10h30/ultimatemember
1
0
Fork 0
mirror of https://github.com/10h30/ultimatemember.git synced 2026-06-05 15:09:37 +09:00
Code Issues Packages Projects Releases Wiki Activity

- added nonce fields;

Browse Source
This commit is contained in:
nikitozzzzzzz
2018-11-21 14:01:18 +02:00
parent 9b083d8243
commit 0ceab69793
44 changed files with 393 additions and 213 deletions
Download Patch File Download Diff File Expand all files Collapse all files
README.md
+2 -2
View File
@@ -7,7 +7,7 @@ Ultimate Member is the #1 user profile & membership plugin for WordPress. The pl
| Latest Version |Requires at least|Stable Tag|
| :------------: |:------------:|:------------:|
| 2.0.32 | WordPress 4.9 or higher| 2.0.32 |
| 2.0.33 | WordPress 4.9 or higher| 2.0.33 |
Features of the plugin include:
@@ -48,7 +48,7 @@ GNU Version 2 or Any Later Version
Releases
====================
[Official Release Version: 2.0.32](https://github.com/ultimatemember/ultimatemember/releases/tag/2.0.32).
[Official Release Version: 2.0.33](https://github.com/ultimatemember/ultimatemember/releases/tag/2.0.33).
Changelog
====================
assets/js/um-modal.js
+6 -3
View File
@@ -34,7 +34,8 @@ jQuery(document).ready(function() {
type: 'post',
data: {
action: 'um_remove_file',
src: src
src: src,
nonce: um_scripts.nonce
}
});
@@ -64,7 +65,8 @@ jQuery(document).ready(function() {
type: 'post',
data: {
action: 'um_remove_file',
src: src
src: src,
nonce: um_scripts.nonce
}
});
@@ -115,7 +117,8 @@ jQuery(document).ready(function() {
src : src,
coord : coord,
user_id : user_id,
key: key
key: key,
nonce: um_scripts.nonce
},
success: function( response ){
assets/js/um-modal.min.js
Vendored
+1 -1
View File
@@ -1 +1 @@
jQuery(document).ready(function(){jQuery(document).on("click",".um-popup-overlay",function(){remove_Modal()}),jQuery(document).on("click",'.um-modal-overlay, a[data-action="um_remove_modal"]',function(){um_remove_modal()}),jQuery(document).on("click",'a[data-modal^="um_"], span[data-modal^="um_"], .um-modal a',function(e){return e.preventDefault(),!1}),jQuery(document).on("click",".um-modal .um-single-file-preview a.cancel",function(e){e.preventDefault();var a=jQuery(this).parents(".um-modal-body"),t=jQuery(this).parents(".um-modal-body").find(".um-single-fileinfo a").attr("href");return a.find(".um-single-file-preview").hide(),a.find(".ajax-upload-dragdrop").show(),a.find(".um-modal-btn.um-finish-upload").addClass("disabled"),um_modal_responsive(),jQuery.ajax({url:wp.ajax.settings.url,type:"post",data:{action:"um_remove_file",src:t}}),!1}),jQuery(document).on("click",".um-modal .um-single-image-preview a.cancel",function(e){e.preventDefault();var a=jQuery(this).parents(".um-modal-body"),t=jQuery(this).parents(".um-modal-body").find(".um-single-image-preview img").attr("src");return jQuery("img.cropper-hidden").cropper("destroy"),a.find(".um-single-image-preview img").attr("src",""),a.find(".um-single-image-preview").hide(),a.find(".ajax-upload-dragdrop").show(),a.find(".um-modal-btn.um-finish-upload").addClass("disabled"),um_modal_responsive(),jQuery.ajax({url:wp.ajax.settings.url,type:"post",data:{action:"um_remove_file",src:t}}),!1}),jQuery(document).on("click",".um-finish-upload.file:not(.disabled)",function(){var e=jQuery(this).attr("data-key"),a=jQuery(this).parents(".um-modal-body").find(".um-single-file-preview").html();um_remove_modal(),jQuery(".um-single-file-preview[data-key="+e+"]").fadeIn().html(a);var t=jQuery(".um-field[data-key="+e+"]").find(".um-single-fileinfo a").data("file");jQuery(".um-single-file-preview[data-key="+e+"]").parents(".um-field").find(".um-btn-auto-width").html(jQuery(this).attr("data-change")),jQuery(".um-single-file-preview[data-key="+e+"]").parents(".um-field").find('input[type="hidden"]').val(t)}),jQuery(document).on("click",".um-finish-upload.image:not(.disabled)",function(){var a=jQuery(this),t=jQuery(this).attr("data-key"),e=jQuery(this).parents(".um-modal-body").find(".um-single-image-preview"),i=e.find("img").attr("src"),r=e.attr("data-coord"),u=e.find("img").data("file"),m=0;jQuery(this).parents("#um_upload_single").data("user_id")&&(m=jQuery(this).parents("#um_upload_single").data("user_id")),r?(jQuery(this).html(jQuery(this).attr("data-processing")).addClass("disabled"),jQuery.ajax({url:wp.ajax.settings.url,type:"POST",dataType:"json",data:{action:"um_resize_image",src:i,coord:r,user_id:m,key:t},success:function(e){1==e.success&&(d=new Date,"profile_photo"==t&&jQuery(".um-profile-photo-img img").attr("src",e.data.image.source_url+"?"+d.getTime()),"cover_photo"==t&&(jQuery(".um-cover-e").empty().html('<img src="'+e.data.image.source_url+"?"+d.getTime()+'" alt="" />'),jQuery(".um").hasClass("um-editing")&&jQuery(".um-cover-overlay").show()),jQuery(".um-single-image-preview[data-key="+t+"]").fadeIn().find("img").attr("src",e.data.image.source_url+"?"+d.getTime()),um_remove_modal(),jQuery(".um-single-image-preview[data-key="+t+"]").parents(".um-field").find(".um-btn-auto-width").html(a.attr("data-change")),jQuery(".um-single-image-preview[data-key="+t+"]").parents(".um-field").find('input[type="hidden"]').val(e.data.image.filename))}})):(d=new Date,jQuery(".um-single-image-preview[data-key="+t+"]").fadeIn().find("img").attr("src",i+"?"+d.getTime()),um_remove_modal(),jQuery(".um-single-image-preview[data-key="+t+"]").parents(".um-field").find(".um-btn-auto-width").html(a.attr("data-change")),jQuery(".um-single-image-preview[data-key="+t+"]").parents(".um-field").find("input[type=hidden]").val(u))}),jQuery(document).on("click",'a[data-modal^="um_"], span[data-modal^="um_"]',function(e){var a=jQuery(this).attr("data-modal"),t="normal";if(jQuery(this).data("modal-size"))t=jQuery(this).data("modal-size");jQuery(this).data("modal-copy")&&(jQuery("#"+a).html(jQuery(this).parents(".um-field").find(".um-modal-hidden-content").html()),jQuery(this).parents(".um-profile-photo").attr("data-user_id")&&jQuery("#"+a).attr("data-user_id",jQuery(this).parents(".um-profile-photo").attr("data-user_id")),jQuery(this).parents(".um-cover").attr("data-ratio")&&jQuery("#"+a).attr("data-ratio",jQuery(this).parents(".um-cover").attr("data-ratio")),jQuery(this).parents(".um-cover").attr("data-user_id")&&jQuery("#"+a).attr("data-user_id",jQuery(this).parents(".um-cover").attr("data-user_id")),0<jQuery("input[type=hidden][name='user_id']").length&&jQuery("#"+a).attr("data-user_id",jQuery("input[type=hidden][name='user_id']").val())),um_new_modal(a,t)})});
jQuery(document).ready(function(){jQuery(document).on("click",".um-popup-overlay",function(){remove_Modal()}),jQuery(document).on("click",'.um-modal-overlay, a[data-action="um_remove_modal"]',function(){um_remove_modal()}),jQuery(document).on("click",'a[data-modal^="um_"], span[data-modal^="um_"], .um-modal a',function(e){return e.preventDefault(),!1}),jQuery(document).on("click",".um-modal .um-single-file-preview a.cancel",function(e){e.preventDefault();var a=jQuery(this).parents(".um-modal-body"),t=jQuery(this).parents(".um-modal-body").find(".um-single-fileinfo a").attr("href");return a.find(".um-single-file-preview").hide(),a.find(".ajax-upload-dragdrop").show(),a.find(".um-modal-btn.um-finish-upload").addClass("disabled"),um_modal_responsive(),jQuery.ajax({url:wp.ajax.settings.url,type:"post",data:{action:"um_remove_file",src:t,nonce:um_scripts.nonce}}),!1}),jQuery(document).on("click",".um-modal .um-single-image-preview a.cancel",function(e){e.preventDefault();var a=jQuery(this).parents(".um-modal-body"),t=jQuery(this).parents(".um-modal-body").find(".um-single-image-preview img").attr("src");return jQuery("img.cropper-hidden").cropper("destroy"),a.find(".um-single-image-preview img").attr("src",""),a.find(".um-single-image-preview").hide(),a.find(".ajax-upload-dragdrop").show(),a.find(".um-modal-btn.um-finish-upload").addClass("disabled"),um_modal_responsive(),jQuery.ajax({url:wp.ajax.settings.url,type:"post",data:{action:"um_remove_file",src:t,nonce:um_scripts.nonce}}),!1}),jQuery(document).on("click",".um-finish-upload.file:not(.disabled)",function(){var e=jQuery(this).attr("data-key"),a=jQuery(this).parents(".um-modal-body").find(".um-single-file-preview").html();um_remove_modal(),jQuery(".um-single-file-preview[data-key="+e+"]").fadeIn().html(a);var t=jQuery(".um-field[data-key="+e+"]").find(".um-single-fileinfo a").data("file");jQuery(".um-single-file-preview[data-key="+e+"]").parents(".um-field").find(".um-btn-auto-width").html(jQuery(this).attr("data-change")),jQuery(".um-single-file-preview[data-key="+e+"]").parents(".um-field").find('input[type="hidden"]').val(t)}),jQuery(document).on("click",".um-finish-upload.image:not(.disabled)",function(){var a=jQuery(this),t=jQuery(this).attr("data-key"),e=jQuery(this).parents(".um-modal-body").find(".um-single-image-preview"),i=e.find("img").attr("src"),r=e.attr("data-coord"),u=e.find("img").data("file"),n=0;jQuery(this).parents("#um_upload_single").data("user_id")&&(n=jQuery(this).parents("#um_upload_single").data("user_id")),r?