From 2d36eaea36ab843a2667449fcda5374a2e767bb1 Mon Sep 17 00:00:00 2001
From: nikitasinelnikov <nsinelnikov.work@gmail.com>
Date: Wed, 12 Feb 2020 12:36:47 +0200
Subject: [PATCH] - fixed member directory scripts enqueue; - added integration
 with User Location extension; - sanitize $_GET variables in wp-admin side;

---
 includes/admin/core/class-admin-enqueue.php   |  8 +++--
 includes/admin/core/class-admin-menu.php      |  2 +-
 includes/admin/core/class-admin-metabox.php   | 11 ++++---
 includes/admin/core/class-admin-notices.php   |  4 +--
 includes/admin/core/class-admin-settings.php  |  2 +-
 .../core/list-tables/emails-list-table.php    | 18 +++++------
 .../core/list-tables/roles-list-table.php     |  8 ++---
 .../admin/templates/directory/profile.php     |  2 +-
 includes/admin/templates/role/role-edit.php   | 31 ++++++++++---------
 .../admin/templates/role/wp-capabilities.php  |  2 +-
 includes/class-dependencies.php               |  2 +-
 includes/core/class-enqueue.php               |  6 ++--
 includes/core/class-shortcodes.php            |  9 ++++++
 includes/um-short-functions.php               |  7 +++--
 readme.txt                                    |  1 +
 15 files changed, 65 insertions(+), 48 deletions(-)

diff --git a/includes/admin/core/class-admin-enqueue.php b/includes/admin/core/class-admin-enqueue.php
index 104ebee6..133230e7 100644
--- a/includes/admin/core/class-admin-enqueue.php
+++ b/includes/admin/core/class-admin-enqueue.php
@@ -96,7 +96,8 @@ if ( ! class_exists( 'um\admin\core\Admin_Enqueue' ) ) {
 		 *
 		 */
 		function enqueue_cpt_scripts() {
-			if ( ( isset( $_GET['post_type'] ) && 'um_form' == $_GET['post_type'] ) || ( isset( $_GET['post'] ) && 'um_form' == get_post_type( $_GET['post'] ) ) ) {
+			if ( ( isset( $_GET['post_type'] ) && 'um_form' == sanitize_key( $_GET['post_type'] ) ) ||
+			     ( isset( $_GET['post'] ) && 'um_form' == get_post_type( absint( $_GET['post'] ) ) ) ) {
 				$this->um_cpt_form_screen = true;
 				add_action( 'admin_footer',  array( $this, 'admin_footer_scripts' ), 20 );
 			}
@@ -105,6 +106,9 @@ if ( ! class_exists( 'um\admin\core\Admin_Enqueue' ) ) {
 		}
 
 
+		/**
+		 *
+		 */
 		function enqueue_frontend_preview_assets() {
 			//scripts for FRONTEND PREVIEW
 			if ( class_exists( 'WooCommerce' ) ) {
@@ -293,7 +297,7 @@ if ( ! class_exists( 'um\admin\core\Admin_Enqueue' ) ) {
 			$hide_footer = false;
 			global $pagenow, $post;
 			if ( ( 'post.php' == $pagenow || 'post-new.php' == $pagenow ) &&
-			     ( ( isset( $_GET['post_type'] ) && 'um_form' == $_GET['post_type'] ) ||
+			     ( ( isset( $_GET['post_type'] ) && 'um_form' == sanitize_key( $_GET['post_type'] ) ) ||
 			       ( isset( $post->post_type ) && 'um_form' == $post->post_type ) ) ) {
 				$hide_footer = true;
 			}
diff --git a/includes/admin/core/class-admin-menu.php b/includes/admin/core/class-admin-menu.php
index 482ce92e..0a98018e 100644
--- a/includes/admin/core/class-admin-menu.php
+++ b/includes/admin/core/class-admin-menu.php
@@ -191,7 +191,7 @@ if ( ! class_exists( 'um\admin\core\Admin_Menu' ) ) {
 		function um_roles_pages() {
 			if ( empty( $_GET['tab'] ) ) {
 				include_once um_path . 'includes/admin/core/list-tables/roles-list-table.php';
-			} elseif ( $_GET['tab'] == 'add' || $_GET['tab'] == 'edit' ) {
+			} elseif ( sanitize_key( $_GET['tab'] ) == 'add' || sanitize_key( $_GET['tab'] ) == 'edit' ) {
 				include_once um_path . 'includes/admin/templates/role/role-edit.php';
 			} else {
 				um_js_redirect( add_query_arg( array( 'page' => 'um_roles' ), get_admin_url( 'admin.php' ) ) );
diff --git a/includes/admin/core/class-admin-metabox.php b/includes/admin/core/class-admin-metabox.php
index a066b7f9..7e8d5297 100644
--- a/includes/admin/core/class-admin-metabox.php
+++ b/includes/admin/core/class-admin-metabox.php
@@ -55,7 +55,7 @@ if ( ! class_exists( 'um\admin\core\Admin_Metabox' ) ) {
 		 */
 		function hide_metabox_restrict_content_shop( $hide ) {
 			if ( function_exists( 'wc_get_page_id' ) && ! empty( $_GET['post'] ) &&
-			     $_GET['post'] == wc_get_page_id( 'shop' ) ) {
+			     absint( $_GET['post'] ) == wc_get_page_id( 'shop' ) ) {
 				return true;
 			}
 
