Date: Wed, 23 Aug 2023 19:40:06 +0800
Subject: [PATCH 06/20] Add nonce validation for download install info
---
includes/admin/core/class-admin-settings.php | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/includes/admin/core/class-admin-settings.php b/includes/admin/core/class-admin-settings.php
index 3a1bb03b..29b62c94 100644
--- a/includes/admin/core/class-admin-settings.php
+++ b/includes/admin/core/class-admin-settings.php
@@ -3689,6 +3689,7 @@ Use Only Cookies:
+
@@ -3700,7 +3701,13 @@ Use Only Cookies:
Date: Wed, 23 Aug 2023 15:00:21 +0300
Subject: [PATCH 07/20] - fixed variable type for UM()->form()->processing and
UM()->fields()->set_id;
---
includes/core/class-account.php | 2 +-
includes/core/class-fields.php | 4 ++--
includes/core/class-form.php | 2 +-
includes/core/class-password.php | 2 +-
4 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/includes/core/class-account.php b/includes/core/class-account.php
index 6668d2ba..03786d90 100644
--- a/includes/core/class-account.php
+++ b/includes/core/class-account.php
@@ -567,7 +567,7 @@ if ( ! class_exists( 'um\core\Account' ) ) {
function get_tab_fields( $id, $shortcode_args ) {
$output = null;
- UM()->fields()->set_id = $id;
+ UM()->fields()->set_id = absint( $id );
UM()->fields()->set_mode = 'account';
UM()->fields()->editing = true;
diff --git a/includes/core/class-fields.php b/includes/core/class-fields.php
index c7171e38..0ce140bd 100644
--- a/includes/core/class-fields.php
+++ b/includes/core/class-fields.php
@@ -4047,7 +4047,7 @@ if ( ! class_exists( 'um\core\Fields' ) ) {
UM()->form()->nonce = wp_create_nonce( 'um-profile-nonce' . UM()->user()->target_id );
}
- $this->set_id = $this->global_args['form_id'];
+ $this->set_id = absint( $this->global_args['form_id'] );
$this->field_icons = ( isset( $this->global_args['icons'] ) ) ? $this->global_args['icons'] : 'label';
@@ -4548,7 +4548,7 @@ if ( ! class_exists( 'um\core\Fields' ) ) {
UM()->form()->form_suffix = '-' . $this->global_args['form_id'];
$this->set_mode = $mode;
- $this->set_id = $this->global_args['form_id'];
+ $this->set_id = absint( $this->global_args['form_id'] );
$this->field_icons = ( isset( $this->global_args['icons'] ) ) ? $this->global_args['icons'] : 'label';
diff --git a/includes/core/class-form.php b/includes/core/class-form.php
index 8821984f..aa4bbdfd 100644
--- a/includes/core/class-form.php
+++ b/includes/core/class-form.php
@@ -710,7 +710,7 @@ if ( ! class_exists( 'um\core\Form' ) ) {
public function beautify( $form ) {
if ( isset( $form['form_id'] ) ) {
$this->form_suffix = '-' . $form['form_id'];
- $this->processing = $form['form_id'];
+ $this->processing = absint( $form['form_id'] );
foreach ( $form as $key => $value ) {
if ( strstr( $key, $this->form_suffix ) ) {
diff --git a/includes/core/class-password.php b/includes/core/class-password.php
index d62a712f..a5e1c882 100644
--- a/includes/core/class-password.php
+++ b/includes/core/class-password.php
@@ -170,7 +170,7 @@ if ( ! class_exists( 'um\core\Password' ) ) {
return '';
}
- UM()->fields()->set_id = $args['form_id'];
+ UM()->fields()->set_id = absint( $args['form_id'] );
ob_start();
From 42bfa3fa619d74e7dc7407a9046576a6f5170968 Mon Sep 17 00:00:00 2001
From: Mykyta Synelnikov
Date: Thu, 24 Aug 2023 17:37:41 +0300
Subject: [PATCH 08/20] - added `um_force_shortcode_render` hook for echo
custom content in `ultimatemember` shortcode;
---
includes/core/class-shortcodes.php | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/includes/core/class-shortcodes.php b/includes/core/class-shortcodes.php
index 896019dd..e70dfae3 100644
--- a/includes/core/class-shortcodes.php
+++ b/includes/core/class-shortcodes.php
@@ -805,6 +805,12 @@ if ( ! class_exists( 'um\core\Shortcodes' ) ) {
}
}
+ $content = apply_filters( 'um_force_shortcode_render', false, $args );
+ if ( false !== $content ) {
+ ob_get_clean();
+ return $content;
+ }
+
/**
* Fires before loading form shortcode.
*
From 53a6ffc78dab70a3c9f737cacee78a58ea6ff1bb Mon Sep 17 00:00:00 2001
From: yuriinalivaiko
Date: Sun, 27 Aug 2023 00:11:52 +0300
Subject: [PATCH 09/20] - fixed REST API endpoint List Pages
---
includes/core/um-actions-profile.php | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/includes/core/um-actions-profile.php b/includes/core/um-actions-profile.php
index 0e8b5bbc..b62a4954 100644
--- a/includes/core/um-actions-profile.php
+++ b/includes/core/um-actions-profile.php
@@ -1374,6 +1374,11 @@ function um_pre_profile_shortcode( $args ) {
return;
}
+ // disable for the REST API requests.
