Update PHP requirement and improve user action handling

Raised minimum PHP version to 7.0 and finalized the plugin version to 2.9.3. Introduced a centralized user actions array and replaced 'manage_options' capability with 'edit_users' for better permission handling. Optimized the nonce actions extension method for cleaner code.

* reviewed #1619
This commit is contained in:
Mykyta Synelnikov
2025-02-12 18:25:26 +02:00
parent c3755baa16
commit 3ada6c71d9
3 changed files with 170 additions and 144 deletions
+37 -11
View File
@@ -14,6 +14,24 @@ if ( ! class_exists( 'um\admin\Actions_Listener' ) ) {
*/
class Actions_Listener {
/**
* USER_ACTIONS array containing different actions for managing users:
* - approve_user: Approve a user
* - reactivate_user: Reactivate a user account
* - put_user_as_pending: Set a user as pending
* - resend_user_activation: Resend activation email to a user
* - reject_user: Reject a user
* - deactivate_user: Deactivate a user account
*/
const USER_ACTIONS = array(
'approve_user',
'reactivate_user',
'put_user_as_pending',
'resend_user_activation',
'reject_user',
'deactivate_user',
);
/**
* Actions_Listener constructor.
*/
@@ -26,14 +44,22 @@ if ( ! class_exists( 'um\admin\Actions_Listener' ) ) {
* Handle wp-admin actions
*
* @since 2.8.7
* @since 2.9.3 User should have 'edit_users' capability instead of 'manage_options'.
*/
public function actions_listener() {
if ( ! current_user_can( 'manage_options' ) ) {
// phpcs:disable WordPress.Security.NonceVerification -- there is nonce verification below for each case
if ( empty( $_REQUEST['um_adm_action'] ) ) {
return;
}
if ( ! empty( $_REQUEST['um_adm_action'] ) ) {
switch ( sanitize_key( $_REQUEST['um_adm_action'] ) ) { // phpcs:ignore WordPress.Security.NonceVerification -- there is nonce verification below for each case
$action = sanitize_key( $_REQUEST['um_adm_action'] );
// phpcs:enable WordPress.Security.NonceVerification -- there is nonce verification below for each case
if ( in_array( $action, self::USER_ACTIONS, true ) && ! current_user_can( 'edit_users' ) ) {
return;
}
switch ( $action ) {
case 'approve_user':
if ( empty( $_REQUEST['uid'] ) || ! is_numeric( $_REQUEST['uid'] ) ) {
die( esc_html__( 'Invalid user ID', 'ultimate-member' ) );
@@ -181,16 +207,16 @@ if ( ! class_exists( 'um\admin\Actions_Listener' ) ) {
exit;
}
}
}
/**
* Extends an array of actions with the predefined user actions.
*
* @param array $actions The original array of actions to extend.
*
* @return array The extended array containing additional user actions.
*/
public function extends_individual_nonce_actions( $actions ) {
$actions[] = 'approve_user';
$actions[] = 'reactivate_user';
$actions[] = 'put_user_as_pending';
$actions[] = 'resend_user_activation';
$actions[] = 'reject_user';
$actions[] = 'deactivate_user';
return $actions;
return array_merge( $actions, self::USER_ACTIONS );
}
}
}
+2 -2
View File
@@ -3,10 +3,10 @@ Author URI: https://ultimatemember.com/
Plugin URI: https://ultimatemember.com/
Contributors: ultimatemember, champsupertramp, nsinelnikov
Tags: community, member, membership, user-profile, user-registration
Requires PHP: 5.6
Requires PHP: 7.0
Requires at least: 6.2
Tested up to: 6.7
Stable tag: 2.9.2
Stable tag: 2.9.3
License: GPLv3
License URI: http://www.gnu.org/licenses/gpl-3.0.txt
+2 -2
View File
@@ -3,13 +3,13 @@
* Plugin Name: Ultimate Member
* Plugin URI: http://ultimatemember.com/
* Description: The easiest way to create powerful online communities and beautiful user profiles with WordPress
* Version: 2.9.3-alpha
* Version: 2.9.3
* Author: Ultimate Member
* Author URI: http://ultimatemember.com/
* Text Domain: ultimate-member
* Domain Path: /languages
* Requires at least: 6.2
* Requires PHP: 5.6
* Requires PHP: 7.0
*
* @package UM
*/