From 7d49246b7bcce8fa095317d6dbbd3ddbd919eedd Mon Sep 17 00:00:00 2001 From: champsupertramp Date: Mon, 12 Sep 2016 16:51:58 +0800 Subject: [PATCH] Fix reset password validation --- core/um-fields.php | 6 +++++- core/um-password.php | 8 +++++++- 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/core/um-fields.php b/core/um-fields.php index 55674576..c634f208 100644 --- a/core/um-fields.php +++ b/core/um-fields.php @@ -2255,8 +2255,12 @@ class UM_Fields { if ( isset( $data['label'] ) ) { $output .= $this->field_label($label, $key, $data); } + + $res = $this->field_value( $key, $default, $data ); - $res = stripslashes( $this->field_value( $key, $default, $data ) ); + if( ! empty( $res ) ){ + $res = stripslashes( $res ); + } $res = apply_filters("um_view_field_value_{$type}", $res, $data ); diff --git a/core/um-password.php b/core/um-password.php index 926cb2b0..6a4ea4d0 100644 --- a/core/um-password.php +++ b/core/um-password.php @@ -29,7 +29,9 @@ class UM_Password { um_fetch_user( $user_id ); - if ( $_REQUEST['hash'] != um_user('reset_pass_hash') ) wp_die( __('This is not a valid hash, or it has expired.','ultimatemember') ); + if ( $_REQUEST['hash'] != um_user('reset_pass_hash') ){ + wp_die( __('This is not a valid hash, or it has expired.','ultimatemember') ); + } $ultimatemember->user->profile['reset_pass_hash_token'] = current_time( 'timestamp' ); $ultimatemember->user->update_usermeta_info('reset_pass_hash_token'); @@ -50,6 +52,10 @@ class UM_Password { if ( !um_user('reset_pass_hash') ) return false; + $user_id = um_user('ID'); + + delete_option( "um_cache_userdata_{$user_id}" ); + $url = add_query_arg( 'act', 'reset_password', um_get_core_page('password-reset') ); $url = add_query_arg( 'hash', esc_attr( um_user('reset_pass_hash') ), $url ); $url = add_query_arg( 'user_id', esc_attr( um_user('ID') ), $url );