+ if ( defined( 'REST_REQUEST' ) && REST_REQUEST ) {
+ return;
+ }
+
if ( true === UM()->fields()->editing ) {
if ( um_get_requested_user() ) {
if ( ! UM()->roles()->um_current_user_can( 'edit', um_get_requested_user() ) ) {
From 5496162730ad0ba4e322f0630e1da1e63c62da6c Mon Sep 17 00:00:00 2001
From: yuriinalivaiko
Date: Sun, 27 Aug 2023 21:29:36 +0300
Subject: [PATCH 10/20] - fixed redirection from default registration to UM
registration page
---
includes/core/um-actions-register.php | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/includes/core/um-actions-register.php b/includes/core/um-actions-register.php
index a0aaa51a..9171612b 100644
--- a/includes/core/um-actions-register.php
+++ b/includes/core/um-actions-register.php
@@ -742,12 +742,12 @@ function um_registration_set_profile_full_name( $user_id, $args ) {
add_action( 'um_registration_set_extra_data', 'um_registration_set_profile_full_name', 10, 2 );
/**
- * Redirect from default registration to UM registration page
+ * Redirect from default registration to UM registration page
*/
function um_form_register_redirect() {
- $page_id = UM()->options()->get( UM()->options()->get_core_page_id( 'register' ) );
- $register_post = get_post( $page_id );
- if ( ! empty( $register_post ) ) {
+ $page_id = UM()->options()->get( UM()->options()->get_core_page_id( 'register' ) );
+ // Do not redirect if the registration page is not published.
+ if ( ! empty( $page_id ) && 'publish' === get_post_status( $page_id ) ) {
// Not `um_safe_redirect()` because predefined register page is situated on the same host.
wp_safe_redirect( get_permalink( $page_id ) );
exit();
From 8b19234dcf6627350ce88c9fd820bf644def3ed7 Mon Sep 17 00:00:00 2001
From: Mykyta Synelnikov
Date: Mon, 28 Aug 2023 15:10:42 +0300
Subject: [PATCH 11/20] - fixed [ultimatemember] shortcode using with a
wrong|empty form_id;
---
includes/core/class-shortcodes.php | 4 ++++
includes/um-short-functions.php | 2 +-
2 files changed, 5 insertions(+), 1 deletion(-)
diff --git a/includes/core/class-shortcodes.php b/includes/core/class-shortcodes.php
index e70dfae3..c982fc95 100644
--- a/includes/core/class-shortcodes.php
+++ b/includes/core/class-shortcodes.php
@@ -648,7 +648,11 @@ if ( ! class_exists( 'um\core\Shortcodes' ) ) {
if ( ! array_key_exists( 'form_id', $args ) ) {
return '';
}
+
$this->form_id = $args['form_id'];
+ if ( empty( $this->form_id ) ) {
+ return '';
+ }
$this->form_status = get_post_status( $this->form_id );
if ( 'publish' !== $this->form_status ) {
diff --git a/includes/um-short-functions.php b/includes/um-short-functions.php
index 7f82e9ff..13b8e7fc 100644
--- a/includes/um-short-functions.php
+++ b/includes/um-short-functions.php
@@ -2303,7 +2303,7 @@ function um_get_default_cover_uri() {
* @param $data
* @param null $attrs
*
- * @return string|array
+ * @return int|string|array
*/
function um_user( $data, $attrs = null ) {
From a2b52cdd0cec283bb0ddcb7627bcc9a63115c09e Mon Sep 17 00:00:00 2001
From: Mykyta Synelnikov
Date: Mon, 28 Aug 2023 23:20:14 +0300
Subject: [PATCH 12/20] - fixed changes added for #1277; - probably fix for
#1292;
---
includes/core/class-fields.php | 33 ++++++++++++++++++-----------
includes/core/um-filters-fields.php | 18 ++++++----------
2 files changed, 28 insertions(+), 23 deletions(-)
diff --git a/includes/core/class-fields.php b/includes/core/class-fields.php
index 0ce140bd..fdbba3ec 100644
--- a/includes/core/class-fields.php
+++ b/includes/core/class-fields.php
@@ -15,13 +15,13 @@ if ( ! class_exists( 'um\core\Fields' ) ) {
/**
- * @var string
+ * @var null|string
*/
- public $set_mode = '';
+ public $set_mode = null;
/**
- * @var int form_id
+ * @var null|int form_id
*/
public $set_id = null;
@@ -1547,30 +1547,39 @@ if ( ! class_exists( 'um\core\Fields' ) ) {
/**
* Get form fields
*
+ * @var null|int $form_id
+ *
* @return array
*/
public function get_fields() {
- if ( empty( $this->fields ) ) {
+ if ( empty( $this->set_id ) ) {
+ return array();
+ }
+
+ if ( empty( $this->fields[ $this->set_id ] ) ) {
/**
* Filters the form fields.
*
- * @param {array} $fields Form fields.
+ * @param {array} $fields Form fields.
+ * @param {int} $form_id Form ID. Since 2.6.11
*
* @return {array} Form fields.
*
* @since 1.3.x
+ * @since 2.6.11 Added Form ID attribute.
* @hook um_get_form_fields
*
* @example
Extend form fields.
