- fixed role list-table + role edit screen for invalid role keys;

This commit is contained in:
Nikita Sinelnikov
2021-09-13 17:02:16 +03:00
parent 0fd8f9eac5
commit a7b9a03db7
2 changed files with 22 additions and 13 deletions
@@ -16,13 +16,15 @@ if ( isset( $_GET['action'] ) ) {
switch ( sanitize_key( $_GET['action'] ) ) {
/* delete action */
case 'delete': {
// uses sanitize_title instead of sanitize_key for backward compatibility based on #906 pull-request (https://github.com/ultimatemember/ultimatemember/pull/906)
// roles e.g. "潜水艦subs" with both latin + not-UTB-8 symbols had invalid role ID
$role_keys = array();
if ( isset( $_REQUEST['id'] ) ) {
check_admin_referer( 'um_role_delete' . sanitize_title( $_REQUEST['id'] ) . get_current_user_id() );
$role_keys = (array) sanitize_title( $_REQUEST['id'] );
} elseif ( isset( $_REQUEST['item'] ) ) {
check_admin_referer( 'bulk-' . sanitize_key( __( 'Roles', 'ultimate-member' ) ) );
$role_keys = array_map( 'sanitize_key', $_REQUEST['item'] );
$role_keys = array_map( 'sanitize_title', $_REQUEST['item'] );
}
if ( ! count( $role_keys ) ) {
@@ -88,13 +90,15 @@ if ( isset( $_GET['action'] ) ) {
break;
}
case 'reset': {
// uses sanitize_title instead of sanitize_key for backward compatibility based on #906 pull-request (https://github.com/ultimatemember/ultimatemember/pull/906)
// roles e.g. "潜水艦subs" with both latin + not-UTB-8 symbols had invalid role ID
$role_keys = array();
if ( isset( $_REQUEST['id'] ) ) {
check_admin_referer( 'um_role_reset' . sanitize_key( $_REQUEST['id'] ) . get_current_user_id() );
$role_keys = (array) sanitize_key( $_REQUEST['id'] );
check_admin_referer( 'um_role_reset' . sanitize_title( $_REQUEST['id'] ) . get_current_user_id() );
$role_keys = (array) sanitize_title( $_REQUEST['id'] );
} elseif ( isset( $_REQUEST['item'] ) ) {
check_admin_referer( 'bulk-' . sanitize_key( __( 'Roles', 'ultimate-member' ) ) );
$role_keys = array_map( 'sanitize_key', $_REQUEST['item'] );
$role_keys = array_map( 'sanitize_title', $_REQUEST['item'] );
}
if ( ! count( $role_keys ) ) {
@@ -342,22 +346,23 @@ class UM_Roles_List_Table extends WP_List_Table {
*/
function column_title( $item ) {
$actions = array();
// for backward compatibility based on #906 pull-request (https://github.com/ultimatemember/ultimatemember/pull/906)
// roles e.g. "潜水艦subs" with both latin + not-UTB-8 symbols had invalid role ID
$id = urlencode( $item['key'] );
$actions['edit'] = '<a href="admin.php?page=um_roles&tab=edit&id=' . urlencode( $item['key'] ) . '">' . __( 'Edit', 'ultimate-member' ) . '</a>';
$actions['edit'] = '<a href="admin.php?page=um_roles&tab=edit&id=' . esc_attr( $id ) . '">' . __( 'Edit', 'ultimate-member' ) . '</a>';
if ( ! empty( $item['_um_is_custom'] ) ) {
$actions['delete'] = '<a href="admin.php?page=um_roles&action=delete&id=' . urlencode( $item['key'] ) . '&_wpnonce=' . wp_create_nonce( 'um_role_delete' . $item['key'] . get_current_user_id() ) . '" onclick="return confirm( \'' . __( 'Are you sure you want to delete this role?', 'ultimate-member' ) . '\' );">' . __( 'Delete', 'ultimate-member' ) . '</a>';
$actions['delete'] = '<a href="admin.php?page=um_roles&action=delete&id=' . esc_attr( $id ) . '&_wpnonce=' . wp_create_nonce( 'um_role_delete' . $item['key'] . get_current_user_id() ) . '" onclick="return confirm( \'' . __( 'Are you sure you want to delete this role?', 'ultimate-member' ) . '\' );">' . __( 'Delete', 'ultimate-member' ) . '</a>';
} else {
$role_meta = get_option( "um_role_{$item['key']}_meta" );
if ( ! empty( $role_meta ) ) {
$actions['reset'] = '<a href="admin.php?page=um_roles&action=reset&id=' . urlencode( $item['key'] ) . '&_wpnonce=' . wp_create_nonce( 'um_role_reset' . $item['key'] . get_current_user_id() ) . '" onclick="return confirm( \'' . __( 'Are you sure you want to reset UM role meta?', 'ultimate-member' ) . '\' );">' . __( 'Reset UM Role meta', 'ultimate-member' ) . '</a>';
$actions['reset'] = '<a href="admin.php?page=um_roles&action=reset&id=' . esc_attr( $id ) . '&_wpnonce=' . wp_create_nonce( 'um_role_reset' . $item['key'] . get_current_user_id() ) . '" onclick="return confirm( \'' . __( 'Are you sure you want to reset UM role meta?', 'ultimate-member' ) . '\' );">' . __( 'Reset UM Role meta', 'ultimate-member' ) . '</a>';
}
}
return sprintf('%1$s %2$s', '<strong><a class="row-title" href="admin.php?page=um_roles&tab=edit&id=' . urlencode( $item['key'] ) . '">' . stripslashes( $item['name'] ) . '</a></strong>', $this->row_actions( $actions ) );
return sprintf('%1$s %2$s', '<strong><a class="row-title" href="admin.php?page=um_roles&tab=edit&id=' . esc_attr( $id ) . '">' . stripslashes( $item['name'] ) . '</a></strong>', $this->row_actions( $actions ) );
}
+7 -3
View File
@@ -50,7 +50,9 @@ global $wp_roles;
if ( ! empty( $_GET['id'] ) ) {
$role_id = sanitize_key( $_GET['id'] );
// uses sanitize_title instead of sanitize_key for backward compatibility based on #906 pull-request (https://github.com/ultimatemember/ultimatemember/pull/906)
// roles e.g. "潜水艦subs" with both latin + not-UTB-8 symbols had invalid role ID
$role_id = sanitize_title( $_GET['id'] );
$data = get_option( "um_role_{$role_id}_meta" );
@@ -96,9 +98,11 @@ if ( ! empty( $_POST['role'] ) ) {
$id = 'custom_role_' . $auto_increment;
}
$redirect = add_query_arg( array( 'page'=>'um_roles', 'tab'=>'edit', 'id'=>$id, 'msg'=>'a' ), admin_url( 'admin.php' ) );
$redirect = add_query_arg( array( 'page' => 'um_roles', 'tab' => 'edit', 'id' => $id, 'msg' => 'a' ), admin_url( 'admin.php' ) );
} elseif ( 'edit' === sanitize_key( $_GET['tab'] ) && ! empty( $_GET['id'] ) ) {
$id = sanitize_key( $_GET['id'] );
// uses sanitize_title instead of sanitize_key for backward compatibility based on #906 pull-request (https://github.com/ultimatemember/ultimatemember/pull/906)
// roles e.g. "潜水艦subs" with both latin + not-UTB-8 symbols had invalid role ID
$id = sanitize_title( $_GET['id'] );
$pre_role_meta = get_option( "um_role_{$id}_meta", array() );
if ( isset( $pre_role_meta['name'] ) ) {