mirror of
https://github.com/10h30/ultimatemember.git
synced 2026-07-11 10:46:11 +09:00
Update PHP requirement and improve user action handling
Raised minimum PHP version to 7.0 and finalized the plugin version to 2.9.3. Introduced a centralized user actions array and replaced 'manage_options' capability with 'edit_users' for better permission handling. Optimized the nonce actions extension method for cleaner code. * reviewed #1619
This commit is contained in:
@@ -14,6 +14,24 @@ if ( ! class_exists( 'um\admin\Actions_Listener' ) ) {
|
||||
*/
|
||||
class Actions_Listener {
|
||||
|
||||
/**
|
||||
* USER_ACTIONS array containing different actions for managing users:
|
||||
* - approve_user: Approve a user
|
||||
* - reactivate_user: Reactivate a user account
|
||||
* - put_user_as_pending: Set a user as pending
|
||||
* - resend_user_activation: Resend activation email to a user
|
||||
* - reject_user: Reject a user
|
||||
* - deactivate_user: Deactivate a user account
|
||||
*/
|
||||
const USER_ACTIONS = array(
|
||||
'approve_user',
|
||||
'reactivate_user',
|
||||
'put_user_as_pending',
|
||||
'resend_user_activation',
|
||||
'reject_user',
|
||||
'deactivate_user',
|
||||
);
|
||||
|
||||
/**
|
||||
* Actions_Listener constructor.
|
||||
*/
|
||||
@@ -26,171 +44,179 @@ if ( ! class_exists( 'um\admin\Actions_Listener' ) ) {
|
||||
* Handle wp-admin actions
|
||||
*
|
||||
* @since 2.8.7
|
||||
* @since 2.9.3 User should have 'edit_users' capability instead of 'manage_options'.
|
||||
*/
|
||||
public function actions_listener() {
|
||||
if ( ! current_user_can( 'manage_options' ) ) {
|
||||
// phpcs:disable WordPress.Security.NonceVerification -- there is nonce verification below for each case
|
||||
if ( empty( $_REQUEST['um_adm_action'] ) ) {
|
||||
return;
|
||||
}
|
||||
|
||||
if ( ! empty( $_REQUEST['um_adm_action'] ) ) {
|
||||
switch ( sanitize_key( $_REQUEST['um_adm_action'] ) ) { // phpcs:ignore WordPress.Security.NonceVerification -- there is nonce verification below for each case
|
||||
case 'approve_user':
|
||||
if ( empty( $_REQUEST['uid'] ) || ! is_numeric( $_REQUEST['uid'] ) ) {
|
||||
die( esc_html__( 'Invalid user ID', 'ultimate-member' ) );
|
||||
$action = sanitize_key( $_REQUEST['um_adm_action'] );
|
||||
// phpcs:enable WordPress.Security.NonceVerification -- there is nonce verification below for each case
|
||||
|
||||
if ( in_array( $action, self::USER_ACTIONS, true ) && ! current_user_can( 'edit_users' ) ) {
|
||||
return;
|
||||
}
|
||||
|
||||
switch ( $action ) {
|
||||
case 'approve_user':
|
||||
if ( empty( $_REQUEST['uid'] ) || ! is_numeric( $_REQUEST['uid'] ) ) {
|
||||
die( esc_html__( 'Invalid user ID', 'ultimate-member' ) );
|
||||
}
|
||||
|
||||
$user_id = absint( $_REQUEST['uid'] );
|
||||
|
||||
check_admin_referer( "approve_user{$user_id}" );
|
||||
|
||||
$redirect = wp_get_referer();
|
||||
if ( UM()->common()->users()->can_current_user_edit_user( $user_id ) ) {
|
||||
$result = UM()->common()->users()->approve( $user_id );
|
||||
if ( $result ) {
|
||||
$redirect = add_query_arg(
|
||||
array(
|
||||
'update' => 'um_approved',
|
||||
'approved_count' => 1,
|
||||
),
|
||||
$redirect
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
