From 8716265a5e7ab2040488710f56b6030ff7382c32 Mon Sep 17 00:00:00 2001 From: Champ Camba Date: Wed, 23 Nov 2016 12:30:53 +0800 Subject: [PATCH] Fix change password validation --- core/um-actions-password.php | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/core/um-actions-password.php b/core/um-actions-password.php index 318c706d..cf5ccb8b 100644 --- a/core/um-actions-password.php +++ b/core/um-actions-password.php @@ -156,8 +156,9 @@ function um_change_password_errors_hook( $args ) { global $ultimatemember; - if ( $_POST[ $ultimatemember->honeypot ] != '' ) + if ( isset( $_POST[ $ultimatemember->honeypot ] ) && $_POST[ $ultimatemember->honeypot ] != '' ){ wp_die('Hello, spam bot!'); + } $form_timestamp = trim($_POST['timestamp']); $live_timestamp = current_time( 'timestamp' ); @@ -168,7 +169,10 @@ if ( $live_timestamp - $form_timestamp < 3 && um_get_option('enable_timebot') == 1 ){ wp_die( __('Whoa, slow down! You\'re seeing this message because you tried to submit a form too fast and we think you might be a spam bot. If you are a real human being please wait a few seconds before submitting the form. Thanks!') ); } - + + if( ! is_user_logged_in() && isset( $args ) ){ + wp_die( __( 'This is not possible for security reasons.','ultimatemember') ); + } if ( isset( $args['user_password'] ) && empty( $args['user_password'] ) ) { $ultimatemember->form->add_error('user_password', __('You must enter a new password','ultimatemember') );