From 700c418bfe368b1db1ce2547012e135ceaa1d565 Mon Sep 17 00:00:00 2001 From: Mykyta Synelnikov Date: Fri, 18 Aug 2023 15:19:42 +0300 Subject: [PATCH 01/20] - updated versions; --- readme.txt | 4 ++++ ultimate-member.php | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/readme.txt b/readme.txt index d096b04c..4da05f72 100644 --- a/readme.txt +++ b/readme.txt @@ -166,6 +166,10 @@ No specific extensions are needed. But we highly recommended keep active these P IMPORTANT: PLEASE UPDATE THE PLUGIN TO AT LEAST VERSION 2.6.7 IMMEDIATELY. VERSION 2.6.7 PATCHES SECURITY PRIVILEGE ESCALATION VULNERABILITY. PLEASE SEE [THIS ARTICLE](https://docs.ultimatemember.com/article/1866-security-incident-update-and-recommended-actions) FOR MORE INFORMATION += 2.6.11: September xx, 2023 = + + + = 2.6.10: August 17, 2023 = * Enhancements: diff --git a/ultimate-member.php b/ultimate-member.php index e93c957c..3949f110 100644 --- a/ultimate-member.php +++ b/ultimate-member.php @@ -3,7 +3,7 @@ * Plugin Name: Ultimate Member * Plugin URI: http://ultimatemember.com/ * Description: The easiest way to create powerful online communities and beautiful user profiles with WordPress - * Version: 2.6.10 + * Version: 2.6.11-alpha * Author: Ultimate Member * Author URI: http://ultimatemember.com/ * Text Domain: ultimate-member From fd3daabbc7e09b38e5520eb3c247e1025e34544e Mon Sep 17 00:00:00 2001 From: Mykyta Synelnikov Date: Fri, 18 Aug 2023 15:28:44 +0300 Subject: [PATCH 02/20] - fixed "editable" field data format in predefined forms; --- includes/class-config.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/includes/class-config.php b/includes/class-config.php index 5049a341..ffeb704a 100644 --- a/includes/class-config.php +++ b/includes/class-config.php @@ -271,14 +271,14 @@ if ( ! class_exists( 'um\Config' ) ) { ) ); $this->core_form_meta['register'] = array( - '_um_custom_fields' => 'a:6:{s:10:"user_login";a:15:{s:5:"title";s:8:"Username";s:7:"metakey";s:10:"user_login";s:4:"type";s:4:"text";s:5:"label";s:8:"Username";s:8:"required";i:1;s:6:"public";i:1;s:8:"editable";i:0;s:8:"validate";s:15:"unique_username";s:9:"min_chars";i:3;s:9:"max_chars";i:24;s:8:"position";s:1:"1";s:6:"in_row";s:9:"_um_row_1";s:10:"in_sub_row";s:1:"0";s:9:"in_column";s:1:"1";s:8:"in_group";s:0:"";}s:10:"user_email";a:13:{s:5:"title";s:14:"E-mail Address";s:7:"metakey";s:10:"user_email";s:4:"type";s:4:"text";s:5:"label";s:14:"E-mail Address";s:8:"required";i:0;s:6:"public";i:1;s:8:"editable";i:1;s:8:"validate";s:12:"unique_email";s:8:"position";s:1:"4";s:6:"in_row";s:9:"_um_row_1";s:10:"in_sub_row";s:1:"0";s:9:"in_column";s:1:"1";s:8:"in_group";s:0:"";}s:13:"user_password";a:16:{s:5:"title";s:8:"Password";s:7:"metakey";s:13:"user_password";s:4:"type";s:8:"password";s:5:"label";s:8:"Password";s:8:"required";i:1;s:6:"public";i:1;s:8:"editable";i:1;s:9:"min_chars";i:8;s:9:"max_chars";i:30;s:15:"force_good_pass";i:1;s:18:"force_confirm_pass";i:1;s:8:"position";s:1:"5";s:6:"in_row";s:9:"_um_row_1";s:10:"in_sub_row";s:1:"0";s:9:"in_column";s:1:"1";s:8:"in_group";s:0:"";}s:10:"first_name";a:12:{s:5:"title";s:10:"First Name";s:7:"metakey";s:10:"first_name";s:4:"type";s:4:"text";s:5:"label";s:10:"First Name";s:8:"required";i:0;s:6:"public";i:1;s:8:"editable";i:1;s:8:"position";s:1:"2";s:6:"in_row";s:9:"_um_row_1";s:10:"in_sub_row";s:1:"0";s:9:"in_column";s:1:"1";s:8:"in_group";s:0:"";}s:9:"last_name";a:12:{s:5:"title";s:9:"Last Name";s:7:"metakey";s:9:"last_name";s:4:"type";s:4:"text";s:5:"label";s:9:"Last Name";s:8:"required";i:0;s:6:"public";i:1;s:8:"editable";i:1;s:8:"position";s:1:"3";s:6:"in_row";s:9:"_um_row_1";s:10:"in_sub_row";s:1:"0";s:9:"in_column";s:1:"1";s:8:"in_group";s:0:"";}s:9:"_um_row_1";a:4:{s:4:"type";s:3:"row";s:2:"id";s:9:"_um_row_1";s:8:"sub_rows";s:1:"1";s:4:"cols";s:1:"1";}}', + '_um_custom_fields' => 'a:6:{s:10:"user_login";a:15:{s:5:"title";s:8:"Username";s:7:"metakey";s:10:"user_login";s:4:"type";s:4:"text";s:5:"label";s:8:"Username";s:8:"required";i:1;s:6:"public";i:1;s:8:"editable";b:0;s:8:"validate";s:15:"unique_username";s:9:"min_chars";i:3;s:9:"max_chars";i:24;s:8:"position";s:1:"1";s:6:"in_row";s:9:"_um_row_1";s:10:"in_sub_row";s:1:"0";s:9:"in_column";s:1:"1";s:8:"in_group";s:0:"";}s:10:"user_email";a:13:{s:5:"title";s:14:"E-mail Address";s:7:"metakey";s:10:"user_email";s:4:"type";s:4:"text";s:5:"label";s:14:"E-mail Address";s:8:"required";i:0;s:6:"public";i:1;s:8:"editable";b:1;s:8:"validate";s:12:"unique_email";s:8:"position";s:1:"4";s:6:"in_row";s:9:"_um_row_1";s:10:"in_sub_row";s:1:"0";s:9:"in_column";s:1:"1";s:8:"in_group";s:0:"";}s:13:"user_password";a:16:{s:5:"title";s:8:"Password";s:7:"metakey";s:13:"user_password";s:4:"type";s:8:"password";s:5:"label";s:8:"Password";s:8:"required";i:1;s:6:"public";i:1;s:8:"editable";b:1;s:9:"min_chars";i:8;s:9:"max_chars";i:30;s:15:"force_good_pass";i:1;s:18:"force_confirm_pass";i:1;s:8:"position";s:1:"5";s:6:"in_row";s:9:"_um_row_1";s:10:"in_sub_row";s:1:"0";s:9:"in_column";s:1:"1";s:8:"in_group";s:0:"";}s:10:"first_name";a:12:{s:5:"title";s:10:"First Name";s:7:"metakey";s:10:"first_name";s:4:"type";s:4:"text";s:5:"label";s:10:"First Name";s:8:"required";i:0;s:6:"public";i:1;s:8:"editable";b:1;s:8:"position";s:1:"2";s:6:"in_row";s:9:"_um_row_1";s:10:"in_sub_row";s:1:"0";s:9:"in_column";s:1:"1";s:8:"in_group";s:0:"";}s:9:"last_name";a:12:{s:5:"title";s:9:"Last Name";s:7:"metakey";s:9:"last_name";s:4:"type";s:4:"text";s:5:"label";s:9:"Last Name";s:8:"required";i:0;s:6:"public";i:1;s:8:"editable";b:1;s:8:"position";s:1:"3";s:6:"in_row";s:9:"_um_row_1";s:10:"in_sub_row";s:1:"0";s:9:"in_column";s:1:"1";s:8:"in_group";s:0:"";}s:9:"_um_row_1";a:4:{s:4:"type";s:3:"row";s:2:"id";s:9:"_um_row_1";s:8:"sub_rows";s:1:"1";s:4:"cols";s:1:"1";}}', '_um_mode' => 'register', '_um_core' => 'register', '_um_register_use_custom_settings' => 0, ); $this->core_form_meta['login'] = array( - '_um_custom_fields' => 'a:3:{s:8:"username";a:13:{s:5:"title";s:18:"Username or E-mail";s:7:"metakey";s:8:"username";s:4:"type";s:4:"text";s:5:"label";s:18:"Username or E-mail";s:8:"required";i:1;s:6:"public";i:1;s:8:"editable";i:0;s:8:"validate";s:24:"unique_username_or_email";s:8:"position";s:1:"1";s:6:"in_row";s:9:"_um_row_1";s:10:"in_sub_row";s:1:"0";s:9:"in_column";s:1:"1";s:8:"in_group";s:0:"";}s:13:"user_password";a:16:{s:5:"title";s:8:"Password";s:7:"metakey";s:13:"user_password";s:4:"type";s:8:"password";s:5:"label";s:8:"Password";s:8:"required";i:1;s:6:"public";i:1;s:8:"editable";i:1;s:9:"min_chars";i:8;s:9:"max_chars";i:30;s:15:"force_good_pass";i:1;s:18:"force_confirm_pass";i:1;s:8:"position";s:1:"2";s:6:"in_row";s:9:"_um_row_1";s:10:"in_sub_row";s:1:"0";s:9:"in_column";s:1:"1";s:8:"in_group";s:0:"";}s:9:"_um_row_1";a:4:{s:4:"type";s:3:"row";s:2:"id";s:9:"_um_row_1";s:8:"sub_rows";s:1:"1";s:4:"cols";s:1:"1";}}', + '_um_custom_fields' => 'a:3:{s:8:"username";a:13:{s:5:"title";s:18:"Username or E-mail";s:7:"metakey";s:8:"username";s:4:"type";s:4:"text";s:5:"label";s:18:"Username or