-
+ foreach ( $messages as $message ) {
+ ?>
+
+
get_allowed_html( 'admin_notice' ) ); ?>
-
+
diff --git a/includes/admin/templates/extensions.php b/includes/admin/templates/extensions.php
index 09ad82ce..7da231e4 100644
--- a/includes/admin/templates/extensions.php
+++ b/includes/admin/templates/extensions.php
@@ -77,7 +77,7 @@ $premium['social-login'] = array(
'url' => 'https://ultimatemember.com/extensions/social-login/',
'img' => 'social-login.svg',
'name' => 'Social Login',
- 'desc' => 'Let users register & login to your site via Facebook, Twitter, G+, LinkedIn, and more',
+ 'desc' => 'Let users register & login to your site via Facebook, X (formerly Twitter), G+, LinkedIn, and more',
);
$premium['user-tags'] = array(
diff --git a/includes/core/class-access.php b/includes/core/class-access.php
index 765fc357..60463bf9 100644
--- a/includes/core/class-access.php
+++ b/includes/core/class-access.php
@@ -76,6 +76,7 @@ if ( ! class_exists( 'um\core\Access' ) ) {
// check the site's accessible more priority have Individual Post/Term Restriction settings
add_action( 'template_redirect', array( &$this, 'template_redirect' ), 1000 );
+ add_action( 'template_redirect', array( &$this, 'send_frame_options_header' ), 1010 );
add_action( 'um_access_check_blog_page_settings', array( &$this, 'um_access_check_blog_page_settings' ) );
add_action( 'um_access_check_individual_term_settings', array( &$this, 'um_access_check_individual_term_settings' ) );
add_action( 'um_access_check_global_settings', array( &$this, 'um_access_check_global_settings' ) );
@@ -1795,6 +1796,23 @@ if ( ! class_exists( 'um\core\Access' ) ) {
}
+ /**
+ * Sends a HTTP header to limit rendering of pages to same origin iframes when loading sensitive pages.
+ *
+ * Can be disabled with: remove_action( 'template_redirect', array( UM()->access(), 'send_frame_options_header' ), 1010 );
+ *
+ * @since 2.8.0
+ */
+ public function send_frame_options_header() {
+ if ( um_is_core_page( 'account' )
+ || um_is_core_page( 'login' )
+ || um_is_core_page( 'password-reset' )
+ || um_is_core_page( 'register' ) ) {
+ send_frame_options_header();
+ }
+ }
+
+
/**
* Sets a custom access referer in a redirect URL
*
diff --git a/includes/core/class-builtin.php b/includes/core/class-builtin.php
index e3f841b1..32158e0c 100644
--- a/includes/core/class-builtin.php
+++ b/includes/core/class-builtin.php
@@ -961,22 +961,22 @@ if ( ! class_exists( 'um\core\Builtin' ) ) {
'match' => 'https://facebook.com/',
),
- 'twitter' => array(
- 'title' => __('Twitter','ultimate-member'),
- 'metakey' => 'twitter',
- 'type' => 'url',
- 'label' => __('Twitter','ultimate-member'),
- 'required' => 0,
- 'public' => 1,
- 'editable' => true,
+ 'twitter' => array(
+ 'title' => __( 'X (formerly Twitter)', 'ultimate-member' ),
+ 'metakey' => 'twitter',
+ 'type' => 'url',
+ 'label' => __( 'X', 'ultimate-member' ),
+ 'required' => 0,
+ 'public' => 1,
+ 'editable' => true,
'url_target' => '_blank',
- 'url_rel' => 'nofollow',
- 'icon' => 'um-faicon-twitter',
- 'validate' => 'twitter_url',
- 'url_text' => 'Twitter',
- 'advanced' => 'social',
- 'color' => '#4099FF',
- 'match' => 'https://twitter.com/',
+ 'url_rel' => 'nofollow',
+ 'icon' => 'um-faicon-twitter', // 'fa-brands fa-x-twitter' for new FA styles
+ 'validate' => 'twitter_url',
+ 'url_text' => 'X',
+ 'advanced' => 'social',
+ 'color' => '#4099FF', // #0f1419 for X symbol
+ 'match' => 'https://twitter.com/',
),
'linkedin' => array(
@@ -1557,7 +1557,7 @@ if ( ! class_exists( 'um\core\Builtin' ) ) {
$array['phone_number'] = __('Phone Number','ultimate-member');