(jQuery(this).html(jQuery(this).attr("data-processing")).addClass("disabled"),jQuery.ajax({url:wp.ajax.settings.url,type:"POST",dataType:"json",data:{action:"um_resize_image",src:i,coord:r,user_id:n,key:t,nonce:um_scripts.nonce},success:function(e){1==e.success&&(d=new Date,"profile_photo"==t&&jQuery(".um-profile-photo-img img").attr("src",e.data.image.source_url+"?"+d.getTime()),"cover_photo"==t&&(jQuery(".um-cover-e").empty().html('<img src="'+e.data.image.source_url+"?"+d.getTime()+'" alt="" />'),jQuery(".um").hasClass("um-editing")&&jQuery(".um-cover-overlay").show()),jQuery(".um-single-image-preview[data-key="+t+"]").fadeIn().find("img").attr("src",e.data.image.source_url+"?"+d.getTime()),um_remove_modal(),jQuery(".um-single-image-preview[data-key="+t+"]").parents(".um-field").find(".um-btn-auto-width").html(a.attr("data-change")),jQuery(".um-single-image-preview[data-key="+t+"]").parents(".um-field").find('input[type="hidden"]').val(e.data.image.filename))}})):(d=new Date,jQuery(".um-single-image-preview[data-key="+t+"]").fadeIn().find("img").attr("src",i+"?"+d.getTime()),um_remove_modal(),jQuery(".um-single-image-preview[data-key="+t+"]").parents(".um-field").find(".um-btn-auto-width").html(a.attr("data-change")),jQuery(".um-single-image-preview[data-key="+t+"]").parents(".um-field").find("input[type=hidden]").val(u))}),jQuery(document).on("click",'a[data-modal^="um_"], span[data-modal^="um_"]',function(e){var a=jQuery(this).attr("data-modal"),t="normal";if(jQuery(this).data("modal-size"))t=jQuery(this).data("modal-size");jQuery(this).data("modal-copy")&&(jQuery("#"+a).html(jQuery(this).parents(".um-field").find(".um-modal-hidden-content").html()),jQuery(this).parents(".um-profile-photo").attr("data-user_id")&&jQuery("#"+a).attr("data-user_id",jQuery(this).parents(".um-profile-photo").attr("data-user_id")),jQuery(this).parents(".um-cover").attr("data-ratio")&&jQuery("#"+a).attr("data-ratio",jQuery(this).parents(".um-cover").attr("data-ratio")),jQuery(this).parents(".um-cover").attr("data-user_id")&&jQuery("#"+a).attr("data-user_id",jQuery(this).parents(".um-cover").attr("data-user_id")),0<jQuery("input[type=hidden][name='user_id']").length&&jQuery("#"+a).attr("data-user_id",jQuery("input[type=hidden][name='user_id']").val())),um_new_modal(a,t)})});
assets/js/um-profile.js
+4 -2
View File
@@ -48,7 +48,8 @@ jQuery(document).ready(function() {
data: {
action:'um_delete_profile_photo',
metakey: metakey,
user_id: user_id
user_id: user_id,
nonce: um_scripts.nonce
}
});
@@ -71,7 +72,8 @@ jQuery(document).ready(function() {
data: {
action: 'um_delete_cover_photo',
metakey: metakey,
user_id: user_id
user_id: user_id,
nonce: um_scripts.nonce
},
success: function( response ) {
obj.hide();
assets/js/um-profile.min.js
Vendored
+1 -1
View File
@@ -1 +1 @@
jQuery(document).ready(function(){function e(){if(void 0!==jQuery("textarea[id=um-meta-bio]").val()){var e=jQuery("textarea[id=um-meta-bio]").attr("data-character-limit")-jQuery("textarea[id=um-meta-bio]").val().length;jQuery("span.um-meta-bio-character span.um-bio-limit").text(e),e<5?jQuery("span.um-meta-bio-character").css("color","red"):jQuery("span.um-meta-bio-character").css("color","")}}jQuery(".um-profile.um-viewing .um-profile-body .um-row").each(function(){var e=jQuery(this);0==e.find(".um-field").length&&(e.prev(".um-row-heading").remove(),e.remove())}),jQuery(".um-profile.um-viewing .um-profile-body").length&&0==jQuery(".um-profile.um-viewing .um-profile-body").find(".um-field").length&&(jQuery(".um-row-heading,.um-row").remove(),jQuery(".um-profile-note").show()),jQuery(document).on("click",".um-profile-save",function(e){return e.preventDefault(),jQuery(this).parents(".um").find("form").submit(),!1}),jQuery(document).on("click",".um-profile-edit-a",function(e){jQuery(this).addClass("active")}),jQuery(document).on("click",".um-cover a.um-cover-add, .um-photo a",function(e){return e.preventDefault(),!1}),jQuery(document).on("click",".um-photo-modal",function(e){e.preventDefault();var t=jQuery(this).attr("data-src");return um_new_modal("um_view_photo","fit",!0,t),!1}),jQuery(document).on("click",".um-reset-profile-photo",function(e){jQuery(".um-profile-photo-img img").attr("src",jQuery(this).attr("data-default_src")),user_id=jQuery(this).attr("data-user_id"),metakey="profile_photo",jQuery.ajax({url:wp.ajax.settings.url,type:"post",data:{action:"um_delete_profile_photo",metakey:metakey,user_id:user_id}})}),jQuery(document).on("click",".um-reset-cover-photo",function(e){var t=jQuery(this);jQuery(".um-cover-overlay").hide(),jQuery(".um-cover-e").html('<a href="#" class="um-cover-add um-manual-trigger" data-parent=".um-cover" data-child=".um-btn-auto-width"><span class="um-cover-add-i"><i class="um-icon-plus um-tip-n" title="Upload a cover photo"></i></span></a>'),jQuery(".um-dropdown").hide(),um_responsive(),user_id=jQuery(this).attr("data-user_id"),metakey="cover_photo",jQuery.ajax({url:wp.ajax.settings.url,type:"post",data:{action:"um_delete_cover_photo",metakey:metakey,user_id:user_id},success:function(e){t.hide()}})}),e(),jQuery("textarea[id=um-meta-bio]").change(e),jQuery("textarea[id=um-meta-bio]").keyup(e),jQuery(".um-profile-edit a.um_delete-item").click(function(e){if(e.preventDefault(),!confirm("Are you sure that you want to delete this user?"))return!1})});
jQuery(document).ready(function(){function e(){if(void 0!==jQuery("textarea[id=um-meta-bio]").val()){var e=jQuery("textarea[id=um-meta-bio]").attr("data-character-limit")-jQuery("textarea[id=um-meta-bio]").val().length;jQuery("span.um-meta-bio-character span.um-bio-limit").text(e),e<5?jQuery("span.um-meta-bio-character").css("color","red"):jQuery("span.um-meta-bio-character").css("color","")}}jQuery(".um-profile.um-viewing .um-profile-body .um-row").each(function(){var e=jQuery(this);0==e.find(".um-field").length&&(e.prev(".um-row-heading").remove(),e.remove())}),jQuery(".um-profile.um-viewing .um-profile-body").length&&0==jQuery(".um-profile.um-viewing .um-profile-body").find(".um-field").length&&(jQuery(".um-row-heading,.um-row").remove(),jQuery(".um-profile-note").show()),jQuery(document).on("click",".um-profile-save",function(e){return e.preventDefault(),jQuery(this).parents(".um").find("form").submit(),!1}),jQuery(document).on("click",".um-profile-edit-a",function(e){jQuery(this).addClass("active")}),jQuery(document).on("click",".um-cover a.um-cover-add, .um-photo a",function(e){return e.preventDefault(),!1}),jQuery(document).on("click",".um-photo-modal",function(e){e.preventDefault();var t=jQuery(this).attr("data-src");return um_new_modal("um_view_photo","fit",!0,t),!1}),jQuery(document).on("click",".um-reset-profile-photo",function(e){jQuery(".um-profile-photo-img img").attr("src",jQuery(this).attr("data-default_src")),user_id=jQuery(this).attr("data-user_id"),metakey="profile_photo",jQuery.ajax({url:wp.ajax.settings.url,type:"post",data:{action:"um_delete_profile_photo",metakey:metakey,user_id:user_id,nonce:um_scripts.nonce}})}),jQuery(document).on("click",".um-reset-cover-photo",function(e){var t=jQuery(this);jQuery(".um-cover-overlay").hide(),jQuery(".um-cover-e").html('<a href="#" class="um-cover-add um-manual-trigger" data-parent=".um-cover" data-child=".um-btn-auto-width"><span class="um-cover-add-i"><i class="um-icon-plus um-tip-n" title="Upload a cover photo"></i></span></a>'),jQuery(".um-dropdown").hide(),um_responsive(),user_id=jQuery(this).attr("data-user_id"),metakey="cover_photo",jQuery.ajax({url:wp.ajax.settings.url,type:"post",data:{action:"um_delete_cover_photo",metakey:metakey,user_id:user_id,nonce:um_scripts.nonce},success:function(e){t.hide()}})}),e(),jQuery("textarea[id=um-meta-bio]").change(e),jQuery("textarea[id=um-meta-bio]").keyup(e),jQuery(".um-profile-edit a.um_delete-item").click(function(e){if(e.preventDefault(),!confirm("Are you sure that you want to delete this user?"))return!1})});
