- fixed secure account fields long meta;

This commit is contained in:
nikitasinelnikov
2019-09-26 16:52:11 +03:00
parent 2629eb4ace
commit 637f6548eb
4 changed files with 123 additions and 122 deletions
+70 -22
View File
@@ -30,7 +30,7 @@ if ( ! class_exists( 'um\core\Account' ) ) {
/**
* @var array
*/
var $register_fields = array();
var $displayed_fields = array();
/**
@@ -151,7 +151,9 @@ if ( ! class_exists( 'um\core\Account' ) ) {
* Account Shortcode
*
* @param array $args
* @return string
*
* @return false|string
* @throws \Exception
*/
function ultimatemember_account( $args = array() ) {
um_fetch_user( get_current_user_id() );
@@ -304,10 +306,20 @@ if ( ! class_exists( 'um\core\Account' ) ) {
$output = ob_get_clean();
$this->account_fields_hash();
return $output;
}
/**
* Update account fields to secure the account submission
*/
function account_fields_hash() {
update_user_meta( um_user( 'ID' ), 'um_account_secure_fields', UM()->account()->displayed_fields );
}
/**
* Restrict access to Account page
*/
@@ -478,35 +490,67 @@ if ( ! class_exists( 'um\core\Account' ) ) {
/**
* @param array $fields
* @param $id
* Init displayed fields for security check
*
* @return array
* @param $fields
* @param $tab_key
*/
function account_secure_fields( $fields, $id ) {
function init_displayed_fields( $fields, $tab_key ) {
if ( ! $this->is_secure_enabled() ) {
return;
}
if ( ! isset( $this->displayed_fields[ $tab_key ] ) ) {
$this->displayed_fields[ $tab_key ] = array_keys( $fields );
}
}
/**
* @param $field_key
* @param $tab_key
*/
function add_displayed_field( $field_key, $tab_key ) {
if ( ! $this->is_secure_enabled() ) {
return;
}
if ( ! isset( $this->displayed_fields[ $tab_key ] ) ) {
$this->displayed_fields[ $tab_key ] = array( $field_key );
} else {
$this->displayed_fields[ $tab_key ][] = $field_key;
}
}
/**
* @return bool
*/
function is_secure_enabled() {
/**
* UM hook
*
* @type filter
* @title um_account_secure_fields
* @description Change Account secure fields
* @title um_account_secure_fields__enabled
* @description Active account secure fields
* @input_vars
* [{"var":"$fields","type":"array","desc":"Account Fields"},
* {"var":"$id","type":"int","desc":"User ID"}]
* [{"var":"$enabled","type":"string","desc":"Enable secure account fields"}]
* @change_log
* ["Since: 2.0"]
* @usage add_filter( 'um_account_secure_fields', 'function_name', 10, 2 );
* @usage
* <?php add_filter( 'um_account_secure_fields__enabled', 'function_name', 10, 1 ); ?>
* @example
* <?php
* add_filter( 'um_account_secure_fields', 'my_account_secure_fields', 10, 2 );
* function my_account_secure_fields( $fields, $id ) {
* add_filter( 'um_account_secure_fields__enabled', 'my_account_secure_fields', 10, 1 );
* function my_account_secure_fields( $enabled ) {
* // your code here
* return $fields;
* return $enabled;
* }
* ?>
*/
$fields = apply_filters( 'um_account_secure_fields', $fields, $id );
return $fields;
$secure = apply_filters( 'um_account_secure_fields__enabled', true );
return $secure;
}
@@ -525,8 +569,8 @@ if ( ! class_exists( 'um\core\Account' ) ) {
UM()->fields()->set_mode = 'account';
UM()->fields()->editing = true;
if ( ! empty( $this->tab_output[$id]['content'] ) && ! empty( $this->tab_output[$id]['hash'] ) &&
$this->tab_output[$id]['hash'] == md5( json_encode( $shortcode_args ) ) ) {
if ( ! empty( $this->tab_output[ $id ]['content'] ) && ! empty( $this->tab_output[ $id ]['hash'] ) &&
