diff --git a/core/um-form.php b/core/um-form.php index d043bec7..3ab76a6f 100644 --- a/core/um-form.php +++ b/core/um-form.php @@ -83,20 +83,21 @@ class UM_Form { $role = $this->assigned_role( $this->form_id ); - if ( isset( $this->form_data['role'] ) && ( (boolean) $this->form_data['role'] ) && isset( $_POST['role'] ) && $_POST['role'] != $role ) { - wp_die( __( 'This is not possible for security reasons.','ultimatemember') ); - } else { - if ( isset( $this->form_data['custom_fields'] ) && strstr( $this->form_data['custom_fields'], 'role_' ) ) { - // In this case, admin allowed users to choose a role during registration + if( $role ){ // has assigned role. Validate non-global forms + if ( isset( $this->form_data['role'] ) && ( (boolean) $this->form_data['role'] ) && isset( $_POST['role'] ) && $_POST['role'] != $role ) { + wp_die( __( 'This is not possible for security reasons.','ultimatemember') ); } else { - if ( isset( $_POST['role'] ) ) { - if ( $role != $_POST['role'] ) { - wp_die( __( 'This is not possible for security reasons.','ultimatemember') ); + if ( isset( $this->form_data['custom_fields'] ) && strstr( $this->form_data['custom_fields'], 'role_' ) ) { + // In this case, admin allowed users to choose a role during registration + } else { + if ( isset( $_POST['role'] ) ) { + if ( $role != $_POST['role'] ) { + wp_die( __( 'This is not possible for security reasons.','ultimatemember') ); + } } } } } - if ( isset( $_POST[ $ultimatemember->honeypot ] ) && $_POST[ $ultimatemember->honeypot ] != '' ) wp_die('Hello, spam bot!'); @@ -172,7 +173,7 @@ class UM_Form { $role = get_post_meta( $post_id, '_um_register_role', true ); if( ! $role ){ - $role = um_get_option('default_role'); + $role = false; } return $role; }