$array['skype'] = __('Skype ID','ultimate-member');
$array['soundcloud'] = __( 'SoundCloud Profile', 'ultimate-member' );
- $array['twitter_url'] = __('Twitter URL','ultimate-member');
+ $array['twitter_url'] = __( 'X (formerly Twitter) URL', 'ultimate-member' );
$array['is_email'] = __('E-mail( Not Unique )','ultimate-member');
$array['unique_email'] = __('Unique E-mail','ultimate-member');
$array['unique_value'] = __('Unique Metakey value','ultimate-member');
diff --git a/includes/core/class-setup.php b/includes/core/class-setup.php
index a1eec114..209c8ae4 100644
--- a/includes/core/class-setup.php
+++ b/includes/core/class-setup.php
@@ -1,13 +1,14 @@
create_db();
$this->install_basics();
$this->install_default_forms();
@@ -35,11 +28,10 @@ if ( ! class_exists( 'um\core\Setup' ) ) {
$this->set_default_user_status();
}
-
/**
- * Create custom DB tables
+ * Create custom DB tables.
*/
- function create_db() {
+ public function create_db() {
global $wpdb;
$charset_collate = $wpdb->get_charset_collate();
@@ -55,25 +47,23 @@ KEY meta_key_indx (um_key),
KEY meta_value_indx (um_value(191))
) $charset_collate;";
- require_once( ABSPATH . 'wp-admin/includes/upgrade.php' );
+ require_once ABSPATH . 'wp-admin/includes/upgrade.php';
dbDelta( $sql );
}
-
/**
- * Basics
+ * Basics.
*/
- function install_basics() {
+ public function install_basics() {
if ( ! get_option( '__ultimatemember_sitekey' ) ) {
- update_option( '__ultimatemember_sitekey', str_replace( array( 'http://', 'https://' ), '', sanitize_user( get_bloginfo('url') ) ) . '-' . wp_generate_password( 20, false ) );
+ update_option( '__ultimatemember_sitekey', str_replace( array( 'http://', 'https://' ), '', sanitize_user( get_bloginfo( 'url' ) ) ) . '-' . wp_generate_password( 20, false ) );
}
}
-
/**
- * Default Forms
+ * Default Forms.
*/
- function install_default_forms() {
+ public function install_default_forms() {
if ( current_user_can( 'manage_options' ) && ! get_option( 'um_is_installed' ) ) {
$options = get_option( 'um_options', array() );
@@ -81,39 +71,35 @@ KEY meta_value_indx (um_value(191))
//Install default options
foreach ( UM()->config()->settings_defaults as $key => $value ) {
- $options[$key] = $value;
+ $options[ $key ] = $value;
}
- // Install Core Forms
+ // Install Core Forms.
foreach ( UM()->config()->core_forms as $id ) {
-
- /**
- If page does not exist
- Create it
- **/
+ // If page does not exist - create it.
$page_exists = UM()->query()->find_post_id( 'um_form', '_um_core', $id );
if ( ! $page_exists ) {
- if ( $id == 'register' ) {
+ if ( 'register' === $id ) {
$title = 'Default Registration';
- } else if ( $id == 'login' ) {
+ } elseif ( 'login' === $id ) {
$title = 'Default Login';
} else {
$title = 'Default Profile';
}
$form = array(
- 'post_type' => 'um_form',
- 'post_title' => $title,
- 'post_status' => 'publish',
- 'post_author' => get_current_user_id(),
+ 'post_type' => 'um_form',
+ 'post_title' => $title,
+ 'post_status' => 'publish',
+ 'post_author' => get_current_user_id(),
);
$form_id = wp_insert_post( $form );
- foreach( UM()->config()->core_form_meta[$id] as $key => $value ) {
- if ( $key == '_um_custom_fields' ) {
- $array = unserialize( $value );
+ foreach ( UM()->config()->core_form_meta[ $id ] as $key => $value ) {
+ if ( '_um_custom_fields' === $key ) {
+ $array = maybe_unserialize( $value );
update_post_meta( $form_id, $key, $array );
} else {
update_post_meta( $form_id, $key, $value );
@@ -129,40 +115,35 @@ KEY meta_value_indx (um_value(191))
update_option( 'um_core_forms', $core_forms );
}
- // Install Core Directories
+ // Install Core Directories.
