10h30/ultimatemember
1
0
Fork 0
mirror of https://github.com/10h30/ultimatemember.git synced 2026-06-05 15:09:37 +09:00
Code Issues Packages Projects Releases Wiki Activity

- fixed member directory scripts enqueue;

Browse Source 
- added integration with User Location extension;
- sanitize $_GET variables in wp-admin side;
This commit is contained in:
nikitasinelnikov
2020-02-12 12:36:47 +02:00
parent 7ab7a06b75
commit 2d36eaea36
15 changed files with 65 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files
includes/admin/core/class-admin-enqueue.php
+6 -2
View File
@@ -96,7 +96,8 @@ if ( ! class_exists( 'um\admin\core\Admin_Enqueue' ) ) {
*
*/
function enqueue_cpt_scripts() {
if ( ( isset( $_GET['post_type'] ) && 'um_form' == $_GET['post_type'] ) || ( isset( $_GET['post'] ) && 'um_form' == get_post_type( $_GET['post'] ) ) ) {
if ( ( isset( $_GET['post_type'] ) && 'um_form' == sanitize_key( $_GET['post_type'] ) ) ||
( isset( $_GET['post'] ) && 'um_form' == get_post_type( absint( $_GET['post'] ) ) ) ) {
$this->um_cpt_form_screen = true;
add_action( 'admin_footer', array( $this, 'admin_footer_scripts' ), 20 );
}
@@ -105,6 +106,9 @@ if ( ! class_exists( 'um\admin\core\Admin_Enqueue' ) ) {
}
/**
*
*/
function enqueue_frontend_preview_assets() {
//scripts for FRONTEND PREVIEW
if ( class_exists( 'WooCommerce' ) ) {
@@ -293,7 +297,7 @@ if ( ! class_exists( 'um\admin\core\Admin_Enqueue' ) ) {
$hide_footer = false;
global $pagenow, $post;
if ( ( 'post.php' == $pagenow || 'post-new.php' == $pagenow ) &&
( ( isset( $_GET['post_type'] ) && 'um_form' == $_GET['post_type'] ) ||
( ( isset( $_GET['post_type'] ) && 'um_form' == sanitize_key( $_GET['post_type'] ) ) ||
( isset( $post->post_type ) && 'um_form' == $post->post_type ) ) ) {
$hide_footer = true;
}
includes/admin/core/class-admin-menu.php
+1 -1
View File
@@ -191,7 +191,7 @@ if ( ! class_exists( 'um\admin\core\Admin_Menu' ) ) {
function um_roles_pages() {
if ( empty( $_GET['tab'] ) ) {
include_once um_path . 'includes/admin/core/list-tables/roles-list-table.php';
} elseif ( $_GET['tab'] == 'add' || $_GET['tab'] == 'edit' ) {
} elseif ( sanitize_key( $_GET['tab'] ) == 'add' || sanitize_key( $_GET['tab'] ) == 'edit' ) {
include_once um_path . 'includes/admin/templates/role/role-edit.php';
} else {
um_js_redirect( add_query_arg( array( 'page' => 'um_roles' ), get_admin_url( 'admin.php' ) ) );
includes/admin/core/class-admin-metabox.php
+6 -5
View File
@@ -55,7 +55,7 @@ if ( ! class_exists( 'um\admin\core\Admin_Metabox' ) ) {
*/
function hide_metabox_restrict_content_shop( $hide ) {
if ( function_exists( 'wc_get_page_id' ) && ! empty( $_GET['post'] ) &&
$_GET['post'] == wc_get_page_id( 'shop' ) ) {
absint( $_GET['post'] ) == wc_get_page_id( 'shop' ) ) {
return true;
}
@@ -838,7 +838,7 @@ if ( ! class_exists( 'um\admin\core\Admin_Metabox' ) ) {
)
);
if ( ! isset( $_GET['id'] ) || 'administrator' != $_GET['id'] ) {
if ( ! isset( $_GET['id'] ) || 'administrator' != sanitize_key( $_GET['id'] ) ) {
$roles_metaboxes[] = array(
'id' => 'um-admin-form-home',
'title' => __( 'Homepage Options', 'ultimate-member' ),
