mirror of
https://github.com/10h30/ultimatemember.git
synced 2026-07-17 13:43:38 +09:00
- fixed role list-table + role edit screen for invalid role keys;
This commit is contained in:
@@ -16,13 +16,15 @@ if ( isset( $_GET['action'] ) ) {
|
||||
switch ( sanitize_key( $_GET['action'] ) ) {
|
||||
/* delete action */
|
||||
case 'delete': {
|
||||
// uses sanitize_title instead of sanitize_key for backward compatibility based on #906 pull-request (https://github.com/ultimatemember/ultimatemember/pull/906)
|
||||
// roles e.g. "潜水艦subs" with both latin + not-UTB-8 symbols had invalid role ID
|
||||
$role_keys = array();
|
||||
if ( isset( $_REQUEST['id'] ) ) {
|
||||
check_admin_referer( 'um_role_delete' . sanitize_title( $_REQUEST['id'] ) . get_current_user_id() );
|
||||
$role_keys = (array) sanitize_title( $_REQUEST['id'] );
|
||||
} elseif ( isset( $_REQUEST['item'] ) ) {
|
||||
check_admin_referer( 'bulk-' . sanitize_key( __( 'Roles', 'ultimate-member' ) ) );
|
||||
$role_keys = array_map( 'sanitize_key', $_REQUEST['item'] );
|
||||
$role_keys = array_map( 'sanitize_title', $_REQUEST['item'] );
|
||||
}
|
||||
|
||||
if ( ! count( $role_keys ) ) {
|
||||
@@ -88,13 +90,15 @@ if ( isset( $_GET['action'] ) ) {
|
||||
break;
|
||||
}
|
||||
case 'reset': {
|
||||
// uses sanitize_title instead of sanitize_key for backward compatibility based on #906 pull-request (https://github.com/ultimatemember/ultimatemember/pull/906)
|
||||
// roles e.g. "潜水艦subs" with both latin + not-UTB-8 symbols had invalid role ID
|
||||
$role_keys = array();
|
||||
if ( isset( $_REQUEST['id'] ) ) {
|
||||
check_admin_referer( 'um_role_reset' . sanitize_key( $_REQUEST['id'] ) . get_current_user_id() );
|
||||
$role_keys = (array) sanitize_key( $_REQUEST['id'] );
|
||||
check_admin_referer( 'um_role_reset' . sanitize_title( $_REQUEST['id'] ) . get_current_user_id() );
|
||||
$role_keys = (array) sanitize_title( $_REQUEST['id'] );
|
||||
} elseif ( isset( $_REQUEST['item'] ) ) {
|
||||
check_admin_referer( 'bulk-' . sanitize_key( __( 'Roles', 'ultimate-member' ) ) );
|
||||
$role_keys = array_map( 'sanitize_key', $_REQUEST['item'] );
|
||||
$role_keys = array_map( 'sanitize_title', $_REQUEST['item'] );
|
||||
}
|
||||
|
||||
if ( ! count( $role_keys ) ) {
|
||||
@@ -342,22 +346,23 @@ class UM_Roles_List_Table extends WP_List_Table {
|
||||
*/
|
||||
function column_title( $item ) {
|
||||
$actions = array();
|
||||
// for backward compatibility based on #906 pull-request (https://github.com/ultimatemember/ultimatemember/pull/906)
|
||||
// roles e.g. "潜水艦subs" with both latin + not-UTB-8 symbols had invalid role ID
|
||||
$id = urlencode( $item['key'] );
|
||||
|
||||
$actions['edit'] = '<a href="admin.php?page=um_roles&tab=edit&id=' . urlencode( $item['key'] ) . '">' . __( 'Edit', 'ultimate-member' ) . '</a>';
|
||||
$actions['edit'] = '<a href="admin.php?page=um_roles&tab=edit&id=' . esc_attr( $id ) . '">' . __( 'Edit', 'ultimate-member' ) . '</a>';
|
||||
|
||||
if ( ! empty( $item['_um_is_custom'] ) ) {
|
||||
$actions['delete'] = '<a href="admin.php?page=um_roles&action=delete&id=' . urlencode( $item['key'] ) . '&_wpnonce=' . wp_create_nonce( 'um_role_delete' . $item['key'] . get_current_user_id() ) . '" onclick="return confirm( \'' . __( 'Are you sure you want to delete this role?', 'ultimate-member' ) . '\' );">' . __( 'Delete', 'ultimate-member' ) . '</a>';