E-mail";s:8:"required";i:1;s:6:"public";i:1;s:8:"editable";b:0;s:8:"validate";s:24:"unique_username_or_email";s:8:"position";s:1:"1";s:6:"in_row";s:9:"_um_row_1";s:10:"in_sub_row";s:1:"0";s:9:"in_column";s:1:"1";s:8:"in_group";s:0:"";}s:13:"user_password";a:16:{s:5:"title";s:8:"Password";s:7:"metakey";s:13:"user_password";s:4:"type";s:8:"password";s:5:"label";s:8:"Password";s:8:"required";i:1;s:6:"public";i:1;s:8:"editable";b:1;s:9:"min_chars";i:8;s:9:"max_chars";i:30;s:15:"force_good_pass";i:1;s:18:"force_confirm_pass";i:1;s:8:"position";s:1:"2";s:6:"in_row";s:9:"_um_row_1";s:10:"in_sub_row";s:1:"0";s:9:"in_column";s:1:"1";s:8:"in_group";s:0:"";}s:9:"_um_row_1";a:4:{s:4:"type";s:3:"row";s:2:"id";s:9:"_um_row_1";s:8:"sub_rows";s:1:"1";s:4:"cols";s:1:"1";}}', '_um_mode' => 'login', '_um_core' => 'login', '_um_login_use_custom_settings' => 0, From cb2b4e1dece7186c204a5704179a5e5880972581 Mon Sep 17 00:00:00 2001 From: Mykyta Synelnikov Date: Fri, 18 Aug 2023 15:33:12 +0300 Subject: [PATCH 03/20] - fixed "editable" field data format in predefined fields; --- includes/core/class-builtin.php | 78 ++++++++++++++++----------------- 1 file changed, 39 insertions(+), 39 deletions(-) diff --git a/includes/core/class-builtin.php b/includes/core/class-builtin.php index aa8fd090..d296ac55 100644 --- a/includes/core/class-builtin.php +++ b/includes/core/class-builtin.php @@ -740,7 +740,7 @@ if ( ! class_exists( 'um\core\Builtin' ) ) { 'label' => __('Username','ultimate-member'), 'required' => 1, 'public' => 1, - 'editable' => 0, + 'editable' => false, 'validate' => 'unique_username', 'min_chars' => 3, 'max_chars' => 24 @@ -753,7 +753,7 @@ if ( ! class_exists( 'um\core\Builtin' ) ) { 'label' => __('Username or E-mail','ultimate-member'), 'required' => 1, 'public' => 1, - 'editable' => 0, + 'editable' => false, 'validate' => 'unique_username_or_email', ), @@ -764,7 +764,7 @@ if ( ! class_exists( 'um\core\Builtin' ) ) { 'label' => __('Password','ultimate-member'), 'required' => 1, 'public' => 1, - 'editable' => 1, + 'editable' => true, 'min_chars' => 8, 'max_chars' => 30, 'force_good_pass' => 1, @@ -779,7 +779,7 @@ if ( ! class_exists( 'um\core\Builtin' ) ) { 'label' => __('First Name','ultimate-member'), 'required' => 0, 'public' => 1, - 'editable' => 1, + 'editable' => true, ), 'last_name' => array( @@ -789,7 +789,7 @@ if ( ! class_exists( 'um\core\Builtin' ) ) { 'label' => __('Last Name','ultimate-member'), 'required' => 0, 'public' => 1, - 'editable' => 1, + 'editable' => true, ), 'nickname' => array( @@ -799,7 +799,7 @@ if ( ! class_exists( 'um\core\Builtin' ) ) { 'label' => __('Nickname','ultimate-member'), 'required' => 0, 'public' => 1, - 'editable' => 1, + 'editable' => true, ), 'user_url' => array( @@ -809,7 +809,7 @@ if ( ! class_exists( 'um\core\Builtin' ) ) { 'label' => __('Website URL','ultimate-member'), 'required' => 1, 'public' => 1, - 'editable' => 1, + 'editable' => true, 'validate' => 'url' ), @@ -820,7 +820,7 @@ if ( ! class_exists( 'um\core\Builtin' ) ) { 'label' => __('Registration Date','ultimate-member'), 'required' => 0, 'public' => 1, - 'editable' => 1, + 'editable' => true, 'edit_forbidden' => 1, ), @@ -831,7 +831,7 @@ if ( ! class_exists( 'um\core\Builtin' ) ) { 'label' => __('Last Login','ultimate-member'), 'required' => 0, 'public' => 1, - 'editable' => 1, + 'editable' => true, 'edit_forbidden' => 1, ), @@ -853,7 +853,7 @@ if ( ! class_exists( 'um\core\Builtin' ) ) { 'label' => __('Secondary E-mail Address','ultimate-member'), 'required' => 0, 'public' => 1, - 'editable' => 1, + 'editable' => true, 'validate' => 'unique_email', 'autocomplete' => 'off' ), @@ -866,7 +866,7 @@ if ( ! class_exists( 'um\core\Builtin' ) ) { 'html' => 0, 'required' => 0, 'public' => 1, - 'editable' => 1, + 'editable' => true, 'max_words' => 40, 'placeholder' => __('Enter a bit about yourself...','ultimate-member'), ), @@ -878,7 +878,7 @@ if ( ! class_exists( 'um\core\Builtin' ) ) { 'label' => __('Birth Date','ultimate-member'), 'required' => 0, 'public' => 1, - 'editable' => 1, + 'editable' => true, 'pretty_format' => 1, 'years' => 115, 'years_x' => 'past', @@ -892,7 +892,7 @@ if ( ! class_exists( 'um\core\Builtin' ) ) { 'label' => __('Gender','ultimate-member'), 'required' => 0, 'public' => 1, - 'editable' => 1, + 'editable' => true, 'options' => array( __('Male','ultimate-member'), __('Female','ultimate-member') ) ), @@ -904,7 +904,7 @@ if ( ! class_exists( 'um\core\Builtin' ) ) { 'placeholder' => __('Choose a Country','ultimate-member'), 'required' => 0, 'public' => 1, - 'editable' => 1, + 'editable' => true, 'options' => $this->get('countries') ), @@ -915,7 +915,7 @@ if ( ! class_exists( 'um\core\Builtin' ) ) { 'label' => __('Facebook','ultimate-member'), 'required' => 0, 'public' => 1, - 'editable' => 1, + 'editable' => true, 'url_target' => '_blank', 'url_rel' => 'nofollow', 'icon' => 'um-faicon-facebook', @@ -933,7 +933,7 @@ if ( ! class_exists( 'um\core\Builtin' ) ) { 'label' => __('Twitter','ultimate-member'), 'required' => 0, 'public' => 1, - 'editable' => 1, + 'editable' => true, 'url_target' => '_blank', 'url_rel' => 'nofollow', 'icon' => 'um-faicon-twitter', @@ -951,7 +951,7 @@ if ( ! class_exists( 'um\core\Builtin' ) ) { 'label' => __('LinkedIn','ultimate-member'), 'required' => 0, 'public' => 1, - 'editable' => 1, + 'editable' => true, 'url_target' => '_blank', 'url_rel' => 'nofollow', 'icon' => 'um-faicon-linkedin', @@ -969,7 +969,7 @@ if ( ! class_exists( 'um\core\Builtin' ) ) { 'label' => __('Instagram','ultimate-member'), 'required' => 0, 'public' => 1, - 'editable' => 1, + 'editable' => true, 'url_target' => '_blank', 'url_rel' => 'nofollow', 'icon' => 'um-faicon-instagram', @@ -987,7 +987,7 @@ if ( ! class_exists( 'um\core\Builtin' ) ) { 'label' => __('Skype ID','ultimate-member'), 'required' => 0, 'public' => 1, - 'editable' => 1, + 'editable' => true, 'url_target' => '_blank', 'url_rel' => 'nofollow', 'icon' => 'um-faicon-skype', @@ -1002,7 +1002,7 @@ if ( ! class_exists( 'um\core\Builtin' ) ) { 'label' => __('Viber number','ultimate-member'), 'required' => 0, 'public' => 1, - 'editable' => 1, + 'editable' => true, 'url_target' => '_blank', 'url_rel' => 'nofollow', 'icon' => 'um-icon-ios-telephone', @@ -1016,7 +1016,7 @@ if ( ! class_exists( 'um\core\Builtin' ) ) { 'label' => __('WhatsApp number','ultimate-member'), 'required' => 0, 'public' => 1, - 'editable' => 1, + 'editable' => true, 'url_target' => '_blank', 'url_rel' => 'nofollow', 'icon' => 'um-icon-social-whatsapp', @@ -1030,7 +1030,7 @@ if ( ! class_exists( 'um\core\Builtin' ) ) { 'label' => __('Telegram','ultimate-member'), 'required' => 0, 'public' => 1, - 'editable' => 1, + 'editable' => true, 'url_target' => '_blank', 'url_rel' => 'nofollow', 'icon' => 'um-faicon-paper-plane', @@ -1046,7 +1046,7 @@ if ( ! class_exists( 'um\core\Builtin' ) ) { 'label' => __('Discord ID','ultimate-member'), 'required' => 0, 'public' => 1, - 'editable' => 1, + 'editable' => true, 'url_target' => '_blank', 'url_rel' => 'nofollow', 'validate' => 'discord', @@ -1059,7 +1059,7 @@ if ( ! class_exists( 'um\core\Builtin' ) ) { 'label' => __('TikTok','ultimate-member'), 'required' => 0, 'public' => 1, - 'editable' => 1, + 'editable' => true, 'url_target' => '_blank', 'url_rel' => 'nofollow', 'icon' => 'um-icon-ios-musical-note', @@ -1077,7 +1077,7 @@ if ( ! class_exists( 'um\core\Builtin' ) ) { 'label' => __('Twitch','ultimate-member'), 'required' => 0, 'public' => 1, - 'editable' => 1, + 'editable' => true, 'icon' => 'um-faicon-twitch', 'url_target' => '_blank', 'url_rel' => 'nofollow', @@ -1095,7 +1095,7 @@ if ( ! class_exists( 'um\core\Builtin' ) ) { 'label' => __('Reddit','ultimate-member'), 'required' => 0, 'public' => 1, - 'editable' => 1, + 'editable' => true, 'icon' => 