@@ -925,11 +925,12 @@ if ( ! class_exists( 'um\admin\core\Admin_Metabox' ) ) {
$wp_caps_metabox = false;
if ( ! empty( $_GET['id'] ) ) {
$data = get_option( "um_role_{$_GET['id']}_meta" );
if ( ! empty( $data['_um_is_custom'] ) )
$data = get_option( 'um_role_' . sanitize_key( $_GET['id'] ) . '_meta' );
if ( ! empty( $data['_um_is_custom'] ) ) {
$wp_caps_metabox = true;
}
}
if ( 'add' == $_GET['tab'] || $wp_caps_metabox ) {
if ( 'add' == sanitize_key( $_GET['tab'] ) || $wp_caps_metabox ) {
$roles_metaboxes[] = array(
'id' => 'um-admin-form-wp-capabilities',
'title' => __( 'WP Capabilities', 'ultimate-member' ),
includes/admin/core/class-admin-notices.php
+2 -2
View File
@@ -578,8 +578,8 @@ if ( ! class_exists( 'um\admin\core\Admin_Notices' ) ) {
'message' => $message,
), 4 );
} else {
if ( isset( $_GET['msg'] ) && 'updated' == $_GET['msg'] ) {
if ( isset( $_GET['page'] ) && 'um_options' == $_GET['page'] ) {
if ( isset( $_GET['msg'] ) && 'updated' == sanitize_key( $_GET['msg'] ) ) {
if ( isset( $_GET['page'] ) && 'um_options' == sanitize_key( $_GET['page'] ) ) {
$this->add_notice( 'settings_upgrade', array(
'class' => 'updated',
'message' => '<p>' . __( 'Settings successfully upgraded', 'ultimate-member' ) . '</p>',
includes/admin/core/class-admin-settings.php
+1 -1
View File
@@ -1415,7 +1415,7 @@ if ( ! class_exists( 'um\admin\core\Admin_Settings' ) ) {
$current_tab = empty( $_GET['tab'] ) ? '' : urldecode( $_GET['tab'] );
$current_subtab = empty( $_GET['section'] ) ? '' : urldecode( $_GET['section'] );
$settings_struct = $this->settings_structure[$current_tab];
$settings_struct = $this->settings_structure[ $current_tab ];
//remove not option hidden fields
if ( ! empty( $settings_struct['fields'] ) ) {
includes/admin/core/list-tables/emails-list-table.php
+7 -11
View File
@@ -1,19 +1,19 @@
<?php if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
<?php if ( ! defined( 'ABSPATH' ) ) exit;
global $wpdb;
if ( isset($_REQUEST['_wp_http_referer']) ) {
$redirect = remove_query_arg(array('_wp_http_referer' ), wp_unslash( $_REQUEST['_wp_http_referer'] ) );
if ( isset( $_REQUEST['_wp_http_referer'] ) ) {
$redirect = remove_query_arg( array( '_wp_http_referer' ), wp_unslash( $_REQUEST['_wp_http_referer'] ) );
} else {
$redirect = get_admin_url(). 'admin.php?page=ultimatemember';
}
//remove extra query arg
if ( !empty( $_GET['_wp_http_referer'] ) ) {
um_js_redirect( remove_query_arg( array( '_wp_http_referer', '_wpnonce'), wp_unslash( $_SERVER['REQUEST_URI'] ) ) );
if ( ! empty( $_GET['_wp_http_referer'] ) ) {
um_js_redirect( remove_query_arg( array( '_wp_http_referer', '_wpnonce' ), wp_unslash( $_SERVER['REQUEST_URI'] ) ) );
}
if( ! class_exists( 'WP_List_Table' ) ) {
if ( ! class_exists( 'WP_List_Table' ) ) {
require_once( ABSPATH . 'wp-admin/includes/class-wp-list-table.php' );
}
@@ -320,9 +320,5 @@ $ListTable->wpc_set_pagination_args( array( 'total_items' => count( $emails ), '
<input type="hidden" name="page" value="um_options" />
<input type="hidden" name="tab" value="email" />
<?php if ( ! empty( $_GET['section'] ) ) { ?>
<input type="hidden" name="section" value="<?php echo esc_attr( $_GET['section'] ) ?>" />
