diff --git a/includes/core/class-access.php b/includes/core/class-access.php index a4d66d04..094e148c 100644 --- a/includes/core/class-access.php +++ b/includes/core/class-access.php @@ -248,11 +248,12 @@ if ( ! class_exists( 'um\core\Access' ) ) { $ms_empty_role_access = is_multisite() && is_user_logged_in() && !UM()->roles()->get_priority_user_role( um_user('ID') ); if ( is_front_page() ) { - if ( is_user_logged_in() && !$ms_empty_role_access ) { + if ( is_user_logged_in() && ! $ms_empty_role_access ) { $user_default_homepage = um_user( 'default_homepage' ); - if ( ! empty( $user_default_homepage ) ) + if ( ! empty( $user_default_homepage ) ) { return; + } $redirect_homepage = um_user( 'redirect_homepage' ); /** @@ -291,8 +292,9 @@ if ( ! class_exists( 'um\core\Access' ) ) { if ( $home_page_accessible == 0 ) { //get redirect URL if not set get login page by default $redirect = UM()->options()->get( 'access_redirect' ); - if ( ! $redirect ) + if ( ! $redirect ) { $redirect = um_get_core_page( 'login' ); + } $this->redirect_handler = $this->set_referer( esc_url( add_query_arg( 'redirect_to', urlencode_deep( $curr ), $redirect ) ), 'global' ); } else { @@ -312,8 +314,9 @@ if ( ! class_exists( 'um\core\Access' ) ) { if ( $category_page_accessible == 0 ) { //get redirect URL if not set get login page by default $redirect = UM()->options()->get( 'access_redirect' ); - if ( ! $redirect ) + if ( ! $redirect ) { $redirect = um_get_core_page( 'login' ); + } $this->redirect_handler = $this->set_referer( esc_url( add_query_arg( 'redirect_to', urlencode_deep( $curr ), $redirect ) ), 'global' ); } else { @@ -326,7 +329,7 @@ if ( ! class_exists( 'um\core\Access' ) ) { $access = UM()->options()->get( 'accessible' ); - if ( $access == 2 && ( !is_user_logged_in() || $ms_empty_role_access ) ) { + if ( $access == 2 && ( ! is_user_logged_in() || $ms_empty_role_access ) ) { //build exclude URLs pages $redirects = array(); @@ -391,8 +394,9 @@ if ( ! class_exists( 'um\core\Access' ) ) { //also skip if we currently at UM Register|Login|Reset Password pages if ( um_is_core_post( $post, 'register' ) || um_is_core_post( $post, 'password-reset' ) || - um_is_core_post( $post, 'login' ) ) + um_is_core_post( $post, 'login' ) ) { return; + } /** * UM hook @@ -413,8 +417,9 @@ if ( ! class_exists( 'um\core\Access' ) ) { */ do_action( 'um_access_check_individual_term_settings' ); //exit from function if term page is accessible - if ( $this->check_access() ) + if ( $this->check_access() ) { return; + } /** * UM hook diff --git a/includes/core/class-form.php b/includes/core/class-form.php index 632756ca..18f9347b 100644 --- a/includes/core/class-form.php +++ b/includes/core/class-form.php @@ -379,25 +379,30 @@ if ( ! class_exists( 'um\core\Form' ) ) { $custom_field_roles = $this->custom_field_roles( $this->form_data['custom_fields'] ); if ( ! empty( $_POST['role'] ) ) { - $role = $_POST['role']; + if ( ! empty( $custom_field_roles ) ) { + $role = $_POST['role']; - if ( is_array( $_POST['role'] ) ) { - $role = current( $_POST['role'] ); + if ( is_array( $_POST['role'] ) ) { + $role = current( $_POST['role'] ); + } + + global $wp_roles; + $role_keys = array_map( function( $item ) { + return 'um_' . $item; + }, get_option( 'um_roles', array() ) ); + $exclude_roles = array_diff( array_keys( $wp_roles->roles ), array_merge( $role_keys, array( 'subscriber' ) ) ); + + if ( ! empty( $role ) && + ( ! in_array( $role, $custom_field_roles, true ) || in_array( $role, $exclude_roles ) ) ) { + wp_die( __( 'This is not possible for security reasons.', 'ultimate-member' ) ); + } + + $this->post_form['role'] = $role; + $this->post_form['submitted']['role'] = $role; + } else { + unset( $this->post_form['role'] ); + unset( $this->post_form['submitted']['role'] ); } - - global $wp_roles; - $role_keys = array_map( function( $item ) { - return 'um_' . $item; - }, get_option( 'um_roles', array() ) ); - $exclude_roles = array_diff( array_keys( $wp_roles->roles ), array_merge( $role_keys, array( 'subscriber' ) ) ); - - if ( ! empty( $role ) && - ( ! in_array( $role, $custom_field_roles, true ) || in_array( $role, $exclude_roles ) ) ) { - wp_die( __( 'This is not possible for security reasons.', 'ultimate-member' ) ); - } - - $this->post_form['role'] = $role; - $this->post_form['submitted']['role'] = $role; } } elseif ( isset( $this->post_form['mode'] ) && $this->post_form['mode'] == 'register' ) { @@ -606,6 +611,11 @@ if ( ! class_exists( 'um\core\Form' ) ) { foreach ( $fields as $field_key => $field_settings ) { if ( strstr( $field_key, 'role_' ) && is_array( $field_settings['options'] ) ) { + + if ( $field_settings['editable'] == 0 ) { + continue; + } + $intersected_options = array(); foreach ( $field_settings['options'] as $key => $title ) { if ( false !== $search_key = array_search( $title, $roles ) ) { diff --git a/readme.txt b/readme.txt index 88feebd9..6db98438 100644 --- a/readme.txt +++ b/readme.txt @@ -1,4 +1,4 @@ -=== Ultimate Member - User Profile, Registration & Membership Plugin === +=== Ultimate Member – User Profile, Registration, Login & Membership Plugin === Author URI: https://ultimatemember.com/ Plugin URI: https://ultimatemember.com/ Contributors: ultimatemember, champsupertramp, nsinelnikov @@ -11,7 +11,7 @@ Stable tag: 2.1.10 License: GNU Version 2 or Any Later Version License URI: http://www.gnu.org/licenses/gpl-3.0.txt -The #1 user profile & membership plugin for WordPress. +The #1 plugin for front-end user profiles, registration & login forms, member directories, content restriction and more. == Description ==