diff --git a/README.md b/README.md index 49b3d058..0f703e18 100644 --- a/README.md +++ b/README.md @@ -44,7 +44,7 @@ GNU Version 2 or Any Later Version ### IMPORTANT: PLEASE UPDATE THE PLUGIN TO AT LEAST VERSION 2.6.7 IMMEDIATELY. VERSION 2.6.7 PATCHES SECURITY PRIVILEGE ESCALATION VULNERABILITY. PLEASE SEE [THIS ARTICLE](https://docs.ultimatemember.com/article/1866-security-incident-update-and-recommended-actions) FOR MORE INFORMATION -[Official Release Version: 2.8.6](https://github.com/ultimatemember/ultimatemember/releases/tag/2.8.6). +[Official Release Version: 2.8.7](https://github.com/ultimatemember/ultimatemember/releases/tag/2.8.7). ## Changelog diff --git a/changelog.txt b/changelog.txt index 0d4e2755..01cf476e 100644 --- a/changelog.txt +++ b/changelog.txt @@ -1,10 +1,60 @@ == Changelog == -= 2.8.7 Aug 19, 2024 = += 2.8.7 September 30, 2024 = + +* Enhancements: + + - Added: Single user actions on WP Users list table + - Updated: User status filter on WP Users list table + - Updated: User bulk actions on WP Users list table + - Updated: User actions on User Profile and Member Directory card + - Added: Applying shortcodes in the post restriction message + - Added: ProfilePage Structured Data + - Added: Ability to use HTML tags (allowed in `wp_kses_post`) in the global block restriction message + - Changed: Some wp-admin fields descriptions + - Updated: Data format in `um_admin_bulk_user_actions_hook` hook. Changed format from `$action_slug => array( 'label' => $action_title )` to `$action_slug => $action_title` + - Added: `$old_status` param to `um_after_user_status_is_changed` hook + - Added: `$user_id` param to `um_before_user_hash_is_changed` hook + - Added: `$user_id, $hash, $expiration` params to `um_after_user_hash_is_changed` hook + - Added: `um_restricted_post_content` hook + - Added: `um_loggedin_inner_content` hook + - Added: `um_profile_dynamic_meta_profile_schema` hook * Bugfixes: - - Fixed: The "Clear All" button in the member directory did not reset all dependent dropdowns. + - Fixed: Single user action on User Profile security vulnerability. CVE ID: CVE-2024-8520 + - Fixed: [um_loggedin] shortcode security vulnerability. CVE ID: CVE-2024-8519 + - Fixed: Performance issue related to Settings > Secure tab + - Fixed: The "Clear All" button in the member directory did not reset all dependent dropdowns + - Fixed: Telegram and Discord social links in profile header + - Fixed: UM links to empty phone numbers + - Fixed: Email changing via User Account flush session. Security enhancement because email can be used for login + - Fixed: User Profile image URL in meta tags + - Fixed: Empty User Profile and PHP Fatal error when cannot get profile field data + - Fixed: Parsing /modal/ templates and parsing templates on the Windows hosting + - Fixed: Validation `form_id` attribute in the `ultimatemember` shortcode + +* Templates required update: + + - login-to-view.php + +* Cached and optimized/minified assets(JS/CSS) must be flushed/re-generated after upgrade + +* Deprecated: + + - Hook: `um_after_user_status_is_changed_hook`. Use action hook `um_after_user_status_is_changed` instead. + - Hook: `um_when_status_is_set`. Use action hook `um_before_user_status_is_set` instead. + - Hook: `um_admin_user_action_hook`. Use filter hook `um_handle_bulk_actions-users-{$current_action}` for custom user bulk actions instead. + - Hook: `um_admin_user_action_{$bulk_action}_hook`. Use filter hook `um_handle_bulk_actions-users-{$current_action}` for custom user bulk actions instead. + - Hook: `um_admin_custom_hook_{$action}`. Use filter hook `um_handle_bulk_actions-users-{$current_action}` for custom user bulk actions instead. + - Function: `UM()->user()->set_status( $status )`. Use function `UM()->common()->users()->set_status( $status, $user_id )` instead. + - Function: `UM()->user()->assign_secretkey()`. Use function `UM()->common()->users()->assign_secretkey( $user_id )` instead. + - Function: `UM()->user()->approve( $repeat )`. Use function `UM()->common()->users()->approve( $user_id, $force )` instead. + - Function: `UM()->user()->email_pending()`. Use function `UM()->common()->users()->approve( $user_id, $force )` instead. + - Function: `UM()->user()->pending()`. Use function `UM()->common()->users()->set_as_pending( $user_id, $force )` instead. + - Function: `UM()->user()->reject()`. Use function `UM()->common()->users()->reject( $user_id, $force )` instead. + - Function: `UM()->user()->deactivate()`. Use function `UM()->common()->users()->deactivate( $user_id, $force )` instead. + - Function: `UM()->user()->user_exists_by_id( $user_id )`. Use function `UM()->common()->users()::user_exists( $user_id )` instead. = 2.8.6 May 22, 2024 = diff --git a/includes/core/class-user.php b/includes/core/class-user.php index 56a7bc8f..7512e920 100644 --- a/includes/core/class-user.php +++ b/includes/core/class-user.php @@ -1514,6 +1514,8 @@ if ( ! class_exists( 'um\core\User' ) ) { /** * Set user's hash + * + * @deprecated 2.8.7 */ public function assign_secretkey() { _deprecated_function( __METHOD__, '2.8.7', 'UM()->common()->users()->assign_secretkey()' ); diff --git a/readme.txt b/readme.txt index 68b71757..9ac7991b 100644 --- a/readme.txt +++ b/readme.txt @@ -178,6 +178,13 @@ IMPORTANT: PLEASE UPDATE THE PLUGIN TO AT LEAST VERSION 2.6.7 IMMEDIATELY. VERSI * Added: ProfilePage Structured Data * Added: Ability to use HTML tags (allowed in `wp_kses_post`) in the global block restriction message * Changed: Some wp-admin fields descriptions +* Updated: Data format in `um_admin_bulk_user_actions_hook` hook. Changed format from `$action_slug => array( 'label' => $action_title )` to `$action_slug => $action_title` +* Added: `$old_status` param to `um_after_user_status_is_changed` hook +* Added: `$user_id` param to `um_before_user_hash_is_changed` hook +* Added: `$user_id, $hash, $expiration` params to `um_after_user_hash_is_changed` hook +* Added: `um_restricted_post_content` hook +* Added: `um_loggedin_inner_content` hook +* Added: `um_profile_dynamic_meta_profile_schema` hook **Bugfixes** @@ -201,6 +208,20 @@ IMPORTANT: PLEASE UPDATE THE PLUGIN TO AT LEAST VERSION 2.6.7 IMMEDIATELY. VERSI **Deprecated** +Hook: `um_after_user_status_is_changed_hook`. Use action hook `um_after_user_status_is_changed` instead. +Hook: `um_when_status_is_set`. Use action hook `um_before_user_status_is_set` instead. +Hook: `um_admin_user_action_hook`. Use action hook `um_handle_bulk_actions-users-{$current_action}` for custom user bulk actions instead. +Hook: `um_admin_user_action_{$bulk_action}_hook`. Use action hook `um_handle_bulk_actions-users-{$current_action}` for custom user bulk actions instead. +Hook: `um_admin_custom_hook_{$action}`. Use action hook `um_handle_bulk_actions-users-{$current_action}` for custom user bulk actions instead. +Function: `UM()->user()->set_status( $status )`. Use function `UM()->common()->users()->set_status( $status, $user_id )` instead. +Function: `UM()->user()->assign_secretkey()`. Use function `UM()->common()->users()->assign_secretkey( $user_id )` instead. +Function: `UM()->user()->approve( $repeat )`. Use function `UM()->common()->users()->approve( $user_id, $force )` instead. +Function: `UM()->user()->email_pending()`. Use function `UM()->common()->users()->approve( $user_id, $force )` instead. +Function: `UM()->user()->pending()`. Use function `UM()->common()->users()->set_as_pending( $user_id, $force )` instead. +Function: `UM()->user()->reject()`. Use function `UM()->common()->users()->reject( $user_id, $force )` instead. +Function: `UM()->user()->deactivate()`. Use function `UM()->common()->users()->deactivate( $user_id, $force )` instead. +Function: `UM()->user()->user_exists_by_id( $user_id )`. Use function `UM()->common()->users()::user_exists( $user_id )` instead. + = 2.8.6 2024-05-22 = **Enhancements**