- * function my_form_fields( $fields ) {
+ * function my_form_fields( $fields, $form_id ) {
* // your code here
* return $fields;
* }
- * add_filter( 'um_get_form_fields', 'my_form_fields' );
+ * add_filter( 'um_get_form_fields', 'my_form_fields', 10, 2 );
*/
- $this->fields = apply_filters( 'um_get_form_fields', $this->fields );
+ $this->fields[ $this->set_id ] = apply_filters( 'um_get_form_fields', array(), $this->set_id );
}
- return $this->fields;
+
+ return $this->fields[ $this->set_id ];
}
/**
@@ -1581,7 +1590,7 @@ if ( ! class_exists( 'um\core\Fields' ) ) {
* @return mixed
* @throws \Exception
*/
- function get_field( $key ) {
+ public function get_field( $key ) {
$fields = $this->get_fields();
if ( isset( $fields ) && is_array( $fields ) && isset( $fields[ $key ] ) ) {
@@ -4034,7 +4043,7 @@ if ( ! class_exists( 'um\core\Fields' ) ) {
* @return string|null
* @throws \Exception
*/
- function display( $mode, $args ) {
+ public function display( $mode, $args ) {
$output = null;
$this->global_args = $args;
@@ -4540,7 +4549,7 @@ if ( ! class_exists( 'um\core\Fields' ) ) {
* @return string|null
* @throws \Exception
*/
- function display_view( $mode, $args ) {
+ public function display_view( $mode, $args ) {
$output = null;
$this->global_args = $args;
diff --git a/includes/core/um-filters-fields.php b/includes/core/um-filters-fields.php
index b4b7e41d..1727b234 100644
--- a/includes/core/um-filters-fields.php
+++ b/includes/core/um-filters-fields.php
@@ -511,25 +511,21 @@ add_filter( 'um_profile_field_filter_hook__', 'um_profile_field_filter_hook__',
/**
* Get form fields
*
- * @param $array
+ * @param string|array $array
+ * @param int $form_id
*
- * @return mixed|string
+ * @return array|string
*/
-function um_get_form_fields( $array ) {
-
- $form_id = (isset ( UM()->fields()->set_id ) ) ? UM()->fields()->set_id : null;
- $mode = (isset( UM()->fields()->set_mode ) ) ? UM()->fields()->set_mode : null;
-
- if ( $form_id && $mode ) {
- $array = UM()->query()->get_attr('custom_fields', $form_id );
+function um_get_form_fields( $array, $form_id ) {
+ if ( $form_id && UM()->fields()->set_mode ) {
+ $array = UM()->query()->get_attr( 'custom_fields', $form_id );
} else {
$array = '';
}
return $array;
-
}
-add_filter( 'um_get_form_fields', 'um_get_form_fields', 99 );
+add_filter( 'um_get_form_fields', 'um_get_form_fields', 99, 2 );
/**
From fca7b4b0d582c2c6d45db28b35b7322f6baec232 Mon Sep 17 00:00:00 2001
From: Mykyta Synelnikov
Date: Thu, 31 Aug 2023 11:27:11 +0300
Subject: [PATCH 13/20] - fixed `[ultimatemember]` shortcode attributes;
---
includes/core/class-shortcodes.php | 10 ++++++++++
ultimate-member.php | 2 +-
2 files changed, 11 insertions(+), 1 deletion(-)
diff --git a/includes/core/class-shortcodes.php b/includes/core/class-shortcodes.php
index c982fc95..87175b7b 100644
--- a/includes/core/class-shortcodes.php
+++ b/includes/core/class-shortcodes.php
@@ -602,6 +602,16 @@ if ( ! class_exists( 'um\core\Shortcodes' ) ) {
* @return string
*/
public function ultimatemember( $args = array() ) {
+ // There is possible to use 'shortcode_atts_ultimatemember' filter for getting customized `$args`.
+ $args = shortcode_atts(
+ array(
+ 'form_id' => '',
+ 'is_block' => 0,
+ ),
+ $args,
+ 'ultimatemember'
+ );
+
/**
* Filters variable for enable singleton shortcode loading on the same page.
* Note: Set it to `false` if you don't need to render the same form twice or more on the same page.
diff --git a/ultimate-member.php b/ultimate-member.php
index 3949f110..5e8517cd 100644
--- a/ultimate-member.php
+++ b/ultimate-member.php
@@ -3,7 +3,7 @@
* Plugin Name: Ultimate Member
* Plugin URI: http://ultimatemember.com/
* Description: The easiest way to create powerful online communities and beautiful user profiles with WordPress
- * Version: 2.6.11-alpha
+ * Version: 2.6.11
* Author: Ultimate Member
* Author URI: http://ultimatemember.com/
* Text Domain: ultimate-member
From 6e9d1224949ef62b72fa5fd6fead99314c69bb34 Mon Sep 17 00:00:00 2001
From: Mykyta Synelnikov
Date: Sat, 2 Sep 2023 00:53:51 +0300
Subject: [PATCH 14/20] - fixed "is_block" argument for ultimatemember
shortcodes; - added sanitize shortcode arguments functions;
---
includes/core/class-account.php | 16 ++++++++--------
includes/core/class-fields.php | 10 +++++-----
