diff --git a/admin/core/um-admin-actions.php b/admin/core/um-admin-actions.php
index c2b3a378..b2815ba0 100644
--- a/admin/core/um-admin-actions.php
+++ b/admin/core/um-admin-actions.php
@@ -240,8 +240,8 @@
$uri = add_query_arg('user[]', $user_id, $uri);
$redirect = add_query_arg('user[]', $user_id, $redirect);
}
- $uri = add_query_arg('confirm', 1, $uri);
- $redirect = add_query_arg('_refer', urlencode($uri), $redirect);
+ $uri = add_query_arg('_refer', $_POST['_wp_http_referer'], $redirect);
+ $redirect = add_query_arg('confirm', 1, $uri);
exit( wp_redirect($redirect) );
diff --git a/admin/core/um-admin-notices.php b/admin/core/um-admin-notices.php
index 9586ed72..fd2b3ebd 100644
--- a/admin/core/um-admin-notices.php
+++ b/admin/core/um-admin-notices.php
@@ -161,18 +161,20 @@ class UM_Admin_Notices {
case 'confirm_delete':
- $confirm_uri = urldecode($_REQUEST['_refer']);
+ $confirm_uri = sanitize_text_field( urldecode($_REQUEST['_wp_http_referer']) );
$users = '';
- foreach( $_REQUEST['user'] as $user_id ) {
- $user = get_userdata( $user_id );
- $users .= '#' . $user_id . ': ' . $user->user_login . '
';
+ if( isset( $_REQUEST['user'] ) ){
+ foreach( $_REQUEST['user'] as $user_id ) {
+ $user = get_userdata( $user_id );
+ $users .= '#' . $user_id . ': ' . $user->user_login . '
';
+ }
}
$ignore = admin_url('users.php');
$messages[0]['err_content'] = sprintf(__('Are you sure you want to delete the selected user(s)? The following users will be deleted:
%s
This cannot be undone!','ultimatemember'), $users); - $messages[0]['err_content'] .= '' . __('Remove','ultimatemember') . ' ' . __('Undo','ultimatemember') . '
'; + $messages[0]['err_content'] .= '' . __('Remove','ultimatemember') . ' ' . __('Undo','ultimatemember') . '
'; break; diff --git a/admin/core/um-admin-users.php b/admin/core/um-admin-users.php index 47535993..229aa8cf 100644 --- a/admin/core/um-admin-users.php +++ b/admin/core/um-admin-users.php @@ -159,9 +159,9 @@ class UM_Admin_Users { global $ultimatemember; $admin_err = 0; - + if (isset($_REQUEST) && !empty ($_REQUEST) ){ - + // bulk change role if (isset($_REQUEST['users']) && is_array($_REQUEST['users']) && isset($_REQUEST['um_changeit']) && $_REQUEST['um_changeit'] != '' && isset($_REQUEST['um_change_role']) && !empty($_REQUEST['um_change_role']) ){ @@ -171,7 +171,7 @@ class UM_Admin_Users { check_admin_referer('bulk-users'); $users = $_REQUEST['users']; - $new_role = $_REQUEST['um_change_role']; + $new_role = current( array_filter( $_REQUEST['um_change_role'] ) ); foreach($users as $user_id){ $ultimatemember->user->set( $user_id ); @@ -207,9 +207,9 @@ class UM_Admin_Users { check_admin_referer('bulk-users'); $users = $_REQUEST['users']; - $bulk_action = $_REQUEST['um_bulk_action']; - - if ( $bulk_action == 'um_delete' ) { // this needs confirmation + $bulk_action = current( array_filter( $_REQUEST['um_bulk_action']) ); + + if ( in_array('um_delete', $bulk_action ) > -1 ) { // this needs confirmation $uri = admin_url('users.php'); $userids = array_map( 'intval', (array) $_REQUEST['users'] ); @@ -254,8 +254,9 @@ class UM_Admin_Users { } // filter by user role - if ( isset($_REQUEST['um_filter_role']) && ! isset( $_REQUEST['new_role'] ) && $_REQUEST['um_filter_role'] ) { - exit( wp_redirect( admin_url('users.php?um_role=' . $_REQUEST['um_filter_role'] ) ) ); + if ( isset($_REQUEST['um_filter_role']) && ( ! isset( $_REQUEST['new_role'] ) || empty( $_REQUEST['new_role'] ) ) && $_REQUEST['um_filter_role'] ) { + $filter_role = current( array_filter( $_REQUEST['um_filter_role'] ) ); + exit( wp_redirect( admin_url('users.php?um_role=' .$filter_role ) ) ); } } @@ -271,7 +272,7 @@ class UM_Admin_Users {