mirror of
https://github.com/10h30/ultimatemember.git
synced 2026-07-11 18:56:10 +09:00
Merge branch 'master' of https://github.com/ultimatemember/ultimatemember into beta/2.1.0
This commit is contained in:
@@ -30,7 +30,7 @@ if ( ! class_exists( 'um\core\Account' ) ) {
|
||||
/**
|
||||
* @var array
|
||||
*/
|
||||
var $register_fields = array();
|
||||
var $displayed_fields = array();
|
||||
|
||||
|
||||
/**
|
||||
@@ -151,7 +151,9 @@ if ( ! class_exists( 'um\core\Account' ) ) {
|
||||
* Account Shortcode
|
||||
*
|
||||
* @param array $args
|
||||
* @return string
|
||||
*
|
||||
* @return false|string
|
||||
* @throws \Exception
|
||||
*/
|
||||
function ultimatemember_account( $args = array() ) {
|
||||
um_fetch_user( get_current_user_id() );
|
||||
@@ -304,10 +306,20 @@ if ( ! class_exists( 'um\core\Account' ) ) {
|
||||
|
||||
$output = ob_get_clean();
|
||||
|
||||
$this->account_fields_hash();
|
||||
|
||||
return $output;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Update account fields to secure the account submission
|
||||
*/
|
||||
function account_fields_hash() {
|
||||
update_user_meta( um_user( 'ID' ), 'um_account_secure_fields', UM()->account()->displayed_fields );
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Restrict access to Account page
|
||||
*/
|
||||
@@ -478,35 +490,67 @@ if ( ! class_exists( 'um\core\Account' ) ) {
|
||||
|
||||
|
||||
/**
|
||||
* @param array $fields
|
||||
* @param $id
|
||||
* Init displayed fields for security check
|
||||
*
|
||||
* @return array
|
||||
* @param $fields
|
||||
* @param $tab_key
|
||||
*/
|
||||
function account_secure_fields( $fields, $id ) {
|
||||
function init_displayed_fields( $fields, $tab_key ) {
|
||||
if ( ! $this->is_secure_enabled() ) {
|
||||
return;
|
||||
}
|
||||
|
||||
if ( ! isset( $this->displayed_fields[ $tab_key ] ) ) {
|
||||
$this->displayed_fields[ $tab_key ] = array_keys( $fields );
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* @param $field_key
|
||||
* @param $tab_key
|
||||
*/
|
||||
function add_displayed_field( $field_key, $tab_key ) {
|
||||
if ( ! $this->is_secure_enabled() ) {
|
||||
return;
|
||||
}
|
||||
|
||||
if ( ! isset( $this->displayed_fields[ $tab_key ] ) ) {
|
||||
$this->displayed_fields[ $tab_key ] = array( $field_key );
|
||||
} else {
|
||||
$this->displayed_fields[ $tab_key ][] = $field_key;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* @return bool
|
||||
*/
|
||||
function is_secure_enabled() {
|
||||
/**
|
||||
* UM hook
|
||||
*
|
||||
* @type filter
|
||||
* @title um_account_secure_fields
|
||||
* @description Change Account secure fields
|
||||
* @title um_account_secure_fields__enabled
|
||||
* @description Active account secure fields
|
||||
* @input_vars
|
||||
* [{"var":"$fields","type":"array","desc":"Account Fields"},
|
||||
* {"var":"$id","type":"int","desc":"User ID"}]
|
||||
* [{"var":"$enabled","type":"string","desc":"Enable secure account fields"}]
|
||||
* @change_log
|
||||
* ["Since: 2.0"]
|
||||
* @usage add_filter( 'um_account_secure_fields', 'function_name', 10, 2 );
|
||||
* @usage
|
||||
* <?php add_filter( 'um_account_secure_fields__enabled', 'function_name', 10, 1 ); ?>
|
||||
* @example
|
||||
* <?php
|
||||
* add_filter( 'um_account_secure_fields', 'my_account_secure_fields', 10, 2 );
|
||||
* function my_account_secure_fields( $fields, $id ) {
|
||||
* add_filter( 'um_account_secure_fields__enabled', 'my_account_secure_fields', 10, 1 );
