diff --git a/core/um-form.php b/core/um-form.php index 4f19c2aa..4bb9a6fe 100644 --- a/core/um-form.php +++ b/core/um-form.php @@ -3,23 +3,23 @@ class UM_Form { public $form_suffix; - + function __construct() { - + $this->post_form = null; $this->form_suffix = null; - + $this->errors = null; - + $this->processing = null; - + add_action('init', array(&$this, 'form_init'), 2); - + add_action('init', array(&$this, 'field_declare'), 10); - + } - + /*** *** @add errors ***/ @@ -28,7 +28,7 @@ class UM_Form { $this->errors[$key] = $error; } } - + /*** *** @has error ***/ @@ -37,7 +37,7 @@ class UM_Form { return true; return false; } - + /*** *** @declare all fields ***/ @@ -49,38 +49,38 @@ class UM_Form { $this->all_fields = null; } } - + /*** *** @Checks that we've a form ***/ function form_init(){ global $ultimatemember; - + if ( isset( $_SERVER['REQUEST_METHOD'] ) ) { $http_post = ('POST' == $_SERVER['REQUEST_METHOD']); } else { $http_post = 'POST'; } - + if ( $http_post && !is_admin() && isset( $_POST['form_id'] ) && is_numeric($_POST['form_id']) ) { $this->form_id = $_POST['form_id']; $this->form_status = get_post_status( $this->form_id ); - + if ( $this->form_status == 'publish' ) { /* save entire form as global */ $this->post_form = $_POST; - + $this->post_form = $this->beautify( $this->post_form ); $this->form_data = $ultimatemember->query->post_data( $this->form_id ); - + $this->post_form['submitted'] = $this->post_form; - + $this->post_form = array_merge( $this->form_data, $this->post_form ); - if ( isset( $this->form_data['role'] ) && $_POST['role'] != $this->form_data['role'] ) { + if ( isset( $this->form_data['role'] ) && ( (boolean) $this->form_data['role'] ) && $_POST['role'] != $this->form_data['role'] ) { wp_die( __( 'This is not possible for security reasons.','ultimatemember') ); } else { if ( isset( $this->form_data['custom_fields'] ) && strstr( $this->form_data['custom_fields'], 'role_' ) ) { @@ -99,10 +99,10 @@ class UM_Form { wp_die('Hello, spam bot!'); if ( !in_array( $this->form_data['mode'], array('login') ) ) { - + $form_timestamp = trim($_POST['timestamp']); $live_timestamp = current_time( 'timestamp' ); - + if ( $form_timestamp == '' && um_get_option('enable_timebot') == 1 ) wp_die( __('Hello, spam bot!') ); @@ -110,30 +110,30 @@ class UM_Form { wp_die( __('Whoa, slow down! You\'re seeing this message because you tried to submit a form too fast and we think you might be a spam bot. If you are a real human being please wait a few seconds before submitting the form. Thanks!') ); } - + /* Continue based on form mode - pre-validation */ - + do_action('um_submit_form_errors_hook', $this->post_form ); do_action("um_submit_form_{$this->post_form['mode']}", $this->post_form ); } - + } } - + /*** *** @Beautify form data ***/ function beautify( $form ){ - + if (isset($form['form_id'])){ - + $this->form_suffix = '-' . $form['form_id']; - + $this->processing = $form['form_id']; - + foreach($form as $key => $value){ if (strstr($key, $this->form_suffix) ) { $a_key = str_replace( $this->form_suffix, '', $key); @@ -141,12 +141,12 @@ class UM_Form { unset($form[$key]); } } - + } - + return $form; } - + /*** *** @Display Form Type as Text ***/ @@ -165,5 +165,5 @@ class UM_Form { } return $output; } - -} \ No newline at end of file + +}