<?php }
$ListTable->display(); ?>
<?php $ListTable->display(); ?>
</form>
includes/admin/core/list-tables/roles-list-table.php
+4 -4
View File
@@ -3,7 +3,7 @@
global $wpdb;
if ( isset( $_REQUEST['_wp_http_referer'] ) ) {
$redirect = remove_query_arg(array('_wp_http_referer' ), wp_unslash( $_REQUEST['_wp_http_referer'] ) );
$redirect = remove_query_arg( array( '_wp_http_referer' ), wp_unslash( $_REQUEST['_wp_http_referer'] ) );
} else {
$redirect = get_admin_url(). 'admin.php?page=um_roles';
}
@@ -11,7 +11,7 @@ if ( isset( $_REQUEST['_wp_http_referer'] ) ) {
global $wp_roles;
if ( isset( $_GET['action'] ) ) {
switch ( $_GET['action'] ) {
switch ( sanitize_key( $_GET['action'] ) ) {
/* delete action */
case 'delete': {
$role_keys = array();
@@ -117,7 +117,7 @@ if ( ! empty( $_GET['_wp_http_referer'] ) ) {
}
$order_by = 'name';
$order = ( isset( $_GET['order'] ) && 'asc' == strtolower( $_GET['order'] ) ) ? 'ASC' : 'DESC';
$order = ( isset( $_GET['order'] ) && 'asc' == strtolower( sanitize_key( $_GET['order'] ) ) ) ? 'ASC' : 'DESC';
if ( ! class_exists( 'WP_List_Table' ) ) {
require_once( ABSPATH . 'wp-admin/includes/class-wp-list-table.php' );
@@ -487,7 +487,7 @@ $ListTable->um_set_pagination_args( array( 'total_items' => count( $roles ), 'pe
</h2>
<?php if ( ! empty( $_GET['msg'] ) ) {
switch( $_GET['msg'] ) {
switch( sanitize_key( $_GET['msg'] ) ) {
case 'd':
echo '<div id="message" class="updated fade"><p>' . __( 'User Role <strong>Deleted</strong> Successfully.', 'ultimate-member' ) . '</p></div>';
break;
includes/admin/templates/directory/profile.php
+1 -1
View File
@@ -5,7 +5,7 @@
<?php $user_fields = array();
foreach ( UM()->builtin()->all_user_fields() as $key => $arr ) {
$user_fields[$key] = isset( $arr['title'] ) ? $arr['title'] : '';
$user_fields[ $key ] = isset( $arr['title'] ) ? $arr['title'] : '';
}
$post_id = get_the_ID();
includes/admin/templates/role/role-edit.php
+17 -14
View File
@@ -47,10 +47,13 @@ $option = array();
global $wp_roles;
if ( ! empty( $_GET['id'] ) ) {
$data = get_option( "um_role_{$_GET['id']}_meta" );
$role_id = sanitize_key( $_GET['id'] );
$data = get_option( "um_role_{$role_id}_meta" );
if ( empty( $data['_um_is_custom'] ) ) {
$data['name'] = $wp_roles->roles[ $_GET['id'] ]['name'];
$data['name'] = $wp_roles->roles[ $role_id ]['name'];
}
}
@@ -61,7 +64,7 @@ if ( ! empty( $_POST['role'] ) ) {
$redirect = '';
$error = '';
if ( 'add' == $_GET['tab'] ) {
if ( 'add' == sanitize_key( $_GET['tab'] ) ) {
if ( ! wp_verify_nonce( $_POST['um_nonce'], 'um-add-role' ) ) {
$error = __( 'Security Issue', 'ultimate-member' ) . '<br />';
}
@@ -75,7 +78,7 @@ if ( ! empty( $_POST['role'] ) ) {
$data = $_POST['role'];
if ( 'add' == $_GET['tab'] ) {
if ( 'add' == sanitize_key( $_GET['tab'] ) ) {
$data['name'] = trim( esc_html( strip_tags( $data['name'] ) ) );
@@ -92,8 +95,8 @@ if ( ! empty( $_POST['role'] ) ) {
}
$redirect = add_query_arg( array( 'page'=>'um_roles', 'tab'=>'edit', 'id'=>$id, 'msg'=>'a' ), admin_url( 'admin.php' ) );
} elseif ( 'edit' == $_GET['tab'] && ! empty( $_GET['id'] ) ) {
$id = $_GET['id'];
