Merge pull request #1107 from ultimatemember/development/2.5.2

Development/2.5.2
This commit is contained in:
Nikita Sinelnikov
2022-12-14 16:22:14 +02:00
committed by GitHub
20 changed files with 174 additions and 60 deletions
+1 -1
View File
@@ -41,7 +41,7 @@ GNU Version 2 or Any Later Version
## Releases
[Official Release Version: 2.5.1](https://github.com/ultimatemember/ultimatemember/releases/tag/2.5.1).
[Official Release Version: 2.5.2](https://github.com/ultimatemember/ultimatemember/releases/tag/2.5.2).
## Changelog
+1 -1
View File
@@ -1220,7 +1220,7 @@ if ( ! class_exists( 'um\admin\core\Admin_Builder' ) ) {
$arr_options['function_exists'] = function_exists( $um_callback_func );
}
if ( in_array( $um_callback_func, UM()->fields()->dropdown_options_source_blacklist(), true ) ) {
if ( UM()->fields()->is_source_blacklisted( $um_callback_func ) ) {
wp_send_json_error( __( 'This is not possible for security reasons. Don\'t use internal PHP functions.', 'ultimate-member' ) );
}
+15 -6
View File
@@ -759,6 +759,9 @@ if ( ! class_exists( 'um\admin\core\Admin_Settings' ) ) {
'reset_password_limit_number' => array(
'sanitize' => 'absint',
),
'change_password_request_limit' => array(
'sanitize' => 'bool',
),
'blocked_emails' => array(
'sanitize' => 'textarea',
),
@@ -1285,6 +1288,12 @@ if ( ! class_exists( 'um\admin\core\Admin_Settings' ) ) {
'conditional' => array( 'enable_reset_password_limit', '=', 1 ),
'size' => 'small',
),
array(
'id' => 'change_password_request_limit',
'type' => 'checkbox',
'label' => __( 'Change Password request limit', 'ultimate-member' ),
'tooltip' => __( 'This option adds rate limit when submitting the change password form in the Account page. Users are only allowed to submit 1 request per 30 minutes to prevent from any brute-force attacks or password guessing with the form.', 'ultimate-member' ),
),
array(
'id' => 'blocked_emails',
'type' => 'textarea',
@@ -3448,7 +3457,6 @@ Use Only Cookies: <?php echo ini_get( 'session.use_only_cookies' ) ?
* @return array
*/
function save_email_templates( $settings ) {
if ( empty( $settings['um_email_template'] ) ) {
return $settings;
}
@@ -3457,16 +3465,17 @@ Use Only Cookies: <?php echo ini_get( 'session.use_only_cookies' ) ?
$content = wp_kses_post( stripslashes( $settings[ $template ] ) );
$theme_template_path = UM()->mail()->get_template_file( 'theme', $template );
if ( ! file_exists( $theme_template_path ) ) {
UM()->mail()->copy_email_template( $template );
}
$fp = fopen( $theme_template_path, "w" );
$result = fputs( $fp, $content );
fclose( $fp );
if ( file_exists( $theme_template_path ) ) {
$fp = fopen( $theme_template_path, "w" );
$result = fputs( $fp, $content );
fclose( $fp );
}
if ( $result !== false ) {
if ( isset( $result ) && $result !== false ) {
unset( $settings['um_email_template'] );
unset( $settings[ $template ] );
}
+1 -1
View File
@@ -67,7 +67,7 @@ if ( ! class_exists( 'um\admin\core\Admin_Upgrade' ) ) {
