- Added: Ability for the integration with Gutenberg Block restriction settings (extends the block restriction settings via 3rd-party plugins);

- Added: Invalid nonce validation on Login and Registration pages instead of wp_die()
This commit is contained in:
nikitasinelnikov
2020-12-04 03:54:59 +02:00
parent d5bafa9c60
commit 5afebdd786
17 changed files with 145 additions and 89 deletions
+10 -1
View File
@@ -181,7 +181,7 @@
.um-admin-btn-content {
display: none;
padding: 10px 0 0 0;
padding: 5px 0 0 0;
}
.um-admin-btn-content p {
@@ -190,6 +190,15 @@
padding: 0 !important;
}
.um-admin-btn-content p.um-admin-conditions-notice {
width: 100%;
margin: 0 0 9px 0 !important;
}
.um-admin-btn-content .um-admin-cur-condition:not(:last-child) {
margin: 0 0 5px 0;
}
.dynamic-mce-content {display: none}
/*
+33 -24
View File
@@ -1,24 +1,24 @@
'use strict';
/**
* Add Control element
*/
var um_el = wp.element.createElement;
var um_components = wp.components,
umToggleControl = um_components.ToggleControl,
umSelectControl = um_components.SelectControl,
umTextareaControl = um_components.TextareaControl,
umPanelBody = um_components.PanelBody;
umTextareaControl = um_components.TextareaControl;
function um_admin_blocks_custom_fields( um_condition_fields, props ) {
return wp.hooks.applyFilters( 'um_admin_blocks_custom_fields', [], um_condition_fields, props );
}
var um_block_restriction = wp.compose.createHigherOrderComponent( function( BlockEdit ) {
var um_condition_fields = {
um_who_access:'um_block_settings_hide',
um_roles_access:'um_block_settings_hide',
um_message_type:'um_block_settings_hide',
um_message_content:'um_block_settings_hide'
um_who_access: 'um_block_settings_hide',
um_roles_access: 'um_block_settings_hide',
um_message_type: 'um_block_settings_hide',
um_message_content: 'um_block_settings_hide'
};
um_condition_fields = wp.hooks.applyFilters( 'um_admin_blocks_condition_fields_default', um_condition_fields );
return function( props ) {
if ( props.attributes.um_is_restrict !== true ) {
@@ -53,20 +53,22 @@ var um_block_restriction = wp.compose.createHigherOrderComponent( function( Bloc
}
}
return um_el(
um_condition_fields = wp.hooks.applyFilters( 'um_admin_blocks_condition_fields', um_condition_fields, props );
return wp.element.createElement(
wp.element.Fragment,
{},
um_el( BlockEdit, props ),
um_el(
wp.element.createElement( BlockEdit, props ),
wp.element.createElement(
wp.editor.InspectorControls,
{},
um_el(
umPanelBody,
wp.element.createElement(
wp.components.PanelBody,
{
title: wp.i18n.__( 'UM access Controls', 'ultimate-member' )
},
um_el(
umToggleControl,
wp.element.createElement(
wp.components.ToggleControl,
{
label: wp.i18n.__( 'Restrict access?', 'ultimate-member' ),
checked: props.attributes.um_is_restrict,
@@ -80,10 +82,12 @@ var um_block_restriction = wp.compose.createHigherOrderComponent( function( Bloc
} else {
um_condition_fields['um_who_access'] = '';
}
um_condition_fields = wp.hooks.applyFilters( 'um_admin_blocks_condition_fields_on_change', um_condition_fields, 'um_is_restrict', value );
}
}
),
um_el(
wp.element.createElement(
umSelectControl,
{
type: 'number',
@@ -117,10 +121,12 @@ var um_block_restriction = wp.compose.createHigherOrderComponent( function( Bloc
um_condition_fields['um_message_type'] = '';
um_condition_fields['um_roles_access'] = 'um_block_settings_hide';
}
um_condition_fields = wp.hooks.applyFilters( 'um_admin_blocks_condition_fields_on_change', um_condition_fields, 'um_who_access', value );
}
}
),
um_el(
wp.element.createElement(
umSelectControl,
{
multiple: true,
