From ba93896c5d57a13c9efa358fc1ab72d091c9ec81 Mon Sep 17 00:00:00 2001 From: Mykyta Synelnikov Date: Tue, 24 Sep 2024 17:58:55 +0300 Subject: [PATCH] * manually reviewed #1537; --- includes/admin/class-admin.php | 2 + includes/admin/templates/dashboard/users.php | 66 ++++++++++---------- includes/ajax/class-secure.php | 2 +- includes/core/class-query.php | 19 ++++-- readme.txt | 29 ++++++++- 5 files changed, 75 insertions(+), 43 deletions(-) diff --git a/includes/admin/class-admin.php b/includes/admin/class-admin.php index c34d913c..2f6f12d3 100644 --- a/includes/admin/class-admin.php +++ b/includes/admin/class-admin.php @@ -1760,6 +1760,8 @@ if ( ! class_exists( 'um\admin\Admin' ) ) { delete_transient( "um_count_users_{$status}" ); } + delete_transient( 'um_count_users_all' ); + do_action( 'um_flush_user_status_cache' ); $url = add_query_arg( diff --git a/includes/admin/templates/dashboard/users.php b/includes/admin/templates/dashboard/users.php index 5be7fde9..e1bb55a1 100644 --- a/includes/admin/templates/dashboard/users.php +++ b/includes/admin/templates/dashboard/users.php @@ -3,70 +3,70 @@ if ( ! defined( 'ABSPATH' ) ) { exit; } ?> - diff --git a/includes/ajax/class-secure.php b/includes/ajax/class-secure.php index f69fc682..898ab5de 100644 --- a/includes/ajax/class-secure.php +++ b/includes/ajax/class-secure.php @@ -287,7 +287,7 @@ class Secure { $content .= ' ' . esc_html__( 'Click here to lock them now.', 'ultimate-member' ) . ''; $content .= ' ' . esc_html__( 'You can unblock the Register forms later. Just go to Ultimate Member > Settings > Advanced > Security and uncheck the option "Lock All Register Forms".', 'ultimate-member' ); $content .= $br . $br; - $suspicious_accounts_url = admin_url( 'users.php?um_status=inactive' ); + $suspicious_accounts_url = admin_url( 'users.php?um_user_status=inactive' ); if ( $might_affected_users->get_total() > 0 ) { $od = gmdate( 'F d, Y', $oldest_date ); diff --git a/includes/core/class-query.php b/includes/core/class-query.php index 0885cc6c..ba8b7cc7 100644 --- a/includes/core/class-query.php +++ b/includes/core/class-query.php @@ -307,17 +307,24 @@ if ( ! class_exists( 'um\core\Query' ) ) { return $users_count; } - /** * Count all users * - * @return mixed + * @param bool $force Avoid transient. Default false. + * + * @return int */ - function count_users() { - $result = count_users(); - return $result['total_users']; - } + public function count_users( $force = false ) { + $users_count = get_transient( 'um_count_users_all' ); + if ( $force || false === $users_count ) { + $result = count_users(); + $users_count = $result['total_users']; + set_transient( 'um_count_users_all', $users_count, HOUR_IN_SECONDS ); + } + + return $users_count; + } /** * Using wpdb instead of update_post_meta diff --git a/readme.txt b/readme.txt index dce9b041..e0136f4c 100644 --- a/readme.txt +++ b/readme.txt @@ -5,8 +5,8 @@ Contributors: ultimatemember, champsupertramp, nsinelnikov Tags: community, member, membership, user-profile, user-registration Requires PHP: 5.6 Requires at least: 5.5 -Tested up to: 6.5 -Stable tag: 2.8.6 +Tested up to: 6.6 +Stable tag: 2.8.7 License: GPLv3 License URI: http://www.gnu.org/licenses/gpl-3.0.txt @@ -166,9 +166,29 @@ No specific extensions are needed. But we highly recommended keep active these P IMPORTANT: PLEASE UPDATE THE PLUGIN TO AT LEAST VERSION 2.6.7 IMMEDIATELY. VERSION 2.6.7 PATCHES SECURITY PRIVILEGE ESCALATION VULNERABILITY. PLEASE SEE [THIS ARTICLE](https://docs.ultimatemember.com/article/1866-security-incident-update-and-recommended-actions) FOR MORE INFORMATION -= 2.8.7 2024-06-xx = += 2.8.7 2024-09-26 = +**Enhancements** +* Added: Single user actions on WP Users list table +* Updated: User status filter on WP Users list table +* Updated: User bulk actions on WP Users list table +* Updated: User actions on User Profile and Member Directory card + +**Bugfixes** + +* Fixed: CVE-2024-8520 +* Fixed: CVE-2024-8519 +* Fixed: Performance issue related to Settings > Secure tab +* Fixed: The "Clear All" button in the member directory did not reset all dependent dropdowns + +**Templates required update** + +* login-to-view.php + +**Cached and optimized/minified assets(JS/CSS) must be flushed/re-generated after upgrade** + +**Deprecated** = 2.8.6 2024-05-22 = @@ -368,6 +388,9 @@ IMPORTANT: PLEASE UPDATE THE PLUGIN TO AT LEAST VERSION 2.6.7 IMMEDIATELY. VERSI == Upgrade Notice == += 2.8.7 = +This version fixes a security related bug. Upgrade immediately. + = 2.8.5 = This version fixes a security related bug. Upgrade immediately.
- query()->count_users(); ?> + query()->count_users() ); ?> - + - - query()->count_users_by_status( 'awaiting_admin_review' ); ?> - - - - + + query()->count_users_by_status( 'awaiting_admin_review' ) ); ?> + + + +
- - query()->count_users_by_status( 'approved' ); ?> - - - - + + query()->count_users_by_status( 'approved' ) ); ?> + + + + - - query()->count_users_by_status( 'awaiting_email_confirmation' ); ?> - - - - + + query()->count_users_by_status( 'awaiting_email_confirmation' ) ); ?> + + + +
- - query()->count_users_by_status( 'rejected' ); ?> - - - - + + query()->count_users_by_status( 'rejected' ) ); ?> + + + + + - - query()->count_users_by_status( 'inactive' ); ?> - - - - + + query()->count_users_by_status( 'inactive' ) ); ?> + + + +