if ( ! empty( $this->necessary_packages ) ) {
add_action( 'admin_menu', array( $this, 'admin_menu' ), 0 );
if ( defined( 'DOING_AJAX' ) && DOING_AJAX ) {
if ( defined( 'DOING_AJAX' ) && DOING_AJAX && current_user_can( 'manage_options' ) ) {
$this->init_packages_ajax();
add_action( 'wp_ajax_um_run_package', array( $this, 'ajax_run_package' ) );
+1
View File
@@ -553,6 +553,7 @@ if ( ! class_exists( 'um\Config' ) ) {
'restricted_block_message' => '',
'enable_reset_password_limit' => 1,
'reset_password_limit_number' => 3,
'change_password_request_limit' => false,
'blocked_emails' => '',
'blocked_words' => 'admin' . "\r\n" . 'administrator' . "\r\n" . 'webmaster' . "\r\n" . 'support' . "\r\n" . 'staff',
'allowed_choice_callbacks' => '',
+32 -8
View File
@@ -87,7 +87,12 @@ if ( ! class_exists( 'um\core\Fields' ) ) {
foreach ( $social as $k => $arr ) {
if ( um_profile( $k ) ) {
$match = is_array( $arr['match'] ) ? $arr['match'][0] : $arr['match']; ?>
if ( array_key_exists( 'match' , $arr ) ) {
$match = is_array( $arr['match'] ) ? $arr['match'][0] : $arr['match'];
} else {
$match = null;
}
?>
<a href="<?php echo esc_url( um_filtered_social_link( $k, $match ) ); ?>"
style="background: <?php echo esc_attr( $arr['color'] ); ?>;" target="_blank" class="um-tip-n"
@@ -112,7 +117,7 @@ if ( ! class_exists( 'um\core\Fields' ) ) {
$output = null;
foreach ( $fields as $key => $data ) {
$output .= UM()->fields()->edit_field( $key, $data );
$output .= $this->edit_field( $key, $data );
}
echo $output;
@@ -147,7 +152,7 @@ if ( ! class_exists( 'um\core\Fields' ) ) {
if ( array_key_exists( 'custom_dropdown_options_source', $args ) ) {
if ( function_exists( wp_unslash( $args['custom_dropdown_options_source'] ) ) ) {
if ( ! in_array( $args['custom_dropdown_options_source'], UM()->fields()->dropdown_options_source_blacklist(), true ) ) {
if ( ! $this->is_source_blacklisted( $args['custom_dropdown_options_source'] ) ) {
$allowed_callbacks = UM()->options()->get( 'allowed_choice_callbacks' );
if ( ! empty( $allowed_callbacks ) ) {
$allowed_callbacks = array_map( 'rtrim', explode( "\n", $allowed_callbacks ) );
@@ -204,7 +209,7 @@ if ( ! class_exists( 'um\core\Fields' ) ) {
if ( array_key_exists( 'custom_dropdown_options_source', $args ) ) {
if ( function_exists( wp_unslash( $args['custom_dropdown_options_source'] ) ) ) {
if ( ! in_array( $args['custom_dropdown_options_source'], UM()->fields()->dropdown_options_source_blacklist(), true ) ) {
if ( ! $this->is_source_blacklisted( $args['custom_dropdown_options_source'] ) ) {
$allowed_callbacks = UM()->options()->get( 'allowed_choice_callbacks' );
if ( ! empty( $allowed_callbacks ) ) {
$allowed_callbacks = array_map( 'rtrim', explode( "\n", $allowed_callbacks ) );
@@ -1309,6 +1314,25 @@ if ( ! class_exists( 'um\core\Fields' ) ) {
return $blacklist;
}
/**
* Is the dropdown source callback function blacklisted?
