10h30/ultimatemember
1
0
Fork 0
mirror of https://github.com/10h30/ultimatemember.git synced 2026-06-05 15:09:37 +09:00
Code Issues Packages Projects Releases Wiki Activity

- added fix for getting image/file custom fields from $_POST when form isn't validated;

Browse Source
This commit is contained in:
nikitasinelnikov
2020-01-16 10:25:30 +02:00
parent e66af65b08
commit 2401d06875
11 changed files with 181 additions and 103 deletions
Download Patch File Download Diff File Expand all files Collapse all files
includes/core/class-fields.php
+13 -11
View File
@@ -2500,7 +2500,7 @@ if ( ! class_exists( 'um\core\Fields' ) ) {
/* Single Image Upload */
case 'image':
$output .= '<div ' . $this->get_atts( $key, $classes, $conditional, $data ) . '>';
$output .= '<div ' . $this->get_atts( $key, $classes, $conditional, $data ) . ' data-mode="' . esc_attr( $this->set_mode ) . '" data-upload-label="' . ( ! empty( $data['button_text'] ) ? esc_attr( $data['button_text'] ) : esc_attr__( 'Upload', 'ultimate-member' ) ) . '">';
if ( in_array( $key, array( 'profile_photo', 'cover_photo' ) ) ) {
$field_value = '';
} else {
@@ -2573,25 +2573,27 @@ if ( ! class_exists( 'um\core\Fields' ) ) {
/* Single File Upload */
case 'file':
$output .= '<div ' . $this->get_atts( $key, $classes, $conditional, $data ) . '>';
$output .= '<div ' . $this->get_atts( $key, $classes, $conditional, $data ) . ' data-mode="' . esc_attr( $this->set_mode ) . '" data-upload-label="' . ( ! empty( $data['button_text'] ) ? esc_attr( $data['button_text'] ) : esc_attr__( 'Upload', 'ultimate-member' ) ) . '">';
$output .= '<input type="hidden" name="' . esc_attr( $key . UM()->form()->form_suffix ) . '" id="' . esc_attr( $key . UM()->form()->form_suffix ) . '" value="' . $this->field_value( $key, $default, $data ) . '" />';
if (isset( $data['label'] )) {
if ( isset( $data['label'] ) ) {
$output .= $this->field_label( $label, $key, $data );
}
$modal_label = ( isset( $data['label'] ) ) ? $data['label'] : __( 'Upload File', 'ultimate-member' );
$output .= '<div class="um-field-area" style="text-align: center;">';
if ( $this->field_value( $key, $default, $data ) ) {
$file_field_value = $this->field_value( $key, $default, $data );
$file_field_value = $this->field_value( $key, $default, $data );
if ( ! empty( $file_field_value ) && 'empty_file' !== $file_field_value ) {
$file_type = wp_check_filetype( $file_field_value );
if ( isset( $this->set_mode ) && 'register' == $this->set_mode ) {
$file_info = get_transient("um_{$file_field_value}");
if ( um_is_temp_file( $file_field_value ) ) {
$file_info = get_transient( "um_{$file_field_value}" );
} else {
$file_info = um_user( $data['metakey']."_metadata" );
$file_info = um_user( $data['metakey'] . "_metadata" );
}
$file_field_name = $file_field_value;
if( isset( $file_info['original_name'] ) && ! empty( $file_info['original_name'] ) ){
if ( ! empty( $file_info['original_name'] ) ) {
$file_field_name = $file_info['original_name'];
}
@@ -2631,7 +2633,7 @@ if ( ! class_exists( 'um\core\Fields' ) ) {
$output .= '<div class="um-modal-hidden-content">';
$output .= '<div class="um-modal-header"> ' . $modal_label . '</div>';
$output .= '<div class="um-modal-body">';
if (isset( $this->set_id )) {
if ( isset( $this->set_id ) ) {
$set_id = $this->set_id;
$set_mode = $this->set_mode;
} else {
@@ -2651,7 +2653,7 @@ if ( ! class_exists( 'um\core\Fields' ) ) {
$output .= '<div class="um-single-file-upload" data-user_id="' . esc_attr( $_um_profile_id ) . '" data-timestamp="' . esc_attr( $this->timestamp ) . '" data-nonce="' . $nonce . '" data-icon="' . esc_attr( $icon ) . '" data-set_id="' . esc_attr( $set_id ) . '" data-set_mode="' . esc_attr( $set_mode ) . '" data-type="' . esc_attr( $type ) . '" data-key="' . esc_attr( $key ) . '" data-max_size="' . esc_attr( $max_size ) . '" data-max_size_error="' . esc_attr( $max_size_error ) . '" data-min_size_error="' . esc_attr( $min_size_error ) . '" data-extension_error="' . esc_attr( $extension_error ) . '" data-allowed_types="' . esc_attr( $allowed_types ) . '" data-upload_text="' . esc_attr( $upload_text ) . '" data-max_files_error="' . esc_attr( $max_files_error ) . '" data-upload_help_text="' . esc_attr( $upload_help_text ) . '">' . $button_text . '</div>';
