diff --git a/includes/core/class-access.php b/includes/core/class-access.php index da490b6c..48e34561 100644 --- a/includes/core/class-access.php +++ b/includes/core/class-access.php @@ -1202,7 +1202,8 @@ if ( ! class_exists( 'um\core\Access' ) ) { $is_singular = ! empty( $query->is_singular ) ? true : false; } - if ( $query->is_main_query() || ! empty( $query->query_vars['um_main_query'] ) ) { + if ( is_object( $query ) && is_a( $query, '\WP_Query' ) && + ( $query->is_main_query() || ! empty( $query->query_vars['um_main_query'] ) ) ) { if ( $is_singular ) { if ( $this->is_restricted( $posts[0]->ID ) ) { $content_restriction = $this->get_post_privacy_settings( $posts[0]->ID ); diff --git a/includes/core/class-fields.php b/includes/core/class-fields.php index c3be45e0..8ecc9915 100644 --- a/includes/core/class-fields.php +++ b/includes/core/class-fields.php @@ -710,7 +710,7 @@ if ( ! class_exists( 'um\core\Fields' ) ) { } if ( 'profile' === $this->set_mode ) { - if ( ! isset( UM()->form()->post_form['profile_nonce'] ) || UM()->form()->post_form['profile_nonce'] !== UM()->form()->nonce ) { + if ( ! isset( UM()->form()->post_form['profile_nonce'] ) || false === wp_verify_nonce( UM()->form()->post_form['profile_nonce'], 'um-profile-nonce' . UM()->user()->target_id ) ) { return ''; } }