@@ -133,7 +139,7 @@ var um_block_restriction = wp.compose.createHigherOrderComponent( function( Bloc
}
}
),
um_el(
wp.element.createElement(
umSelectControl,
{
type: 'number',
@@ -164,7 +170,7 @@ var um_block_restriction = wp.compose.createHigherOrderComponent( function( Bloc
}
}
),
um_el(
wp.element.createElement(
umTextareaControl,
{
type: 'number',
@@ -175,7 +181,8 @@ var um_block_restriction = wp.compose.createHigherOrderComponent( function( Bloc
props.setAttributes({ um_message_content: value });
}
}
)
),
um_admin_blocks_custom_fields( um_condition_fields, props )
)
)
);
@@ -208,6 +215,8 @@ var um_block_restrict_settings = {
}
};
um_block_restrict_settings = wp.hooks.applyFilters( 'um_admin_blocks_restrict_settings', um_block_restrict_settings );
/**
*
+8 -5
View File
@@ -227,8 +227,16 @@ if ( ! class_exists( 'um\admin\core\Admin_Builder' ) ) {
<div class="um-admin-clear"></div>
</div>
<p class="um-admin-conditions-notice">
<small>
<?php _e( 'Use the condition operator `equals to` or `not equals` if the parent field has a single option.', 'ultimate-member' ); ?>
<br><?php _e( 'Use the condition operator `greater than` or `less than` if the parent field is a number.', 'ultimate-member' ); ?>
<br><?php _e( 'Use the condition operator `contains` if the parent field has multiple options.', 'ultimate-member' ); ?>
</small>
</p>
<p><a href="javascript:void(0);" class="um-admin-new-condition button button-primary um-admin-tipsy-n" title="Add new condition"><?php _e( 'Add new rule', 'ultimate-member' ); ?></a></p>
<p class="um-admin-reset-conditions"><a href="javascript:void(0);" class="button"><?php _e( 'Reset all rules', 'ultimate-member' ); ?></a></p>
<div class="um-admin-clear"></div>
<?php if ( isset( $edit_array['conditions'] ) && count( $edit_array['conditions'] ) != 0 ) {
@@ -267,11 +275,6 @@ if ( ! class_exists( 'um\admin\core\Admin_Builder' ) ) {
</div>
<?php } ?>
<small>
<br><?php _e( 'Use the condition operator `equals to` or `not equals` if the parent field has a single option.', 'ultimate-member' ); ?>
<br><?php _e( 'Use the condition operator `greater than` or `less than` if the parent field is a number.', 'ultimate-member' ); ?>
<br><?php _e( 'Use the condition operator `contains` if the parent field has multiple options.', 'ultimate-member' ); ?>
</small>
</div>
</div>
+1 -1
View File
@@ -437,7 +437,7 @@ if ( ! class_exists( 'um\admin\core\Admin_Enqueue' ) ) {
return;
}
wp_register_script( 'um_block_js', $this->js_url . 'um-admin-blocks.js', array( 'wp-i18n', 'wp-blocks', 'wp-components' ), ultimatemember_version, true );
wp_register_script( 'um_block_js', $this->js_url . 'um-admin-blocks.js', array( 'wp-i18n', 'wp-blocks', 'wp-components', 'wp-hooks' ), ultimatemember_version, true );
wp_set_script_translations( 'um_block_js', 'ultimate-member' );
$restrict_options = array();
+1 -1
View File
@@ -1703,7 +1703,7 @@ if ( ! class_exists( 'um\admin\core\Admin_Settings' ) ) {
if ( ( ! wp_verify_nonce( $nonce, 'um-settings-nonce' ) || empty( $nonce ) ) || ! current_user_can( 'manage_options' ) ) {
// This nonce is not valid.
wp_die( 'Security Check' );
wp_die( __( 'Security Check', 'ultimate-member' ) );
}
/**
+1 -1
View File
@@ -138,7 +138,7 @@ if ( ! class_exists( 'um\admin\core\Admin_Users' ) ) {
case 'um_delete':
if ( is_admin() ) {
wp_die( 'This action is not allowed in backend.', 'ultimate-member' );
wp_die( __( 'This action is not allowed in backend.', 'ultimate-member' ) );
}
UM()->user()->delete();
break;
+13 -8
View File
@@ -1394,6 +1394,9 @@ if ( ! class_exists( 'um\core\Access' ) ) {
}
}
} else {
$display = true;
// What roles can access this content?