assets/js/um-scripts.js
+12 -6
View File
@@ -155,7 +155,8 @@ jQuery(document).ready(function() {
type: 'post',
data: {
action: 'um_remove_file',
src: src
src: src,
nonce: um_scripts.nonce
}
});
@@ -175,7 +176,8 @@ jQuery(document).ready(function() {
type: 'post',
data: {
action: 'um_remove_file',
src: src
src: src,
nonce: um_scripts.nonce
}
});
@@ -260,7 +262,8 @@ jQuery(document).ready(function() {
data: {
action: 'um_ajax_paginate_posts',
author: jQuery(this).data('author'),
page: next_page
page: next_page,
nonce: um_scripts.nonce
},
complete: function() {
parent.removeClass( 'loading' );
@@ -284,7 +287,8 @@ jQuery(document).ready(function() {
data: {
action: 'um_ajax_paginate',
hook: hook,
args: args
args: args,
nonce: um_scripts.nonce
},
complete: function() {
parent.removeClass( 'loading' );
@@ -315,7 +319,8 @@ jQuery(document).ready(function() {
action: 'um_muted_action',
hook: hook,
user_id: user_id,
arguments: arguments
arguments: arguments,
nonce: um_scripts.nonce
},
success: function(data){
@@ -370,7 +375,8 @@ jQuery(document).ready(function() {
child_callback: um_ajax_source,
child_name: me.attr('name'),
members_directory: me.attr('data-mebers-directory'),
form_id: form_id
form_id: form_id,
nonce: um_scripts.nonce
},
success: function( data ){
if( data.status == 'success' && parent.val() != '' ){
assets/js/um-scripts.min.js
Vendored
+1 -1
View File
File diff suppressed because one or more lines are too long
includes/admin/assets/js/um-admin-ajax.js
+11 -1
View File
@@ -31,7 +31,17 @@ jQuery(document).ready(function() {
jQuery.ajax({
url: wp.ajax.settings.url,
type: 'POST',
data: { action:'um_do_ajax_action',act_id : act_id, arg1 : arg1, arg2 : arg2, in_row: in_row, in_sub_row: in_sub_row, in_column: in_column, in_group: in_group },
data: {
action:'um_do_ajax_action',
act_id : act_id,
arg1 : arg1,
arg2 : arg2,
in_row: in_row,
in_sub_row: in_sub_row,
in_column: in_column,
in_group: in_group,
nonce: um_admin_scripts.nonce
},
success: function(data){
jQuery('.um-col-demon-settings').data('in_row', '');
includes/admin/assets/js/um-admin-builder.js
+2 -1
View File
@@ -14,7 +14,8 @@ function um_admin_update_builder() {
type: 'POST',
data: {
action:'um_update_builder',
form_id: form_id
form_id: form_id,
nonce: um_admin_scripts.nonce
},
success: function(data){
includes/admin/assets/js/um-admin-field.js
+7 -1
View File
@@ -13,7 +13,13 @@ jQuery(document).ready(function() {
jQuery.ajax({
url: wp.ajax.settings.url,
type: 'POST',
data: {action:'um_do_ajax_action',act_id : 'um_admin_remove_field_global', arg1 : arg1 },
data: {
action:'um_do_ajax_action',
act_id : 'um_admin_remove_field_global',
arg1 : arg1,
nonce: um_admin_scripts.nonce
},
success: function(data){
},
includes/admin/assets/js/um-admin-modal.js
+17 -2
View File
@@ -54,7 +54,18 @@ function um_admin_modal_ajaxcall( act_id, arg1, arg2, arg3 ) {
jQuery.ajax({
url: wp.ajax.settings.url,
type: 'POST',
data: { action:'um_dynamic_modal_content',act_id: act_id, arg1 : arg1, arg2 : arg2, arg3: arg3, in_row: in_row, in_sub_row: in_sub_row, in_column: in_column, in_group: in_group },
data: {
action:'um_dynamic_modal_content',
act_id: act_id,
arg1 : arg1,
arg2 : arg2,
arg3: arg3,
in_row: in_row,
in_sub_row: in_sub_row,
in_column: in_column,
in_group: in_group,
nonce: um_admin_scripts.nonce
},
complete: function(){
um_admin_modal_loaded();
um_admin_modal_responsive();
@@ -386,7 +397,11 @@ jQuery(document).ready(function() {
jQuery.ajax({
url: wp.ajax.settings.url,
type: 'POST',
data: { action:'populate_dropdown_options',um_option_callback: um_option_callback },
data: {
action:'um_populate_dropdown_options',
um_option_callback: um_option_callback,
nonce: um_admin_scripts.nonce
},
complete: function(){
},
includes/admin/class-admin-functions.php
+15
View File
@@ -22,6 +22,21 @@ if ( ! class_exists( 'um\admin\Admin_Functions' ) ) {
}
/**
* Check wp-admin nonce
*
* @param bool $action
*/
function check_ajax_nonce( $action = false ) {
$nonce = isset( $_POST['nonce'] ) ? $_POST['nonce'] : '';
$action = empty( $action ) ? 'um-admin-nonce' : $action;
if ( ! wp_verify_nonce( $nonce, $action ) ) {
wp_send_json_error( esc_js( __( 'Wrong Nonce', 'ultimate-member' ) ) );
}
}
/**
* Boolean check if we're viewing UM backend
*
includes/admin/core/class-admin-builder.php
+16 -9
View File
@@ -292,9 +292,10 @@ if ( ! class_exists( 'um\admin\core\Admin_Builder' ) ) {
* Update the builder area
*/
function update_builder() {
UM()->admin()->check_ajax_nonce();
if ( ! is_user_logged_in() || ! current_user_can( 'manage_options' ) ) {
die( 'Please login as administrator' );
wp_send_json_error( __( 'Please login as administrator', 'ultimate-member' ) );
}
extract( $_POST );
@@ -605,8 +606,11 @@ if ( ! class_exists( 'um\admin\core\Admin_Builder' ) ) {
*
*/
function update_field() {
if ( ! is_user_logged_in() || ! current_user_can( 'manage_options' ) )
die( __('Please login as administrator','ultimate-member') );
UM()->admin()->check_ajax_nonce();
if ( ! is_user_logged_in() || ! current_user_can( 'manage_options' ) ) {
wp_send_json_error( __( 'Please login as administrator', 'ultimate-member' ) );
}
$output['error'] = null;
@@ -757,12 +761,14 @@ if ( ! class_exists( 'um\admin\core\Admin_Builder' ) ) {
*
*/
function dynamic_modal_content() {
$metabox = UM()->metabox();
UM()->admin()->check_ajax_nonce();
if ( ! is_user_logged_in() || ! current_user_can( 'manage_options' ) ) {
die( __( 'Please login as administrator', 'ultimate-member' ) );
wp_send_json_error( __( 'Please login as administrator', 'ultimate-member' ) );
}
$metabox = UM()->metabox();
/**
* @var $act_id
* @var $arg1
@@ -1131,12 +1137,14 @@ if ( ! class_exists( 'um\admin\core\Admin_Builder' ) ) {
* Retrieves dropdown/multi-select options from a callback function
*/
function populate_dropdown_options() {
$arr_options = array();
UM()->admin()->check_ajax_nonce();
if ( ! current_user_can('manage_options') ) {
wp_die( __( 'This is not possible for security reasons.', 'ultimate-member' ) );
if ( ! is_user_logged_in() || ! current_user_can( 'manage_options' ) ) {
wp_send_json_error( __( 'This is not possible for security reasons.', 'ultimate-member' ) );
}
$arr_options = array();
$um_callback_func = $_POST['um_option_callback'];
if ( empty( $um_callback_func ) ) {
$arr_options['status'] = 'empty';
@@ -1145,7 +1153,6 @@ if ( ! class_exists( 'um\admin\core\Admin_Builder' ) ) {
}
$arr_options['data'] = array();
if ( function_exists( $um_callback_func ) ) {
$arr_options['data'] = call_user_func( $um_callback_func );
}
includes/admin/core/class-admin-dragdrop.php
+7 -4
View File
@@ -26,9 +26,11 @@ if ( ! class_exists( 'um\admin\core\Admin_DragDrop' ) ) {
* Update order of fields
*/
function update_order() {
UM()->admin()->check_ajax_nonce();
if ( ! is_user_logged_in() || ! current_user_can( 'manage_options' ) )
die( 'Please login as administrator' );
if ( ! is_user_logged_in() || ! current_user_can( 'manage_options' ) ) {
wp_send_json_error( __( 'Please login as administrator', 'ultimate-member' ) );
}
/**
* @var $form_id
@@ -43,8 +45,8 @@ if ( ! class_exists( 'um\admin\core\Admin_DragDrop' ) ) {
if ( ! empty( $fields ) ) {
foreach ( $fields as $key => $array ) {
if ( $array['type'] == 'row' ) {
$this->row_data[$key] = $array;
unset( $fields[$key] );
$this->row_data[ $key ] = $array;
unset( $fields[ $key ] );
}
}
} else {
@@ -217,6 +219,7 @@ if ( ! class_exists( 'um\admin\core\Admin_DragDrop' ) ) {
<input type="hidden" name="form_id" id="form_id" value="<?php echo get_the_ID(); ?>" />
<input type="hidden" name="action" value="um_update_order" />
<input type="hidden" name="nonce" value="<?php echo wp_create_nonce( 'um-admin-nonce' ) ?>" />
<div class="um_update_order_fields">
includes/admin/core/class-admin-enqueue.php
+2 -3
View File
@@ -332,9 +332,8 @@ if ( ! class_exists( 'um\admin\core\Admin_Enqueue' ) ) {
* }
* ?>
*/
$localize_data = apply_filters('um_admin_enqueue_localize_data', array(
'ajaxurl' => admin_url( 'admin-ajax.php' ),
