mirror of
https://github.com/10h30/ultimatemember.git
synced 2026-06-05 15:09:37 +09:00
- fixed conflict with saving capabilities;
This commit is contained in:
Mykyta Synelnikov
@@ -1081,7 +1081,6 @@ if ( ! class_exists( 'um\admin\Admin' ) ) {
|
||||
return $value;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* @param $value
|
||||
*
|
||||
@@ -1092,6 +1091,15 @@ if ( ! class_exists( 'um\admin\Admin' ) ) {
|
||||
return $value;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param $value
|
||||
*
|
||||
* @return array
|
||||
*/
|
||||
public function sanitize_wp_capabilities_assoc( $value ) {
|
||||
$value = array_map( 'sanitize_key', array_filter( $value ) );
|
||||
return $value;
|
||||
}
|
||||
|
||||
/**
|
||||
* Sanitize role meta fields when wp-admin form has been submitted
|
||||
|
||||
@@ -206,8 +206,6 @@ if ( ! class_exists( 'um\admin\Secure' ) ) {
|
||||
$disabled_capabilities = UM()->options()->get_default( 'banned_capabilities' );
|
||||
$disabled_capabilities_text = '<strong>' . implode( '</strong>, <strong>', $disabled_capabilities ) . '</strong>';
|
||||
|
||||
$saved_options = UM()->options()->get( 'banned_capabilities' );
|
||||
|
||||
$scanner_content = '<button class="button um-secure-scan-content">' . esc_html__( 'Scan Now', 'ultimate-member' ) . '</button>';
|
||||
$scanner_content .= '<span class="um-secure-scan-results">';
|
||||
$scanner_content .= esc_html__( 'Last scan:', 'ultimate-member' ) . ' ';
|
||||
@@ -228,11 +226,11 @@ if ( ! class_exists( 'um\admin\Secure' ) ) {
|
||||
'id' => 'banned_capabilities',
|
||||
'type' => 'multi_checkbox',
|
||||
'multi' => true,
|
||||
'assoc' => true,
|
||||
'checkbox_key' => true,
|
||||
'columns' => 2,
|
||||
'options_disabled' => $disabled_capabilities,
|
||||
'options' => $banned_capabilities,
|
||||
'value' => ! empty( $saved_options ) ? array_keys( $saved_options ) : $disabled_capabilities,
|
||||
'label' => __( 'Banned Administrative Capabilities', 'ultimate-member' ),
|
||||
// translators: %s are disabled default capabilities that are enabled by default.
|
||||
'description' => sprintf( __( 'All the above are default Administrator & Super Admin capabilities. When someone tries to inject capabilities to the Account, Profile & Register forms submission, it will be flagged with this option. The %s capabilities are locked to ensure no users will be created with these capabilities.', 'ultimate-member' ), $disabled_capabilities_text ),
|
||||
@@ -359,7 +357,6 @@ if ( ! class_exists( 'um\admin\Secure' ) ) {
|
||||
*
|
||||
*/
|
||||
public function on_settings_save() {
|
||||
|
||||
if ( isset( $_POST['um_options']['display_login_form_notice'] ) && ! empty( $this->need_flush_meta ) ) { //phpcs:ignore WordPress.Security.NonceVerification
|
||||
global $wpdb;
|
||||
$wpdb->query(
|
||||
|
||||
@@ -54,4 +54,4 @@ if ( ! class_exists( 'um\admin\core\Admin_Forms_Settings' ) ) {
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1214,9 +1214,16 @@ if ( ! class_exists( 'um\admin\core\Admin_Forms' ) ) {
|
||||
$html .= '<span class="um-form-fields-section" style="width:' . floor( 100 / $columns ) . '% !important;">';
|
||||
|
||||
foreach ( $section_fields_per_page as $k => $title ) {
|
||||
$id_attr = ' id="' . esc_attr( $id . '_' . $k ) . '" ';
|
||||
$for_attr = ' for="' . esc_attr( $id . '_' . $k ) . '" ';
|
||||
$name_attr = ' name="' . $name . '[' . $k . ']" ';
|
||||
$id_attr = ' id="' . esc_attr( $id . '_' . $k ) . '" ';
|
||||
$for_attr = ' for="' . esc_attr( $id . '_' . $k ) . '" ';
|
||||
|
||||
if ( ! empty( $field_data['assoc'] ) ) {
|