if ( ! empty( $block['attrs']['um_roles_access'] ) ) {
$display = false;
foreach ( $block['attrs']['um_roles_access'] as $role ) {
@@ -1401,15 +1404,17 @@ if ( ! class_exists( 'um\core\Access' ) ) {
$display = true;
}
}
}
if ( ! $display ) {
$block_content = '';
if ( isset( $block['attrs']['um_message_type'] ) ) {
if ( $block['attrs']['um_message_type'] == '1' ) {
$block_content = $default_message;
} elseif ( $block['attrs']['um_message_type'] == '2' ) {
$block_content = $block['attrs']['um_message_content'];
}
$display = apply_filters( 'um_loggedin_block_restriction', $display, $block );
if ( ! $display ) {
$block_content = '';
if ( isset( $block['attrs']['um_message_type'] ) ) {
if ( $block['attrs']['um_message_type'] == '1' ) {
$block_content = $default_message;
} elseif ( $block['attrs']['um_message_type'] == '2' ) {
$block_content = $block['attrs']['um_message_content'];
}
}
}
+1 -1
View File
@@ -439,7 +439,7 @@ if ( ! class_exists( 'um\core\Form' ) ) {
}
if ( isset( $_POST[ UM()->honeypot ] ) && $_POST[ UM()->honeypot ] != '' ) {
wp_die( 'Hello, spam bot!', 'ultimate-member' );
wp_die( __( 'Hello, spam bot!', 'ultimate-member' ) );
}
/**
+2 -1
View File
@@ -75,7 +75,8 @@ if ( ! class_exists( 'um\core\Login' ) ) {
}
if ( ! wp_verify_nonce( $args['_wpnonce'], 'um_login_form' ) || empty( $args['_wpnonce'] ) || ! isset( $args['_wpnonce'] ) ) {
wp_die( __( 'Invalid Nonce.', 'ultimate-member' ) );
$url = apply_filters( 'um_login_invalid_nonce_redirect_url', add_query_arg( [ 'err' => 'invalid_nonce' ] ) );
exit( wp_redirect( $url ) );
}
return $args;
+2 -2
View File
@@ -445,7 +445,7 @@ if ( ! class_exists( 'um\core\Password' ) ) {
function um_reset_password_errors_hook( $args ) {
if ( $_POST[ UM()->honeypot ] != '' ) {
wp_die( 'Hello, spam bot!', 'ultimate-member' );
wp_die( __( 'Hello, spam bot!', 'ultimate-member' ) );
}
$user = "";
@@ -527,7 +527,7 @@ if ( ! class_exists( 'um\core\Password' ) ) {
*/
function um_change_password_errors_hook( $args ) {
if ( isset( $_POST[ UM()->honeypot ] ) && $_POST[ UM()->honeypot ] != '' ) {
wp_die( 'Hello, spam bot!', 'ultimate-member' );
wp_die( __( 'Hello, spam bot!', 'ultimate-member' ) );
}
if ( ! is_user_logged_in() && isset( $args ) && ! um_is_core_page( 'password-reset' ) ||
+2 -1
View File
@@ -68,7 +68,8 @@ if ( ! class_exists( 'um\core\Register' ) ) {
}
if ( ! wp_verify_nonce( $args['_wpnonce'], 'um_register_form' ) || empty( $args['_wpnonce'] ) || ! isset( $args['_wpnonce'] ) ) {
wp_die( __( 'Invalid Nonce.', 'ultimate-member' ) );
$url = apply_filters( 'um_register_invalid_nonce_redirect_url', add_query_arg( [ 'err' => 'invalid_nonce' ] ) );
exit( wp_redirect( $url ) );
}
return $args;
+17 -1
View File
@@ -837,4 +837,20 @@ function um_submit_form_errors_hook_( $args ) {
} // end if ( isset in args array )
}
}
add_action( 'um_submit_form_errors_hook_', 'um_submit_form_errors_hook_', 10 );
add_action( 'um_submit_form_errors_hook_', 'um_submit_form_errors_hook_', 10 );
/**
* @param string $url
*
* @return string
*/
function um_invalid_nonce_redirect_url( $url ) {
$url = add_query_arg( [
'um-hash' => substr( md5( rand() ), 0, 6 ),
], remove_query_arg( 'um-hash', $url ) );
return $url;
}
add_filter( 'um_login_invalid_nonce_redirect_url', 'um_invalid_nonce_redirect_url', 10, 1 );
add_filter( 'um_register_invalid_nonce_redirect_url', 'um_invalid_nonce_redirect_url', 10, 1 );
+4
View File
@@ -186,6 +186,10 @@ function um_add_update_notice( $args ) {
$err = __( 'Your membership request has been rejected.', 'ultimate-member' );
break;
case 'invalid_nonce':
$err = __( 'An error has been encountered. Probably page was cached. Please try again.', 'ultimate-member' );
break;
}
}