10h30/ultimatemember
1
0
Fork 0
mirror of https://github.com/10h30/ultimatemember.git synced 2026-06-05 15:09:37 +09:00
Code Issues Packages Projects Releases Wiki Activity

- sanitizing variables in wp-admin classes;

Browse Source
This commit is contained in:
nikitasinelnikov
2020-02-28 15:51:45 +02:00
parent e0e6030b46
commit 0aab9853d9
14 changed files with 1045 additions and 992 deletions
Download Patch File Download Diff File Expand all files Collapse all files
includes/admin/class-admin-functions.php
+1 -1
View File
@@ -77,7 +77,7 @@ if ( ! class_exists( 'um\admin\Admin_Functions' ) ) {
$cpt = UM()->cpt_list();
if ( isset( $_REQUEST['post_type'] ) ) {
$post_type = $_REQUEST['post_type'];
$post_type = sanitize_key( $_REQUEST['post_type'] );
if ( in_array( $post_type, $cpt ) ) {
return true;
}
includes/admin/class-admin.php
+31 -19
View File
@@ -183,16 +183,20 @@ if ( ! class_exists( 'um\admin\Admin' ) ) {
* @param $action
*/
function duplicate_form( $action ) {
if ( ! is_admin() || ! current_user_can('manage_options') ) die();
if ( ! isset( $_REQUEST['post_id'] ) || ! is_numeric( $_REQUEST['post_id'] ) ) die();
if ( ! is_admin() || ! current_user_can('manage_options') ) {
die();
}
if ( ! isset( $_REQUEST['post_id'] ) || ! is_numeric( $_REQUEST['post_id'] ) ) {
die();
}
$post_id = $_REQUEST['post_id'];
$post_id = absint( $_REQUEST['post_id'] );
$n = array(
'post_type' => 'um_form',
'post_title' => sprintf( __( 'Duplicate of %s', 'ultimate-member' ), get_the_title( $post_id ) ),
'post_status' => 'publish',
'post_author' => get_current_user_id(),
'post_type' => 'um_form',
'post_title' => sprintf( __( 'Duplicate of %s', 'ultimate-member' ), get_the_title( $post_id ) ),
'post_status' => 'publish',
'post_author' => get_current_user_id(),
);
$n_id = wp_insert_post( $n );
@@ -210,10 +214,10 @@ if ( ! class_exists( 'um\admin\Admin' ) ) {
}
delete_post_meta($n_id, '_um_core');
delete_post_meta( $n_id, '_um_core' );
$url = admin_url('edit.php?post_type=um_form');
$url = add_query_arg('update','form_duplicated',$url);
$url = admin_url( 'edit.php?post_type=um_form' );
$url = add_query_arg( 'update', 'form_duplicated', $url );
exit( wp_redirect( $url ) );
@@ -241,13 +245,19 @@ if ( ! class_exists( 'um\admin\Admin' ) ) {
* @param $action
*/
function user_action( $action ) {
if ( !is_admin() || !current_user_can( 'edit_users' ) ) die();
if ( !isset( $_REQUEST['sub'] ) ) die();
if ( !isset($_REQUEST['user_id']) ) die();
if ( ! is_admin() || ! current_user_can( 'edit_users' ) ) {
die();
}
if ( ! isset( $_REQUEST['sub'] ) ) {
die();
}
if ( ! isset( $_REQUEST['user_id'] ) ) {
die();
}
um_fetch_user( $_REQUEST['user_id'] );
um_fetch_user( absint( $_REQUEST['user_id'] ) );
$subaction = $_REQUEST['sub'];
$subaction = sanitize_key( $_REQUEST['sub'] );
/**
* UM hook
@@ -268,7 +278,7 @@ if ( ! class_exists( 'um\admin\Admin' ) ) {
* }
* ?>
*/
do_action( "um_admin_user_action_hook", $subaction );
do_action( 'um_admin_user_action_hook', $subaction );
/**
* UM hook
*
@@ -290,7 +300,7 @@ if ( ! class_exists( 'um\admin\Admin' ) ) {
um_reset_user();
wp_redirect( add_query_arg( 'update', 'user_updated', admin_url('?page=ultimatemember') ) );
wp_redirect( add_query_arg( 'update', 'user_updated', admin_url( '?page=ultimatemember' ) ) );
exit;
}
@@ -317,6 +327,8 @@ if ( ! class_exists( 'um\admin\Admin' ) ) {
*/
function admin_init() {
if ( is_admin() && current_user_can( 'manage_options' ) && ! empty( $_REQUEST['um_adm_action'] ) ) {
$action = sanitize_key( $_REQUEST['um_adm_action'] );
/**
* UM hook
*
@@ -336,7 +348,7 @@ if ( ! class_exists( 'um\admin\Admin' ) ) {
* }
* ?>
*/
do_action( "um_admin_do_action__", $_REQUEST['um_adm_action'] );
do_action( 'um_admin_do_action__', $action );
/**
* UM hook
*
@@ -356,7 +368,7 @@ if ( ! class_exists( 'um\admin\Admin' ) ) {
* }
* ?>
*/
do_action( "um_admin_do_action__{$_REQUEST['um_adm_action']}", $_REQUEST['um_adm_action'] );
do_action( "um_admin_do_action__{$action}", $action );
}
}
includes/admin/core/class-admin-builder.php
+6 -8
View File
@@ -284,11 +284,9 @@ if ( ! class_exists( 'um\admin\core\Admin_Builder' ) ) {
wp_send_json_error( __( 'Please login as administrator', 'ultimate-member' ) );
}
extract( $_POST );
ob_start();
$this->form_id = $_POST['form_id'];
$this->form_id = absint( $_POST['form_id'] );
$this->show_builder();
@@ -609,10 +607,10 @@ if ( ! class_exists( 'um\admin\core\Admin_Builder' ) ) {
$output['error'] = null;
$array = array(
'field_type' => $_POST['_type'],
'form_id' => $_POST['post_id'],
'args' => UM()->builtin()->get_core_field_attrs( $_POST['_type'] ),
'post' => $_POST
'field_type' => sanitize_key( $_POST['_type'] ),
'form_id' => absint( $_POST['post_id'] ),
'args' => UM()->builtin()->get_core_field_attrs( sanitize_key( $_POST['_type'] ) ),
'post' => $_POST
);
/**
@@ -1173,7 +1171,7 @@ if ( ! class_exists( 'um\admin\core\Admin_Builder' ) ) {
$arr_options = array();
$um_callback_func = $_POST['um_option_callback'];
$um_callback_func = sanitize_key( $_POST['um_option_callback'] );
if ( empty( $um_callback_func ) ) {
$arr_options['status'] = 'empty';
$arr_options['function_name'] = $um_callback_func;
includes/admin/core/class-admin-dragdrop.php
+7 -7
View File
@@ -64,19 +64,19 @@ if ( ! class_exists( 'um\admin\core\Admin_DragDrop' ) ) {
$row_id = str_replace( '_um_row_', '', $key );
$row_array = array(
'type' => 'row',
'id' => $value,
'sub_rows' => $_POST[ '_um_rowsub_'.$row_id .'_rows' ],
'cols' => $_POST[ '_um_rowcols_'.$row_id .'_cols' ],
'origin' => $_POST[ '_um_roworigin_'.$row_id . '_val' ],
'type' => 'row',
'id' => $value,
'sub_rows' => $_POST[ '_um_rowsub_' . $row_id . '_rows' ],
