10h30/ultimatemember
1
0
Fork 0
mirror of https://github.com/10h30/ultimatemember.git synced 2026-06-05 15:09:37 +09:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1561 from ultimatemember/development/2.8.x

Browse Source 
Version 2.8.9
This commit is contained in:
Mykyta Synelnikov
2024-10-14 15:07:52 +03:00
committed by GitHub
parent ab05bc570a 1fd1ed425b
commit 0e80ca4bd1
35 changed files with 326 additions and 256 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.wordpress-org/blueprints/blueprint.json
+1 -1
View File
@@ -15,7 +15,7 @@
"step": "installPlugin",
"pluginZipFile": {
"resource": "url",
"url": "https:\/\/downloads.wordpress.org\/plugin\/ultimate-member.2.8.8.zip"
"url": "https:\/\/downloads.wordpress.org\/plugin\/ultimate-member.2.8.9.zip"
},
"options": {
"activate": true
README.md
+1 -1
View File
@@ -44,7 +44,7 @@ GNU Version 2 or Any Later Version
### IMPORTANT: PLEASE UPDATE THE PLUGIN TO AT LEAST VERSION 2.6.7 IMMEDIATELY. VERSION 2.6.7 PATCHES SECURITY PRIVILEGE ESCALATION VULNERABILITY. PLEASE SEE [THIS ARTICLE](https://docs.ultimatemember.com/article/1866-security-incident-update-and-recommended-actions) FOR MORE INFORMATION
[Official Release Version: 2.8.8](https://github.com/ultimatemember/ultimatemember/releases/tag/2.8.8).
[Official Release Version: 2.8.9](https://github.com/ultimatemember/ultimatemember/releases/tag/2.8.9).
## Changelog
assets/css/um-styles.css
-11
View File
@@ -1148,14 +1148,3 @@ small.um-max-filesize span{
float: none;
height: auto;
}
.um-textarea-html-value {
border: none;
width: 100%;
max-width: none;
margin: 0;
padding: 0;
overflow: auto;
max-height: none;
height: auto;
}
assets/css/um-styles.min.css
Vendored
+1 -1
View File
File diff suppressed because one or more lines are too long
assets/js/common-frontend.js
-12
View File
@@ -96,18 +96,6 @@ UM.frontend = {
UM.frontend.cropper.obj = null; // flush our own object
}
}
},
iframe: {
resize: function(obj) {
let newHeight;
// 150 is default height of the iframe in web-browser
if ( obj.contentWindow.document.documentElement.scrollHeight > 150 && obj.contentWindow.document.documentElement.scrollHeight > obj.contentWindow.document.documentElement.offsetHeight ) {
newHeight = obj.contentWindow.document.documentElement.scrollHeight;
} else {
newHeight = obj.contentWindow.document.documentElement.offsetHeight;
}
obj.style.height = newHeight + 'px';
}
}
}
assets/js/common-frontend.min.js
Vendored
+1 -1
View File
@@ -1 +1 @@
"object"!=typeof window.UM&&(window.UM={}),"object"!=typeof UM.frontend&&(UM.frontend={}),UM.frontend={cropper:{obj:null,init:function(){var o=jQuery(".um-modal .um-single-image-preview img").first();if(o.length&&""!==o.attr("src")){UM.frontend.cropper.obj&&UM.frontend.cropper.destroy();var t=jQuery(".um-modal .um-single-image-preview"),n=o.parent().data("crop"),r=o.parent().data("min_width"),i=o.parent().data("min_height"),d=o.parent().data("ratio"),a=jQuery(".um-modal").find("#um_upload_single").data("ratio"),a=(a&&(d=a.split(":")[0]),jQuery(window).height()-(jQuery(".um-modal-footer a").height()+20)-50-jQuery(".um-modal-header:visible").height());o.css({height:"auto"}),t.css({height:"auto"}),jQuery(window).height()<=400?(t.css({height:a+"px","max-height":a+"px"}),o.css({height:"auto"})):(o.css({height:"auto","max-height":a+"px"}),t.css({height:o.height(),"max-height":a+"px"}));let e;"square"===n?e={minWidth:r,minHeight:i,dragCrop:!1,aspectRatio:1,zoomable:!1,rotatable:!1,dashed:!1}:"cover"===n?(0<Math.round(r/d)&&(i=Math.round(r/d)),e={minWidth:r,minHeight:i,dragCrop:!1,aspectRatio:d,zoomable:!1,rotatable:!1,dashed:!1}):"user"===n&&(e={minWidth:r,minHeight:i,dragCrop:!0,aspectRatio:"auto",zoomable:!1,rotatable:!1,dashed:!1}),e&&(UM.frontend.cropper.obj=new Cropper(o[0],e))}},destroy:function(){0<jQuery(".cropper-container").length&&UM.frontend.cropper.obj&&(UM.frontend.cropper.obj.destroy(),UM.frontend.cropper.obj=null)}},iframe:{resize:function(e){let o;o=150<e.contentWindow.document.documentElement.scrollHeight&&e.contentWindow.document.documentElement.scrollHeight>e.contentWindow.document.documentElement.offsetHeight?e.contentWindow.document.documentElement.scrollHeight:e.contentWindow.document.documentElement.offsetHeight,e.style.height=o+"px"}}},wp.hooks.addAction("um_remove_modal","um_common_frontend",function(){UM.frontend.cropper.destroy()}),wp.hooks.addAction("um_after_removing_preview","um_common_frontend",function(){UM.frontend.cropper.destroy()}),wp.hooks.addAction("um_window_resize","um_common_frontend",function(){UM.frontend.cropper.destroy()});
"object"!=typeof window.UM&&(window.UM={}),"object"!=typeof UM.frontend&&(UM.frontend={}),UM.frontend={cropper:{obj:null,init:function(){var o=jQuery(".um-modal .um-single-image-preview img").first();if(o.length&&""!==o.attr("src")){UM.frontend.cropper.obj&&UM.frontend.cropper.destroy();var t=jQuery(".um-modal .um-single-image-preview"),r=o.parent().data("crop"),n=o.parent().data("min_width"),i=o.parent().data("min_height"),a=o.parent().data("ratio"),d=jQuery(".um-modal").find("#um_upload_single").data("ratio"),d=(d&&(a=d.split(":")[0]),jQuery(window).height()-(jQuery(".um-modal-footer a").height()+20)-50-jQuery(".um-modal-header:visible").height());o.css({height:"auto"}),t.css({height:"auto"}),jQuery(window).height()<=400?(t.css({height:d+"px","max-height":d+"px"}),o.css({height:"auto"})):(o.css({height:"auto","max-height":d+"px"}),t.css({height:o.height(),"max-height":d+"px"}));let e;"square"===r?e={minWidth:n,minHeight:i,dragCrop:!1,aspectRatio:1,zoomable:!1,rotatable:!1,dashed:!1}:"cover"===r?(0<Math.round(n/a)&&(i=Math.round(n/a)),e={minWidth:n,minHeight:i,dragCrop:!1,aspectRatio:a,zoomable:!1,rotatable:!1,dashed:!1}):"user"===r&&(e={minWidth:n,minHeight:i,dragCrop:!0,aspectRatio:"auto",zoomable:!1,rotatable:!1,dashed:!1}),e&&(UM.frontend.cropper.obj=new Cropper(o[0],e))}},destroy:function(){0<jQuery(".cropper-container").length&&UM.frontend.cropper.obj&&(UM.frontend.cropper.obj.destroy(),UM.frontend.cropper.obj=null)}}},wp.hooks.addAction("um_remove_modal","um_common_frontend",function(){UM.frontend.cropper.destroy()}),wp.hooks.addAction("um_after_removing_preview","um_common_frontend",function(){UM.frontend.cropper.destroy()}),wp.hooks.addAction("um_window_resize","um_common_frontend",function(){UM.frontend.cropper.destroy()});
assets/js/common.js
+1
View File
@@ -23,6 +23,7 @@ UM.common = {
jQuery('.um-tip-e').tipsy('hide');
jQuery('.um-tip-s').tipsy('hide');
jQuery('.um .tipsy').remove();
jQuery('.um-page .tipsy').remove();
}
}
},
assets/js/common.min.js
Vendored
+1 -1
View File
@@ -1 +1 @@
