mirror of
https://github.com/10h30/ultimatemember.git
synced 2026-07-11 18:56:10 +09:00
- fixed access redirect with "redirect_to" attribute;
- fixed vulnerability with dynamic_css function and $mode variable;
This commit is contained in:
@@ -54,9 +54,6 @@ if ( ! class_exists( 'Access' ) ) {
|
||||
|
||||
//check the site's accessible more priority have Individual Post/Term Restriction settings
|
||||
add_action( 'template_redirect', array( &$this, 'template_redirect' ), 1000 );
|
||||
//add_action( 'um_access_global_settings', array( &$this, 'um_access_global_settings' ) );
|
||||
//add_action( 'um_access_home_page', array( &$this, 'um_access_home_page' ) );
|
||||
//add_action( 'um_access_taxonomy_settings', array( &$this, 'um_access_taxonomy_settings' ) );
|
||||
add_action( 'um_access_check_individual_term_settings', array( &$this, 'um_access_check_individual_term_settings' ) );
|
||||
add_action( 'um_access_check_global_settings', array( &$this, 'um_access_check_global_settings' ) );
|
||||
}
|
||||
@@ -182,6 +179,8 @@ if ( ! class_exists( 'Access' ) ) {
|
||||
function um_access_check_global_settings() {
|
||||
global $post;
|
||||
|
||||
$curr = UM()->permalinks()->get_current_url();
|
||||
|
||||
if ( is_front_page() ) {
|
||||
if ( is_user_logged_in() ) {
|
||||
|
||||
@@ -191,7 +190,7 @@ if ( ! class_exists( 'Access' ) ) {
|
||||
return;
|
||||
|
||||
$redirect_to = ! empty( $role_meta['redirect_homepage'] ) ? $role_meta['redirect_homepage'] : um_get_core_page( 'user' );
|
||||
$this->redirect_handler = $this->set_referer( $redirect_to, "custom_homepage" );
|
||||
$this->redirect_handler = $this->set_referer( esc_url( add_query_arg( 'redirect_to', urlencode_deep( $curr ), $redirect_to ) ), "custom_homepage" );
|
||||
|
||||
} else {
|
||||
$access = UM()->options()->get( 'accessible' );
|
||||
@@ -206,7 +205,7 @@ if ( ! class_exists( 'Access' ) ) {
|
||||
if ( ! $redirect )
|
||||
$redirect = um_get_core_page( 'login' );
|
||||
|
||||
$this->redirect_handler = $this->set_referer( $redirect, 'global' );
|
||||
$this->redirect_handler = $this->set_referer( esc_url( add_query_arg( 'redirect_to', urlencode_deep( $curr ), $redirect ) ), 'global' );
|
||||
} else {
|
||||
$this->allow_access = true;
|
||||
return;
|
||||
@@ -227,7 +226,7 @@ if ( ! class_exists( 'Access' ) ) {
|
||||
if ( ! $redirect )
|
||||
$redirect = um_get_core_page( 'login' );
|
||||
|
||||
$this->redirect_handler = $this->set_referer( $redirect, 'global' );
|
||||
$this->redirect_handler = $this->set_referer( esc_url( add_query_arg( 'redirect_to', urlencode_deep( $curr ), $redirect ) ), 'global' );
|
||||
} else {
|
||||
$this->allow_access = true;
|
||||
return;
|
||||
@@ -263,7 +262,7 @@ if ( ! class_exists( 'Access' ) ) {
|
||||
if ( ! $redirect )
|
||||
$redirect = um_get_core_page( 'login' );
|
||||
|
||||
$this->redirect_handler = $this->set_referer( $redirect, 'global' );
|
||||
$this->redirect_handler = $this->set_referer( esc_url( add_query_arg( 'redirect_to', urlencode_deep( $curr ), $redirect ) ), 'global' );
|
||||
} else {
|
||||
$this->redirect_handler = false;
|
||||
$this->allow_access = true;
|
||||
@@ -307,11 +306,6 @@ if ( ! class_exists( 'Access' ) ) {
|
||||
//check global restrict content options
|
||||
do_action( 'um_access_check_global_settings' );
|
||||
|
||||
/*var_dump($this->allow_access);
|
||||
var_dump($this->redirect_handler);
|
||||
var_dump('12345678');
|
||||
exit;*/
|
||||
|
||||
$this->check_access();
|
||||
}
|
||||
|
||||
|
||||
@@ -351,13 +351,14 @@ if ( ! class_exists( 'Shortcodes' ) ) {
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Load dynamic css
|
||||
*
|
||||
* @param array $args
|
||||
*/
|
||||
/**
|
||||
* Load dynamic css
|
||||
*
|
||||
* @param array $args
|
||||
*
|
||||
* @return string
|
||||
*/
|
||||
function dynamic_css( $args = array() ) {
|
||||
|
||||
/*
|
||||
* for fix the issue #306
|
||||
*/
|
||||
@@ -365,16 +366,21 @@ if ( ! class_exists( 'Shortcodes' ) ) {
|
||||
if ( $disable_css )
|
||||
return '';
|
||||
|
||||
/**
|
||||
* @var $mode
|
||||
*/
|
||||
extract( $args );
|
||||
|
||||
include_once um_path . 'assets/dynamic_css/dynamic_global.php';
|
||||
|
||||
if ( isset( $mode ) ) {
|
||||
if ( isset( $mode ) && in_array( $mode, array( 'profile', 'directory' ) ) ) {
|
||||
$file = um_path . 'assets/dynamic_css/dynamic_' . $mode . '.php';
|
||||
|
||||
if ( file_exists( $file ) )
|
||||
include_once $file;
|
||||
}
|
||||
|
||||
return '';
|
||||
}
|
||||
|
||||
|
||||
|
||||
Reference in New Issue
Block a user