$user_id = absint( $_REQUEST['uid'] );
|
||||
wp_safe_redirect( $redirect );
|
||||
exit;
|
||||
case 'reactivate_user':
|
||||
if ( empty( $_REQUEST['uid'] ) || ! is_numeric( $_REQUEST['uid'] ) ) {
|
||||
die( esc_html__( 'Invalid user ID', 'ultimate-member' ) );
|
||||
}
|
||||
|
||||
check_admin_referer( "approve_user{$user_id}" );
|
||||
$user_id = absint( $_REQUEST['uid'] );
|
||||
|
||||
$redirect = wp_get_referer();
|
||||
if ( UM()->common()->users()->can_current_user_edit_user( $user_id ) ) {
|
||||
$result = UM()->common()->users()->approve( $user_id );
|
||||
if ( $result ) {
|
||||
$redirect = add_query_arg(
|
||||
array(
|
||||
'update' => 'um_approved',
|
||||
'approved_count' => 1,
|
||||
),
|
||||
$redirect
|
||||
);
|
||||
}
|
||||
check_admin_referer( "reactivate_user{$user_id}" );
|
||||
|
||||
$redirect = wp_get_referer();
|
||||
if ( UM()->common()->users()->can_current_user_edit_user( $user_id ) ) {
|
||||
$result = UM()->common()->users()->reactivate( $user_id );
|
||||
if ( $result ) {
|
||||
$redirect = add_query_arg(
|
||||
array(
|
||||
'update' => 'um_reactivated',
|
||||
'reactivated_count' => 1,
|
||||
),
|
||||
$redirect
|
||||
);
|
||||
}
|
||||
}
|
||||
wp_safe_redirect( $redirect );
|
||||
exit;
|
||||
case 'put_user_as_pending':
|
||||
if ( empty( $_REQUEST['uid'] ) || ! is_numeric( $_REQUEST['uid'] ) ) {
|
||||
die( esc_html__( 'Invalid user ID', 'ultimate-member' ) );
|
||||
}
|
||||
|
||||
wp_safe_redirect( $redirect );
|
||||
exit;
|
||||
case 'reactivate_user':
|
||||
if ( empty( $_REQUEST['uid'] ) || ! is_numeric( $_REQUEST['uid'] ) ) {
|
||||
die( esc_html__( 'Invalid user ID', 'ultimate-member' ) );
|
||||
$user_id = absint( $_REQUEST['uid'] );
|
||||
|
||||
check_admin_referer( "put_user_as_pending{$user_id}" );
|
||||
|
||||
$redirect = wp_get_referer();
|
||||
if ( UM()->common()->users()->can_current_user_edit_user( $user_id ) ) {
|
||||
$result = UM()->common()->users()->set_as_pending( $user_id );
|
||||
if ( $result ) {
|
||||
$redirect = add_query_arg(
|
||||
array(
|
||||
'update' => 'um_pending',
|
||||
'pending_count' => 1,
|
||||
),
|
||||
$redirect
|
||||
);
|
||||
}
|
||||
}
|
||||
wp_safe_redirect( $redirect );
|
||||
exit;
|
||||
case 'resend_user_activation':
|
||||
if ( empty( $_REQUEST['uid'] ) || ! is_numeric( $_REQUEST['uid'] ) ) {
|
||||
die( esc_html__( 'Invalid user ID', 'ultimate-member' ) );
|
||||
}
|
||||
|
||||
$user_id = absint( $_REQUEST['uid'] );
|
||||
$user_id = absint( $_REQUEST['uid'] );
|
||||
|
||||
check_admin_referer( "reactivate_user{$user_id}" );
|
||||
check_admin_referer( "resend_user_activation{$user_id}" );
|
||||
|
||||
$redirect = wp_get_referer();
|
||||
if ( UM()->common()->users()->can_current_user_edit_user( $user_id ) ) {
|
||||
$result = UM()->common()->users()->reactivate( $user_id );
|
||||
if ( $result ) {
|
||||
$redirect = add_query_arg(
|
||||
array(
|
||||
'update' => 'um_reactivated',
|
||||
'reactivated_count' => 1,
|
||||
),
|
||||
$redirect
|
||||
);
|
||||
}
|
||||
$redirect = wp_get_referer();
|
||||
if ( UM()->common()->users()->can_current_user_edit_user( $user_id ) ) {
|
||||
$result = UM()->common()->users()->send_activation( $user_id, true );
|
||||
if ( $result ) {
|
||||
$redirect = add_query_arg(
|
||||