'nonce' => wp_create_nonce( "um-admin-nonce" )
$localize_data = apply_filters( 'um_admin_enqueue_localize_data', array(
'nonce' => wp_create_nonce( "um-admin-nonce" )
)
);
includes/admin/core/class-admin-menu.php
+11 -3
View File
@@ -76,7 +76,8 @@ if ( ! class_exists( 'um\admin\core\Admin_Menu' ) ) {
url: wp.ajax.settings.url,
type: 'post',
data: {
action: 'um_rated'
action: 'um_rated',
nonce: um_admin_scripts.nonce
},
success: function(){
@@ -98,8 +99,14 @@ if ( ! class_exists( 'um\admin\core\Admin_Menu' ) ) {
* When user clicks the review link in backend
*/
function ultimatemember_rated() {
UM()->admin()->check_ajax_nonce();
if ( ! is_user_logged_in() || ! current_user_can( 'manage_options' ) ) {
wp_send_json_error( __( 'Please login as administrator', 'ultimate-member' ) );
}
update_option( 'um_admin_footer_text_rated', 1 );
die();
wp_send_json_success();
}
@@ -109,8 +116,9 @@ if ( ! class_exists( 'um\admin\core\Admin_Menu' ) ) {
public function menu_order_count() {
global $menu, $submenu;
if ( ! current_user_can( 'list_users' ) )
if ( ! current_user_can( 'list_users' ) ) {
return;
}
$count = UM()->user()->get_pending_users_count();
if ( is_array( $menu ) ) {
includes/admin/core/class-admin-notices.php
+1 -5
View File
@@ -666,11 +666,7 @@ if ( ! class_exists( 'um\admin\core\Admin_Notices' ) ) {
function dismiss_notice() {
$nonce = isset( $_POST["nonce"] ) ? $_POST["nonce"] : "";
if ( ! wp_verify_nonce( $nonce, "um-admin-nonce" ) ) {
wp_send_json_error( esc_js( __( "Wrong Nonce", 'ultimate-member' ) ) );
}
UM()->admin()->check_ajax_nonce();
if ( empty( $_POST['key'] ) ) {
wp_send_json_error( __( 'Wrong Data', 'ultimate-member' ) );
includes/admin/core/class-admin-upgrade.php
+8 -2
View File
@@ -260,7 +260,8 @@ if ( ! class_exists( 'um\admin\core\Admin_Upgrade' ) ) {
type: 'POST',
dataType: 'json',
data: {
action: 'um_get_packages'
action: 'um_get_packages',
nonce: um_admin_scripts.nonce
},
success: function( response ) {
um_packages = response.data.packages;
@@ -290,7 +291,8 @@ if ( ! class_exists( 'um\admin\core\Admin_Upgrade' ) ) {
dataType: 'html',
data: {
action: 'um_run_package',
pack: pack
pack: pack,
nonce: um_admin_scripts.nonce
},
success: function( html ) {
um_add_upgrade_log( 'Package "' + pack + '" is ready. Start the execution...' );
@@ -334,6 +336,8 @@ if ( ! class_exists( 'um\admin\core\Admin_Upgrade' ) ) {
function ajax_run_package() {
UM()->admin()->check_ajax_nonce();
if ( empty( $_POST['pack'] ) ) {
exit('');
} else {
@@ -346,6 +350,8 @@ if ( ! class_exists( 'um\admin\core\Admin_Upgrade' ) ) {
function ajax_get_packages() {
UM()->admin()->check_ajax_nonce();
$update_versions = $this->need_run_upgrades();
wp_send_json_success( array( 'packages' => $update_versions ) );
}
includes/admin/core/packages/1.3.39/functions.php
Vendored
+2
View File
@@ -1,5 +1,7 @@
<?php
function um_upgrade_usermetaquery1339() {
UM()->admin()->check_ajax_nonce();
include 'usermeta_query.php';
update_option( 'um_last_version_upgrade', '1.3.39' );
includes/admin/core/packages/1.3.39/init.php
Vendored
+3 -2
View File
@@ -5,11 +5,12 @@
um_add_upgrade_log( 'Upgrade Usermeta...' );
jQuery.ajax({
url: '<?php echo admin_url( 'admin-ajax.php' ) ?>',
url: wp.ajax.settings.url,
type: 'POST',
dataType: 'json',
data: {
action: 'um_usermetaquery1339'
action: 'um_usermetaquery1339',
nonce: um_admin_scripts.nonce
},
success: function( response ) {
if ( typeof response.data != 'undefined' ) {
includes/admin/core/packages/2.0-beta1/functions.php
+31
View File
@@ -1,5 +1,7 @@
<?php
function um_upgrade_styles20beta1() {
UM()->admin()->check_ajax_nonce();
um_maybe_unset_time_limit();
include 'styles.php';
@@ -8,6 +10,8 @@ function um_upgrade_styles20beta1() {
function um_upgrade_user_roles20beta1() {
UM()->admin()->check_ajax_nonce();
um_maybe_unset_time_limit();
/**
* @var $response_roles_data
@@ -19,7 +23,10 @@ function um_upgrade_user_roles20beta1() {
function um_upgrade_get_users_per_role20beta1() {
UM()->admin()->check_ajax_nonce();
um_maybe_unset_time_limit();
if ( ! empty( $_POST['key_in_meta'] ) ) {
$args = array(
'meta_query' => array(
@@ -43,6 +50,8 @@ function um_upgrade_get_users_per_role20beta1() {
function um_upgrade_update_users_per_page20beta1() {
UM()->admin()->check_ajax_nonce();
um_maybe_unset_time_limit();
if ( ! empty( $_POST['key_in_meta'] ) && ! empty( $_POST['role_key'] ) && ! empty( $_POST['page'] ) ) {
$users_per_page = 100;
@@ -85,6 +94,8 @@ function um_upgrade_update_users_per_page20beta1() {
function um_upgrade_content_restriction20beta1() {
UM()->admin()->check_ajax_nonce();
um_maybe_unset_time_limit();
include 'content_restriction.php';
@@ -94,6 +105,8 @@ function um_upgrade_content_restriction20beta1() {
function um_upgrade_settings20beta1() {
UM()->admin()->check_ajax_nonce();
um_maybe_unset_time_limit();
include 'settings.php';
@@ -102,6 +115,8 @@ function um_upgrade_settings20beta1() {
function um_upgrade_menus20beta1() {
UM()->admin()->check_ajax_nonce();
um_maybe_unset_time_limit();
include 'menus.php';
@@ -110,6 +125,8 @@ function um_upgrade_menus20beta1() {
function um_upgrade_mc_lists20beta1() {
UM()->admin()->check_ajax_nonce();
um_maybe_unset_time_limit();
include 'mc_lists.php';
@@ -118,6 +135,8 @@ function um_upgrade_mc_lists20beta1() {
function um_upgrade_social_login20beta1() {
UM()->admin()->check_ajax_nonce();
um_maybe_unset_time_limit();
include 'social_login.php';
@@ -126,6 +145,8 @@ function um_upgrade_social_login20beta1() {
function um_upgrade_cpt20beta1() {
UM()->admin()->check_ajax_nonce();
um_maybe_unset_time_limit();
include 'um_cpt.php';
@@ -134,6 +155,8 @@ function um_upgrade_cpt20beta1() {
function um_upgrade_get_forums20beta1() {
UM()->admin()->check_ajax_nonce();
um_maybe_unset_time_limit();
remove_all_actions( 'pre_get_posts' );
@@ -149,6 +172,8 @@ function um_upgrade_get_forums20beta1() {
function um_upgrade_update_forum_per_page20beta1() {
UM()->admin()->check_ajax_nonce();
um_maybe_unset_time_limit();
if ( ! empty( $_POST['page'] ) ) {
@@ -205,6 +230,8 @@ function um_upgrade_update_forum_per_page20beta1() {
function um_upgrade_get_products20beta1() {
UM()->admin()->check_ajax_nonce();
um_maybe_unset_time_limit();
$wc_products = get_posts( array(
@@ -218,6 +245,8 @@ function um_upgrade_get_products20beta1() {
function um_upgrade_update_products_per_page20beta1() {
UM()->admin()->check_ajax_nonce();
um_maybe_unset_time_limit();
if ( ! empty( $_POST['page'] ) ) {
@@ -296,6 +325,8 @@ function um_upgrade_update_products_per_page20beta1() {
function um_upgrade_email_templates20beta1() {
UM()->admin()->check_ajax_nonce();
um_maybe_unset_time_limit();
include 'email_templates.php';
includes/admin/core/packages/2.0-beta1/init.php
+45 -30
View File
@@ -13,11 +13,12 @@
um_add_upgrade_log( '<?php echo esc_js( __( 'Upgrade Styles...', 'ultimate-member' ) ) ?>' );
jQuery.ajax({
url: '<?php echo admin_url( 'admin-ajax.php' ) ?>',
url: wp.ajax.settings.url,
type: 'POST',
dataType: 'json',
data: {
action: 'um_styles20beta1'
action: 'um_styles20beta1',
nonce: um_admin_scripts.nonce
},
success: function( response ) {
if ( typeof response.data != 'undefined' ) {
@@ -36,11 +37,12 @@
function upgrade_roles() {
um_add_upgrade_log( '<?php echo esc_js( __( 'Upgrade Roles...', 'ultimate-member' ) ) ?>' );
jQuery.ajax({
url: '<?php echo admin_url( 'admin-ajax.php' ) ?>',
url: wp.ajax.settings.url,
type: 'POST',
dataType: 'json',
data: {
action: 'um_user_roles20beta1'
action: 'um_user_roles20beta1',
nonce: um_admin_scripts.nonce
},
success: function( response ) {
if ( typeof response.data != 'undefined' ) {
@@ -70,12 +72,13 @@
var role = um_roles_data.shift();
um_add_upgrade_log( '<?php echo esc_js( __( 'Getting ', 'ultimate-member' ) ) ?>"' + role.role_key + '"<?php echo esc_js( __( ' users...', 'ultimate-member' ) ) ?>' );
jQuery.ajax({
url: '<?php echo admin_url( 'admin-ajax.php' ) ?>',
url: wp.ajax.settings.url,
type: 'POST',
dataType: 'json',
data: {
action: 'um_get_users_per_role20beta1',
key_in_meta: role.key_in_meta
key_in_meta: role.key_in_meta,
nonce: um_admin_scripts.nonce
},
success: function( response ) {
if ( typeof response.data.count != 'undefined' ) {
@@ -103,14 +106,15 @@
function update_user_per_page( role_key, key_in_meta ) {
if ( current_page <= users_pages ) {
jQuery.ajax({
url: '<?php echo admin_url( 'admin-ajax.php' ) ?>',
