From 53b0d479c804cead90194fce5957fb88d68ca68d Mon Sep 17 00:00:00 2001 From: Mykyta Synelnikov Date: Wed, 18 Jun 2025 14:28:38 +0300 Subject: [PATCH] Ensure email validation handles primary and secondary emails. Added checks to enforce primary email requirement and prevent secondary email duplication with the primary email. Improved user lookup for unique email verification using meta queries. --- includes/core/um-actions-form.php | 21 +++++++++++++++++---- 1 file changed, 17 insertions(+), 4 deletions(-) diff --git a/includes/core/um-actions-form.php b/includes/core/um-actions-form.php index 097ab0c4..f89e9480 100644 --- a/includes/core/um-actions-form.php +++ b/includes/core/um-actions-form.php @@ -923,6 +923,7 @@ function um_submit_form_errors_hook_( $submitted_data, $form_data ) { $email_exists = email_exists( $submitted_data[ $key ] ); if ( '' === $submitted_data[ $key ] ) { + // Primary email should be required everytime. UM()->form()->add_error( $key, __( 'You must provide your email', 'ultimate-member' ) ); } elseif ( 'register' === $mode && $email_exists ) { UM()->form()->add_error( $key, __( 'The email you entered is incorrect', 'ultimate-member' ) ); @@ -936,16 +937,28 @@ function um_submit_form_errors_hook_( $submitted_data, $form_data ) { break; } - if ( '' === $submitted_data[ $key ] ) { + if ( ! empty( $array['required'] ) && '' === $submitted_data[ $key ] ) { UM()->form()->add_error( $key, __( 'You must provide your email', 'ultimate-member' ) ); } elseif ( ! is_email( $submitted_data[ $key ] ) || email_exists( $submitted_data[ $key ] ) ) { UM()->form()->add_error( $key, __( 'The email you entered is incorrect', 'ultimate-member' ) ); + } elseif ( 'secondary_user_email' === $key && ! empty( $submitted_data[ $key ] ) && ! empty( $submitted_data['user_email'] ) && $submitted_data[ $key ] === $submitted_data['user_email'] ) { + UM()->form()->add_error( $key, __( 'The secondary email cannot be the same as primary', 'ultimate-member' ) ); } else { // There we have valid and unique user_email. But need to check in usermeta table for other users. - $users = get_users( 'meta_value=' . $submitted_data[ $key ] ); - foreach ( $users as $user ) { - if ( $user->ID !== $submitted_data['user_id'] ) { + $args = array( + 'meta_query' => array( + array( + 'key' => $key, + 'value' => sanitize_email( $submitted_data[ $key ] ), + ), + ), + ); + + $the_similar_users = get_users( $args ); + foreach ( $the_similar_users as $user ) { + if ( empty( $submitted_data['user_id'] ) || $user->ID !== $submitted_data['user_id'] ) { UM()->form()->add_error( $key, __( 'The email you entered is incorrect', 'ultimate-member' ) ); + break; } } }