'cols' => $_POST[ '_um_rowcols_' . $row_id . '_cols' ],
'origin' => $_POST[ '_um_roworigin_' . $row_id . '_val' ],
);
$row_args = $row_array;
if ( isset( $this->row_data[ $row_array['origin'] ] ) ) {
foreach ( $this->row_data[ $row_array['origin'] ] as $k => $v ){
foreach ( $this->row_data[ $row_array['origin'] ] as $k => $v ) {
if ( $k != 'position' && $k != 'metakey' ) {
$update_args[$k] = $v;
$update_args[ $k ] = $v;
}
}
if ( isset( $update_args ) ) {
includes/admin/core/class-admin-menu.php
+3 -2
View File
@@ -298,8 +298,9 @@ if ( ! class_exists( 'um\admin\core\Admin_Menu' ) ) {
*/
function admin_page() {
$page = $_REQUEST['page'];
if ( $page == 'ultimatemember' && ! isset( $_REQUEST['um-addon'] ) ) { ?>
$page = ! empty( $_REQUEST['page'] ) ? sanitize_key( $_REQUEST['page'] ) : '';
if ( $page == 'ultimatemember' ) { ?>
<div id="um-metaboxes-general" class="wrap">
includes/admin/core/class-admin-metabox.php
+163 -161
View File
@@ -179,14 +179,12 @@ if ( ! class_exists( 'um\admin\core\Admin_Metabox' ) ) {
/**
* @param $post_id
* @param $post
*
* @return mixed
*/
function save_metabox_custom( $post_id, $post ) {
// validate nonce
if ( ! isset( $_POST['um_admin_save_metabox_custom_nonce'] ) ||
! wp_verify_nonce( $_POST['um_admin_save_metabox_custom_nonce'], basename( __FILE__ ) ) ) {
return $post_id;
return;
}
/**
@@ -285,56 +283,52 @@ if ( ! class_exists( 'um\admin\core\Admin_Metabox' ) ) {
/**
* @param $post_id
* @param $post
*
* @return mixed
*/
function save_metabox_restrict_content( $post_id, $post ) {
// validate nonce
if ( ! isset( $_POST['um_admin_save_metabox_restrict_content_nonce'] ) || !wp_verify_nonce( $_POST['um_admin_save_metabox_restrict_content_nonce'], basename( __FILE__ ) ) ) {
return $post_id;
if ( ! isset( $_POST['um_admin_save_metabox_restrict_content_nonce'] ) ||
! wp_verify_nonce( $_POST['um_admin_save_metabox_restrict_content_nonce'], basename( __FILE__ ) ) ) {
return;
}
// validate user
$post_type = get_post_type_object( $post->post_type );
if ( ! current_user_can( $post_type->cap->edit_post, $post_id ) ) {
return $post_id;
return;
}
if ( ! empty( $_POST['um_content_restriction'] ) ) {
if ( ! empty( $_POST['um_content_restriction'] ) && is_array( $_POST['um_content_restriction'] ) ) {
update_post_meta( $post_id, 'um_content_restriction', $_POST['um_content_restriction'] );
} else {
delete_post_meta( $post_id, 'um_content_restriction' );
}
return $post_id;
}
/**
* @param $post_id
*
* @return mixed
*/
function save_attachment_metabox_restrict_content( $post_id ) {
// validate nonce
if ( ! isset( $_POST['um_admin_save_metabox_restrict_content_nonce'] ) || !wp_verify_nonce( $_POST['um_admin_save_metabox_restrict_content_nonce'], basename( __FILE__ ) ) )
return $post_id;
if ( ! isset( $_POST['um_admin_save_metabox_restrict_content_nonce'] )
|| ! wp_verify_nonce( $_POST['um_admin_save_metabox_restrict_content_nonce'], basename( __FILE__ ) ) ) {
return;
}
$post = get_post( $post_id );
// validate user
$post_type = get_post_type_object( $post->post_type );
if ( ! current_user_can( $post_type->cap->edit_post, $post_id ) ) {
return $post_id;
return;
}
if ( ! empty( $_POST['um_content_restriction'] ) ) {
if ( ! empty( $_POST['um_content_restriction'] ) && is_array( $_POST['um_content_restriction'] ) ) {
update_post_meta( $post_id, 'um_content_restriction', $_POST['um_content_restriction'] );
} else {
delete_post_meta( $post_id, 'um_content_restriction' );
}
return $post_id;
}
@@ -375,102 +369,102 @@ if ( ! class_exists( 'um\admin\core\Admin_Metabox' ) ) {
*/
$fields = apply_filters( 'um_admin_category_access_settings_fields', array(
array(
'id' => '_um_custom_access_settings',
'type' => 'checkbox',
'label' => __( 'Restrict access to this content?', 'ultimate-member' ),
'description' => __( 'Activate content restriction for this post', 'ultimate-member' ),
'value' => ! empty( $data['_um_custom_access_settings'] ) ? $data['_um_custom_access_settings'] : 0,
'id' => '_um_custom_access_settings',
'type' => 'checkbox',
'label' => __( 'Restrict access to this content?', 'ultimate-member' ),
'description' => __( 'Activate content restriction for this post', 'ultimate-member' ),
'value' => ! empty( $data['_um_custom_access_settings'] ) ? $data['_um_custom_access_settings'] : 0,
),
array(
'id' => '_um_accessible',
'type' => 'select',
'label' => __( 'Who can access this content?', 'ultimate-member' ),
'description' => __( 'Activate content restriction for this post', 'ultimate-member' ),
'value' => ! empty( $data['_um_accessible'] ) ? $data['_um_accessible'] : 0,
'options' => array(
'id' => '_um_accessible',
'type' => 'select',
'label' => __( 'Who can access this content?', 'ultimate-member' ),
'description' => __( 'Activate content restriction for this post', 'ultimate-member' ),
'value' => ! empty( $data['_um_accessible'] ) ? $data['_um_accessible'] : 0,
'options' => array(
'0' => __( 'Everyone', 'ultimate-member' ),
'1' => __( 'Logged out users', 'ultimate-member' ),
'2' => __( 'Logged in users', 'ultimate-member' ),
),
'conditional' => array( '_um_custom_access_settings', '=', '1' )
'conditional' => array( '_um_custom_access_settings', '=', '1' )
),
array(
'id' => '_um_access_roles',
'type' => 'multi_checkbox',
'label' => __( 'Select which roles can access this content', 'ultimate-member' ),
'description' => __( 'Activate content restriction for this post', 'ultimate-member' ),
'options' => UM()->roles()->get_roles( false, array( 'administrator' ) ),
'id' => '_um_access_roles',
'type' => 'multi_checkbox',
'label' => __( 'Select which roles can access this content', 'ultimate-member' ),
