Commit Graph

80 Commits

Author SHA1 Message Date
Mykyta Synelnikov a102d22ce1 Prevent shortcode execution in user input sanitization.
Added `strip_shortcodes` across various sanitization routines to ensure user inputs do not execute shortcodes. This enhances security by blocking unintended shortcode processing in fields such as text, email, URLs, and form descriptions.
2025-06-24 17:16:28 +03:00
yuriinalivaiko 8bf8a0130b fixed "Download your data" and "Erase of your data" fields layout. 2025-01-17 16:03:51 +02:00
Mykyta Synelnikov 8d33c43130 Fixes 'um_dispatch_email' action #1589
* Sending email notifications directly (without Action Scheduler) on user delete action;
* Changed activation handler priority for integration with Action Scheduler
* Added 'fetch_user_id' argument for fetching the necessary user before email sending when Action Scheduler is active.
2024-11-19 17:48:10 +02:00
Mykyta Synelnikov 91a0c13399 Merge branch 'development/2.8.x' into feature/action-schedule-integration 2024-10-21 17:45:42 +03:00
Yurii Nalivaiko b1d2f20d84 Renamed action to be more clear 2024-09-26 15:35:25 +02:00
Mykyta Synelnikov 2aaa4c56e9 * changed hook for sitewide using session destroyer as soon as user email is changed; 2024-09-25 02:41:53 +03:00
Mykyta Synelnikov 4c3f292a53 * manually reviewed #1433;
* avoid using separate option for this functionality;
2024-09-25 02:04:53 +03:00
Yurii Nalivaiko 275ba09188 Changed actions to use maybe action scheduler 2024-09-10 13:17:31 +02:00
Mykyta Synelnikov 3a36d9df47 Merge pull request #1491 from ultimatemember/security/CVE-2024-2765
CVE 2024 2765
2024-04-02 17:30:11 +03:00
Mykyta Synelnikov a4d20fe4fd - reviewed #1481; 2024-04-02 17:28:54 +03:00
Mykyta Synelnikov 35b470e928 - reviewed #1476; 2024-03-28 15:59:50 +02:00
ashubawork fdef6c1349 - disable duplicate emails 2024-03-28 11:38:34 +02:00
Mykyta Synelnikov d48bcac683 - fixed using esc_attr() in href="" attributes; 2024-03-27 11:06:02 +02:00
Mykyta Synelnikov e1f550afb5 - changed "e-mail" to "email";
- changed texts for admin notices;
- added a few links to docs;
2024-02-16 15:12:21 +02:00
Mykyta Synelnikov 47e97ceb59 - updated hookdocs;
- partially reviewed site health functionality;
- hide notifications tab setting when there aren't any possible notifications for disabling in User Account (#1318)
2023-10-03 13:30:02 +03:00
Mykyta Synelnikov 886d418705 - reviewed #1212 and manually merged it into development/2.6.9; 2023-07-25 13:22:22 +03:00
ashubawork 4675f619a7 - fix wpcs 2023-07-19 13:51:26 +03:00
ashubawork 51f2606931 - fix um_safe_redirect for deleting user 2023-07-19 13:49:49 +03:00
Mykyta Synelnikov dad4c8017c - fix for profile form; 2023-07-01 01:52:43 +03:00
Mykyta Synelnikov 7fafa3a4b3 - fix for registration form; 2023-06-30 21:55:59 +03:00
ashubawork 5c40cf7b08 - fix wrong user id in account block 2023-04-27 12:51:57 +03:00
Nikita Sinelnikov 0f8b87f288 - closed #1100; 2022-12-13 15:25:32 +02:00
Nikita Sinelnikov b98f2a6edf - fixed issue with visible ID. Changed it to the user_login. It's WordPress native logic for reset password links and form; 2022-08-11 21:49:19 +03:00
Nikita Sinelnikov fa9b85773e - fixed using special chars inside the password; 2022-06-10 01:53:35 +03:00
Nikita Sinelnikov 74bfdbcb18 - closed #927;
- updated readme;
2021-12-14 18:31:47 +02:00
Nikita Sinelnikov 9c9ac59be7 - changed version to 2.3.0;
- added update for Required strong password option;
2021-12-14 17:44:07 +02:00
Champ Camba f69fcc1dd0 Fix text in export and delete requests in Account > Privacy tab 2021-12-03 20:12:11 +08:00
Nikita Sinelnikov fc92903f97 - fixed updating display_name if there is set the User Display Name setting to Default WP Display Name in UM > General > Users > Display name;
- fixed typo in the password validation
2021-09-21 18:26:57 +03:00
Nikita Sinelnikov e8c1497ec4 - fixed password length validation;
- added settings for the password min/max length;
2021-09-21 13:25:49 +03:00
Nikita Sinelnikov 575923686b Merge branch 'development/2.2.5' of https://github.com/ultimatemember/ultimatemember into development/2.2.5 2021-09-20 21:38:26 +03:00
Nikita Sinelnikov 895cb4e077 - reviewed #920; 2021-09-20 21:38:09 +03:00
Nikita Sinelnikov ef4a2b9e12 Merge pull request #921 from ultimatemember/fix/update_display_name
Update Display name in Account update
2021-09-20 21:37:17 +03:00
yuriinalivaiko 218eced137 - fixed display_name update on account update 2021-09-20 18:57:18 +03:00
yuriinalivaiko c4badadcb7 - make Username (user_login) not editable in Account 2021-09-20 17:51:54 +03:00
Nikita Sinelnikov 07e664be80 - intermediate results with sanitizing form handlers; 2021-06-29 02:51:54 +03:00
yuriinalivaiko 235194ef0b minor fix: typo 2021-04-02 17:08:14 +03:00
nikitasinelnikov 5740bc637d - fixed: PHP notices and warnings
- fixed: security vulnerability with User Account page and password field
2021-03-03 13:13:44 +02:00
Champ Camba bf65ec43e1 Fix Download Personal Data URL
_export_file_url no longer stored in the postmeta table
2020-11-20 23:10:09 +08:00
nikitasinelnikov 5e782cf922 - fixed account submission for password reset; 2020-08-03 18:06:26 +03:00
nikitasinelnikov 46a3acc3bf - fixed account page import data queries;
- fixed member directory role filter PHP notice;
- fixed OpenGraph data on the user profile page;
2020-05-13 15:57:23 +03:00
ashubawork f108a2a42f - fix erase user data field 2020-04-24 12:25:34 +03:00
Champ Camba 9010bb1493 Remove notices in account form 2020-04-14 16:08:37 +08:00
nikitasinelnikov f31d283eae - added string translation; 2020-04-09 16:22:53 +03:00
andrewshuba 6c65095d79 - change export/erase personal data in account page 2020-02-26 16:03:16 +02:00
nikitasinelnikov 7057558578 - fixed RTL styles; 2020-02-24 10:27:11 +02:00
nikitasinelnikov 455287f05c - added option for hide_in_members default setting; 2020-01-14 23:48:33 +02:00
nikitasinelnikov 7a722065ee - merged erase/export data feature; 2020-01-14 17:20:31 +02:00
andrewshuba bef264d9ed - add privacy settings: export and erase request 2019-12-06 15:02:38 +02:00
nikitasinelnikov 8fe4ece67a - text changes; 2019-11-28 12:51:44 +02:00
Champ Camba 8aff6c6acf Fix referencing user_id in account form 2019-11-21 14:08:15 +08:00