|
||||
* function my_account_secure_fields( $enabled ) {
|
||||
* // your code here
|
||||
* return $fields;
|
||||
* return $enabled;
|
||||
* }
|
||||
* ?>
|
||||
*/
|
||||
$fields = apply_filters( 'um_account_secure_fields', $fields, $id );
|
||||
return $fields;
|
||||
$secure = apply_filters( 'um_account_secure_fields__enabled', true );
|
||||
|
||||
return $secure;
|
||||
}
|
||||
|
||||
|
||||
@@ -525,8 +569,8 @@ if ( ! class_exists( 'um\core\Account' ) ) {
|
||||
UM()->fields()->set_mode = 'account';
|
||||
UM()->fields()->editing = true;
|
||||
|
||||
if ( ! empty( $this->tab_output[$id]['content'] ) && ! empty( $this->tab_output[$id]['hash'] ) &&
|
||||
$this->tab_output[$id]['hash'] == md5( json_encode( $shortcode_args ) ) ) {
|
||||
if ( ! empty( $this->tab_output[ $id ]['content'] ) && ! empty( $this->tab_output[ $id ]['hash'] ) &&
|
||||
$this->tab_output[ $id ]['hash'] == md5( json_encode( $shortcode_args ) ) ) {
|
||||
return $this->tab_output[ $id ]['content'];
|
||||
}
|
||||
|
||||
@@ -559,9 +603,10 @@ if ( ! class_exists( 'um\core\Account' ) ) {
|
||||
$args = apply_filters( 'um_account_tab_privacy_fields', $args, $shortcode_args );
|
||||
|
||||
$fields = UM()->builtin()->get_specific_fields( $args );
|
||||
$fields = $this->account_secure_fields( $fields, $id );
|
||||
$fields = $this->filter_fields_by_attrs( $fields, $shortcode_args );
|
||||
|
||||
$this->init_displayed_fields( $fields, $id );
|
||||
|
||||
foreach ( $fields as $key => $data ) {
|
||||
$output .= UM()->fields()->edit_field( $key, $data );
|
||||
}
|
||||
@@ -595,9 +640,10 @@ if ( ! class_exists( 'um\core\Account' ) ) {
|
||||
$args = apply_filters( 'um_account_tab_delete_fields', $args, $shortcode_args );
|
||||
|
||||
$fields = UM()->builtin()->get_specific_fields( $args );
|
||||
$fields = $this->account_secure_fields( $fields, $id );
|
||||
$fields = $this->filter_fields_by_attrs( $fields, $shortcode_args );
|
||||
|
||||
$this->init_displayed_fields( $fields, $id );
|
||||
|
||||
foreach ( $fields as $key => $data ) {
|
||||
$output .= UM()->fields()->edit_field( $key, $data );
|
||||
}
|
||||
@@ -644,9 +690,10 @@ if ( ! class_exists( 'um\core\Account' ) ) {
|
||||
$args = apply_filters( 'um_account_tab_general_fields', $args, $shortcode_args );
|
||||
|
||||
$fields = UM()->builtin()->get_specific_fields( $args );
|
||||
$fields = $this->account_secure_fields( $fields, $id );
|
||||
$fields = $this->filter_fields_by_attrs( $fields, $shortcode_args );
|
||||
|
||||
$this->init_displayed_fields( $fields, $id );
|
||||
|
||||
foreach ( $fields as $key => $data ) {
|
||||
$output .= UM()->fields()->edit_field( $key, $data );
|
||||
}
|
||||
@@ -681,9 +728,10 @@ if ( ! class_exists( 'um\core\Account' ) ) {
|
||||
$args = apply_filters( 'um_account_tab_password_fields', $args, $shortcode_args );
|
||||
|
||||
$fields = UM()->builtin()->get_specific_fields( $args );
|
||||
$fields = $this->account_secure_fields( $fields, $id );
|
||||
$fields = $this->filter_fields_by_attrs( $fields, $shortcode_args );
|
||||
|
||||
$this->init_displayed_fields( $fields, $id );
|
||||
|
||||
foreach ( $fields as $key => $data ) {
|
||||
$output .= UM()->fields()->edit_field( $key, $data );
|
||||
}
|
||||
|
||||
@@ -2654,30 +2654,26 @@ if ( ! class_exists( 'um\core\Fields' ) ) {
|
||||
um_user( $data['parent_dropdown_relationship'] )
|
||||
) {
|
||||
