .= '<div><small>' . human_time_diff( strtotime( $datetime ) ) . ' ' . __( 'ago', 'ultimate-member' ) . '</small>' . $action . '</div>';
}
+1 -1
View File
@@ -274,7 +274,7 @@ if ( ! class_exists( 'um\admin\core\Admin_Users' ) ) {
public function user_row_actions( $actions, $user_object ) {
$user_id = $user_object->ID;
$actions['frontend_profile'] = '<a href="' . um_user_profile_url( $user_id ) . '">' . __( 'View profile', 'ultimate-member' ) . '</a>';
$actions['frontend_profile'] = '<a href="' . esc_url( um_user_profile_url( $user_id ) ) . '">' . __( 'View profile', 'ultimate-member' ) . '</a>';
$submitted = get_user_meta( $user_id, 'submitted', true );
if ( ! empty( $submitted ) ) {