@@ -838,7 +838,7 @@ if ( ! class_exists( 'um\admin\core\Admin_Metabox' ) ) {
 				)
 			);
 
-			if ( ! isset( $_GET['id'] ) || 'administrator' != $_GET['id'] ) {
+			if ( ! isset( $_GET['id'] ) || 'administrator' != sanitize_key( $_GET['id'] ) ) {
 				$roles_metaboxes[] = array(
 					'id'        => 'um-admin-form-home',
 					'title'     => __( 'Homepage Options', 'ultimate-member' ),
@@ -925,11 +925,12 @@ if ( ! class_exists( 'um\admin\core\Admin_Metabox' ) ) {
 
 			$wp_caps_metabox = false;
 			if ( ! empty( $_GET['id'] ) ) {
-				$data = get_option( "um_role_{$_GET['id']}_meta" );
-				if ( ! empty( $data['_um_is_custom'] ) )
+				$data = get_option( 'um_role_' . sanitize_key( $_GET['id'] ) . '_meta' );
+				if ( ! empty( $data['_um_is_custom'] ) ) {
 					$wp_caps_metabox = true;
+				}
 			}
-			if ( 'add' == $_GET['tab'] || $wp_caps_metabox ) {
+			if ( 'add' == sanitize_key( $_GET['tab'] ) || $wp_caps_metabox ) {
 				$roles_metaboxes[] = array(
 					'id'        => 'um-admin-form-wp-capabilities',
 					'title'     => __( 'WP Capabilities', 'ultimate-member' ),
diff --git a/includes/admin/core/class-admin-notices.php b/includes/admin/core/class-admin-notices.php
index 996e6aa2..b0ebe136 100644
--- a/includes/admin/core/class-admin-notices.php
+++ b/includes/admin/core/class-admin-notices.php
@@ -578,8 +578,8 @@ if ( ! class_exists( 'um\admin\core\Admin_Notices' ) ) {
 					'message'   => $message,
 				), 4 );
 			} else {
-				if ( isset( $_GET['msg'] ) && 'updated' == $_GET['msg'] ) {
-					if ( isset( $_GET['page'] ) && 'um_options' == $_GET['page'] ) {
+				if ( isset( $_GET['msg'] ) && 'updated' == sanitize_key( $_GET['msg'] ) ) {
+					if ( isset( $_GET['page'] ) && 'um_options' == sanitize_key( $_GET['page'] ) ) {
 						$this->add_notice( 'settings_upgrade', array(
 							'class'     => 'updated',
 							'message'   => '<p>' . __( 'Settings successfully upgraded', 'ultimate-member' ) . '</p>',
diff --git a/includes/admin/core/class-admin-settings.php b/includes/admin/core/class-admin-settings.php
index 05d301ff..b3050f3c 100644
--- a/includes/admin/core/class-admin-settings.php
+++ b/includes/admin/core/class-admin-settings.php
@@ -1415,7 +1415,7 @@ if ( ! class_exists( 'um\admin\core\Admin_Settings' ) ) {
 			$current_tab = empty( $_GET['tab'] ) ? '' : urldecode( $_GET['tab'] );
 			$current_subtab = empty( $_GET['section'] ) ? '' : urldecode( $_GET['section'] );
 
-			$settings_struct = $this->settings_structure[$current_tab];
+			$settings_struct = $this->settings_structure[ $current_tab ];
 