} elseif ( 'edit' == sanitize_key( $_GET['tab'] ) && ! empty( $_GET['id'] ) ) {
$id = sanitize_key( $_GET['id'] );
$pre_role_meta = get_option( "um_role_{$id}_meta", array() );
if ( isset( $pre_role_meta['name'] ) ) {
@@ -105,7 +108,7 @@ if ( ! empty( $_POST['role'] ) ) {
$all_roles = array_keys( get_editable_roles() );
if ( 'add' == $_GET['tab'] ) {
if ( 'add' == sanitize_key( $_GET['tab'] ) ) {
if ( in_array( 'um_' . $id, $all_roles ) || in_array( $id, $all_roles ) ) {
$error .= __( 'Role already exists!', 'ultimate-member' ) . '<br />';
}
@@ -113,7 +116,7 @@ if ( ! empty( $_POST['role'] ) ) {
if ( '' == $error ) {
if ( 'add' == $_GET['tab'] ) {
if ( 'add' == sanitize_key( $_GET['tab'] ) ) {
$roles = get_option( 'um_roles' );
$roles[] = $id;
@@ -148,14 +151,14 @@ $screen_id = $current_screen->id; ?>
<div class="wrap">
<h2>
<?php echo ( 'add' == $_GET['tab'] ) ? __( 'Add New Role', 'ultimate-member' ) : __( 'Edit Role', 'ultimate-member' ) ?>
<?php if ( 'edit' == $_GET['tab'] ) { ?>
<?php echo ( 'add' == sanitize_key( $_GET['tab'] ) ) ? __( 'Add New Role', 'ultimate-member' ) : __( 'Edit Role', 'ultimate-member' ) ?>
<?php if ( 'edit' == sanitize_key( $_GET['tab'] ) ) { ?>
<a class="add-new-h2" href="<?php echo esc_url( add_query_arg( array( 'page' => 'um_roles', 'tab' => 'add' ), admin_url( 'admin.php' ) ) ) ?>"><?php _e( 'Add New', 'ultimate-member' ) ?></a>
<?php } ?>
</h2>
<?php if ( ! empty( $_GET['msg'] ) ) {
switch( $_GET['msg'] ) {
switch( sanitize_key( $_GET['msg'] ) ) {
case 'a':
echo '<div id="message" class="updated fade"><p>' . __( 'User Role <strong>Added</strong> Successfully.', 'ultimate-member' ) . '</p></div>';
break;
@@ -172,8 +175,8 @@ $screen_id = $current_screen->id; ?>
<?php } ?>
<form id="um_edit_role" action="" method="post">
<input type="hidden" name="role[id]" value="<?php echo isset( $_GET['id'] ) ? esc_attr( $_GET['id'] ) : '' ?>" />
<?php if ( 'add' == $_GET['tab'] ) { ?>
<input type="hidden" name="role[id]" value="<?php echo isset( $_GET['id'] ) ? esc_attr( sanitize_key( $_GET['id'] ) ) : '' ?>" />
<?php if ( 'add' == sanitize_key( $_GET['tab'] ) ) { ?>
<input type="hidden" name="role[_um_is_custom]" value="1" />
<input type="hidden" name="um_nonce" value="<?php echo esc_attr( wp_create_nonce( 'um-add-role' ) ) ?>" />
<?php } else { ?>
@@ -186,7 +189,7 @@ $screen_id = $current_screen->id; ?>
<div id="post-body-content">
<div id="titlediv">
<div id="titlewrap">
<?php if ( 'add' == $_GET['tab'] ) { ?>
<?php if ( 'add' == sanitize_key( $_GET['tab'] ) ) { ?>
<label for="title" class="screen-reader-text"><?php _e( 'Title', 'ultimate-member' ) ?></label>
<input type="text" name="role[name]" placeholder="<?php esc_attr_e( 'Enter Title Here', 'ultimate-member' ) ?>" id="title" value="<?php echo isset( $data['name'] ) ? $data['name'] : '' ?>" />
<?php } else { ?>
includes/admin/templates/role/wp-capabilities.php
+1 -1
View File
@@ -55,7 +55,7 @@
$role_capabilities = ! empty( $role['wp_capabilities'] ) ? array_keys( $role['wp_capabilities'] ) : array( 'read' );
if ( ! empty( $_GET['id'] ) ) {
$role = get_role( $_GET['id'] );
$role = get_role( sanitize_key( $_GET['id'] ) );