$this->tab_output[ $id ]['hash'] == md5( json_encode( $shortcode_args ) ) ) {
return $this->tab_output[ $id ]['content'];
}
@@ -559,9 +603,10 @@ if ( ! class_exists( 'um\core\Account' ) ) {
$args = apply_filters( 'um_account_tab_privacy_fields', $args, $shortcode_args );
$fields = UM()->builtin()->get_specific_fields( $args );
$fields = $this->account_secure_fields( $fields, $id );
$fields = $this->filter_fields_by_attrs( $fields, $shortcode_args );
$this->init_displayed_fields( $fields, $id );
foreach ( $fields as $key => $data ) {
$output .= UM()->fields()->edit_field( $key, $data );
}
@@ -595,9 +640,10 @@ if ( ! class_exists( 'um\core\Account' ) ) {
$args = apply_filters( 'um_account_tab_delete_fields', $args, $shortcode_args );
$fields = UM()->builtin()->get_specific_fields( $args );
$fields = $this->account_secure_fields( $fields, $id );
$fields = $this->filter_fields_by_attrs( $fields, $shortcode_args );
$this->init_displayed_fields( $fields, $id );
foreach ( $fields as $key => $data ) {
$output .= UM()->fields()->edit_field( $key, $data );
}
@@ -644,9 +690,10 @@ if ( ! class_exists( 'um\core\Account' ) ) {
$args = apply_filters( 'um_account_tab_general_fields', $args, $shortcode_args );
$fields = UM()->builtin()->get_specific_fields( $args );
$fields = $this->account_secure_fields( $fields, $id );
$fields = $this->filter_fields_by_attrs( $fields, $shortcode_args );
$this->init_displayed_fields( $fields, $id );
foreach ( $fields as $key => $data ) {
$output .= UM()->fields()->edit_field( $key, $data );
}
@@ -681,9 +728,10 @@ if ( ! class_exists( 'um\core\Account' ) ) {
$args = apply_filters( 'um_account_tab_password_fields', $args, $shortcode_args );
$fields = UM()->builtin()->get_specific_fields( $args );
$fields = $this->account_secure_fields( $fields, $id );
$fields = $this->filter_fields_by_attrs( $fields, $shortcode_args );
$this->init_displayed_fields( $fields, $id );
foreach ( $fields as $key => $data ) {
$output .= UM()->fields()->edit_field( $key, $data );
}
+8 -10
View File
@@ -2654,30 +2654,26 @@ if ( ! class_exists( 'um\core\Fields' ) ) {
um_user( $data['parent_dropdown_relationship'] )
) {
$options = call_user_func( $data['custom_dropdown_options_source'], $data['parent_dropdown_relationship'] );
$disabled_by_parent_option = '';
if ( um_user( $form_key ) ) {
$select_original_option_value = " data-um-original-value='" . um_user( $form_key ) . "' ";
}
}
}
// Child dropdown option selected
if( isset( UM()->form()->post_form[ $form_key ] ) ){
if ( isset( UM()->form()->post_form[ $form_key ] ) ) {
$select_original_option_value = " data-um-original-value='" . esc_attr( UM()->form()->post_form[ $form_key ] ) . "' ";
}
// Child dropdown
if( $has_parent_option ){
if ( $has_parent_option ) {
if ( ! empty( $data['custom_dropdown_options_source'] ) && $has_parent_option && function_exists( $data['custom_dropdown_options_source'] ) &&
isset( UM()->form()->post_form[ $form_key ] )
) {
$options = call_user_func( $data['custom_dropdown_options_source'], $data['parent_dropdown_relationship'] );
if ( ! empty( $data['custom_dropdown_options_source'] ) && $has_parent_option &&
function_exists( $data['custom_dropdown_options_source'] ) && isset( UM()->form()->post_form[ $form_key ] ) ) {
$options = call_user_func( $data['custom_dropdown_options_source'], $data['parent_dropdown_relationship'] );
