diff --git a/includes/core/class-form.php b/includes/core/class-form.php index 6bb7629e..9fa80c5d 100644 --- a/includes/core/class-form.php +++ b/includes/core/class-form.php @@ -366,12 +366,15 @@ if ( ! class_exists( 'um\core\Form' ) ) { */ $this->post_form = apply_filters( 'um_submit_post_form', $_POST ); + if ( isset( $this->post_form[ UM()->honeypot ] ) && $this->post_form[ UM()->honeypot ] != '' ) { + wp_die( __( 'Hello, spam bot!', 'ultimate-member' ) ); + } + $this->post_form = $this->beautify( $this->post_form ); + $this->post_form['submitted'] = $this->post_form; $this->form_data = UM()->query()->post_data( $this->form_id ); - $this->post_form['submitted'] = $this->post_form; - $this->post_form = array_merge( $this->form_data, $this->post_form ); // Remove role from post_form at first if role ! empty and there aren't custom fields with role name @@ -438,10 +441,6 @@ if ( ! class_exists( 'um\core\Form' ) ) { } - if ( isset( $_POST[ UM()->honeypot ] ) && $_POST[ UM()->honeypot ] != '' ) { - wp_die( __( 'Hello, spam bot!', 'ultimate-member' ) ); - } - /** * UM hook * @@ -518,18 +517,19 @@ if ( ! class_exists( 'um\core\Form' ) ) { /** * Beautify form data + * * @param array $form * @return array $form */ - function beautify( $form ){ + function beautify( $form ) { - if (isset($form['form_id'])){ + if ( isset( $form['form_id'] ) ) { $this->form_suffix = '-' . $form['form_id']; $this->processing = $form['form_id']; - foreach( $form as $key => $value ){ + foreach ( $form as $key => $value ) { if ( strstr( $key, $this->form_suffix ) ) { $a_key = str_replace( $this->form_suffix, '', $key ); $form[ $a_key ] = $value; diff --git a/includes/core/um-actions-form.php b/includes/core/um-actions-form.php index ef85d941..b5ce2608 100644 --- a/includes/core/um-actions-form.php +++ b/includes/core/um-actions-form.php @@ -106,14 +106,54 @@ add_action( 'um_submit_form_errors_hook__blockedwords', 'um_submit_form_errors_h * @param $args */ function um_submit_form_errors_hook( $args ) { - $form_id = $args['form_id']; - $mode = $args['mode']; - $fields = unserialize( $args['custom_fields'] ); + /** + * UM hook + * + * @type action + * @title um_submit_form_errors_hook__blockedips + * @description Submit form validation + * @input_vars + * [{"var":"$args","type":"array","desc":"Form Arguments"}] + * @change_log + * ["Since: 2.0"] + * @usage add_action( 'um_submit_form_errors_hook__blockedips', 'function_name', 10, 1 ); + * @example + * + */ + do_action( 'um_submit_form_errors_hook__blockedips', $args ); + + + /** + * UM hook + * + * @type action + * @title um_submit_form_errors_hook__blockedemails + * @description Submit form validation + * @input_vars + * [{"var":"$args","type":"array","desc":"Form Arguments"}] + * @change_log + * ["Since: 2.0"] + * @usage add_action( 'um_submit_form_errors_hook__blockedemails', 'function_name', 10, 1 ); + * @example + * + */ + do_action( 'um_submit_form_errors_hook__blockedemails', $args ); if ( $mode == 'register' ) { + /** * UM hook * @@ -137,6 +177,7 @@ function um_submit_form_errors_hook( $args ) { } elseif ( $mode == 'profile' ) { + /** * UM hook * @@ -158,50 +199,9 @@ function um_submit_form_errors_hook( $args ) { */ do_action( 'um_submit_form_errors_hook__profile', $args ); - } + } elseif ( $mode == 'login' ) { - /** - * UM hook - * - * @type action - * @title um_submit_form_errors_hook__blockedips - * @description Submit form validation - * @input_vars - * [{"var":"$args","type":"array","desc":"Form Arguments"}] - * @change_log - * ["Since: 2.0"] - * @usage add_action( 'um_submit_form_errors_hook__blockedips', 'function_name', 10, 1 ); - * @example - * - */ - do_action( 'um_submit_form_errors_hook__blockedips', $args ); - /** - * UM hook - * - * @type action - * @title um_submit_form_errors_hook__blockedemails - * @description Submit form validation - * @input_vars - * [{"var":"$args","type":"array","desc":"Form Arguments"}] - * @change_log - * ["Since: 2.0"] - * @usage add_action( 'um_submit_form_errors_hook__blockedemails', 'function_name', 10, 1 ); - * @example - * - */ - do_action( 'um_submit_form_errors_hook__blockedemails', $args ); - if ( $mode == 'login' ) { /** * UM hook * @@ -222,6 +222,8 @@ function um_submit_form_errors_hook( $args ) { * ?