diff --git a/includes/admin/core/list-tables/roles-list-table.php b/includes/admin/core/list-tables/roles-list-table.php index 0edff8a5..1ac73f4d 100644 --- a/includes/admin/core/list-tables/roles-list-table.php +++ b/includes/admin/core/list-tables/roles-list-table.php @@ -16,13 +16,15 @@ if ( isset( $_GET['action'] ) ) { switch ( sanitize_key( $_GET['action'] ) ) { /* delete action */ case 'delete': { + // uses sanitize_title instead of sanitize_key for backward compatibility based on #906 pull-request (https://github.com/ultimatemember/ultimatemember/pull/906) + // roles e.g. "潜水艦subs" with both latin + not-UTB-8 symbols had invalid role ID $role_keys = array(); if ( isset( $_REQUEST['id'] ) ) { check_admin_referer( 'um_role_delete' . sanitize_title( $_REQUEST['id'] ) . get_current_user_id() ); $role_keys = (array) sanitize_title( $_REQUEST['id'] ); } elseif ( isset( $_REQUEST['item'] ) ) { check_admin_referer( 'bulk-' . sanitize_key( __( 'Roles', 'ultimate-member' ) ) ); - $role_keys = array_map( 'sanitize_key', $_REQUEST['item'] ); + $role_keys = array_map( 'sanitize_title', $_REQUEST['item'] ); } if ( ! count( $role_keys ) ) { @@ -88,13 +90,15 @@ if ( isset( $_GET['action'] ) ) { break; } case 'reset': { + // uses sanitize_title instead of sanitize_key for backward compatibility based on #906 pull-request (https://github.com/ultimatemember/ultimatemember/pull/906) + // roles e.g. "潜水艦subs" with both latin + not-UTB-8 symbols had invalid role ID $role_keys = array(); if ( isset( $_REQUEST['id'] ) ) { - check_admin_referer( 'um_role_reset' . sanitize_key( $_REQUEST['id'] ) . get_current_user_id() ); - $role_keys = (array) sanitize_key( $_REQUEST['id'] ); + check_admin_referer( 'um_role_reset' . sanitize_title( $_REQUEST['id'] ) . get_current_user_id() ); + $role_keys = (array) sanitize_title( $_REQUEST['id'] ); } elseif ( isset( $_REQUEST['item'] ) ) { check_admin_referer( 'bulk-' . sanitize_key( __( 'Roles', 'ultimate-member' ) ) ); - $role_keys = array_map( 'sanitize_key', $_REQUEST['item'] ); + $role_keys = array_map( 'sanitize_title', $_REQUEST['item'] ); } if ( ! count( $role_keys ) ) { @@ -342,22 +346,23 @@ class UM_Roles_List_Table extends WP_List_Table { */ function column_title( $item ) { $actions = array(); + // for backward compatibility based on #906 pull-request (https://github.com/ultimatemember/ultimatemember/pull/906) + // roles e.g. "潜水艦subs" with both latin + not-UTB-8 symbols had invalid role ID + $id = urlencode( $item['key'] ); - $actions['edit'] = '' . __( 'Edit', 'ultimate-member' ) . ''; + $actions['edit'] = '' . __( 'Edit', 'ultimate-member' ) . ''; if ( ! empty( $item['_um_is_custom'] ) ) { - $actions['delete'] = '' . __( 'Delete', 'ultimate-member' ) . ''; + $actions['delete'] = '' . __( 'Delete', 'ultimate-member' ) . ''; } else { $role_meta = get_option( "um_role_{$item['key']}_meta" ); if ( ! empty( $role_meta ) ) { - $actions['reset'] = '' . __( 'Reset UM Role meta', 'ultimate-member' ) . ''; + $actions['reset'] = '' . __( 'Reset UM Role meta', 'ultimate-member' ) . ''; } } - - - return sprintf('%1$s %2$s', '' . stripslashes( $item['name'] ) . '', $this->row_actions( $actions ) ); + return sprintf('%1$s %2$s', '' . stripslashes( $item['name'] ) . '', $this->row_actions( $actions ) ); } diff --git a/includes/admin/templates/role/role-edit.php b/includes/admin/templates/role/role-edit.php index 2450020f..ea402be9 100644 --- a/includes/admin/templates/role/role-edit.php +++ b/includes/admin/templates/role/role-edit.php @@ -50,7 +50,9 @@ global $wp_roles; if ( ! empty( $_GET['id'] ) ) { - $role_id = sanitize_key( $_GET['id'] ); + // uses sanitize_title instead of sanitize_key for backward compatibility based on #906 pull-request (https://github.com/ultimatemember/ultimatemember/pull/906) + // roles e.g. "潜水艦subs" with both latin + not-UTB-8 symbols had invalid role ID + $role_id = sanitize_title( $_GET['id'] ); $data = get_option( "um_role_{$role_id}_meta" ); @@ -96,9 +98,11 @@ if ( ! empty( $_POST['role'] ) ) { $id = 'custom_role_' . $auto_increment; } - $redirect = add_query_arg( array( 'page'=>'um_roles', 'tab'=>'edit', 'id'=>$id, 'msg'=>'a' ), admin_url( 'admin.php' ) ); + $redirect = add_query_arg( array( 'page' => 'um_roles', 'tab' => 'edit', 'id' => $id, 'msg' => 'a' ), admin_url( 'admin.php' ) ); } elseif ( 'edit' === sanitize_key( $_GET['tab'] ) && ! empty( $_GET['id'] ) ) { - $id = sanitize_key( $_GET['id'] ); + // uses sanitize_title instead of sanitize_key for backward compatibility based on #906 pull-request (https://github.com/ultimatemember/ultimatemember/pull/906) + // roles e.g. "潜水艦subs" with both latin + not-UTB-8 symbols had invalid role ID + $id = sanitize_title( $_GET['id'] ); $pre_role_meta = get_option( "um_role_{$id}_meta", array() ); if ( isset( $pre_role_meta['name'] ) ) {