}
}
@@ -2769,6 +2765,8 @@ if ( ! class_exists( 'um\core\Fields' ) ) {
// 'country'
if ( $key === 'country' && empty( $options ) ) {
$options = UM()->builtin()->get( 'countries' );
} else if ( empty( $options ) ) {
$options = $data['options'];
}
$options = apply_filters( 'um_selectbox_options', $options, $key );
@@ -2889,7 +2887,7 @@ if ( ! class_exists( 'um\core\Fields' ) ) {
$output .= '</div>';
if ($this->is_error( $form_key )) {
if ( $this->is_error( $form_key ) ) {
$output .= $this->field_error( $this->show_error( $form_key ) );
}
+39 -44
View File
@@ -177,7 +177,7 @@ function um_submit_account_details( $args ) {
$user->destroy_all();
wp_set_password( $changes['user_pass'], um_user( 'ID' ) );
wp_signon( array( 'user_login' => um_user( 'user_login' ), 'user_password' => $changes['user_pass'] ) );
}
@@ -185,7 +185,8 @@ function um_submit_account_details( $args ) {
// delete account
$user = get_user_by( 'login', um_user( 'user_login' ) );
if ( 'delete' == $current_tab && isset( $_POST['single_user_password'] ) && wp_check_password( $_POST['single_user_password'], $user->data->user_pass, $user->data->ID ) ) {
if ( 'delete' == $current_tab && isset( $_POST['single_user_password'] ) &&
wp_check_password( $_POST['single_user_password'], $user->data->user_pass, $user->data->ID ) ) {
if ( current_user_can( 'delete_users' ) || um_user( 'can_delete_profile' ) ) {
UM()->user()->delete();
@@ -222,45 +223,42 @@ function um_submit_account_details( $args ) {
}
}
$arr_fields = array( 'password', 'um_account' );
if ( UM()->account()->is_secure_enabled() ) {
$account_fields = get_user_meta( um_user( 'ID' ), 'um_account_secure_fields', true );
$arr_fields = array();
$account_fields = get_user_meta( um_user('ID'), 'um_account_secure_fields', true );
/**
* UM hook
*
* @type filter
* @title um_secure_account_fields
* @description Change secure account fields
* @input_vars
* [{"var":"$fields","type":"array","desc":"Secure account fields"},
* {"var":"$user_id","type":"int","desc":"User ID"}]
* @change_log
* ["Since: 2.0"]
* @usage
* <?php add_filter( 'um_secure_account_fields', 'function_name', 10, 2 ); ?>
* @example
* <?php
* add_filter( 'um_secure_account_fields', 'my_secure_account_fields', 10, 2 );
* function my_secure_account_fields( $fields, $user_id ) {
* // your code here
* return $fields;
* }
* ?>
*/
$secure_fields = apply_filters( 'um_secure_account_fields', $account_fields, um_user( 'ID' ) );
/**
* UM hook
*
* @type filter
* @title um_secure_account_fields
* @description Change secure account fields
* @input_vars
* [{"var":"$fields","type":"array","desc":"Secure account fields"},
* {"var":"$user_id","type":"int","desc":"User ID"}]
* @change_log
* ["Since: 2.0"]
* @usage
* <?php add_filter( 'um_secure_account_fields', 'function_name', 10, 2 ); ?>
* @example
* <?php
* add_filter( 'um_secure_account_fields', 'my_secure_account_fields', 10, 2 );
* function my_secure_account_fields( $fields, $user_id ) {
* // your code here
* return $fields;
* }
* ?>
*/
$secure_fields = apply_filters( 'um_secure_account_fields', $account_fields, um_user( 'ID' ) );
if ( is_array( $secure_fields ) ) {
foreach ( $secure_fields as $tab_key => $fields ) {
foreach ( $fields as $key => $value ) {
$arr_fields[ ] = $key;
}
if ( is_array( $secure_fields[ $current_tab ] ) ) {
$arr_fields = array_merge( $arr_fields, $secure_fields[ $current_tab ] );