"object"!=typeof window.UM&&(window.UM={}),"object"!=typeof UM.common&&(UM.common={}),UM.common={tipsy:{init:function(){"function"==typeof jQuery.fn.tipsy&&(jQuery(".um-tip-n").tipsy({gravity:"n",opacity:1,live:"a.live",offset:3}),jQuery(".um-tip-w").tipsy({gravity:"w",opacity:1,live:"a.live",offset:3}),jQuery(".um-tip-e").tipsy({gravity:"e",opacity:1,live:"a.live",offset:3}),jQuery(".um-tip-s").tipsy({gravity:"s",opacity:1,live:"a.live",offset:3}))},hide:function(){"function"==typeof jQuery.fn.tipsy&&(jQuery(".um-tip-n").tipsy("hide"),jQuery(".um-tip-w").tipsy("hide"),jQuery(".um-tip-e").tipsy("hide"),jQuery(".um-tip-s").tipsy("hide"),jQuery(".um .tipsy").remove())}},datetimePicker:{init:function(){jQuery(".um-datepicker:not(.picker__input)").each(function(){e=void 0!==(elem=jQuery(this)).attr("data-disabled_weekdays")&&""!=elem.attr("data-disabled_weekdays")&&JSON.parse(elem.attr("data-disabled_weekdays"));var e,t=null,i=(void 0!==elem.attr("data-years")&&(t=elem.attr("data-years")),elem.attr("data-date_min")),a=elem.attr("data-date_max"),n=[],o=[],i=(void 0!==i&&(n=i.split(",")),void 0!==a&&(o=a.split(",")),n.length?new Date(n):null),a=n.length?new Date(o):null,o=(i&&"Invalid Date"==i.toString()&&3==n.length&&(n=n[1]+"/"+n[2]+"/"+n[0],i=new Date(Date.parse(n))),a&&"Invalid Date"==a.toString()&&3==o.length&&(n=o[1]+"/"+o[2]+"/"+o[0],a=new Date(Date.parse(n))),{disable:e,format:elem.attr("data-format"),formatSubmit:"yyyy/mm/dd",hiddenName:!0,onOpen:function(){elem.blur(),elem.parents("body").hasClass("wp-admin")&&elem.siblings(".picker").find(".picker__button--close").addClass("button")},onClose:function(){elem.blur()}});null!==t&&(o.selectYears=t),null!==i&&(o.min=i),null!==a&&(o.max=a),elem.pickadate(o)}),jQuery(".um-timepicker:not(.picker__input)").each(function(){(elem=jQuery(this)).pickatime({format:elem.attr("data-format"),interval:parseInt(elem.attr("data-intervals")),formatSubmit:"HH:i",hiddenName:!0,onOpen:function(){elem.blur()},onClose:function(){elem.blur()}})})}},select:{isSelected:function(e,t){return e===t?' selected="selected"':""}},form:{vanillaSerialize:function(e){var t,i,e=document.querySelector("#"+e),a={};for([t,i]of new FormData(e))void 0!==a[t]?(Array.isArray(a[t])||(a[t]=[a[t]]),a[t].push(i)):a[t]=i;return a}}},jQuery(document).on("ajaxStart",function(){UM.common.tipsy.hide()}),jQuery(document).on("ajaxSuccess",function(){UM.common.tipsy.init()}),jQuery(document).ready(function(){UM.common.tipsy.init(),UM.common.datetimePicker.init()});
"object"!=typeof window.UM&&(window.UM={}),"object"!=typeof UM.common&&(UM.common={}),UM.common={tipsy:{init:function(){"function"==typeof jQuery.fn.tipsy&&(jQuery(".um-tip-n").tipsy({gravity:"n",opacity:1,live:"a.live",offset:3}),jQuery(".um-tip-w").tipsy({gravity:"w",opacity:1,live:"a.live",offset:3}),jQuery(".um-tip-e").tipsy({gravity:"e",opacity:1,live:"a.live",offset:3}),jQuery(".um-tip-s").tipsy({gravity:"s",opacity:1,live:"a.live",offset:3}))},hide:function(){"function"==typeof jQuery.fn.tipsy&&(jQuery(".um-tip-n").tipsy("hide"),jQuery(".um-tip-w").tipsy("hide"),jQuery(".um-tip-e").tipsy("hide"),jQuery(".um-tip-s").tipsy("hide"),jQuery(".um .tipsy").remove(),jQuery(".um-page .tipsy").remove())}},datetimePicker:{init:function(){jQuery(".um-datepicker:not(.picker__input)").each(function(){e=void 0!==(elem=jQuery(this)).attr("data-disabled_weekdays")&&""!=elem.attr("data-disabled_weekdays")&&JSON.parse(elem.attr("data-disabled_weekdays"));var e,t=null,i=(void 0!==elem.attr("data-years")&&(t=elem.attr("data-years")),elem.attr("data-date_min")),a=elem.attr("data-date_max"),n=[],o=[],i=(void 0!==i&&(n=i.split(",")),void 0!==a&&(o=a.split(",")),n.length?new Date(n):null),a=n.length?new Date(o):null,o=(i&&"Invalid Date"==i.toString()&&3==n.length&&(n=n[1]+"/"+n[2]+"/"+n[0],i=new Date(Date.parse(n))),a&&"Invalid Date"==a.toString()&&3==o.length&&(n=o[1]+"/"+o[2]+"/"+o[0],a=new Date(Date.parse(n))),{disable:e,format:elem.attr("data-format"),formatSubmit:"yyyy/mm/dd",hiddenName:!0,onOpen:function(){elem.blur(),elem.parents("body").hasClass("wp-admin")&&elem.siblings(".picker").find(".picker__button--close").addClass("button")},onClose:function(){elem.blur()}});null!==t&&(o.selectYears=t),null!==i&&(o.min=i),null!==a&&(o.max=a),elem.pickadate(o)}),jQuery(".um-timepicker:not(.picker__input)").each(function(){(elem=jQuery(this)).pickatime({format:elem.attr("data-format"),interval:parseInt(elem.attr("data-intervals")),formatSubmit:"HH:i",hiddenName:!0,onOpen:function(){elem.blur()},onClose:function(){elem.blur()}})})}},select:{isSelected:function(e,t){return e===t?' selected="selected"':""}},form:{vanillaSerialize:function(e){var t,i,e=document.querySelector("#"+e),a={};for([t,i]of new FormData(e))void 0!==a[t]?(Array.isArray(a[t])||(a[t]=[a[t]]),a[t].push(i)):a[t]=i;return a}}},jQuery(document).on("ajaxStart",function(){UM.common.tipsy.hide()}),jQuery(document).on("ajaxSuccess",function(){UM.common.tipsy.init()}),jQuery(document).ready(function(){UM.common.tipsy.init(),UM.common.datetimePicker.init()});
assets/js/um-profile.js
-8
View File
@@ -139,12 +139,4 @@ jQuery(document).ready(function() {
jQuery( '.um-profile-nav a' ).on( 'touchend', function(e) {
jQuery( e.currentTarget).trigger( "click" );
});
let textarea_iframe = jQuery('iframe.um-textarea-html-value');
textarea_iframe.each(function() {
let obj = jQuery(this);
obj.onload = function() {
UM.frontend.iframe.resize(obj[0]);
};
});
});
assets/js/um-profile.min.js
Vendored
+1 -1
View File
@@ -1 +1 @@
jQuery(document).ready(function(){jQuery(".um-profile.um-viewing .um-profile-body .um-row").each(function(){var e=jQuery(this);0==e.find(".um-field").length&&(e.prev(".um-row-heading").remove(),e.remove())}),jQuery(".um-profile.um-viewing .um-profile-body").length&&0==jQuery(".um-profile.um-viewing .um-profile-body").find(".um-field").length&&(jQuery(".um-profile.um-viewing .um-profile-body").find(".um-row-heading,.um-row").remove(),jQuery(".um-profile-note").show()),jQuery(document.body).on("click",".um-profile-save",function(e){return e.preventDefault(),jQuery(this).parents(".um.um-profile.um-editing").find("form").trigger("submit"),!1}),jQuery(document.body).on("click",".um-profile-edit-a",function(e){jQuery(this).addClass("active")}),jQuery(document.body).on("click",".um-cover a.um-cover-add, .um-photo a",function(e){e.preventDefault()}),jQuery(document.body).on("click",".um-photo-modal",function(e){e.preventDefault();e=jQuery(this).attr("data-src");return um_new_modal("um_view_photo","fit",!0,e),!1}),jQuery(document.body).on("click",".um-reset-profile-photo",function(e){return jQuery(".um-profile-photo-img img").attr("src",jQuery(this).attr("data-default_src")),user_id=jQuery(this).attr("data-user_id"),metakey="profile_photo",UM.dropdown.hideAll(),jQuery.ajax({url:wp.ajax.settings.url,type:"post",data:{action:"um_delete_profile_photo",metakey:metakey,user_id:user_id,nonce:um_scripts.nonce}}),jQuery(this).parents("li").hide(),!1}),jQuery(document.body).on("click",".um-reset-cover-photo",function(e){var t=jQuery(this);return jQuery(".um-cover-overlay").hide(),jQuery(".um-cover-e").html('<a href="javascript:void(0);" class="um-cover-add" style="height: 370px;"><span class="um-cover-add-i"><i class="um-icon-plus um-tip-n" title="Upload a cover photo"></i></span></a>'),um_responsive(),user_id=jQuery(this).attr("data-user_id"),metakey="cover_photo",jQuery.ajax({url:wp.ajax.settings.url,type:"post",data:{action:"um_delete_cover_photo",metakey:metakey,user_id:user_id,nonce:um_scripts.nonce},success:function(e){t.hide()}}),UM.dropdown.hideAll(),!1}),jQuery(document.body).on("change keyup","#um-meta-bio",function(){if(void 0!