 			//remove not option hidden fields
 			if ( ! empty( $settings_struct['fields'] ) ) {
diff --git a/includes/admin/core/list-tables/emails-list-table.php b/includes/admin/core/list-tables/emails-list-table.php
index c5ace34e..087a31c2 100644
--- a/includes/admin/core/list-tables/emails-list-table.php
+++ b/includes/admin/core/list-tables/emails-list-table.php
@@ -1,19 +1,19 @@
-<?php if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
+<?php if ( ! defined( 'ABSPATH' ) ) exit;
 
 global $wpdb;
 
-if ( isset($_REQUEST['_wp_http_referer']) ) {
-	$redirect = remove_query_arg(array('_wp_http_referer' ), wp_unslash( $_REQUEST['_wp_http_referer'] ) );
+if ( isset( $_REQUEST['_wp_http_referer'] ) ) {
+	$redirect = remove_query_arg( array( '_wp_http_referer' ), wp_unslash( $_REQUEST['_wp_http_referer'] ) );
 } else {
 	$redirect = get_admin_url(). 'admin.php?page=ultimatemember';
 }
 
 //remove extra query arg
-if ( !empty( $_GET['_wp_http_referer'] ) ) {
-	um_js_redirect( remove_query_arg( array( '_wp_http_referer', '_wpnonce'), wp_unslash( $_SERVER['REQUEST_URI'] ) ) );
+if ( ! empty( $_GET['_wp_http_referer'] ) ) {
+	um_js_redirect( remove_query_arg( array( '_wp_http_referer', '_wpnonce' ), wp_unslash( $_SERVER['REQUEST_URI'] ) ) );
 }
 
-if( ! class_exists( 'WP_List_Table' ) ) {
+if ( ! class_exists( 'WP_List_Table' ) ) {
 	require_once( ABSPATH . 'wp-admin/includes/class-wp-list-table.php' );
 }
 
@@ -320,9 +320,5 @@ $ListTable->wpc_set_pagination_args( array( 'total_items' => count( $emails ), '
 	<input type="hidden" name="page" value="um_options" />
 	<input type="hidden" name="tab" value="email" />
 
-	<?php if ( ! empty( $_GET['section'] ) ) { ?>
-		<input type="hidden" name="section" value="<?php echo esc_attr( $_GET['section'] ) ?>" />
-	<?php }
-
-	$ListTable->display(); ?>
+	<?php $ListTable->display(); ?>
 </form>
\ No newline at end of file
diff --git a/includes/admin/core/list-tables/roles-list-table.php b/includes/admin/core/list-tables/roles-list-table.php
index c5b87d18..58170b62 100644
--- a/includes/admin/core/list-tables/roles-list-table.php
+++ b/includes/admin/core/list-tables/roles-list-table.php
@@ -3,7 +3,7 @@
 global $wpdb;
 
 if ( isset( $_REQUEST['_wp_http_referer'] ) ) {
-	$redirect = remove_query_arg(array('_wp_http_referer' ), wp_unslash( $_REQUEST['_wp_http_referer'] ) );
+	$redirect = remove_query_arg( array( '_wp_http_referer' ), wp_unslash( $_REQUEST['_wp_http_referer'] ) );
 } else {
 	$redirect = get_admin_url(). 'admin.php?page=um_roles';
 }
@@ -11,7 +11,7 @@ if ( isset( $_REQUEST['_wp_http_referer'] ) ) {
 global $wp_roles;
 
 if ( isset( $_GET['action'] ) ) {
-	switch ( $_GET['action'] ) {
+	switch ( sanitize_key( $_GET['action'] ) ) {
 		/* delete action */
 		case 'delete': {
 			$role_keys = array();
@@ -117,7 +117,7 @@ if ( ! empty( $_GET['_wp_http_referer'] ) ) {
 }
 
 $order_by = 'name';
-$order = ( isset( $_GET['order'] ) && 'asc' ==  strtolower( $_GET['order'] ) ) ? 'ASC' : 'DESC';
+$order = ( isset( $_GET['order'] ) && 'asc' ==  strtolower( sanitize_key( $_GET['order'] ) ) ) ? 'ASC' : 'DESC';
 
 if ( ! class_exists( 'WP_List_Table' ) ) {
 	require_once( ABSPATH . 'wp-admin/includes/class-wp-list-table.php' );
@@ -487,7 +487,7 @@ $ListTable->um_set_pagination_args( array( 'total_items' => count( $roles ), 'pe
 	</h2>
 
