mirror of
https://github.com/10h30/ultimatemember.git
synced 2026-07-19 14:43:49 +09:00
- fixed secure account fields long meta;
This commit is contained in:
@@ -30,7 +30,7 @@ if ( ! class_exists( 'um\core\Account' ) ) {
|
||||
/**
|
||||
* @var array
|
||||
*/
|
||||
var $register_fields = array();
|
||||
var $displayed_fields = array();
|
||||
|
||||
|
||||
/**
|
||||
@@ -151,7 +151,9 @@ if ( ! class_exists( 'um\core\Account' ) ) {
|
||||
* Account Shortcode
|
||||
*
|
||||
* @param array $args
|
||||
* @return string
|
||||
*
|
||||
* @return false|string
|
||||
* @throws \Exception
|
||||
*/
|
||||
function ultimatemember_account( $args = array() ) {
|
||||
um_fetch_user( get_current_user_id() );
|
||||
@@ -304,10 +306,20 @@ if ( ! class_exists( 'um\core\Account' ) ) {
|
||||
|
||||
$output = ob_get_clean();
|
||||
|
||||
$this->account_fields_hash();
|
||||
|
||||
return $output;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Update account fields to secure the account submission
|
||||
*/
|
||||
function account_fields_hash() {
|
||||
update_user_meta( um_user( 'ID' ), 'um_account_secure_fields', UM()->account()->displayed_fields );
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Restrict access to Account page
|
||||
*/
|
||||
@@ -478,35 +490,67 @@ if ( ! class_exists( 'um\core\Account' ) ) {
|
||||
|
||||
|
||||
/**
|
||||
* @param array $fields
|
||||
* @param $id
|
||||
* Init displayed fields for security check
|
||||
*
|
||||
* @return array
|
||||
* @param $fields
|
||||
* @param $tab_key
|
||||
*/
|
||||
function account_secure_fields( $fields, $id ) {
|
||||
function init_displayed_fields( $fields, $tab_key ) {
|
||||
if ( ! $this->is_secure_enabled() ) {
|
||||
return;
|
||||
}
|
||||
|
||||
if ( ! isset( $this->displayed_fields[ $tab_key ] ) ) {
|
||||
$this->displayed_fields[ $tab_key ] = array_keys( $fields );
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* @param $field_key
|
||||
* @param $tab_key
|
||||
*/
|
||||
function add_displayed_field( $field_key, $tab_key ) {
|
||||
if ( ! $this->is_secure_enabled() ) {
|
||||
return;
|
||||
}
|
||||
|
||||
if ( ! isset( $this->displayed_fields[ $tab_key ] ) ) {
|
||||
$this->displayed_fields[ $tab_key ] = array( $field_key );
|
||||
} else {
|
||||
$this->displayed_fields[ $tab_key ][] = $field_key;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* @return bool
|
||||
*/
|
||||
function is_secure_enabled() {
|
||||
/**
|
||||
* UM hook
|
||||
*
|
||||
* @type filter
|
||||
* @title um_account_secure_fields
|
||||
* @description Change Account secure fields
|
||||
* @title um_account_secure_fields__enabled
|
||||
* @description Active account secure fields
|
||||
* @input_vars
|
||||
* [{"var":"$fields","type":"array","desc":"Account Fields"},
|
||||
* {"var":"$id","type":"int","desc":"User ID"}]
|
||||
* [{"var":"$enabled","type":"string","desc":"Enable secure account fields"}]
|
||||
* @change_log
|
||||
* ["Since: 2.0"]
|
||||
* @usage add_filter( 'um_account_secure_fields', 'function_name', 10, 2 );
|
||||
* @usage
|
||||
* <?php add_filter( 'um_account_secure_fields__enabled', 'function_name', 10, 1 ); ?>
|
||||
* @example
|
||||
* <?php
|
||||
* add_filter( 'um_account_secure_fields', 'my_account_secure_fields', 10, 2 );
|
||||
* function my_account_secure_fields( $fields, $id ) {
|
||||