==jQuery(this).val()){var t=jQuery(this).data("character-limit"),r=jQuery(this).data("html");let e=t-jQuery(this).val().length;e=(e=1===parseInt(r)?t-jQuery(this).val().replace(/(<([^>]+)>)/gi,"").length:e)<0?0:e,jQuery("span.um-meta-bio-character span.um-bio-limit").text(e);r=e<5?"red":"";jQuery("span.um-meta-bio-character").css("color",r)}}),jQuery("#um-meta-bio").trigger("change"),jQuery(".um-profile form").each(function(){let t=jQuery(this).data("description_key");jQuery(this).find('textarea[name="'+t+'"]').length&&jQuery(document.body).on("change input",'textarea[name="'+t+'"]',function(e){jQuery(this).parents("form").find('textarea[name="'+t+'"]').each(function(){jQuery(this).val(e.currentTarget.value),jQuery("#um-meta-bio")[0]!==e.currentTarget&&jQuery("#um-meta-bio")[0]===jQuery(this)[0]&&jQuery(this).trigger("change")})})}),jQuery(".um-profile-edit a.um_delete-item").on("click",function(e){if(e.preventDefault(),!confirm(wp.i18n.__("Are you sure that you want to delete this user?","ultimate-member")))return!1}),jQuery(".um-profile-nav a").on("touchend",function(e){jQuery(e.currentTarget).trigger("click")}),jQuery("iframe.um-textarea-html-value").each(function(){let e=jQuery(this);e.onload=function(){UM.frontend.iframe.resize(e[0])}})});
jQuery(document).ready(function(){jQuery(".um-profile.um-viewing .um-profile-body .um-row").each(function(){var e=jQuery(this);0==e.find(".um-field").length&&(e.prev(".um-row-heading").remove(),e.remove())}),jQuery(".um-profile.um-viewing .um-profile-body").length&&0==jQuery(".um-profile.um-viewing .um-profile-body").find(".um-field").length&&(jQuery(".um-profile.um-viewing .um-profile-body").find(".um-row-heading,.um-row").remove(),jQuery(".um-profile-note").show()),jQuery(document.body).on("click",".um-profile-save",function(e){return e.preventDefault(),jQuery(this).parents(".um.um-profile.um-editing").find("form").trigger("submit"),!1}),jQuery(document.body).on("click",".um-profile-edit-a",function(e){jQuery(this).addClass("active")}),jQuery(document.body).on("click",".um-cover a.um-cover-add, .um-photo a",function(e){e.preventDefault()}),jQuery(document.body).on("click",".um-photo-modal",function(e){e.preventDefault();e=jQuery(this).attr("data-src");return um_new_modal("um_view_photo","fit",!0,e),!1}),jQuery(document.body).on("click",".um-reset-profile-photo",function(e){return jQuery(".um-profile-photo-img img").attr("src",jQuery(this).attr("data-default_src")),user_id=jQuery(this).attr("data-user_id"),metakey="profile_photo",UM.dropdown.hideAll(),jQuery.ajax({url:wp.ajax.settings.url,type:"post",data:{action:"um_delete_profile_photo",metakey:metakey,user_id:user_id,nonce:um_scripts.nonce}}),jQuery(this).parents("li").hide(),!1}),jQuery(document.body).on("click",".um-reset-cover-photo",function(e){var t=jQuery(this);return jQuery(".um-cover-overlay").hide(),jQuery(".um-cover-e").html('<a href="javascript:void(0);" class="um-cover-add" style="height: 370px;"><span class="um-cover-add-i"><i class="um-icon-plus um-tip-n" title="Upload a cover photo"></i></span></a>'),um_responsive(),user_id=jQuery(this).attr("data-user_id"),metakey="cover_photo",jQuery.ajax({url:wp.ajax.settings.url,type:"post",data:{action:"um_delete_cover_photo",metakey:metakey,user_id:user_id,nonce:um_scripts.nonce},success:function(e){t.hide()}}),UM.dropdown.hideAll(),!1}),jQuery(document.body).on("change keyup","#um-meta-bio",function(){if(void 0!==jQuery(this).val()){var t=jQuery(this).data("character-limit"),r=jQuery(this).data("html");let e=t-jQuery(this).val().length;e=(e=1===parseInt(r)?t-jQuery(this).val().replace(/(<([^>]+)>)/gi,"").length:e)<0?0:e,jQuery("span.um-meta-bio-character span.um-bio-limit").text(e);r=e<5?"red":"";jQuery("span.um-meta-bio-character").css("color",r)}}),jQuery("#um-meta-bio").trigger("change"),jQuery(".um-profile form").each(function(){let t=jQuery(this).data("description_key");jQuery(this).find('textarea[name="'+t+'"]').length&&jQuery(document.body).on("change input",'textarea[name="'+t+'"]',function(e){jQuery(this).parents("form").find('textarea[name="'+t+'"]').each(function(){jQuery(this).val(e.currentTarget.value),jQuery("#um-meta-bio")[0]!==e.currentTarget&&jQuery("#um-meta-bio")[0]===jQuery(this)[0]&&jQuery(this).trigger("change")})})}),jQuery(".um-profile-edit a.um_delete-item").on("click",function(e){if(e.preventDefault(),!confirm(wp.i18n.__("Are you sure that you want to delete this user?","ultimate-member")))return!1}),jQuery(".um-profile-nav a").on("touchend",function(e){jQuery(e.currentTarget).trigger("click")})});
changelog.txt
+20
View File
@@ -1,5 +1,25 @@
== Changelog ==
= 2.8.9 October 14, 2024 =
* Enhancements:
- Added: Using PHP tidy extension (if it's active) to make HTML textarea value clear
- Added: `um_tidy_config` filter hook for setting PHP tidy config
- Tweak: Avoid using force `set_status()` function.
- Tweak: Properly using `UM()->common()->users()->get_status( $user_id )` instead of `um_user( 'account_status' )`
- Tweak: Properly using `UM()->common()->users()->get_status( $user_id, 'formatted' )` instead of `um_user( 'account_status_name' )`
- Tweak: Properly using `um_user( 'status' )` for getting user role setting while registration
* Bugfixes:
- Fixed: UM tipsy removing inside .um-page selector (e.g. tipsy init from um-modal)
- Fixed: Rollback using `<iframe>` for displaying HTML formatted textarea value
- Fixed: Capability to edit user profile for Administrator when user doesn't have a capability to edit its profile
- Fixed: Sending email notifications based on user status after registration
* Cached and optimized/minified assets(JS/CSS) must be flushed/re-generated after upgrade
= 2.8.8 October 04, 2024 =
* Bugfixes:
composer.json
+1
View File
@@ -21,6 +21,7 @@
"ext-fileinfo": "*",
"ext-curl": "*",
"ext-iconv": "*",
"ext-tidy": "*",
"woocommerce/action-scheduler": "3.2.1"
},
"require-dev": {
includes/admin/class-admin.php
+7
View File
@@ -1532,6 +1532,13 @@ if ( ! class_exists( 'um\admin\Admin' ) ) {
$sanitized[ $k ] = absint( $v );
}
break;
case 'empty_absint':
if ( is_array( $v ) ) {
$sanitized[ $k ] = array_map( 'absint', $v );
} else {
$sanitized[ $k ] = ( '' !== $v ) ? absint( $v ) : '';
}
break;
case 'key':
if ( is_array( $v ) ) {
$sanitized[ $k ] = array_map( 'sanitize_key', $v );
includes/admin/class-secure.php
+2 -1
View File
@@ -150,6 +150,7 @@ if ( ! class_exists( 'um\admin\Secure' ) ) {
}
// Restore Account Status.
if ( isset( $metadata['account_status'] ) ) {
// Force update of the user status without email notifications.