'um-icon-social-reddit', 'url_target' => '_blank', 'url_rel' => 'nofollow', @@ -1113,7 +1113,7 @@ if ( ! class_exists( 'um\core\Builtin' ) ) { 'label' => __( 'YouTube', 'ultimate-member' ), 'required' => 0, 'public' => 1, - 'editable' => 1, + 'editable' => true, 'url_target' => '_blank', 'url_rel' => 'nofollow', 'icon' => 'um-faicon-youtube', @@ -1134,7 +1134,7 @@ if ( ! class_exists( 'um\core\Builtin' ) ) { 'label' => __( 'SoundCloud', 'ultimate-member' ), 'required' => 0, 'public' => 1, - 'editable' => 1, + 'editable' => true, 'url_target' => '_blank', 'url_rel' => 'nofollow', 'icon' => 'um-faicon-soundcloud', @@ -1153,7 +1153,7 @@ if ( ! class_exists( 'um\core\Builtin' ) ) { 'placeholder' => 'Choose account type', 'required' => 0, 'public' => 1, - 'editable' => 1, + 'editable' => true, 'options' => $um_roles, ), @@ -1164,7 +1164,7 @@ if ( ! class_exists( 'um\core\Builtin' ) ) { 'label' => __('Account Type','ultimate-member'), 'required' => 0, 'public' => 1, - 'editable' => 1, + 'editable' => true, 'options' => $um_roles, ), @@ -1176,7 +1176,7 @@ if ( ! class_exists( 'um\core\Builtin' ) ) { 'placeholder' => __('Select languages','ultimate-member'), 'required' => 0, 'public' => 1, - 'editable' => 1, + 'editable' => true, 'options' => $this->get('languages'), ), @@ -1187,7 +1187,7 @@ if ( ! class_exists( 'um\core\Builtin' ) ) { 'label' => __('Phone Number','ultimate-member'), 'required' => 0, 'public' => 1, - 'editable' => 1, + 'editable' => true, 'validate' => 'phone_number', 'icon' => 'um-faicon-phone', ), @@ -1199,7 +1199,7 @@ if ( ! class_exists( 'um\core\Builtin' ) ) { 'label' => __('Mobile Number','ultimate-member'), 'required' => 0, 'public' => 1, - 'editable' => 1, + 'editable' => true, 'validate' => 'phone_number', 'icon' => 'um-faicon-mobile', ), @@ -1242,7 +1242,7 @@ if ( ! class_exists( 'um\core\Builtin' ) ) { 'placeholder' => __('Enter your username or email','ultimate-member'), 'required' => 1, 'public' => 1, - 'editable' => 0, + 'editable' => false, 'private_use' => true, ), @@ -1256,7 +1256,7 @@ if ( ! class_exists( 'um\core\Builtin' ) ) { 'help' => __( 'Who can see your public profile?', 'ultimate-member' ), 'required' => 0, 'public' => 1, - 'editable' => 1, + 'editable' => true, 'default' => 'Everyone', 'options' => $profile_privacy, 'allowclear' => 0, @@ -1272,7 +1272,7 @@ if ( ! class_exists( 'um\core\Builtin' ) ) { 'help' => __( 'Hide my profile for robots?', 'ultimate-member' ), 'required' => 0, 'public' => 1, - 'editable' => 1, + 'editable' => true, 'default' => UM()->roles()->um_user_can( 'profile_noindex' ) ? '1' : '0', 'options' => array( '0' => __( 'No', 'ultimate-member' ), @@ -1291,7 +1291,7 @@ if ( ! class_exists( 'um\core\Builtin' ) ) { 'help' => __( 'Here you can hide yourself from appearing in public directory', 'ultimate-member' ), 'required' => 0, 'public' => 1, - 'editable' => 1, + 'editable' => true, 'default' => UM()->member_directory()->get_hide_in_members_default() ? 'Yes' : 'No', 'options' => array( 'No' => __( 'No', 'ultimate-member' ), @@ -1309,7 +1309,7 @@ if ( ! class_exists( 'um\core\Builtin' ) ) { 'help' => __( 'If you confirm, everything related to your profile will be deleted permanently from the site', 'ultimate-member' ), 'required' => 0, 'public' => 1, - 'editable' => 1, + 'editable' => true, 'default' => __( 'No', 'ultimate-member' ), 'options' => array( __( 'Yes', 'ultimate-member' ), @@ -1325,7 +1325,7 @@ if ( ! class_exists( 'um\core\Builtin' ) ) { 'label' => __( 'Password', 'ultimate-member' ), 'required' => 1, 'public' => 1, - 'editable' => 1, + 'editable' => true, 'account_only' => true, ), From 2a9920fad2de868b26d33174b525850fe4202821 Mon Sep 17 00:00:00 2001 From: ashubawork Date: Tue, 22 Aug 2023 16:19:42 +0300 Subject: [PATCH 04/20] - fix empty mail_from and mail_from_addr --- includes/core/class-mail.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/includes/core/class-mail.php b/includes/core/class-mail.php index 3610d467..b46854ea 100644 --- a/includes/core/class-mail.php +++ b/includes/core/class-mail.php @@ -435,7 +435,9 @@ if ( ! class_exists( 'um\core\Mail' ) ) { do_action( 'um_before_email_notification_sending', $email, $template, $args ); $this->attachments = array(); - $this->headers = 'From: ' . stripslashes( UM()->options()->get( 'mail_from' ) ) . ' <' . UM()->options()->get( 'mail_from_addr' ) . '>' . "\r\n"; + $mail_from = UM()->options()->get( 'mail_from' ) ? UM()->options()->get( 'mail_from' ) : get_bloginfo( 'name' ); + $mail_from_addr = UM()->options()->get( 'mail_from_addr' ) ? UM()->options()->get( 'mail_from_addr' ) : get_bloginfo( 'admin_email' ); + $this->headers = 'From: ' . stripslashes( $mail_from ) . ' <' . $mail_from_addr . '>' . "\r\n"; add_filter( 'um_template_tags_patterns_hook', array( UM()->mail(), 'add_placeholder' ), 10, 1 ); add_filter( 'um_template_tags_replaces_hook', array( UM()->mail(), 'add_replace_placeholder' ), 10, 1 ); From 8cb6c79c268bcd03c7f4d89228150afae35dbef4 Mon Sep 17 00:00:00 2001 From: Mykyta Synelnikov Date: Tue, 22 Aug 2023 17:17:40 +0300 Subject: [PATCH 05/20] - fixed "Can user edit this field?" option. It changed to the bool type with true|false values only. Field can be editable only in the case if 'editable'===true --- includes/admin/core/class-admin-metabox.php | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/includes/admin/core/class-admin-metabox.php b/includes/admin/core/class-admin-metabox.php index 4e35a663..d1dc81b8 100644 --- a/includes/admin/core/class-admin-metabox.php +++ b/includes/admin/core/class-admin-metabox.php @@ -2378,15 +2378,21 @@ if ( ! class_exists( 'um\admin\core\Admin_Metabox' ) ) { break; case '_editable': + // Make a new field editable by default. + if ( false === $this->in_edit ) { + $this->edit_mode_value = true; + } + + if ( empty( $this->edit_mode_value ) ) { + $this->edit_mode_value = false; + } ?>
- -

+

- edit_mode_value || $this->edit_mode_value ) ?> /> + edit_mode_value ); ?> />

-
Date: Wed, 23 Aug 2023 19:40:06 +0800 Subject: [PATCH 06/20] Add nonce validation for download install info --- includes/admin/core/class-admin-settings.php | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/includes/admin/core/class-admin-settings.php b/includes/admin/core/class-admin-settings.php index 3a1bb03b..29b62c94 100644 --- a/includes/admin/core/class-admin-settings.php +++ b/includes/admin/core/class-admin-settings.php @@ -3689,6 +3689,7 @@ Use Only Cookies: +