|
||||
$actions['delete'] = '<a href="admin.php?page=um_roles&action=delete&id=' . esc_attr( $id ) . '&_wpnonce=' . wp_create_nonce( 'um_role_delete' . $item['key'] . get_current_user_id() ) . '" onclick="return confirm( \'' . __( 'Are you sure you want to delete this role?', 'ultimate-member' ) . '\' );">' . __( 'Delete', 'ultimate-member' ) . '</a>';
|
||||
} else {
|
||||
$role_meta = get_option( "um_role_{$item['key']}_meta" );
|
||||
|
||||
if ( ! empty( $role_meta ) ) {
|
||||
$actions['reset'] = '<a href="admin.php?page=um_roles&action=reset&id=' . urlencode( $item['key'] ) . '&_wpnonce=' . wp_create_nonce( 'um_role_reset' . $item['key'] . get_current_user_id() ) . '" onclick="return confirm( \'' . __( 'Are you sure you want to reset UM role meta?', 'ultimate-member' ) . '\' );">' . __( 'Reset UM Role meta', 'ultimate-member' ) . '</a>';
|
||||
$actions['reset'] = '<a href="admin.php?page=um_roles&action=reset&id=' . esc_attr( $id ) . '&_wpnonce=' . wp_create_nonce( 'um_role_reset' . $item['key'] . get_current_user_id() ) . '" onclick="return confirm( \'' . __( 'Are you sure you want to reset UM role meta?', 'ultimate-member' ) . '\' );">' . __( 'Reset UM Role meta', 'ultimate-member' ) . '</a>';
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
||||
return sprintf('%1$s %2$s', '<strong><a class="row-title" href="admin.php?page=um_roles&tab=edit&id=' . urlencode( $item['key'] ) . '">' . stripslashes( $item['name'] ) . '</a></strong>', $this->row_actions( $actions ) );
|
||||
return sprintf('%1$s %2$s', '<strong><a class="row-title" href="admin.php?page=um_roles&tab=edit&id=' . esc_attr( $id ) . '">' . stripslashes( $item['name'] ) . '</a></strong>', $this->row_actions( $actions ) );
|
||||
}
|
||||
|
||||
|
||||
|
||||
@@ -50,7 +50,9 @@ global $wp_roles;
|
||||
|
||||
if ( ! empty( $_GET['id'] ) ) {
|
||||
|
||||
$role_id = sanitize_key( $_GET['id'] );
|
||||
// uses sanitize_title instead of sanitize_key for backward compatibility based on #906 pull-request (https://github.com/ultimatemember/ultimatemember/pull/906)
|
||||
// roles e.g. "潜水艦subs" with both latin + not-UTB-8 symbols had invalid role ID
|
||||
$role_id = sanitize_title( $_GET['id'] );
|
||||
|
||||
$data = get_option( "um_role_{$role_id}_meta" );
|
||||
|
||||
@@ -96,9 +98,11 @@ if ( ! empty( $_POST['role'] ) ) {
|
||||
$id = 'custom_role_' . $auto_increment;
|
||||
}
|
||||
|
||||
$redirect = add_query_arg( array( 'page'=>'um_roles', 'tab'=>'edit', 'id'=>$id, 'msg'=>'a' ), admin_url( 'admin.php' ) );
|
||||
$redirect = add_query_arg( array( 'page' => 'um_roles', 'tab' => 'edit', 'id' => $id, 'msg' => 'a' ), admin_url( 'admin.php' ) );
|
||||
} elseif ( 'edit' === sanitize_key( $_GET['tab'] ) && ! empty( $_GET['id'] ) ) {
|
||||
$id = sanitize_key( $_GET['id'] );
|
||||
// uses sanitize_title instead of sanitize_key for backward compatibility based on #906 pull-request (https://github.com/ultimatemember/ultimatemember/pull/906)
|
||||
// roles e.g. "潜水艦subs" with both latin + not-UTB-8 symbols had invalid role ID
|
||||
$id = sanitize_title( $_GET['id'] );
|
||||
|
||||
$pre_role_meta = get_option( "um_role_{$id}_meta", array() );
|
||||
if ( isset( $pre_role_meta['name'] ) ) {
|
||||
|
||||
Reference in New Issue
Block a user