UM()->common()->users()->set_status( $user_id, $metadata['account_status'] );
}
@@ -327,7 +328,7 @@ if ( ! class_exists( 'um\admin\Secure' ) ) {
if ( 'account_status' === $column_name ) {
um_fetch_user( $user_id );
$is_blocked = um_user( 'um_user_blocked' );
$account_status = um_user( 'account_status' );
$account_status = UM()->common()->users()->get_status( $user_id );
if ( ! empty( $is_blocked ) && in_array( $account_status, array( 'rejected', 'inactive' ), true ) ) {
$datetime = um_user( 'um_user_blocked__timestamp' );
$val .= '<div><small>' . esc_html__( 'Blocked Due to Suspicious Activity', 'ultimate-member' ) . '</small></div>';
includes/admin/core/class-admin-settings.php
+1 -1
View File
@@ -769,7 +769,7 @@ if ( ! class_exists( 'um\admin\core\Admin_Settings' ) ) {
'sanitize' => 'bool',
),
'activation_link_expiry_time' => array(
'sanitize' => 'absint',
'sanitize' => 'empty_absint',
),
'account_tab_password' => array(
'sanitize' => 'bool',
includes/admin/templates/role/register.php
+112 -104
View File
@@ -1,113 +1,121 @@
<?php if ( ! defined( 'ABSPATH' ) ) exit; ?>
<?php
/**
* @var array $object Role object
*/
if ( ! defined( 'ABSPATH' ) ) {
exit;
}
$role_data = $object['data'];
?>
<div class="um-admin-metabox">
<?php $role = $object['data'];
UM()->admin_forms( array(
'class' => 'um-role-register um-half-column',
'prefix_id' => 'role',
'fields' => array(
array(
'id' => '_um_status',
'type' => 'select',
'label' => __( 'Registration Status', 'ultimate-member' ),
'tooltip' => __( 'Select the status you would like this user role to have after they register on your site', 'ultimate-member' ),
'value' => ! empty( $role['_um_status'] ) ? __( $role['_um_status'] , 'ultimate-member' ) : array(),
'options' => array(
'approved' => __( 'Auto Approve', 'ultimate-member' ),
'checkmail' => __( 'Require Email Activation', 'ultimate-member' ),
'pending' => __( 'Require Admin Review', 'ultimate-member' )
<?php
UM()->admin_forms(
array(
'class' => 'um-role-register um-half-column',
'prefix_id' => 'role',
'fields' => array(
array(
'id' => '_um_status',
'type' => 'select',
'label' => __( 'Registration Status', 'ultimate-member' ),
'tooltip' => __( 'Select the status you would like this user role to have after they register on your site', 'ultimate-member' ),
'value' => ! empty( $role_data['_um_status'] ) ? $role_data['_um_status'] : array(),
'options' => array(
'approved' => __( 'Auto Approve', 'ultimate-member' ),
'checkmail' => __( 'Require Email Activation', 'ultimate-member' ),
'pending' => __( 'Require Admin Review', 'ultimate-member' ),
),
),
),
array(
'id' => '_um_auto_approve_act',
'type' => 'select',
'label' => __( 'Action to be taken after registration', 'ultimate-member' ),
'tooltip' => __( 'Select what action is taken after a person registers on your site. Depending on the status you can redirect them to their profile, a custom url or show a custom message', 'ultimate-member' ),
'value' => ! empty( $role['_um_auto_approve_act'] ) ? __( $role['_um_auto_approve_act'], 'ultimate-member' ) : array(),
'options' => array(
'redirect_profile' => __( 'Redirect to profile', 'ultimate-member' ),
'redirect_url' => __( 'Redirect to URL', 'ultimate-member' ),
array(
'id' => '_um_auto_approve_act',
'type' => 'select',
'label' => __( 'Action to be taken after registration', 'ultimate-member' ),
'tooltip' => __( 'Select what action is taken after a person registers on your site. Depending on the status you can redirect them to their profile, a custom url or show a custom message', 'ultimate-member' ),
'value' => ! empty( $role_data['_um_auto_approve_act'] ) ? $role_data['_um_auto_approve_act'] : array(),
'options' => array(
'redirect_profile' => __( 'Redirect to profile', 'ultimate-member' ),
'redirect_url' => __( 'Redirect to URL', 'ultimate-member' ),
),
'conditional' => array( '_um_status', '=', 'approved' ),
),
'conditional' => array( '_um_status', '=', 'approved' )
),
array(
'id' => '_um_auto_approve_url',
'type' => 'text',
'label' => __( 'Set Custom Redirect URL', 'ultimate-member' ),
'value' => ! empty( $role['_um_auto_approve_url'] ) ? __( $role['_um_auto_approve_url'], 'ultimate-member' ) : '',
'conditional' => array( '_um_auto_approve_act', '=', 'redirect_url' )
),
array(
'id' => '_um_login_email_activate',
'type' => 'checkbox',
'label' => __( 'Login user after validating the activation link?', 'ultimate-member' ),
'tooltip' => __( 'Login the user after validating the activation link', 'ultimate-member' ),
'value' => ! empty( $role['_um_login_email_activate'] ) ? __( $role['_um_login_email_activate'], 'ultimate-member' ) : 0,
'conditional' => array( '_um_status', '=', 'checkmail' )
),
array(
'id' => '_um_checkmail_action',
'type' => 'select',
'label' => __( 'Action to be taken after registration', 'ultimate-member' ),
'tooltip' => __( 'Select what action is taken after a person registers on your site. Depending on the status you can redirect them to their profile, a custom url or show a custom message', 'ultimate-member' ),
'value' => ! empty( $role['_um_checkmail_action'] ) ? __( $role['_um_checkmail_action'], 'ultimate-member' ) : array(),
'options' => array(
'show_message' => __( 'Show custom message', 'ultimate-member' ),
'redirect_url' => __( 'Redirect to URL', 'ultimate-member' ),
array(
'id' => '_um_auto_approve_url',
'type' => 'text',
'label' => __( 'Set Custom Redirect URL', 'ultimate-member' ),
'value' => ! empty( $role_data['_um_auto_approve_url'] ) ? $role_data['_um_auto_approve_url'] : '',
'conditional' => array( '_um_auto_approve_act', '=', 'redirect_url' ),
),
'conditional' => array( '_um_status', '=', 'checkmail' )
),
array(
'id' => '_um_checkmail_message',
'type' => 'textarea',
'label' => __( 'Personalize the custom message', 'ultimate-member' ),
'value' => ! empty( $role['_um_checkmail_message'] ) ? __( $role['_um_checkmail_message'], 'ultimate-member' ) : __('Thank you for registering. Before you can login we need you to activate your account by clicking the activation link in the email we just sent you.','ultimate-member'),
'conditional' => array( '_um_checkmail_action', '=', 'show_message' )
),
array(
'id' => '_um_checkmail_url',
'type' => 'text',
'label' => __( 'Set Custom Redirect URL', 'ultimate-member' ),
'value' => ! empty( $role['_um_checkmail_url'] ) ? __( $role['_um_checkmail_url'], 'ultimate-member' ) : '',
'conditional' => array( '_um_checkmail_action', '=', 'redirect_url' )
),
array(
'id' => '_um_url_email_activate',
'type' => 'text',
'label' => __( 'URL redirect after email activation', 'ultimate-member' ),
'tooltip' => __( 'If you want users to go to a specific page other than login page after email activation, enter the URL here.', 'ultimate-member' ),
'value' => ! empty( $role['_um_url_email_activate'] ) ? __( $role['_um_url_email_activate'], 'ultimate-member' ) : '',
'conditional' => array( '_um_status', '=', 'checkmail' ),
),
array(
'id' => '_um_pending_action',
'type' => 'select',
'label' => __( 'Action to be taken after registration', 'ultimate-member' ),
'tooltip' => __( 'Select what action is taken after a person registers on your site. Depending on the status you can redirect them to their profile, a custom url or show a custom message', 'ultimate-member' ),
'value' => ! empty( $role['_um_pending_action'] ) ? __( $role['_um_pending_action'], 'ultimate-member' ) : array(),
'options' => array(
'show_message' => __( 'Show custom message', 'ultimate-member' ),
'redirect_url' => __( 'Redirect to URL', 'ultimate-member' ),
array(
'id' => '_um_checkmail_action',
'type' => 'select',
'label' => __( 'Action to be taken after registration', 'ultimate-member' ),
'tooltip' => __( 'Select what action is taken after a person registers on your site. Depending on the status you can redirect them to their profile, a custom url or show a custom message', 'ultimate-member' ),
'value' => ! empty( $role_data['_um_checkmail_action'] ) ? $role_data['_um_checkmail_action'] : array(),
'options' => array(
'show_message' => __( 'Show custom message', 'ultimate-member' ),
'redirect_url' => __( 'Redirect to URL', 'ultimate-member' ),
),
'conditional' => array( '_um_status', '=', 'checkmail' ),
),
array(
'id' => '_um_checkmail_message',
'type' => 'textarea',
'label' => __( 'Personalize the custom message', 'ultimate-member' ),
'value' => ! empty( $role_data['_um_checkmail_message'] ) ? $role_data['_um_checkmail_message'] : __( 'Thank you for registering. Before you can login we need you to activate your account by clicking the activation link in the email we just sent you.', 'ultimate-member' ),
'conditional' => array( '_um_checkmail_action', '=', 'show_message' ),
),
array(
'id' => '_um_checkmail_url',