array(
|
||||
'update' => 'um_resend_activation',
|
||||
'resend_activation_count' => 1,
|
||||
),
|
||||
$redirect
|
||||
);
|
||||
}
|
||||
wp_safe_redirect( $redirect );
|
||||
exit;
|
||||
case 'put_user_as_pending':
|
||||
if ( empty( $_REQUEST['uid'] ) || ! is_numeric( $_REQUEST['uid'] ) ) {
|
||||
die( esc_html__( 'Invalid user ID', 'ultimate-member' ) );
|
||||
}
|
||||
wp_safe_redirect( $redirect );
|
||||
exit;
|
||||
case 'reject_user':
|
||||
if ( empty( $_REQUEST['uid'] ) || ! is_numeric( $_REQUEST['uid'] ) ) {
|
||||
die( esc_html__( 'Invalid user ID', 'ultimate-member' ) );
|
||||
}
|
||||
|
||||
$user_id = absint( $_REQUEST['uid'] );
|
||||
|
||||
check_admin_referer( "reject_user{$user_id}" );
|
||||
|
||||
$redirect = wp_get_referer();
|
||||
if ( UM()->common()->users()->can_current_user_edit_user( $user_id ) ) {
|
||||
$result = UM()->common()->users()->reject( $user_id );
|
||||
if ( $result ) {
|
||||
$redirect = add_query_arg(
|
||||
array(
|
||||
'update' => 'um_rejected',
|
||||
'rejected_count' => 1,
|
||||
),
|
||||
$redirect
|
||||
);
|
||||
}
|
||||
}
|
||||
wp_safe_redirect( $redirect );
|
||||
exit;
|
||||
case 'deactivate_user':
|
||||
if ( empty( $_REQUEST['uid'] ) || ! is_numeric( $_REQUEST['uid'] ) ) {
|
||||
die( esc_html__( 'Invalid user ID', 'ultimate-member' ) );
|
||||
}
|
||||
|
||||
$user_id = absint( $_REQUEST['uid'] );
|
||||
$user_id = absint( $_REQUEST['uid'] );
|
||||
|
||||
check_admin_referer( "put_user_as_pending{$user_id}" );
|
||||
check_admin_referer( "deactivate_user{$user_id}" );
|
||||
|
||||
$redirect = wp_get_referer();
|
||||
if ( UM()->common()->users()->can_current_user_edit_user( $user_id ) ) {
|
||||
$result = UM()->common()->users()->set_as_pending( $user_id );
|
||||
if ( $result ) {
|
||||
$redirect = add_query_arg(
|
||||
array(
|
||||
'update' => 'um_pending',
|
||||
'pending_count' => 1,
|
||||
),
|
||||
$redirect
|
||||
);
|
||||
}
|
||||
$redirect = wp_get_referer();
|
||||
if ( UM()->common()->users()->can_current_user_edit_user( $user_id ) ) {
|
||||
$result = UM()->common()->users()->deactivate( $user_id );
|
||||
if ( $result ) {
|
||||
$redirect = add_query_arg(
|
||||
array(
|
||||
'update' => 'um_deactivate',
|
||||
'deactivated_count' => 1,
|
||||
),
|
||||
$redirect
|
||||
);
|
||||
}
|
||||
wp_safe_redirect( $redirect );
|
||||
exit;
|
||||
case 'resend_user_activation':
|
||||
if ( empty( $_REQUEST['uid'] ) || ! is_numeric( $_REQUEST['uid'] ) ) {
|
||||
die( esc_html__( 'Invalid user ID', 'ultimate-member' ) );
|
||||
}
|
||||
|
||||
$user_id = absint( $_REQUEST['uid'] );
|
||||
|
||||
check_admin_referer( "resend_user_activation{$user_id}" );
|
||||
|
||||
$redirect = wp_get_referer();
|
||||
if ( UM()->common()->users()->can_current_user_edit_user( $user_id ) ) {
|
||||
$result = UM()->common()->users()->send_activation( $user_id, true );
|
||||
if ( $result ) {
|
||||
$redirect = add_query_arg(
|
||||
array(
|
||||
'update' => 'um_resend_activation',
|
||||
'resend_activation_count' => 1,
|
||||
),
|
||||
$redirect
|
||||
);
|
||||
}
|
||||
}
|
||||
wp_safe_redirect( $redirect );
|
||||
exit;
|
||||
case 'reject_user':
|
||||
if ( empty( $_REQUEST['uid'] ) || ! is_numeric( $_REQUEST['uid'] ) ) {
|
||||