}
}
$changes = array();
foreach ( $_POST as $k => $v ) {
if ( strstr( $k, 'password' ) || strstr( $k, 'um_account' ) || ! in_array( $k, $arr_fields ) ) {
if ( ! in_array( $k, $arr_fields ) ) {
continue;
}
@@ -319,6 +317,11 @@ function um_submit_account_details( $args ) {
UM()->user()->update_profile( $changes );
if ( UM()->account()->is_secure_enabled() ) {
update_user_meta( um_user( 'ID' ), 'um_account_secure_fields', array() );
}
/**
* UM hook
*
@@ -410,6 +413,8 @@ add_action( 'um_before_account_delete', 'um_before_account_delete' );
* Before notifications account tab content
*
* @param array $args
*
* @throws Exception
*/
function um_before_account_notifications( $args = array() ) {
$output = UM()->account()->get_tab_fields( 'notifications', $args );
@@ -427,16 +432,6 @@ function um_before_account_notifications( $args = array() ) {
add_action( 'um_before_account_notifications', 'um_before_account_notifications' );
/**
* Update account fields to secure the account submission
*/
function um_account_secure_registered_fields(){
$secure_fields = UM()->account()->register_fields;
update_user_meta( um_user( 'ID' ), 'um_account_secure_fields', $secure_fields );
}
add_action( 'wp_footer', 'um_account_secure_registered_fields' );
/**
* Update Profile URL
*
+6 -46
View File
@@ -1,48 +1,6 @@
<?php if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
/**
* Account secure fields
* @param array $fields
* @param string $tab_key
* @return array
* @uses um_account_secure_fields
*/
function um_account_secure_fields( $fields, $tab_key ) {
/**
* UM hook
*
* @type filter
* @title um_account_secure_fields__enabled
* @description Active account secure fields
* @input_vars
* [{"var":"$enabled","type":"string","desc":"Enable secure account fields"}]
* @change_log
* ["Since: 2.0"]
* @usage
* <?php add_filter( 'um_account_secure_fields__enabled', 'function_name', 10, 1 ); ?>
* @example
* <?php
* add_filter( 'um_account_secure_fields__enabled', 'my_account_secure_fields', 10, 1 );
* function my_account_secure_fields( $enabled ) {
* // your code here
* return $enabled;
* }
* ?>
*/
$secure = apply_filters( 'um_account_secure_fields__enabled', true );
if( ! $secure ) return $fields;
if( isset( UM()->account()->register_fields ) && ! isset( UM()->account()->register_fields[ $tab_key ] ) ){
UM()->account()->register_fields[ $tab_key ] = $fields;
}
return $fields;
}
add_filter( 'um_account_secure_fields', 'um_account_secure_fields', 10, 2 );
/**
* Disables first and last name fields in account page
* @param array $fields
@@ -50,16 +8,18 @@ add_filter( 'um_account_secure_fields', 'um_account_secure_fields', 10, 2 );
* @uses um_get_field__first_name, um_get_field__last_name
*/
function um_account_disable_name_fields( $fields ){
if( ! UM()->options()->get( "account_name_disable" ) ) return $fields;
if ( ! UM()->options()->get( 'account_name_disable' ) ) {
return $fields;
}
if ( um_is_core_page("account") ) {
if ( um_is_core_page( 'account' ) ) {
$fields['disabled'] = 'disabled="disabled"';
}
return $fields;
}
add_filter( "um_get_field__first_name","um_account_disable_name_fields", 10 ,1 );
add_filter( "um_get_field__last_name","um_account_disable_name_fields", 10 ,1 );
add_filter( 'um_get_field__first_name', 'um_account_disable_name_fields', 10 ,1 );
add_filter( 'um_get_field__last_name', 'um_account_disable_name_fields', 10 ,1 );
/**