> */ do_action( 'um_submit_form_errors_hook_login', $args ); + + /** * UM hook * @@ -243,27 +245,12 @@ function um_submit_form_errors_hook( $args ) { */ do_action( 'um_submit_form_errors_hook_logincheck', $args ); - } else { - /** - * UM hook - * - * @type action - * @title um_submit_form_errors_hook_ - * @description Submit form validation - * @input_vars - * [{"var":"$args","type":"array","desc":"Form Arguments"}] - * @change_log - * ["Since: 2.0"] - * @usage add_action( 'um_submit_form_errors_hook_', 'function_name', 10, 1 ); - * @example - * - */ - do_action( 'um_submit_form_errors_hook_', $args ); + } + + + if ( $mode != 'login' ) { + + /** * UM hook * @@ -285,6 +272,28 @@ function um_submit_form_errors_hook( $args ) { */ do_action( 'um_submit_form_errors_hook__blockedwords', $args ); + + /** + * UM hook + * + * @type action + * @title um_submit_form_errors_hook_ + * @description Submit form validation + * @input_vars + * [{"var":"$args","type":"array","desc":"Form Arguments"}] + * @change_log + * ["Since: 2.0"] + * @usage add_action( 'um_submit_form_errors_hook_', 'function_name', 10, 1 ); + * @example + * + */ + do_action( 'um_submit_form_errors_hook_', $args ); + } } @@ -411,13 +420,21 @@ function um_submit_form_errors_hook_( $args ) { $form_id = $args['form_id']; $mode = $args['mode']; $fields = unserialize( $args['custom_fields'] ); - $um_profile_photo = um_profile('profile_photo'); + $um_profile_photo = um_profile('profile_photo'); if ( get_post_meta( $form_id, '_um_profile_photo_required', true ) && ( empty( $args['profile_photo'] ) && empty( $um_profile_photo ) ) ) { UM()->form()->add_error('profile_photo', __( 'Profile Photo is required.', 'ultimate-member' ) ); } if ( ! empty( $fields ) ) { + + $current_user_roles = []; + if ( is_user_logged_in() ) { + um_fetch_user( get_current_user_id() ); + $current_user_roles = um_user( 'roles' ); + um_reset_user(); + } + foreach ( $fields as $key => $array ) { if ( $mode == 'profile' ) { @@ -427,13 +444,52 @@ function um_submit_form_errors_hook_( $args ) { } } - if ( isset( $array['public'] ) && -2 == $array['public'] && ! empty( $array['roles'] ) && is_user_logged_in() ) { - $current_user_roles = um_user( 'roles' ); - if ( empty( $current_user_roles ) || count( array_intersect( $current_user_roles, $array['roles'] ) ) <= 0 ) { - continue; + $can_view = true; + if ( isset( $array['public'] ) && $mode != 'register' ) { + + switch ( $array['public'] ) { + case '1': // Everyone + break; + case '2': // Members + if ( ! is_user_logged_in() ) { + $can_view = false; + } + break; + case '-1': // Only visible to profile owner and admins + if ( ! is_user_logged_in() ) { + $can_view = false; + } elseif ( $args['user_id'] != get_current_user_id() && ! UM()->roles()->um_user_can( 'can_edit_everyone' ) ) { + $can_view = false; + } + break; + case '-2': // Only specific member roles + if ( ! is_user_logged_in() ) { + $can_view = false; + } elseif ( ! empty( $array['roles'] ) && count( array_intersect( $current_user_roles, $array['roles'] ) ) <= 0 ) { + $can_view = false; + } + break; + case '-3': // Only visible to profile owner and specific roles + if ( ! is_user_logged_in() ) { + $can_view = false; + } elseif ( $args['user_id'] != get_current_user_id() && ! empty( $array['roles'] ) && count( array_intersect( $current_user_roles, $array['roles'] ) ) <= 0 ) { + $can_view = false; + } + break; + default: + $can_view = apply_filters( 'um_can_view_field_custom', $can_view, $array ); + break; } + } + $can_view = apply_filters( 'um_can_view_field', $can_view, $array ); + + if ( ! $can_view ) { + continue; + } + + /** * UM hook *