mirror of
https://github.com/10h30/ultimatemember.git
synced 2026-07-16 05:03:33 +09:00
commit by denisbaranov:
- fixed conditional logic in form; - fixed prohibition on editing a field (Form->field->Can user edit this field?); - fixed cleaning on XSS injection; - fixed addition "wp_unslash" and "esc_attr" in the "Admin_Forms" class method "render_form_row";
This commit is contained in:
@@ -77,6 +77,15 @@ if ( ! class_exists( 'Admin_Forms' ) ) {
|
||||
if ( empty( $data['type'] ) )
|
||||
return '';
|
||||
|
||||
if ( !empty( $data['value'] ) && $data['type'] != 'email_template' ) {
|
||||
$data['value'] = wp_unslash( $data['value'] );
|
||||
|
||||
/*for multi_text*/
|
||||
if ( !is_array( $data['value'] ) ) {
|
||||
$data['value'] = esc_attr( $data['value'] );
|
||||
}
|
||||
}
|
||||
|
||||
$conditional = ! empty( $data['conditional'] ) ? 'data-conditional="' . esc_attr( json_encode( $data['conditional'] ) ) . '"' : '';
|
||||
$prefix_attr = ! empty( $this->form_data['prefix_id'] ) ? ' data-prefix="' . $this->form_data['prefix_id'] . '" ' : '';
|
||||
|
||||
@@ -805,7 +814,7 @@ if ( ! class_exists( 'Admin_Forms' ) ) {
|
||||
|
||||
if ( ! empty( $values ) ) {
|
||||
foreach ( $values as $k=>$value ) {
|
||||
|
||||
$value = esc_attr($value);
|
||||
$id_attr = ' id="' . $id . '-' . $k . '" ';
|
||||
|
||||
$html .= "<li class=\"um-multi-text-option-line {$size}\"><span class=\"um-field-wrapper\">
|
||||
|
||||
+2322
-2223
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
@@ -458,4 +458,27 @@
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Cleaning on XSS injection
|
||||
* @param $value string
|
||||
* @param $data array
|
||||
* @return $value string
|
||||
* @uses hook filters: um_profile_field_filter_hook__
|
||||
*/
|
||||
add_filter('um_profile_field_filter_hook__','um_profile_field_filter_xss_validation',10,2);
|
||||
function um_profile_field_filter__xss_validation( $value, $data ){
|
||||
if( ! empty( $value ) && is_string($value)){
|
||||
$value = stripslashes( $value );
|
||||
$data['validate'] = isset( $data['validate'] ) ? $data['validate'] : '';
|
||||
|
||||
if( 'text' == $data['type'] && !in_array( $data['validate'], array( 'unique_email' ) ) ||
|
||||
'password' == $data['type'] ){
|
||||
$value = esc_attr( $value );
|
||||
}else if ( 'textarea' == $data['type'] ){
|
||||
$value = wp_kses_post( $value );
|
||||
}
|
||||
}
|
||||
|
||||
return $value;
|
||||
}
|
||||
|
||||
|
||||
+745
-691
File diff suppressed because it is too large
Load Diff
Reference in New Issue
Block a user