$output .= '<div class="um-modal-footer">
<div class="um-modal-right">
<a href="javascript:void(0);" class="um-modal-btn um-finish-upload file disabled" data-key="' . $key . '" data-change="' . __( 'Change file' ) . '" data-processing="' . __( 'Processing...', 'ultimate-member' ) . '"> ' . __( 'Save', 'ultimate-member' ) . '</a>
<a href="javascript:void(0);" class="um-modal-btn um-finish-upload file disabled" data-key="' . esc_attr( $key ) . '" data-change="' . esc_attr__( 'Change file' ) . '" data-processing="' . esc_attr__( 'Processing...', 'ultimate-member' ) . '"> ' . __( 'Save', 'ultimate-member' ) . '</a>
<a href="javascript:void(0);" class="um-modal-btn alt" data-action="um_remove_modal"> ' . __( 'Cancel', 'ultimate-member' ) . '</a>
</div>
<div class="um-clear"></div>
includes/core/class-files.php
+59 -14
View File
@@ -253,13 +253,51 @@ if ( ! class_exists( 'um\core\Files' ) ) {
function ajax_remove_file() {
UM()->check_ajax_nonce();
/**
* @var $src
*/
extract( $_REQUEST );
$this->delete_file( $src );
if ( empty( $_POST['src'] ) ) {
wp_send_json_error( __( 'Wrong path', 'ultimate-member' ) );
}
wp_send_json_success();
if ( empty( $_POST['mode'] ) ) {
wp_send_json_error( __( 'Wrong mode', 'ultimate-member' ) );
}
$src = $_POST['src'];
if ( strstr( $src, '?' ) ) {
$splitted = explode( '?', $src );
$src = $splitted[0];
}
$mode = sanitize_key( $_POST['mode'] );
if ( $mode == 'register' || empty( $_POST['user_id'] ) ) {
$is_temp = um_is_temp_upload( $src );
if ( ! $is_temp ) {
wp_send_json_success();
}
} else {
$user_id = absint( $_POST['user_id'] );
if ( ! UM()->roles()->um_current_user_can( 'edit', $user_id ) ) {
wp_send_json_error( __( 'You haven\'t ability to edit this user', 'ultimate-member' ) );
}
$is_temp = um_is_temp_upload( $src );
if ( ! $is_temp ) {
if ( ! empty( $_POST['filename'] ) && file_exists( UM()->uploader()->get_upload_user_base_dir( $user_id ) . DIRECTORY_SEPARATOR . $_POST['filename'] ) ) {
wp_send_json_success();
}
}
}
if ( $this->delete_file( $src ) ) {
wp_send_json_success();
} else {
wp_send_json_error( __( 'You haven\'t ability to delete this file', 'ultimate-member' ) );
}
}
@@ -325,7 +363,7 @@ if ( ! class_exists( 'um\core\Files' ) ) {
UM()->fields()->set_id = $_POST['set_id'];
UM()->fields()->set_mode = $_POST['set_mode'];
if ( ! UM()->roles()->um_current_user_can( 'edit', $user_id ) ) {
if ( UM()->fields()->set_mode != 'register' && ! UM()->roles()->um_current_user_can( 'edit', $user_id ) ) {
$ret['error'] = __( 'You haven\'t ability to edit this user', 'ultimate-member' );
wp_send_json_error( $ret );
}
@@ -992,10 +1030,11 @@ if ( ! class_exists( 'um\core\Files' ) ) {
/**
* This function will delete file upload from server
*
* @param $src
* @param string $src
*
* @return bool
*/
function delete_file( $src ) {
if ( strstr( $src, '?' ) ) {
$splitted = explode( '?', $src );
$src = $splitted[0];
@@ -1004,9 +1043,9 @@ if ( ! class_exists( 'um\core\Files' ) ) {
$is_temp = um_is_temp_upload( $src );
if ( $is_temp ) {
unlink( $is_temp );
rmdir( dirname( $is_temp ) );
return true;
} else {
wp_die( __('Ultimate Member: Not a valid temp file','ultimate-member') );
return false;
}
}
@@ -1146,9 +1185,15 @@ if ( ! class_exists( 'um\core\Files' ) ) {
*/
function remove_dir( $dir ) {
if ( file_exists( $dir ) ) {
foreach(glob($dir . '/*') as $file) {
if(is_dir($file)) $this->remove_dir($file); else unlink($file);
} rmdir($dir);
foreach ( glob($dir . '/*') as $file ) {
if ( is_dir( $file ) ) {
$this->remove_dir( $file );
} else {
unlink( $file );
}
}
rmdir( $dir );
}
}