includes/core/class-shortcodes.php | 8 ++++++--
3 files changed, 19 insertions(+), 15 deletions(-)
diff --git a/includes/core/class-account.php b/includes/core/class-account.php
index 03786d90..d48e08d1 100644
--- a/includes/core/class-account.php
+++ b/includes/core/class-account.php
@@ -610,8 +610,8 @@ if ( ! class_exists( 'um\core\Account' ) ) {
$this->init_displayed_fields( $fields, $id );
foreach ( $fields as $key => $data ) {
- if ( isset( $shortcode_args['is_block'] ) && 1 === (int) $shortcode_args['is_block'] ) {
- $data['is_block'] = 1;
+ if ( ! empty( $shortcode_args['is_block'] ) ) {
+ $data['is_block'] = true;
}
$output .= UM()->fields()->edit_field( $key, $data );
}
@@ -653,8 +653,8 @@ if ( ! class_exists( 'um\core\Account' ) ) {
$this->init_displayed_fields( $fields, $id );
foreach ( $fields as $key => $data ) {
- if ( isset( $shortcode_args['is_block'] ) && 1 === (int) $shortcode_args['is_block'] ) {
- $data['is_block'] = 1;
+ if ( ! empty( $shortcode_args['is_block'] ) ) {
+ $data['is_block'] = true;
}
$output .= UM()->fields()->edit_field( $key, $data );
}
@@ -710,8 +710,8 @@ if ( ! class_exists( 'um\core\Account' ) ) {
$this->init_displayed_fields( $fields, $id );
foreach ( $fields as $key => $data ) {
- if ( isset( $shortcode_args['is_block'] ) && 1 === (int) $shortcode_args['is_block'] ) {
- $data['is_block'] = 1;
+ if ( ! empty( $shortcode_args['is_block'] ) ) {
+ $data['is_block'] = true;
}
$output .= UM()->fields()->edit_field( $key, $data );
}
@@ -751,8 +751,8 @@ if ( ! class_exists( 'um\core\Account' ) ) {
$this->init_displayed_fields( $fields, $id );
foreach ( $fields as $key => $data ) {
- if ( isset( $shortcode_args['is_block'] ) && 1 === (int) $shortcode_args['is_block'] ) {
- $data['is_block'] = 1;
+ if ( ! empty( $shortcode_args['is_block'] ) ) {
+ $data['is_block'] = true;
}
$output .= UM()->fields()->edit_field( $key, $data );
}
diff --git a/includes/core/class-fields.php b/includes/core/class-fields.php
index fdbba3ec..298a617e 100644
--- a/includes/core/class-fields.php
+++ b/includes/core/class-fields.php
@@ -2094,7 +2094,7 @@ if ( ! class_exists( 'um\core\Fields' ) ) {
public function edit_field( $key, $data, $rule = false, $args = array() ) {
global $_um_profile_id;
- if ( isset( $data['is_block'] ) && 1 === (int) $data['is_block'] ) {
+ if ( ! empty( $data['is_block'] ) ) {
$form_suffix = '';
} else {
$form_suffix = UM()->form()->form_suffix;
@@ -2106,7 +2106,7 @@ if ( ! class_exists( 'um\core\Fields' ) ) {
$_um_profile_id = um_user( 'ID' );
}
- if ( isset( $data['is_block'] ) && 1 === (int) $data['is_block'] && ! is_user_logged_in() ) {
+ if ( ! empty( $data['is_block'] ) && ! is_user_logged_in() ) {
$_um_profile_id = 0;
}
@@ -4124,7 +4124,7 @@ if ( ! class_exists( 'um\core\Fields' ) ) {
if ( $col1_fields ) {
foreach ( $col1_fields as $key => $data ) {
if ( ! empty( $args['is_block'] ) ) {
- $data['is_block'] = 1;
+ $data['is_block'] = true;
}
$output .= $this->edit_field( $key, $data );
}
@@ -4138,7 +4138,7 @@ if ( ! class_exists( 'um\core\Fields' ) ) {
if ( $col1_fields ) {
foreach ( $col1_fields as $key => $data ) {
if ( ! empty( $args['is_block'] ) ) {
- $data['is_block'] = 1;
+ $data['is_block'] = true;
}
$output .= $this->edit_field( $key, $data );
}
@@ -4150,7 +4150,7 @@ if ( ! class_exists( 'um\core\Fields' ) ) {
if ( $col2_fields ) {
foreach ( $col2_fields as $key => $data ) {
if ( ! empty( $args['is_block'] ) ) {
- $data['is_block'] = 1;
+ $data['is_block'] = true;
}
$output .= $this->edit_field( $key, $data );
}
diff --git a/includes/core/class-shortcodes.php b/includes/core/class-shortcodes.php
index 87175b7b..ef725888 100644
--- a/includes/core/class-shortcodes.php
+++ b/includes/core/class-shortcodes.php
@@ -606,12 +606,16 @@ if ( ! class_exists( 'um\core\Shortcodes' ) ) {
$args = shortcode_atts(
array(
'form_id' => '',
- 'is_block' => 0,
+ 'is_block' => false,
),
$args,
'ultimatemember'
);
+ // Sanitize shortcode arguments.
+ $args['form_id'] = ! empty( $args['form_id'] ) ? absint( $args['form_id'] ) : '';
+ $args['is_block'] = (bool) $args['is_block'];
+
/**
* Filters variable for enable singleton shortcode loading on the same page.
* Note: Set it to `false` if you don't need to render the same form twice or more on the same page.