 	<?php if ( ! empty( $_GET['msg'] ) ) {
-		switch( $_GET['msg'] ) {
+		switch( sanitize_key( $_GET['msg'] ) ) {
 			case 'd':
 				echo '<div id="message" class="updated fade"><p>' . __( 'User Role <strong>Deleted</strong> Successfully.', 'ultimate-member' ) . '</p></div>';
 				break;
diff --git a/includes/admin/templates/directory/profile.php b/includes/admin/templates/directory/profile.php
index 9cfbddf1..c2bffda0 100644
--- a/includes/admin/templates/directory/profile.php
+++ b/includes/admin/templates/directory/profile.php
@@ -5,7 +5,7 @@
 
 	<?php $user_fields = array();
 	foreach ( UM()->builtin()->all_user_fields() as $key => $arr ) {
-		$user_fields[$key] = isset( $arr['title'] ) ? $arr['title'] : '';
+		$user_fields[ $key ] = isset( $arr['title'] ) ? $arr['title'] : '';
 	}
 
 	$post_id = get_the_ID();
diff --git a/includes/admin/templates/role/role-edit.php b/includes/admin/templates/role/role-edit.php
index adfad4a0..c451303f 100644
--- a/includes/admin/templates/role/role-edit.php
+++ b/includes/admin/templates/role/role-edit.php
@@ -47,10 +47,13 @@ $option = array();
 global $wp_roles;
 
 if ( ! empty( $_GET['id'] ) ) {
-	$data = get_option( "um_role_{$_GET['id']}_meta" );
+
+	$role_id = sanitize_key( $_GET['id'] );
+
+	$data = get_option( "um_role_{$role_id}_meta" );
 
 	if ( empty( $data['_um_is_custom'] ) ) {
-		$data['name'] = $wp_roles->roles[ $_GET['id'] ]['name'];
+		$data['name'] = $wp_roles->roles[ $role_id ]['name'];
 	}
 }
 
@@ -61,7 +64,7 @@ if ( ! empty( $_POST['role'] ) ) {
 	$redirect = '';
 	$error = '';
 
-	if ( 'add' == $_GET['tab'] ) {
+	if ( 'add' == sanitize_key( $_GET['tab'] ) ) {
 		if ( ! wp_verify_nonce( $_POST['um_nonce'], 'um-add-role' ) ) {
 			$error = __( 'Security Issue', 'ultimate-member' ) . '<br />';
 		}
@@ -75,7 +78,7 @@ if ( ! empty( $_POST['role'] ) ) {
 
 		$data = $_POST['role'];
 
-		if ( 'add' == $_GET['tab'] ) {
+		if ( 'add' == sanitize_key( $_GET['tab'] ) ) {
 
 			$data['name'] = trim( esc_html( strip_tags( $data['name'] ) ) );
 
@@ -92,8 +95,8 @@ if ( ! empty( $_POST['role'] ) ) {
 			}
 
 			$redirect = add_query_arg( array( 'page'=>'um_roles', 'tab'=>'edit', 'id'=>$id, 'msg'=>'a' ), admin_url( 'admin.php' ) );
-		} elseif ( 'edit' == $_GET['tab'] && ! empty( $_GET['id'] ) ) {
-			$id = $_GET['id'];
+		} elseif ( 'edit' == sanitize_key( $_GET['tab'] ) && ! empty( $_GET['id'] ) ) {
+			$id = sanitize_key( $_GET['id'] );
 
 			$pre_role_meta = get_option( "um_role_{$id}_meta", array() );
 			if ( isset( $pre_role_meta['name'] ) ) {
@@ -105,7 +108,7 @@ if ( ! empty( $_POST['role'] ) ) {
 
 
 		$all_roles = array_keys( get_editable_roles() );
-		if ( 'add' == $_GET['tab'] ) {
+		if ( 'add' == sanitize_key( $_GET['tab'] ) ) {
 			if ( in_array( 'um_' . $id, $all_roles ) || in_array( $id, $all_roles ) ) {
 				$error .= __( 'Role already exists!', 'ultimate-member' ) . '<br />';
 			}
@@ -113,7 +116,7 @@ if ( ! empty( $_POST['role'] ) ) {
 
 		if ( '' == $error ) {
 
-			if ( 'add' == $_GET['tab'] ) {
+			if ( 'add' == sanitize_key( $_GET['tab'] ) ) {
 				$roles = get_option( 'um_roles' );
 				$roles[] = $id;
 