'type' => 'text',
'label' => __( 'Set Custom Redirect URL', 'ultimate-member' ),
'value' => ! empty( $role_data['_um_checkmail_url'] ) ? $role_data['_um_checkmail_url'] : '',
'conditional' => array( '_um_checkmail_action', '=', 'redirect_url' ),
),
array(
'id' => '_um_login_email_activate',
'type' => 'checkbox',
'label' => __( 'Login user after validating the activation link?', 'ultimate-member' ),
'tooltip' => __( 'Login the user after validating the activation link', 'ultimate-member' ),
'value' => ! empty( $role_data['_um_login_email_activate'] ) ? $role_data['_um_login_email_activate'] : 0,
'conditional' => array( '_um_status', '=', 'checkmail' ),
),
array(
'id' => '_um_url_email_activate',
'type' => 'text',
'label' => __( 'URL redirect after email activation', 'ultimate-member' ),
'tooltip' => __( 'If you want users to go to a specific page other than login page after email activation, enter the URL here.', 'ultimate-member' ),
'value' => ! empty( $role_data['_um_url_email_activate'] ) ? $role_data['_um_url_email_activate'] : '',
'conditional' => array( '_um_status', '=', 'checkmail' ),
),
array(
'id' => '_um_pending_action',
'type' => 'select',
'label' => __( 'Action to be taken after registration', 'ultimate-member' ),
'tooltip' => __( 'Select what action is taken after a person registers on your site. Depending on the status you can redirect them to their profile, a custom url or show a custom message', 'ultimate-member' ),
'value' => ! empty( $role_data['_um_pending_action'] ) ? $role_data['_um_pending_action'] : array(),
'options' => array(
'show_message' => __( 'Show custom message', 'ultimate-member' ),
'redirect_url' => __( 'Redirect to URL', 'ultimate-member' ),
),
'conditional' => array( '_um_status', '=', 'pending' ),
),
array(
'id' => '_um_pending_message',
'type' => 'textarea',
'label' => __( 'Personalize the custom message', 'ultimate-member' ),
'value' => ! empty( $role_data['_um_pending_message'] ) ? $role_data['_um_pending_message'] : __( 'Thank you for applying for membership to our site. We will review your details and send you an email letting you know whether your application has been successful or not.', 'ultimate-member' ),
'conditional' => array( '_um_pending_action', '=', 'show_message' ),
),
array(
'id' => '_um_pending_url',
'type' => 'text',
'label' => __( 'Set Custom Redirect URL', 'ultimate-member' ),
'conditional' => array( '_um_pending_action', '=', 'redirect_url' ),
'value' => ! empty( $role_data['_um_pending_url'] ) ? $role_data['_um_pending_url'] : '',
),
'conditional' => array( '_um_status', '=', 'pending' )
),
array(
'id' => '_um_pending_message',
'type' => 'textarea',
'label' => __( 'Personalize the custom message', 'ultimate-member' ),
'value' => ! empty( $role['_um_pending_message'] ) ? __( $role['_um_pending_message'], 'ultimate-member' ) : __('Thank you for applying for membership to our site. We will review your details and send you an email letting you know whether your application has been successful or not.','ultimate-member'),
'conditional' => array( '_um_pending_action', '=', 'show_message' )
),
array(
'id' => '_um_pending_url',
'type' => 'text',
'label' => __( 'Set Custom Redirect URL', 'ultimate-member' ),
'conditional' => array( '_um_pending_action', '=', 'redirect_url' ),
'value' => ! empty( $role['_um_pending_url'] ) ? __( $role['_um_pending_url'], 'ultimate-member' ) : '',
),
)
) )->render_form(); ?>
)->render_form();
?>
</div>
includes/common/class-secure.php
+4 -2
View File
@@ -106,7 +106,7 @@ if ( ! class_exists( 'um\common\Secure' ) ) {
$banned_profile_links = '';
foreach ( $user_ids as $uid ) {
um_fetch_user( $uid );
$banned_profile_links .= UM()->user()->get_profile_link( $uid ) . ' ' . um_user( 'account_status' ) . '<br />';
$banned_profile_links .= UM()->user()->get_profile_link( $uid ) . ' ' . UM()->common()->users()->get_status( $uid ) . '<br />';
}
um_reset_user();
@@ -221,18 +221,20 @@ if ( ! class_exists( 'um\common\Secure' ) ) {
'submitted' => ! empty( UM()->form()->post_form ) ? UM()->form()->post_form : '',
'roles' => $user->roles,
'user_agent' => $user_agent,
'account_status' => um_user( 'status' ),
'account_status' => UM()->common()->users()->get_status( $user->ID ),
);
update_user_meta( $user->ID, 'um_user_blocked__metadata', $captured );
$user->remove_all_caps();
$user->update_user_level_from_caps();
// Force update of the user status without email notifications.
if ( is_user_logged_in() ) {
UM()->common()->users()->set_status( $user->ID, 'inactive' );
} else {
UM()->common()->users()->set_status( $user->ID, 'rejected' );
}
um_reset_user();
update_user_meta( $user->ID, 'um_user_blocked', 'suspicious_activity' );
update_user_meta( $user->ID, 'um_user_blocked__timestamp', current_time( 'mysql', true ) );
includes/common/class-users.php
+2
View File
@@ -279,6 +279,8 @@ class Users {
* @param {int} $expiration Expiration timestamp. Since 2.8.7.
*/
do_action( 'um_after_user_hash_is_changed', $user_id, $hash, $expiration );
$this->remove_cache( $user_id ); // Don't remove this line. It's required removing cache duplicate for the force case when re-send activation email.
}
/**
includes/core/class-form.php
+68 -4
View File
@@ -682,6 +682,7 @@ if ( ! class_exists( 'um\core\Form' ) ) {
/* Continue based on form mode - store data. */
/**
* Fires for make main actions on UM login, registration or profile form submission.
* Where $mode equals login, registration or profile
*
* Internal Ultimate Member callbacks (Priority -> Callback name -> Excerpt):
* ### um_submit_form_login:
@@ -696,16 +697,16 @@ if ( ! class_exists( 'um\core\Form' ) ) {
* * 10 - `um_submit_form_profile()` Profile form main handler.
*
* @since 1.3.x
* @hook um_submit_form_errors_hook
* @hook um_submit_form_{$mode}
*
* @param {array} $post $_POST Submission array.
* @param {array} $form_data UM form data. Since 2.6.7
*
* @example <caption>Make any custom action.</caption>
* function my_custom_before_submit_form_post( $post, $form_data ) {
* @example <caption>Make any custom action on profile submission.</caption>
* function my_custom_submit_form_profile( $post, $form_data ) {
* // your code here
* }
* add_action( 'um_submit_form_errors_hook', 'my_custom_submit_form_errors_hook', 10, 2 );
* add_action( 'um_submit_form_profile', 'my_custom_submit_form_profile', 10, 2 );
*/
do_action( "um_submit_form_{$this->form_data['mode']}", $this->post_form, $this->form_data );
}
@@ -735,6 +736,59 @@ if ( ! class_exists( 'um\core\Form' ) ) {
return $form;
}
/**
* Use PHP tidy extension if it's active for getting clean HTML without unclosed tags.
*
* @param string $html_fragment Textarea with active HTML option field value.
* @param array $field_data Ultimate Member form field data.
*
* @return string|\tidy
*/
private static function maybe_apply_tidy( $html_fragment, $field_data ) {
// Break if extension isn't active in php.ini
if ( ! function_exists( 'tidy_parse_string' ) ) {
return $html_fragment;
}
$tidy_config = array(
'clean' => true,
'output-xhtml' => true,
'show-body-only' => true,
'wrap' => 0,
);
/**
* Filters PHP tidy extension config.
* Get more info here https://www.php.net/manual/en/tidy.parsestring.php
*
* @param {array} $tidy_config Config.
* @param {array} $field_data UM Form Field Data.
*
* @return {array} Config.
*
* @since 2.8.9
* @hook um_tidy_config
*
* @example <caption>Customize tidy config based on field data.</caption>
* function my_um_tidy_config( $tidy_config, $field_data ) {
* // your code here
* if ( 'custom_metakey' === $field_data['metakey'] ) {
* $tidy_config['clean'] = false;
* }
* return $tidy_config;
* }
* add_filter( 'um_tidy_config', 'my_um_tidy_config', 10, 2 );
*/
$tidy_config = apply_filters( 'um_tidy_config', $tidy_config, $field_data );
// since PHP8.0 $tidy_config, 'UTF8' variables are nullable https://www.php.net/manual/en/tidy.parsestring.php
$tidy = tidy_parse_string( $html_fragment, $tidy_config, 'UTF8' );
$result = $tidy->cleanRepair();
if ( $result ) {
return $tidy;
}
return $html_fragment;
}
/**
* Beautify form data
@@ -769,6 +823,8 @@ if ( ! class_exists( 'um\core\Form' ) ) {
$form[ $k ] = $match[1];
}
$form[ $k ] = self::maybe_apply_tidy( $form[ $k ], $field );
$allowed_html = UM()->get_allowed_html( 'templates' );
if ( empty( $allowed_html['iframe'] ) ) {
$allowed_html['iframe'] = array(
@@ -906,6 +962,14 @@ if ( ! class_exists( 'um\core\Form' ) ) {
if ( array_key_exists( $description_key, $custom_fields ) ) {
$field_exists = true;
if ( ! empty( $custom_fields[ $description_key ]['html'] ) && $bio_html ) {
$form[ $description_key ] = html_entity_decode( $form[ $description_key ] ); // required because WP_Editor send sometimes encoded content.
