diff --git a/includes/core/class-account.php b/includes/core/class-account.php index c559e4de..13560d62 100644 --- a/includes/core/class-account.php +++ b/includes/core/class-account.php @@ -30,7 +30,7 @@ if ( ! class_exists( 'um\core\Account' ) ) { /** * @var array */ - var $register_fields = array(); + var $displayed_fields = array(); /** @@ -151,7 +151,9 @@ if ( ! class_exists( 'um\core\Account' ) ) { * Account Shortcode * * @param array $args - * @return string + * + * @return false|string + * @throws \Exception */ function ultimatemember_account( $args = array() ) { um_fetch_user( get_current_user_id() ); @@ -304,10 +306,20 @@ if ( ! class_exists( 'um\core\Account' ) ) { $output = ob_get_clean(); + $this->account_fields_hash(); + return $output; } + /** + * Update account fields to secure the account submission + */ + function account_fields_hash() { + update_user_meta( um_user( 'ID' ), 'um_account_secure_fields', UM()->account()->displayed_fields ); + } + + /** * Restrict access to Account page */ @@ -478,35 +490,67 @@ if ( ! class_exists( 'um\core\Account' ) ) { /** - * @param array $fields - * @param $id + * Init displayed fields for security check * - * @return array + * @param $fields + * @param $tab_key */ - function account_secure_fields( $fields, $id ) { + function init_displayed_fields( $fields, $tab_key ) { + if ( ! $this->is_secure_enabled() ) { + return; + } + + if ( ! isset( $this->displayed_fields[ $tab_key ] ) ) { + $this->displayed_fields[ $tab_key ] = array_keys( $fields ); + } + } + + + /** + * @param $field_key + * @param $tab_key + */ + function add_displayed_field( $field_key, $tab_key ) { + if ( ! $this->is_secure_enabled() ) { + return; + } + + if ( ! isset( $this->displayed_fields[ $tab_key ] ) ) { + $this->displayed_fields[ $tab_key ] = array( $field_key ); + } else { + $this->displayed_fields[ $tab_key ][] = $field_key; + } + } + + + /** + * @return bool + */ + function is_secure_enabled() { /** * UM hook * * @type filter - * @title um_account_secure_fields - * @description Change Account secure fields + * @title um_account_secure_fields__enabled + * @description Active account secure fields * @input_vars - * [{"var":"$fields","type":"array","desc":"Account Fields"}, - * {"var":"$id","type":"int","desc":"User ID"}] + * [{"var":"$enabled","type":"string","desc":"Enable secure account fields"}] * @change_log * ["Since: 2.0"] - * @usage add_filter( 'um_account_secure_fields', 'function_name', 10, 2 ); + * @usage + * * @example * */ - $fields = apply_filters( 'um_account_secure_fields', $fields, $id ); - return $fields; + $secure = apply_filters( 'um_account_secure_fields__enabled', true ); + + return $secure; } @@ -525,8 +569,8 @@ if ( ! class_exists( 'um\core\Account' ) ) { UM()->fields()->set_mode = 'account'; UM()->fields()->editing = true; - if ( ! empty( $this->tab_output[$id]['content'] ) && ! empty( $this->tab_output[$id]['hash'] ) && - $this->tab_output[$id]['hash'] == md5( json_encode( $shortcode_args ) ) ) { + if ( ! empty( $this->tab_output[ $id ]['content'] ) && ! empty( $this->tab_output[ $id ]['hash'] ) && + $this->tab_output[ $id ]['hash'] == md5( json_encode( $shortcode_args ) ) ) { return $this->tab_output[ $id ]['content']; } @@ -559,9 +603,10 @@ if ( ! class_exists( 'um\core\Account' ) ) { $args = apply_filters( 'um_account_tab_privacy_fields', $args, $shortcode_args ); $fields = UM()->builtin()->get_specific_fields( $args ); - $fields = $this->account_secure_fields( $fields, $id ); $fields = $this->filter_fields_by_attrs( $fields, $shortcode_args ); + $this->init_displayed_fields( $fields, $id ); + foreach ( $fields as $key => $data ) { $output .= UM()->fields()->edit_field( $key, $data ); } @@ -595,9 +640,10 @@ if ( ! class_exists( 'um\core\Account' ) ) { $args = apply_filters( 'um_account_tab_delete_fields', $args, $shortcode_args ); $fields = UM()->builtin()->get_specific_fields( $args ); - $fields = $this->account_secure_fields( $fields, $id ); $fields = $this->filter_fields_by_attrs( $fields, $shortcode_args ); + $this->init_displayed_fields( $fields, $id ); + foreach ( $fields as $key => $data ) { $output .