'description' => __( 'Activate content restriction for this post', 'ultimate-member' ),
'options' => UM()->roles()->get_roles( false, array( 'administrator' ) ),
'columns' => 3,
'conditional' => array( '_um_accessible', '=', '2' )
'conditional' => array( '_um_accessible', '=', '2' )
),
array(
'id' => '_um_noaccess_action',
'type' => 'select',
'label' => __( 'What happens when users without access tries to view the content?', 'ultimate-member' ),
'description' => __( 'Action when users without access tries to view the content', 'ultimate-member' ),
'value' => ! empty( $data['_um_noaccess_action'] ) ? $data['_um_noaccess_action'] : 0,
'options' => array(
'id' => '_um_noaccess_action',
'type' => 'select',
'label' => __( 'What happens when users without access tries to view the content?', 'ultimate-member' ),
'description' => __( 'Action when users without access tries to view the content', 'ultimate-member' ),
'value' => ! empty( $data['_um_noaccess_action'] ) ? $data['_um_noaccess_action'] : 0,
'options' => array(
'0' => __( 'Show access restricted message', 'ultimate-member' ),
'1' => __( 'Redirect user', 'ultimate-member' ),
),
'conditional' => array( '_um_accessible', '!=', '0' )
'conditional' => array( '_um_accessible', '!=', '0' )
),
array(
'id' => '_um_restrict_by_custom_message',
'type' => 'select',
'label' => __( 'Would you like to use the global default message or apply a custom message to this content?', 'ultimate-member' ),
'description' => __( 'Action when users without access tries to view the content', 'ultimate-member' ),
'value' => ! empty( $data['_um_restrict_by_custom_message'] ) ? $data['_um_restrict_by_custom_message'] : '0',
'options' => array(
'id' => '_um_restrict_by_custom_message',
'type' => 'select',
'label' => __( 'Would you like to use the global default message or apply a custom message to this content?', 'ultimate-member' ),
'description' => __( 'Action when users without access tries to view the content', 'ultimate-member' ),
'value' => ! empty( $data['_um_restrict_by_custom_message'] ) ? $data['_um_restrict_by_custom_message'] : '0',
'options' => array(
'0' => __( 'Global default message (default)', 'ultimate-member' ),
'1' => __( 'Custom message', 'ultimate-member' ),
),
'conditional' => array( '_um_noaccess_action', '=', '0' )
'conditional' => array( '_um_noaccess_action', '=', '0' )
),
array(
'id' => '_um_restrict_custom_message',
'type' => 'wp_editor',
'label' => __( 'Custom Restrict Content message', 'ultimate-member' ),
'description' => __( 'Changed global restrict message', 'ultimate-member' ),
'value' => ! empty( $data['_um_restrict_custom_message'] ) ? $data['_um_restrict_custom_message'] : '',
'conditional' => array( '_um_restrict_by_custom_message', '=', '1' )
'id' => '_um_restrict_custom_message',
'type' => 'wp_editor',
'label' => __( 'Custom Restrict Content message', 'ultimate-member' ),
'description' => __( 'Changed global restrict message', 'ultimate-member' ),
'value' => ! empty( $data['_um_restrict_custom_message'] ) ? $data['_um_restrict_custom_message'] : '',
'conditional' => array( '_um_restrict_by_custom_message', '=', '1' )
),
array(
'id' => '_um_access_redirect',
'type' => 'select',
'label' => __( 'Where should users be redirected to?', 'ultimate-member' ),
'description' => __( 'Select redirect to page when user hasn\'t access to content', 'ultimate-member' ),
'value' => ! empty( $data['_um_access_redirect'] ) ? $data['_um_access_redirect'] : '0',
'conditional' => array( '_um_noaccess_action', '=', '1' ),
'options' => array(
'id' => '_um_access_redirect',
'type' => 'select',
'label' => __( 'Where should users be redirected to?', 'ultimate-member' ),
'description' => __( 'Select redirect to page when user hasn\'t access to content', 'ultimate-member' ),
'value' => ! empty( $data['_um_access_redirect'] ) ? $data['_um_access_redirect'] : '0',
'conditional' => array( '_um_noaccess_action', '=', '1' ),
'options' => array(
'0' => __( 'Login page', 'ultimate-member' ),
'1' => __( 'Custom URL', 'ultimate-member' ),
),
),
array(
'id' => '_um_access_redirect_url',
'type' => 'text',
'label' => __( 'Redirect URL', 'ultimate-member' ),
'description' => __( 'Changed global restrict message', 'ultimate-member' ),
'value' => ! empty( $data['_um_access_redirect_url'] ) ? $data['_um_access_redirect_url'] : '',
'conditional' => array( '_um_access_redirect', '=', '1' )
'id' => '_um_access_redirect_url',
'type' => 'text',
'label' => __( 'Redirect URL', 'ultimate-member' ),
'description' => __( 'Changed global restrict message', 'ultimate-member' ),
'value' => ! empty( $data['_um_access_redirect_url'] ) ? $data['_um_access_redirect_url'] : '',
'conditional' => array( '_um_access_redirect', '=', '1' )
),
array(
'id' => '_um_access_hide_from_queries',
'type' => 'checkbox',
'label' => __( 'Hide from queries', 'ultimate-member' ),
'description' => __( 'Hide this content from archives, RSS feeds etc for users who do not have permission to view this content', 'ultimate-member' ),
'value' => ! empty( $data['_um_access_hide_from_queries'] ) ? $data['_um_access_hide_from_queries'] : '',
'conditional' => array( '_um_accessible', '!=', '0' )
'id' => '_um_access_hide_from_queries',
'type' => 'checkbox',
'label' => __( 'Hide from queries', 'ultimate-member' ),
'description' => __( 'Hide this content from archives, RSS feeds etc for users who do not have permission to view this content', 'ultimate-member' ),
'value' => ! empty( $data['_um_access_hide_from_queries'] ) ? $data['_um_access_hide_from_queries'] : '',
'conditional' => array( '_um_accessible', '!=', '0' )
)
), $data, 'create' );
