mirror of
https://github.com/10h30/ultimatemember.git
synced 2026-06-05 15:09:37 +09:00
- fixed conflict with saving capabilities;
This commit is contained in:
Mykyta Synelnikov
@@ -1081,7 +1081,6 @@ if ( ! class_exists( 'um\admin\Admin' ) ) {
|
|||||||
return $value;
|
return $value;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @param $value
|
* @param $value
|
||||||
*
|
*
|
||||||
@@ -1092,6 +1091,15 @@ if ( ! class_exists( 'um\admin\Admin' ) ) {
|
|||||||
return $value;
|
return $value;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @param $value
|
||||||
|
*
|
||||||
|
* @return array
|
||||||
|
*/
|
||||||
|
public function sanitize_wp_capabilities_assoc( $value ) {
|
||||||
|
$value = array_map( 'sanitize_key', array_filter( $value ) );
|
||||||
|
return $value;
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Sanitize role meta fields when wp-admin form has been submitted
|
* Sanitize role meta fields when wp-admin form has been submitted
|
||||||
|
|||||||
@@ -206,8 +206,6 @@ if ( ! class_exists( 'um\admin\Secure' ) ) {
|
|||||||
$disabled_capabilities = UM()->options()->get_default( 'banned_capabilities' );
|
$disabled_capabilities = UM()->options()->get_default( 'banned_capabilities' );
|
||||||
$disabled_capabilities_text = '<strong>' . implode( '</strong>, <strong>', $disabled_capabilities ) . '</strong>';
|
$disabled_capabilities_text = '<strong>' . implode( '</strong>, <strong>', $disabled_capabilities ) . '</strong>';
|
||||||
|
|
||||||
$saved_options = UM()->options()->get( 'banned_capabilities' );
|
|
||||||
|
|
||||||
$scanner_content = '<button class="button um-secure-scan-content">' . esc_html__( 'Scan Now', 'ultimate-member' ) . '</button>';
|
$scanner_content = '<button class="button um-secure-scan-content">' . esc_html__( 'Scan Now', 'ultimate-member' ) . '</button>';
|
||||||
$scanner_content .= '<span class="um-secure-scan-results">';
|
$scanner_content .= '<span class="um-secure-scan-results">';
|
||||||
$scanner_content .= esc_html__( 'Last scan:', 'ultimate-member' ) . ' ';
|
$scanner_content .= esc_html__( 'Last scan:', 'ultimate-member' ) . ' ';
|
||||||
@@ -228,11 +226,11 @@ if ( ! class_exists( 'um\admin\Secure' ) ) {
|
|||||||
'id' => 'banned_capabilities',
|
'id' => 'banned_capabilities',
|
||||||
'type' => 'multi_checkbox',
|
'type' => 'multi_checkbox',
|
||||||
'multi' => true,
|
'multi' => true,
|
||||||
|
'assoc' => true,
|
||||||
'checkbox_key' => true,
|
'checkbox_key' => true,
|
||||||
'columns' => 2,
|
'columns' => 2,
|
||||||
'options_disabled' => $disabled_capabilities,
|
'options_disabled' => $disabled_capabilities,
|
||||||
'options' => $banned_capabilities,
|
'options' => $banned_capabilities,
|
||||||
'value' => ! empty( $saved_options ) ? array_keys( $saved_options ) : $disabled_capabilities,
|
|
||||||
'label' => __( 'Banned Administrative Capabilities', 'ultimate-member' ),
|
'label' => __( 'Banned Administrative Capabilities', 'ultimate-member' ),
|
||||||
// translators: %s are disabled default capabilities that are enabled by default.
|
// translators: %s are disabled default capabilities that are enabled by default.
