Update PHP requirement and improve user action handling

Raised minimum PHP version to 7.0 and finalized the plugin version to 2.9.3. Introduced a centralized user actions array and replaced 'manage_options' capability with 'edit_users' for better permission handling. Optimized the nonce actions extension method for cleaner code.

* reviewed #1619
This commit is contained in:
Mykyta Synelnikov
2025-02-12 18:25:26 +02:00
parent c3755baa16
commit 3ada6c71d9
3 changed files with 170 additions and 144 deletions
+166 -140
View File
@@ -14,6 +14,24 @@ if ( ! class_exists( 'um\admin\Actions_Listener' ) ) {
*/
class Actions_Listener {
/**
* USER_ACTIONS array containing different actions for managing users:
* - approve_user: Approve a user
* - reactivate_user: Reactivate a user account
* - put_user_as_pending: Set a user as pending
* - resend_user_activation: Resend activation email to a user
* - reject_user: Reject a user
* - deactivate_user: Deactivate a user account
*/
const USER_ACTIONS = array(
'approve_user',
'reactivate_user',
'put_user_as_pending',
'resend_user_activation',
'reject_user',
'deactivate_user',
);
/**
* Actions_Listener constructor.
*/
@@ -26,171 +44,179 @@ if ( ! class_exists( 'um\admin\Actions_Listener' ) ) {
* Handle wp-admin actions
*
* @since 2.8.7
* @since 2.9.3 User should have 'edit_users' capability instead of 'manage_options'.
*/
public function actions_listener() {
if ( ! current_user_can( 'manage_options' ) ) {
// phpcs:disable WordPress.Security.NonceVerification -- there is nonce verification below for each case
if ( empty( $_REQUEST['um_adm_action'] ) ) {
return;
}
if ( ! empty( $_REQUEST['um_adm_action'] ) ) {
switch ( sanitize_key( $_REQUEST['um_adm_action'] ) ) { // phpcs:ignore WordPress.Security.NonceVerification -- there is nonce verification below for each case
case 'approve_user':
if ( empty( $_REQUEST['uid'] ) || ! is_numeric( $_REQUEST['uid'] ) ) {
die( esc_html__( 'Invalid user ID', 'ultimate-member' ) );
$action = sanitize_key( $_REQUEST['um_adm_action'] );
// phpcs:enable WordPress.Security.NonceVerification -- there is nonce verification below for each case
if ( in_array( $action, self::USER_ACTIONS, true ) && ! current_user_can( 'edit_users' ) ) {
return;
}
switch ( $action ) {
case 'approve_user':
if ( empty( $_REQUEST['uid'] ) || ! is_numeric( $_REQUEST['uid'] ) ) {
die( esc_html__( 'Invalid user ID', 'ultimate-member' ) );
}
$user_id = absint( $_REQUEST['uid'] );
check_admin_referer( "approve_user{$user_id}" );
$redirect = wp_get_referer();
if ( UM()->common()->users()->can_current_user_edit_user( $user_id ) ) {
$result = UM()->common()->users()->approve( $user_id );
if ( $result ) {
$redirect = add_query_arg(
array(
'update' => 'um_approved',
'approved_count' => 1,
),
$redirect
);
}
}
$user_id = absint( $_REQUEST['uid'] );
wp_safe_redirect( $redirect );
exit;
case 'reactivate_user':
if ( empty( $_REQUEST['uid'] ) || ! is_numeric( $_REQUEST['uid'] ) ) {
die( esc_html__( 'Invalid user ID', 'ultimate-member' ) );
}
check_admin_referer( "approve_user{$user_id}" );
$user_id = absint( $_REQUEST['uid'] );
$redirect = wp_get_referer();
if ( UM()->common()->users()->can_current_user_edit_user( $user_id ) ) {
$result = UM()->common()->users()->approve( $user_id );
if ( $result ) {
$redirect = add_query_arg(
array(
'update' => 'um_approved',
'approved_count' => 1,
),
$redirect
);
}
check_admin_referer( "reactivate_user{$user_id}" );
$redirect = wp_get_referer();
