From 9febd7f957e73c7307a12d735f640ff771386c9b Mon Sep 17 00:00:00 2001 From: champsupertramp Date: Thu, 1 Sep 2016 19:54:38 +0800 Subject: [PATCH] Fix form validation and security notice --- core/um-form.php | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/core/um-form.php b/core/um-form.php index daeb2bcd..8600d0ba 100644 --- a/core/um-form.php +++ b/core/um-form.php @@ -105,7 +105,7 @@ class UM_Form { $secure_form_post = apply_filters('um_secure_form_post', true ); - if( $role && isset( $this->form_data['custom_fields'] ) && ! strstr( $this->form_data['custom_fields'], 'role_' ) && $secure_form_post ){ // has assigned role. Validate non-global forms + if( $role && isset( $this->form_data['custom_fields'] ) && ! strstr( $this->form_data['custom_fields'], 'role_' ) && $secure_form_post && $this->form_data['use_global'] == 1 ){ // has assigned role. Validate non-global forms if ( isset( $this->form_data['role'] ) && ( (boolean) $this->form_data['role'] ) && isset( $_POST['role'] ) && $_POST['role'] != $role ) { wp_die( __( 'This is not possible for security reasons.','ultimatemember') ); } else { @@ -115,6 +115,9 @@ class UM_Form { } } } + }else{ + $this->post_form['role'] = $role; + $this->post_form['submitted']['role'] = $role; } if ( isset( $_POST[ $ultimatemember->honeypot ] ) && $_POST[ $ultimatemember->honeypot ] != '' ){