* add_filter( 'um_account_secure_fields__enabled', 'my_account_secure_fields', 10, 1 );
|
||||
* function my_account_secure_fields( $enabled ) {
|
||||
* // your code here
|
||||
* return $fields;
|
||||
* return $enabled;
|
||||
* }
|
||||
* ?>
|
||||
*/
|
||||
$fields = apply_filters( 'um_account_secure_fields', $fields, $id );
|
||||
return $fields;
|
||||
$secure = apply_filters( 'um_account_secure_fields__enabled', true );
|
||||
|
||||
return $secure;
|
||||
}
|
||||
|
||||
|
||||
@@ -525,8 +569,8 @@ if ( ! class_exists( 'um\core\Account' ) ) {
|
||||
UM()->fields()->set_mode = 'account';
|
||||
UM()->fields()->editing = true;
|
||||
|
||||
if ( ! empty( $this->tab_output[$id]['content'] ) && ! empty( $this->tab_output[$id]['hash'] ) &&
|
||||
$this->tab_output[$id]['hash'] == md5( json_encode( $shortcode_args ) ) ) {
|
||||
if ( ! empty( $this->tab_output[ $id ]['content'] ) && ! empty( $this->tab_output[ $id ]['hash'] ) &&
|
||||
$this->tab_output[ $id ]['hash'] == md5( json_encode( $shortcode_args ) ) ) {
|
||||
return $this->tab_output[ $id ]['content'];
|
||||
}
|
||||
|
||||
@@ -559,9 +603,10 @@ if ( ! class_exists( 'um\core\Account' ) ) {
|
||||
$args = apply_filters( 'um_account_tab_privacy_fields', $args, $shortcode_args );
|
||||
|
||||
$fields = UM()->builtin()->get_specific_fields( $args );
|
||||
$fields = $this->account_secure_fields( $fields, $id );
|
||||
$fields = $this->filter_fields_by_attrs( $fields, $shortcode_args );
|
||||
|
||||
$this->init_displayed_fields( $fields, $id );
|
||||
|
||||
foreach ( $fields as $key => $data ) {
|
||||
$output .= UM()->fields()->edit_field( $key, $data );
|
||||
}
|
||||
@@ -595,9 +640,10 @@ if ( ! class_exists( 'um\core\Account' ) ) {
|
||||
$args = apply_filters( 'um_account_tab_delete_fields', $args, $shortcode_args );
|
||||
|
||||
$fields = UM()->builtin()->get_specific_fields( $args );
|
||||
$fields = $this->account_secure_fields( $fields, $id );
|
||||
$fields = $this->filter_fields_by_attrs( $fields, $shortcode_args );
|
||||
|
||||
$this->init_displayed_fields( $fields, $id );
|
||||
|
||||
foreach ( $fields as $key => $data ) {
|
||||
$output .= UM()->fields()->edit_field( $key, $data );
|
||||
}
|
||||
@@ -644,9 +690,10 @@ if ( ! class_exists( 'um\core\Account' ) ) {
|
||||
$args = apply_filters( 'um_account_tab_general_fields', $args, $shortcode_args );
|
||||
|
||||
$fields = UM()->builtin()->get_specific_fields( $args );
|
||||
$fields = $this->account_secure_fields( $fields, $id );
|
||||
$fields = $this->filter_fields_by_attrs( $fields, $shortcode_args );
|
||||
|
||||
$this->init_displayed_fields( $fields, $id );
|
||||
|
||||
foreach ( $fields as $key => $data ) {
|
||||
$output .= UM()->fields()->edit_field( $key, $data );
|
||||
}
|
||||
@@ -681,9 +728,10 @@ if ( ! class_exists( 'um\core\Account' ) ) {
|
||||
$args = apply_filters( 'um_account_tab_password_fields', $args, $shortcode_args );
|
||||
|
||||
$fields = UM()->builtin()->get_specific_fields( $args );
|
||||
$fields = $this->account_secure_fields( $fields, $id );
|
||||
$fields = $this->filter_fields_by_attrs( $fields, $shortcode_args );
|
||||
|
||||
$this->init_displayed_fields( $fields, $id );
|
||||
|
||||
foreach ( $fields as $key => $data ) {
|
||||
$output .= UM()->fields()->edit_field( $key, $data );
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user