@@ -779,7 +783,7 @@ if ( ! class_exists( 'um\core\Shortcodes' ) ) {
}
}
- if ( isset( $args['is_block'] ) && 1 === (int) $args['is_block'] && 'profile' === $mode && ! is_user_logged_in() ) {
+ if ( 'profile' === $mode && ! empty( $args['is_block'] ) && ! is_user_logged_in() ) {
ob_get_clean();
return '';
}
From 4e1e577a21239b5ff4d7968886e0099e84cab184 Mon Sep 17 00:00:00 2001
From: Mykyta Synelnikov
Date: Mon, 4 Sep 2023 13:24:28 +0300
Subject: [PATCH 15/20] - fixed PHP notice for $cached_user variable;
---
includes/core/class-user.php | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)
diff --git a/includes/core/class-user.php b/includes/core/class-user.php
index 5da5373c..21276e42 100644
--- a/includes/core/class-user.php
+++ b/includes/core/class-user.php
@@ -1,9 +1,9 @@
Date: Mon, 4 Sep 2023 20:55:38 +0300
Subject: [PATCH 16/20] - fixed users dropdown;
---
includes/admin/assets/js/um-admin-forms.js | 19 ++++++++++++++++---
1 file changed, 16 insertions(+), 3 deletions(-)
diff --git a/includes/admin/assets/js/um-admin-forms.js b/includes/admin/assets/js/um-admin-forms.js
index 5bd8e40f..531919f4 100644
--- a/includes/admin/assets/js/um-admin-forms.js
+++ b/includes/admin/assets/js/um-admin-forms.js
@@ -1,14 +1,20 @@
function um_admin_init_users_select() {
- if ( jQuery('.um-user-select-field').length ) {
+ if ( jQuery('.um-user-select-field:visible').length ) {
function avatarformat( data ) {
var option;
if ( ! data.id ) {
return data.text;
}
+
if ( 'undefined' !== typeof data.img ) {
option = jQuery(' ' + data.text + '');
} else {
- var img = data.element.attributes['data-img']['value'];
+ let img;
+ if ( 'undefined' !== typeof data.element ) {
+ if ( 'undefined' !== typeof data.element.attributes['data-img'] ) {
+ img = data.element.attributes['data-img']['value'];
+ }
+ }
if ( img ) {
option = jQuery(' ' + data.text + '');
} else {
@@ -78,7 +84,13 @@ function um_admin_init_users_select() {
templateResult: avatarformat
};
- jQuery('.um-user-select-field').select2( select2_atts );
+ jQuery('.um-user-select-field:visible').each( function() {
+ if ( jQuery(this).hasClass('select2-hidden-accessible') ) {
+ jQuery(this).select2( 'destroy' );
+ }
+ });
+
+ jQuery('.um-user-select-field:visible').select2( select2_atts );
}
}
@@ -798,6 +810,7 @@ jQuery(document).ready( function() {
if ( check_condition( jQuery(this) ) ) {
jQuery(this).show();
+ um_admin_init_users_select();
} else {
jQuery(this).hide();
}
From 10467d12cefc66e5a5664321daa9ccb6d1b7bb2c Mon Sep 17 00:00:00 2001
From: Mykyta Synelnikov
Date: Tue, 5 Sep 2023 00:24:58 +0300
Subject: [PATCH 17/20] - updated readme.txt;
---
readme.txt | 29 +++++++++++++++++++++++++++--
1 file changed, 27 insertions(+), 2 deletions(-)
diff --git a/readme.txt b/readme.txt
index 4da05f72..748a51c0 100644
--- a/readme.txt
+++ b/readme.txt
@@ -7,7 +7,7 @@ Tags: community, member, membership, user-profile, user-registration
Requires PHP: 5.6
Requires at least: 5.5
Tested up to: 6.3
-Stable tag: 2.6.10
+Stable tag: 2.6.11
License: GNU Version 2 or Any Later Version
License URI: http://www.gnu.org/licenses/gpl-3.0.txt
@@ -166,9 +166,34 @@ No specific extensions are needed. But we highly recommended keep active these P
IMPORTANT: PLEASE UPDATE THE PLUGIN TO AT LEAST VERSION 2.6.7 IMMEDIATELY. VERSION 2.6.7 PATCHES SECURITY PRIVILEGE ESCALATION VULNERABILITY. PLEASE SEE [THIS ARTICLE](https://docs.ultimatemember.com/article/1866-security-incident-update-and-recommended-actions) FOR MORE INFORMATION
-= 2.6.11: September xx, 2023 =
+= 2.6.11: September 06, 2023 =
+* Important:
+ - Based on the updates of the PHP version and the tightening of code standards to define clear data types, we will change some field attributes and option values.
+ Where it is possible to do it automatically, it will be done with the help of scripts for updating the database between versions.
+ In some places, unfortunately, a logical fork is formed with legacy data, which cannot be considered unambiguously during automatic updating and can lead to unexpected consequences.
+ We need to standardize such places in the code and ask you to manually update the data where necessary.
+ So that you can decide for yourself which data should be generated in a new format through the user interface in the case of a regular user or in code and custom callbacks in the case of developers.
+
+ - For regular users: Check all fields on each profile form and their option named as "Can user edit this field?".
+ You may have an incorrect value for the `editable` attribute in your database for predefined or custom fields.
+ So you need to re-update the fields' settings for the fields that aren't editable.
+ - For developers: The valid data format is boolean `false|true`.
+ We highly recommend to check `editable` field's capability by the built-in function `um_can_edit_field( $field_data );`.
+ If you extends the predefined fields please make sure that there is `editable` attribute set to "true" if you need this field set to editable by default.
+ In the case if there aren't `editable` attribute it will be considered as non-editable.
+ As legacy workaround we check the `editable` field attribute by the `! empty( $field_data['editable'] );` condition, so in case if you had integer format 1|0 for the `editable` attribute it will also work.
+
+* Enhancements:
+
+* Bugfixes:
+
+ - Fixed: Empty mail From data when there isn't set an option
+ - Fixed: Nonce validation for the admin actions handler
+ - Fixed: REST API endpoint List Pages redirecting to the homepage
+ - Fixed: Standardize the 'editable' attribute for the UM fields and hooks that can extend these fields. All fields that can be editable on the User Profile form has to have `editable` attribute set to `true`
+ - Fixed: Redirection from default WordPress registration to UM registration page (if it's not a published)
= 2.6.10: August 17, 2023 =
From e5b8ff400e90b12169991afbab21fae43ef5407b Mon Sep 17 00:00:00 2001
From: Mykyta Synelnikov
Date: Tue, 5 Sep 2023 01:12:16 +0300
Subject: [PATCH 18/20] - fixed editable attribute base on the legacy code; -
if `editable` attribute doesn't exist then we set `editable` to true by
default;
---
includes/admin/core/class-admin-metabox.php | 5 +++++
includes/core/class-fields.php | 9 ++++++---
includes/core/class-form.php | 3 ++-
includes/core/um-actions-profile.php | 9 +++++----
includes/um-short-functions.php | 3 ++-
5 files changed, 20 insertions(+), 9 deletions(-)
diff --git a/includes/admin/core/class-admin-metabox.php b/includes/admin/core/class-admin-metabox.php
index d1dc81b8..776e25a8 100644
--- a/includes/admin/core/class-admin-metabox.php
+++ b/includes/admin/core/class-admin-metabox.php
@@ -2383,6 +2383,11 @@ if ( ! class_exists( 'um\admin\core\Admin_Metabox' ) ) {
$this->edit_mode_value = true;
}
+ // Set to true if `editable` doesn't exist (legacy case). It will be saved to DB as `true` after the first field update.