$options = call_user_func( $data['custom_dropdown_options_source'], $data['parent_dropdown_relationship'] );
|
||||
|
||||
|
||||
$disabled_by_parent_option = '';
|
||||
if ( um_user( $form_key ) ) {
|
||||
$select_original_option_value = " data-um-original-value='" . um_user( $form_key ) . "' ";
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
// Child dropdown option selected
|
||||
if( isset( UM()->form()->post_form[ $form_key ] ) ){
|
||||
if ( isset( UM()->form()->post_form[ $form_key ] ) ) {
|
||||
$select_original_option_value = " data-um-original-value='" . esc_attr( UM()->form()->post_form[ $form_key ] ) . "' ";
|
||||
}
|
||||
|
||||
// Child dropdown
|
||||
if( $has_parent_option ){
|
||||
if ( $has_parent_option ) {
|
||||
|
||||
if ( ! empty( $data['custom_dropdown_options_source'] ) && $has_parent_option && function_exists( $data['custom_dropdown_options_source'] ) &&
|
||||
isset( UM()->form()->post_form[ $form_key ] )
|
||||
) {
|
||||
$options = call_user_func( $data['custom_dropdown_options_source'], $data['parent_dropdown_relationship'] );
|
||||
if ( ! empty( $data['custom_dropdown_options_source'] ) && $has_parent_option &&
|
||||
function_exists( $data['custom_dropdown_options_source'] ) && isset( UM()->form()->post_form[ $form_key ] ) ) {
|
||||
$options = call_user_func( $data['custom_dropdown_options_source'], $data['parent_dropdown_relationship'] );
|
||||
}
|
||||
}
|
||||
|
||||
@@ -2769,6 +2765,8 @@ if ( ! class_exists( 'um\core\Fields' ) ) {
|
||||
// 'country'
|
||||
if ( $key === 'country' && empty( $options ) ) {
|
||||
$options = UM()->builtin()->get( 'countries' );
|
||||
} else if ( empty( $options ) ) {
|
||||
$options = $data['options'];
|
||||
}
|
||||
|
||||
$options = apply_filters( 'um_selectbox_options', $options, $key );
|
||||
@@ -2889,7 +2887,7 @@ if ( ! class_exists( 'um\core\Fields' ) ) {
|
||||
$output .= '</div>';
|
||||
|
||||
|
||||
if ($this->is_error( $form_key )) {
|
||||
if ( $this->is_error( $form_key ) ) {
|
||||
$output .= $this->field_error( $this->show_error( $form_key ) );
|
||||
}
|
||||
|
||||
|
||||
@@ -435,7 +435,10 @@ if ( ! class_exists( 'um\core\Mail' ) ) {
|
||||
add_filter( 'um_template_tags_replaces_hook', array( UM()->mail(), 'add_replace_placeholder' ), 10, 1 );
|
||||
|
||||
$subject = apply_filters( 'um_email_send_subject', UM()->options()->get( $template . '_sub' ), $template );
|
||||
$this->subject = wp_unslash( um_convert_tags( $subject , $args ) );
|
||||
|
||||
$subject = wp_unslash( um_convert_tags( $subject , $args ) );
|
||||
|
||||
$this->subject = html_entity_decode( $subject, ENT_QUOTES, 'UTF-8' );
|
||||
|
||||
$this->message = $this->prepare_template( $template, $args );
|
||||
|
||||
|
||||
@@ -177,7 +177,7 @@ function um_submit_account_details( $args ) {
|
||||
$user->destroy_all();
|
||||
|
||||
wp_set_password( $changes['user_pass'], um_user( 'ID' ) );
|
||||
|
||||
|
||||
wp_signon( array( 'user_login' => um_user( 'user_login' ), 'user_password' => $changes['user_pass'] ) );
|
||||
}
|
||||
|
||||
@@ -185,7 +185,8 @@ function um_submit_account_details( $args ) {
|
||||
// delete account
|
||||
$user = get_user_by( 'login', um_user( 'user_login' ) );
|
||||
|
||||
if ( 'delete' == $current_tab && isset( $_POST['single_user_password'] ) && wp_check_password( $_POST['single_user_password'], $user->data->user_pass, $user->data->ID ) ) {
|
||||
if ( 'delete' == $current_tab && isset( $_POST['single_user_password'] ) &&