if ( UM()->common()->users()->can_current_user_edit_user( $user_id ) ) {
$result = UM()->common()->users()->reactivate( $user_id );
if ( $result ) {
$redirect = add_query_arg(
array(
'update' => 'um_reactivated',
'reactivated_count' => 1,
),
$redirect
);
}
}
wp_safe_redirect( $redirect );
exit;
case 'put_user_as_pending':
if ( empty( $_REQUEST['uid'] ) || ! is_numeric( $_REQUEST['uid'] ) ) {
die( esc_html__( 'Invalid user ID', 'ultimate-member' ) );
}
wp_safe_redirect( $redirect );
exit;
case 'reactivate_user':
if ( empty( $_REQUEST['uid'] ) || ! is_numeric( $_REQUEST['uid'] ) ) {
die( esc_html__( 'Invalid user ID', 'ultimate-member' ) );
$user_id = absint( $_REQUEST['uid'] );
check_admin_referer( "put_user_as_pending{$user_id}" );
$redirect = wp_get_referer();
if ( UM()->common()->users()->can_current_user_edit_user( $user_id ) ) {
$result = UM()->common()->users()->set_as_pending( $user_id );
if ( $result ) {
$redirect = add_query_arg(
array(
'update' => 'um_pending',
'pending_count' => 1,
),
$redirect
);
}
}
wp_safe_redirect( $redirect );
exit;
case 'resend_user_activation':
if ( empty( $_REQUEST['uid'] ) || ! is_numeric( $_REQUEST['uid'] ) ) {
die( esc_html__( 'Invalid user ID', 'ultimate-member' ) );
}
$user_id = absint( $_REQUEST['uid'] );
$user_id = absint( $_REQUEST['uid'] );
check_admin_referer( "reactivate_user{$user_id}" );
check_admin_referer( "resend_user_activation{$user_id}" );
$redirect = wp_get_referer();
if ( UM()->common()->users()->can_current_user_edit_user( $user_id ) ) {
$result = UM()->common()->users()->reactivate( $user_id );
if ( $result ) {
$redirect = add_query_arg(
array(
'update' => 'um_reactivated',
'reactivated_count' => 1,
),
$redirect
);
}
$redirect = wp_get_referer();
if ( UM()->common()->users()->can_current_user_edit_user( $user_id ) ) {
$result = UM()->common()->users()->send_activation( $user_id, true );
if ( $result ) {
$redirect = add_query_arg(
array(
'update' => 'um_resend_activation',
'resend_activation_count' => 1,
),
$redirect
);
}
wp_safe_redirect( $redirect );
exit;
case 'put_user_as_pending':
if ( empty( $_REQUEST['uid'] ) || ! is_numeric( $_REQUEST['uid'] ) ) {
die( esc_html__( 'Invalid user ID', 'ultimate-member' ) );
}
wp_safe_redirect( $redirect );
exit;
case 'reject_user':
if ( empty( $_REQUEST['uid'] ) || ! is_numeric( $_REQUEST['uid'] ) ) {
die( esc_html__( 'Invalid user ID', 'ultimate-member' ) );
}
$user_id = absint( $_REQUEST['uid'] );
check_admin_referer( "reject_user{$user_id}" );
$redirect = wp_get_referer();
if ( UM()->common()->users()->can_current_user_edit_user( $user_id ) ) {
$result = UM()->common()->users()->reject( $user_id );
if ( $result ) {
$redirect = add_query_arg(
array(
'update' => 'um_rejected',
'rejected_count' => 1,
),
$redirect
);
}
}
wp_safe_redirect( $redirect );
exit;
case 'deactivate_user':
if ( empty( $_REQUEST['uid'] ) || ! is_numeric( $_REQUEST['uid'] ) ) {
die( esc_html__( 'Invalid user ID', 'ultimate-member' ) );
}
$user_id = absint( $_REQUEST['uid'] );
$user_id = absint( $_REQUEST['uid'] );
check_admin_referer( "put_user_as_pending{$user_id}" );
check_admin_referer( "deactivate_user{$user_id}" );
$redirect = wp_get_referer();
if ( UM()->common()->users()->can_current_user_edit_user( $user_id ) ) {
$result = UM()->common()->users()->set_as_pending( $user_id );
if ( $result ) {
$redirect = add_query_arg(
array(
'update' => 'um_pending',
'pending_count' => 1,
),
$redirect
);
}
$redirect = wp_get_referer();
