mirror of
https://github.com/10h30/ultimatemember.git
synced 2026-07-16 21:23:39 +09:00
- Added: Ability for the integration with Gutenberg Block restriction settings (extends the block restriction settings via 3rd-party plugins);
- Added: Invalid nonce validation on Login and Registration pages instead of wp_die()
This commit is contained in:
@@ -181,7 +181,7 @@
|
||||
|
||||
.um-admin-btn-content {
|
||||
display: none;
|
||||
padding: 10px 0 0 0;
|
||||
padding: 5px 0 0 0;
|
||||
}
|
||||
|
||||
.um-admin-btn-content p {
|
||||
@@ -190,6 +190,15 @@
|
||||
padding: 0 !important;
|
||||
}
|
||||
|
||||
.um-admin-btn-content p.um-admin-conditions-notice {
|
||||
width: 100%;
|
||||
margin: 0 0 9px 0 !important;
|
||||
}
|
||||
|
||||
.um-admin-btn-content .um-admin-cur-condition:not(:last-child) {
|
||||
margin: 0 0 5px 0;
|
||||
}
|
||||
|
||||
.dynamic-mce-content {display: none}
|
||||
|
||||
/*
|
||||
|
||||
@@ -1,24 +1,24 @@
|
||||
'use strict';
|
||||
|
||||
/**
|
||||
* Add Control element
|
||||
*/
|
||||
var um_el = wp.element.createElement;
|
||||
|
||||
var um_components = wp.components,
|
||||
umToggleControl = um_components.ToggleControl,
|
||||
umSelectControl = um_components.SelectControl,
|
||||
umTextareaControl = um_components.TextareaControl,
|
||||
umPanelBody = um_components.PanelBody;
|
||||
umTextareaControl = um_components.TextareaControl;
|
||||
|
||||
|
||||
function um_admin_blocks_custom_fields( um_condition_fields, props ) {
|
||||
return wp.hooks.applyFilters( 'um_admin_blocks_custom_fields', [], um_condition_fields, props );
|
||||
}
|
||||
|
||||
var um_block_restriction = wp.compose.createHigherOrderComponent( function( BlockEdit ) {
|
||||
var um_condition_fields = {
|
||||
um_who_access:'um_block_settings_hide',
|
||||
um_roles_access:'um_block_settings_hide',
|
||||
um_message_type:'um_block_settings_hide',
|
||||
um_message_content:'um_block_settings_hide'
|
||||
um_who_access: 'um_block_settings_hide',
|
||||
um_roles_access: 'um_block_settings_hide',
|
||||
um_message_type: 'um_block_settings_hide',
|
||||
um_message_content: 'um_block_settings_hide'
|
||||
};
|
||||
|
||||
um_condition_fields = wp.hooks.applyFilters( 'um_admin_blocks_condition_fields_default', um_condition_fields );
|
||||
|
||||
return function( props ) {
|
||||
|
||||
if ( props.attributes.um_is_restrict !== true ) {
|
||||
@@ -53,20 +53,22 @@ var um_block_restriction = wp.compose.createHigherOrderComponent( function( Bloc
|
||||
}
|
||||
}
|
||||
|
||||
return um_el(
|
||||
um_condition_fields = wp.hooks.applyFilters( 'um_admin_blocks_condition_fields', um_condition_fields, props );
|
||||
|
||||
return wp.element.createElement(
|
||||
wp.element.Fragment,
|
||||
{},
|
||||
um_el( BlockEdit, props ),
|
||||
um_el(
|
||||
wp.element.createElement( BlockEdit, props ),
|
||||
wp.element.createElement(
|
||||
wp.editor.InspectorControls,
|
||||
{},
|
||||
um_el(
|
||||
umPanelBody,
|
||||
wp.element.createElement(
|
||||
wp.components.PanelBody,
|
||||
{
|
||||
title: wp.i18n.__( 'UM access Controls', 'ultimate-member' )
|
||||
},
|
||||
um_el(
|
||||
umToggleControl,
|
||||
wp.element.createElement(
|
||||
wp.components.ToggleControl,
|
||||
{
|
||||
label: wp.i18n.__( 'Restrict access?', 'ultimate-member' ),