UM()->admin_forms( array(
'class' => 'um-restrict-content um-third-column',
'prefix_id' => 'um_content_restriction',
'without_wrapper' => true,
'div_line' => true,
'fields' => $fields
'class' => 'um-restrict-content um-third-column',
'prefix_id' => 'um_content_restriction',
'without_wrapper' => true,
'div_line' => true,
'fields' => $fields
) )->render_form();
wp_nonce_field( basename( __FILE__ ), 'um_admin_save_taxonomy_restrict_content_nonce' );
@@ -525,110 +519,110 @@ if ( ! class_exists( 'um\admin\core\Admin_Metabox' ) ) {
*/
$fields = apply_filters( 'um_admin_category_access_settings_fields', array(
array(
'id' => '_um_custom_access_settings',
'type' => 'checkbox',
'class' => 'form-field',
'label' => __( 'Restrict access to this content?', 'ultimate-member' ),
'description' => __( 'Activate content restriction for this post', 'ultimate-member' ),
'value' => ! empty( $data['_um_custom_access_settings'] ) ? $data['_um_custom_access_settings'] : 0,
'id' => '_um_custom_access_settings',
'type' => 'checkbox',
'class' => 'form-field',
'label' => __( 'Restrict access to this content?', 'ultimate-member' ),
'description' => __( 'Activate content restriction for this post', 'ultimate-member' ),
'value' => ! empty( $data['_um_custom_access_settings'] ) ? $data['_um_custom_access_settings'] : 0,
),
array(
'id' => '_um_accessible',
'type' => 'select',
'class' => 'form-field',
'label' => __( 'Who can access this content?', 'ultimate-member' ),
'description' => __( 'Activate content restriction for this post', 'ultimate-member' ),
'value' => ! empty( $data['_um_accessible'] ) ? $data['_um_accessible'] : 0,
'options' => array(
'id' => '_um_accessible',
'type' => 'select',
'class' => 'form-field',
'label' => __( 'Who can access this content?', 'ultimate-member' ),
'description' => __( 'Activate content restriction for this post', 'ultimate-member' ),
'value' => ! empty( $data['_um_accessible'] ) ? $data['_um_accessible'] : 0,
'options' => array(
'0' => __( 'Everyone', 'ultimate-member' ),
'1' => __( 'Logged out users', 'ultimate-member' ),
'2' => __( 'Logged in users', 'ultimate-member' ),
),
'conditional' => array( '_um_custom_access_settings', '=', '1' )
'conditional' => array( '_um_custom_access_settings', '=', '1' )
),
array(
'id' => '_um_access_roles',
'type' => 'multi_checkbox',
'class' => 'form-field',
'label' => __( 'Select which roles can access this content', 'ultimate-member' ),
'description' => __( 'Activate content restriction for this post', 'ultimate-member' ),
'value' => $_um_access_roles_value,
'options' => UM()->roles()->get_roles( false, array( 'administrator' ) ),
'id' => '_um_access_roles',
'type' => 'multi_checkbox',
'class' => 'form-field',
'label' => __( 'Select which roles can access this content', 'ultimate-member' ),
'description' => __( 'Activate content restriction for this post', 'ultimate-member' ),
'value' => $_um_access_roles_value,
'options' => UM()->roles()->get_roles( false, array( 'administrator' ) ),
'columns' => 3,
'conditional' => array( '_um_accessible', '=', '2' )
'conditional' => array( '_um_accessible', '=', '2' )
),
array(
'id' => '_um_noaccess_action',
'type' => 'select',
'class' => 'form-field',
'label' => __( 'What happens when users without access tries to view the content?', 'ultimate-member' ),
'description' => __( 'Action when users without access tries to view the content', 'ultimate-member' ),
'value' => ! empty( $data['_um_noaccess_action'] ) ? $data['_um_noaccess_action'] : 0,
'options' => array(
'id' => '_um_noaccess_action',
'type' => 'select',
'class' => 'form-field',
'label' => __( 'What happens when users without access tries to view the content?', 'ultimate-member' ),
'description' => __( 'Action when users without access tries to view the content', 'ultimate-member' ),
'value' => ! empty( $data['_um_noaccess_action'] ) ? $data['_um_noaccess_action'] : 0,
'options' => array(
'0' => __( 'Show access restricted message', 'ultimate-member' ),
'1' => __( 'Redirect user', 'ultimate-member' ),
),
'conditional' => array( '_um_accessible', '!=', '0' )
'conditional' => array( '_um_accessible', '!=', '0' )
),
array(
'id' => '_um_restrict_by_custom_message',
'type' => 'select',
'class' => 'form-field',
'label' => __( 'Would you like to use the global default message or apply a custom message to this content?', 'ultimate-member' ),
'description' => __( 'Action when users without access tries to view the content', 'ultimate-member' ),
'value' => ! empty( $data['_um_restrict_by_custom_message'] ) ? $data['_um_restrict_by_custom_message'] : '0',
'options' => array(
'id' => '_um_restrict_by_custom_message',
'type' => 'select',
'class' => 'form-field',
'label' => __( 'Would you like to use the global default message or apply a custom message to this content?', 'ultimate-member' ),
'description' => __( 'Action when users without access tries to view the content', 'ultimate-member' ),
'value' => ! empty( $data['_um_restrict_by_custom_message'] ) ? $data['_um_restrict_by_custom_message'] : '0',
'options' => array(
'0' => __( 'Global default message (default)', 'ultimate-member' ),
'1' => __( 'Custom message', 'ultimate-member' ),
),
'conditional' => array( '_um_noaccess_action', '=', '0' )
'conditional' => array( '_um_noaccess_action', '=', '0' )
),
array(
'id' => '_um_restrict_custom_message',
'type' => 'wp_editor',
'class' => 'form-field',
'label' => __( 'Custom Restrict Content message', 'ultimate-member' ),
'description' => __( 'Changed global restrict message', 'ultimate-member' ),
'value' => ! empty( $data['_um_restrict_custom_message'] ) ? $data['_um_restrict_custom_message'] : '',
