* manually reviewed #1537;

This commit is contained in:
Mykyta Synelnikov
2024-09-24 17:58:55 +03:00
parent a986309a3c
commit ba93896c5d
5 changed files with 75 additions and 43 deletions
+2
View File
@@ -1760,6 +1760,8 @@ if ( ! class_exists( 'um\admin\Admin' ) ) {
delete_transient( "um_count_users_{$status}" );
}
delete_transient( 'um_count_users_all' );
do_action( 'um_flush_user_status_cache' );
$url = add_query_arg(
+33 -33
View File
@@ -3,70 +3,70 @@ if ( ! defined( 'ABSPATH' ) ) {
exit;
}
?>
<table id="um-users-overview-table">
<tr>
<td>
<span>
<a class="count" href="<?php echo esc_url( admin_url( 'users.php' ) ); ?>">
<?php echo UM()->query()->count_users(); ?>
<?php echo esc_html( UM()->query()->count_users() ); ?>
</a>
<a href="<?php echo esc_url( admin_url( 'users.php' ) ); ?>">
<?php _e( 'Users', 'ultimate-member' ); ?>
<?php esc_html_e( 'Users', 'ultimate-member' ); ?>
</a>
</span>
</td>
<td>
<span>
<a class="count" href="<?php echo esc_url( admin_url( 'users.php?um_status=awaiting_admin_review' ) ); ?>">
<?php echo UM()->query()->count_users_by_status( 'awaiting_admin_review' ); ?>
</a>
<a href="<?php echo esc_url( admin_url( 'users.php?um_status=awaiting_admin_review' ) ); ?>" class="warning">
<?php _e( 'Pending Review', 'ultimate-member' ); ?>
</a>
<a class="count" href="<?php echo esc_url( admin_url( 'users.php?um_user_status=awaiting_admin_review' ) ); ?>">
<?php echo esc_html( UM()->query()->count_users_by_status( 'awaiting_admin_review' ) ); ?>
</a>
<a href="<?php echo esc_url( admin_url( 'users.php?um_user_status=awaiting_admin_review' ) ); ?>" class="warning">
<?php esc_html_e( 'Pending Review', 'ultimate-member' ); ?>
</a>
</span>
</td>
</tr>
<tr>
<td>
<span>
<a class="count" href="<?php echo esc_url( admin_url( 'users.php?um_status=approved' ) ); ?>">
<?php echo UM()->query()->count_users_by_status( 'approved' ); ?>
</a>
<a href="<?php echo esc_url( admin_url( 'users.php?um_status=approved' ) ); ?>">
<?php _e( 'Approved', 'ultimate-member' ); ?>
</a>
<a class="count" href="<?php echo esc_url( admin_url( 'users.php?um_user_status=approved' ) ); ?>">
<?php echo esc_html( UM()->query()->count_users_by_status( 'approved' ) ); ?>
</a>
<a href="<?php echo esc_url( admin_url( 'users.php?um_user_status=approved' ) ); ?>">
<?php esc_html_e( 'Approved', 'ultimate-member' ); ?>
</a>
</span>
</td>
<td>
<span>
<a class="count" href="<?php echo esc_url( admin_url( 'users.php?um_status=awaiting_email_confirmation' ) ); ?>">
<?php echo UM()->query()->count_users_by_status( 'awaiting_email_confirmation' ); ?>
</a>
<a href="<?php echo esc_url( admin_url( 'users.php?um_status=awaiting_email_confirmation' ) ); ?>" class="warning">
<?php _e( 'Awaiting Email Confirmation', 'ultimate-member' ); ?>
</a>
<a class="count" href="<?php echo esc_url( admin_url( 'users.php?um_user_status=awaiting_email_confirmation' ) ); ?>">
<?php echo esc_html( UM()->query()->count_users_by_status( 'awaiting_email_confirmation' ) ); ?>
</a>
<a href="<?php echo esc_url( admin_url( 'users.php?um_user_status=awaiting_email_confirmation' ) ); ?>" class="warning">
<?php esc_html_e( 'Awaiting Email Confirmation', 'ultimate-member' ); ?>
</a>
</span>
</td>
</tr>
<tr>
<td>
<span>
<a class="count" href="<?php echo esc_url( admin_url( 'users.php?um_status=rejected' ) ); ?>">
<?php echo UM()->query()->count_users_by_status( 'rejected' ); ?>
</a>
<a href="<?php echo esc_url( admin_url( 'users.php?um_status=rejected' ) ); ?>">
<?php _e( 'Rejected', 'ultimate-member' ); ?>
</a></span>
<a class="count" href="<?php echo esc_url( admin_url( 'users.php?um_user_status=rejected' ) ); ?>">
<?php echo esc_html( UM()->query()->count_users_by_status( 'rejected' ) ); ?>
</a>
<a href="<?php echo esc_url( admin_url( 'users.php?um_user_status=rejected' ) ); ?>">