url: wp.ajax.settings.url,
type: 'POST',
dataType: 'json',
data: {
action: 'um_update_users_per_page20beta1',
role_key: role_key,
key_in_meta: key_in_meta,
page: current_page
page: current_page,
nonce: um_admin_scripts.nonce
},
success: function( response ) {
if ( typeof response.data != 'undefined' ) {
@@ -135,11 +139,12 @@
um_add_upgrade_log( '<?php echo esc_js( __( 'Upgrade Content Restriction Settings...', 'ultimate-member' ) ) ?>' );
jQuery.ajax({
url: '<?php echo admin_url( 'admin-ajax.php' ) ?>',
url: wp.ajax.settings.url,
type: 'POST',
dataType: 'json',
data: {
action: 'um_content_restriction20beta1'
action: 'um_content_restriction20beta1',
nonce: um_admin_scripts.nonce
},
success: function( response ) {
if ( typeof response.data != 'undefined' ) {
@@ -160,11 +165,12 @@
um_add_upgrade_log( '<?php echo esc_js( __( 'Upgrade Settings...', 'ultimate-member' ) ) ?>' );
jQuery.ajax({
url: '<?php echo admin_url( 'admin-ajax.php' ) ?>',
url: wp.ajax.settings.url,
type: 'POST',
dataType: 'json',
data: {
action: 'um_settings20beta1'
action: 'um_settings20beta1',
nonce: um_admin_scripts.nonce
},
success: function( response ) {
if ( typeof response.data != 'undefined' ) {
@@ -185,11 +191,12 @@
um_add_upgrade_log( '<?php echo esc_js( __( 'Upgrade Menu Items...', 'ultimate-member' ) ) ?>' );
jQuery.ajax({
url: '<?php echo admin_url( 'admin-ajax.php' ) ?>',
url: wp.ajax.settings.url,
type: 'POST',
dataType: 'json',
data: {
action: 'um_menus20beta1'
action: 'um_menus20beta1',
nonce: um_admin_scripts.nonce
},
success: function( response ) {
if ( typeof response.data != 'undefined' ) {
@@ -210,11 +217,12 @@
um_add_upgrade_log( '<?php echo esc_js( __( 'Upgrade Mailchimp Lists...', 'ultimate-member' ) ) ?>' );
jQuery.ajax({
url: '<?php echo admin_url( 'admin-ajax.php' ) ?>',
url: wp.ajax.settings.url,
type: 'POST',
dataType: 'json',
data: {
action: 'um_mc_lists20beta1'
action: 'um_mc_lists20beta1',
nonce: um_admin_scripts.nonce
},
success: function( response ) {
if ( typeof response.data != 'undefined' ) {
@@ -235,11 +243,12 @@
um_add_upgrade_log( '<?php echo esc_js( __( 'Upgrade Social Login Forms...', 'ultimate-member' ) ) ?>' );
jQuery.ajax({
url: '<?php echo admin_url( 'admin-ajax.php' ) ?>',
url: wp.ajax.settings.url,
type: 'POST',
dataType: 'json',
data: {
action: 'um_social_login20beta1'
action: 'um_social_login20beta1',
nonce: um_admin_scripts.nonce
},
success: function( response ) {
if ( typeof response.data != 'undefined' ) {
@@ -260,11 +269,12 @@
um_add_upgrade_log( '<?php echo esc_js( __( 'Upgrade UM Custom Post Types...', 'ultimate-member' ) ) ?>' );
jQuery.ajax({
url: '<?php echo admin_url( 'admin-ajax.php' ) ?>',
url: wp.ajax.settings.url,
type: 'POST',
dataType: 'json',
data: {
action: 'um_cpt20beta1'
action: 'um_cpt20beta1',
nonce: um_admin_scripts.nonce
},
success: function( response ) {
if ( typeof response.data != 'undefined' ) {
@@ -286,11 +296,12 @@
um_add_upgrade_log( '<?php echo esc_js( __( 'Get bbPress Forums count...', 'ultimate-member' ) ) ?>' );
current_page = 1;
jQuery.ajax({
url: '<?php echo admin_url( 'admin-ajax.php' ) ?>',
url: wp.ajax.settings.url,
type: 'POST',
dataType: 'json',
data: {
action: 'um_get_forums20beta1'
action: 'um_get_forums20beta1',
nonce: um_admin_scripts.nonce
},
success: function( response ) {
if ( typeof response.data != 'undefined' ) {
@@ -313,12 +324,13 @@
function update_forums_per_page() {
if ( current_page <= forums_pages ) {
jQuery.ajax({
url: '<?php echo admin_url( 'admin-ajax.php' ) ?>',
url: wp.ajax.settings.url,
type: 'POST',
dataType: 'json',
data: {
action: 'um_update_forum_per_page20beta1',
page: current_page
page: current_page,
nonce: um_admin_scripts.nonce
},
success: function( response ) {
if ( typeof response.data != 'undefined' ) {
@@ -346,11 +358,12 @@
current_page = 1;
jQuery.ajax({
url: '<?php echo admin_url( 'admin-ajax.php' ) ?>',
url: wp.ajax.settings.url,
type: 'POST',
dataType: 'json',
data: {
action: 'um_get_products20beta1'
action: 'um_get_products20beta1',
nonce: um_admin_scripts.nonce
},
success: function( response ) {
if ( typeof response.data != 'undefined' ) {
@@ -373,12 +386,13 @@
function update_products_per_page() {
if ( current_page <= products_pages ) {
jQuery.ajax({
url: '<?php echo admin_url( 'admin-ajax.php' ) ?>',
url: wp.ajax.settings.url,
type: 'POST',
dataType: 'json',
data: {
action: 'um_update_products_per_page20beta1',
page: current_page
page: current_page,
nonce: um_admin_scripts.nonce
},
success: function( response ) {
if ( typeof response.data != 'undefined' ) {
@@ -402,11 +416,12 @@
function upgrade_email_templates() {
um_add_upgrade_log( '<?php echo esc_js( __( 'Upgrade Email Templates...', 'ultimate-member' ) ) ?>' );
jQuery.ajax({
url: '<?php echo admin_url( 'admin-ajax.php' ) ?>',
url: wp.ajax.settings.url,
type: 'POST',
dataType: 'json',
data: {
action: 'um_email_templates20beta1'
action: 'um_email_templates20beta1',
nonce: um_admin_scripts.nonce
},
success: function( response ) {
if ( typeof response.data != 'undefined' ) {
includes/admin/core/packages/2.0.10/functions.php
Vendored
+4
View File
@@ -1,5 +1,7 @@
<?php
function um_upgrade_styles2010() {
UM()->admin()->check_ajax_nonce();
um_maybe_unset_time_limit();
include 'styles.php';
@@ -8,6 +10,8 @@ function um_upgrade_styles2010() {
function um_upgrade_cache2010() {
UM()->admin()->check_ajax_nonce();
um_maybe_unset_time_limit();
UM()->user()->remove_cache_all_users();
includes/admin/core/packages/2.0.10/init.php
Vendored
+6 -4
View File
@@ -6,11 +6,12 @@
um_add_upgrade_log( '<?php echo esc_js( __( 'Upgrade Styles...', 'ultimate-member' ) ) ?>' );
jQuery.ajax({
url: '<?php echo admin_url( 'admin-ajax.php' ) ?>',
url: wp.ajax.settings.url,
type: 'POST',
dataType: 'json',
data: {
action: 'um_styles2010'
action: 'um_styles2010',
nonce: um_admin_scripts.nonce
},
success: function( response ) {
if ( typeof response.data != 'undefined' ) {
@@ -30,11 +31,12 @@
function um_clear_cache2010() {
um_add_upgrade_log( '<?php echo esc_js( __( 'Clear Users Cache...', 'ultimate-member' ) ) ?>' );
jQuery.ajax({
url: '<?php echo admin_url( 'admin-ajax.php' ) ?>',
url: wp.ajax.settings.url,
type: 'POST',
dataType: 'json',
data: {
action: 'um_cache2010'
action: 'um_cache2010',
nonce: um_admin_scripts.nonce
},
success: function( response ) {
if ( typeof response.data != 'undefined' ) {
includes/admin/core/packages/2.0.24/functions.php
Vendored
+2
View File
@@ -1,5 +1,7 @@
<?php
function um_upgrade_tempfolder2024() {
UM()->admin()->check_ajax_nonce();
um_maybe_unset_time_limit();
UM()->files()->remove_dir( UM()->files()->upload_temp );
includes/admin/core/packages/2.0.24/init.php
Vendored
+3 -2
View File
@@ -6,11 +6,12 @@
um_add_upgrade_log( '<?php echo esc_js( __( 'Purge temp files dir...', 'ultimate-member' ) ) ?>' );
jQuery.ajax({
url: '<?php echo admin_url( 'admin-ajax.php' ) ?>',
url: wp.ajax.settings.url,
type: 'POST',
dataType: 'json',
data: {
action: 'um_tempfolder2024'
action: 'um_tempfolder2024',
nonce: um_admin_scripts.nonce
},
success: function( response ) {
if ( typeof response.data != 'undefined' ) {
includes/admin/templates/modal/dynamic_edit_field.php
+1
View File
@@ -11,6 +11,7 @@
<div class="um-admin-modal-foot">
<input type="submit" value="<?php _e('Update','ultimate-member'); ?>" class="button-primary" />
<input type="hidden" name="action" value="um_update_field" />
<input type="hidden" name="nonce" value="<?php echo wp_create_nonce( 'um-admin-nonce' ) ?>" />
<a href="#" data-action="UM_remove_modal" class="button"><?php _e('Cancel','ultimate-member'); ?></a>
</div>
includes/admin/templates/modal/dynamic_edit_row.php
+1
View File
@@ -11,6 +11,7 @@
<div class="um-admin-modal-foot">
<input type="submit" value="<?php _e('Update','ultimate-member'); ?>" class="button-primary" />
<input type="hidden" name="action" value="um_update_field" />
<input type="hidden" name="nonce" value="<?php echo wp_create_nonce( 'um-admin-nonce' ) ?>" />
<a href="#" data-action="UM_remove_modal" class="button"><?php _e('Cancel','ultimate-member'); ?></a>
</div>
includes/admin/templates/modal/dynamic_new_divider.php
+1
View File
@@ -11,6 +11,7 @@
<div class="um-admin-modal-foot">
<input type="submit" value="<?php _e('Add','ultimate-member'); ?>" class="button-primary" />