'conditional' => array( '_um_restrict_by_custom_message', '=', '1' )
'id' => '_um_restrict_custom_message',
'type' => 'wp_editor',
'class' => 'form-field',
'label' => __( 'Custom Restrict Content message', 'ultimate-member' ),
'description' => __( 'Changed global restrict message', 'ultimate-member' ),
'value' => ! empty( $data['_um_restrict_custom_message'] ) ? $data['_um_restrict_custom_message'] : '',
'conditional' => array( '_um_restrict_by_custom_message', '=', '1' )
),
array(
'id' => '_um_access_redirect',
'type' => 'select',
'class' => 'form-field',
'label' => __( 'Where should users be redirected to?', 'ultimate-member' ),
'description' => __( 'Select redirect to page when user hasn\'t access to content', 'ultimate-member' ),
'value' => ! empty( $data['_um_access_redirect'] ) ? $data['_um_access_redirect'] : '0',
'conditional' => array( '_um_noaccess_action', '=', '1' ),
'options' => array(
'id' => '_um_access_redirect',
'type' => 'select',
'class' => 'form-field',
'label' => __( 'Where should users be redirected to?', 'ultimate-member' ),
'description' => __( 'Select redirect to page when user hasn\'t access to content', 'ultimate-member' ),
'value' => ! empty( $data['_um_access_redirect'] ) ? $data['_um_access_redirect'] : '0',
'conditional' => array( '_um_noaccess_action', '=', '1' ),
'options' => array(
'0' => __( 'Login page', 'ultimate-member' ),
'1' => __( 'Custom URL', 'ultimate-member' ),
),
),
array(
'id' => '_um_access_redirect_url',
'type' => 'text',
'class' => 'form-field',
'label' => __( 'Redirect URL', 'ultimate-member' ),
'description' => __( 'Changed global restrict message', 'ultimate-member' ),
'value' => ! empty( $data['_um_access_redirect_url'] ) ? $data['_um_access_redirect_url'] : '',
'conditional' => array( '_um_access_redirect', '=', '1' )
'id' => '_um_access_redirect_url',
'type' => 'text',
'class' => 'form-field',
'label' => __( 'Redirect URL', 'ultimate-member' ),
'description' => __( 'Changed global restrict message', 'ultimate-member' ),
'value' => ! empty( $data['_um_access_redirect_url'] ) ? $data['_um_access_redirect_url'] : '',
'conditional' => array( '_um_access_redirect', '=', '1' )
),
array(
'id' => '_um_access_hide_from_queries',
'type' => 'checkbox',
'class' => 'form-field',
'label' => __( 'Hide from queries', 'ultimate-member' ),
'description' => __( 'Hide this content from archives, RSS feeds etc for users who do not have permission to view this content', 'ultimate-member' ),
'value' => ! empty( $data['_um_access_hide_from_queries'] ) ? $data['_um_access_hide_from_queries'] : '',
'conditional' => array( '_um_accessible', '!=', '0' )
'id' => '_um_access_hide_from_queries',
'type' => 'checkbox',
'class' => 'form-field',
'label' => __( 'Hide from queries', 'ultimate-member' ),
'description' => __( 'Hide this content from archives, RSS feeds etc for users who do not have permission to view this content', 'ultimate-member' ),
'value' => ! empty( $data['_um_access_hide_from_queries'] ) ? $data['_um_access_hide_from_queries'] : '',
'conditional' => array( '_um_accessible', '!=', '0' )
)
), $data, 'edit' );
UM()->admin_forms( array(
'class' => 'um-restrict-content um-third-column',
'prefix_id' => 'um_content_restriction',
'without_wrapper' => true,
'class' => 'um-restrict-content um-third-column',
'prefix_id' => 'um_content_restriction',
'without_wrapper' => true,
'fields' => $fields
) )->render_form();
@@ -656,7 +650,7 @@ if ( ! class_exists( 'um\admin\core\Admin_Metabox' ) ) {
return $termID;
}
if ( ! empty( $_REQUEST['um_content_restriction'] ) ) {
if ( ! empty( $_REQUEST['um_content_restriction'] ) && is_array( $_REQUEST['um_content_restriction'] ) ) {
update_term_meta( $termID, 'um_content_restriction', $_REQUEST['um_content_restriction'] );
} else {
delete_term_meta( $termID, 'um_content_restriction' );
@@ -1045,7 +1039,8 @@ if ( ! class_exists( 'um\admin\core\Admin_Metabox' ) ) {
global $wpdb;
// validate nonce
if ( ! isset( $_POST['um_admin_save_metabox_directory_nonce'] ) || ! wp_verify_nonce( $_POST['um_admin_save_metabox_directory_nonce'], basename( __FILE__ ) ) ) {
if ( ! isset( $_POST['um_admin_save_metabox_directory_nonce'] ) ||
! wp_verify_nonce( $_POST['um_admin_save_metabox_directory_nonce'], basename( __FILE__ ) ) ) {
return;
}
@@ -1063,10 +1058,10 @@ if ( ! class_exists( 'um\admin\core\Admin_Metabox' ) ) {
$where = array( 'ID' => $post_id );
if ( empty( $_POST['post_title'] ) ) {
$_POST['post_title'] = 'Directory #'.$post_id;
$_POST['post_title'] = sprintf( __( 'Directory #%s', 'ultimate-member' ), $post_id );
}
$wpdb->update( $wpdb->posts, array( 'post_title' => $_POST['post_title'] ), $where );
$wpdb->update( $wpdb->posts, array( 'post_title' => sanitize_text_field( $_POST['post_title'] ) ), $where );
// save
delete_post_meta( $post_id, '_um_roles' );
@@ -1126,25 +1121,32 @@ if ( ! class_exists( 'um\admin\core\Admin_Metabox' ) ) {
*
* @param $post_id
* @param $post
*
* @return mixed
*/
function save_metabox_form( $post_id, $post ) {
global $wpdb;
// validate nonce
if ( !isset( $_POST['um_admin_save_metabox_form_nonce'] ) || !wp_verify_nonce( $_POST['um_admin_save_metabox_form_nonce'], basename( __FILE__ ) ) ) return $post_id;
if ( ! isset( $_POST['um_admin_save_metabox_form_nonce'] ) ||
! wp_verify_nonce( $_POST['um_admin_save_metabox_form_nonce'], basename( __FILE__ ) ) ) {
return;
}
// validate post type
if ( $post->post_type != 'um_form' ) return $post_id;
if ( $post->post_type != 'um_form' ) {
return;
}
// validate user
$post_type = get_post_type_object( $post->post_type );
if ( !current_user_can( $post_type->cap->edit_post, $post_id ) ) return $post_id;
