mirror of
https://github.com/10h30/ultimatemember.git
synced 2026-07-16 21:23:39 +09:00
commit by denisbaranov:
- fixed conditional logic in form; - fixed prohibition on editing a field (Form->field->Can user edit this field?); - fixed cleaning on XSS injection; - fixed addition "wp_unslash" and "esc_attr" in the "Admin_Forms" class method "render_form_row";
This commit is contained in:
+2322
-2223
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
@@ -458,4 +458,27 @@
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Cleaning on XSS injection
|
||||
* @param $value string
|
||||
* @param $data array
|
||||
* @return $value string
|
||||
* @uses hook filters: um_profile_field_filter_hook__
|
||||
*/
|
||||
add_filter('um_profile_field_filter_hook__','um_profile_field_filter_xss_validation',10,2);
|
||||
function um_profile_field_filter__xss_validation( $value, $data ){
|
||||
if( ! empty( $value ) && is_string($value)){
|
||||
$value = stripslashes( $value );
|
||||
$data['validate'] = isset( $data['validate'] ) ? $data['validate'] : '';
|
||||
|
||||
if( 'text' == $data['type'] && !in_array( $data['validate'], array( 'unique_email' ) ) ||
|
||||
'password' == $data['type'] ){
|
||||
$value = esc_attr( $value );
|
||||
}else if ( 'textarea' == $data['type'] ){
|
||||
$value = wp_kses_post( $value );
|
||||
}
|
||||
}
|
||||
|
||||
return $value;
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user