@@ -148,14 +151,14 @@ $screen_id = $current_screen->id; ?>
 
 <div class="wrap">
 	<h2>
-		<?php echo ( 'add' == $_GET['tab'] ) ? __( 'Add New Role', 'ultimate-member' ) : __( 'Edit Role', 'ultimate-member' ) ?>
-		<?php if ( 'edit' == $_GET['tab'] ) { ?>
+		<?php echo ( 'add' == sanitize_key( $_GET['tab'] ) ) ? __( 'Add New Role', 'ultimate-member' ) : __( 'Edit Role', 'ultimate-member' ) ?>
+		<?php if ( 'edit' == sanitize_key( $_GET['tab'] ) ) { ?>
 			<a class="add-new-h2" href="<?php echo esc_url( add_query_arg( array( 'page' => 'um_roles', 'tab' => 'add' ), admin_url( 'admin.php' ) ) ) ?>"><?php _e( 'Add New', 'ultimate-member' ) ?></a>
 		<?php } ?>
 	</h2>
 
 	<?php if ( ! empty( $_GET['msg'] ) ) {
-		switch( $_GET['msg'] ) {
+		switch( sanitize_key( $_GET['msg'] ) ) {
 			case 'a':
 				echo '<div id="message" class="updated fade"><p>' . __( 'User Role <strong>Added</strong> Successfully.', 'ultimate-member' ) . '</p></div>';
 				break;
@@ -172,8 +175,8 @@ $screen_id = $current_screen->id; ?>
 	<?php } ?>
 
 	<form id="um_edit_role" action="" method="post">
-		<input type="hidden" name="role[id]" value="<?php echo isset( $_GET['id'] ) ? esc_attr( $_GET['id'] ) : '' ?>" />
-		<?php if ( 'add' == $_GET['tab'] ) { ?>
+		<input type="hidden" name="role[id]" value="<?php echo isset( $_GET['id'] ) ? esc_attr( sanitize_key( $_GET['id'] ) ) : '' ?>" />
+		<?php if ( 'add' == sanitize_key( $_GET['tab'] ) ) { ?>
 			<input type="hidden" name="role[_um_is_custom]" value="1" />
 			<input type="hidden" name="um_nonce" value="<?php echo esc_attr( wp_create_nonce( 'um-add-role' ) ) ?>" />
 		<?php } else { ?>
@@ -186,7 +189,7 @@ $screen_id = $current_screen->id; ?>
 				<div id="post-body-content">
 					<div id="titlediv">
 						<div id="titlewrap">
-							<?php if ( 'add' == $_GET['tab'] ) { ?>
+							<?php if ( 'add' == sanitize_key( $_GET['tab'] ) ) { ?>
 								<label for="title" class="screen-reader-text"><?php _e( 'Title', 'ultimate-member' ) ?></label>
 								<input type="text" name="role[name]" placeholder="<?php esc_attr_e( 'Enter Title Here', 'ultimate-member' ) ?>" id="title" value="<?php echo isset( $data['name'] ) ? $data['name'] : '' ?>" />
 							<?php } else { ?>
diff --git a/includes/admin/templates/role/wp-capabilities.php b/includes/admin/templates/role/wp-capabilities.php
index 4b0a7fa2..429ddae6 100644
--- a/includes/admin/templates/role/wp-capabilities.php
+++ b/includes/admin/templates/role/wp-capabilities.php
@@ -55,7 +55,7 @@
 	$role_capabilities = ! empty( $role['wp_capabilities'] ) ? array_keys( $role['wp_capabilities'] ) : array( 'read' );
 
 	if ( ! empty( $_GET['id'] ) ) {
-		$role = get_role( $_GET['id'] );
+		$role = get_role( sanitize_key( $_GET['id'] ) );
 	}
 
 	$all_caps = array();
diff --git a/includes/class-dependencies.php b/includes/class-dependencies.php
index a75b4495..499586ef 100644
--- a/includes/class-dependencies.php
+++ b/includes/class-dependencies.php
@@ -55,6 +55,7 @@ if ( ! class_exists( 'um\Dependencies' ) ) {
 			'terms-conditions'      => '2.1.1',
 			'unsplash'              => '2.0.2',
 			'user-bookmarks'        => '2.0.2',
+			'user-location'         => '1.0.0',
 			'user-photos'           => '2.0.4',
 			'user-tags'             => '2.1.0',
 			'verified-users'        => '2.0.5',
@@ -73,7 +74,6 @@ if ( ! class_exists( 'um\Dependencies' ) ) {
 			'user-exporter'         => '1.0.0',
 
