- fixed secure account fields long meta;

This commit is contained in:
nikitasinelnikov
2019-09-26 16:52:11 +03:00
parent 2629eb4ace
commit 637f6548eb
4 changed files with 123 additions and 122 deletions
+70 -22
View File
@@ -30,7 +30,7 @@ if ( ! class_exists( 'um\core\Account' ) ) {
/**
* @var array
*/
var $register_fields = array();
var $displayed_fields = array();
/**
@@ -151,7 +151,9 @@ if ( ! class_exists( 'um\core\Account' ) ) {
* Account Shortcode
*
* @param array $args
* @return string
*
* @return false|string
* @throws \Exception
*/
function ultimatemember_account( $args = array() ) {
um_fetch_user( get_current_user_id() );
@@ -304,10 +306,20 @@ if ( ! class_exists( 'um\core\Account' ) ) {
$output = ob_get_clean();
$this->account_fields_hash();
return $output;
}
/**
* Update account fields to secure the account submission
*/
function account_fields_hash() {
update_user_meta( um_user( 'ID' ), 'um_account_secure_fields', UM()->account()->displayed_fields );
}
/**
* Restrict access to Account page
*/
@@ -478,35 +490,67 @@ if ( ! class_exists( 'um\core\Account' ) ) {
/**
* @param array $fields
* @param $id
* Init displayed fields for security check
*
* @return array
* @param $fields
* @param $tab_key
*/
function account_secure_fields( $fields, $id ) {
function init_displayed_fields( $fields, $tab_key ) {
if ( ! $this->is_secure_enabled() ) {
return;
}
if ( ! isset( $this->displayed_fields[ $tab_key ] ) ) {
$this->displayed_fields[ $tab_key ] = array_keys( $fields );
}
}
/**
* @param $field_key
* @param $tab_key
*/
function add_displayed_field( $field_key, $tab_key ) {
if ( ! $this->is_secure_enabled() ) {
return;
}
if ( ! isset( $this->displayed_fields[ $tab_key ] ) ) {
$this->displayed_fields[ $tab_key ] = array( $field_key );
} else {
$this->displayed_fields[ $tab_key ][] = $field_key;
}
}
/**
* @return bool
*/
function is_secure_enabled() {
/**
* UM hook
*
* @type filter
* @title um_account_secure_fields
* @description Change Account secure fields
* @title um_account_secure_fields__enabled
* @description Active account secure fields
* @input_vars
* [{"var":"$fields","type":"array","desc":"Account Fields"},
* {"var":"$id","type":"int","desc":"User ID"}]
* [{"var":"$enabled","type":"string","desc":"Enable secure account fields"}]
* @change_log
* ["Since: 2.0"]
* @usage add_filter( 'um_account_secure_fields', 'function_name', 10, 2 );
* @usage
* <?php add_filter( 'um_account_secure_fields__enabled', 'function_name', 10, 1 ); ?>
* @example
* <?php
* add_filter( 'um_account_secure_fields', 'my_account_secure_fields', 10, 2 );
* function my_account_secure_fields( $fields, $id ) {
* add_filter( 'um_account_secure_fields__enabled', 'my_account_secure_fields', 10, 1 );
* function my_account_secure_fields( $enabled ) {
* // your code here
* return $fields;
* return $enabled;
* }
* ?>
*/
$fields = apply_filters( 'um_account_secure_fields', $fields, $id );
return $fields;
$secure = apply_filters( 'um_account_secure_fields__enabled', true );
return $secure;
}
@@ -525,8 +569,8 @@ if ( ! class_exists( 'um\core\Account' ) ) {
UM()->fields()->set_mode = 'account';
UM()->fields()->editing = true;
if ( ! empty( $this->tab_output[$id]['content'] ) && ! empty( $this->tab_output[$id]['hash'] ) &&
$this->tab_output[$id]['hash'] == md5( json_encode( $shortcode_args ) ) ) {
if ( ! empty( $this->tab_output[ $id ]['content'] ) && ! empty( $this->tab_output[ $id ]['hash'] ) &&
$this->tab_output[ $id ]['hash'] == md5( json_encode( $shortcode_args ) ) ) {
return $this->tab_output[ $id ]['content'];
}
@@ -559,9 +603,10 @@ if ( ! class_exists( 'um\core\Account' ) ) {
$args = apply_filters( 'um_account_tab_privacy_fields', $args, $shortcode_args );
$fields = UM()->builtin()->get_specific_fields( $args );
$fields = $this->account_secure_fields( $fields, $id );
$fields = $this->filter_fields_by_attrs( $fields, $shortcode_args );
$this->init_displayed_fields( $fields, $id );
foreach ( $fields as $key => $data ) {
$output .= UM()->fields()->edit_field( $key, $data );
}
@@ -595,9 +640,10 @@ if ( ! class_exists( 'um\core\Account' ) ) {
$args = apply_filters( 'um_account_tab_delete_fields', $args, $shortcode_args );
$fields = UM()->builtin()->get_specific_fields( $args );
$fields = $this->account_secure_fields( $fields, $id );
$fields = $this->filter_fields_by_attrs( $fields, $shortcode_args );
$this->init_displayed_fields( $fields, $id );
foreach ( $fields as $key => $data ) {
$output .= UM()->fields()->edit_field( $key, $data );
}
@@ -644,9 +690,10 @@ if ( ! class_exists( 'um\core\Account' ) ) {
$args = apply_filters( 'um_account_tab_general_fields', $args, $shortcode_args );
$fields = UM()->builtin()->get_specific_fields( $args );
$fields = $this->account_secure_fields( $fields, $id );
$fields = $this->filter_fields_by_attrs( $fields, $shortcode_args );
$this->init_displayed_fields( $fields, $id );
foreach ( $fields as $key => $data ) {
$output .= UM()->fields()->edit_field( $key, $data );
}
@@ -681,9 +728,10 @@ if ( ! class_exists( 'um\core\Account' ) ) {
$args = apply_filters( 'um_account_tab_password_fields', $args, $shortcode_args );
$fields = UM()->builtin()->get_specific_fields( $args );
$fields = $this->account_secure_fields( $fields, $id );
$fields = $this->filter_fields_by_attrs( $fields, $shortcode_args );
$this->init_displayed_fields( $fields, $id );
foreach ( $fields as $key => $data ) {
$output .= UM()->fields()->edit_field( $key, $data );
}