+ if ( null === $this->edit_mode_value ) {
+ $this->edit_mode_value = true;
+ }
+
if ( empty( $this->edit_mode_value ) ) {
$this->edit_mode_value = false;
}
diff --git a/includes/core/class-fields.php b/includes/core/class-fields.php
index 298a617e..026f6322 100644
--- a/includes/core/class-fields.php
+++ b/includes/core/class-fields.php
@@ -2186,7 +2186,8 @@ if ( ! class_exists( 'um\core\Fields' ) ) {
if ( true === $this->editing && 'profile' === $this->set_mode ) {
if ( ! UM()->roles()->um_user_can( 'can_edit_everyone' ) ) {
- if ( empty( $data['editable'] ) ) {
+ // It's for a legacy case `array_key_exists( 'editable', $data )`.
+ if ( array_key_exists( 'editable', $data ) && empty( $data['editable'] ) ) {
$disabled = ' disabled="disabled" ';
}
}
@@ -3635,7 +3636,8 @@ if ( ! class_exists( 'um\core\Fields' ) ) {
$class = 'um-icon-android-radio-button-off';
}
- if ( empty( $data['editable'] ) ) {
+ // It's for a legacy case `array_key_exists( 'editable', $data )`.
+ if ( array_key_exists( 'editable', $data ) && empty( $data['editable'] ) ) {
$col_class .= ' um-field-radio-state-disabled';
}
@@ -3754,7 +3756,8 @@ if ( ! class_exists( 'um\core\Fields' ) ) {
$class = 'um-icon-android-checkbox-outline-blank';
}
- if ( empty( $data['editable'] ) ) {
+ // It's for a legacy case `array_key_exists( 'editable', $data )`.
+ if ( array_key_exists( 'editable', $data ) && empty( $data['editable'] ) ) {
$col_class .= ' um-field-radio-state-disabled';
}
diff --git a/includes/core/class-form.php b/includes/core/class-form.php
index aa4bbdfd..6a3b74d4 100644
--- a/includes/core/class-form.php
+++ b/includes/core/class-form.php
@@ -1065,7 +1065,8 @@ if ( ! class_exists( 'um\core\Form' ) ) {
if ( strstr( $field_key, 'role_' ) && array_key_exists( 'options', $field_settings ) && is_array( $field_settings['options'] ) ) {
if ( isset( $this->post_form['mode'] ) && 'profile' === $this->post_form['mode'] ) {
- if ( empty( $field_settings['editable'] ) || ! um_can_edit_field( $field_settings ) ) {
+ // It's for a legacy case `array_key_exists( 'editable', $field_settings )`.
+ if ( ( array_key_exists( 'editable', $field_settings ) && empty( $field_settings['editable'] ) ) || ! um_can_edit_field( $field_settings ) ) {
continue;
}
}
diff --git a/includes/core/um-actions-profile.php b/includes/core/um-actions-profile.php
index b62a4954..50851661 100644
--- a/includes/core/um-actions-profile.php
+++ b/includes/core/um-actions-profile.php
@@ -386,10 +386,11 @@ function um_user_edit_profile( $args, $form_data ) {
}
}
- // Secure selected role
- if ( ( isset( $fields['role'] ) && ! empty( $fields['role']['editable'] ) && um_can_view_field( $fields['role'] ) ) ||
- ( isset( $fields['role_select'] ) && ! empty( $fields['role_select']['editable'] ) && um_can_view_field( $fields['role_select'] ) ) ||
- ( isset( $fields['role_radio'] ) && ! empty( $fields['role_radio']['editable'] ) && um_can_view_field( $fields['role_radio'] ) ) ) {
+ // Secure selected role.
+ // It's for a legacy case `array_key_exists( 'editable', $fields['role'] )` and similar.
+ if ( ( isset( $fields['role'] ) && ( ! array_key_exists( 'editable', $fields['role'] ) || ! empty( $fields['role']['editable'] ) ) && um_can_view_field( $fields['role'] ) ) ||
+ ( isset( $fields['role_select'] ) && ( ! array_key_exists( 'editable', $fields['role_select'] ) || ! empty( $fields['role_select']['editable'] ) ) && um_can_view_field( $fields['role_select'] ) ) ||
+ ( isset( $fields['role_radio'] ) && ( ! array_key_exists( 'editable', $fields['role_radio'] ) || ! empty( $fields['role_radio']['editable'] ) ) && um_can_view_field( $fields['role_radio'] ) ) ) {
if ( ! empty( $args['submitted']['role'] ) ) {
global $wp_roles;
diff --git a/includes/um-short-functions.php b/includes/um-short-functions.php
index 13b8e7fc..8fedfccd 100644
--- a/includes/um-short-functions.php
+++ b/includes/um-short-functions.php
@@ -1667,7 +1667,8 @@ function um_can_edit_field( $data ) {
$can_edit = false;
} else {
if ( ! UM()->roles()->um_user_can( 'can_edit_everyone' ) ) {
- if ( empty( $data['editable'] ) ) {
+ // It's for a legacy case `array_key_exists( 'editable', $data )`.