if ( ! current_user_can( $post_type->cap->edit_post, $post_id ) ) {
return;
}
$where = array( 'ID' => $post_id );
if ( empty( $_POST['post_title'] ) ) $_POST['post_title'] = 'Form #' . $post_id;
$wpdb->update( $wpdb->posts, array( 'post_title' => $_POST['post_title'] ), $where );
if ( empty( $_POST['post_title'] ) ) {
$_POST['post_title'] = sprintf( __( 'Form #%s', 'ultimate-member' ), $post_id );
}
$wpdb->update( $wpdb->posts, array( 'post_title' => sanitize_text_field( $_POST['post_title'] ) ), $where );
// save
delete_post_meta( $post_id, '_um_profile_metafields' );
includes/admin/core/class-admin-notices.php
+9 -7
View File
@@ -374,19 +374,21 @@ if ( ! class_exists( 'um\admin\core\Admin_Notices' ) ) {
return;
}
$update = $_REQUEST['update'];
$update = sanitize_key( $_REQUEST['update'] );
switch( $update ) {
case 'confirm_delete':
$request_users = array_map( 'absint', (array) $_REQUEST['user'] );
$confirm_uri = admin_url( 'users.php?' . http_build_query( array(
'um_adm_action' => 'delete_users',
'user' => array_map( 'intval', (array) $_REQUEST['user'] ),
'user' => $request_users,
'confirm' => 1
) ) );
$users = '';
if ( isset( $_REQUEST['user'] ) ){
foreach ( $_REQUEST['user'] as $user_id ) {
if ( isset( $request_users ) ) {
foreach ( $request_users as $user_id ) {
$user = get_userdata( $user_id );
$users .= '#' . $user_id . ': ' . $user->user_login . '<br />';
}
@@ -394,8 +396,8 @@ if ( ! class_exists( 'um\admin\core\Admin_Notices' ) ) {
$ignore = admin_url( 'users.php' );
$messages[0]['err_content'] = sprintf( __( 'Are you sure you want to delete the selected user(s)? The following users will be deleted: <p>%s</p> <strong>This cannot be undone!</strong>','ultimate-member'), $users);
$messages[0]['err_content'] .= '<p><a href="'. esc_url( $confirm_uri ) .'" class="button-primary">' . __( 'Remove', 'ultimate-member' ) . '</a>&nbsp;&nbsp;<a href="' . esc_url( $ignore ) . '" class="button">' . __('Undo','ultimate-member') . '</a></p>';
$messages[0]['err_content'] = sprintf( __( 'Are you sure you want to delete the selected user(s)? The following users will be deleted: <p>%s</p> <strong>This cannot be undone!</strong>', 'ultimate-member' ), $users );
$messages[0]['err_content'] .= '<p><a href="'. esc_url( $confirm_uri ) .'" class="button-primary">' . __( 'Remove', 'ultimate-member' ) . '</a>&nbsp;&nbsp;<a href="' . esc_url( $ignore ) . '" class="button">' . __( 'Undo', 'ultimate-member' ) . '</a></p>';
break;
@@ -688,7 +690,7 @@ if ( ! class_exists( 'um\admin\core\Admin_Notices' ) ) {
}
$hidden_notices = get_option( 'um_hidden_admin_notices', array() );
$hidden_notices[] = $_POST['key'];
$hidden_notices[] = sanitize_key( $_POST['key'] );
update_option( 'um_hidden_admin_notices', $hidden_notices );
includes/admin/core/class-admin-settings.php
+20 -18
View File
@@ -91,7 +91,9 @@ if ( ! class_exists( 'um\admin\core\Admin_Settings' ) ) {
wp_send_json_error( __( 'Wrong callback', 'ultimate-member' ) );
}
if ( 'um_usermeta_fields' == $_POST['cb_func'] ) {
$cb_func = sanitize_key( $_POST['cb_func'] );
if ( 'um_usermeta_fields' == $cb_func ) {
//first install metatable
global $wpdb;
@@ -169,7 +171,7 @@ if ( ! class_exists( 'um\admin\core\Admin_Settings' ) ) {
UM()->options()->update( 'member_directory_own_table', true );
wp_send_json_success();
} elseif ( 'um_get_metadata' == $_POST['cb_func'] ) {
} elseif ( 'um_get_metadata' == $cb_func ) {
global $wpdb;
$wp_usermeta_option = get_option( 'um_usermeta_fields', array() );
@@ -181,7 +183,7 @@ if ( ! class_exists( 'um\admin\core\Admin_Settings' ) ) {
);
wp_send_json_success( array( 'count' => $count ) );
} elseif ( 'um_update_metadata_per_page' == $_POST['cb_func'] ) {
} elseif ( 'um_update_metadata_per_page' == $cb_func ) {
if ( empty( $_POST['page'] ) ) {
wp_send_json_error( __( 'Wrong data', 'ultimate-member' ) );
@@ -196,7 +198,7 @@ if ( ! class_exists( 'um\admin\core\Admin_Settings' ) ) {
FROM {$wpdb->usermeta}
WHERE meta_key IN ('" . implode( "','", $wp_usermeta_option ) . "')
LIMIT %d, %d",
( $_POST['page'] - 1 ) * $per_page,
( absint( $_POST['page'] ) - 1 ) * $per_page,
$per_page
), ARRAY_A );
@@ -212,8 +214,8 @@ if ( ! class_exists( 'um\admin\core\Admin_Settings' ) ) {
VALUES " . implode( ',', $values ) );
}
$from = ( $_POST['page'] * $per_page ) - $per_page + 1;
$to = $_POST['page'] * $per_page;
$from = ( absint( $_POST['page'] ) * $per_page ) - $per_page + 1;
$to = absint( $_POST['page'] ) * $per_page;
wp_send_json_success( array( 'message' => sprintf( __( 'Metadata from %s to %s was upgraded successfully...', 'ultimate-member' ), $from, $to ) ) );
}
@@ -1412,8 +1414,8 @@ if ( ! class_exists( 'um\admin\core\Admin_Settings' ) ) {
* Settings page callback
*/
function settings_page() {
$current_tab = empty( $_GET['tab'] ) ? '' : urldecode( $_GET['tab'] );
$current_subtab = empty( $_GET['section'] ) ? '' : urldecode( $_GET['section'] );
$current_tab = empty( $_GET['tab'] ) ? '' : sanitize_key( $_GET['tab'] );
$current_subtab = empty( $_GET['section'] ) ? '' : sanitize_key( $_GET['section'] );
$settings_struct = $this->settings_structure[ $current_tab ];
@@ -1605,7 +1607,7 @@ if ( ! class_exists( 'um\admin\core\Admin_Settings' ) ) {
}
}
$current_tab = empty( $_GET['tab'] ) ? '' : urldecode( $_GET['tab'] );
$current_tab = empty( $_GET['tab'] ) ? '' : sanitize_key( $_GET['tab'] );
foreach ( $menu_tabs as $name => $label ) {
$active = ( $current_tab == $name ) ? 'nav-tab-active' : '';
$tabs .= '<a href="' . esc_url( admin_url( 'admin.php?page=um_options' . ( empty( $name ) ? '' : '&tab=' . $name ) ) ) . '" class="nav-tab ' . $active . '">' .