*
* @param string $source Function name
*
* @return bool
*/
public function is_source_blacklisted( $source ) {
// avoid using different letter case for bypass the blacklist e.g. phpInfo
// avoid using root namespace for bypass the blacklist e.g. \phpinfo
$source = trim( strtolower( $source ), '\\' );
if ( in_array( $source, $this->dropdown_options_source_blacklist(), true ) ) {
return true;
}
return false;
}
/**
* Gets selected option value from a callback function
*
@@ -1322,7 +1346,7 @@ if ( ! class_exists( 'um\core\Fields' ) ) {
if ( in_array( $type, array( 'select', 'multiselect' ) ) && ! empty( $data['custom_dropdown_options_source'] ) ) {
if ( in_array( $data['custom_dropdown_options_source'], $this->dropdown_options_source_blacklist(), true ) ) {
if ( $this->is_source_blacklisted( $data['custom_dropdown_options_source'] ) ) {
return $value;
}
@@ -1393,7 +1417,7 @@ if ( ! class_exists( 'um\core\Fields' ) ) {
if ( in_array( $type, array( 'select', 'multiselect' ) ) && ! empty( $data['custom_dropdown_options_source'] ) ) {
if ( in_array( $data['custom_dropdown_options_source'], $this->dropdown_options_source_blacklist(), true ) ) {
if ( $this->is_source_blacklisted( $data['custom_dropdown_options_source'] ) ) {
return $arr_options;
}
@@ -3062,7 +3086,7 @@ if ( ! class_exists( 'um\core\Fields' ) ) {
if ( ! empty( $data['custom_dropdown_options_source'] ) && $has_parent_option && function_exists( $data['custom_dropdown_options_source'] ) &&
um_user( $data['parent_dropdown_relationship'] )
) {
if ( ! in_array( $data['custom_dropdown_options_source'], $this->dropdown_options_source_blacklist(), true ) ) {
if ( ! $this->is_source_blacklisted( $data['custom_dropdown_options_source'] ) ) {
$options = call_user_func( $data['custom_dropdown_options_source'], $data['parent_dropdown_relationship'] );
}
@@ -3082,7 +3106,7 @@ if ( ! class_exists( 'um\core\Fields' ) ) {
if ( $has_parent_option ) {
if ( ! empty( $data['custom_dropdown_options_source'] ) && $has_parent_option &&
function_exists( $data['custom_dropdown_options_source'] ) && isset( UM()->form()->post_form[ $form_key ] ) ) {
if ( ! in_array( $data['custom_dropdown_options_source'], $this->dropdown_options_source_blacklist(), true ) ) {
if ( ! $this->is_source_blacklisted( $data['custom_dropdown_options_source'] ) ) {
$options = call_user_func( $data['custom_dropdown_options_source'], $data['parent_dropdown_relationship'] );
}
}
+2 -2
View File
@@ -148,7 +148,7 @@ if ( ! class_exists( 'um\core\Form' ) ) {
wp_send_json( $arr_options );
}
if ( in_array( $ajax_source_func, UM()->fields()->dropdown_options_source_blacklist(), true ) ) {
if ( UM()->fields()->is_source_blacklisted( $ajax_source_func ) ) {
$arr_options['status'] = 'error';
$arr_options['message'] = __( 'This is not possible for security reasons.', 'ultimate-member' );
@@ -653,7 +653,7 @@ if ( ! class_exists( 'um\core\Form' ) ) {
case 'url':
$f = UM()->builtin()->get_a_field( $k );
if ( array_key_exists( 'match', $f ) && array_key_exists( 'advanced', $f ) && 'social' === $f['advanced'] ) {
if ( is_array( $f ) && array_key_exists( 'match', $f ) && array_key_exists( 'advanced', $f ) && 'social' === $f['advanced'] ) {
$v = sanitize_text_field( $form[ $k ] );
// Make a proper social link
+8 -17
View File
@@ -552,28 +552,19 @@ if ( ! class_exists( 'um\core\Mail' ) ) {
* @return bool
*/
function copy_email_template( $template ) {
$in_theme = $this->template_in_theme( $template );
if ( $in_theme ) {
return false;
}
$plugin_template_path = $this->get_template_file( 'plugin', $template );
$theme_template_path = $this->get_template_file( 'theme', $template );
$plugin_template_path = wp_normalize_path( $this->get_template_file( 'plugin', $template ) );
$theme_template_path = wp_normalize_path( $this->get_template_file( 'theme', $template ) );
$template_filename = $this->get_template_filename( $template ) . '.php';
$temp_path = str_replace( trailingslashit( get_stylesheet_directory() ), '', $theme_template_path );
