10h30/ultimatemember
1
0
Fork 0
mirror of https://github.com/10h30/ultimatemember.git synced 2026-06-05 15:09:37 +09:00
Code Issues Packages Projects Releases Wiki Activity

- intermediate results with sanitizing form handlers;

Browse Source
This commit is contained in:
Nikita Sinelnikov
2021-06-29 02:51:54 +03:00
parent 23d1b982a4
commit 07e664be80
63 changed files with 4337 additions and 2812 deletions
Download Patch File Download Diff File Expand all files Collapse all files
includes/core/class-member-directory-meta.php
+8 -5
View File
@@ -571,7 +571,7 @@ if ( ! class_exists( 'um\core\Member_Directory_Meta' ) ) {
if ( ! empty( $_POST['search'] ) ) {
$search_line = trim( stripslashes( $_POST['search'] ) );
$search_line = trim( stripslashes( sanitize_text_field( $_POST['search'] ) ) );
$searches = array();
foreach ( $this->core_search_fields as $field ) {
@@ -582,7 +582,7 @@ if ( ! class_exists( 'um\core\Member_Directory_Meta' ) ) {
$this->joins[] = "LEFT JOIN {$wpdb->prefix}um_metadata umm_search ON umm_search.user_id = u.ID";
$additional_search = apply_filters( 'um_member_directory_meta_general_search_meta_query', '', stripslashes( $_POST['search'] ) );
$additional_search = apply_filters( 'um_member_directory_meta_general_search_meta_query', '', stripslashes( sanitize_text_field( $_POST['search'] ) ) );
$search_like_string = apply_filters( 'um_member_directory_meta_search_like_type', '%' . $search_line . '%', $search_line );
@@ -610,6 +610,9 @@ if ( ! class_exists( 'um\core\Member_Directory_Meta' ) ) {
$i = 1;
foreach ( $filter_query as $field => $value ) {
$field = sanitize_text_field( $field );
$value = sanitize_text_field( $value );
$attrs = UM()->fields()->get_field( $field );
// skip private invisible fields
if ( ! um_can_view_field( $attrs ) ) {
@@ -642,7 +645,7 @@ if ( ! class_exists( 'um\core\Member_Directory_Meta' ) ) {
//}
$order = 'ASC';
$sortby = ! empty( $_POST['sorting'] ) ? $_POST['sorting'] : $directory_data['sortby'];
$sortby = ! empty( $_POST['sorting'] ) ? sanitize_text_field( $_POST['sorting'] ) : $directory_data['sortby'];
$sortby = ( $sortby == 'other' ) ? $directory_data['sortby_custom'] : $sortby;
$custom_sort = array();
@@ -755,7 +758,7 @@ if ( ! class_exists( 'um\core\Member_Directory_Meta' ) ) {
}
$query_number = ( ! empty( $directory_data['max_users'] ) && $directory_data['max_users'] <= $profiles_per_page ) ? $directory_data['max_users'] : $profiles_per_page;
$query_paged = ! empty( $_POST['page'] ) ? $_POST['page'] : 1;
$query_paged = ! empty( $_POST['page'] ) ? absint( $_POST['page'] ) : 1;
$number = $query_number;
if ( ! empty( $directory_data['max_users'] ) && $query_paged*$query_number > $directory_data['max_users'] ) {
@@ -850,4 +853,4 @@ if ( ! class_exists( 'um\core\Member_Directory_Meta' ) ) {
wp_send_json_success( $member_directory_response );
}
}
}
}