|
||||||
'description' => sprintf( __( 'All the above are default Administrator & Super Admin capabilities. When someone tries to inject capabilities to the Account, Profile & Register forms submission, it will be flagged with this option. The %s capabilities are locked to ensure no users will be created with these capabilities.', 'ultimate-member' ), $disabled_capabilities_text ),
|
'description' => sprintf( __( 'All the above are default Administrator & Super Admin capabilities. When someone tries to inject capabilities to the Account, Profile & Register forms submission, it will be flagged with this option. The %s capabilities are locked to ensure no users will be created with these capabilities.', 'ultimate-member' ), $disabled_capabilities_text ),
|
||||||
@@ -359,7 +357,6 @@ if ( ! class_exists( 'um\admin\Secure' ) ) {
|
|||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
public function on_settings_save() {
|
public function on_settings_save() {
|
||||||
|
|
||||||
if ( isset( $_POST['um_options']['display_login_form_notice'] ) && ! empty( $this->need_flush_meta ) ) { //phpcs:ignore WordPress.Security.NonceVerification
|
if ( isset( $_POST['um_options']['display_login_form_notice'] ) && ! empty( $this->need_flush_meta ) ) { //phpcs:ignore WordPress.Security.NonceVerification
|
||||||
global $wpdb;
|
global $wpdb;
|
||||||
$wpdb->query(
|
$wpdb->query(
|
||||||
|
|||||||
@@ -54,4 +54,4 @@ if ( ! class_exists( 'um\admin\core\Admin_Forms_Settings' ) ) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -1214,9 +1214,16 @@ if ( ! class_exists( 'um\admin\core\Admin_Forms' ) ) {
|
|||||||
$html .= '<span class="um-form-fields-section" style="width:' . floor( 100 / $columns ) . '% !important;">';
|
$html .= '<span class="um-form-fields-section" style="width:' . floor( 100 / $columns ) . '% !important;">';
|
||||||
|
|
||||||
foreach ( $section_fields_per_page as $k => $title ) {
|
foreach ( $section_fields_per_page as $k => $title ) {
|
||||||
$id_attr = ' id="' . esc_attr( $id . '_' . $k ) . '" ';
|
$id_attr = ' id="' . esc_attr( $id . '_' . $k ) . '" ';
|
||||||
$for_attr = ' for="' . esc_attr( $id . '_' . $k ) . '" ';
|
$for_attr = ' for="' . esc_attr( $id . '_' . $k ) . '" ';
|
||||||
$name_attr = ' name="' . $name . '[' . $k . ']" ';
|
|
||||||
|
if ( ! empty( $field_data['assoc'] ) ) {
|
||||||
|
$name_attr = ' name="' . esc_attr( $name ) . '[]" ';
|
||||||
|
$value_attr = ' value="' . esc_attr( $k ) . '" ';
|
||||||
|
} else {
|
||||||
|
$name_attr = ' name="' . esc_attr( $name ) . '[' . esc_attr( $k ) . ']" ';
|
||||||
|
$value_attr = ' value="1" ';
|
||||||
|
}
|
||||||
$disabed_attr = '';
|
$disabed_attr = '';
|
||||||
|
|
||||||
$data = array(
|
$data = array(
|
||||||
@@ -1240,7 +1247,7 @@ if ( ! class_exists( 'um\admin\core\Admin_Forms' ) ) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
$html .= "<label $for_attr>
|
$html .= "<label $for_attr>
|
||||||
<input type=\"checkbox\" " . checked( in_array( $k, $values, true ), true, false ) . "$disabed_attr $id_attr $name_attr $data_attr value=\"1\" $class_attr>
|
<input type=\"checkbox\" " . checked( in_array( $k, $values, true ), true, false ) . "$disabed_attr $id_attr $name_attr $data_attr $value_attr $class_attr>
|
||||||
<span>$title</span>
|
<span>$title</span>
|
||||||
</label>";
|
</label>";