preg_match( '/^<p>(.*?)<\/p>$/', $form[ $description_key ], $match ); // required because WP_Editor send content wrapped to <p></p>
if ( ! empty( $match[1] ) ) {
$form[ $description_key ] = $match[1];
}
$form[ $description_key ] = self::maybe_apply_tidy( $form[ $description_key ], $custom_fields[ $description_key ] );
$allowed_html = UM()->get_allowed_html( 'templates' );
if ( empty( $allowed_html['iframe'] ) ) {
$allowed_html['iframe'] = array(
includes/core/class-member-directory.php
+2 -2
View File
@@ -2680,8 +2680,8 @@ if ( ! class_exists( 'um\core\Member_Directory' ) ) {
'card_anchor' => esc_html( substr( md5( $user_id ), 10, 5 ) ),
'id' => absint( $user_id ),
'role' => esc_html( um_user( 'role' ) ),
'account_status' => esc_html( um_user( 'account_status' ) ),
'account_status_name' => esc_html( um_user( 'account_status_name' ) ),
'account_status' => esc_html( UM()->common()->users()->get_status( $user_id ) ),
'account_status_name' => esc_html( UM()->common()->users()->get_status( $user_id, 'formatted' ) ),
'cover_photo' => wp_kses( um_user( 'cover_photo', $this->cover_size ), UM()->get_allowed_html( 'templates' ) ),
'display_name' => esc_html( um_user( 'display_name' ) ),
'profile_url' => esc_url( um_user_profile_url() ),
includes/core/class-permalinks.php
+11 -11
View File
@@ -113,16 +113,24 @@ if ( ! class_exists( 'um\core\Permalinks' ) ) {
isset( $_REQUEST['user_id'] ) && is_numeric( $_REQUEST['user_id'] ) ) { // valid token
$user_id = absint( $_REQUEST['user_id'] );
if ( is_user_logged_in() && get_current_user_id() !== $user_id ) {
// Cannot activate another user account. Please log out and try again.
wp_safe_redirect( um_user_profile_url( get_current_user_id() ) );
exit;
}
delete_option( "um_cache_userdata_{$user_id}" );
$account_secret_hash = get_user_meta( $user_id, 'account_secret_hash', true );
if ( empty( $account_secret_hash ) || strtolower( sanitize_text_field( $_REQUEST['hash'] ) ) !== strtolower( $account_secret_hash ) ) {
wp_die( esc_html__( 'This activation link is expired or have already been used.', 'ultimate-member' ) );
wp_safe_redirect( add_query_arg( 'err', 'activation_link_used', um_get_core_page( 'login' ) ) );
exit;
}
$account_secret_hash_expiry = get_user_meta( $user_id, 'account_secret_hash_expiry', true );
if ( ! empty( $account_secret_hash_expiry ) && time() > $account_secret_hash_expiry ) {
wp_die( esc_html__( 'This activation link is expired.', 'ultimate-member' ) );
wp_safe_redirect( add_query_arg( 'err', 'activation_link_expired', um_get_core_page( 'login' ) ) );
exit;
}
$redirect = um_get_core_page( 'login', 'account_active' );
@@ -141,15 +149,7 @@ if ( ! class_exists( 'um\core\Permalinks' ) ) {
// log in automatically
$login = ! empty( $user_role_data['login_email_activate'] ); // Role setting "Login user after validating the activation link?"
if ( ! is_user_logged_in() && $login ) {
$user = get_userdata( $user_id );
// update wp user
wp_set_current_user( $user_id, $user->user_login );
wp_set_auth_cookie( $user_id );
ob_start();
do_action( 'wp_login', $user->user_login, $user );
ob_end_clean();
UM()->user()->auto_login( $user_id );
}
/**
includes/core/class-user.php
+12 -43
View File
@@ -432,7 +432,7 @@ if ( ! class_exists( 'um\core\User' ) ) {
}
$metakeys = array( 'account_status', 'hide_in_members', 'synced_gravatar_hashed_id', 'synced_profile_photo', 'profile_photo', 'cover_photo', '_um_verified' );
if ( ! in_array( $meta_key, $metakeys ) ) {
if ( ! in_array( $meta_key, $metakeys, true ) ) {
return;
}
@@ -506,7 +506,7 @@ if ( ! class_exists( 'um\core\User' ) ) {
function on_update_usermeta( $meta_id, $object_id, $meta_key, $_meta_value ) {
$metakeys = array( 'account_status', 'hide_in_members', 'synced_gravatar_hashed_id', 'synced_profile_photo', 'profile_photo', 'cover_photo', '_um_verified' );
if ( ! in_array( $meta_key, $metakeys ) ) {
if ( ! in_array( $meta_key, $metakeys, true ) ) {
return;
}
@@ -642,28 +642,22 @@ if ( ! class_exists( 'um\core\User' ) ) {
delete_transient( 'um_count_users_pending_dot' );
}
/**
*
*/
function check_membership() {
public function check_membership() {
if ( ! is_user_logged_in() ) {
return;
}
um_fetch_user( get_current_user_id() );
$status = um_user( 'account_status' );
if ( 'rejected' == $status ) {
if ( UM()->common()->users()->has_status( get_current_user_id(), 'rejected' ) ) {
wp_logout();
session_unset();
exit( wp_redirect( um_get_core_page( 'login' ) ) );
um_safe_redirect( um_get_core_page( 'login' ) );
exit;
}
um_reset_user();
}
/**
* Multisite add existing user
*
@@ -1295,29 +1289,11 @@ if ( ! class_exists( 'um\core\User' ) ) {
$this->usermeta['account_status'][0] = 'approved';
}
if ( $this->usermeta['account_status'][0] == 'approved' ) {
$this->usermeta['account_status_name'][0] = __( 'Approved', 'ultimate-member' );
}
if ( $this->usermeta['account_status'][0] == 'awaiting_email_confirmation' ) {
$this->usermeta['account_status_name'][0] = __( 'Awaiting Email Confirmation', 'ultimate-member' );
}
if ( $this->usermeta['account_status'][0] == 'awaiting_admin_review' ) {
$this->usermeta['account_status_name'][0] = __( 'Pending Review', 'ultimate-member' );
}
if ( $this->usermeta['account_status'][0] == 'rejected' ) {
$this->usermeta['account_status_name'][0] = __( 'Membership Rejected', 'ultimate-member' );
}
if ( $this->usermeta['account_status'][0] == 'inactive' ) {
$this->usermeta['account_status_name'][0] = __( 'Membership Inactive', 'ultimate-member' );
}
$this->usermeta['account_status_name'][0] = UM()->common()->users()->get_status( $this->id, 'formatted' );
// add user meta
foreach ( $this->usermeta as $k => $v ) {
if ( $k == 'display_name' ) {
if ( 'display_name' === $k ) {
continue;
}
$this->profile[ $k ] = $v[0];
@@ -1386,7 +1362,7 @@ if ( ! class_exists( 'um\core\User' ) ) {
<?php UM()->user()->auto_login( 10, true ); ?>
*
*/
function auto_login( $user_id, $rememberme = 0 ) {
public function auto_login( $user_id, $rememberme = 0 ) {
wp_set_current_user( $user_id );
@@ -1619,36 +1595,29 @@ if ( ! class_exists( 'um\core\User' ) ) {
*
* @param bool $send_mail
*/
function delete( $send_mail = true ) {
public function delete( $send_mail = true ) {
$this->send_mail_on_delete = $send_mail;
//don't send email notification to not approved user
if ( 'approved' != um_user( 'account_status' ) ) {
// Don't send email notification to not approved user
if ( ! UM()->common()->users()->has_status( $this->id, 'approved' ) ) {
$this->send_mail_on_delete = false;
}
// remove user
if ( is_multisite() ) {
if ( ! function_exists( 'wpmu_delete_user' ) ) {
require_once ABSPATH . 'wp-admin/includes/ms.php';
}
wpmu_delete_user( $this->id );
} else {
if ( ! function_exists( 'wp_delete_user' ) ) {
require_once ABSPATH . 'wp-admin/includes/user.php';
}
wp_delete_user( $this->id );
}
}
/**
* This method gets a user role in slug format. e.g. member
*
includes/core/rest/class-api-v1.php
+4 -3
View File
@@ -174,7 +174,7 @@ if ( ! class_exists( 'um\core\rest\API_v1' ) ) {
$val->roles = $user->roles;
$val->first_name = um_user( 'first_name' );
$val->last_name = um_user( 'last_name' );
$val->account_status = um_user( 'account_status' );
$val->account_status = UM()->common()->users()->get_status( $user->ID );
$val->profile_pic_original = um_get_user_avatar_url( '', 'original' );
$val->profile_pic_normal = um_get_user_avatar_url( '', 200 );
$val->profile_pic_small = um_get_user_avatar_url( '', 40 );
@@ -239,6 +239,7 @@ if ( ! class_exists( 'um\core\rest\API_v1' ) ) {
switch ( $data ) {
case 'status':
// Force update of the user status without email notifications.