<input type="hidden" name="action" value="um_update_field" />
<input type="hidden" name="nonce" value="<?php echo wp_create_nonce( 'um-admin-nonce' ) ?>" />
<a href="#" data-action="UM_remove_modal" class="button"><?php _e('Cancel','ultimate-member'); ?></a>
</div>
includes/admin/templates/modal/dynamic_new_field.php
+1
View File
@@ -11,6 +11,7 @@
<div class="um-admin-modal-foot">
<input type="submit" value="<?php _e('Add','ultimate-member'); ?>" class="button-primary" />
<input type="hidden" name="action" value="um_update_field" />
<input type="hidden" name="nonce" value="<?php echo wp_create_nonce( 'um-admin-nonce' ) ?>" />
<a href="#" data-modal="UM_fields" class="button"><?php _e('Cancel','ultimate-member'); ?></a>
</div>
includes/admin/templates/modal/dynamic_new_group.php
+1
View File
@@ -11,6 +11,7 @@
<div class="um-admin-modal-foot">
<input type="submit" value="<?php _e('Add','ultimate-member'); ?>" class="button-primary" />
<input type="hidden" name="action" value="um_update_field" />
<input type="hidden" name="nonce" value="<?php echo wp_create_nonce( 'um-admin-nonce' ) ?>" />
<a href="#" data-action="UM_remove_modal" class="button"><?php _e('Cancel','ultimate-member'); ?></a>
</div>
includes/class-functions.php
+15
View File
@@ -16,6 +16,21 @@ if ( ! class_exists( 'UM_Functions' ) ) {
}
/**
* Check frontend nonce
*
* @param bool $action
*/
function check_ajax_nonce( $action = false ) {
$nonce = isset( $_POST['nonce'] ) ? $_POST['nonce'] : '';
$action = empty( $action ) ? 'um-frontend-nonce' : $action;
if ( ! wp_verify_nonce( $nonce, $action ) ) {
wp_send_json_error( esc_js( __( 'Wrong Nonce', 'ultimate-member' ) ) );
}
}
/**
* What type of request is this?
*
includes/core/class-enqueue.php
+3 -1
View File
@@ -129,7 +129,9 @@ if ( ! class_exists( 'um\core\Enqueue' ) ) {
* }
* ?>
*/
$localize_data = apply_filters( 'um_enqueue_localize_data', array() );
$localize_data = apply_filters( 'um_enqueue_localize_data', array(
'nonce' => wp_create_nonce( "um-frontend-nonce" ),
) );
wp_localize_script( 'um_scripts', 'um_scripts', $localize_data );
wp_register_script('um_members', $this->js_baseurl . 'um-members' . $this->suffix . '.js', array( 'jquery' ), ultimatemember_version, true );
includes/core/class-fields.php
+7 -3
View File
@@ -4059,21 +4059,25 @@ if ( ! class_exists( 'um\core\Fields' ) ) {
*
*/
function do_ajax_action() {
if (!is_user_logged_in() || !current_user_can( 'manage_options' )) die( __( 'Please login as administrator', 'ultimate-member' ) );
UM()->admin()->check_ajax_nonce();
if ( ! is_user_logged_in() || ! current_user_can( 'manage_options' ) ) {
wp_send_json_error( __( 'Please login as administrator', 'ultimate-member' ) );
}
extract( $_POST );
$output = null;
$position = array();
if (!empty( $in_column )) {
if ( ! empty( $in_column ) ) {
$position['in_row'] = '_um_row_' . ( (int)$in_row + 1 );
$position['in_sub_row'] = $in_sub_row;
$position['in_column'] = $in_column;
$position['in_group'] = $in_group;
}
switch ($act_id) {
switch ( $act_id ) {
case 'um_admin_duplicate_field':
$this->duplicate_field( $arg1, $arg2 );
includes/core/class-files.php
+4
View File
@@ -241,6 +241,8 @@ if ( ! class_exists( 'um\core\Files' ) ) {
* Remove file by AJAX
*/
function ajax_remove_file() {
UM()->check_ajax_nonce();
/**
* @var $src
*/
@@ -255,6 +257,8 @@ if ( ! class_exists( 'um\core\Files' ) ) {
* Resize image AJAX handler
*/
function ajax_resize_image() {
UM()->check_ajax_nonce();
/**
* @var $key
* @var $src
includes/core/class-form.php
+3 -1
View File
@@ -50,6 +50,8 @@ if ( ! class_exists( 'um\core\Form' ) ) {
*
*/
function ajax_muted_action() {
UM()->check_ajax_nonce();
extract( $_REQUEST );
if ( ! UM()->roles()->um_current_user_can( 'edit', $user_id ) )
@@ -86,7 +88,7 @@ if ( ! class_exists( 'um\core\Form' ) ) {
*
*/
function ajax_select_options() {
UM()->check_ajax_nonce();
$arr_options = array();
$arr_options['status'] = 'success';
includes/core/class-profile.php
+4
View File
@@ -45,6 +45,8 @@ if ( ! class_exists( 'um\core\Profile' ) ) {
* Delete profile avatar AJAX handler
*/
function ajax_delete_profile_photo() {
UM()->check_ajax_nonce();
/**
* @var $user_id
*/
@@ -61,6 +63,8 @@ if ( ! class_exists( 'um\core\Profile' ) ) {
* Delete cover photo AJAX handler
*/
function ajax_delete_cover_photo() {
UM()->check_ajax_nonce();
/**
* @var $user_id
*/
includes/core/class-query.php
+2
View File
@@ -39,6 +39,8 @@ if ( ! class_exists( 'um\core\Query' ) ) {
* Ajax pagination for posts
*/
function ajax_paginate() {
UM()->check_ajax_nonce();
/**
* @var $hook
* @var $args
includes/core/class-user-posts.php
+2
View File
@@ -82,6 +82,8 @@ if ( ! class_exists( 'um\core\User_posts' ) ) {
*
*/
function load_posts() {
UM()->check_ajax_nonce();
$author = ! empty( $_POST['author'] ) ? $_POST['author'] : get_current_user_id();
$page = ! empty( $_POST['page'] ) ? $_POST['page'] : 0;
includes/core/class-user.php
+7 -2
View File
@@ -87,8 +87,11 @@ if ( ! class_exists( 'um\core\User' ) ) {
add_action( 'init', array( &$this, 'check_membership' ), 10 );
add_action( 'delete_user', array( &$this, 'delete_user_handler' ), 10, 1 );
add_action( 'wpmu_delete_user', array( &$this, 'delete_user_handler' ), 10, 1 );
if ( is_multisite() ) {
add_action( 'delete_user', array( &$this, 'delete_user_handler' ), 10, 1 );
} else {
add_action( 'wpmu_delete_user', array( &$this, 'delete_user_handler' ), 10, 1 );
}
}
@@ -96,6 +99,8 @@ if ( ! class_exists( 'um\core\User' ) ) {
* @param $user_id
*/
function delete_user_handler( $user_id ) {
error_log( '----------------' );
error_log( $user_id );
um_fetch_user( $user_id );
includes/core/um-actions-ajax.php
+2
View File
@@ -8,6 +8,8 @@ if ( ! defined( 'ABSPATH' ) ) exit;
* @return boolean
*/
function ultimatemember_check_username_exists() {
UM()->check_ajax_nonce();
$username = isset($_REQUEST['username']) ? $_REQUEST['username'] : '';
$exists = username_exists( $username );
languages/ultimate-member-en_US.po
+110 -119
View File
@@ -1,8 +1,8 @@
msgid ""
msgstr ""
"Project-Id-Version: Ultimate Member\n"
"POT-Creation-Date: 2018-11-20 13:57+0200\n"
"PO-Revision-Date: 2018-11-20 13:57+0200\n"
"POT-Creation-Date: 2018-11-21 11:52+0200\n"
"PO-Revision-Date: 2018-11-21 11:52+0200\n"
"Last-Translator: \n"
"Language-Team: \n"
"Language: en_US\n"
@@ -21,6 +21,10 @@ msgstr ""
"X-Poedit-SearchPath-0: .\n"
"X-Poedit-SearchPathExcluded-0: *.js\n"
#: includes/admin/class-admin-functions.php:35 includes/class-functions.php:29
msgid "Wrong Nonce"
msgstr ""
#: includes/admin/class-admin.php:181
#, php-format
msgid "Duplicate of %s"
@@ -94,63 +98,66 @@ msgstr ""
msgid "Reset all rules"
msgstr ""
#: includes/admin/core/class-admin-builder.php:401
#: includes/admin/core/class-admin-builder.php:471
#: includes/admin/core/class-admin-dragdrop.php:161
msgid "Add Row"
#: includes/admin/core/class-admin-builder.php:298
#: includes/admin/core/class-admin-builder.php:612
#: includes/admin/core/class-admin-builder.php:767
#: includes/admin/core/class-admin-dragdrop.php:32
#: includes/admin/core/class-admin-menu.php:105
#: includes/core/class-fields.php:4065
msgid "Please login as administrator"
msgstr ""
#: includes/admin/core/class-admin-builder.php:402
#: includes/admin/core/class-admin-builder.php:472
#: includes/admin/core/class-admin-dragdrop.php:162
#: includes/admin/core/class-admin-dragdrop.php:163
msgid "Add Row"
msgstr ""
#: includes/admin/core/class-admin-builder.php:403
#: includes/admin/core/class-admin-builder.php:473
#: includes/admin/core/class-admin-dragdrop.php:164
msgid "Edit Row"
msgstr ""
#: includes/admin/core/class-admin-builder.php:475
#: includes/admin/core/class-admin-dragdrop.php:164
#: includes/admin/core/class-admin-dragdrop.php:178
#: includes/admin/core/class-admin-dragdrop.php:203
#: includes/admin/core/class-admin-builder.php:476
#: includes/admin/core/class-admin-dragdrop.php:166
#: includes/admin/core/class-admin-dragdrop.php:180
#: includes/admin/core/class-admin-dragdrop.php:205
msgid "Delete Row"
msgstr ""
#: includes/admin/core/class-admin-builder.php:609
#: includes/admin/core/class-admin-builder.php:763
#: includes/core/class-fields.php:4062
msgid "Please login as administrator"
msgstr ""
#: includes/admin/core/class-admin-builder.php:827
#: includes/admin/core/class-admin-builder.php:833
msgid "Search Icons..."
