From a4a954b7e6b1e718a9aaf9c27948c10dc79d2d11 Mon Sep 17 00:00:00 2001 From: nikitasinelnikov Date: Tue, 6 Apr 2021 12:30:33 +0300 Subject: [PATCH 1/4] - fixed fields validation based on field's privacy settings; --- includes/core/class-form.php | 18 +-- includes/core/um-actions-form.php | 198 +++++++++++++++++++----------- 2 files changed, 136 insertions(+), 80 deletions(-) diff --git a/includes/core/class-form.php b/includes/core/class-form.php index 6bb7629e..9fa80c5d 100644 --- a/includes/core/class-form.php +++ b/includes/core/class-form.php @@ -366,12 +366,15 @@ if ( ! class_exists( 'um\core\Form' ) ) { */ $this->post_form = apply_filters( 'um_submit_post_form', $_POST ); + if ( isset( $this->post_form[ UM()->honeypot ] ) && $this->post_form[ UM()->honeypot ] != '' ) { + wp_die( __( 'Hello, spam bot!', 'ultimate-member' ) ); + } + $this->post_form = $this->beautify( $this->post_form ); + $this->post_form['submitted'] = $this->post_form; $this->form_data = UM()->query()->post_data( $this->form_id ); - $this->post_form['submitted'] = $this->post_form; - $this->post_form = array_merge( $this->form_data, $this->post_form ); // Remove role from post_form at first if role ! empty and there aren't custom fields with role name @@ -438,10 +441,6 @@ if ( ! class_exists( 'um\core\Form' ) ) { } - if ( isset( $_POST[ UM()->honeypot ] ) && $_POST[ UM()->honeypot ] != '' ) { - wp_die( __( 'Hello, spam bot!', 'ultimate-member' ) ); - } - /** * UM hook * @@ -518,18 +517,19 @@ if ( ! class_exists( 'um\core\Form' ) ) { /** * Beautify form data + * * @param array $form * @return array $form */ - function beautify( $form ){ + function beautify( $form ) { - if (isset($form['form_id'])){ + if ( isset( $form['form_id'] ) ) { $this->form_suffix = '-' . $form['form_id']; $this->processing = $form['form_id']; - foreach( $form as $key => $value ){ + foreach ( $form as $key => $value ) { if ( strstr( $key, $this->form_suffix ) ) { $a_key = str_replace( $this->form_suffix, '', $key ); $form[ $a_key ] = $value; diff --git a/includes/core/um-actions-form.php b/includes/core/um-actions-form.php index ef85d941..b5ce2608 100644 --- a/includes/core/um-actions-form.php +++ b/includes/core/um-actions-form.php @@ -106,14 +106,54 @@ add_action( 'um_submit_form_errors_hook__blockedwords', 'um_submit_form_errors_h * @param $args */ function um_submit_form_errors_hook( $args ) { - $form_id = $args['form_id']; - $mode = $args['mode']; - $fields = unserialize( $args['custom_fields'] ); + /** + * UM hook + * + * @type action + * @title um_submit_form_errors_hook__blockedips + * @description Submit form validation + * @input_vars + * [{"var":"$args","type":"array","desc":"Form Arguments"}] + * @change_log + * ["Since: 2.0"] + * @usage add_action( 'um_submit_form_errors_hook__blockedips', 'function_name', 10, 1 ); + * @example + * + */ + do_action( 'um_submit_form_errors_hook__blockedips', $args ); + + + /** + * UM hook + * + * @type action + * @title um_submit_form_errors_hook__blockedemails + * @description Submit form validation + * @input_vars + * [{"var":"$args","type":"array","desc":"Form Arguments"}] + * @change_log + * ["Since: 2.0"] + * @usage add_action( 'um_submit_form_errors_hook__blockedemails', 'function_name', 10, 1 ); + * @example + * + */ + do_action( 'um_submit_form_errors_hook__blockedemails', $args ); if ( $mode == 'register' ) { + /** * UM hook * @@ -137,6 +177,7 @@ function um_submit_form_errors_hook( $args ) { } elseif ( $mode == 'profile' ) { + /** * UM hook * @@ -158,50 +199,9 @@ function um_submit_form_errors_hook( $args ) { */ do_action( 'um_submit_form_errors_hook__profile', $args ); - } + } elseif ( $mode == 'login' ) { - /** - * UM hook - * - * @type action - * @title um_submit_form_errors_hook__blockedips - * @description Submit form validation - * @input_vars - * [{"var":"$args","type":"array","desc":"Form Arguments"}] - * @change_log - * ["Since: 2.0"] - * @usage add_action( 