UM()->common()->users()->set_status( $id, $value );
$response['success'] = __( 'User status has been changed.', 'ultimate-member' );
break;
@@ -361,7 +362,7 @@ if ( ! class_exists( 'um\core\rest\API_v1' ) ) {
$response['profile_pic_small'] = um_get_user_avatar_url( '', 40 );
break;
case 'status':
$response['status'] = um_user( 'account_status' );
$response['status'] = UM()->common()->users()->get_status( $user->ID );
break;
case 'role':
//get priority role here
@@ -382,7 +383,7 @@ if ( ! class_exists( 'um\core\rest\API_v1' ) ) {
$val->roles = $user->roles;
$val->first_name = um_user( 'first_name' );
$val->last_name = um_user( 'last_name' );
$val->account_status = um_user( 'account_status' );
$val->account_status = UM()->common()->users()->get_status( $user->ID );
$val->profile_pic_original = um_get_user_avatar_url( '', 'original' );
$val->profile_pic_normal = um_get_user_avatar_url( '', 200 );
$val->profile_pic_small = um_get_user_avatar_url( '', 40 );
includes/core/rest/class-api-v2.php
+4 -3
View File
@@ -173,7 +173,7 @@ if ( ! class_exists( 'um\core\rest\API_v2' ) ) {
$val->roles = $user->roles;
$val->first_name = um_user( 'first_name' );
$val->last_name = um_user( 'last_name' );
$val->account_status = um_user( 'account_status' );
$val->account_status = UM()->common()->users()->get_status( $user->ID );
$val->profile_pic_original = um_get_user_avatar_url( '', 'original' );
$val->profile_pic_normal = um_get_user_avatar_url( '', 200 );
$val->profile_pic_small = um_get_user_avatar_url( '', 40 );
@@ -221,6 +221,7 @@ if ( ! class_exists( 'um\core\rest\API_v2' ) ) {
switch ( $data ) {
case 'status':
// Force update of the user status without email notifications.
UM()->common()->users()->set_status( $id, $value );
$response['success'] = __( 'User status has been changed.', 'ultimate-member' );
break;
@@ -325,7 +326,7 @@ if ( ! class_exists( 'um\core\rest\API_v2' ) ) {
$response['profile_pic_small'] = um_get_user_avatar_url( '', 40 );
break;
case 'status':
$response['status'] = um_user( 'account_status' );
$response['status'] = UM()->common()->users()->get_status( $user->ID );
break;
case 'role':
//get priority role here
@@ -346,7 +347,7 @@ if ( ! class_exists( 'um\core\rest\API_v2' ) ) {
$val->roles = $user->roles;
$val->first_name = um_user( 'first_name' );
$val->last_name = um_user( 'last_name' );
$val->account_status = um_user( 'account_status' );
$val->account_status = UM()->common()->users()->get_status( $user->ID );
$val->profile_pic_original = um_get_user_avatar_url( '', 'original' );
$val->profile_pic_normal = um_get_user_avatar_url( '', 200 );
$val->profile_pic_small = um_get_user_avatar_url( '', 40 );
includes/core/um-actions-access.php
+7 -12
View File
@@ -1,5 +1,7 @@
<?php if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
<?php
if ( ! defined( 'ABSPATH' ) ) {
exit;
}
/**
* Profile Access
@@ -7,18 +9,11 @@
* @param int $user_id
*/
function um_access_profile( $user_id ) {
if ( ! um_is_myprofile() && um_is_core_page( 'user' ) && ! current_user_can( 'edit_users' ) ) {
um_fetch_user( $user_id );
$account_status = um_user( 'account_status' );
if ( ! in_array( $account_status, array( 'approved' ) ) ) {
$account_status = UM()->common()->users()->get_status( $user_id );
if ( 'approved' !== $account_status ) {
um_redirect_home();
}
um_reset_user();
}
}
add_action( 'um_access_profile', 'um_access_profile' );
add_action( 'um_access_profile', 'um_access_profile' );
includes/core/um-actions-login.php
+12 -5
View File
@@ -129,17 +129,15 @@ function um_submit_form_errors_hook_logincheck( $submitted_data, $form_data ) {
wp_logout();
}
$user_id = ( isset( UM()->login()->auth_id ) ) ? UM()->login()->auth_id : '';
um_fetch_user( $user_id );
$user_id = isset( UM()->login()->auth_id ) ? UM()->login()->auth_id : '';
$status = um_user( 'account_status' ); // account status
$status = UM()->common()->users()->get_status( $user_id ); // account status
switch ( $status ) {
// If user can't log in to site...
case 'inactive':
case 'awaiting_admin_review':
case 'awaiting_email_confirmation':
case 'rejected':
um_reset_user();
// Not `um_safe_redirect()` because UM()->permalinks()->get_current_url() is situated on the same host.
wp_safe_redirect( add_query_arg( 'err', esc_attr( $status ), UM()->permalinks()->get_current_url() ) );
exit;
@@ -150,7 +148,6 @@ function um_submit_form_errors_hook_logincheck( $submitted_data, $form_data ) {
wp_safe_redirect( um_get_core_page( 'login' ) );
exit;
}
}
add_action( 'um_submit_form_errors_hook_logincheck', 'um_submit_form_errors_hook_logincheck', 9999, 2 );
@@ -194,6 +191,16 @@ function um_user_login( $submitted_data ) {
// phpcs:disable WordPress.Security.NonceVerification -- already verified here
$rememberme = ( isset( $_REQUEST['rememberme'], $submitted_data['rememberme'] ) && 1 === (int) $submitted_data['rememberme'] ) ? 1 : 0;
$user_id = isset( UM()->login()->auth_id ) ? UM()->login()->auth_id : '';
if ( empty( $user_id ) ) {
// refresh page if the user_id is empty
// Not `um_safe_redirect()` because UM()->permalinks()->get_current_url() is situated on the same host.
wp_safe_redirect( UM()->permalinks()->get_current_url() );
exit;
}
um_fetch_user( $user_id );
// @todo check using the 'deny_admin_frontend_login' option
if ( false !== strrpos( um_user( 'wp_roles' ), 'administrator' ) && ( ! isset( $_GET['provider'] ) && UM()->options()->get( 'deny_admin_frontend_login' ) ) ) {
wp_die( esc_html__( 'This action has been prevented for security measures.', 'ultimate-member' ) );
includes/core/um-actions-misc.php
+6
View File
@@ -176,6 +176,12 @@ function um_add_update_notice( $args ) {
case 'invalid_nonce':
$err = __( 'An error has been encountered. Probably page was cached. Please try again.', 'ultimate-member' );
break;
case 'activation_link_used':
$err = __( 'This activation link is expired or have already been used.', 'ultimate-member' );
break;
case 'activation_link_expired':
$err = __( 'This activation link is expired.', 'ultimate-member' );
break;
}
}
// phpcs:enable WordPress.Security.NonceVerification -- used for echo and already verified here.
includes/core/um-actions-profile.php
+2 -2
View File
@@ -1318,11 +1318,11 @@ function um_profile_header( $args ) {
}
?>
<div class="um-profile-status <?php echo esc_attr( um_user( 'account_status' ) ); ?>">
<div class="um-profile-status <?php echo esc_attr( UM()->common()->users()->get_status( um_user( 'ID' ) ) ); ?>">
<span>
<?php
// translators: %s: profile status.
echo esc_html( sprintf( __( 'This user account status is %s', 'ultimate-member' ), um_user( 'account_status_name' ) ) );
echo esc_html( sprintf( __( 'This user account status is %s', 'ultimate-member' ), UM()->common()->users()->get_status( um_user( 'ID' ), 'formatted' ) ) );
?>
</span>
</div>
includes/core/um-actions-register.php
+11 -19
View File
@@ -58,15 +58,6 @@ function um_after_insert_user( $user_id, $args, $form_data = null ) {
UM()->user()->set_registration_details( $args['submitted'], $args, $form_data );
}
// Set user status.
$status = um_user( 'status' );
if ( empty( $status ) ) {
um_fetch_user( $user_id );
$status = um_user( 'status' );
}
UM()->common()->users()->set_status( $user_id, $status );
// Create user uploads directory.