 			/*in development*/
-			'user-location'         => '1.0',
 			'filesharing'           => '1.0.0',
 			'beaver-builder'        => '2.0',
 			'user-events'           => '1.0.0',
diff --git a/includes/core/class-enqueue.php b/includes/core/class-enqueue.php
index dbe487fd..086dedb7 100644
--- a/includes/core/class-enqueue.php
+++ b/includes/core/class-enqueue.php
@@ -295,11 +295,11 @@ if ( ! class_exists( 'um\core\Enqueue' ) ) {
 		 */
 		function load_css() {
 			wp_enqueue_style( 'um_styles' );
-			if ( is_rtl() ) {
+			/*if ( is_rtl() ) {
 				wp_enqueue_style( 'um_members_rtl' );
 			} else {
 				wp_enqueue_style( 'um_members' );
-			}
+			}*/
 
 			wp_enqueue_style( 'um_profile' );
 			wp_enqueue_style( 'um_account' );
@@ -349,7 +349,7 @@ if ( ! class_exists( 'um\core\Enqueue' ) ) {
 		function load_customjs() {
 			wp_enqueue_script('um_conditional');
 			wp_enqueue_script('um_scripts');
-			wp_enqueue_script('um_members');
+			//wp_enqueue_script('um_members');
 			wp_enqueue_script('um_profile');
 			wp_enqueue_script('um_account');
 		}
diff --git a/includes/core/class-shortcodes.php b/includes/core/class-shortcodes.php
index 0f91aed3..6042cc83 100644
--- a/includes/core/class-shortcodes.php
+++ b/includes/core/class-shortcodes.php
@@ -602,6 +602,15 @@ if ( ! class_exists( 'um\core\Shortcodes' ) ) {
 				$post_data['template'] = $post_data['mode'];
 			}
 
+			if ( 'directory' == $args['mode'] ) {
+				wp_enqueue_script( 'um_members' );
+				if ( is_rtl() ) {
+					wp_enqueue_style( 'um_members_rtl' );
+				} else {
+					wp_enqueue_style( 'um_members' );
+				}
+			}
+
 			if ( 'directory' != $args['mode'] ) {
 				$args = array_merge( $post_data, $args );
 
diff --git a/includes/um-short-functions.php b/includes/um-short-functions.php
index 5c33ded7..26a039cb 100644
--- a/includes/um-short-functions.php
+++ b/includes/um-short-functions.php
@@ -1115,7 +1115,9 @@ function um_filtered_value( $key, $data = false ) {
 
 
 /**
- * @return bool|int|null
+ * Returns requested User ID or current User ID
+ *
+ * @return int
  */
 function um_profile_id() {
 	$requested_user = um_get_requested_user();
@@ -1512,8 +1514,9 @@ function um_set_requested_user( $user_id ) {
  * @return bool|null
  */
 function um_get_requested_user() {
-	if ( ! empty( UM()->user()->target_id ) )
+	if ( ! empty( UM()->user()->target_id ) ) {
 		return UM()->user()->target_id;
+	}
 
 	return false;
 }
diff --git a/readme.txt b/readme.txt
index 1f41b9f0..2c4034ec 100644
--- a/readme.txt
+++ b/readme.txt
@@ -42,6 +42,7 @@ Read about all of the plugin's features at [Ultimate Member](https://ultimatemem
 
 Ultimate Member has a range of extensions that allow you to extend the power of the plugin. You can purchase all of these extensions at a significant discount with our [All Access Pass](https://ultimatemember.com/pricing/) or you can purchase extensions individually.
 
+* [User Location](https://ultimatemember.com/extensions/user-location/) - Allow users to add geolocations to profiles and show them at the member directories
 * [Profile Tabs](https://ultimatemember.com/extensions/profile-tabs/) - Allow users to add custom tabs to profiles
 * [Unsplash](https://ultimatemember.com/extensions/unsplash/) - Allow users to select a profile cover photo from [Unsplash](https://unsplash.com/) from their profile
 * [User Bookmarks](https://ultimatemember.com/extensions/user-bookmarks/) - Allow users to bookmark content from your website