$temp_path = str_replace( '/', DIRECTORY_SEPARATOR, $temp_path );
$folders = explode( DIRECTORY_SEPARATOR, $temp_path );
$folders = array_splice( $folders, 0, count( $folders ) - 1 );
$cur_folder = '';
$theme_dir = trailingslashit( get_stylesheet_directory() );
foreach ( $folders as $folder ) {
$prev_dir = $cur_folder;
$cur_folder .= $folder . DIRECTORY_SEPARATOR;
if ( ! is_dir( $theme_dir . $cur_folder ) && wp_is_writable( $theme_dir . $prev_dir ) ) {
mkdir( $theme_dir . $cur_folder, 0777 );
}
$template_dir = wp_normalize_path( str_replace( $template_filename, '', $theme_template_path ) );
$result = wp_mkdir_p( $template_dir );
if ( ! $result ) {
return false;
}
if ( file_exists( $plugin_template_path ) && copy( $plugin_template_path, $theme_template_path ) ) {
@@ -621,4 +612,4 @@ if ( ! class_exists( 'um\core\Mail' ) ) {
return $replace_placeholders;
}
}
}
}
+34
View File
@@ -526,6 +526,18 @@ if ( ! class_exists( 'um\core\Password' ) ) {
}
}
if ( ! empty( $args['user_password'] ) && UM()->options()->get( 'change_password_request_limit' ) && is_user_logged_in() ) {
$transient_id = '_um_change_password_rate_limit__' . um_user( 'ID' );
$last_request = get_transient( $transient_id );
$request_limit_time = apply_filters( 'um_change_password_attempt_limit_interval', 30 * MINUTE_IN_SECONDS );
if ( ! $last_request ) {
set_transient( $transient_id, time(), $request_limit_time );
} else {
UM()->form()->add_error( 'user_password', __( 'Unable to change password because of password change limit. Please try again later.', 'ultimate-member' ) );
return;
}
}
if ( isset( $args['user_password'] ) && empty( $args['user_password'] ) ) {
UM()->form()->add_error( 'user_password', __( 'You must enter a new password', 'ultimate-member' ) );
}
@@ -544,10 +556,24 @@ if ( ! class_exists( 'um\core\Password' ) ) {
}
if ( UM()->options()->get( 'require_strongpass' ) ) {
wp_fix_server_vars();
$rp_cookie = 'wp-resetpass-' . COOKIEHASH;
if ( ! is_user_logged_in() && isset( $_COOKIE[ $rp_cookie ] ) && 0 < strpos( $_COOKIE[ $rp_cookie ], ':' ) ) {
list( $rp_login, $rp_key ) = explode( ':', wp_unslash( $_COOKIE[ $rp_cookie ] ), 2 );
$user = check_password_reset_key( $rp_key, $rp_login );
um_fetch_user( $user->ID );
} elseif ( is_user_logged_in() ) {
um_fetch_user( get_current_user_id() );
}
$min_length = UM()->options()->get( 'password_min_chars' );
$min_length = ! empty( $min_length ) ? $min_length : 8;
$max_length = UM()->options()->get( 'password_max_chars' );
$max_length = ! empty( $max_length ) ? $max_length : 30;
$user_login = um_user( 'user_login' );
$user_email = um_user( 'user_email' );
if ( mb_strlen( wp_unslash( $args['user_password'] ) ) < $min_length ) {
UM()->form()->add_error( 'user_password', sprintf( __( 'Your password must contain at least %d characters', 'ultimate-member' ), $min_length ) );
@@ -557,6 +583,14 @@ if ( ! class_exists( 'um\core\Password' ) ) {
UM()->form()->add_error( 'user_password', sprintf( __( 'Your password must contain less than %d characters', 'ultimate-member' ), $max_length ) );
}
if ( strpos( strtolower( $user_login ), strtolower( $args['user_password'] ) ) > -1 ) {
UM()->form()->add_error( 'user_password', __( 'Your password cannot contain the part of your username', 'ultimate-member' ) );
}
if ( strpos( strtolower( $user_email ), strtolower( $args['user_password'] ) ) > -1 ) {
UM()->form()->add_error( 'user_password', __( 'Your password cannot contain the part of your email address', 'ultimate-member' ) );
}
if ( ! UM()->validation()->strong_pass( $args['user_password'] ) ) {
UM()->form()->add_error( 'user_password', __( 'Your password must contain at least one lowercase letter, one capital letter and one number', 'ultimate-member' ) );
}
+2 -7
View File
@@ -33,7 +33,6 @@ if ( ! class_exists( 'um\core\User' ) ) {
$this->data = null;
$this->profile = null;
$this->cannot_edit = null;
$this->password_reset_key = null;
$this->deleted_user_id = null;
global $wpdb;
@@ -1527,11 +1526,7 @@ if ( ! class_exists( 'um\core\User' ) ) {