|
||||
checked: props.attributes.um_is_restrict,
|
||||
@@ -80,10 +82,12 @@ var um_block_restriction = wp.compose.createHigherOrderComponent( function( Bloc
|
||||
} else {
|
||||
um_condition_fields['um_who_access'] = '';
|
||||
}
|
||||
|
||||
um_condition_fields = wp.hooks.applyFilters( 'um_admin_blocks_condition_fields_on_change', um_condition_fields, 'um_is_restrict', value );
|
||||
}
|
||||
}
|
||||
),
|
||||
um_el(
|
||||
wp.element.createElement(
|
||||
umSelectControl,
|
||||
{
|
||||
type: 'number',
|
||||
@@ -117,10 +121,12 @@ var um_block_restriction = wp.compose.createHigherOrderComponent( function( Bloc
|
||||
um_condition_fields['um_message_type'] = '';
|
||||
um_condition_fields['um_roles_access'] = 'um_block_settings_hide';
|
||||
}
|
||||
|
||||
um_condition_fields = wp.hooks.applyFilters( 'um_admin_blocks_condition_fields_on_change', um_condition_fields, 'um_who_access', value );
|
||||
}
|
||||
}
|
||||
),
|
||||
um_el(
|
||||
wp.element.createElement(
|
||||
umSelectControl,
|
||||
{
|
||||
multiple: true,
|
||||
@@ -133,7 +139,7 @@ var um_block_restriction = wp.compose.createHigherOrderComponent( function( Bloc
|
||||
}
|
||||
}
|
||||
),
|
||||
um_el(
|
||||
wp.element.createElement(
|
||||
umSelectControl,
|
||||
{
|
||||
type: 'number',
|
||||
@@ -164,7 +170,7 @@ var um_block_restriction = wp.compose.createHigherOrderComponent( function( Bloc
|
||||
}
|
||||
}
|
||||
),
|
||||
um_el(
|
||||
wp.element.createElement(
|
||||
umTextareaControl,
|
||||
{
|
||||
type: 'number',
|
||||
@@ -175,7 +181,8 @@ var um_block_restriction = wp.compose.createHigherOrderComponent( function( Bloc
|
||||
props.setAttributes({ um_message_content: value });
|
||||
}
|
||||
}
|
||||
)
|
||||
),
|
||||
um_admin_blocks_custom_fields( um_condition_fields, props )
|
||||
)
|
||||
)
|
||||
);
|
||||
@@ -208,6 +215,8 @@ var um_block_restrict_settings = {
|
||||
}
|
||||
};
|
||||
|
||||
um_block_restrict_settings = wp.hooks.applyFilters( 'um_admin_blocks_restrict_settings', um_block_restrict_settings );
|
||||
|
||||
|
||||
/**
|
||||
*
|
||||
|
||||
@@ -227,8 +227,16 @@ if ( ! class_exists( 'um\admin\core\Admin_Builder' ) ) {
|
||||
|
||||
<div class="um-admin-clear"></div>
|
||||
</div>
|
||||
<p class="um-admin-conditions-notice">
|
||||
<small>
|
||||
<?php _e( 'Use the condition operator `equals to` or `not equals` if the parent field has a single option.', 'ultimate-member' ); ?>
|
||||
<br><?php _e( 'Use the condition operator `greater than` or `less than` if the parent field is a number.', 'ultimate-member' ); ?>
|
||||
<br><?php _e( 'Use the condition operator `contains` if the parent field has multiple options.', 'ultimate-member' ); ?>
|
||||
</small>
|
||||
</p>
|
||||
<p><a href="javascript:void(0);" class="um-admin-new-condition button button-primary um-admin-tipsy-n" title="Add new condition"><?php _e( 'Add new rule', 'ultimate-member' ); ?></a></p>
|
||||
<p class="um-admin-reset-conditions"><a href="javascript:void(0);" class="button"><?php _e( 'Reset all rules', 'ultimate-member' ); ?></a></p>
|
||||
|
||||
<div class="um-admin-clear"></div>
|
||||
|
||||
<?php if ( isset( $edit_array['conditions'] ) && count( $edit_array['conditions'] ) != 0 ) {
|
||||