@@ -1660,8 +1662,8 @@ if ( ! class_exists( 'um\admin\core\Admin_Settings' ) ) {
$subtabs = '<div><ul class="subsubsub">';
$current_tab = empty( $_GET['tab'] ) ? '' : urldecode( $_GET['tab'] );
$current_subtab = empty( $_GET['section'] ) ? '' : urldecode( $_GET['section'] );
$current_tab = empty( $_GET['tab'] ) ? '' : sanitize_key( $_GET['tab'] );
$current_subtab = empty( $_GET['section'] ) ? '' : sanitize_key( $_GET['section'] );
foreach ( $menu_subtabs as $name => $label ) {
$active = ( $current_subtab == $name ) ? 'current' : '';
$subtabs .= '<a href="' . esc_url( admin_url( 'admin.php?page=um_options' . ( empty( $current_tab ) ? '' : '&tab=' . $current_tab ) . ( empty( $name ) ? '' : '&section=' . $name ) ) ) . '" class="' . $active . '">'
@@ -1680,7 +1682,7 @@ if ( ! class_exists( 'um\admin\core\Admin_Settings' ) ) {
*/
function save_settings_handler() {
if ( isset( $_POST['um-settings-action'] ) && 'save' == $_POST['um-settings-action'] && ! empty( $_POST['um_options'] ) ) {
if ( isset( $_POST['um-settings-action'] ) && 'save' == sanitize_key( $_POST['um-settings-action'] ) && ! empty( $_POST['um_options'] ) ) {
$nonce = ! empty( $_POST['__umnonce'] ) ? $_POST['__umnonce'] : '';
@@ -1759,11 +1761,11 @@ if ( ! class_exists( 'um\admin\core\Admin_Settings' ) ) {
);
if ( ! empty( $_GET['tab'] ) ) {
$arg['tab'] = $_GET['tab'];
$arg['tab'] = sanitize_key( $_GET['tab'] );
}
if ( ! empty( $_GET['section'] ) ) {
$arg['section'] = $_GET['section'];
$arg['section'] = sanitize_key( $_GET['section'] );
}
um_js_redirect( add_query_arg( $arg, admin_url( 'admin.php' ) ) );
@@ -1780,12 +1782,12 @@ if ( ! class_exists( 'um\admin\core\Admin_Settings' ) ) {
function remove_empty_values( $settings ) {
$tab = '';
if ( ! empty( $_GET['tab'] ) ) {
$tab = $_GET['tab'];
$tab = sanitize_key( $_GET['tab'] );
}
$section = '';
if ( ! empty( $_GET['section'] ) ) {
$section = $_GET['section'];
$section = sanitize_key( $_GET['section'] );
}
if ( isset( $this->settings_structure[ $tab ]['sections'][ $section ]['fields'] ) ) {
@@ -2078,7 +2080,7 @@ if ( ! class_exists( 'um\admin\core\Admin_Settings' ) ) {
*
*/
function settings_before_email_tab() {
$email_key = empty( $_GET['email'] ) ? '' : urldecode( $_GET['email'] );
$email_key = empty( $_GET['email'] ) ? '' : sanitize_key( $_GET['email'] );
$emails = UM()->config()->email_notifications;
if ( empty( $email_key ) || empty( $emails[ $email_key ] ) ) {
@@ -2093,7 +2095,7 @@ if ( ! class_exists( 'um\admin\core\Admin_Settings' ) ) {
* @return string
*/
function settings_email_tab( $section ) {
$email_key = empty( $_GET['email'] ) ? '' : urldecode( $_GET['email'] );
$email_key = empty( $_GET['email'] ) ? '' : sanitize_key( $_GET['email'] );
$emails = UM()->config()->email_notifications;
if ( empty( $email_key ) || empty( $emails[ $email_key ] ) ) {
includes/admin/core/class-admin-users.php
+11 -11
View File
@@ -126,7 +126,7 @@ if ( ! class_exists( 'um\admin\core\Admin_Users' ) ) {
</div>
<?php if ( ! empty( $_REQUEST['status'] ) ) { ?>
<input type="hidden" name="status" id="um_status" value="<?php echo esc_attr( $_REQUEST['status'] );?>"/>
<input type="hidden" name="status" id="um_status" value="<?php echo esc_attr( sanitize_key( $_REQUEST['status'] ) );?>"/>
<?php }
}
@@ -247,7 +247,7 @@ if ( ! class_exists( 'um\admin\core\Admin_Users' ) ) {
if ( is_admin() && $pagenow == 'users.php' ) {
if ( ! isset( $_REQUEST['orderby'] ) ) {
$query->query_vars["order"] = 'desc';
$query->query_orderby = " ORDER BY user_registered " . ( $query->query_vars["order"] == "desc" ? "desc " : "asc " ); //set sort order
$query->query_orderby = " ORDER BY user_registered " . ( $query->query_vars["order"] == 'desc' ? 'desc ' : 'asc ' ); //set sort order
}
}
@@ -266,7 +266,7 @@ if ( ! class_exists( 'um\admin\core\Admin_Users' ) ) {
if ( is_admin() && $pagenow == 'users.php' && ! empty( $_GET['status'] ) ) {
$status = urldecode( $_GET['status'] );
$status = sanitize_key( $_GET['status'] );
if ( $status == 'needs-verification' ) {
$query->query_where = str_replace('WHERE 1=1',
@@ -305,9 +305,9 @@ if ( ! class_exists( 'um\admin\core\Admin_Users' ) ) {
$views = array();
if ( ! isset( $_REQUEST['role'] ) && ! isset( $_REQUEST['status'] ) ) {
$views['all'] = '<a href="' . admin_url( 'users.php' ) . '" class="current">All <span class="count">(' . UM()->query()->count_users() . ')</span></a>';
$views['all'] = '<a href="' . admin_url( 'users.php' ) . '" class="current">' . __( 'All', 'ultimate-member' ) . ' <span class="count">(' . UM()->query()->count_users() . ')</span></a>';
} else {
$views['all'] = '<a href="' . admin_url( 'users.php' ) . '">All <span class="count">(' . UM()->query()->count_users() . ')</span></a>';
$views['all'] = '<a href="' . admin_url( 'users.php' ) . '">' . __( 'All', 'ultimate-member' ) . ' <span class="count">(' . UM()->query()->count_users() . ')</span></a>';
}
$status = array(
@@ -321,13 +321,13 @@ if ( ! class_exists( 'um\admin\core\Admin_Users' ) ) {
UM()->query()->count_users_by_status( 'unassigned' );
foreach ( $status as $k => $v ) {
if ( isset( $_REQUEST['status'] ) && $_REQUEST['status'] == $k ) {
if ( isset( $_REQUEST['status'] ) && sanitize_key( $_REQUEST['status'] ) == $k ) {
$current = 'class="current"';
} else {
$current = '';
}
$views[ $k ] = '<a href="' . esc_url( admin_url( 'users.php' ) . '?status=' . $k ) . '" ' . $current . '>'. $v . ' <span class="count">('.UM()->query()->count_users_by_status( $k ).')</span></a>';
$views[ $k ] = '<a href="' . esc_url( admin_url( 'users.php' ) . '?status=' . $k ) . '" ' . $current . '>' . $v . ' <span class="count">(' . UM()->query()->count_users_by_status( $k ) . ')</span></a>';
}
/**