if ( UM()->common()->users()->can_current_user_edit_user( $user_id ) ) {
$result = UM()->common()->users()->deactivate( $user_id );
if ( $result ) {
$redirect = add_query_arg(
array(
'update' => 'um_deactivate',
'deactivated_count' => 1,
),
$redirect
);
}
wp_safe_redirect( $redirect );
exit;
case 'resend_user_activation':
if ( empty( $_REQUEST['uid'] ) || ! is_numeric( $_REQUEST['uid'] ) ) {
die( esc_html__( 'Invalid user ID', 'ultimate-member' ) );
}
$user_id = absint( $_REQUEST['uid'] );
check_admin_referer( "resend_user_activation{$user_id}" );
$redirect = wp_get_referer();
if ( UM()->common()->users()->can_current_user_edit_user( $user_id ) ) {
$result = UM()->common()->users()->send_activation( $user_id, true );
if ( $result ) {
$redirect = add_query_arg(
array(
'update' => 'um_resend_activation',
'resend_activation_count' => 1,
),
$redirect
);
}
}
wp_safe_redirect( $redirect );
exit;
case 'reject_user':
if ( empty( $_REQUEST['uid'] ) || ! is_numeric( $_REQUEST['uid'] ) ) {
die( esc_html__( 'Invalid user ID', 'ultimate-member' ) );
}
$user_id = absint( $_REQUEST['uid'] );
check_admin_referer( "reject_user{$user_id}" );
$redirect = wp_get_referer();
if ( UM()->common()->users()->can_current_user_edit_user( $user_id ) ) {
$result = UM()->common()->users()->reject( $user_id );
if ( $result ) {
$redirect = add_query_arg(
array(
'update' => 'um_rejected',
'rejected_count' => 1,
),
$redirect
);
}
}
wp_safe_redirect( $redirect );
exit;
case 'deactivate_user':
if ( empty( $_REQUEST['uid'] ) || ! is_numeric( $_REQUEST['uid'] ) ) {
die( esc_html__( 'Invalid user ID', 'ultimate-member' ) );
}
$user_id = absint( $_REQUEST['uid'] );
check_admin_referer( "deactivate_user{$user_id}" );
$redirect = wp_get_referer();
if ( UM()->common()->users()->can_current_user_edit_user( $user_id ) ) {
$result = UM()->common()->users()->deactivate( $user_id );
if ( $result ) {
$redirect = add_query_arg(
array(
'update' => 'um_deactivate',
'deactivated_count' => 1,
),
$redirect
);
}
}
wp_safe_redirect( $redirect );
exit;
}
}
wp_safe_redirect( $redirect );
exit;
}
}
/**
* Extends an array of actions with the predefined user actions.
*
* @param array $actions The original array of actions to extend.
*
* @return array The extended array containing additional user actions.
*/
public function extends_individual_nonce_actions( $actions ) {
$actions[] = 'approve_user';
$actions[] = 'reactivate_user';
$actions[] = 'put_user_as_pending';
$actions[] = 'resend_user_activation';
$actions[] = 'reject_user';
$actions[] = 'deactivate_user';
return $actions;
return array_merge( $actions, self::USER_ACTIONS );
}
}
}
+2 -2
View File
@@ -3,10 +3,10 @@ Author URI: https://ultimatemember.com/
Plugin URI: https://ultimatemember.com/
Contributors: ultimatemember, champsupertramp, nsinelnikov
Tags: community, member, membership, user-profile, user-registration
Requires PHP: 5.6
Requires PHP: 7.0
Requires at least: 6.2
Tested up to: 6.7
Stable tag: 2.9.2
Stable tag: 2.9.3
License: GPLv3
License URI: http://www.gnu.org/licenses/gpl-3.0.txt
+2 -2
View File
@@ -3,13 +3,13 @@
* Plugin Name: Ultimate Member
* Plugin URI: http://ultimatemember.com/
* Description: The easiest way to create powerful online communities and beautiful user profiles with WordPress
* Version: 2.9.3-alpha
* Version: 2.9.3
* Author: Ultimate Member
* Author URI: http://ultimatemember.com/
* Text Domain: ultimate-member
* Domain Path: /languages
* Requires at least: 6.2
* Requires PHP: 5.6
* Requires PHP: 7.0
*
* @package UM
*/