+ if ( array_key_exists( 'editable', $data ) && empty( $data['editable'] ) ) {
$can_edit = false;
} else {
if ( ! um_is_user_himself() ) {
From af140bda82831e0e934285907a7a9ff978f04cf6 Mon Sep 17 00:00:00 2001
From: Mykyta Synelnikov
Date: Tue, 5 Sep 2023 02:04:03 +0300
Subject: [PATCH 19/20] - added hooks for easy integration cases like #1279;
---
includes/core/class-shortcodes.php | 108 ++++++++++++++------------
includes/core/um-actions-register.php | 21 +++++
2 files changed, 78 insertions(+), 51 deletions(-)
diff --git a/includes/core/class-shortcodes.php b/includes/core/class-shortcodes.php
index ef725888..063a09ee 100644
--- a/includes/core/class-shortcodes.php
+++ b/includes/core/class-shortcodes.php
@@ -203,7 +203,7 @@ if ( ! class_exists( 'um\core\Shortcodes' ) ) {
if ( ! empty( $role ) && ! empty( $role['status'] ) ) {
$message_key = $role['status'] . '_message';
- $this->custom_message = ! empty( $role[ $message_key ] ) ? stripslashes( $role[ $message_key ] ) : '';
+ $this->custom_message = ! empty( $role[ $message_key ] ) ? $this->convert_user_tags( stripslashes( $role[ $message_key ] ) ) : '';
}
}
}
@@ -1143,16 +1143,14 @@ if ( ! class_exists( 'um\core\Shortcodes' ) ) {
return um_convert_tags( $str, array(), false );
}
-
/**
* Convert user tags in a string
*
- * @param $str
+ * @param string $str
*
- * @return mixed
+ * @return string
*/
- function convert_user_tags( $str ) {
-
+ public function convert_user_tags( $str ) {
$pattern_array = array(
'{first_name}',
'{last_name}',
@@ -1160,89 +1158,97 @@ if ( ! class_exists( 'um\core\Shortcodes' ) ) {
'{user_avatar_small}',
'{username}',
'{nickname}',
+ '{user_email}',
);
-
/**
- * UM hook
+ * Filters the user placeholders patterns.
*
- * @type filter
- * @title um_allowed_user_tags_patterns
- * @description Extend user placeholders patterns
- * @input_vars
- * [{"var":"$patterns","type":"array","desc":"Placeholders"}]
- * @change_log
- * ["Since: 2.0"]
- * @usage
- *
- * @example
- * Add the `{user_description}` placeholder.
* function my_allowed_user_tags( $patterns ) {
- * // your code here
+ * $patterns[] = '{user_description}';
* return $patterns;
* }
- * ?>
+ * add_filter( 'um_allowed_user_tags_patterns', 'my_allowed_user_tags' );
*/
$pattern_array = apply_filters( 'um_allowed_user_tags_patterns', $pattern_array );
-
- //$matches = false;
foreach ( $pattern_array as $pattern ) {
-
if ( preg_match( $pattern, $str ) ) {
- $value = '';
+ $value = '';
+ $usermeta = str_replace( array( '{', '}' ), '', $pattern );
if ( is_user_logged_in() ) {
- $usermeta = str_replace( '{', '', $pattern );
- $usermeta = str_replace( '}', '', $usermeta );
-
- if ( $usermeta == 'user_avatar_small' ) {
+ if ( 'user_avatar_small' === $usermeta ) {
$value = get_avatar( um_user( 'ID' ), 40 );
} elseif ( um_user( $usermeta ) ) {
$value = um_user( $usermeta );
}
- if ( $usermeta == 'username' ) {
+ if ( 'username' === $usermeta ) {
$value = um_user( 'user_login' );
}
- if ( $usermeta == 'nickname' ) {
+ if ( 'nickname' === $usermeta ) {
$value = um_profile( 'nickname' );
}
+ if ( 'user_email' === $usermeta ) {
+ $value = um_user( 'user_email' );
+ }
+
/**
- * UM hook
+ * Filters the user placeholders value of pattern for logged-in user.
*
- * @type filter
- * @title um_profile_tag_hook__{$usermeta}
- * @description Change usermeta field value
- * @input_vars
- * [{"var":"$value","type":"array","desc":"Meta field value"},
- * {"var":"$user_id","type":"array","desc":"User ID"}]
- * @change_log
- * ["Since: 2.0"]
- * @usage
- *
- * @example
- * Add the replacement value for `{user_description}` placeholder.
+ * function my_user_description( $value, $user_id ) {
+ * $value = get_user_meta( $user_id, 'user_description', true );
* return $value;
* }
- * ?>
+ * add_filter( 'um_profile_tag_hook__user_description', 'my_user_description', 10, 2 );
*/
$value = apply_filters( "um_profile_tag_hook__{$usermeta}", $value, um_user( 'ID' ) );
+ } else {
+ /**
+ * Filters the user placeholders value of pattern for not logged-in user.
+ *
+ * @since 2.6.11
+ * @hook um_profile_nopriv_tag_hook__{$usermeta}
+ *
+ * @param {string} $value User meta field value.
+ *
+ * @return {string} User meta field value.
+ *
+ * @example
Add the replacement value for `{user_description}` placeholder for not logged-in user.