@@ -383,7 +383,7 @@ if ( ! class_exists( 'um\admin\core\Admin_Users' ) ) {
check_admin_referer( 'bulk-users' );
$users = $_REQUEST['users'];
$users = array_map( 'absint', (array) $_REQUEST['users'] );
$bulk_action = current( array_filter( $_REQUEST['um_bulk_action'] ) );
foreach ( $users as $user_id ) {
@@ -408,7 +408,7 @@ if ( ! class_exists( 'um\admin\core\Admin_Users' ) ) {
* }
* ?>
*/
do_action( "um_admin_user_action_hook", $bulk_action );
do_action( 'um_admin_user_action_hook', $bulk_action );
/**
* UM hook
@@ -463,11 +463,11 @@ if ( ! class_exists( 'um\admin\core\Admin_Users' ) ) {
function set_redirect_uri( $uri ) {
if ( ! empty( $_REQUEST['s'] ) ) {
$uri = add_query_arg( 's', $_REQUEST['s'], $uri );
$uri = add_query_arg( 's', sanitize_text_field( $_REQUEST['s'] ), $uri );
}
if ( ! empty( $_REQUEST['status'] ) ) {
$uri = add_query_arg( 'status', $_REQUEST['status'], $uri );
$uri = add_query_arg( 'status', sanitize_key( $_REQUEST['status'] ), $uri );
}
return $uri;
includes/admin/core/list-tables/roles-list-table.php
+7 -7
View File
@@ -16,11 +16,11 @@ if ( isset( $_GET['action'] ) ) {
case 'delete': {
$role_keys = array();
if ( isset( $_REQUEST['id'] ) ) {
check_admin_referer( 'um_role_delete' . $_REQUEST['id'] . get_current_user_id() );
$role_keys = (array) $_REQUEST['id'];
check_admin_referer( 'um_role_delete' . sanitize_key( $_REQUEST['id'] ) . get_current_user_id() );
$role_keys = (array) sanitize_key( $_REQUEST['id'] );
} elseif( isset( $_REQUEST['item'] ) ) {
check_admin_referer( 'bulk-' . sanitize_key( __( 'Roles', 'ultimate-member' ) ) );
$role_keys = $_REQUEST['item'];
$role_keys = array_map( 'sanitize_key', $_REQUEST['item'] );
}
if ( ! count( $role_keys ) ) {
@@ -83,18 +83,18 @@ if ( isset( $_GET['action'] ) ) {
case 'reset': {
$role_keys = array();
if ( isset( $_REQUEST['id'] ) ) {
check_admin_referer( 'um_role_reset' . $_REQUEST['id'] . get_current_user_id() );
$role_keys = (array) $_REQUEST['id'];
check_admin_referer( 'um_role_reset' . sanitize_key( $_REQUEST['id'] ) . get_current_user_id() );
$role_keys = (array) sanitize_key( $_REQUEST['id'] );
} elseif( isset( $_REQUEST['item'] ) ) {
check_admin_referer( 'bulk-' . sanitize_key( __( 'Roles', 'ultimate-member' ) ) );
$role_keys = $_REQUEST['item'];
$role_keys = array_map( 'sanitize_key', $_REQUEST['item'] );
}
if ( ! count( $role_keys ) ) {
um_js_redirect( $redirect );
}
foreach ( $role_keys as $k=>$role_key ) {
foreach ( $role_keys as $k => $role_key ) {
$role_meta = get_option( "um_role_{$role_key}_meta" );
if ( ! empty( $role_meta['_um_is_custom'] ) ) {
includes/admin/core/packages/2.0-beta1/functions.php
-14
View File
@@ -181,13 +181,6 @@ function um_upgrade_update_forum_per_page20beta1() {
$roles_associations = get_option( 'um_roles_associations' );
/*$bb_forums = get_posts( array(
'post_type' => 'forum',
'paged' => $_POST['page'],
'numberposts' => $posts_per_page,
'fields' => 'ids'
) );*/
$p_query = new WP_Query;
$bb_forums = $p_query->query( array(
'post_type' => 'forum',
@@ -254,13 +247,6 @@ function um_upgrade_update_products_per_page20beta1() {
$roles_associations = get_option( 'um_roles_associations' );
/*$wc_products = get_posts( array(
'post_type' => 'product',
'numberposts' => $posts_per_page,
'paged' => $_POST['page'],
'fields' => 'ids'
) );*/
$p_query = new WP_Query;
$wc_products = $p_query->query( array(
'post_type' => 'product',
includes/admin/templates/extensions.php
+4 -4
View File
@@ -176,12 +176,12 @@ $free['terms-conditions'] = array(
<div class="wp-filter">
<ul class="filter-links">
<li>
<a href="?page=ultimatemember-extensions&filter=premium" class="<?php if ( ! isset( $_REQUEST['filter'] ) || isset( $_REQUEST['filter'] ) && $_REQUEST['filter'] == 'premium' ) { echo 'current'; } ?>">
<a href="?page=ultimatemember-extensions&filter=premium" class="<?php if ( ! isset( $_REQUEST['filter'] ) || isset( $_REQUEST['filter'] ) && sanitize_key( $_REQUEST['filter'] ) == 'premium' ) { echo 'current'; } ?>">
<?php _e( 'Premium', 'ultimate-member' ) ?>
</a>
</li>
<li>
<a href="?page=ultimatemember-extensions&filter=free" class="<?php if ( isset( $_REQUEST['filter'] ) && $_REQUEST['filter'] == 'free' ) { echo 'current'; } ?>">
<a href="?page=ultimatemember-extensions&filter=free" class="<?php if ( isset( $_REQUEST['filter'] ) && sanitize_key( $_REQUEST['filter'] ) == 'free' ) { echo 'current'; } ?>">
<?php _e( 'Free', 'ultimate-member' ) ?>
</a>
</li>
@@ -190,7 +190,7 @@ $free['terms-conditions'] = array(
<div class="wp-list-table widefat plugin-install">
<div id="the-list">
<?php if ( ! isset( $_REQUEST['filter'] ) || isset( $_REQUEST['filter'] ) && $_REQUEST['filter'] == 'premium' ) {
<?php if ( ! isset( $_REQUEST['filter'] ) || isset( $_REQUEST['filter'] ) && sanitize_key( $_REQUEST['filter'] ) == 'premium' ) {
foreach ( $premium as $key => $info ) { ?>
<div class="plugin-card">
@@ -224,7 +224,7 @@ $free['terms-conditions'] = array(
<?php }
}
if ( isset( $_REQUEST['filter'] ) && $_REQUEST['filter'] == 'free' ) {
if ( isset( $_REQUEST['filter'] ) && sanitize_key( $_REQUEST['filter'] ) == 'free' ) {
foreach ( $free as $key => $info ) { ?>
<div class="plugin-card">
includes/admin/templates/role/wp-capabilities.php
+6 -6
View File
@@ -76,16 +76,16 @@
}
UM()->admin_forms( array(
'class' => 'um-role-wp-capabilities',
'prefix_id' => 'role',
'class' => 'um-role-wp-capabilities',
'prefix_id' => 'role',
'fields' => array(
array(
'id' => 'wp_capabilities',
'type' => 'multi_checkbox',
'id' => 'wp_capabilities',
'type' => 'multi_checkbox',
'options' => $fields,
'value' => ! empty( $role_capabilities ) ? $role_capabilities : array(),
'columns' => 3,
'without_label' => true,
'columns' => 3,
'without_label' => true,
)
)
) )->render_form(); ?>