Mykyta Synelnikov
a102d22ce1
Prevent shortcode execution in user input sanitization.
...
Added `strip_shortcodes` across various sanitization routines to ensure user inputs do not execute shortcodes. This enhances security by blocking unintended shortcode processing in fields such as text, email, URLs, and form descriptions.
2025-06-24 17:16:28 +03:00
yuriinalivaiko
8bf8a0130b
fixed "Download your data" and "Erase of your data" fields layout.
2025-01-17 16:03:51 +02:00
Mykyta Synelnikov
8d33c43130
Fixes 'um_dispatch_email' action #1589
...
* Sending email notifications directly (without Action Scheduler) on user delete action;
* Changed activation handler priority for integration with Action Scheduler
* Added 'fetch_user_id' argument for fetching the necessary user before email sending when Action Scheduler is active.
2024-11-19 17:48:10 +02:00
Mykyta Synelnikov
91a0c13399
Merge branch 'development/2.8.x' into feature/action-schedule-integration
2024-10-21 17:45:42 +03:00
Yurii Nalivaiko
b1d2f20d84
Renamed action to be more clear
2024-09-26 15:35:25 +02:00
Mykyta Synelnikov
2aaa4c56e9
* changed hook for sitewide using session destroyer as soon as user email is changed;
2024-09-25 02:41:53 +03:00
Mykyta Synelnikov
4c3f292a53
* manually reviewed #1433 ;
...
* avoid using separate option for this functionality;
2024-09-25 02:04:53 +03:00
Yurii Nalivaiko
275ba09188
Changed actions to use maybe action scheduler
2024-09-10 13:17:31 +02:00
Mykyta Synelnikov
3a36d9df47
Merge pull request #1491 from ultimatemember/security/CVE-2024-2765
...
CVE 2024 2765
2024-04-02 17:30:11 +03:00
Mykyta Synelnikov
a4d20fe4fd
- reviewed #1481 ;
2024-04-02 17:28:54 +03:00
Mykyta Synelnikov
35b470e928
- reviewed #1476 ;
2024-03-28 15:59:50 +02:00
ashubawork
fdef6c1349
- disable duplicate emails
2024-03-28 11:38:34 +02:00
Mykyta Synelnikov
d48bcac683
- fixed using esc_attr() in href="" attributes;
2024-03-27 11:06:02 +02:00
Mykyta Synelnikov
e1f550afb5
- changed "e-mail" to "email";
...
- changed texts for admin notices;
- added a few links to docs;
2024-02-16 15:12:21 +02:00
Mykyta Synelnikov
47e97ceb59
- updated hookdocs;
...
- partially reviewed site health functionality;
- hide notifications tab setting when there aren't any possible notifications for disabling in User Account (#1318 )
2023-10-03 13:30:02 +03:00
Mykyta Synelnikov
886d418705
- reviewed #1212 and manually merged it into development/2.6.9;
2023-07-25 13:22:22 +03:00
ashubawork
4675f619a7
- fix wpcs
2023-07-19 13:51:26 +03:00
ashubawork
51f2606931
- fix um_safe_redirect for deleting user
2023-07-19 13:49:49 +03:00
Mykyta Synelnikov
dad4c8017c
- fix for profile form;
2023-07-01 01:52:43 +03:00
Mykyta Synelnikov
7fafa3a4b3
- fix for registration form;
2023-06-30 21:55:59 +03:00
ashubawork
5c40cf7b08
- fix wrong user id in account block
2023-04-27 12:51:57 +03:00
Nikita Sinelnikov
0f8b87f288
- closed #1100 ;
2022-12-13 15:25:32 +02:00
Nikita Sinelnikov
b98f2a6edf
- fixed issue with visible ID. Changed it to the user_login. It's WordPress native logic for reset password links and form;
2022-08-11 21:49:19 +03:00
Nikita Sinelnikov
fa9b85773e
- fixed using special chars inside the password;
2022-06-10 01:53:35 +03:00
Nikita Sinelnikov
74bfdbcb18
- closed #927 ;
...
- updated readme;
2021-12-14 18:31:47 +02:00
Nikita Sinelnikov
9c9ac59be7
- changed version to 2.3.0;
...
- added update for Required strong password option;
2021-12-14 17:44:07 +02:00
Champ Camba
f69fcc1dd0
Fix text in export and delete requests in Account > Privacy tab
2021-12-03 20:12:11 +08:00
Nikita Sinelnikov
fc92903f97
- fixed updating display_name if there is set the User Display Name setting to Default WP Display Name in UM > General > Users > Display name;
...
- fixed typo in the password validation
2021-09-21 18:26:57 +03:00
Nikita Sinelnikov
e8c1497ec4
- fixed password length validation;
...
- added settings for the password min/max length;
2021-09-21 13:25:49 +03:00
Nikita Sinelnikov
575923686b
Merge branch 'development/2.2.5' of https://github.com/ultimatemember/ultimatemember into development/2.2.5
2021-09-20 21:38:26 +03:00
Nikita Sinelnikov
895cb4e077
- reviewed #920 ;
2021-09-20 21:38:09 +03:00
Nikita Sinelnikov
ef4a2b9e12
Merge pull request #921 from ultimatemember/fix/update_display_name
...
Update Display name in Account update
2021-09-20 21:37:17 +03:00
yuriinalivaiko
218eced137
- fixed display_name update on account update
2021-09-20 18:57:18 +03:00
yuriinalivaiko
c4badadcb7
- make Username (user_login) not editable in Account
2021-09-20 17:51:54 +03:00
Nikita Sinelnikov
07e664be80
- intermediate results with sanitizing form handlers;
2021-06-29 02:51:54 +03:00
yuriinalivaiko
235194ef0b
minor fix: typo
2021-04-02 17:08:14 +03:00
nikitasinelnikov
5740bc637d
- fixed: PHP notices and warnings
...
- fixed: security vulnerability with User Account page and password field
2021-03-03 13:13:44 +02:00
Champ Camba
bf65ec43e1
Fix Download Personal Data URL
...
_export_file_url no longer stored in the postmeta table
2020-11-20 23:10:09 +08:00
nikitasinelnikov
5e782cf922
- fixed account submission for password reset;
2020-08-03 18:06:26 +03:00
nikitasinelnikov
46a3acc3bf
- fixed account page import data queries;
...
- fixed member directory role filter PHP notice;
- fixed OpenGraph data on the user profile page;
2020-05-13 15:57:23 +03:00
ashubawork
f108a2a42f
- fix erase user data field
2020-04-24 12:25:34 +03:00
Champ Camba
9010bb1493
Remove notices in account form
2020-04-14 16:08:37 +08:00
nikitasinelnikov
f31d283eae
- added string translation;
2020-04-09 16:22:53 +03:00
andrewshuba
6c65095d79
- change export/erase personal data in account page
2020-02-26 16:03:16 +02:00
nikitasinelnikov
7057558578
- fixed RTL styles;
2020-02-24 10:27:11 +02:00
nikitasinelnikov
455287f05c
- added option for hide_in_members default setting;
2020-01-14 23:48:33 +02:00
nikitasinelnikov
7a722065ee
- merged erase/export data feature;
2020-01-14 17:20:31 +02:00
andrewshuba
bef264d9ed
- add privacy settings: export and erase request
2019-12-06 15:02:38 +02:00
nikitasinelnikov
8fe4ece67a
- text changes;
2019-11-28 12:51:44 +02:00
Champ Camba
8aff6c6acf
Fix referencing user_id in account form
2019-11-21 14:08:15 +08:00