* @return string|\WP_Error
*/
function maybe_generate_password_reset_key( $userdata ) {
if ( empty( $this->password_reset_key ) ) {
$this->password_reset_key = get_password_reset_key( $userdata );
}
return $this->password_reset_key ;
return get_password_reset_key( $userdata );
}
@@ -1546,7 +1541,7 @@ if ( ! class_exists( 'um\core\User' ) ) {
add_filter( 'um_template_tags_patterns_hook', array( UM()->password(), 'add_placeholder' ), 10, 1 );
add_filter( 'um_template_tags_replaces_hook', array( UM()->password(), 'add_replace_placeholder' ), 10, 1 );
UM()->mail()->send( um_user( 'user_email' ), 'resetpw_email' );
UM()->mail()->send( $userdata->user_email, 'resetpw_email' );
}
+1 -1
View File
@@ -95,7 +95,7 @@ if ( ! class_exists( 'um\core\Validation' ) ) {
isset( $fields[ $key ]['custom_dropdown_options_source'] ) &&
! empty( $fields[ $key ]['custom_dropdown_options_source'] ) &&
function_exists( $fields[ $key ]['custom_dropdown_options_source'] ) ) {
if ( ! in_array( $fields[ $key ]['custom_dropdown_options_source'], UM()->fields()->dropdown_options_source_blacklist(), true ) ) {
if ( ! UM()->fields()->is_source_blacklisted( $fields[ $key ]['custom_dropdown_options_source'] ) ) {
$arr_options = call_user_func( $fields[ $key ]['custom_dropdown_options_source'] );
$fields[ $key ]['options'] = array_keys( $arr_options );
}
+15
View File
@@ -93,6 +93,13 @@ function um_submit_account_errors_hook( $args ) {
$max_length = UM()->options()->get( 'password_max_chars' );
$max_length = ! empty( $max_length ) ? $max_length : 30;
if ( is_user_logged_in() ) {
um_fetch_user( get_current_user_id() );
}
$user_login = um_user( 'user_login' );
$user_email = um_user( 'user_email' );
if ( mb_strlen( wp_unslash( $args['user_password'] ) ) < $min_length ) {
UM()->form()->add_error( 'user_password', sprintf( __( 'Your password must contain at least %d characters', 'ultimate-member' ), $min_length ) );
}
@@ -101,6 +108,14 @@ function um_submit_account_errors_hook( $args ) {
UM()->form()->add_error( 'user_password', sprintf( __( 'Your password must contain less than %d characters', 'ultimate-member' ), $max_length ) );
}
if ( strpos( strtolower( $user_login ), strtolower( $args['user_password'] ) ) > -1 ) {
UM()->form()->add_error( 'user_password', __( 'Your password cannot contain the part of your username', 'ultimate-member' ) );
}
if ( strpos( strtolower( $user_email ), strtolower( $args['user_password'] ) ) > -1 ) {
UM()->form()->add_error( 'user_password', __( 'Your password cannot contain the part of your email address', 'ultimate-member' ) );
}
if ( ! UM()->validation()->strong_pass( $args['user_password'] ) ) {
UM()->form()->add_error( 'user_password', __( 'Your password must contain at least one lowercase letter, one capital letter and one number', 'ultimate-member' ) );
}
+8
View File
@@ -621,6 +621,14 @@ function um_submit_form_errors_hook_( $args ) {
}
if ( isset( $array['force_good_pass'] ) && $array['force_good_pass'] == 1 ) {
if ( isset( $args['user_login'] ) && strpos( strtolower( $args['user_login'] ), strtolower( $args['user_password'] ) ) > -1 ) {
UM()->form()->add_error( 'user_password', __( 'Your password cannot contain the part of your username', 'ultimate-member' ));
}
if ( isset( $args['user_email'] ) && strpos( strtolower( $args['user_email'] ), strtolower( $args['user_password'] ) ) > -1 ) {
UM()->form()->add_error( 'user_password', __( 'Your password cannot contain the part of your email address', 'ultimate-member' ));
}
if ( ! UM()->validation()->strong_pass( $args[ $key ] ) ) {
UM()->form()->add_error( $key, __( 'Your password must contain at least one lowercase letter, one capital letter and one number', 'ultimate-member' ) );
}
+13 -2
View File
@@ -59,18 +59,29 @@ function um_submit_form_errors_hook_login( $args ) {
UM()->form()->add_error( 'user_password', __( 'Password is incorrect. Please try again.', 'ultimate-member' ) );
}
// Integration with 3rd-party login handlers e.g. 3rd-party reCAPTCHA etc.