@@ -3700,7 +3701,13 @@ Use Only Cookies: Date: Wed, 23 Aug 2023 15:00:21 +0300 Subject: [PATCH 07/20] - fixed variable type for UM()->form()->processing and UM()->fields()->set_id; --- includes/core/class-account.php | 2 +- includes/core/class-fields.php | 4 ++-- includes/core/class-form.php | 2 +- includes/core/class-password.php | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/includes/core/class-account.php b/includes/core/class-account.php index 6668d2ba..03786d90 100644 --- a/includes/core/class-account.php +++ b/includes/core/class-account.php @@ -567,7 +567,7 @@ if ( ! class_exists( 'um\core\Account' ) ) { function get_tab_fields( $id, $shortcode_args ) { $output = null; - UM()->fields()->set_id = $id; + UM()->fields()->set_id = absint( $id ); UM()->fields()->set_mode = 'account'; UM()->fields()->editing = true; diff --git a/includes/core/class-fields.php b/includes/core/class-fields.php index c7171e38..0ce140bd 100644 --- a/includes/core/class-fields.php +++ b/includes/core/class-fields.php @@ -4047,7 +4047,7 @@ if ( ! class_exists( 'um\core\Fields' ) ) { UM()->form()->nonce = wp_create_nonce( 'um-profile-nonce' . UM()->user()->target_id ); } - $this->set_id = $this->global_args['form_id']; + $this->set_id = absint( $this->global_args['form_id'] ); $this->field_icons = ( isset( $this->global_args['icons'] ) ) ? $this->global_args['icons'] : 'label'; @@ -4548,7 +4548,7 @@ if ( ! class_exists( 'um\core\Fields' ) ) { UM()->form()->form_suffix = '-' . $this->global_args['form_id']; $this->set_mode = $mode; - $this->set_id = $this->global_args['form_id']; + $this->set_id = absint( $this->global_args['form_id'] ); $this->field_icons = ( isset( $this->global_args['icons'] ) ) ? $this->global_args['icons'] : 'label'; diff --git a/includes/core/class-form.php b/includes/core/class-form.php index 8821984f..aa4bbdfd 100644 --- a/includes/core/class-form.php +++ b/includes/core/class-form.php @@ -710,7 +710,7 @@ if ( ! class_exists( 'um\core\Form' ) ) { public function beautify( $form ) { if ( isset( $form['form_id'] ) ) { $this->form_suffix = '-' . $form['form_id']; - $this->processing = $form['form_id']; + $this->processing = absint( $form['form_id'] ); foreach ( $form as $key => $value ) { if ( strstr( $key, $this->form_suffix ) ) { diff --git a/includes/core/class-password.php b/includes/core/class-password.php index d62a712f..a5e1c882 100644 --- a/includes/core/class-password.php +++ b/includes/core/class-password.php @@ -170,7 +170,7 @@ if ( ! class_exists( 'um\core\Password' ) ) { return ''; } - UM()->fields()->set_id = $args['form_id']; + UM()->fields()->set_id = absint( $args['form_id'] ); ob_start(); From 42bfa3fa619d74e7dc7407a9046576a6f5170968 Mon Sep 17 00:00:00 2001 From: Mykyta Synelnikov Date: Thu, 24 Aug 2023 17:37:41 +0300 Subject: [PATCH 08/20] - added `um_force_shortcode_render` hook for echo custom content in `ultimatemember` shortcode; --- includes/core/class-shortcodes.php | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/includes/core/class-shortcodes.php b/includes/core/class-shortcodes.php index 896019dd..e70dfae3 100644 --- a/includes/core/class-shortcodes.php +++ b/includes/core/class-shortcodes.php @@ -805,6 +805,12 @@ if ( ! class_exists( 'um\core\Shortcodes' ) ) { } } + $content = apply_filters( 'um_force_shortcode_render', false, $args ); + if ( false !== $content ) { + ob_get_clean(); + return $content; + } + /** * Fires before loading form shortcode. * From 53a6ffc78dab70a3c9f737cacee78a58ea6ff1bb Mon Sep 17 00:00:00 2001 From: yuriinalivaiko Date: Sun, 27 Aug 2023 00:11:52 +0300 Subject: [PATCH 09/20] - fixed REST API endpoint List Pages --- includes/core/um-actions-profile.php | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/includes/core/um-actions-profile.php b/includes/core/um-actions-profile.php index 0e8b5bbc..b62a4954 100644 --- a/includes/core/um-actions-profile.php +++ b/includes/core/um-actions-profile.php @@ -1374,6 +1374,11 @@ function um_pre_profile_shortcode( $args ) { return; } + // disable for the REST API requests. + if ( defined( 'REST_REQUEST' ) && REST_REQUEST ) { + return; + } + if ( true === UM()->fields()->editing ) { if ( um_get_requested_user() ) { if ( ! UM()->roles()->um_current_user_can( 'edit', um_get_requested_user() ) ) { From 5496162730ad0ba4e322f0630e1da1e63c62da6c Mon Sep 17 00:00:00 2001 From: yuriinalivaiko Date: Sun, 27 Aug 2023 21:29:36 +0300 Subject: [PATCH 10/20] - fixed redirection from default registration to UM registration page --- includes/core/um-actions-register.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/includes/core/um-actions-register.php b/includes/core/um-actions-register.php index a0aaa51a..9171612b 100644 --- a/includes/core/um-actions-register.php +++ b/includes/core/um-actions-register.php @@ -742,12 +742,12 @@ function um_registration_set_profile_full_name( $user_id, $args ) { add_action( 'um_registration_set_extra_data', 'um_registration_set_profile_full_name', 10, 2 ); /** - * Redirect from default registration to UM registration page + * Redirect from default registration to UM registration page */ function um_form_register_redirect() { - $page_id = UM()->options()->get( UM()->options()->get_core_page_id( 'register' ) ); - $register_post = get_post( $page_id ); - if ( ! empty( $register_post ) ) { + $page_id = UM()->options()->get( UM()->options()->get_core_page_id( 'register' ) ); + // Do not redirect if the registration page is not published. + if ( ! empty( $page_id ) && 'publish' === get_post_status( $page_id ) ) { // Not `um_safe_redirect()` because predefined register page is situated on the same host. wp_safe_redirect( get_permalink( $page_id ) ); exit(); From 8b19234dcf6627350ce88c9fd820bf644def3ed7 Mon Sep 17 00:00:00 2001 From: Mykyta Synelnikov Date: Mon, 28 Aug 2023 15:10:42 +0300 Subject: [PATCH 11/20] - fixed [ultimatemember] shortcode using with a wrong|empty form_id; --- includes/core/class-shortcodes.php | 4 ++++ includes/um-short-functions.php | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/includes/core/class-shortcodes.php b/includes/core/class-shortcodes.php index e70dfae3..c982fc95 100644 --- a/includes/core/class-shortcodes.php +++ b/includes/core/class-shortcodes.php @@ -648,7 +648,11 @@ if ( ! class_exists( 'um\core\Shortcodes' ) ) { if ( ! array_key_exists( 'form_id', $args ) ) { return ''; } + $this->form_id = $args['form_id']; + if ( empty( $this->form_id ) ) { + return ''; + } $this->form_status = get_post_status( $this->form_id ); if ( 'publish' !== $this->form_status ) { diff --git a/includes/um-short-functions.php b/includes/um-short-functions.php index 7f82e9ff..13b8e7fc 100644 --- a/includes/um-short-functions.php +++ b/includes/um-short-functions.php @@ -2303,7 +2303,7 @@ function um_get_default_cover_uri() { * @param $data * @param null $attrs * - * @return string|array + * @return int|string|array */ function um_user( $data, $attrs = null ) { From a2b52cdd0cec283bb0ddcb7627bcc9a63115c09e Mon Sep 17 00:00:00 2001 From: Mykyta Synelnikov Date: Mon, 28 Aug 2023 23:20:14 +0300 Subject: [PATCH 12/20] - fixed changes added for #1277; - probably fix for #1292; --- includes/core/class-fields.php | 33 ++++++++++++++++++----------- includes/core/um-filters-fields.php | 18 ++++++---------- 2 files changed, 28 insertions(+), 23 deletions(-) diff --git a/includes/core/class-fields.php b/includes/core/class-fields.php index 0ce140bd..fdbba3ec 100644 --- a/includes/core/class-fields.php +++ b/includes/core/class-fields.php @@ -15,13 +15,13 @@ if ( ! class_exists( 'um\core\Fields' ) ) { /** - * @var string + * @var null|string */ - public $set_mode = ''; + public $set_mode = null; /** - * @var int form_id + * @var null|int form_id */ public $set_id = null; @@ -1547,30 +1547,39 @@ if ( ! class_exists( 'um\core\Fields' ) ) { /** * Get form fields * + * @var null|int $form_id + * * @return array */ public function get_fields() { - if ( empty( $this->fields ) ) { + if ( empty( $this->set_id ) ) { + return array(); + } + + if ( empty( $this->fields[ $this->set_id ] ) ) { /** * Filters the form fields. * - * @param {array} $fields Form fields. + * @param {array} $fields Form fields. + * @param {int} $form_id Form ID. Since 2.6.11 * * @return {array} Form fields. * * @since 1.3.x + * @since 2.6.11 Added Form ID attribute. * @hook um_get_form_fields * * @example Extend form fields. - * function my_form_fields( $fields ) { + * function my_form_fields( $fields, $form_id ) { * // your code here * return $fields; * } - * add_filter( 'um_get_form_fields', 'my_form_fields' ); + * add_filter( 'um_get_form_fields', 'my_form_fields', 10, 2 ); */ - $this->fields = apply_filters( 'um_get_form_fields', $this->fields ); + $this->fields[ $this->set_id ] = apply_filters( 'um_get_form_fields', array(), $this->set_id ); } - return $this->fields; + + return $this->fields[ $this->set_id ]; } /** @@ -1581,7 +1590,7 @@ if ( ! class_exists( 'um\core\Fields' ) ) { * @return mixed * @throws \Exception */ - function get_field( $key ) { + public function get_field( $key ) { $fields = $this->get_fields(); if ( isset( $fields ) && is_array( $fields ) && isset( $fields[ $key ] ) ) { @@ -4034,7 +4043,7 @@ if ( ! class_exists( 'um\core\Fields' ) ) { * @return string|null * @throws \Exception */ - function display( $mode, $args ) { + public function display( $mode, $args ) { $output = null; $this->global_args = $args; @@ -4540,7 +4549,7 @@ if ( ! class_exists( 'um\core\Fields' ) ) { * @return string|null * @throws \Exception */ - function display_view( $mode, $args ) { + public function display_view( $mode, $args ) { $output = null; $this->global_args = $args; diff --git a/includes/core/um-filters-fields.php b/includes/core/um-filters-fields.php index b4b7e41d..1727b234 100644 --- a/includes/core/um-filters-fields.php +++ b/includes/core/um-filters-fields.php @@ -511,25 +511,21 @@ add_filter( 'um_profile_field_filter_hook__', 'um_profile_field_filter_hook__', /** * Get form fields * - * @param $array + * @param string|array $array + * @param int $form_id * - * @return mixed|string + * @return array|string */ -function um_get_form_fields( $array ) { - - $form_id = (isset ( UM()->fields()->set_id ) ) ? UM()->fields()->set_id : null; - $mode = (isset( UM()->fields()->set_mode ) ) ? UM()->fields()->set_mode : null; - - if ( $form_id && $mode ) { - $array = UM()->query()->get_attr('custom_fields', $form_id ); +function um_get_form_fields( $array, $form_id ) { + if ( $form_id && UM()->fields()->set_mode ) { + $array = UM()->query()->get_attr( 'custom_fields', $form_id ); } else { $array = ''; } return $array; - } -add_filter( 'um_get_form_fields', 'um_get_form_fields', 99 ); +add_filter( 'um_get_form_fields', 'um_get_form_fields', 99, 2 ); /** From fca7b4b0d582c2c6d45db28b35b7322f6baec232 Mon Sep 17 00:00:00 2001 From: Mykyta Synelnikov Date: Thu, 31 Aug 2023 11:27:11 +0300 Subject: [PATCH 13/20] - fixed `[ultimatemember]` shortcode attributes; --- includes/core/class-shortcodes.php | 10 ++++++++++ ultimate-member.php | 2 +- 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/includes/core/class-shortcodes.php b/includes/core/class-shortcodes.php index c982fc95..87175b7b 100644 --- a/includes/core/class-shortcodes.php +++ b/includes/core/class-shortcodes.php @@ -602,6 +602,16 @@ if ( ! class_exists( 'um\core\Shortcodes' ) ) { * @return string */ public function ultimatemember( $args = array() ) { + // There is possible to use 'shortcode_atts_ultimatemember' filter for getting customized `$args`. + $args = shortcode_atts( + array( + 'form_id' => '', + 'is_block' => 0, + ), + $args, + 'ultimatemember' + ); + /** * Filters variable for enable singleton shortcode loading on the same page. * Note: Set it to `false` if you don't need to render the same form twice or more on the same page. diff --git a/ultimate-member.php b/ultimate-member.php index 3949f110..5e8517cd 100644 --- a/ultimate-member.php +++ b/ultimate-member.php @@ -3,7 +3,7 @@ * Plugin Name: Ultimate Member * Plugin URI: http://ultimatemember.com/ * Description: The easiest way to create powerful online communities and beautiful user profiles with WordPress - * Version: 2.6.11-alpha + * Version: 2.6.11 * Author: Ultimate Member * Author URI: http://ultimatemember.com/ * Text Domain: ultimate-member From 6e9d1224949ef62b72fa5fd6fead99314c69bb34 Mon Sep 17 00:00:00 2001 From: Mykyta Synelnikov Date: Sat, 2 Sep 2023 00:53:51 +0300 Subject: [PATCH 14/20] - fixed "is_block" argument for ultimatemember shortcodes; - added sanitize shortcode arguments functions; --- includes/core/class-account.php | 16 ++++++++-------- includes/core/class-fields.php | 10 +++++----- includes/core/class-shortcodes.php | 8 ++++++-- 3 files changed, 19 insertions(+), 15 deletions(-) diff --git a/includes/core/class-account.php b/includes/core/class-account.php index 03786d90..d48e08d1 100644 --- a/includes/core/class-account.php +++ b/includes/core/class-account.php @@ -610,8 +610,8 @@ if ( ! class_exists( 'um\core\Account' ) ) { $this->init_displayed_fields( $fields, $id ); foreach ( $fields as $key => $data ) { - if ( isset( $shortcode_args['is_block'] ) && 1 === (int) $shortcode_args['is_block'] ) { - $data['is_block'] = 1; + if ( ! empty( $shortcode_args['is_block'] ) ) { + $data['is_block'] = true; } $output .= UM()->fields()->edit_field( $key, $data ); } @@ -653,8 +653,8 @@ if ( ! class_exists( 'um\core\Account' ) ) { $this->init_displayed_fields( $fields, $id ); foreach ( $fields as $key => $data ) { - if ( isset( $shortcode_args['is_block'] ) && 1 === (int) $shortcode_args['is_block'] ) { - $data['is_block'] = 1; + if ( ! empty( $shortcode_args['is_block'] ) ) { + $data['is_block'] = true; } $output .= UM()->fields()->edit_field( $key, $data ); } @@ -710,8 +710,8 @@ if ( ! class_exists( 'um\core\Account' ) ) { $this->init_displayed_fields( $fields, $id ); foreach ( $fields as $key => $data ) { - if ( isset( $shortcode_args['is_block'] ) && 1 === (int) $shortcode_args['is_block'] ) { - $data['is_block'] = 1; + if ( ! empty( $shortcode_args['is_block'] ) ) { + $data['is_block'] = true; } $output .= UM()->fields()->edit_field( $key, $data ); } @@ -751,8 +751,8 @@ if ( ! class_exists( 'um\core\Account' ) ) { $this->init_displayed_fields( $fields, $id ); foreach ( $fields as $key => $data ) { - if ( isset( $shortcode_args['is_block'] ) && 1 === (int) $shortcode_args['is_block'] ) { - $data['is_block'] = 1; + if ( ! empty( $shortcode_args['is_block'] ) ) { + $data['is_block'] = true; } $output .= UM()->fields()->edit_field( $key, $data ); } diff --git a/includes/core/class-fields.php b/includes/core/class-fields.php index fdbba3ec..298a617e 100644 --- a/includes/core/class-fields.php +++ b/includes/core/class-fields.php @@ -2094,7 +2094,7 @@ if ( ! class_exists( 'um\core\Fields' ) ) { public function edit_field( $key, $data, $rule = false, $args = array() ) { global $_um_profile_id; - if ( isset( $data['is_block'] ) && 1 === (int) $data['is_block'] ) { + if ( ! empty( $data['is_block'] ) ) { $form_suffix = ''; } else { $form_suffix = UM()->form()->form_suffix; @@ -2106,7 +2106,7 @@ if ( ! class_exists( 'um\core\Fields' ) ) { $_um_profile_id = um_user( 'ID' ); } - if ( isset( $data['is_block'] ) && 1 === (int) $data['is_block'] && ! is_user_logged_in() ) { + if ( ! empty( $data['is_block'] ) && ! is_user_logged_in() ) { $_um_profile_id = 0; } @@ -4124,7 +4124,7 @@ if ( ! class_exists( 'um\core\Fields' ) ) { if ( $col1_fields ) { foreach ( $col1_fields as $key => $data ) { if ( ! empty( $args['is_block'] ) ) { - $data['is_block'] = 1; + $data['is_block'] = true; } $output .