= UM()->fields()->edit_field( $key, $data ); } @@ -644,9 +690,10 @@ if ( ! class_exists( 'um\core\Account' ) ) { $args = apply_filters( 'um_account_tab_general_fields', $args, $shortcode_args ); $fields = UM()->builtin()->get_specific_fields( $args ); - $fields = $this->account_secure_fields( $fields, $id ); $fields = $this->filter_fields_by_attrs( $fields, $shortcode_args ); + $this->init_displayed_fields( $fields, $id ); + foreach ( $fields as $key => $data ) { $output .= UM()->fields()->edit_field( $key, $data ); } @@ -681,9 +728,10 @@ if ( ! class_exists( 'um\core\Account' ) ) { $args = apply_filters( 'um_account_tab_password_fields', $args, $shortcode_args ); $fields = UM()->builtin()->get_specific_fields( $args ); - $fields = $this->account_secure_fields( $fields, $id ); $fields = $this->filter_fields_by_attrs( $fields, $shortcode_args ); + $this->init_displayed_fields( $fields, $id ); + foreach ( $fields as $key => $data ) { $output .= UM()->fields()->edit_field( $key, $data ); } diff --git a/includes/core/class-fields.php b/includes/core/class-fields.php index b484e83c..b0b4a56f 100644 --- a/includes/core/class-fields.php +++ b/includes/core/class-fields.php @@ -2654,30 +2654,26 @@ if ( ! class_exists( 'um\core\Fields' ) ) { um_user( $data['parent_dropdown_relationship'] ) ) { $options = call_user_func( $data['custom_dropdown_options_source'], $data['parent_dropdown_relationship'] ); - $disabled_by_parent_option = ''; if ( um_user( $form_key ) ) { $select_original_option_value = " data-um-original-value='" . um_user( $form_key ) . "' "; } - - } } // Child dropdown option selected - if( isset( UM()->form()->post_form[ $form_key ] ) ){ + if ( isset( UM()->form()->post_form[ $form_key ] ) ) { $select_original_option_value = " data-um-original-value='" . esc_attr( UM()->form()->post_form[ $form_key ] ) . "' "; } // Child dropdown - if( $has_parent_option ){ + if ( $has_parent_option ) { - if ( ! empty( $data['custom_dropdown_options_source'] ) && $has_parent_option && function_exists( $data['custom_dropdown_options_source'] ) && - isset( UM()->form()->post_form[ $form_key ] ) - ) { - $options = call_user_func( $data['custom_dropdown_options_source'], $data['parent_dropdown_relationship'] ); + if ( ! empty( $data['custom_dropdown_options_source'] ) && $has_parent_option && + function_exists( $data['custom_dropdown_options_source'] ) && isset( UM()->form()->post_form[ $form_key ] ) ) { + $options = call_user_func( $data['custom_dropdown_options_source'], $data['parent_dropdown_relationship'] ); } } @@ -2769,6 +2765,8 @@ if ( ! class_exists( 'um\core\Fields' ) ) { // 'country' if ( $key === 'country' && empty( $options ) ) { $options = UM()->builtin()->get( 'countries' ); + } else if ( empty( $options ) ) { + $options = $data['options']; } $options = apply_filters( 'um_selectbox_options', $options, $key ); @@ -2889,7 +2887,7 @@ if ( ! class_exists( 'um\core\Fields' ) ) { $output .= ''; - if ($this->is_error( $form_key )) { + if ( $this->is_error( $form_key ) ) { $output .= $this->field_error( $this->show_error( $form_key ) ); } diff --git a/includes/core/um-actions-account.php b/includes/core/um-actions-account.php index b1cc0bd9..c40d2199 100644 --- a/includes/core/um-actions-account.php +++ b/includes/core/um-actions-account.php @@ -177,7 +177,7 @@ function um_submit_account_details( $args ) { $user->destroy_all(); wp_set_password( $changes['user_pass'], um_user( 'ID' ) ); - + wp_signon( array( 'user_login' => um_user( 'user_login' ), 'user_password' => $changes['user_pass'] ) ); } @@ -185,7 +185,8 @@ function um_submit_account_details( $args ) { // delete account $user = get_user_by( 'login', um_user( 'user_login' ) ); - if ( 'delete' == $current_tab && isset( $_POST['single_user_password'] ) && wp_check_password( $_POST['single_user_password'], $user->data->user_pass, $user->data->ID ) ) { + if ( 'delete' == $current_tab && isset( $_POST['single_user_password'] ) && + wp_check_password( $_POST['single_user_password'], $user->data->user_pass, $user->data->ID ) ) { if ( current_user_can( 'delete_users' ) || um_user( 'can_delete_profile' ) ) { UM()->user()->delete(); @@ -222,45 +223,42 @@ function um_submit_account_details( $args ) { } } + $arr_fields = array( 'password', 'um_account' ); + if ( UM()->account()->is_secure_enabled() ) { + $account_fields = get_user_meta( um_user( 'ID' ), 'um_account_secure_fields', true ); - $arr_fields = array(); - $account_fields = get_user_meta( um_user('ID'), 'um_account_secure_fields', true ); + /** + * UM hook + * + * @type filter + * @title um_secure_account_fields + * @description Change secure account fields + * @input_vars + * [{"var":"$fields","type":"array","desc":"Secure account fields"}, + * {"var":"$user_id","type":"int","desc":"User ID"}] + * @change_log + * ["Since: 2.0"] + * @usage + * + * @example + * + */ + $secure_fields = apply_filters( 'um_secure_account_fields', $account_fields, um_user( 'ID' ) ); - /** - * UM hook - * - * @type filter - * @title um_secure_account_fields - * @description Change secure account fields - * @input_vars - * [{"var":"$fields","type":"array","desc":"Secure account fields"}, - * {"var":"$user_id","type":"int","desc":"User ID"}] - * @change_log - * ["Since: 2.0"] - * @usage - * - * @example - * - */ - $secure_fields = apply_filters( 'um_secure_account_fields', $account_fields, um_user( 'ID' ) ); - - if ( is_array( $secure_fields ) ) { - foreach ( $secure_fields as $tab_key => $fields ) { - foreach ( $fields as $key => $value ) { - $arr_fields[ ] = $key; - } + if ( is_array( $secure_fields[ $current_tab ] ) ) { + $arr_fields = array_merge( $arr_fields, $secure_fields[ $current_tab ] ); } } $changes = array(); foreach ( $_POST as $k => $v ) { - if ( strstr( $k, 'password' ) || strstr( $k, 'um_account' ) || ! in_array( $k, $arr_fields ) ) { + if ( ! in_array( $k, $arr_fields ) ) { continue; } @@ -319,6 +317,11 @@ function um_submit_account_details( $args ) { UM()->user()->update_profile( $changes ); + + if ( UM()->account()->is_secure_enabled() ) { + update_user_meta( um_user( 'ID' ), 'um_account_secure_fields', array() ); + } + /** * UM hook * @@ -410,6 +413,8 @@ add_action( 'um_before_account_delete', 'um_before_account_delete' ); * Before notifications account tab content * * @param array $args + * + * @throws Exception */ function um_before_account_notifications( $args = array() ) { $output = UM()->account()->get_tab_fields( 'notifications', $args ); @@ -427,16 +432,6 @@ function um_before_account_notifications( $args = array() ) { add_action( 'um_before_account_notifications', 'um_before_account_notifications' ); -/** - * Update account fields to secure the account submission - */ -function um_account_secure_registered_fields(){ - $secure_fields = UM()->account()->register_fields; - update_user_meta( um_user( 'ID' ), 'um_account_secure_fields', $secure_fields ); -} -add_action( 'wp_footer', 'um_account_secure_registered_fields' ); - - /** * Update Profile URL * diff --git a/includes/core/um-filters-account.php b/includes/core/um-filters-account.php index 064ab8f6..c460102d 100644 --- a/includes/core/um-filters-account.php +++ b/includes/core/um-filters-account.php @@ -1,48 +1,6 @@ - * @example - * - */ - $secure = apply_filters( 'um_account_secure_fields__enabled', true ); - - if( ! $secure ) return $fields; - - if( isset( UM()->account()->register_fields ) && ! isset( UM()->account()->register_fields[ $tab_key ] ) ){ - UM()->account()->register_fields[ $tab_key ] = $fields; - } - - return $fields; -} -add_filter( 'um_account_secure_fields', 'um_account_secure_fields', 10, 2 ); - - /** * Disables first and last name fields in account page * @param array $fields @@ -50,16 +8,18 @@ add_filter( 'um_account_secure_fields', 'um_account_secure_fields', 10, 2 ); * @uses um_get_field__first_name, um_get_field__last_name */ function um_account_disable_name_fields( $fields ){ - if( ! UM()->options()->get( "account_name_disable" ) ) return $fields; + if ( ! UM()->options()->get( 'account_name_disable' ) ) { + return $fields; + } - if ( um_is_core_page("account") ) { + if ( um_is_core_page( 'account' ) ) { $fields['disabled'] = 'disabled="disabled"'; } return $fields; } -add_filter( "um_get_field__first_name","um_account_disable_name_fields", 10 ,1 ); -add_filter( "um_get_field__last_name","um_account_disable_name_fields", 10 ,1 ); +add_filter( 'um_get_field__first_name', 'um_account_disable_name_fields', 10 ,1 ); +add_filter( 'um_get_field__last_name', 'um_account_disable_name_fields', 10 ,1 ); /**