}
$all_caps = array();
includes/class-dependencies.php
+1 -1
View File
@@ -55,6 +55,7 @@ if ( ! class_exists( 'um\Dependencies' ) ) {
'terms-conditions' => '2.1.1',
'unsplash' => '2.0.2',
'user-bookmarks' => '2.0.2',
'user-location' => '1.0.0',
'user-photos' => '2.0.4',
'user-tags' => '2.1.0',
'verified-users' => '2.0.5',
@@ -73,7 +74,6 @@ if ( ! class_exists( 'um\Dependencies' ) ) {
'user-exporter' => '1.0.0',
/*in development*/
'user-location' => '1.0',
'filesharing' => '1.0.0',
'beaver-builder' => '2.0',
'user-events' => '1.0.0',
includes/core/class-enqueue.php
+3 -3
View File
@@ -295,11 +295,11 @@ if ( ! class_exists( 'um\core\Enqueue' ) ) {
*/
function load_css() {
wp_enqueue_style( 'um_styles' );
if ( is_rtl() ) {
/*if ( is_rtl() ) {
wp_enqueue_style( 'um_members_rtl' );
} else {
wp_enqueue_style( 'um_members' );
}
}*/
wp_enqueue_style( 'um_profile' );
wp_enqueue_style( 'um_account' );
@@ -349,7 +349,7 @@ if ( ! class_exists( 'um\core\Enqueue' ) ) {
function load_customjs() {
wp_enqueue_script('um_conditional');
wp_enqueue_script('um_scripts');
wp_enqueue_script('um_members');
//wp_enqueue_script('um_members');
wp_enqueue_script('um_profile');
wp_enqueue_script('um_account');
}
includes/core/class-shortcodes.php
+9
View File
@@ -602,6 +602,15 @@ if ( ! class_exists( 'um\core\Shortcodes' ) ) {
$post_data['template'] = $post_data['mode'];
}
if ( 'directory' == $args['mode'] ) {
wp_enqueue_script( 'um_members' );
if ( is_rtl() ) {
wp_enqueue_style( 'um_members_rtl' );
} else {
wp_enqueue_style( 'um_members' );
}
}
if ( 'directory' != $args['mode'] ) {
$args = array_merge( $post_data, $args );
includes/um-short-functions.php
+5 -2
View File
@@ -1115,7 +1115,9 @@ function um_filtered_value( $key, $data = false ) {
/**
* @return bool|int|null
* Returns requested User ID or current User ID
*
* @return int
*/
function um_profile_id() {
$requested_user = um_get_requested_user();
@@ -1512,8 +1514,9 @@ function um_set_requested_user( $user_id ) {
* @return bool|null
*/
function um_get_requested_user() {
if ( ! empty( UM()->user()->target_id ) )
if ( ! empty( UM()->user()->target_id ) ) {
return UM()->user()->target_id;
}
return false;
}
readme.txt
+1
View File
@@ -42,6 +42,7 @@ Read about all of the plugin's features at [Ultimate Member](https://ultimatemem
Ultimate Member has a range of extensions that allow you to extend the power of the plugin. You can purchase all of these extensions at a significant discount with our [All Access Pass](https://ultimatemember.com/pricing/) or you can purchase extensions individually.
* [User Location](https://ultimatemember.com/extensions/user-location/) - Allow users to add geolocations to profiles and show them at the member directories
* [Profile Tabs](https://ultimatemember.com/extensions/profile-tabs/) - Allow users to add custom tabs to profiles
* [Unsplash](https://ultimatemember.com/extensions/unsplash/) - Allow users to select a profile cover photo from [Unsplash](https://unsplash.com/) from their profile
* [User Bookmarks](https://ultimatemember.com/extensions/user-bookmarks/) - Allow users to bookmark content from your website