= $this->edit_field( $key, $data ); } @@ -4138,7 +4138,7 @@ if ( ! class_exists( 'um\core\Fields' ) ) { if ( $col1_fields ) { foreach ( $col1_fields as $key => $data ) { if ( ! empty( $args['is_block'] ) ) { - $data['is_block'] = 1; + $data['is_block'] = true; } $output .= $this->edit_field( $key, $data ); } @@ -4150,7 +4150,7 @@ if ( ! class_exists( 'um\core\Fields' ) ) { if ( $col2_fields ) { foreach ( $col2_fields as $key => $data ) { if ( ! empty( $args['is_block'] ) ) { - $data['is_block'] = 1; + $data['is_block'] = true; } $output .= $this->edit_field( $key, $data ); } diff --git a/includes/core/class-shortcodes.php b/includes/core/class-shortcodes.php index 87175b7b..ef725888 100644 --- a/includes/core/class-shortcodes.php +++ b/includes/core/class-shortcodes.php @@ -606,12 +606,16 @@ if ( ! class_exists( 'um\core\Shortcodes' ) ) { $args = shortcode_atts( array( 'form_id' => '', - 'is_block' => 0, + 'is_block' => false, ), $args, 'ultimatemember' ); + // Sanitize shortcode arguments. + $args['form_id'] = ! empty( $args['form_id'] ) ? absint( $args['form_id'] ) : ''; + $args['is_block'] = (bool) $args['is_block']; + /** * Filters variable for enable singleton shortcode loading on the same page. * Note: Set it to `false` if you don't need to render the same form twice or more on the same page. @@ -779,7 +783,7 @@ if ( ! class_exists( 'um\core\Shortcodes' ) ) { } } - if ( isset( $args['is_block'] ) && 1 === (int) $args['is_block'] && 'profile' === $mode && ! is_user_logged_in() ) { + if ( 'profile' === $mode && ! empty( $args['is_block'] ) && ! is_user_logged_in() ) { ob_get_clean(); return ''; } From 4e1e577a21239b5ff4d7968886e0099e84cab184 Mon Sep 17 00:00:00 2001 From: Mykyta Synelnikov Date: Mon, 4 Sep 2023 13:24:28 +0300 Subject: [PATCH 15/20] - fixed PHP notice for $cached_user variable; --- includes/core/class-user.php | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/includes/core/class-user.php b/includes/core/class-user.php index 5da5373c..21276e42 100644 --- a/includes/core/class-user.php +++ b/includes/core/class-user.php @@ -1,9 +1,9 @@ Date: Mon, 4 Sep 2023 20:55:38 +0300 Subject: [PATCH 16/20] - fixed users dropdown; --- includes/admin/assets/js/um-admin-forms.js | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) diff --git a/includes/admin/assets/js/um-admin-forms.js b/includes/admin/assets/js/um-admin-forms.js index 5bd8e40f..531919f4 100644 --- a/includes/admin/assets/js/um-admin-forms.js +++ b/includes/admin/assets/js/um-admin-forms.js @@ -1,14 +1,20 @@ function um_admin_init_users_select() { - if ( jQuery('.um-user-select-field').length ) { + if ( jQuery('.um-user-select-field:visible').length ) { function avatarformat( data ) { var option; if ( ! data.id ) { return data.text; } + if ( 'undefined' !== typeof data.img ) { option = jQuery(' ' + data.text + ''); } else { - var img = data.element.attributes['data-img']['value']; + let img; + if ( 'undefined' !== typeof data.element ) { + if ( 'undefined' !== typeof data.element.attributes['data-img'] ) { + img = data.element.attributes['data-img']['value']; + } + } if ( img ) { option = jQuery(' ' + data.text + ''); } else { @@ -78,7 +84,13 @@ function um_admin_init_users_select() { templateResult: avatarformat }; - jQuery('.um-user-select-field').select2( select2_atts ); + jQuery('.um-user-select-field:visible').each( function() { + if ( jQuery(this).hasClass('select2-hidden-accessible') ) { + jQuery(this).select2( 'destroy' ); + } + }); + + jQuery('.um-user-select-field:visible').select2( select2_atts ); } } @@ -798,6 +810,7 @@ jQuery(document).ready( function() { if ( check_condition( jQuery(this) ) ) { jQuery(this).show(); + um_admin_init_users_select(); } else { jQuery(this).hide(); } From 10467d12cefc66e5a5664321daa9ccb6d1b7bb2c Mon Sep 17 00:00:00 2001 From: Mykyta Synelnikov Date: Tue, 5 Sep 2023 00:24:58 +0300 Subject: [PATCH 17/20] - updated readme.txt; --- readme.txt | 29 +++++++++++++++++++++++++++-- 1 file changed, 27 insertions(+), 2 deletions(-) diff --git a/readme.txt b/readme.txt index 4da05f72..748a51c0 100644 --- a/readme.txt +++ b/readme.txt @@ -7,7 +7,7 @@ Tags: community, member, membership, user-profile, user-registration Requires PHP: 5.6 Requires at least: 5.5 Tested up to: 6.3 -Stable tag: 2.6.10 +Stable tag: 2.6.11 License: GNU Version 2 or Any Later Version License URI: http://www.gnu.org/licenses/gpl-3.0.txt @@ -166,9 +166,34 @@ No specific extensions are needed. But we highly recommended keep active these P IMPORTANT: PLEASE UPDATE THE PLUGIN TO AT LEAST VERSION 2.6.7 IMMEDIATELY. VERSION 2.6.7 PATCHES SECURITY PRIVILEGE ESCALATION VULNERABILITY. PLEASE SEE [THIS ARTICLE](https://docs.ultimatemember.com/article/1866-security-incident-update-and-recommended-actions) FOR MORE INFORMATION -= 2.6.11: September xx, 2023 = += 2.6.11: September 06, 2023 = +* Important: + - Based on the updates of the PHP version and the tightening of code standards to define clear data types, we will change some field attributes and option values. + Where it is possible to do it automatically, it will be done with the help of scripts for updating the database between versions. + In some places, unfortunately, a logical fork is formed with legacy data, which cannot be considered unambiguously during automatic updating and can lead to unexpected consequences. + We need to standardize such places in the code and ask you to manually update the data where necessary. + So that you can decide for yourself which data should be generated in a new format through the user interface in the case of a regular user or in code and custom callbacks in the case of developers. + + - For regular users: Check all fields on each profile form and their option named as "Can user edit this field?". + You may have an incorrect value for the `editable` attribute in your database for predefined or custom fields. + So you need to re-update the fields' settings for the fields that aren't editable. + - For developers: The valid data format is boolean `false|true`. + We highly recommend to check `editable` field's capability by the built-in function `um_can_edit_field( $field_data );`. + If you extends the predefined fields please make sure that there is `editable` attribute set to "true" if you need this field set to editable by default. + In the case if there aren't `editable` attribute it will be considered as non-editable. + As legacy workaround we check the `editable` field attribute by the `! empty( $field_data['editable'] );` condition, so in case if you had integer format 1|0 for the `editable` attribute it will also work. + +* Enhancements: + +* Bugfixes: + + - Fixed: Empty mail From data when there isn't set an option + - Fixed: Nonce validation for the admin actions handler + - Fixed: REST API endpoint List Pages redirecting to the homepage + - Fixed: Standardize the 'editable' attribute for the UM fields and hooks that can extend these fields. All fields that can be editable on the User Profile form has to have `editable` attribute set to `true` + - Fixed: Redirection from default WordPress registration to UM registration page (if it's not a published) = 2.6.10: August 17, 2023 = From e5b8ff400e90b12169991afbab21fae43ef5407b Mon Sep 17 00:00:00 2001 From: Mykyta Synelnikov Date: Tue, 5 Sep 2023 01:12:16 +0300 Subject: [PATCH 18/20] - fixed editable attribute base on the legacy code; - if `editable` attribute doesn't exist then we set `editable` to true by default; --- includes/admin/core/class-admin-metabox.php | 5 +++++ includes/core/class-fields.php | 9 ++++++--- includes/core/class-form.php | 3 ++- includes/core/um-actions-profile.php | 9 +++++---- includes/um-short-functions.php | 3 ++- 5 files changed, 20 insertions(+), 9 deletions(-) diff --git a/includes/admin/core/class-admin-metabox.php b/includes/admin/core/class-admin-metabox.php index d1dc81b8..776e25a8 100644 --- a/includes/admin/core/class-admin-metabox.php +++ b/includes/admin/core/class-admin-metabox.php @@ -2383,6 +2383,11 @@ if ( ! class_exists( 'um\admin\core\Admin_Metabox' ) ) { $this->edit_mode_value = true; } + // Set to true if `editable` doesn't exist (legacy case). It will be saved to DB as `true` after the first field update. + if ( null === $this->edit_mode_value ) { + $this->edit_mode_value = true; + } + if ( empty( $this->edit_mode_value ) ) { $this->edit_mode_value = false; } diff --git a/includes/core/class-fields.php b/includes/core/class-fields.php index 298a617e..026f6322 100644 --- a/includes/core/class-fields.php +++ b/includes/core/class-fields.php @@ -2186,7 +2186,8 @@ if ( ! class_exists( 'um\core\Fields' ) ) { if ( true === $this->editing && 'profile' === $this->set_mode ) { if ( ! UM()->roles()->um_user_can( 'can_edit_everyone' ) ) { - if ( empty( $data['editable'] ) ) { + // It's for a legacy case `array_key_exists( 'editable', $data )`. + if ( array_key_exists( 'editable', $data ) && empty( $data['editable'] ) ) { $disabled = ' disabled="disabled" '; } } @@ -3635,7 +3636,8 @@ if ( ! class_exists( 'um\core\Fields' ) ) { $class = 'um-icon-android-radio-button-off'; } - if ( empty( $data['editable'] ) ) { + // It's for a legacy case `array_key_exists( 'editable', $data )`. + if ( array_key_exists( 'editable', $data ) && empty( $data['editable'] ) ) { $col_class .= ' um-field-radio-state-disabled'; } @@ -3754,7 +3756,8 @@ if ( ! class_exists( 'um\core\Fields' ) ) { $class = 'um-icon-android-checkbox-outline-blank'; } - if ( empty( $data['editable'] ) ) { + // It's for a legacy case `array_key_exists( 'editable', $data )`. + if ( array_key_exists( 'editable', $data ) && empty( $data['editable'] ) ) { $col_class .= ' um-field-radio-state-disabled'; } diff --git a/includes/core/class-form.php b/includes/core/class-form.php index aa4bbdfd..6a3b74d4 100644 --- a/includes/core/class-form.php +++ b/includes/core/class-form.php @@ -1065,7 +1065,8 @@ if ( ! class_exists( 'um\core\Form' ) ) { if ( strstr( $field_key, 'role_' ) && array_key_exists( 'options', $field_settings ) && is_array( $field_settings['options'] ) ) { if ( isset( $this->post_form['mode'] ) && 'profile' === $this->post_form['mode'] ) { - if ( empty( $field_settings['editable'] ) || ! um_can_edit_field( $field_settings ) ) { + // It's for a legacy case `array_key_exists( 'editable', $field_settings )`. + if ( ( array_key_exists( 'editable', $field_settings ) && empty( $field_settings['editable'] ) ) || ! um_can_edit_field( $field_settings ) ) { continue; } } diff --git a/includes/core/um-actions-profile.php b/includes/core/um-actions-profile.php index b62a4954..50851661 100644 --- a/includes/core/um-actions-profile.php +++ b/includes/core/um-actions-profile.php @@ -386,10 +386,11 @@ function um_user_edit_profile( $args, $form_data ) { } } - // Secure selected role - if ( ( isset( $fields['role'] ) && ! empty( $fields['role']['editable'] ) && um_can_view_field( $fields['role'] ) ) || - ( isset( $fields['role_select'] ) && ! empty( $fields['role_select']['editable'] ) && um_can_view_field( $fields['role_select'] ) ) || - ( isset( $fields['role_radio'] ) && ! empty( $fields['role_radio']['editable'] ) && um_can_view_field( $fields['role_radio'] ) ) ) { + // Secure selected role. + // It's for a legacy case `array_key_exists( 'editable', $fields['role'] )` and similar. + if ( ( isset( $fields['role'] ) && ( ! array_key_exists( 'editable', $fields['role'] ) || ! empty( $fields['role']['editable'] ) ) && um_can_view_field( $fields['role'] ) ) || + ( isset( $fields['role_select'] ) && ( ! array_key_exists( 'editable', $fields['role_select'] ) || ! empty( $fields['role_select']['editable'] ) ) && um_can_view_field( $fields['role_select'] ) ) || + ( isset( $fields['role_radio'] ) && ( ! array_key_exists( 'editable', $fields['role_radio'] ) || ! empty( $fields['role_radio']['editable'] ) ) && um_can_view_field( $fields['role_radio'] ) ) ) { if ( ! empty( $args['submitted']['role'] ) ) { global $wp_roles; diff --git a/includes/um-short-functions.php b/includes/um-short-functions.php index 13b8e7fc..8fedfccd 100644 --- a/includes/um-short-functions.php +++ b/includes/um-short-functions.php @@ -1667,7 +1667,8 @@ function um_can_edit_field( $data ) { $can_edit = false; } else { if ( ! UM()->roles()->um_user_can( 'can_edit_everyone' ) ) { - if ( empty( $data['editable'] ) ) { + // It's for a legacy case `array_key_exists( 'editable', $data )`. + if ( array_key_exists( 'editable', $data ) && empty( $data['editable'] ) ) { $can_edit = false; } else { if ( ! um_is_user_himself() ) { From af140bda82831e0e934285907a7a9ff978f04cf6 Mon Sep 17 00:00:00 2001 From: Mykyta Synelnikov Date: Tue, 5 Sep 2023 02:04:03 +0300 Subject: [PATCH 19/20] - added hooks for easy integration cases like #1279; --- includes/core/class-shortcodes.php | 108 ++++++++++++++------------ includes/core/um-actions-register.php | 21 +++++ 2 files changed, 78 insertions(+), 51 deletions(-) diff --git a/includes/core/class-shortcodes.php b/includes/core/class-shortcodes.php index ef725888..063a09ee 100644 --- a/includes/core/class-shortcodes.php +++ b/includes/core/class-shortcodes.php @@ -203,7 +203,7 @@ if ( ! class_exists( 'um\core\Shortcodes' ) ) { if ( ! empty( $role ) && ! empty( $role['status'] ) ) { $message_key = $role['status'] . '_message'; - $this->custom_message = ! empty( $role[ $message_key ] ) ? stripslashes( $role[ $message_key ] ) : ''; + $this->custom_message = ! empty( $role[ $message_key ] ) ? $this->convert_user_tags( stripslashes( $role[ $message_key ] ) ) : ''; } } } @@ -1143,16 +1143,14 @@ if ( ! class_exists( 'um\core\Shortcodes' ) ) { return um_convert_tags( $str, array(), false ); } - /** * Convert user tags in a string * - * @param $str + * @param string $str * - * @return mixed + * @return string */ - function convert_user_tags( $str ) { - + public function convert_user_tags( $str ) { $pattern_array = array( '{first_name}', '{last_name}', @@ -1160,89 +1158,97 @@ if ( ! class_exists( 'um\core\Shortcodes' ) ) { '{user_avatar_small}', '{username}', '{nickname}', + '{user_email}', ); - /** - * UM hook + * Filters the user placeholders patterns. * - * @type filter - * @title um_allowed_user_tags_patterns - * @description Extend user placeholders patterns - * @input_vars - * [{"var":"$patterns","type":"array","desc":"Placeholders"}] - * @change_log - * ["Since: 2.0"] - * @usage - * - * @example - * Add the `{user_description}` placeholder. * function my_allowed_user_tags( $patterns ) { - * // your code here + * $patterns[] = '{user_description}'; * return $patterns; * } - * ?