msgstr ""
#: includes/admin/core/class-admin-builder.php:847
#: includes/admin/core/class-admin-builder.php:853
msgid "Setup New Field"
msgstr ""
#: includes/admin/core/class-admin-builder.php:863
#: includes/admin/core/class-admin-builder.php:869
msgid "Predefined Fields"
msgstr ""
#: includes/admin/core/class-admin-builder.php:874
#: includes/admin/core/class-admin-builder.php:880
#: includes/core/class-builtin.php:1308
msgid "None"
msgstr ""
#: includes/admin/core/class-admin-builder.php:878
#: includes/admin/core/class-admin-builder.php:884
msgid "Custom Fields"
msgstr ""
#: includes/admin/core/class-admin-builder.php:889
#: includes/admin/core/class-admin-builder.php:895
msgid "You did not create any custom fields"
msgstr ""
#: includes/admin/core/class-admin-builder.php:920
#: includes/admin/core/class-admin-builder.php:992
#: includes/admin/core/class-admin-builder.php:926
#: includes/admin/core/class-admin-builder.php:998
msgid "This field type is not setup correcty."
msgstr ""
#: includes/admin/core/class-admin-builder.php:1137
#: includes/core/class-form.php:153 includes/core/class-form.php:326
#: includes/admin/core/class-admin-builder.php:1143
#: includes/core/class-form.php:155 includes/core/class-form.php:328
#: includes/core/class-password.php:518
msgid "This is not possible for security reasons."
msgstr ""
@@ -371,65 +378,65 @@ msgid ""
"help us to grow the plugin and make it more popular. Thank you."
msgstr ""
#: includes/admin/core/class-admin-menu.php:118
#: includes/admin/core/class-admin-menu.php:126
msgctxt "Admin menu name"
msgid "Users"
msgstr ""
#: includes/admin/core/class-admin-menu.php:126
#: includes/admin/core/class-admin-menu.php:134
msgctxt "Admin menu name"
msgid "All Users"
msgstr ""
#. Plugin Name of the plugin/theme
#. Author of the plugin/theme
#: includes/admin/core/class-admin-menu.php:138
#: includes/core/class-user.php:552
#: includes/admin/core/class-admin-menu.php:146
#: includes/core/class-user.php:557
msgid "Ultimate Member"
msgstr ""
#: includes/admin/core/class-admin-menu.php:142
#: includes/admin/core/class-admin-menu.php:150
msgid "Dashboard"
msgstr ""
#: includes/admin/core/class-admin-menu.php:150
#: includes/admin/core/class-admin-menu.php:158
#: includes/admin/templates/gdpr.php:7 includes/core/class-common.php:56
msgid "Forms"
msgstr ""
#: includes/admin/core/class-admin-menu.php:152
#: includes/admin/core/class-admin-menu.php:160
#: includes/admin/core/list-tables/roles-list-table.php:477
#: includes/admin/core/packages/2.0-beta1/user_roles.php:12
msgid "User Roles"
msgstr ""
#: includes/admin/core/class-admin-menu.php:155
#: includes/admin/core/class-admin-menu.php:163
#: includes/core/class-common.php:85
msgid "Member Directories"
msgstr ""
#: includes/admin/core/class-admin-menu.php:197
#: includes/admin/core/class-admin-menu.php:205
#: includes/admin/core/class-admin-settings.php:1007
msgid "Extensions"
msgstr ""
#: includes/admin/core/class-admin-menu.php:210
#: includes/admin/core/class-admin-menu.php:218
msgid "Users Overview"
msgstr ""
#: includes/admin/core/class-admin-menu.php:212
#: includes/admin/core/class-admin-menu.php:220
msgid "Latest from our blog"
msgstr ""
#: includes/admin/core/class-admin-menu.php:214
#: includes/admin/core/class-admin-menu.php:222
msgid "Purge Temp Files"
msgstr ""
#: includes/admin/core/class-admin-menu.php:216
#: includes/admin/core/class-admin-menu.php:224
msgid "User Cache"
msgstr ""
#: includes/admin/core/class-admin-menu.php:221
#: includes/admin/core/class-admin-menu.php:229
msgid "Upgrade's Manual Request"
msgstr ""
@@ -1305,11 +1312,7 @@ msgid ""
"target=\"_blank\">here</a>"
msgstr ""
#: includes/admin/core/class-admin-notices.php:671
msgid "Wrong Nonce"
msgstr ""
#: includes/admin/core/class-admin-notices.php:676
#: includes/admin/core/class-admin-notices.php:672
msgid "Wrong Data"
msgstr ""
@@ -2549,7 +2552,7 @@ msgstr ""
#: includes/admin/core/class-admin-users.php:305
#: includes/admin/templates/dashboard/users.php:11
#: includes/core/class-user.php:816
#: includes/core/class-user.php:821
msgid "Approved"
msgstr ""
@@ -2672,59 +2675,59 @@ msgstr ""
msgid "User Role <strong>Deleted</strong> Successfully."
msgstr ""
#: includes/admin/core/packages/2.0-beta1/functions.php:6
#: includes/admin/core/packages/2.0.10/functions.php:6
#: includes/admin/core/packages/2.0-beta1/functions.php:8
#: includes/admin/core/packages/2.0.10/functions.php:8
msgid "Styles was upgraded successfully"
msgstr ""
#: includes/admin/core/packages/2.0-beta1/functions.php:17
#: includes/admin/core/packages/2.0-beta1/functions.php:21
msgid "User Roles was upgraded successfully"
msgstr ""
#: includes/admin/core/packages/2.0-beta1/functions.php:80
#: includes/admin/core/packages/2.0-beta1/functions.php:89
#, php-format
msgid "Users from %s to %s was upgraded successfully..."
msgstr ""
#: includes/admin/core/packages/2.0-beta1/functions.php:100
#: includes/admin/core/packages/2.0-beta1/functions.php:113
msgid "Settings was upgraded successfully"
msgstr ""
#: includes/admin/core/packages/2.0-beta1/functions.php:108
#: includes/admin/core/packages/2.0-beta1/functions.php:123
msgid "Menus settings was upgraded successfully"
msgstr ""
#: includes/admin/core/packages/2.0-beta1/functions.php:116
#: includes/admin/core/packages/2.0-beta1/functions.php:133
msgid "Mailchimp Lists was upgraded successfully"
msgstr ""
#: includes/admin/core/packages/2.0-beta1/functions.php:124
#: includes/admin/core/packages/2.0-beta1/functions.php:143
msgid "Social login forms was upgraded successfully"
msgstr ""
#: includes/admin/core/packages/2.0-beta1/functions.php:132
#: includes/admin/core/packages/2.0-beta1/functions.php:153
msgid "UM Custom Posts was upgraded successfully"
msgstr ""
#: includes/admin/core/packages/2.0-beta1/functions.php:147
#: includes/admin/core/packages/2.0-beta1/functions.php:170
msgid "Forums are ready for upgrade"
msgstr ""
#: includes/admin/core/packages/2.0-beta1/functions.php:200
#: includes/admin/core/packages/2.0-beta1/functions.php:225
#, php-format
msgid "Forums from %s to %s was upgraded successfully..."
msgstr ""
#: includes/admin/core/packages/2.0-beta1/functions.php:216
#: includes/admin/core/packages/2.0-beta1/functions.php:243
msgid "Woocommerce Products are ready for upgrade"
msgstr ""
#: includes/admin/core/packages/2.0-beta1/functions.php:290
#: includes/admin/core/packages/2.0-beta1/functions.php:319
#, php-format
msgid "Woocommerce Products from %s to %s was upgraded successfully..."
msgstr ""
#: includes/admin/core/packages/2.0-beta1/functions.php:306
#: includes/admin/core/packages/2.0-beta1/functions.php:337
msgid "Email Templates was upgraded successfully"
msgstr ""
@@ -2733,72 +2736,72 @@ msgstr ""
msgid "Upgrade Styles..."
msgstr ""
#: includes/admin/core/packages/2.0-beta1/init.php:37
#: includes/admin/core/packages/2.0-beta1/init.php:38
msgid "Upgrade Roles..."
msgstr ""
#: includes/admin/core/packages/2.0-beta1/init.php:50
#: includes/admin/core/packages/2.0-beta1/init.php:52
msgid "Upgrade Users..."