foreach ( UM()->config()->core_directories as $id ) {
-
- /**
- If page does not exist
- Create it
- **/
+ // If page does not exist - create it.
$page_exists = UM()->query()->find_post_id( 'um_directory', '_um_core', $id );
if ( ! $page_exists ) {
$title = 'Members';
$form = array(
- 'post_type' => 'um_directory',
- 'post_title' => $title,
- 'post_status' => 'publish',
- 'post_author' => get_current_user_id(),
+ 'post_type' => 'um_directory',
+ 'post_title' => $title,
+ 'post_status' => 'publish',
+ 'post_author' => get_current_user_id(),
);
$form_id = wp_insert_post( $form );
foreach ( UM()->config()->core_directory_meta[ $id ] as $key => $value ) {
- if ( $key == '_um_custom_fields' ) {
- $array = unserialize( $value );
+ if ( '_um_custom_fields' === $key ) {
+ $array = maybe_unserialize( $value );
update_post_meta( $form_id, $key, $array );
} else {
- update_post_meta($form_id, $key, $value);
+ update_post_meta( $form_id, $key, $value );
}
}
$core_directories[ $id ] = $form_id;
}
/** DONE **/
-
}
if ( isset( $core_directories ) ) {
@@ -173,9 +154,8 @@ KEY meta_value_indx (um_value(191))
}
}
-
/**
- * Install Pre-defined pages with shortcodes
+ * Install Pre-defined pages with shortcodes.
*/
public function install_default_pages() {
if ( ! current_user_can( 'manage_options' ) ) {
@@ -187,7 +167,7 @@ KEY meta_value_indx (um_value(191))
$setup_shortcodes = array_merge( $core_forms, $core_directories );
- //Install Core Pages
+ // Install Core Pages.
$core_pages = array();
foreach ( UM()->config()->core_pages as $slug => $array ) {
@@ -197,7 +177,8 @@ KEY meta_value_indx (um_value(191))
continue;
}
- //If page does not exist - create it
+ // If page does not exist - create it.
+ $content = '';
if ( 'logout' === $slug ) {
$content = '';
} elseif ( 'account' === $slug ) {
@@ -206,7 +187,7 @@ KEY meta_value_indx (um_value(191))
$content = '[ultimatemember_password]';
} elseif ( 'user' === $slug ) {
$content = '[ultimatemember form_id="' . $setup_shortcodes['profile'] . '"]';
- } else {
+ } elseif ( ! empty( $setup_shortcodes[ $slug ] ) ) {
$content = '[ultimatemember form_id="' . $setup_shortcodes[ $slug ] . '"]';
}
@@ -262,11 +243,10 @@ KEY meta_value_indx (um_value(191))
UM()->rewrite()->reset_rules();
}
-
/**
- * Set default UM settings
+ * Set default UM settings.
*/
- function set_default_settings() {
+ public function set_default_settings() {
$options = get_option( 'um_options', array() );
foreach ( UM()->config()->settings_defaults as $key => $value ) {
@@ -279,23 +259,21 @@ KEY meta_value_indx (um_value(191))
update_option( 'um_options', $options );
}
-
/**
- * Set UM roles meta to Default WP roles
+ * Set UM roles meta to Default WP roles.
*/
- function set_default_role_meta() {
+ public function set_default_role_meta() {
foreach ( UM()->config()->default_roles_metadata as $role => $meta ) {
add_option( "um_role_{$role}_meta", $meta );
}
}
-
/**
- * Set accounts without account_status meta to 'approved' status
+ * Set accounts without account_status meta to 'approved' status.