> + * add_filter( 'um_allowed_user_tags_patterns', 'my_allowed_user_tags' ); */ $pattern_array = apply_filters( 'um_allowed_user_tags_patterns', $pattern_array ); - - //$matches = false; foreach ( $pattern_array as $pattern ) { - if ( preg_match( $pattern, $str ) ) { - $value = ''; + $value = ''; + $usermeta = str_replace( array( '{', '}' ), '', $pattern ); if ( is_user_logged_in() ) { - $usermeta = str_replace( '{', '', $pattern ); - $usermeta = str_replace( '}', '', $usermeta ); - - if ( $usermeta == 'user_avatar_small' ) { + if ( 'user_avatar_small' === $usermeta ) { $value = get_avatar( um_user( 'ID' ), 40 ); } elseif ( um_user( $usermeta ) ) { $value = um_user( $usermeta ); } - if ( $usermeta == 'username' ) { + if ( 'username' === $usermeta ) { $value = um_user( 'user_login' ); } - if ( $usermeta == 'nickname' ) { + if ( 'nickname' === $usermeta ) { $value = um_profile( 'nickname' ); } + if ( 'user_email' === $usermeta ) { + $value = um_user( 'user_email' ); + } + /** - * UM hook + * Filters the user placeholders value of pattern for logged-in user. * - * @type filter - * @title um_profile_tag_hook__{$usermeta} - * @description Change usermeta field value - * @input_vars - * [{"var":"$value","type":"array","desc":"Meta field value"}, - * {"var":"$user_id","type":"array","desc":"User ID"}] - * @change_log - * ["Since: 2.0"] - * @usage - * - * @example - * Add the replacement value for `{user_description}` placeholder. + * function my_user_description( $value, $user_id ) { + * $value = get_user_meta( $user_id, 'user_description', true ); * return $value; * } - * ?> + * add_filter( 'um_profile_tag_hook__user_description', 'my_user_description', 10, 2 ); */ $value = apply_filters( "um_profile_tag_hook__{$usermeta}", $value, um_user( 'ID' ) ); + } else { + /** + * Filters the user placeholders value of pattern for not logged-in user. + * + * @since 2.6.11 + * @hook um_profile_nopriv_tag_hook__{$usermeta} + * + * @param {string} $value User meta field value. + * + * @return {string} User meta field value. + * + * @example Add the replacement value for `{user_description}` placeholder for not logged-in user. + * function my_nopriv_user_description( $value ) { + * $value = ! empty( $_GET['user_description'] ) ? sanitize_text_field( $_GET['user_description'] ) : ''; + * return $value; + * } + * add_filter( 'um_profile_nopriv_tag_hook__user_description', 'my_nopriv_user_description' ); + */ + $value = apply_filters( "um_profile_nopriv_tag_hook__{$usermeta}", $value ); } $str = preg_replace( '/' . $pattern . '/', $value, $str ); } - } return $str; } - /** * Shortcode: Show custom content to specific role * diff --git a/includes/core/um-actions-register.php b/includes/core/um-actions-register.php index 9171612b..fee265bc 100644 --- a/includes/core/um-actions-register.php +++ b/includes/core/um-actions-register.php @@ -282,6 +282,27 @@ function um_check_user_status( $user_id, $args, $form_data = null ) { // Add only priority role to URL. $url = add_query_arg( 'um_role', esc_attr( um_user( 'role' ) ), $url ); $url = add_query_arg( 'um_form_id', esc_attr( $form_data['form_id'] ), $url ); + /** + * Filters the redirect URL for user after registration based on its status when need to show message. + * + * @since 2.6.11 + * @hook um_registration_show_message_redirect_url + * + * @param {string} $url Redirect URL. + * @param {string} $status User status. + * @param {int} $user_id User ID. + * @param {array} $form_data Form data. + * + * @return {string} Redirect URL. + * + * @example Change redirect URL for user after registration based on its status when need to show message. + * function my_um_registration_show_message_redirect_url( $url, $status, $user_id ) { + * // your code here + * return $url; + * } + * add_filter( 'um_registration_show_message_redirect_url', 'my_um_registration_show_message_redirect_url', 10, 4 ); + */ + $url = apply_filters( 'um_registration_show_message_redirect_url', $url, $status, um_user( 'ID' ), $form_data ); // Not `um_safe_redirect()` because UM()->permalinks()->get_current_url() is situated on the same host. wp_safe_redirect( $url ); exit; From e7f9d38ba50de07c1f3c652df41f63827272eaa9 Mon Sep 17 00:00:00 2001 From: Mykyta Synelnikov Date: Tue, 5 Sep 2023 02:14:20 +0300 Subject: [PATCH 20/20] - updated readme.txt; --- README.md | 2 +- readme.txt | 21 +-------------------- 2 files changed, 2 insertions(+), 21 deletions(-) diff --git a/README.md b/README.md index 8aa62665..46cc9bc0 100644 --- a/README.md +++ b/README.md @@ -44,7 +44,7 @@ GNU Version 2 or Any Later Version ### IMPORTANT: PLEASE UPDATE THE PLUGIN TO AT LEAST VERSION 2.6.7 IMMEDIATELY. VERSION 2.6.7 PATCHES SECURITY PRIVILEGE ESCALATION VULNERABILITY. PLEASE SEE [THIS ARTICLE](https://docs.ultimatemember.com/article/1866-security-incident-update-and-recommended-actions) FOR MORE INFORMATION -[Official Release Version: 2.6.10](https://github.com/ultimatemember/ultimatemember/releases/tag/2.6.10). +[Official Release Version: 2.6.11](https://github.com/ultimatemember/ultimatemember/releases/tag/2.6.11). ## Changelog diff --git a/readme.txt b/readme.txt index 748a51c0..d611a68a 100644 --- a/readme.txt +++ b/readme.txt @@ -168,31 +168,12 @@ IMPORTANT: PLEASE UPDATE THE PLUGIN TO AT LEAST VERSION 2.6.7 IMMEDIATELY. VERSI = 2.6.11: September 06, 2023 = -* Important: - - - Based on the updates of the PHP version and the tightening of code standards to define clear data types, we will change some field attributes and option values. - Where it is possible to do it automatically, it will be done with the help of scripts for updating the database between versions. - In some places, unfortunately, a logical fork is formed with legacy data, which cannot be considered unambiguously during automatic updating and can lead to unexpected consequences. - We need to standardize such places in the code and ask you to manually update the data where necessary. - So that you can decide for yourself which data should be generated in a new format through the user interface in the case of a regular user or in code and custom callbacks in the case of developers. - - - For regular users: Check all fields on each profile form and their option named as "Can user edit this field?". - You may have an incorrect value for the `editable` attribute in your database for predefined or custom fields. - So you need to re-update the fields' settings for the fields that aren't editable. - - For developers: The valid data format is boolean `false|true`. - We highly recommend to check `editable` field's capability by the built-in function `um_can_edit_field( $field_data );`. - If you extends the predefined fields please make sure that there is `editable` attribute set to "true" if you need this field set to editable by default. - In the case if there aren't `editable` attribute it will be considered as non-editable. - As legacy workaround we check the `editable` field attribute by the `! empty( $field_data['editable'] );` condition, so in case if you had integer format 1|0 for the `editable` attribute it will also work. - -* Enhancements: - * Bugfixes: - Fixed: Empty mail From data when there isn't set an option - Fixed: Nonce validation for the admin actions handler - Fixed: REST API endpoint List Pages redirecting to the homepage - - Fixed: Standardize the 'editable' attribute for the UM fields and hooks that can extend these fields. All fields that can be editable on the User Profile form has to have `editable` attribute set to `true` + - Fixed: Standardize the 'editable' attribute for the UM fields and hooks that can extend these fields - Fixed: Redirection from default WordPress registration to UM registration page (if it's not a published) = 2.6.10: August 17, 2023 =