die( esc_html__( 'Invalid user ID', 'ultimate-member' ) );
|
||||
}
|
||||
|
||||
$user_id = absint( $_REQUEST['uid'] );
|
||||
|
||||
check_admin_referer( "reject_user{$user_id}" );
|
||||
|
||||
$redirect = wp_get_referer();
|
||||
if ( UM()->common()->users()->can_current_user_edit_user( $user_id ) ) {
|
||||
$result = UM()->common()->users()->reject( $user_id );
|
||||
if ( $result ) {
|
||||
$redirect = add_query_arg(
|
||||
array(
|
||||
'update' => 'um_rejected',
|
||||
'rejected_count' => 1,
|
||||
),
|
||||
$redirect
|
||||
);
|
||||
}
|
||||
}
|
||||
wp_safe_redirect( $redirect );
|
||||
exit;
|
||||
case 'deactivate_user':
|
||||
if ( empty( $_REQUEST['uid'] ) || ! is_numeric( $_REQUEST['uid'] ) ) {
|
||||
die( esc_html__( 'Invalid user ID', 'ultimate-member' ) );
|
||||
}
|
||||
|
||||
$user_id = absint( $_REQUEST['uid'] );
|
||||
|
||||
check_admin_referer( "deactivate_user{$user_id}" );
|
||||
|
||||
$redirect = wp_get_referer();
|
||||
if ( UM()->common()->users()->can_current_user_edit_user( $user_id ) ) {
|
||||
$result = UM()->common()->users()->deactivate( $user_id );
|
||||
if ( $result ) {
|
||||
$redirect = add_query_arg(
|
||||
array(
|
||||
'update' => 'um_deactivate',
|
||||
'deactivated_count' => 1,
|
||||
),
|
||||
$redirect
|
||||
);
|
||||
}
|
||||
}
|
||||
wp_safe_redirect( $redirect );
|
||||
exit;
|
||||
}
|
||||
}
|
||||
wp_safe_redirect( $redirect );
|
||||
exit;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Extends an array of actions with the predefined user actions.
|
||||
*
|
||||
* @param array $actions The original array of actions to extend.
|
||||
*
|
||||
* @return array The extended array containing additional user actions.
|
||||
*/
|
||||
public function extends_individual_nonce_actions( $actions ) {
|
||||
$actions[] = 'approve_user';
|
||||
$actions[] = 'reactivate_user';
|
||||
$actions[] = 'put_user_as_pending';
|
||||
$actions[] = 'resend_user_activation';
|
||||
$actions[] = 'reject_user';
|
||||
$actions[] = 'deactivate_user';
|
||||
return $actions;
|
||||
return array_merge( $actions, self::USER_ACTIONS );
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
+2
-2
@@ -3,10 +3,10 @@ Author URI: https://ultimatemember.com/
|
||||
Plugin URI: https://ultimatemember.com/
|
||||
Contributors: ultimatemember, champsupertramp, nsinelnikov
|
||||
Tags: community, member, membership, user-profile, user-registration
|
||||
Requires PHP: 5.6
|
||||
Requires PHP: 7.0
|
||||
Requires at least: 6.2
|
||||
Tested up to: 6.7
|
||||
Stable tag: 2.9.2
|
||||
Stable tag: 2.9.3
|
||||
License: GPLv3
|
||||
License URI: http://www.gnu.org/licenses/gpl-3.0.txt
|
||||
|
||||
|
||||
+2
-2
@@ -3,13 +3,13 @@
|
||||
* Plugin Name: Ultimate Member
|
||||
* Plugin URI: http://ultimatemember.com/
|
||||
* Description: The easiest way to create powerful online communities and beautiful user profiles with WordPress
|
||||
* Version: 2.9.3-alpha
|
||||
* Version: 2.9.3
|
||||
* Author: Ultimate Member
|
||||
* Author URI: http://ultimatemember.com/
|
||||
* Text Domain: ultimate-member
|
||||
* Domain Path: /languages
|
||||
* Requires at least: 6.2
|
||||
* Requires PHP: 5.6
|
||||
* Requires PHP: 7.0
|
||||
*
|
||||
* @package UM
|
||||
*/
|
||||
|
||||
Reference in New Issue
Block a user