diff --git a/includes/core/class-roles-capabilities.php b/includes/core/class-roles-capabilities.php index f7c633ac..6fde9d99 100644 --- a/includes/core/class-roles-capabilities.php +++ b/includes/core/class-roles-capabilities.php @@ -687,7 +687,6 @@ if ( ! class_exists( 'um\core\Roles_Capabilities' ) ) { return $roles; } - /** * Current user can * @@ -696,11 +695,13 @@ if ( ! class_exists( 'um\core\Roles_Capabilities' ) ) { * * @return bool|int */ - function um_current_user_can( $cap, $user_id ) { + public function um_current_user_can( $cap, $user_id ) { if ( ! is_user_logged_in() ) { return false; } + $user_id = absint( $user_id ); // typecast + $return = 1; if ( get_current_user_id() !== um_user( 'ID' ) ) { @@ -712,37 +713,23 @@ if ( ! class_exists( 'um\core\Roles_Capabilities' ) ) { switch( $cap ) { case 'edit': - - if ( get_current_user_id() == $user_id ) { - if ( um_user( 'can_edit_profile' ) ) { - $return = 1; - } else { - $return = 0; - } - } else { - - if ( ! um_user( 'can_access_private_profile' ) && UM()->user()->is_private_profile( $user_id ) ) { - $return = 0; - } else { - if ( ! um_user( 'can_edit_everyone' ) ) { - $return = 0; - } else { - if ( um_user( 'can_edit_roles' ) && ( empty( $current_user_roles ) || count( array_intersect( $current_user_roles, um_user( 'can_edit_roles' ) ) ) <= 0 ) ) { - $return = 0; - } else { - $return = 1; - } - } - } + if ( get_current_user_id() === $user_id && ! um_user( 'can_edit_profile' ) ) { + $return = 0; + } elseif ( ! um_user( 'can_access_private_profile' ) && UM()->user()->is_private_profile( $user_id ) ) { + $return = 0; + } elseif ( ! um_user( 'can_edit_everyone' ) ) { + $return = 0; + } elseif ( um_user( 'can_edit_roles' ) && ( empty( $current_user_roles ) || count( array_intersect( $current_user_roles, um_user( 'can_edit_roles' ) ) ) <= 0 ) ) { + $return = 0; } - break; case 'delete': - if ( ! um_user( 'can_delete_everyone' ) ) + if ( ! um_user( 'can_delete_everyone' ) ) { $return = 0; - elseif ( um_user( 'can_delete_roles' ) && ( empty( $current_user_roles ) || count( array_intersect( $current_user_roles, um_user( 'can_delete_roles' ) ) ) <= 0 ) ) + } elseif ( um_user( 'can_delete_roles' ) && ( empty( $current_user_roles ) || count( array_intersect( $current_user_roles, um_user( 'can_delete_roles' ) ) ) <= 0 ) ) { $return = 0; + } break; } diff --git a/includes/core/um-filters-avatars.php b/includes/core/um-filters-avatars.php index e4f0cba7..8c5b7fbc 100644 --- a/includes/core/um-filters-avatars.php +++ b/includes/core/um-filters-avatars.php @@ -14,27 +14,28 @@ function um_avatar_defaults( $avatar_defaults ) { } add_filter( 'avatar_defaults', 'um_avatar_defaults', 99999 ); - /** - * Get user UM avatars + * Get user UM avatars. * @param string $avatar * @param string $id_or_email * @param string $size * @param string $avatar_class * @param string $default * @param string $alt - * @hooks filter `get_avatar` * @return string returns avatar in image html elements */ function um_get_avatar( $avatar = '', $id_or_email='', $size = '96', $avatar_class = '', $default = '', $alt = '' ) { - if ( is_numeric($id_or_email) ) + if ( is_numeric( $id_or_email ) ) { $user_id = (int) $id_or_email; - elseif ( is_string( $id_or_email ) && ( $user = get_user_by( 'email', $id_or_email ) ) ) + } elseif ( is_string( $id_or_email ) && ( $user = get_user_by( 'email', $id_or_email ) ) ) { $user_id = $user->ID; - elseif ( is_object( $id_or_email ) && ! empty( $id_or_email->user_id ) ) + } elseif ( is_object( $id_or_email ) && ! empty( $id_or_email->user_id ) ) { $user_id = (int) $id_or_email->user_id; - if ( empty( $user_id ) ) + } + + if ( empty( $user_id ) ) { return $avatar; + } if ( $user_id !== um_user( 'ID' ) ) { $temp_id = um_user( 'ID' ); @@ -51,7 +52,6 @@ function um_get_avatar( $avatar = '', $id_or_email='', $size = '96', $avatar_cla } add_filter( 'get_avatar', 'um_get_avatar', 99999, 5 ); - if ( ! function_exists( 'um_filter_get_avatar_url' ) ) { /** @@ -76,4 +76,4 @@ if ( ! function_exists( 'um_filter_get_avatar_url' ) ) { // hooked in the get_avatar_data function add_filter( 'get_avatar_url', 'um_filter_get_avatar_url', 20, 3 ); -} \ No newline at end of file +} diff --git a/includes/um-short-functions.php b/includes/um-short-functions.php index 47772ee8..4cfd3c74 100644 --- a/includes/um-short-functions.php +++ b/includes/um-short-functions.php @@ -2170,6 +2170,7 @@ function um_get_user_avatar_data( $user_id = '', $size = '96' ) { if ( empty( $user_id ) ) { $user_id = um_user( 'ID' ); } + if ( $user_id !