10h30/ultimatemember
1
0
Fork 0
mirror of https://github.com/10h30/ultimatemember.git synced 2026-06-05 15:09:37 +09:00
Code Issues Packages Projects Releases Wiki Activity

- intermediate results with sanitizing form handlers;

Browse Source
This commit is contained in:
Nikita Sinelnikov
2021-06-29 02:51:54 +03:00
parent 23d1b982a4
commit 07e664be80
63 changed files with 4337 additions and 2812 deletions
Download Patch File Download Diff File Expand all files Collapse all files
includes/core/um-actions-core.php
+22 -25
View File
@@ -1,5 +1,6 @@
<?php if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
<?php if ( ! defined( 'ABSPATH' ) ) {
exit;
}
/**
* Processes the requests of UM actions
@@ -18,29 +19,25 @@ function um_action_request_process() {
return;
}
if ( isset( $_REQUEST['uid'] ) && ! UM()->user()->user_exists_by_id( absint( $_REQUEST['uid'] ) ) ) {
return;
}
if ( isset( $_REQUEST['uid'] ) ) {
if ( is_super_admin( $_REQUEST['uid'] ) ) {
wp_die( __( 'Super administrators can not be modified.', 'ultimate-member' ) );
}
}
// if ( isset( $_REQUEST['um_action'] ) && $_REQUEST['um_action'] != "edit" && ! current_user_can( 'edit_users' ) ) {
// wp_die( __( 'You do not have enough permissions to do that.','ultimate-member') );
// }
$action = sanitize_key( $_REQUEST['um_action'] );
$uid = 0;
if ( isset( $_REQUEST['uid'] ) ) {
$uid = absint( $_REQUEST['uid'] );
}
$role = get_role( UM()->roles()->get_priority_user_role( get_current_user_id() ) );
if ( ! empty( $uid ) && ! UM()->user()->user_exists_by_id( $uid ) ) {
return;
}
if ( ! empty( $uid ) && is_super_admin( $uid ) ) {
wp_die( esc_html__( 'Super administrators can not be modified.', 'ultimate-member' ) );
}
$role = get_role( UM()->roles()->get_priority_user_role( get_current_user_id() ) );
$can_edit_users = current_user_can( 'edit_users' ) && $role->has_cap( 'edit_users' );
switch ( $_REQUEST['um_action'] ) {
switch ( $action ) {
default:
/**
* UM hook
@@ -62,7 +59,7 @@ function um_action_request_process() {
* }
* ?>
*/
do_action( 'um_action_user_request_hook', $_REQUEST['um_action'], $uid );
do_action( 'um_action_user_request_hook', $action, $uid );
break;
case 'edit':
@@ -89,7 +86,7 @@ function um_action_request_process() {
case 'um_reject_membership':
if ( ! $can_edit_users ) {
wp_die( __( 'You do not have permission to make this action.', 'ultimate-member' ) );
wp_die( esc_html__( 'You do not have permission to make this action.', 'ultimate-member' ) );
}
um_fetch_user( $uid );
@@ -100,7 +97,7 @@ function um_action_request_process() {
case 'um_approve_membership':
case 'um_reenable':
if ( ! $can_edit_users ) {
wp_die( __( 'You do not have permission to make this action.', 'ultimate-member' ) );
wp_die( esc_html__( 'You do not have permission to make this action.', 'ultimate-member' ) );
}
add_filter( 'um_template_tags_patterns_hook', array( UM()->password(), 'add_placeholder' ), 10, 1 );
@@ -113,7 +110,7 @@ function um_action_request_process() {
case 'um_put_as_pending':
if ( ! $can_edit_users ) {
wp_die( __( 'You do not have permission to make this action.', 'ultimate-member' ) );
wp_die( esc_html__( 'You do not have permission to make this action.', 'ultimate-member' ) );
}
um_fetch_user( $uid );
@@ -123,7 +120,7 @@ function um_action_request_process() {
case 'um_resend_activation':
if ( ! $can_edit_users ) {
wp_die( __( 'You do not have permission to make this action.', 'ultimate-member' ) );
wp_die( esc_html__( 'You do not have permission to make this action.', 'ultimate-member' ) );
}
add_filter( 'um_template_tags_patterns_hook', array( UM()->user(), 'add_activation_placeholder' ), 10, 1 );
@@ -136,7 +133,7 @@ function um_action_request_process() {
case 'um_deactivate':
if ( ! $can_edit_users ) {
wp_die( __( 'You do not have permission to make this action.', 'ultimate-member' ) );
wp_die( esc_html__( 'You do not have permission to make this action.', 'ultimate-member' ) );
}
um_fetch_user( $uid );
@@ -146,7 +143,7 @@ function um_action_request_process() {
case 'um_delete':
if ( ! UM()->roles()->um_current_user_can( 'delete', $uid ) ) {
wp_die( __( 'You do not have permission to delete this user.', 'ultimate-member' ) );
wp_die( esc_html__( 'You do not have permission to delete this user.', 'ultimate-member' ) );
}
um_fetch_user( $uid );
@@ -156,4 +153,4 @@ function um_action_request_process() {
}
}
add_action( 'template_redirect', 'um_action_request_process', 10000 );
add_action( 'template_redirect', 'um_action_request_process', 10000 );