*
* @since 2.4.2
*/
- function set_default_user_status() {
+ public function set_default_user_status() {
$result = get_transient( 'um_count_users_unassigned' );
if ( false === $result ) {
$args = array(
@@ -310,7 +288,7 @@ KEY meta_value_indx (um_value(191))
'um_custom_user_query' => true,
);
- $users = new \WP_User_Query( $args );
+ $users = new WP_User_Query( $args );
if ( empty( $users ) || is_wp_error( $users ) ) {
$result = array();
} else {
diff --git a/includes/core/um-filters-navmenu.php b/includes/core/um-filters-navmenu.php
index 1f202fc6..9f0572c1 100644
--- a/includes/core/um-filters-navmenu.php
+++ b/includes/core/um-filters-navmenu.php
@@ -72,9 +72,9 @@ if ( ! is_admin() ) {
$visible = true;
// Hide any item that is the child of a hidden item.
- if ( isset( $item->menu_item_parent ) && in_array( $item->menu_item_parent, $hide_children_of, true ) ) {
+ if ( isset( $item->menu_item_parent ) && in_array( absint( $item->menu_item_parent ), $hide_children_of, true ) ) {
$visible = false;
- $hide_children_of[] = $item->ID; // for nested menus
+ $hide_children_of[] = absint( $item->ID ); // for nested menus
}
if ( isset( $mode ) && $visible ) {
@@ -118,7 +118,7 @@ if ( ! is_admin() ) {
// unset non-visible item
if ( ! $visible ) {
- $hide_children_of[] = $item->ID; // store ID of item
+ $hide_children_of[] = absint( $item->ID ); // store ID of item
} else {
$filtered_items[] = $item;
}
diff --git a/readme.txt b/readme.txt
index 2379a733..739c7210 100644
--- a/readme.txt
+++ b/readme.txt
@@ -7,7 +7,7 @@ Tags: community, member, membership, user-profile, user-registration
Requires PHP: 5.6
Requires at least: 5.5
Tested up to: 6.4
-Stable tag: 2.8.0
+Stable tag: 2.8.1
License: GNU Version 2 or Any Later Version
License URI: http://www.gnu.org/licenses/gpl-3.0.txt
@@ -166,6 +166,21 @@ No specific extensions are needed. But we highly recommended keep active these P
IMPORTANT: PLEASE UPDATE THE PLUGIN TO AT LEAST VERSION 2.6.7 IMMEDIATELY. VERSION 2.6.7 PATCHES SECURITY PRIVILEGE ESCALATION VULNERABILITY. PLEASE SEE [THIS ARTICLE](https://docs.ultimatemember.com/article/1866-security-incident-update-and-recommended-actions) FOR MORE INFORMATION
+= 2.8.1: December 20, 2023 =
+
+* Enhancements:
+
+ - Updated: Twitter texts to X
+ - Added: Safeguards against clickjacking attacks on UM Forms
+
+* Bugfixes:
+
+ - Fixed: Displaying notice to avoid using wrong symbols
+ - Fixed: UM > Settings button styles
+ - Fixed: Error notice when creating page via extensions
+ - Fixed: Workaround for Cropper.JS if UM.frontend.cropper.obj undefined (Cropper hasn't been properly inited for UM objects)
+ - Fixed: The visibility of sub-items of hidden menu items
+
= 2.8.0: December 11, 2023 =
* Enhancements:
diff --git a/ultimate-member.php b/ultimate-member.php
index bf70d9f8..713f4818 100644
--- a/ultimate-member.php
+++ b/ultimate-member.php
@@ -3,7 +3,7 @@
* Plugin Name: Ultimate Member
* Plugin URI: http://ultimatemember.com/
* Description: The easiest way to create powerful online communities and beautiful user profiles with WordPress
- * Version: 2.8.0
+ * Version: 2.8.1
* Author: Ultimate Member
* Author URI: http://ultimatemember.com/
* Text Domain: ultimate-member