- fixed: PHP notices and warnings

- fixed: security vulnerability with User Account page and password field
This commit is contained in:
nikitasinelnikov
2021-03-03 13:13:44 +02:00
parent 16bdc0cf9c
commit 5740bc637d
7 changed files with 34 additions and 6 deletions
@@ -146,7 +146,7 @@ if ( ! class_exists( 'um\core\External_Integrations' ) ) {
*/
function forumwp_fix() {
if ( function_exists( 'FMWP' ) ) {
remove_filter( 'single_template', array( FMWP()->shortcodes(), 'cpt_template' ) );
remove_filter( 'single_template', array( FMWP()->frontend()->shortcodes(), 'cpt_template' ) );
}
}
+3
View File
@@ -3741,11 +3741,14 @@ if ( ! class_exists( 'um\core\Fields' ) ) {
$sort_col = array();
foreach ( $arr as $key => $row ) {
if ( $key == 'form_id' ) {
unset( $arr['form_id'] );
continue;
}
if ( isset( $row[ $col ] ) ) {
$sort_col[ $key ] = $row[ $col ];
} else {
unset( $arr[ $key ] );
}
}
+4
View File
@@ -276,6 +276,10 @@ function um_submit_account_details( $args ) {
continue;
}
if ( $k == 'single_user_password' ) {
continue;
}
$changes[ $k ] = $v;
}
+13
View File
@@ -441,7 +441,20 @@ function um_get_custom_field_array( $array, $fields ) {
if ( ! empty( $array['conditions'] ) ) {
foreach ( $array['conditions'] as $key => $value ) {
if ( ! isset( $value[1] ) ) {
continue;
}
if ( empty( $fields[ $value[1] ] ) ) {
continue;
}
if ( empty( $fields[ $value[1] ]['metakey'] ) ) {
continue;
}
$condition_metakey = $fields[ $value[1] ]['metakey'];
if ( isset( $_POST[ $condition_metakey ] ) ) {
$cond_value = ( $fields[ $value[1] ]['type'] == 'radio' ) ? $_POST[ $condition_metakey ][0] : $_POST[ $condition_metakey ];
list( $visibility, $parent_key, $op, $parent_value ) = $value;
+9 -3
View File
@@ -1555,8 +1555,14 @@ function um_can_view_field( $data ) {
if ( ! is_user_logged_in() ) {
$can_view = false;
} else {
if ( ! um_is_user_himself() && ( empty( $current_user_roles ) || ( ! empty( $data['roles'] ) && count( array_intersect( $current_user_roles, $data['roles'] ) ) <= 0 ) ) ) {
$can_view = false;
if ( ! um_is_core_page( 'profile' ) ) {
if ( empty( $current_user_roles ) || ( ! empty( $data['roles'] ) && count( array_intersect( $current_user_roles, $data['roles'] ) ) <= 0 ) ) {
$can_view = false;
}
} else {
if ( ! um_is_user_himself() && ( empty( $current_user_roles ) || ( ! empty( $data['roles'] ) && count( array_intersect( $current_user_roles, $data['roles'] ) ) <= 0 ) ) ) {
$can_view = false;
}
}
}
break;
@@ -1885,7 +1891,7 @@ function um_youtube_id_from_url( $url ) {
([\w-]{10,12}) # Allow 10-12 for 11 char youtube id.
$%x';
$result = preg_match( $pattern, $url, $matches );
if (false !== $result) {
if ( false !== $result && isset( $matches[1] ) ) {
return $matches[1];
}
+3 -1
View File
@@ -155,9 +155,11 @@ The plugin works with popular caching plugins by automatically excluding Ultimat
* To learn more about version 2.1 please see this [docs](https://docs.ultimatemember.com/article/1512-upgrade-2-1-0)
* UM2.1+ is a significant update to the Member Directories' code base from 2.0.x. Please make sure you take a full-site backup with restore point before updating the plugin
= 2.1.16: March xx, 2021 =
= 2.1.16: March 9, 2021 =
* Bugfixes:
- Fixed PHP notices and warnings
- Fixed security vulnerability with User Account page and password field
- Fixed user creating without username but based on first+last name with not-ASCII symbols
= 2.1.15: December 24, 2020 =
+1 -1
View File
@@ -3,7 +3,7 @@
Plugin Name: Ultimate Member
Plugin URI: http://ultimatemember.com/
Description: The easiest way to create powerful online communities and beautiful user profiles with WordPress
Version: 2.1.16-alpha1
Version: 2.1.16-beta1
Author: Ultimate Member
Author URI: http://ultimatemember.com/
Text Domain: ultimate-member