- Added: Ability for the integration with Gutenberg Block restriction settings (extends the block restriction settings via 3rd-party plugins);

- Added: Invalid nonce validation on Login and Registration pages instead of wp_die()
This commit is contained in:
nikitasinelnikov
2020-12-04 03:54:59 +02:00
parent d5bafa9c60
commit 5afebdd786
17 changed files with 145 additions and 89 deletions
+10 -1
View File
@@ -181,7 +181,7 @@
.um-admin-btn-content {
display: none;
padding: 10px 0 0 0;
padding: 5px 0 0 0;
}
.um-admin-btn-content p {
@@ -190,6 +190,15 @@
padding: 0 !important;
}
.um-admin-btn-content p.um-admin-conditions-notice {
width: 100%;
margin: 0 0 9px 0 !important;
}
.um-admin-btn-content .um-admin-cur-condition:not(:last-child) {
margin: 0 0 5px 0;
}
.dynamic-mce-content {display: none}
/*
+29 -20
View File
@@ -1,15 +1,13 @@
'use strict';
/**
* Add Control element
*/
var um_el = wp.element.createElement;
var um_components = wp.components,
umToggleControl = um_components.ToggleControl,
umSelectControl = um_components.SelectControl,
umTextareaControl = um_components.TextareaControl,
umPanelBody = um_components.PanelBody;
umTextareaControl = um_components.TextareaControl;
function um_admin_blocks_custom_fields( um_condition_fields, props ) {
return wp.hooks.applyFilters( 'um_admin_blocks_custom_fields', [], um_condition_fields, props );
}
var um_block_restriction = wp.compose.createHigherOrderComponent( function( BlockEdit ) {
var um_condition_fields = {
@@ -19,6 +17,8 @@ var um_block_restriction = wp.compose.createHigherOrderComponent( function( Bloc
um_message_content: 'um_block_settings_hide'
};
um_condition_fields = wp.hooks.applyFilters( 'um_admin_blocks_condition_fields_default', um_condition_fields );
return function( props ) {
if ( props.attributes.um_is_restrict !== true ) {
@@ -53,20 +53,22 @@ var um_block_restriction = wp.compose.createHigherOrderComponent( function( Bloc
}
}
return um_el(
um_condition_fields = wp.hooks.applyFilters( 'um_admin_blocks_condition_fields', um_condition_fields, props );
return wp.element.createElement(
wp.element.Fragment,
{},
um_el( BlockEdit, props ),
um_el(
wp.element.createElement( BlockEdit, props ),
wp.element.createElement(
wp.editor.InspectorControls,
{},
um_el(
umPanelBody,
wp.element.createElement(
wp.components.PanelBody,
{
title: wp.i18n.__( 'UM access Controls', 'ultimate-member' )
},
um_el(
umToggleControl,
wp.element.createElement(
wp.components.ToggleControl,
{
label: wp.i18n.__( 'Restrict access?', 'ultimate-member' ),
checked: props.attributes.um_is_restrict,
@@ -80,10 +82,12 @@ var um_block_restriction = wp.compose.createHigherOrderComponent( function( Bloc
} else {
um_condition_fields['um_who_access'] = '';
}
um_condition_fields = wp.hooks.applyFilters( 'um_admin_blocks_condition_fields_on_change', um_condition_fields, 'um_is_restrict', value );
}
}
),
um_el(
wp.element.createElement(
umSelectControl,
{
type: 'number',
@@ -117,10 +121,12 @@ var um_block_restriction = wp.compose.createHigherOrderComponent( function( Bloc
um_condition_fields['um_message_type'] = '';
um_condition_fields['um_roles_access'] = 'um_block_settings_hide';
}
um_condition_fields = wp.hooks.applyFilters( 'um_admin_blocks_condition_fields_on_change', um_condition_fields, 'um_who_access', value );
}
}
),
um_el(
wp.element.createElement(
umSelectControl,
{
multiple: true,
@@ -133,7 +139,7 @@ var um_block_restriction = wp.compose.createHigherOrderComponent( function( Bloc
}
}
),
um_el(
wp.element.createElement(
umSelectControl,
{
type: 'number',
@@ -164,7 +170,7 @@ var um_block_restriction = wp.compose.createHigherOrderComponent( function( Bloc
}
}
),
um_el(
wp.element.createElement(
umTextareaControl,
{
type: 'number',
@@ -175,7 +181,8 @@ var um_block_restriction = wp.compose.createHigherOrderComponent( function( Bloc
props.setAttributes({ um_message_content: value });
}
}
)
),
um_admin_blocks_custom_fields( um_condition_fields, props )
)
)
);
@@ -208,6 +215,8 @@ var um_block_restrict_settings = {
}
};
um_block_restrict_settings = wp.hooks.applyFilters( 'um_admin_blocks_restrict_settings', um_block_restrict_settings );
/**
*
+8 -5
View File