msgstr ""
#: includes/admin/core/packages/2.0-beta1/init.php:71
#: includes/admin/core/packages/2.0-beta1/init.php:73
msgid "Getting "
msgstr ""
#: includes/admin/core/packages/2.0-beta1/init.php:71
#: includes/admin/core/packages/2.0-beta1/init.php:82
#: includes/admin/core/packages/2.0-beta1/init.php:73
#: includes/admin/core/packages/2.0-beta1/init.php:85
msgid " users..."
msgstr ""
#: includes/admin/core/packages/2.0-beta1/init.php:82
#: includes/admin/core/packages/2.0-beta1/init.php:85
msgid "There are "
msgstr ""
#: includes/admin/core/packages/2.0-beta1/init.php:83
#: includes/admin/core/packages/2.0-beta1/init.php:86
msgid "Start users upgrading..."
msgstr ""
#: includes/admin/core/packages/2.0-beta1/init.php:135
#: includes/admin/core/packages/2.0-beta1/init.php:139
msgid "Upgrade Content Restriction Settings..."
msgstr ""
#: includes/admin/core/packages/2.0-beta1/init.php:160
#: includes/admin/core/packages/2.0-beta1/init.php:165
msgid "Upgrade Settings..."
msgstr ""
#: includes/admin/core/packages/2.0-beta1/init.php:185
#: includes/admin/core/packages/2.0-beta1/init.php:191
msgid "Upgrade Menu Items..."
msgstr ""
#: includes/admin/core/packages/2.0-beta1/init.php:210
#: includes/admin/core/packages/2.0-beta1/init.php:217
msgid "Upgrade Mailchimp Lists..."
msgstr ""
#: includes/admin/core/packages/2.0-beta1/init.php:235
#: includes/admin/core/packages/2.0-beta1/init.php:243
msgid "Upgrade Social Login Forms..."
msgstr ""
#: includes/admin/core/packages/2.0-beta1/init.php:260
#: includes/admin/core/packages/2.0-beta1/init.php:269
msgid "Upgrade UM Custom Post Types..."
msgstr ""
#: includes/admin/core/packages/2.0-beta1/init.php:285
#: includes/admin/core/packages/2.0-beta1/init.php:295
msgid "Upgrade bbPress Forums..."
msgstr ""
#: includes/admin/core/packages/2.0-beta1/init.php:286
#: includes/admin/core/packages/2.0-beta1/init.php:296
msgid "Get bbPress Forums count..."
msgstr ""
#: includes/admin/core/packages/2.0-beta1/init.php:343
#: includes/admin/core/packages/2.0-beta1/init.php:355
msgid "Upgrade Woocommerce Products..."
msgstr ""
#: includes/admin/core/packages/2.0-beta1/init.php:344
#: includes/admin/core/packages/2.0-beta1/init.php:356
msgid "Get all Products..."
msgstr ""
#: includes/admin/core/packages/2.0-beta1/init.php:403
#: includes/admin/core/packages/2.0-beta1/init.php:417
msgid "Upgrade Email Templates..."
msgstr ""
@@ -2827,15 +2830,15 @@ msgstr ""
msgid "Search User Roles"
msgstr ""
#: includes/admin/core/packages/2.0.10/functions.php:17
#: includes/admin/core/packages/2.0.10/functions.php:21
msgid "Users cache was cleared successfully"
msgstr ""
#: includes/admin/core/packages/2.0.10/init.php:31
#: includes/admin/core/packages/2.0.10/init.php:32
msgid "Clear Users Cache..."
msgstr ""
#: includes/admin/core/packages/2.0.24/functions.php:9
#: includes/admin/core/packages/2.0.24/functions.php:11
msgid "Temporary dir was purged successfully"
msgstr ""
@@ -2856,18 +2859,6 @@ msgstr ""
msgid "Latest From Ultimate Member"
msgstr ""
#: includes/admin/templates/dashboard/language-contrib.php:2
#, php-format
msgid ""
"Ultimate Member is not yet available in your language: <strong>%1$s</strong>."
msgstr ""
#: includes/admin/templates/dashboard/language-contrib.php:6
msgid ""
"If you want to contribute this translation to the plugin, please add it on "
"our <a href=\"https://ultimatemember.com/forums/\">community forum</a>."
msgstr ""
#: includes/admin/templates/dashboard/purge.php:4
#, php-format
msgid ""
@@ -2896,12 +2887,12 @@ msgid "Get latest versions"
msgstr ""
#: includes/admin/templates/dashboard/users.php:27
#: includes/core/class-user.php:824
#: includes/core/class-user.php:829
msgid "Pending Review"
msgstr ""
#: includes/admin/templates/dashboard/users.php:32
#: includes/core/class-user.php:820
#: includes/core/class-user.php:825
msgid "Awaiting E-mail Confirmation"
msgstr ""
@@ -3485,11 +3476,11 @@ msgstr ""
msgid "Update"
msgstr ""
#: includes/admin/templates/modal/dynamic_edit_field.php:14
#: includes/admin/templates/modal/dynamic_edit_row.php:14
#: includes/admin/templates/modal/dynamic_new_divider.php:14
#: includes/admin/templates/modal/dynamic_new_field.php:14
#: includes/admin/templates/modal/dynamic_new_group.php:14
#: includes/admin/templates/modal/dynamic_edit_field.php:15
#: includes/admin/templates/modal/dynamic_edit_row.php:15
#: includes/admin/templates/modal/dynamic_new_divider.php:15
#: includes/admin/templates/modal/dynamic_new_field.php:15
#: includes/admin/templates/modal/dynamic_new_group.php:15
#: includes/admin/templates/modal/fonticons.php:11
#: includes/admin/templates/role/publish.php:24
#: includes/core/class-fields.php:2301 includes/core/class-fields.php:2398
@@ -4131,7 +4122,7 @@ msgstr ""
msgid "You must add a shortcode to the content area"
msgstr ""
#: includes/core/class-builtin.php:663 includes/core/class-user.php:1538
#: includes/core/class-builtin.php:663 includes/core/class-user.php:1543
msgid "Only me"
msgstr ""
@@ -6290,40 +6281,40 @@ msgstr ""
msgid "This user has not added any information to their profile yet."
msgstr ""
#: includes/core/class-files.php:267
#: includes/core/class-files.php:271
msgid "Invalid parameters"
msgstr ""
#: includes/core/class-files.php:272
#: includes/core/class-files.php:276
msgid "Invalid coordinates"
msgstr ""
#: includes/core/class-files.php:277
#: includes/core/class-files.php:281
msgid "Invalid file ownership"
msgstr ""
#: includes/core/class-files.php:330
#: includes/core/class-files.php:334
msgid "Invalid nonce"
msgstr ""
#: includes/core/class-files.php:350 includes/core/class-files.php:435
#: includes/core/class-files.php:354 includes/core/class-files.php:439
msgid "A theme or plugin compatibility issue"
msgstr ""
#: includes/core/class-files.php:978
#: includes/core/class-files.php:982
msgid "Ultimate Member: Not a valid temp file"
msgstr ""
#: includes/core/class-files.php:1106
#: includes/core/class-files.php:1110
msgid "Invalid user ID: "
msgstr ""
#: includes/core/class-files.php:1115 includes/core/class-files.php:1143
#: includes/core/class-files.php:1119 includes/core/class-files.php:1147
msgid "Unauthorized to do this attempt."
msgstr ""
#: includes/core/class-form.php:56 includes/core/class-profile.php:54
#: includes/core/class-profile.php:70
#: includes/core/class-form.php:58 includes/core/class-profile.php:56
#: includes/core/class-profile.php:74
msgid "You can not edit this user"
msgstr ""
@@ -6385,15 +6376,15 @@ msgstr ""
msgid "https://wordpress.org/support/"
msgstr ""
#: includes/core/class-profile.php:106
#: includes/core/class-profile.php:110
msgid "About"
msgstr ""
#: includes/core/class-profile.php:110
#: includes/core/class-profile.php:114
msgid "Posts"
msgstr ""
#: includes/core/class-profile.php:114
#: includes/core/class-profile.php:118
msgid "Comments"
msgstr ""
@@ -6518,19 +6509,19 @@ msgstr ""
msgid "Maximum file size allowed: %s"
msgstr ""
#: includes/core/class-user.php:610
#: includes/core/class-user.php:615
msgid "Ultimate Member Role"
msgstr ""
#: includes/core/class-user.php:613
#: includes/core/class-user.php:618
msgid "&mdash; No role for Ultimate Member &mdash;"
msgstr ""
#: includes/core/class-user.php:828
#: includes/core/class-user.php:833
msgid "Membership Rejected"
msgstr ""
#: includes/core/class-user.php:832
#: includes/core/class-user.php:837
msgid "Membership Inactive"
msgstr ""
readme.txt
+8 -1
View File
@@ -6,7 +6,7 @@ Donate link:
Tags: community, member, membership, user-profile, user-registration
Requires at least: 4.7
Tested up to: 4.9
Stable tag: 2.0.32
Stable tag: 2.0.33
License: GNU Version 2 or Any Later Version
License URI: http://www.gnu.org/licenses/gpl-3.0.txt
@@ -137,6 +137,13 @@ The plugin works with popular caching plugins by automatically excluding Ultimat
= Important: UM2.0+ is a significant update to the code base from 1.3.88. Please make sure you take a full-site backup with restore point before updating the plugin =
= 2.0.33: November 21, 2018 =
* Bugfixes:
- Fixed AJAX vulnerabilities
- Fixed delete user email notification
- Fixed profile tabs displaying
= 2.0.32: November 20, 2018 =
* Bugfixes:
ultimate-member.php
+1 -1
View File
@@ -3,7 +3,7 @@
Plugin Name: Ultimate Member
Plugin URI: http://ultimatemember.com/
Description: The easiest way to create powerful online communities and beautiful user profiles with WordPress
Version: 2.0.32
Version: 2.0.33
Author: Ultimate Member
Author URI: http://ultimatemember.com/
Text Domain: ultimate-member