+ * function my_nopriv_user_description( $value ) {
+ * $value = ! empty( $_GET['user_description'] ) ? sanitize_text_field( $_GET['user_description'] ) : '';
+ * return $value;
+ * }
+ * add_filter( 'um_profile_nopriv_tag_hook__user_description', 'my_nopriv_user_description' );
+ */
+ $value = apply_filters( "um_profile_nopriv_tag_hook__{$usermeta}", $value );
}
$str = preg_replace( '/' . $pattern . '/', $value, $str );
}
-
}
return $str;
}
-
/**
* Shortcode: Show custom content to specific role
*
diff --git a/includes/core/um-actions-register.php b/includes/core/um-actions-register.php
index 9171612b..fee265bc 100644
--- a/includes/core/um-actions-register.php
+++ b/includes/core/um-actions-register.php
@@ -282,6 +282,27 @@ function um_check_user_status( $user_id, $args, $form_data = null ) {
// Add only priority role to URL.
$url = add_query_arg( 'um_role', esc_attr( um_user( 'role' ) ), $url );
$url = add_query_arg( 'um_form_id', esc_attr( $form_data['form_id'] ), $url );
+ /**
+ * Filters the redirect URL for user after registration based on its status when need to show message.
+ *
+ * @since 2.6.11
+ * @hook um_registration_show_message_redirect_url
+ *
+ * @param {string} $url Redirect URL.
+ * @param {string} $status User status.
+ * @param {int} $user_id User ID.
+ * @param {array} $form_data Form data.
+ *
+ * @return {string} Redirect URL.
+ *
+ * @example
Change redirect URL for user after registration based on its status when need to show message.
+ * function my_um_registration_show_message_redirect_url( $url, $status, $user_id ) {
+ * // your code here
+ * return $url;
+ * }
+ * add_filter( 'um_registration_show_message_redirect_url', 'my_um_registration_show_message_redirect_url', 10, 4 );
+ */
+ $url = apply_filters( 'um_registration_show_message_redirect_url', $url, $status, um_user( 'ID' ), $form_data );
// Not `um_safe_redirect()` because UM()->permalinks()->get_current_url() is situated on the same host.
wp_safe_redirect( $url );
exit;
From e7f9d38ba50de07c1f3c652df41f63827272eaa9 Mon Sep 17 00:00:00 2001
From: Mykyta Synelnikov
Date: Tue, 5 Sep 2023 02:14:20 +0300
Subject: [PATCH 20/20] - updated readme.txt;
---
README.md | 2 +-
readme.txt | 21 +--------------------
2 files changed, 2 insertions(+), 21 deletions(-)
diff --git a/README.md b/README.md
index 8aa62665..46cc9bc0 100644
--- a/README.md
+++ b/README.md
@@ -44,7 +44,7 @@ GNU Version 2 or Any Later Version
### IMPORTANT: PLEASE UPDATE THE PLUGIN TO AT LEAST VERSION 2.6.7 IMMEDIATELY. VERSION 2.6.7 PATCHES SECURITY PRIVILEGE ESCALATION VULNERABILITY. PLEASE SEE [THIS ARTICLE](https://docs.ultimatemember.com/article/1866-security-incident-update-and-recommended-actions) FOR MORE INFORMATION
-[Official Release Version: 2.6.10](https://github.com/ultimatemember/ultimatemember/releases/tag/2.6.10).
+[Official Release Version: 2.6.11](https://github.com/ultimatemember/ultimatemember/releases/tag/2.6.11).
## Changelog
diff --git a/readme.txt b/readme.txt
index 748a51c0..d611a68a 100644
--- a/readme.txt
+++ b/readme.txt
@@ -168,31 +168,12 @@ IMPORTANT: PLEASE UPDATE THE PLUGIN TO AT LEAST VERSION 2.6.7 IMMEDIATELY. VERSI
= 2.6.11: September 06, 2023 =
-* Important:
-
- - Based on the updates of the PHP version and the tightening of code standards to define clear data types, we will change some field attributes and option values.
- Where it is possible to do it automatically, it will be done with the help of scripts for updating the database between versions.
- In some places, unfortunately, a logical fork is formed with legacy data, which cannot be considered unambiguously during automatic updating and can lead to unexpected consequences.
- We need to standardize such places in the code and ask you to manually update the data where necessary.
- So that you can decide for yourself which data should be generated in a new format through the user interface in the case of a regular user or in code and custom callbacks in the case of developers.
-
- - For regular users: Check all fields on each profile form and their option named as "Can user edit this field?".
- You may have an incorrect value for the `editable` attribute in your database for predefined or custom fields.
- So you need to re-update the fields' settings for the fields that aren't editable.
- - For developers: The valid data format is boolean `false|true`.
- We highly recommend to check `editable` field's capability by the built-in function `um_can_edit_field( $field_data );`.
- If you extends the predefined fields please make sure that there is `editable` attribute set to "true" if you need this field set to editable by default.
- In the case if there aren't `editable` attribute it will be considered as non-editable.
- As legacy workaround we check the `editable` field attribute by the `! empty( $field_data['editable'] );` condition, so in case if you had integer format 1|0 for the `editable` attribute it will also work.
-
-* Enhancements:
-
* Bugfixes:
- Fixed: Empty mail From data when there isn't set an option
- Fixed: Nonce validation for the admin actions handler
- Fixed: REST API endpoint List Pages redirecting to the homepage
- - Fixed: Standardize the 'editable' attribute for the UM fields and hooks that can extend these fields. All fields that can be editable on the User Profile form has to have `editable` attribute set to `true`
+ - Fixed: Standardize the 'editable' attribute for the UM fields and hooks that can extend these fields
- Fixed: Redirection from default WordPress registration to UM registration page (if it's not a published)
= 2.6.10: August 17, 2023 =