== um_user( 'ID' ) ) { $temp_id = um_user( 'ID' ); um_fetch_user( $user_id ); @@ -2200,12 +2201,12 @@ function um_get_user_avatar_data( $user_id = '', $size = '96' ) { } $gravatar_type = UM()->options()->get( 'use_um_gravatar_default_builtin_image' ); - if ( $gravatar_type == 'default' ) { + if ( 'default' === $gravatar_type ) { if ( UM()->options()->get( 'use_um_gravatar_default_image' ) ) { $data['url'] = add_query_arg( 'd', $data['default'], $data['url'] ); } else { $default = get_option( 'avatar_default', 'mystery' ); - if ( $default == 'gravatar_default' ) { + if ( 'gravatar_default' === $default ) { $default = ''; } $data['url'] = add_query_arg( 'd', $default, $data['url'] ); @@ -2214,58 +2215,55 @@ function um_get_user_avatar_data( $user_id = '', $size = '96' ) { $data['url'] = add_query_arg( 'd', $gravatar_type, $data['url'] ); } - $data['type'] = 'gravatar'; + $data['type'] = 'gravatar'; $data['class'] .= ' um-avatar-gravatar'; } else { - $data['url'] = $data['default']; - $data['type'] = 'default'; + $data['url'] = $data['default']; + $data['type'] = 'default'; $data['class'] .= ' um-avatar-default'; } - /** - * UM hook + * Filters the user avatar URL. * - * @type filter - * @title um_user_avatar_url_filter - * @description Change user avatar URL - * @input_vars - * [{"var":"$avatar_uri","type":"string","desc":"Avatar URL"}, - * {"var":"$user_id","type":"int","desc":"User ID"}] - * @change_log - * ["Since: 2.0"] - * @usage add_filter( 'um_user_avatar_url_filter', 'function_name', 10, 2 ); - * @example - * Change the user avatar URL. + * function my_um_user_avatar_url_filter( $url, $user_id, $data ) { * // your code here - * return $avatar_uri; + * $url = 'some_url'; + * return $url; * } - * ?> + * add_filter( 'um_user_avatar_url_filter', 'my_um_user_avatar_url_filter', 10, 3 ); */ $data['url'] = apply_filters( 'um_user_avatar_url_filter', $data['url'], $user_id, $data ); /** - * UM hook + * Filters the user avatar image `alt` argument. * - * @type filter - * @title um_avatar_image_alternate_text - * @description Change user display name on um_user function profile photo - * @input_vars - * [{"var":"$display_name","type":"string","desc":"User Display Name"}] - * @change_log - * ["Since: 2.0"] - * @usage add_filter( 'um_avatar_image_alternate_text', 'function_name', 10, 1 ); - * @example - * Change the user avatar URL. + * function my_um_avatar_image_alternate_text( $alt, $data ) { * // your code here - * return $display_name; + * $alt = 'some_alt'; + * return $alt; * } - * ?> + * add_filter( 'um_avatar_image_alternate_text', 'my_um_avatar_image_alternate_text', 10, 2 ); */ - $data['alt'] = apply_filters( "um_avatar_image_alternate_text", um_user( "display_name" ), $data ); + $data['alt'] = apply_filters( 'um_avatar_image_alternate_text', um_user( 'display_name' ), $data ); if ( ! empty( $temp_id ) ) { um_fetch_user( $temp_id ); @@ -2274,7 +2272,6 @@ function um_get_user_avatar_data( $user_id = '', $size = '96' ) { return $data; } - /** * get user avatar url * @@ -2288,7 +2285,6 @@ function um_get_user_avatar_url( $user_id = '', $size = '96' ) { return $data['url']; } - /** * default cover * diff --git a/readme.txt b/readme.txt index 3241b57a..50a77ae8 100644 --- a/readme.txt +++ b/readme.txt @@ -166,10 +166,12 @@ No specific extensions are needed. But we highly recommended keep active these P IMPORTANT: PLEASE UPDATE THE PLUGIN TO AT LEAST VERSION 2.6.7 IMMEDIATELY. VERSION 2.6.7 PATCHES SECURITY PRIVILEGE ESCALATION VULNERABILITY. PLEASE SEE [THIS ARTICLE](https://docs.ultimatemember.com/article/1866-security-incident-update-and-recommended-actions) FOR MORE INFORMATION -= 2.9.1 xx-xx-xx = += 2.9.1 2024-11-14 = **Bugfixes** +* Fixed: "Load textdomain just in time" issue +* Fixed: Capabilities checking in the wp-admin > Users list table * Fixed: Issues when the form's custom fields meta has a wrong format * Fixed: Validation of the "Registration Default Role" slug * Fixed: Allowed query variables via registered REST API class only when REST_REQUEST is defined