$third_party_codes = apply_filters( 'um_custom_authenticate_error_codes', array() );
// @since 4.18 replacement for 'wp_login_failed' action hook
// see WP function wp_authenticate()
$ignore_codes = array( 'empty_username', 'empty_password' );
$user = apply_filters( 'authenticate', null, $authenticate, $args['user_password'] );
if ( is_wp_error( $user ) && ! in_array( $user->get_error_code(), $ignore_codes ) ) {
UM()->form()->add_error( $user->get_error_code(), __( 'Password is incorrect. Please try again.', 'ultimate-member' ) );
if ( ! empty( $third_party_codes ) && in_array( $user->get_error_code(), $third_party_codes ) ) {
UM()->form()->add_error( $user->get_error_code(), $user->get_error_message() );
} else {
UM()->form()->add_error( $user->get_error_code(), __( 'Password is incorrect. Please try again.', 'ultimate-member' ) );
}
}
$user = apply_filters( 'wp_authenticate_user', $user, $args['user_password'] );
if ( is_wp_error( $user ) && ! in_array( $user->get_error_code(), $ignore_codes ) ) {
UM()->form()->add_error( $user->get_error_code(), __( 'Password is incorrect. Please try again.', 'ultimate-member' ) );
if ( ! empty( $third_party_codes ) && in_array( $user->get_error_code(), $third_party_codes ) ) {
UM()->form()->add_error( $user->get_error_code(), $user->get_error_message() );
} else {
UM()->form()->add_error( $user->get_error_code(), __( 'Password is incorrect. Please try again.', 'ultimate-member' ) );
}
}
// if there is an error notify wp
+1 -1
View File
@@ -295,7 +295,7 @@ function um_user_edit_profile( $args ) {
$options = array();
if ( ! empty( $array['custom_dropdown_options_source'] ) && function_exists( $array['custom_dropdown_options_source'] ) && ! $has_custom_source ) {
if ( ! in_array( $array['custom_dropdown_options_source'], UM()->fields()->dropdown_options_source_blacklist(), true ) ) {
if ( ! UM()->fields()->is_source_blacklisted( $array['custom_dropdown_options_source'] ) ) {
$callback_result = call_user_func( $array['custom_dropdown_options_source'], $array['options'] );
if ( is_array( $callback_result ) ) {
$options = array_keys( $callback_result );
+1 -1
View File
@@ -694,7 +694,7 @@ add_filter( 'um_field_non_utf8_value', 'um_field_non_utf8_value' );
*/
function um_select_dropdown_dynamic_callback_options( $options, $data ) {
if ( ! empty( $data['custom_dropdown_options_source'] ) && function_exists( $data['custom_dropdown_options_source'] ) ) {
if ( in_array( $data['custom_dropdown_options_source'], UM()->fields()->dropdown_options_source_blacklist(), true ) ) {
if ( UM()->fields()->is_source_blacklisted( $data['custom_dropdown_options_source'] ) ) {
return $options;
}
$options = call_user_func( $data['custom_dropdown_options_source'] );
+10 -8
View File
@@ -915,18 +915,20 @@ function um_user_submited_display( $k, $title, $data = array(), $style = true )
* Show filtered social link
*
* @param string $key
* @param string $match
* @param null|string $match
*
* @return string
*/
function um_filtered_social_link( $key, $match ) {
function um_filtered_social_link( $key, $match = null ) {
$value = um_profile( $key );
$submatch = str_replace( 'https://', '', $match );
$submatch = str_replace( 'http://', '', $submatch );
if ( strstr( $value, $submatch ) ) {
