mirror of
https://github.com/10h30/ultimatemember.git
synced 2026-07-11 10:46:11 +09:00
Update 'ultimatemember_searchform' shortcode in Ultimate Member plugin
Refactored template, CSS and JS to fix the security vulnerability.
This commit is contained in:
@@ -19,6 +19,9 @@ class Pages {
|
||||
*/
|
||||
public function __construct() {
|
||||
add_action( 'wp_ajax_um_get_pages_list', array( $this, 'get_pages_list' ) );
|
||||
|
||||
add_action( 'wp_ajax_um_search_widget_request', array( $this, 'search_widget_request' ) );
|
||||
add_action( 'wp_ajax_nopriv_um_search_widget_request', array( $this, 'search_widget_request' ) );
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -98,4 +101,58 @@ class Pages {
|
||||
|
||||
wp_send_json( $return );
|
||||
}
|
||||
|
||||
/**
|
||||
* AJAX callback for getting search widget redirect to a proper member directory page.
|
||||
*/
|
||||
public function search_widget_request() {
|
||||
check_ajax_referer( 'um_search_widget_request' );
|
||||
|
||||
if ( ! UM()->options()->get( 'members_page' ) ) {
|
||||
wp_send_json_error( __( 'No members page enabled', 'ultimate-member' ) );
|
||||
}
|
||||
|
||||
$member_directory_ids = array();
|
||||
|
||||
$page_id = UM()->config()->permalinks['members'];
|
||||
if ( ! empty( $page_id ) ) {
|
||||
$member_directory_ids = UM()->member_directory()->get_member_directory_id( $page_id );
|
||||
}
|
||||
|
||||
if ( empty( $member_directory_ids ) ) {
|
||||
wp_send_json_error( __( 'No members page enabled', 'ultimate-member' ) );
|
||||
}
|
||||
|
||||
$url = um_get_predefined_page_url( 'members' );
|
||||
|
||||
$search = isset( $_POST['search'] ) ? sanitize_text_field( $_POST['search'] ) : '';
|
||||
if ( empty( $search ) ) {
|
||||
wp_send_json_success( array( 'url' => $url ) );
|
||||
}
|
||||
|
||||
// Current user priority role
|
||||
$priority_user_role = false;
|
||||
if ( is_user_logged_in() ) {
|
||||
$priority_user_role = UM()->roles()->get_priority_user_role( get_current_user_id() );
|
||||
}
|
||||
|
||||
foreach ( $member_directory_ids as $directory_id ) {
|
||||
$directory_data = UM()->query()->post_data( $directory_id );
|
||||
|
||||
if ( isset( $directory_data['roles_can_search'] ) ) {
|
||||
$directory_data['roles_can_search'] = maybe_unserialize( $directory_data['roles_can_search'] );
|
||||
}
|
||||
|
||||
$show_search = empty( $directory_data['roles_can_search'] ) || ( ! empty( $priority_user_role ) && in_array( $priority_user_role, $directory_data['roles_can_search'], true ) );
|
||||
if ( empty( $directory_data['search'] ) || ! $show_search ) {
|
||||
continue;
|
||||
}
|
||||
|
||||
$hash = UM()->member_directory()->get_directory_hash( $directory_id );
|
||||
|
||||
$url = add_query_arg( array( 'search_' . $hash => $search ), $url );
|
||||
}
|
||||
|
||||
wp_send_json_success( array( 'url' => $url ) );
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1370,12 +1370,10 @@ if ( ! class_exists( 'um\core\Shortcodes' ) ) {
|
||||
}
|
||||
|
||||
/**
|
||||
* @param array $args
|
||||
* @param string $content
|
||||
*
|
||||
* @return string
|
||||
*/
|
||||
public function ultimatemember_searchform( $args = array(), $content = '' ) {
|
||||
public function ultimatemember_searchform() {
|
||||
if ( ! UM()->options()->get( 'members_page' ) ) {
|
||||
return '';
|
||||
}
|
||||
@@ -1391,7 +1389,7 @@ if ( ! class_exists( 'um\core\Shortcodes' ) ) {
|
||||
return '';
|
||||
}
|
||||
|
||||
//current user priority role
|
||||
// Current user priority role
|
||||
$priority_user_role = false;
|
||||
if ( is_user_logged_in() ) {
|
||||
$priority_user_role = UM()->roles()->get_priority_user_role( get_current_user_id() );
|
||||
@@ -1405,7 +1403,7 @@ if ( ! class_exists( 'um\core\Shortcodes' ) ) {
|
||||
$directory_data['roles_can_search'] = maybe_unserialize( $directory_data['roles_can_search'] );
|
||||
}
|
||||
|
||||
$show_search = empty( $directory_data['roles_can_search'] ) || ( ! empty( $priority_user_role ) && in_array( $priority_user_role, $directory_data['roles_can_search'] ) );
|
||||
$show_search = empty( $directory_data['roles_can_search'] ) || ( ! empty( $priority_user_role ) && in_array( $priority_user_role, $directory_data['roles_can_search'], true ) );
|
||||
if ( empty( $directory_data['search'] ) || ! $show_search ) {
|
||||
continue;
|
||||
}
|
||||
@@ -1419,12 +1417,11 @@ if ( ! class_exists( 'um\core\Shortcodes' ) ) {
|
||||
return '';
|
||||
}
|
||||
|
||||
$query = array_filter( $query );
|
||||
$search_value = array_values( $query );
|
||||
|
||||
$t_args = array(
|
||||
'query' => $query,
|
||||
'search_value' => $search_value[0],
|
||||
'members_page' => um_get_core_page( 'members' ),
|
||||
'search_value' => ! empty( $search_value ) ? $search_value[0] : '',
|
||||
);
|
||||
return UM()->get_template( 'searchform.php', '', $t_args );
|
||||
}
|
||||
|
||||
@@ -462,11 +462,7 @@ function um_members( $argument ) {
|
||||
function um_get_search_form() {
|
||||
//um_deprecated_function( 'um_get_search_form', '2.1.0', 'do_shortcode( \'[ultimatemember_searchform]\' )' );
|
||||
|
||||
if ( version_compare( get_bloginfo('version'),'5.4', '<' ) ) {
|
||||
return do_shortcode( '[ultimatemember_searchform]' );
|
||||
} else {
|
||||
return apply_shortcodes( '[ultimatemember_searchform]' );
|
||||
}
|
||||
return apply_shortcodes( '[ultimatemember_searchform]' );
|
||||
}
|
||||
|
||||
|
||||
|
||||
@@ -58,12 +58,7 @@ class UM_Search_Widget extends \WP_Widget {
|
||||
}
|
||||
|
||||
// display the search form
|
||||
if ( version_compare( get_bloginfo('version'),'5.4', '<' ) ) {
|
||||
echo do_shortcode( '[ultimatemember_searchform /]' );
|
||||
} else {
|
||||
echo apply_shortcodes( '[ultimatemember_searchform /]' );
|
||||
}
|
||||
|
||||
echo apply_shortcodes( '[ultimatemember_searchform /]' );
|
||||
|
||||
echo $args['after_widget'];
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user