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -954,7 +954,7 @@ if ( ! class_exists( 'um\admin\core\Admin_Settings' ) ) {
|
|||||||
'sanitize' => 'bool',
|
'sanitize' => 'bool',
|
||||||
),
|
),
|
||||||
'banned_capabilities' => array(
|
'banned_capabilities' => array(
|
||||||
'sanitize' => array( UM()->admin(), 'sanitize_wp_capabilities' ),
|
'sanitize' => array( UM()->admin(), 'sanitize_wp_capabilities_assoc' ),
|
||||||
),
|
),
|
||||||
'secure_notify_admins_banned_accounts' => array(
|
'secure_notify_admins_banned_accounts' => array(
|
||||||
'sanitize' => 'bool',
|
'sanitize' => 'bool',
|
||||||
|
|||||||
@@ -20,6 +20,7 @@ if ( ! class_exists( 'um\common\Secure' ) ) {
|
|||||||
|
|
||||||
public function hooks() {
|
public function hooks() {
|
||||||
add_action( 'wp', array( $this, 'schedule_events' ) );
|
add_action( 'wp', array( $this, 'schedule_events' ) );
|
||||||
|
add_filter( 'um_get_option_filter__banned_capabilities', array( $this, 'add_default_capabilities' ) );
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@@ -236,5 +237,21 @@ if ( ! class_exists( 'um\common\Secure' ) ) {
|
|||||||
update_user_meta( $user->ID, 'um_user_blocked', 'suspicious_activity' );
|
update_user_meta( $user->ID, 'um_user_blocked', 'suspicious_activity' );
|
||||||
update_user_meta( $user->ID, 'um_user_blocked__timestamp', current_time( 'mysql' ) );
|
update_user_meta( $user->ID, 'um_user_blocked__timestamp', current_time( 'mysql' ) );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Always add default banned capabilities.
|
||||||
|
*
|
||||||
|
* @param mixed $option_value
|
||||||
|
*
|
||||||
|
* @return mixed
|
||||||
|
*
|
||||||
|
* @since 2.6.8
|
||||||
|
*/
|
||||||
|
public function add_default_capabilities( $option_value ) {
|
||||||
|
if ( is_array( $option_value ) ) {
|
||||||
|
$option_value = array_merge( $option_value, UM()->options()->get_default( 'banned_capabilities' ) );
|
||||||
|
}
|
||||||
|
return $option_value;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -196,23 +196,18 @@ if ( ! class_exists( 'um\frontend\Secure' ) ) {
|
|||||||
// Fetch the WP_User object of our user.
|
// Fetch the WP_User object of our user.
|
||||||
um_fetch_user( $user_id );
|
um_fetch_user( $user_id );
|
||||||
$has_admin_cap = false;
|
$has_admin_cap = false;
|
||||||
$arr_banned_caps = array();
|
$arr_banned_caps = UM()->options()->get( 'banned_capabilities' );
|
||||||
|
|
||||||
if ( UM()->options()->get( 'banned_capabilities' ) ) {
|
if ( is_array( $arr_banned_caps ) ) {
|
||||||
$arr_banned_caps = UM()->options()->get( 'banned_capabilities' );
|
foreach ( $arr_banned_caps as $cap ) {
|
||||||
}
|
/**
|
||||||
|
* When there's at least one administrator cap added to the user,
|
||||||
// Add locked administrative capabilities.
|
* immediately revoke caps and mark as rejected.
|
||||||
$arr_banned_caps = array_merge( $arr_banned_caps, UM()->options()->get_default( 'banned_capabilities' ) );
|
*/
|
||||||
|
if ( $user->has_cap( $cap ) ) {
|
||||||
foreach ( $arr_banned_caps as $cap ) {
|
$has_admin_cap = true;
|
||||||
/**
|
break;
|
||||||
* When there's at least one administrator cap added to the user,
|
}
|
||||||
* immediately revoke caps and mark as rejected.
|
|
||||||
*/
|
|
||||||
if ( $user->has_cap( $cap ) ) {
|
|
||||||
$has_admin_cap = true;
|
|
||||||
break;
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user