$value = 'https://' . $value;
} elseif ( strpos( $value, 'http' ) !== 0 ) {
$value = $match . $value;
if ( ! empty( $match ) ) {
$submatch = str_replace( 'https://', '', $match );
$submatch = str_replace( 'http://', '', $submatch );
if ( strstr( $value, $submatch ) ) {
$value = 'https://' . $value;
} elseif ( strpos( $value, 'http' ) !== 0 ) {
$value = $match . $value;
}
}
$value = str_replace( 'https://https://', 'https://', $value );
$value = str_replace( 'http://https://', 'https://', $value );
+26 -2
View File
@@ -6,8 +6,8 @@ Donate link:
Tags: community, member, membership, user-profile, user-registration
Requires PHP: 5.6
Requires at least: 5.0
Tested up to: 6.0
Stable tag: 2.5.1
Tested up to: 6.1
Stable tag: 2.5.2
License: GNU Version 2 or Any Later Version
License URI: http://www.gnu.org/licenses/gpl-3.0.txt
@@ -163,6 +163,30 @@ No, you do not need to use our plugins login or registration pages and can us
* To learn more about version 2.1 please see this [docs](https://docs.ultimatemember.com/article/1512-upgrade-2-1-0)
* UM2.1+ is a significant update to the Member Directories' code base from 2.0.x. Please make sure you take a full-site backup with restore point before updating the plugin
= 2.5.2: December 14, 2022 =
* Enhancements:
- Added: Custom dropdown callback functions security enhancements. Avoid using blacklisted functions through namespace or uppercase format
- Added: Validation for upgrade package in wp-admin
- Added: `Change Password request limit` option for prevent from any brute-force attacks or password guessing with the form
- Added: Strong password checking for not using username|email inside the password
- Added: `um_custom_authenticate_error_codes` hook for handling 3rd-party login errors on UM invalid form
* Bugfixes:
- Fixed: Some texts sanitizing
- Fixed: PHP Error in url-type field on UM Forms
- Fixed: Using `wp_mkdir` to avoid the filesystem conflict when copy email template to theme
- Fixed: Password Reset URL generating
- Fixed: Multiple users approve
- Fixed: Using regular URL-type field for displaying
* Templates required update:
- members.php
* Cached and optimized/minified assets(JS/CSS) must be flushed/re-generated after upgrade
= 2.5.1: October 26, 2022 =
* Enhancements:
+1 -1
View File
@@ -45,7 +45,7 @@ if ( count( $args['view_types'] ) == 1 ) {
} else {
$args['default_view'] = ! empty( $args['default_view'] ) ? $args['default_view'] : $args['view_types'][0];
$default_view = $args['default_view'];
$current_view = ( ! empty( $_GET[ 'view_type_' . $unique_hash ] ) && in_array( $_GET[ 'view_type_' . $unique_hash ], $args['view_types'] ) ) ? $_GET[ 'view_type_' . $unique_hash ] : $args['default_view'];
$current_view = ( ! empty( $_GET[ 'view_type_' . $unique_hash ] ) && in_array( $_GET[ 'view_type_' . $unique_hash ], $args['view_types'] ) ) ? sanitize_text_field( $_GET[ 'view_type_' . $unique_hash ] ) : $args['default_view'];
}
// Sorting
+1 -1
View File
@@ -3,7 +3,7 @@
Plugin Name: Ultimate Member
Plugin URI: http://ultimatemember.com/
Description: The easiest way to create powerful online communities and beautiful user profiles with WordPress
Version: 2.5.1
Version: 2.5.2
Author: Ultimate Member
Author URI: http://ultimatemember.com/
Text Domain: ultimate-member