@@ -267,11 +275,6 @@ if ( ! class_exists( 'um\admin\core\Admin_Builder' ) ) {
|
||||
</div>
|
||||
|
||||
<?php } ?>
|
||||
<small>
|
||||
<br><?php _e( 'Use the condition operator `equals to` or `not equals` if the parent field has a single option.', 'ultimate-member' ); ?>
|
||||
<br><?php _e( 'Use the condition operator `greater than` or `less than` if the parent field is a number.', 'ultimate-member' ); ?>
|
||||
<br><?php _e( 'Use the condition operator `contains` if the parent field has multiple options.', 'ultimate-member' ); ?>
|
||||
</small>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
|
||||
@@ -437,7 +437,7 @@ if ( ! class_exists( 'um\admin\core\Admin_Enqueue' ) ) {
|
||||
return;
|
||||
}
|
||||
|
||||
wp_register_script( 'um_block_js', $this->js_url . 'um-admin-blocks.js', array( 'wp-i18n', 'wp-blocks', 'wp-components' ), ultimatemember_version, true );
|
||||
wp_register_script( 'um_block_js', $this->js_url . 'um-admin-blocks.js', array( 'wp-i18n', 'wp-blocks', 'wp-components', 'wp-hooks' ), ultimatemember_version, true );
|
||||
wp_set_script_translations( 'um_block_js', 'ultimate-member' );
|
||||
|
||||
$restrict_options = array();
|
||||
|
||||
@@ -1703,7 +1703,7 @@ if ( ! class_exists( 'um\admin\core\Admin_Settings' ) ) {
|
||||
|
||||
if ( ( ! wp_verify_nonce( $nonce, 'um-settings-nonce' ) || empty( $nonce ) ) || ! current_user_can( 'manage_options' ) ) {
|
||||
// This nonce is not valid.
|
||||
wp_die( 'Security Check' );
|
||||
wp_die( __( 'Security Check', 'ultimate-member' ) );
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -138,7 +138,7 @@ if ( ! class_exists( 'um\admin\core\Admin_Users' ) ) {
|
||||
|
||||
case 'um_delete':
|
||||
if ( is_admin() ) {
|
||||
wp_die( 'This action is not allowed in backend.', 'ultimate-member' );
|
||||
wp_die( __( 'This action is not allowed in backend.', 'ultimate-member' ) );
|
||||
}
|
||||
UM()->user()->delete();
|
||||
break;
|
||||
|
||||
@@ -1394,6 +1394,9 @@ if ( ! class_exists( 'um\core\Access' ) ) {
|
||||
}
|
||||
}
|
||||
} else {
|
||||
$display = true;
|
||||
|
||||
// What roles can access this content?
|
||||
if ( ! empty( $block['attrs']['um_roles_access'] ) ) {
|
||||
$display = false;
|
||||
foreach ( $block['attrs']['um_roles_access'] as $role ) {
|
||||
@@ -1401,15 +1404,17 @@ if ( ! class_exists( 'um\core\Access' ) ) {
|
||||
$display = true;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if ( ! $display ) {
|
||||
$block_content = '';
|
||||
if ( isset( $block['attrs']['um_message_type'] ) ) {
|
||||
if ( $block['attrs']['um_message_type'] == '1' ) {
|
||||
$block_content = $default_message;
|
||||
} elseif ( $block['attrs']['um_message_type'] == '2' ) {
|
||||
$block_content = $block['attrs']['um_message_content'];
|
||||
}
|
||||
$display = apply_filters( 'um_loggedin_block_restriction', $display, $block );
|
||||
|
||||
if ( ! $display ) {
|
||||
$block_content = '';
|
||||
if ( isset( $block['attrs']['um_message_type'] ) ) {
|
||||
if ( $block['attrs']['um_message_type'] == '1' ) {
|
||||
$block_content = $default_message;
|
||||
} elseif ( $block['attrs']['um_message_type'] == '2' ) {
|
||||
$block_content = $block['attrs']['um_message_content'];
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -439,7 +439,7 @@ if ( ! class_exists( 'um\core\Form' ) ) {