UM()->uploader()->get_upload_user_base_dir( $user_id, true );
@@ -123,11 +114,12 @@ add_action( 'um_user_register', 'um_after_insert_user', 1, 3 );
*/
function um_send_registration_notification( $user_id ) {
um_fetch_user( $user_id );
$registration_status = um_user( 'status' );
$emails = um_multi_admin_email();
if ( ! empty( $emails ) ) {
foreach ( $emails as $email ) {
if ( 'pending' !== um_user( 'account_status' ) ) {
if ( 'pending' !== $registration_status ) {
UM()->mail()->send( $email, 'notification_new_user', array( 'admin' => true ) );
} else {
UM()->mail()->send( $email, 'notification_review', array( 'admin' => true ) );
@@ -145,7 +137,7 @@ add_action( 'um_registration_complete', 'um_send_registration_notification' );
* @param null|array $form_data
*/
function um_check_user_status( $user_id, $args, $form_data = null ) {
$status = um_user( 'account_status' );
$registration_status = um_user( 'status' );
/**
* Fires after complete UM user registration.
* Where $status can be equal to 'approved', 'checkmail' or 'pending'.
@@ -175,7 +167,7 @@ function um_check_user_status( $user_id, $args, $form_data = null ) {
* }
* add_action( 'um_post_registration_pending_hook', 'my_um_post_registration', 10, 3 );
*/
do_action( "um_post_registration_{$status}_hook", $user_id, $args, $form_data );
do_action( "um_post_registration_{$registration_status}_hook", $user_id, $args, $form_data );
if ( is_null( $form_data ) || is_admin() ) {
return;
@@ -210,9 +202,9 @@ function um_check_user_status( $user_id, $args, $form_data = null ) {
* }
* add_action( 'track_pending_user_registration', 'my_um_post_registration', 10, 3 );
*/
do_action( "track_{$status}_user_registration", $user_id, $args, $form_data );
do_action( "track_{$registration_status}_user_registration", $user_id, $args, $form_data );
if ( 'approved' === $status ) {
if ( 'approved' === $registration_status ) {
// Check if user is logged in because there can be the customized way when through 'um_registration_for_loggedin_users' hook the registration is enabled for the logged-in users (e.g. Administrator).
if ( ! is_user_logged_in() ) {
// Custom way if 'um_registration_for_loggedin_users' hook after custom callbacks returns true. Then don't make auto-login because user is already logged-in.
@@ -255,7 +247,7 @@ function um_check_user_status( $user_id, $args, $form_data = null ) {
} else {
um_fetch_user( $user_id ); // required because there can be empty um_user.
if ( 'redirect_url' === um_user( $status . '_action' ) && '' !== um_user( $status . '_url' ) ) {
if ( 'redirect_url' === um_user( $registration_status . '_action' ) && '' !== um_user( $registration_status . '_url' ) ) {
/**
* Filters the redirect URL for pending user after registration.
*
@@ -275,13 +267,13 @@ function um_check_user_status( $user_id, $args, $form_data = null ) {
* }
* add_filter( 'um_registration_pending_user_redirect', 'my_registration_pending_user_redirect', 10, 3 );
*/
$redirect_url = apply_filters( 'um_registration_pending_user_redirect', um_user( $status . '_url' ), $status, um_user( 'ID' ) );
$redirect_url = apply_filters( 'um_registration_pending_user_redirect', um_user( $registration_status . '_url' ), $registration_status, $user_id );
um_safe_redirect( $redirect_url );
}
if ( 'show_message' === um_user( $status . '_action' ) && '' !== um_user( $status . '_message' ) ) {
if ( 'show_message' === um_user( $registration_status . '_action' ) && '' !== um_user( $registration_status . '_message' ) ) {
$url = UM()->permalinks()->get_current_url();
$url = add_query_arg( 'message', esc_attr( $status ), $url );
$url = add_query_arg( 'message', esc_attr( $registration_status ), $url );
// Add only priority role to URL.
$url = add_query_arg( 'um_role', esc_attr( um_user( 'role' ) ), $url );
$url = add_query_arg( 'um_form_id', esc_attr( $form_data['form_id'] ), $url );
@@ -305,7 +297,7 @@ function um_check_user_status( $user_id, $args, $form_data = null ) {
* }
* add_filter( 'um_registration_show_message_redirect_url', 'my_um_registration_show_message_redirect_url', 10, 4 );
*/
$url = apply_filters( 'um_registration_show_message_redirect_url', $url, $status, um_user( 'ID' ), $form_data );
$url = apply_filters( 'um_registration_show_message_redirect_url', $url, $registration_status, $user_id, $form_data );
// Not `um_safe_redirect()` because UM()->permalinks()->get_current_url() is situated on the same host.
wp_safe_redirect( $url );
exit;
includes/core/um-filters-fields.php
+1 -1
View File
@@ -261,7 +261,7 @@ function um_profile_field_filter_hook__textarea( $value, $data ) {
}
if ( ! empty( $data['html'] ) ) {
return '<iframe class="um-textarea-html-value" onload="UM.frontend.iframe.resize(this);" title="' . esc_attr( $data['label'] ) . '" srcdoc="' . wp_kses_post( esc_attr( $value ) ) . '"></iframe>';
return wp_kses_post( $value );
}
$description_key = UM()->profile()->get_show_bio_key( UM()->fields()->global_args );
includes/core/um-filters-login.php
+1 -2
View File
@@ -66,8 +66,7 @@ function um_wp_form_errors_hook_logincheck( $user ) {
}
if ( isset( $user->ID ) ) {
um_fetch_user( $user->ID );
$status = um_user( 'account_status' );
$status = UM()->common()->users()->get_status( $user->ID );
$error = null;
switch ( $status ) {
includes/frontend/class-secure.php
+6 -1
View File
@@ -142,7 +142,12 @@ if ( ! class_exists( 'um\frontend\Secure' ) ) {
*/
public function login_validate_expired_pass() {
if ( UM()->options()->get( 'display_login_form_notice' ) ) {
$expired_password_reset = get_user_meta( um_user( 'ID' ), 'um_secure_has_reset_password', true );
$user_id = isset( UM()->login()->auth_id ) ? UM()->login()->auth_id : '';
if ( empty( $user_id ) ) {
return;
}
$expired_password_reset = get_user_meta( $user_id, 'um_secure_has_reset_password', true );
if ( ! $expired_password_reset ) {
$login_url = add_query_arg( 'notice', 'expired_password', um_get_core_page( 'login' ) );
// Not `um_safe_redirect()` because predefined login page is situated on the same host.
includes/frontend/class-user-profile.php
+1 -1
View File
@@ -60,7 +60,7 @@ if ( ! class_exists( 'um\frontend\User_Profile' ) ) {
exit;
}
if ( ! um_can_edit_my_profile() ) {
if ( um_is_myprofile() && ! um_can_edit_my_profile() ) {
um_safe_redirect( um_edit_my_profile_cancel_uri() );
exit;
}
readme.txt
+21 -1
View File
@@ -6,7 +6,7 @@ Tags: community, member, membership, user-profile, user-registration
Requires PHP: 5.6
Requires at least: 5.5
Tested up to: 6.6
Stable tag: 2.8.8
Stable tag: 2.8.9
License: GPLv3
License URI: http://www.gnu.org/licenses/gpl-3.0.txt
@@ -166,6 +166,26 @@ No specific extensions are needed. But we highly recommended keep active these P
IMPORTANT: PLEASE UPDATE THE PLUGIN TO AT LEAST VERSION 2.6.7 IMMEDIATELY. VERSION 2.6.7 PATCHES SECURITY PRIVILEGE ESCALATION VULNERABILITY. PLEASE SEE [THIS ARTICLE](https://docs.ultimatemember.com/article/1866-security-incident-update-and-recommended-actions) FOR MORE INFORMATION
= 2.8.9 2024-10-14 =
**Enhancements**
* Added: Using PHP tidy extension (if it's active) to make HTML textarea value clear
* Added: `um_tidy_config` filter hook for setting PHP tidy config
* Tweak: Avoid using force `set_status()` function.
* Tweak: Properly using `UM()->common()->users()->get_status( $user_id )` instead of `um_user( 'account_status' )`
* Tweak: Properly using `UM()->common()->users()->get_status( $user_id, 'formatted' )` instead of `um_user( 'account_status_name' )`
* Tweak: Properly using `um_user( 'status' )` for getting user role setting while registration
**Bugfixes**
* Fixed: UM tipsy removing inside .um-page selector (e.g. tipsy init from um-modal)
* Fixed: Rollback using `<iframe>` for displaying HTML formatted textarea value
* Fixed: Capability to edit user profile for Administrator when user doesn't have a capability to edit its profile
* Fixed: Sending email notifications based on user status after registration
**Cached and optimized/minified assets(JS/CSS) must be flushed/re-generated after upgrade**
= 2.8.8 2024-10-04 =
**Bugfixes**
ultimate-member.php
+1 -1
View File
@@ -3,7 +3,7 @@
* Plugin Name: Ultimate Member
* Plugin URI: http://ultimatemember.com/
* Description: The easiest way to create powerful online communities and beautiful user profiles with WordPress
* Version: 2.8.8
* Version: 2.8.9
* Author: Ultimate Member
* Author URI: http://ultimatemember.com/
* Text Domain: ultimate-member