||||
$name_attr = ' name="' . esc_attr( $name ) . '[]" ';
|
||||
$value_attr = ' value="' . esc_attr( $k ) . '" ';
|
||||
} else {
|
||||
$name_attr = ' name="' . esc_attr( $name ) . '[' . esc_attr( $k ) . ']" ';
|
||||
$value_attr = ' value="1" ';
|
||||
}
|
||||
$disabed_attr = '';
|
||||
|
||||
$data = array(
|
||||
@@ -1240,7 +1247,7 @@ if ( ! class_exists( 'um\admin\core\Admin_Forms' ) ) {
|
||||
}
|
||||
|
||||
$html .= "<label $for_attr>
|
||||
<input type=\"checkbox\" " . checked( in_array( $k, $values, true ), true, false ) . "$disabed_attr $id_attr $name_attr $data_attr value=\"1\" $class_attr>
|
||||
<input type=\"checkbox\" " . checked( in_array( $k, $values, true ), true, false ) . "$disabed_attr $id_attr $name_attr $data_attr $value_attr $class_attr>
|
||||
<span>$title</span>
|
||||
</label>";
|
||||
}
|
||||
|
||||
@@ -954,7 +954,7 @@ if ( ! class_exists( 'um\admin\core\Admin_Settings' ) ) {
|
||||
'sanitize' => 'bool',
|
||||
),
|
||||
'banned_capabilities' => array(
|
||||
'sanitize' => array( UM()->admin(), 'sanitize_wp_capabilities' ),
|
||||
'sanitize' => array( UM()->admin(), 'sanitize_wp_capabilities_assoc' ),
|
||||
),
|
||||
'secure_notify_admins_banned_accounts' => array(
|
||||
'sanitize' => 'bool',
|
||||
|
||||
@@ -20,6 +20,7 @@ if ( ! class_exists( 'um\common\Secure' ) ) {
|
||||
|
||||
public function hooks() {
|
||||
add_action( 'wp', array( $this, 'schedule_events' ) );
|
||||
add_filter( 'um_get_option_filter__banned_capabilities', array( $this, 'add_default_capabilities' ) );
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -236,5 +237,21 @@ if ( ! class_exists( 'um\common\Secure' ) ) {
|
||||
update_user_meta( $user->ID, 'um_user_blocked', 'suspicious_activity' );
|
||||
update_user_meta( $user->ID, 'um_user_blocked__timestamp', current_time( 'mysql' ) );
|
||||
}
|
||||
|
||||
/**
|
||||
* Always add default banned capabilities.
|
||||
*
|
||||
* @param mixed $option_value
|
||||
*
|
||||
* @return mixed
|
||||
*
|
||||
* @since 2.6.8
|
||||
*/
|
||||
public function add_default_capabilities( $option_value ) {
|
||||
if ( is_array( $option_value ) ) {
|
||||
$option_value = array_merge( $option_value, UM()->options()->get_default( 'banned_capabilities' ) );
|
||||
}
|
||||
return $option_value;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -196,23 +196,18 @@ if ( ! class_exists( 'um\frontend\Secure' ) ) {
|
||||
// Fetch the WP_User object of our user.
|
||||
um_fetch_user( $user_id );
|
||||
$has_admin_cap = false;
|
||||
$arr_banned_caps = array();
|
||||
$arr_banned_caps = UM()->options()->get( 'banned_capabilities' );
|
||||
|
||||
if ( UM()->options()->get( 'banned_capabilities' ) ) {
|
||||
$arr_banned_caps = UM()->options()->get( 'banned_capabilities' );
|
||||
}
|
||||
|
||||
// Add locked administrative capabilities.
|
||||
$arr_banned_caps = array_merge( $arr_banned_caps, UM()->options()->get_default( 'banned_capabilities' ) );
|
||||
|
||||
foreach ( $arr_banned_caps as $cap ) {
|
||||
/**
|
||||
* When there's at least one administrator cap added to the user,
|
||||
* immediately revoke caps and mark as rejected.
|
||||
*/
|
||||
if ( $user->has_cap( $cap ) ) {
|
||||
$has_admin_cap = true;
|
||||
break;
|
||||
if ( is_array( $arr_banned_caps ) ) {
|
||||
foreach ( $arr_banned_caps as $cap ) {
|
||||
/**
|
||||
* When there's at least one administrator cap added to the user,
|
||||
* immediately revoke caps and mark as rejected.
|
||||
*/
|
||||
if ( $user->has_cap( $cap ) ) {
|
||||
$has_admin_cap = true;
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user