|
||||
wp_check_password( $_POST['single_user_password'], $user->data->user_pass, $user->data->ID ) ) {
|
||||
if ( current_user_can( 'delete_users' ) || um_user( 'can_delete_profile' ) ) {
|
||||
UM()->user()->delete();
|
||||
|
||||
@@ -222,45 +223,42 @@ function um_submit_account_details( $args ) {
|
||||
}
|
||||
}
|
||||
|
||||
$arr_fields = array( 'password', 'um_account' );
|
||||
if ( UM()->account()->is_secure_enabled() ) {
|
||||
$account_fields = get_user_meta( um_user( 'ID' ), 'um_account_secure_fields', true );
|
||||
|
||||
$arr_fields = array();
|
||||
$account_fields = get_user_meta( um_user('ID'), 'um_account_secure_fields', true );
|
||||
/**
|
||||
* UM hook
|
||||
*
|
||||
* @type filter
|
||||
* @title um_secure_account_fields
|
||||
* @description Change secure account fields
|
||||
* @input_vars
|
||||
* [{"var":"$fields","type":"array","desc":"Secure account fields"},
|
||||
* {"var":"$user_id","type":"int","desc":"User ID"}]
|
||||
* @change_log
|
||||
* ["Since: 2.0"]
|
||||
* @usage
|
||||
* <?php add_filter( 'um_secure_account_fields', 'function_name', 10, 2 ); ?>
|
||||
* @example
|
||||
* <?php
|
||||
* add_filter( 'um_secure_account_fields', 'my_secure_account_fields', 10, 2 );
|
||||
* function my_secure_account_fields( $fields, $user_id ) {
|
||||
* // your code here
|
||||
* return $fields;
|
||||
* }
|
||||
* ?>
|
||||
*/
|
||||
$secure_fields = apply_filters( 'um_secure_account_fields', $account_fields, um_user( 'ID' ) );
|
||||
|
||||
/**
|
||||
* UM hook
|
||||
*
|
||||
* @type filter
|
||||
* @title um_secure_account_fields
|
||||
* @description Change secure account fields
|
||||
* @input_vars
|
||||
* [{"var":"$fields","type":"array","desc":"Secure account fields"},
|
||||
* {"var":"$user_id","type":"int","desc":"User ID"}]
|
||||
* @change_log
|
||||
* ["Since: 2.0"]
|
||||
* @usage
|
||||
* <?php add_filter( 'um_secure_account_fields', 'function_name', 10, 2 ); ?>
|
||||
* @example
|
||||
* <?php
|
||||
* add_filter( 'um_secure_account_fields', 'my_secure_account_fields', 10, 2 );
|
||||
* function my_secure_account_fields( $fields, $user_id ) {
|
||||
* // your code here
|
||||
* return $fields;
|
||||
* }
|
||||
* ?>
|
||||
*/
|
||||
$secure_fields = apply_filters( 'um_secure_account_fields', $account_fields, um_user( 'ID' ) );
|
||||
|
||||
if ( is_array( $secure_fields ) ) {
|
||||
foreach ( $secure_fields as $tab_key => $fields ) {
|
||||
foreach ( $fields as $key => $value ) {
|
||||
$arr_fields[ ] = $key;
|
||||
}
|
||||
if ( is_array( $secure_fields[ $current_tab ] ) ) {
|
||||
$arr_fields = array_merge( $arr_fields, $secure_fields[ $current_tab ] );
|
||||
}
|
||||
}
|
||||
|
||||
$changes = array();
|
||||
foreach ( $_POST as $k => $v ) {
|
||||
if ( strstr( $k, 'password' ) || strstr( $k, 'um_account' ) || ! in_array( $k, $arr_fields ) ) {
|
||||
if ( ! in_array( $k, $arr_fields ) ) {
|
||||
continue;
|
||||
}
|
||||
|
||||
@@ -319,6 +317,11 @@ function um_submit_account_details( $args ) {
|
||||
|
||||
UM()->user()->update_profile( $changes );
|
||||
|
||||
|
||||
if ( UM()->account()->is_secure_enabled() ) {
|
||||
update_user_meta( um_user( 'ID' ), 'um_account_secure_fields', array() );
|
||||
}
|
||||
|
||||
/**
|
||||
* UM hook
|
||||
*
|
||||
@@ -410,6 +413,8 @@ add_action( 'um_before_account_delete', 'um_before_account_delete' );
|
||||
* Before notifications account tab content
|
||||
*
|
||||
* @param array $args
|
||||
*