@@ -227,8 +227,16 @@ if ( ! class_exists( 'um\admin\core\Admin_Builder' ) ) {
<div class="um-admin-clear"></div>
</div>
<p class="um-admin-conditions-notice">
<small>
<?php _e( 'Use the condition operator `equals to` or `not equals` if the parent field has a single option.', 'ultimate-member' ); ?>
<br><?php _e( 'Use the condition operator `greater than` or `less than` if the parent field is a number.', 'ultimate-member' ); ?>
<br><?php _e( 'Use the condition operator `contains` if the parent field has multiple options.', 'ultimate-member' ); ?>
</small>
</p>
<p><a href="javascript:void(0);" class="um-admin-new-condition button button-primary um-admin-tipsy-n" title="Add new condition"><?php _e( 'Add new rule', 'ultimate-member' ); ?></a></p>
<p class="um-admin-reset-conditions"><a href="javascript:void(0);" class="button"><?php _e( 'Reset all rules', 'ultimate-member' ); ?></a></p>
<div class="um-admin-clear"></div>
<?php if ( isset( $edit_array['conditions'] ) && count( $edit_array['conditions'] ) != 0 ) {
@@ -267,11 +275,6 @@ if ( ! class_exists( 'um\admin\core\Admin_Builder' ) ) {
</div>
<?php } ?>
<small>
<br><?php _e( 'Use the condition operator `equals to` or `not equals` if the parent field has a single option.', 'ultimate-member' ); ?>
<br><?php _e( 'Use the condition operator `greater than` or `less than` if the parent field is a number.', 'ultimate-member' ); ?>
<br><?php _e( 'Use the condition operator `contains` if the parent field has multiple options.', 'ultimate-member' ); ?>
</small>
</div>
</div>
+1 -1
View File
@@ -437,7 +437,7 @@ if ( ! class_exists( 'um\admin\core\Admin_Enqueue' ) ) {
return;
}
wp_register_script( 'um_block_js', $this->js_url . 'um-admin-blocks.js', array( 'wp-i18n', 'wp-blocks', 'wp-components' ), ultimatemember_version, true );
wp_register_script( 'um_block_js', $this->js_url . 'um-admin-blocks.js', array( 'wp-i18n', 'wp-blocks', 'wp-components', 'wp-hooks' ), ultimatemember_version, true );
wp_set_script_translations( 'um_block_js', 'ultimate-member' );
$restrict_options = array();
+1 -1
View File
@@ -1703,7 +1703,7 @@ if ( ! class_exists( 'um\admin\core\Admin_Settings' ) ) {
if ( ( ! wp_verify_nonce( $nonce, 'um-settings-nonce' ) || empty( $nonce ) ) || ! current_user_can( 'manage_options' ) ) {
// This nonce is not valid.
wp_die( 'Security Check' );
wp_die( __( 'Security Check', 'ultimate-member' ) );
}
/**
+1 -1
View File
@@ -138,7 +138,7 @@ if ( ! class_exists( 'um\admin\core\Admin_Users' ) ) {
case 'um_delete':
if ( is_admin() ) {
wp_die( 'This action is not allowed in backend.', 'ultimate-member' );
wp_die( __( 'This action is not allowed in backend.', 'ultimate-member' ) );
}
UM()->user()->delete();
break;
+6 -1
View File
@@ -1394,6 +1394,9 @@ if ( ! class_exists( 'um\core\Access' ) ) {
}
}
} else {
$display = true;
// What roles can access this content?
if ( ! empty( $block['attrs']['um_roles_access'] ) ) {
$display = false;
foreach ( $block['attrs']['um_roles_access'] as $role ) {
@@ -1401,6 +1404,9 @@ if ( ! class_exists( 'um\core\Access' ) ) {
$display = true;
}
}
}
$display = apply_filters( 'um_loggedin_block_restriction', $display, $block );
if ( ! $display ) {
$block_content = '';
@@ -1413,7 +1419,6 @@ if ( ! class_exists( 'um\core\Access' ) ) {
}
}
}
}
break;
}
case '2': {
+1 -1
View File
@@ -439,7 +439,7 @@ if ( ! class_exists( 'um\core\Form' ) ) {
}
if ( isset( $_POST[ UM()->honeypot ] ) && $_POST[ UM()->honeypot ] != '' ) {
wp_die( 'Hello, spam bot!', 'ultimate-member' );
wp_die( __( 'Hello, spam bot!', 'ultimate-member' ) );
}
/**
+2 -1
View File
@@ -75,7 +75,8 @@ if ( ! class_exists( 'um\core\Login' ) ) {
}
if ( ! wp_verify_nonce( $args['_wpnonce'], 'um_login_form' ) || empty( $args['_wpnonce'] ) || ! isset( $args['_wpnonce'] ) ) {
wp_die( __( 'Invalid Nonce.', 'ultimate-member' ) );
$url = apply_filters( 'um_login_invalid_nonce_redirect_url', add_query_arg( [ 'err' => 'invalid_nonce' ] ) );
exit( wp_redirect( $url ) );
}
return $args;
+2 -2
View File
@@ -445,7 +445,7 @@ if ( ! class_exists( 'um\core\Password' ) ) {
function um_reset_password_errors_hook( $args ) {
if ( $_POST[ UM()->honeypot ] != '' ) {
wp_die( 'Hello, spam bot!', 'ultimate-member' );