<?php esc_html_e( 'Rejected', 'ultimate-member' ); ?>
</a>
</span>
</td>
<td>
<span>
<a class="count" href="<?php echo esc_url( admin_url( 'users.php?um_status=inactive' ) ); ?>">
<?php echo UM()->query()->count_users_by_status( 'inactive' ); ?>
</a>
<a href="<?php echo esc_url( admin_url( 'users.php?um_status=inactive' ) ); ?>">
<?php _e( 'Inactive', 'ultimate-member' ); ?>
</a>
<a class="count" href="<?php echo esc_url( admin_url( 'users.php?um_user_status=inactive' ) ); ?>">
<?php echo esc_html( UM()->query()->count_users_by_status( 'inactive' ) ); ?>
</a>
<a href="<?php echo esc_url( admin_url( 'users.php?um_user_status=inactive' ) ); ?>">
<?php esc_html_e( 'Inactive', 'ultimate-member' ); ?>
</a>
</span>
</td>
</tr>
+1 -1
View File
@@ -287,7 +287,7 @@ class Secure {
$content .= ' <a href="' . esc_url( $lock_register_forms_url ) . '" target="_blank">' . esc_html__( 'Click here to lock them now.', 'ultimate-member' ) . '</a>';
$content .= ' ' . esc_html__( 'You can unblock the Register forms later. Just go to Ultimate Member > Settings > Advanced > Security and uncheck the option "Lock All Register Forms".', 'ultimate-member' );
$content .= $br . $br;
$suspicious_accounts_url = admin_url( 'users.php?um_status=inactive' );
$suspicious_accounts_url = admin_url( 'users.php?um_user_status=inactive' );
if ( $might_affected_users->get_total() > 0 ) {
$od = gmdate( 'F d, Y', $oldest_date );
+13 -6
View File
@@ -307,17 +307,24 @@ if ( ! class_exists( 'um\core\Query' ) ) {
return $users_count;
}
/**
* Count all users
*
* @return mixed
* @param bool $force Avoid transient. Default false.
*
* @return int
*/
function count_users() {
$result = count_users();
return $result['total_users'];
}
public function count_users( $force = false ) {
$users_count = get_transient( 'um_count_users_all' );
if ( $force || false === $users_count ) {
$result = count_users();
$users_count = $result['total_users'];
set_transient( 'um_count_users_all', $users_count, HOUR_IN_SECONDS );
}
return $users_count;
}
/**
* Using wpdb instead of update_post_meta
+26 -3
View File
@@ -5,8 +5,8 @@ Contributors: ultimatemember, champsupertramp, nsinelnikov
Tags: community, member, membership, user-profile, user-registration
Requires PHP: 5.6
Requires at least: 5.5
Tested up to: 6.5
Stable tag: 2.8.6
Tested up to: 6.6
Stable tag: 2.8.7
License: GPLv3
License URI: http://www.gnu.org/licenses/gpl-3.0.txt
@@ -166,9 +166,29 @@ No specific extensions are needed. But we highly recommended keep active these P
IMPORTANT: PLEASE UPDATE THE PLUGIN TO AT LEAST VERSION 2.6.7 IMMEDIATELY. VERSION 2.6.7 PATCHES SECURITY PRIVILEGE ESCALATION VULNERABILITY. PLEASE SEE [THIS ARTICLE](https://docs.ultimatemember.com/article/1866-security-incident-update-and-recommended-actions) FOR MORE INFORMATION
= 2.8.7 2024-06-xx =
= 2.8.7 2024-09-26 =
**Enhancements**
* Added: Single user actions on WP Users list table
* Updated: User status filter on WP Users list table
* Updated: User bulk actions on WP Users list table
* Updated: User actions on User Profile and Member Directory card
**Bugfixes**
* Fixed: CVE-2024-8520
* Fixed: CVE-2024-8519
* Fixed: Performance issue related to Settings > Secure tab
* Fixed: The "Clear All" button in the member directory did not reset all dependent dropdowns
**Templates required update**
* login-to-view.php
**Cached and optimized/minified assets(JS/CSS) must be flushed/re-generated after upgrade**
**Deprecated**
= 2.8.6 2024-05-22 =
@@ -368,6 +388,9 @@ IMPORTANT: PLEASE UPDATE THE PLUGIN TO AT LEAST VERSION 2.6.7 IMMEDIATELY. VERSI
== Upgrade Notice ==
= 2.8.7 =
This version fixes a security related bug. Upgrade immediately.
= 2.8.5 =
This version fixes a security related bug. Upgrade immediately.