10h30/ultimatemember
1
0
Fork 0
mirror of https://github.com/10h30/ultimatemember.git synced 2026-06-05 15:09:37 +09:00
Code Issues Packages Projects Releases Wiki Activity

- code review;

Browse Source
This commit is contained in:
nikitasinelnikov
2021-03-03 17:42:25 +02:00
parent b913638ba8
commit 04933e576d
3 changed files with 9 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files
includes/core/um-actions-core.php
+1 -1
View File
@@ -80,7 +80,7 @@ function um_action_request_process() {
break;
case 'um_switch_user':
if ( ! current_user_can( 'delete_users' ) ) {
if ( ! current_user_can( 'manage_options' ) ) {
return;
}
UM()->user()->auto_login( $uid );
includes/core/um-filters-user.php
+5 -3
View File
@@ -12,8 +12,10 @@
function um_admin_user_actions_hook( $actions, $user_id ) {
um_fetch_user( $user_id );
//if ( UM()->roles()->um_current_user_can( 'edit', $user_id ) ) {
if ( current_user_can( 'edit_users' ) ) {
$role = get_role( UM()->roles()->get_priority_user_role( get_current_user_id() ) );
$can_edit_users = current_user_can( 'edit_users' ) && $role->has_cap( 'edit_users' );
if ( $can_edit_users ) {
if ( um_user( 'account_status' ) == 'awaiting_admin_review' ) {
$actions['um_approve_membership'] = array( 'label' => __( 'Approve Membership', 'ultimate-member' ) );
@@ -46,7 +48,7 @@ function um_admin_user_actions_hook( $actions, $user_id ) {
$actions['um_delete'] = array( 'label' => __( 'Delete this user', 'ultimate-member' ) );
}
if ( current_user_can( 'delete_users' ) ) {
if ( current_user_can( 'manage_options' ) ) {
$actions['um_switch_user'] = array( 'label' => __( 'Login as this user', 'ultimate-member' ) );
}
readme.txt
+3 -1
View File
@@ -162,9 +162,11 @@ The plugin works with popular caching plugins by automatically excluding Ultimat
- Added: `um_prepare_user_results_array_meta` hook and the 2nd argument for `um_prepare_user_results_array` hook for handle $user_ids based on getting members query
* Bugfixes:
- Fixed: Using 'edit_users' capability instead of 'manage_options' for approve|reject membership
- Fixed: Using 'manage_options' capability instead of 'delete_users' for switching between members
- Fixed: Using myCRED points metakeys in UM usermeta table
- Fixed: Empty icons are shown in the popup "Choose from... available icons"
- Fixed: Member Directory slider filter with NaN range
- Fixed: Member Directory slider filter with NaN or decimal range
- Fixed: PHP notices and warnings
- Fixed: Security vulnerability with User Account page and password field
- Fixed: User creating without username but based on first+last name with not-ASCII symbols