wp_die( __( 'Hello, spam bot!', 'ultimate-member' ) );
}
$user = "";
@@ -527,7 +527,7 @@ if ( ! class_exists( 'um\core\Password' ) ) {
*/
function um_change_password_errors_hook( $args ) {
if ( isset( $_POST[ UM()->honeypot ] ) && $_POST[ UM()->honeypot ] != '' ) {
wp_die( 'Hello, spam bot!', 'ultimate-member' );
wp_die( __( 'Hello, spam bot!', 'ultimate-member' ) );
}
if ( ! is_user_logged_in() && isset( $args ) && ! um_is_core_page( 'password-reset' ) ||
+2 -1
View File
@@ -68,7 +68,8 @@ if ( ! class_exists( 'um\core\Register' ) ) {
}
if ( ! wp_verify_nonce( $args['_wpnonce'], 'um_register_form' ) || empty( $args['_wpnonce'] ) || ! isset( $args['_wpnonce'] ) ) {
wp_die( __( 'Invalid Nonce.', 'ultimate-member' ) );
$url = apply_filters( 'um_register_invalid_nonce_redirect_url', add_query_arg( [ 'err' => 'invalid_nonce' ] ) );
exit( wp_redirect( $url ) );
}
return $args;
+16
View File
@@ -838,3 +838,19 @@ function um_submit_form_errors_hook_( $args ) {
}
}
add_action( 'um_submit_form_errors_hook_', 'um_submit_form_errors_hook_', 10 );
/**
* @param string $url
*
* @return string
*/
function um_invalid_nonce_redirect_url( $url ) {
$url = add_query_arg( [
'um-hash' => substr( md5( rand() ), 0, 6 ),
], remove_query_arg( 'um-hash', $url ) );
return $url;
}
add_filter( 'um_login_invalid_nonce_redirect_url', 'um_invalid_nonce_redirect_url', 10, 1 );
add_filter( 'um_register_invalid_nonce_redirect_url', 'um_invalid_nonce_redirect_url', 10, 1 );
+4
View File
@@ -186,6 +186,10 @@ function um_add_update_notice( $args ) {
$err = __( 'Your membership request has been rejected.', 'ultimate-member' );
break;
case 'invalid_nonce':
$err = __( 'An error has been encountered. Probably page was cached. Please try again.', 'ultimate-member' );
break;
}
}
+6 -1
View File
@@ -161,6 +161,11 @@ The plugin works with popular caching plugins by automatically excluding Ultimat
- Added: `um_member_directory_cover_image_size` hook with ability to change the cover photo size on the member directory
- Added: `um_member_directory_get_members_allow` JS hook for 3rd-party integration with the member directory. You could use a time throttle until some data is loaded
- Added: Notice about the fields' conditional logic rules + small CSS enhancements
- Added: Invalid nonce validation on Login and Registration pages instead of wp_die()
- Added: Privacy settings for the Divider field type (#688)
- Added: Ability for the integration with Gutenberg Block restriction settings (extends the block restriction settings via 3rd-party plugins)
- Added: Strings translations
* Bugfixes:
@@ -170,7 +175,7 @@ The plugin works with popular caching plugins by automatically excluding Ultimat
- Fixed: Issue with apostrophe options in the multiselect/checkbox fields (#689)
- Fixed: Translation for Password field's label
- Fixed: Download Personal Data URL
- Fixed: Vulnerability with timestamp field on UM Forms
- Fixed: Vulnerability with timestamp field on UM Forms (the hidden field with name='timestamp' is deprecated)
* Tweaks:
+3 -1
View File
@@ -3,7 +3,9 @@
<div class="um <?php echo esc_attr( $this->get_class( $mode ) ); ?> um-<?php echo esc_attr( $form_id ); ?>">
<div class="um-postmessage">
<?php printf( __( '%s', 'ultimate-member' ), $this->custom_message ); ?>
<?php
// translators: %s: The message after registration process based on a role data and user status after registration
printf( __( '%s', 'ultimate-member' ), $this->custom_message ); ?>
</div>
</div>
+2 -1
View File
@@ -43,7 +43,8 @@ get_header(); ?>
$message = ! empty( $restriction['_um_restrict_custom_message'] ) ? stripslashes( $restriction['_um_restrict_custom_message'] ) : '';
}
echo $message; ?>
// translators: %s: Restricted taxonomy message.
printf( __( '%s', 'ultimate-member' ), $message ); ?>
</main><!-- #main -->
</div><!-- #primary -->
+1 -1
View File
@@ -3,7 +3,7 @@
Plugin Name: Ultimate Member
Plugin URI: http://ultimatemember.com/
Description: The easiest way to create powerful online communities and beautiful user profiles with WordPress
Version: 2.1.13-rc.1
Version: 2.1.13-rc.2
Author: Ultimate Member
Author URI: http://ultimatemember.com/
Text Domain: ultimate-member