mirror of
https://github.com/10h30/ultimatemember.git
synced 2026-07-17 13:43:38 +09:00
- Added: Ability for the integration with Gutenberg Block restriction settings (extends the block restriction settings via 3rd-party plugins);
- Added: Invalid nonce validation on Login and Registration pages instead of wp_die()
This commit is contained in:
@@ -1394,6 +1394,9 @@ if ( ! class_exists( 'um\core\Access' ) ) {
|
||||
}
|
||||
}
|
||||
} else {
|
||||
$display = true;
|
||||
|
||||
// What roles can access this content?
|
||||
if ( ! empty( $block['attrs']['um_roles_access'] ) ) {
|
||||
$display = false;
|
||||
foreach ( $block['attrs']['um_roles_access'] as $role ) {
|
||||
@@ -1401,15 +1404,17 @@ if ( ! class_exists( 'um\core\Access' ) ) {
|
||||
$display = true;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if ( ! $display ) {
|
||||
$block_content = '';
|
||||
if ( isset( $block['attrs']['um_message_type'] ) ) {
|
||||
if ( $block['attrs']['um_message_type'] == '1' ) {
|
||||
$block_content = $default_message;
|
||||
} elseif ( $block['attrs']['um_message_type'] == '2' ) {
|
||||
$block_content = $block['attrs']['um_message_content'];
|
||||
}
|
||||
$display = apply_filters( 'um_loggedin_block_restriction', $display, $block );
|
||||
|
||||
if ( ! $display ) {
|
||||
$block_content = '';
|
||||
if ( isset( $block['attrs']['um_message_type'] ) ) {
|
||||
if ( $block['attrs']['um_message_type'] == '1' ) {
|
||||
$block_content = $default_message;
|
||||
} elseif ( $block['attrs']['um_message_type'] == '2' ) {
|
||||
$block_content = $block['attrs']['um_message_content'];
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -439,7 +439,7 @@ if ( ! class_exists( 'um\core\Form' ) ) {
|
||||
}
|
||||
|
||||
if ( isset( $_POST[ UM()->honeypot ] ) && $_POST[ UM()->honeypot ] != '' ) {
|
||||
wp_die( 'Hello, spam bot!', 'ultimate-member' );
|
||||
wp_die( __( 'Hello, spam bot!', 'ultimate-member' ) );
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -75,7 +75,8 @@ if ( ! class_exists( 'um\core\Login' ) ) {
|
||||
}
|
||||
|
||||
if ( ! wp_verify_nonce( $args['_wpnonce'], 'um_login_form' ) || empty( $args['_wpnonce'] ) || ! isset( $args['_wpnonce'] ) ) {
|
||||
wp_die( __( 'Invalid Nonce.', 'ultimate-member' ) );
|
||||
$url = apply_filters( 'um_login_invalid_nonce_redirect_url', add_query_arg( [ 'err' => 'invalid_nonce' ] ) );
|
||||
exit( wp_redirect( $url ) );
|
||||
}
|
||||
|
||||
return $args;
|
||||
|
||||
@@ -445,7 +445,7 @@ if ( ! class_exists( 'um\core\Password' ) ) {
|
||||
function um_reset_password_errors_hook( $args ) {
|
||||
|
||||
if ( $_POST[ UM()->honeypot ] != '' ) {
|
||||
wp_die( 'Hello, spam bot!', 'ultimate-member' );
|
||||
wp_die( __( 'Hello, spam bot!', 'ultimate-member' ) );
|
||||
}
|
||||
|
||||
$user = "";
|
||||
@@ -527,7 +527,7 @@ if ( ! class_exists( 'um\core\Password' ) ) {
|
||||
*/
|
||||
function um_change_password_errors_hook( $args ) {
|
||||
if ( isset( $_POST[ UM()->honeypot ] ) && $_POST[ UM()->honeypot ] != '' ) {
|
||||
wp_die( 'Hello, spam bot!', 'ultimate-member' );
|
||||
wp_die( __( 'Hello, spam bot!', 'ultimate-member' ) );
|
||||
}
|
||||
|
||||
if ( ! is_user_logged_in() && isset( $args ) && ! um_is_core_page( 'password-reset' ) ||
|
||||
|
||||
@@ -68,7 +68,8 @@ if ( ! class_exists( 'um\core\Register' ) ) {
|
||||
}
|
||||
|
||||
if ( ! wp_verify_nonce( $args['_wpnonce'], 'um_register_form' ) || empty( $args['_wpnonce'] ) || ! isset( $args['_wpnonce'] ) ) {
|
||||
wp_die( __( 'Invalid Nonce.', 'ultimate-member' ) );
|
||||
$url = apply_filters( 'um_register_invalid_nonce_redirect_url', add_query_arg( [ 'err' => 'invalid_nonce' ] ) );
|
||||
exit( wp_redirect( $url ) );
|
||||
}
|
||||
|
||||
return $args;
|
||||
|
||||
@@ -837,4 +837,20 @@ function um_submit_form_errors_hook_( $args ) {
|
||||
} // end if ( isset in args array )
|
||||
}
|
||||
}
|
||||
add_action( 'um_submit_form_errors_hook_', 'um_submit_form_errors_hook_', 10 );
|
||||
add_action( 'um_submit_form_errors_hook_', 'um_submit_form_errors_hook_', 10 );
|
||||
|
||||
|
||||
/**
|
||||
* @param string $url
|
||||
*
|
||||
* @return string
|
||||
*/
|
||||
function um_invalid_nonce_redirect_url( $url ) {
|
||||
$url = add_query_arg( [
|
||||
'um-hash' => substr( md5( rand() ), 0, 6 ),
|
||||
], remove_query_arg( 'um-hash', $url ) );
|
||||
|
||||
return $url;
|
||||
}
|
||||
add_filter( 'um_login_invalid_nonce_redirect_url', 'um_invalid_nonce_redirect_url', 10, 1 );
|
||||
add_filter( 'um_register_invalid_nonce_redirect_url', 'um_invalid_nonce_redirect_url', 10, 1 );
|
||||
@@ -186,6 +186,10 @@ function um_add_update_notice( $args ) {
|
||||
$err = __( 'Your membership request has been rejected.', 'ultimate-member' );
|
||||
break;
|
||||
|
||||
case 'invalid_nonce':
|
||||
$err = __( 'An error has been encountered. Probably page was cached. Please try again.', 'ultimate-member' );
|
||||
break;
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user