'um_submit_form_errors_hook__blockedips', 'function_name', 10, 1 ); - * @example - * - */ - do_action( 'um_submit_form_errors_hook__blockedips', $args ); - /** - * UM hook - * - * @type action - * @title um_submit_form_errors_hook__blockedemails - * @description Submit form validation - * @input_vars - * [{"var":"$args","type":"array","desc":"Form Arguments"}] - * @change_log - * ["Since: 2.0"] - * @usage add_action( 'um_submit_form_errors_hook__blockedemails', 'function_name', 10, 1 ); - * @example - * - */ - do_action( 'um_submit_form_errors_hook__blockedemails', $args ); - if ( $mode == 'login' ) { /** * UM hook * @@ -222,6 +222,8 @@ function um_submit_form_errors_hook( $args ) { * ?> */ do_action( 'um_submit_form_errors_hook_login', $args ); + + /** * UM hook * @@ -243,27 +245,12 @@ function um_submit_form_errors_hook( $args ) { */ do_action( 'um_submit_form_errors_hook_logincheck', $args ); - } else { - /** - * UM hook - * - * @type action - * @title um_submit_form_errors_hook_ - * @description Submit form validation - * @input_vars - * [{"var":"$args","type":"array","desc":"Form Arguments"}] - * @change_log - * ["Since: 2.0"] - * @usage add_action( 'um_submit_form_errors_hook_', 'function_name', 10, 1 ); - * @example - * - */ - do_action( 'um_submit_form_errors_hook_', $args ); + } + + + if ( $mode != 'login' ) { + + /** * UM hook * @@ -285,6 +272,28 @@ function um_submit_form_errors_hook( $args ) { */ do_action( 'um_submit_form_errors_hook__blockedwords', $args ); + + /** + * UM hook + * + * @type action + * @title um_submit_form_errors_hook_ + * @description Submit form validation + * @input_vars + * [{"var":"$args","type":"array","desc":"Form Arguments"}] + * @change_log + * ["Since: 2.0"] + * @usage add_action( 'um_submit_form_errors_hook_', 'function_name', 10, 1 ); + * @example + * + */ + do_action( 'um_submit_form_errors_hook_', $args ); + } } @@ -411,13 +420,21 @@ function um_submit_form_errors_hook_( $args ) { $form_id = $args['form_id']; $mode = $args['mode']; $fields = unserialize( $args['custom_fields'] ); - $um_profile_photo = um_profile('profile_photo'); + $um_profile_photo = um_profile('profile_photo'); if ( get_post_meta( $form_id, '_um_profile_photo_required', true ) && ( empty( $args['profile_photo'] ) && empty( $um_profile_photo ) ) ) { UM()->form()->add_error('profile_photo', __( 'Profile Photo is required.', 'ultimate-member' ) ); } if ( ! empty( $fields ) ) { + + $current_user_roles = []; + if ( is_user_logged_in() ) { + um_fetch_user( get_current_user_id() ); + $current_user_roles = um_user( 'roles' ); + um_reset_user(); + } + foreach ( $fields as $key => $array ) { if ( $mode == 'profile' ) { @@ -427,13 +444,52 @@ function um_submit_form_errors_hook_( $args ) { } } - if ( isset( $array['public'] ) && -2 == $array['public'] && ! empty( $array['roles'] ) && is_user_logged_in() ) { - $current_user_roles = um_user( 'roles' ); - if ( empty( $current_user_roles ) || count( array_intersect( $current_user_roles, $array['roles'] ) ) <= 0 ) { - continue; + $can_view = true; + if ( isset( $array['public'] ) && $mode != 'register' ) { + + switch ( $array['public'] ) { + case '1': // Everyone + break; + case '2': // Members + if ( ! is_user_logged_in() ) { + $can_view = false; + } + break; + case '-1': // Only visible to profile owner and admins + if ( ! is_user_logged_in() ) { + $can_view = false; + } elseif ( $args['user_id'] != get_current_user_id() && ! UM()->roles()->um_user_can( 'can_edit_everyone' ) ) { + $can_view = false; + } + break; + case '-2': // Only specific member roles + if ( ! is_user_logged_in() ) { + $can_view = false; + } elseif ( ! empty( $array['roles'] ) && count( array_intersect( $current_user_roles, $array['roles'] ) ) <= 0 ) { + $can_view = false; + } + break; + case '-3': // Only visible to profile owner and specific roles + if ( ! is_user_logged_in() ) { + $can_view = false; + } elseif ( $args['user_id'] != get_current_user_id() && ! empty( $array['roles'] ) && count( array_intersect( $current_user_roles, $array['roles'] ) ) <= 0 ) { + $can_view = false; + } + break; + default: + $can_view = apply_filters( 'um_can_view_field_custom', $can_view, $array ); + break; } + } + $can_view = apply_filters( 'um_can_view_field', $can_view, $array ); + + if ( ! $can_view ) { + continue; + } + + /** * UM hook * From a362496b5596d6f1bf5a0d03bce90dfead9a8f1d Mon Sep 17 00:00:00 2001 From: nikitasinelnikov Date: Tue, 6 Apr 2021 14:55:55 +0300 Subject: [PATCH 2/4] - changed field's privacy type label; --- includes/admin/core/class-admin-metabox.php | 2 +- includes/um-short-functions.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/includes/admin/core/class-admin-metabox.php b/includes/admin/core/class-admin-metabox.php index 7f4c7fc0..ceaf819f 100644 --- a/includes/admin/core/class-admin-metabox.php +++ b/includes/admin/core/class-admin-metabox.php @@ -2280,7 +2280,7 @@ if ( ! class_exists( 'um\admin\core\Admin_Metabox' ) ) { $privacy_options = array( '1' => __( 'Everyone', 'ultimate-member' ), '2' => __( 'Members', 'ultimate-member' ), - '-1' => __( 'Only visible to profile owner and admins', 'ultimate-member' ), + '-1' => __( 'Only visible to profile owner and users who can edit other member accounts', 'ultimate-member' ), '-3' => __( 'Only visible to profile owner and specific roles', 'ultimate-member' ), '-2' => __( 'Only specific member roles', 'ultimate-member' ), ); diff --git a/includes/um-short-functions.php b/includes/um-short-functions.php index 77f60c56..b4d26837 100644 --- a/includes/um-short-functions.php +++ b/includes/um-short-functions.php @@ -1531,7 +1531,7 @@ function um_can_view_field( $data ) { $can_view = false; } break; - case '-1': // Only visible to profile owner and admins + case '-1': // Only visible to profile owner and users who can edit other member accounts if ( ! is_user_logged_in() ) { $can_view = false; } elseif ( ! um_is_user_himself() && ! UM()->roles()->um_user_can( 'can_edit_everyone' ) ) { From d577108707a970cff9f98518ba0ddc577c082a68 Mon Sep 17 00:00:00 2001 From: nikitasinelnikov Date: Wed, 7 Apr 2021 02:43:33 +0300 Subject: [PATCH 3/4] - fixed field's privacy settings on the profile page when view mode; - fixed "Edit" button visibility in the member directory grid; --- includes/core/class-member-directory.php | 2 +- includes/core/um-actions-form.php | 6 +++++- includes/um-short-functions.php | 6 +++++- 3 files changed, 11 insertions(+), 3 deletions(-) diff --git a/includes/core/class-member-directory.php b/includes/core/class-member-directory.php index 9c64dc34..3aceb388 100644 --- a/includes/core/class-member-directory.php +++ b/includes/core/class-member-directory.php @@ -2211,7 +2211,7 @@ if ( ! class_exists( 'um\core\Member_Directory' ) ) { $dropdown_actions = $this->build_user_actions_list( $user_id ); $actions = array(); - $can_edit = UM()->roles()->um_current_user_can( 'edit', $user_id ) || UM()->roles()->um_user_can( 'can_edit_everyone' ); + $can_edit = UM()->roles()->um_current_user_can( 'edit', $user_id ); // Replace hook 'um_members_just_after_name' ob_start(); diff --git a/includes/core/um-actions-form.php b/includes/core/um-actions-form.php index b5ce2608..40214488 100644 --- a/includes/core/um-actions-form.php +++ b/includes/core/um-actions-form.php @@ -428,8 +428,12 @@ function um_submit_form_errors_hook_( $args ) { if ( ! empty( $fields ) ) { + $can_edit = false; $current_user_roles = []; if ( is_user_logged_in() ) { + + $can_edit = UM()->roles()->um_current_user_can( 'edit', $args['user_id'] ); + um_fetch_user( get_current_user_id() ); $current_user_roles = um_user( 'roles' ); um_reset_user(); @@ -458,7 +462,7 @@ function um_submit_form_errors_hook_( $args ) { case '-1': // Only visible to profile owner and admins if ( ! is_user_logged_in() ) { $can_view = false; - } elseif ( $args['user_id'] != get_current_user_id() && ! UM()->roles()->um_user_can( 