|
||||
}
|
||||
|
||||
if ( isset( $_POST[ UM()->honeypot ] ) && $_POST[ UM()->honeypot ] != '' ) {
|
||||
wp_die( 'Hello, spam bot!', 'ultimate-member' );
|
||||
wp_die( __( 'Hello, spam bot!', 'ultimate-member' ) );
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -75,7 +75,8 @@ if ( ! class_exists( 'um\core\Login' ) ) {
|
||||
}
|
||||
|
||||
if ( ! wp_verify_nonce( $args['_wpnonce'], 'um_login_form' ) || empty( $args['_wpnonce'] ) || ! isset( $args['_wpnonce'] ) ) {
|
||||
wp_die( __( 'Invalid Nonce.', 'ultimate-member' ) );
|
||||
$url = apply_filters( 'um_login_invalid_nonce_redirect_url', add_query_arg( [ 'err' => 'invalid_nonce' ] ) );
|
||||
exit( wp_redirect( $url ) );
|
||||
}
|
||||
|
||||
return $args;
|
||||
|
||||
@@ -445,7 +445,7 @@ if ( ! class_exists( 'um\core\Password' ) ) {
|
||||
function um_reset_password_errors_hook( $args ) {
|
||||
|
||||
if ( $_POST[ UM()->honeypot ] != '' ) {
|
||||
wp_die( 'Hello, spam bot!', 'ultimate-member' );
|
||||
wp_die( __( 'Hello, spam bot!', 'ultimate-member' ) );
|
||||
}
|
||||
|
||||
$user = "";
|
||||
@@ -527,7 +527,7 @@ if ( ! class_exists( 'um\core\Password' ) ) {
|
||||
*/
|
||||
function um_change_password_errors_hook( $args ) {
|
||||
if ( isset( $_POST[ UM()->honeypot ] ) && $_POST[ UM()->honeypot ] != '' ) {
|
||||
wp_die( 'Hello, spam bot!', 'ultimate-member' );
|
||||
wp_die( __( 'Hello, spam bot!', 'ultimate-member' ) );
|
||||
}
|
||||
|
||||
if ( ! is_user_logged_in() && isset( $args ) && ! um_is_core_page( 'password-reset' ) ||
|
||||
|
||||
@@ -68,7 +68,8 @@ if ( ! class_exists( 'um\core\Register' ) ) {
|
||||
}
|
||||
|
||||
if ( ! wp_verify_nonce( $args['_wpnonce'], 'um_register_form' ) || empty( $args['_wpnonce'] ) || ! isset( $args['_wpnonce'] ) ) {
|
||||
wp_die( __( 'Invalid Nonce.', 'ultimate-member' ) );
|
||||
$url = apply_filters( 'um_register_invalid_nonce_redirect_url', add_query_arg( [ 'err' => 'invalid_nonce' ] ) );
|
||||
exit( wp_redirect( $url ) );
|
||||
}
|
||||
|
||||
return $args;
|
||||
|
||||
@@ -837,4 +837,20 @@ function um_submit_form_errors_hook_( $args ) {
|
||||
} // end if ( isset in args array )
|
||||
}
|
||||
}
|
||||
add_action( 'um_submit_form_errors_hook_', 'um_submit_form_errors_hook_', 10 );
|
||||
add_action( 'um_submit_form_errors_hook_', 'um_submit_form_errors_hook_', 10 );
|
||||
|
||||
|
||||
/**
|
||||
* @param string $url
|
||||
*
|
||||
* @return string
|
||||
*/
|
||||
function um_invalid_nonce_redirect_url( $url ) {
|
||||
$url = add_query_arg( [
|
||||
'um-hash' => substr( md5( rand() ), 0, 6 ),
|
||||
], remove_query_arg( 'um-hash', $url ) );
|
||||
|
||||
return $url;
|
||||
}
|
||||
add_filter( 'um_login_invalid_nonce_redirect_url', 'um_invalid_nonce_redirect_url', 10, 1 );
|
||||
add_filter( 'um_register_invalid_nonce_redirect_url', 'um_invalid_nonce_redirect_url', 10, 1 );
|
||||
@@ -186,6 +186,10 @@ function um_add_update_notice( $args ) {
|
||||
$err = __( 'Your membership request has been rejected.', 'ultimate-member' );
|
||||
break;
|
||||
|
||||
case 'invalid_nonce':
|
||||
$err = __( 'An error has been encountered. Probably page was cached. Please try again.', 'ultimate-member' );
|
||||
break;
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user