diff --git a/admin/core/um-admin-actions.php b/admin/core/um-admin-actions.php
index c2b3a378..b2815ba0 100644
--- a/admin/core/um-admin-actions.php
+++ b/admin/core/um-admin-actions.php
@@ -240,8 +240,8 @@
$uri = add_query_arg('user[]', $user_id, $uri);
$redirect = add_query_arg('user[]', $user_id, $redirect);
}
- $uri = add_query_arg('confirm', 1, $uri);
- $redirect = add_query_arg('_refer', urlencode($uri), $redirect);
+ $uri = add_query_arg('_refer', $_POST['_wp_http_referer'], $redirect);
+ $redirect = add_query_arg('confirm', 1, $uri);
exit( wp_redirect($redirect) );
diff --git a/admin/core/um-admin-notices.php b/admin/core/um-admin-notices.php
index 9586ed72..fd2b3ebd 100644
--- a/admin/core/um-admin-notices.php
+++ b/admin/core/um-admin-notices.php
@@ -161,18 +161,20 @@ class UM_Admin_Notices {
case 'confirm_delete':
- $confirm_uri = urldecode($_REQUEST['_refer']);
+ $confirm_uri = sanitize_text_field( urldecode($_REQUEST['_wp_http_referer']) );
$users = '';
- foreach( $_REQUEST['user'] as $user_id ) {
- $user = get_userdata( $user_id );
- $users .= '#' . $user_id . ': ' . $user->user_login . '
';
+ if( isset( $_REQUEST['user'] ) ){
+ foreach( $_REQUEST['user'] as $user_id ) {
+ $user = get_userdata( $user_id );
+ $users .= '#' . $user_id . ': ' . $user->user_login . '
';
+ }
}
$ignore = admin_url('users.php');
$messages[0]['err_content'] = sprintf(__('Are you sure you want to delete the selected user(s)? The following users will be deleted:
%s
This cannot be undone!','ultimatemember'), $users); - $messages[0]['err_content'] .= '' . __('Remove','ultimatemember') . ' ' . __('Undo','ultimatemember') . '
'; + $messages[0]['err_content'] .= '' . __('Remove','ultimatemember') . ' ' . __('Undo','ultimatemember') . '
'; break;