'can_edit_everyone' ) ) { + } elseif ( $args['user_id'] != get_current_user_id() && ! $can_edit ) { $can_view = false; } break; diff --git a/includes/um-short-functions.php b/includes/um-short-functions.php index b4d26837..81c9bb62 100644 --- a/includes/um-short-functions.php +++ b/includes/um-short-functions.php @@ -1514,8 +1514,12 @@ function um_can_view_field( $data ) { if ( isset( $data['public'] ) && UM()->fields()->set_mode != 'register' ) { + $can_edit = false; $current_user_roles = []; if ( is_user_logged_in() ) { + + $can_edit = UM()->roles()->um_current_user_can( 'edit', um_user( 'ID' ) ); + $previous_user = um_user( 'ID' ); um_fetch_user( get_current_user_id() ); @@ -1534,7 +1538,7 @@ function um_can_view_field( $data ) { case '-1': // Only visible to profile owner and users who can edit other member accounts if ( ! is_user_logged_in() ) { $can_view = false; - } elseif ( ! um_is_user_himself() && ! UM()->roles()->um_user_can( 'can_edit_everyone' ) ) { + } elseif ( ! um_is_user_himself() && ! $can_edit ) { $can_view = false; } break; From 2cd4a74be887dc5061939bb014328ac17e765acb Mon Sep 17 00:00:00 2001 From: nikitasinelnikov Date: Wed, 7 Apr 2021 12:55:37 +0300 Subject: [PATCH 4/4] - fixed the "required" validation for the empty multiselect field; --- assets/js/um-scripts.js | 15 +++++++-------- assets/js/um-scripts.min.js | 2 +- 2 files changed, 8 insertions(+), 9 deletions(-) diff --git a/assets/js/um-scripts.js b/assets/js/um-scripts.js index 9ff1d5cb..28e0a1ab 100644 --- a/assets/js/um-scripts.js +++ b/assets/js/um-scripts.js @@ -124,14 +124,13 @@ jQuery(document).ready(function() { function unselectEmptyOption( e ) { var $element = jQuery( e.currentTarget ); var $selected = $element.find(':selected'); - if ( $selected.length > 1 ) { - $selected.each( function ( i, option ) { - if ( option.value === '' ) { - option.selected = false; - $element.trigger( 'change' ); - } - }); - } + + $selected.each( function ( i, option ) { + if ( option.value === '' ) { + option.selected = false; + $element.trigger( 'change' ); + } + }); } if ( typeof( jQuery.fn.select2 ) === 'function' ) { diff --git a/assets/js/um-scripts.min.js b/assets/js/um-scripts.min.js index e7bb2c81..8dc3db92 100644 --- a/assets/js/um-scripts.min.js +++ b/assets/js/um-scripts.min.js @@ -1 +1 @@ -function um_init_datetimepicker(){jQuery(".um-datepicker:not(.picker__input)").each(function(){var e=jQuery(this),t=!1;void 0!==e.attr("data-disabled_weekdays")&&""!==e.attr("data-disabled_weekdays")&&(t=JSON.parse(e.attr("data-disabled_weekdays")));var a=null;void 0!==e.attr("data-years")&&(a=e.attr("data-years"));var i=e.attr("data-date_min"),r=e.attr("data-date_max"),n=[],u=[];void 0!==i&&(n=i.split(",")),void 0!==r&&(u=r.split(","));var o=n.length?new Date(n):null,d=n.length?new Date(u):null;if(o&&"Invalid Date"==o.toString()&&3==n.length){var s=n[1]+"/"+n[2]+"/"+n[0];o=new Date(Date.parse(s))}if(d&&"Invalid Date"==d.toString()&&3==u.length){var l=u[1]+"/"+u[2]+"/"+u[0];d=new Date(Date.parse(l))}var c={disable:t,format:e.attr("data-format"),formatSubmit:"yyyy/mm/dd",hiddenName:!0,onOpen:function(){e.blur()},onClose:function(){e.blur()}};null!==a&&(c.selectYears=a),null!==o&&(c.min=o),null!==d&&(c.max=d),e.pickadate(c)}),jQuery(".um-timepicker:not(.picker__input)").each(function(){var e=jQuery(this);e.pickatime({format:e.attr("data-format"),interval:parseInt(e.attr("data-intervals")),formatSubmit:"HH:i",hiddenName:!0,onOpen:function(){e.blur()},onClose:function(){e.blur()}})})}function init_tipsy(){"function"==typeof jQuery.fn.tipsy&&(jQuery(".um-tip-n").tipsy({gravity:"n",opacity:1,live:"a.live",offset:3}),jQuery(".um-tip-w").tipsy({gravity:"w",opacity:1,live:"a.live",offset:3}),jQuery(".um-tip-e").tipsy({gravity:"e",opacity:1,live:"a.live",offset:3}),jQuery(".um-tip-s").tipsy({gravity:"s",opacity:1,live:"a.live",offset:3}))}jQuery(document).ready(function(){function a(e){var a=jQuery(e.currentTarget),t=a.find(":selected");1