|
||||
* @throws Exception
|
||||
*/
|
||||
function um_before_account_notifications( $args = array() ) {
|
||||
$output = UM()->account()->get_tab_fields( 'notifications', $args );
|
||||
@@ -427,16 +432,6 @@ function um_before_account_notifications( $args = array() ) {
|
||||
add_action( 'um_before_account_notifications', 'um_before_account_notifications' );
|
||||
|
||||
|
||||
/**
|
||||
* Update account fields to secure the account submission
|
||||
*/
|
||||
function um_account_secure_registered_fields(){
|
||||
$secure_fields = UM()->account()->register_fields;
|
||||
update_user_meta( um_user( 'ID' ), 'um_account_secure_fields', $secure_fields );
|
||||
}
|
||||
add_action( 'wp_footer', 'um_account_secure_registered_fields' );
|
||||
|
||||
|
||||
/**
|
||||
* Update Profile URL
|
||||
*
|
||||
|
||||
@@ -1,48 +1,6 @@
|
||||
<?php if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
|
||||
|
||||
|
||||
/**
|
||||
* Account secure fields
|
||||
* @param array $fields
|
||||
* @param string $tab_key
|
||||
* @return array
|
||||
* @uses um_account_secure_fields
|
||||
*/
|
||||
function um_account_secure_fields( $fields, $tab_key ) {
|
||||
/**
|
||||
* UM hook
|
||||
*
|
||||
* @type filter
|
||||
* @title um_account_secure_fields__enabled
|
||||
* @description Active account secure fields
|
||||
* @input_vars
|
||||
* [{"var":"$enabled","type":"string","desc":"Enable secure account fields"}]
|
||||
* @change_log
|
||||
* ["Since: 2.0"]
|
||||
* @usage
|
||||
* <?php add_filter( 'um_account_secure_fields__enabled', 'function_name', 10, 1 ); ?>
|
||||
* @example
|
||||
* <?php
|
||||
* add_filter( 'um_account_secure_fields__enabled', 'my_account_secure_fields', 10, 1 );
|
||||
* function my_account_secure_fields( $enabled ) {
|
||||
* // your code here
|
||||
* return $enabled;
|
||||
* }
|
||||
* ?>
|
||||
*/
|
||||
$secure = apply_filters( 'um_account_secure_fields__enabled', true );
|
||||
|
||||
if( ! $secure ) return $fields;
|
||||
|
||||
if( isset( UM()->account()->register_fields ) && ! isset( UM()->account()->register_fields[ $tab_key ] ) ){
|
||||
UM()->account()->register_fields[ $tab_key ] = $fields;
|
||||
}
|
||||
|
||||
return $fields;
|
||||
}
|
||||
add_filter( 'um_account_secure_fields', 'um_account_secure_fields', 10, 2 );
|
||||
|
||||
|
||||
/**
|
||||
* Disables first and last name fields in account page
|
||||
* @param array $fields
|
||||
@@ -50,16 +8,18 @@ add_filter( 'um_account_secure_fields', 'um_account_secure_fields', 10, 2 );
|
||||
* @uses um_get_field__first_name, um_get_field__last_name
|
||||
*/
|
||||
function um_account_disable_name_fields( $fields ){
|
||||
if( ! UM()->options()->get( "account_name_disable" ) ) return $fields;
|
||||
if ( ! UM()->options()->get( 'account_name_disable' ) ) {
|
||||
return $fields;
|
||||
}
|
||||
|
||||
if ( um_is_core_page("account") ) {
|
||||
if ( um_is_core_page( 'account' ) ) {
|
||||
$fields['disabled'] = 'disabled="disabled"';
|
||||
}
|
||||
|
||||
return $fields;
|
||||
}
|
||||
add_filter( "um_get_field__first_name","um_account_disable_name_fields", 10 ,1 );
|
||||
add_filter( "um_get_field__last_name","um_account_disable_name_fields", 10 ,1 );
|
||||
add_filter( 'um_get_field__first_name', 'um_account_disable_name_fields', 10 ,1 );
|
||||
add_filter( 'um_get_field__last_name', 'um_account_disable_name_fields', 10 ,1 );
|
||||
|
||||
|
||||
/**
|
||||
|
||||
Reference in New Issue
Block a user