- Added: Ability for the integration with Gutenberg Block restriction settings (extends the block restriction settings via 3rd-party plugins);

- Added: Invalid nonce validation on Login and Registration pages instead of wp_die()

includes/admin/assets/css/um-admin-modal.css

@@ -181,7 +181,7 @@
 
 .um-admin-btn-content {
 	display: none;
-	padding: 10px 0 0 0;
+	padding: 5px 0 0 0;
 }
 
 .um-admin-btn-content p {
@@ -190,6 +190,15 @@
 	padding: 0 !important;
 }
 
+.um-admin-btn-content p.um-admin-conditions-notice {
+	width: 100%;
+	margin: 0 0 9px 0 !important;
+}
+
+.um-admin-btn-content .um-admin-cur-condition:not(:last-child) {
+	margin: 0 0 5px 0;
+}
+
 .dynamic-mce-content {display: none}
 
 /*

includes/admin/assets/js/um-admin-blocks.js

@@ -1,24 +1,24 @@
 'use strict';
 
-/**
- * Add Control element
- */
-var um_el = wp.element.createElement;
-
 var um_components = wp.components,
-	umToggleControl = um_components.ToggleControl,
 	umSelectControl = um_components.SelectControl,
-	umTextareaControl = um_components.TextareaControl,
-	umPanelBody = um_components.PanelBody;
+	umTextareaControl = um_components.TextareaControl;
+
+
+function um_admin_blocks_custom_fields( um_condition_fields, props ) {
+	return wp.hooks.applyFilters( 'um_admin_blocks_custom_fields', [], um_condition_fields, props );
+}
 
 var um_block_restriction = wp.compose.createHigherOrderComponent( function( BlockEdit ) {
 	var um_condition_fields = {
-		um_who_access:'um_block_settings_hide',
-		um_roles_access:'um_block_settings_hide',
-		um_message_type:'um_block_settings_hide',
-		um_message_content:'um_block_settings_hide'
+		um_who_access:      'um_block_settings_hide',
+		um_roles_access:    'um_block_settings_hide',
+		um_message_type:    'um_block_settings_hide',
+		um_message_content: 'um_block_settings_hide'
 	};
 
+	um_condition_fields = wp.hooks.applyFilters( 'um_admin_blocks_condition_fields_default', um_condition_fields );
+
 	return function( props ) {
 
 		if ( props.attributes.um_is_restrict !== true ) {
@@ -53,20 +53,22 @@ var um_block_restriction = wp.compose.createHigherOrderComponent( function( Bloc
 			}
 		}
 
-		return um_el(
+		um_condition_fields = wp.hooks.applyFilters( 'um_admin_blocks_condition_fields', um_condition_fields, props );
+
+		return wp.element.createElement(
 			wp.element.Fragment,
 			{},
-			um_el( BlockEdit, props ),
-			um_el(
+			wp.element.createElement( BlockEdit, props ),
+			wp.element.createElement(
 				wp.editor.InspectorControls,
 				{},
-				um_el(
-					umPanelBody,
+				wp.element.createElement(
+					wp.components.PanelBody,
 					{
 						title: wp.i18n.__( 'UM access Controls', 'ultimate-member' )
 					},
-					um_el(
-						umToggleControl,
+					wp.element.createElement(
+						wp.components.ToggleControl,
 						{
 							label: wp.i18n.__( 'Restrict access?', 'ultimate-member' ),
 							checked: props.attributes.um_is_restrict,
@@ -80,10 +82,12 @@ var um_block_restriction = wp.compose.createHigherOrderComponent( function( Bloc
 								} else {
 									um_condition_fields['um_who_access'] = '';
 								}
+
+								um_condition_fields = wp.hooks.applyFilters( 'um_admin_blocks_condition_fields_on_change', um_condition_fields, 'um_is_restrict', value );
 							}
 						}
 					),
-					um_el(
+					wp.element.createElement(
 						umSelectControl,
 						{
 							type: 'number',
@@ -117,10 +121,12 @@ var um_block_restriction = wp.compose.createHigherOrderComponent( function( Bloc
 									um_condition_fields['um_message_type'] = '';
 									um_condition_fields['um_roles_access'] = 'um_block_settings_hide';
 								}
+
+								um_condition_fields = wp.hooks.applyFilters( 'um_admin_blocks_condition_fields_on_change', um_condition_fields, 'um_who_access', value );
 							}
 						}
 					),
-					um_el(
+					wp.element.createElement(
 						umSelectControl,
 						{
 							multiple: true,
@@ -133,7 +139,7 @@ var um_block_restriction = wp.compose.createHigherOrderComponent( function( Bloc
 							}
 						}
 					),
-					um_el(
+					wp.element.createElement(
 						umSelectControl,
 						{
 							type: 'number',
@@ -164,7 +170,7 @@ var um_block_restriction = wp.compose.createHigherOrderComponent( function( Bloc
 							}
 						}
 					),
-					um_el(
+					wp.element.createElement(
 						umTextareaControl,
 						{
 							type: 'number',
@@ -175,7 +181,8 @@ var um_block_restriction = wp.compose.createHigherOrderComponent( function( Bloc
 								props.setAttributes({ um_message_content: value });
 							}
 						}
-					)
+					),
+					um_admin_blocks_custom_fields( um_condition_fields, props )
 				)
 			)
 		);
@@ -208,6 +215,8 @@ var um_block_restrict_settings = {
 	}
 };
 
+um_block_restrict_settings = wp.hooks.applyFilters( 'um_admin_blocks_restrict_settings', um_block_restrict_settings );
+
 
 /**
  *

includes/admin/core/class-admin-builder.php

@@ -227,8 +227,16 @@ if ( ! class_exists( 'um\admin\core\Admin_Builder' ) ) {
 
 						<div class="um-admin-clear"></div>
 					</div>
+					<p class="um-admin-conditions-notice">
+						<small>
+							<?php _e( 'Use the condition operator `equals to` or `not equals` if the parent field has a single option.', 'ultimate-member' ); ?>
+							<br><?php _e( 'Use the condition operator `greater than` or `less than` if the parent field is a number.', 'ultimate-member' ); ?>
+							<br><?php _e( 'Use the condition operator `contains` if the parent field has multiple options.', 'ultimate-member' ); ?>
+						</small>
+					</p>
 					<p><a href="javascript:void(0);" class="um-admin-new-condition button button-primary um-admin-tipsy-n" title="Add new condition"><?php _e( 'Add new rule', 'ultimate-member' ); ?></a></p>
 					<p class="um-admin-reset-conditions"><a href="javascript:void(0);" class="button"><?php _e( 'Reset all rules', 'ultimate-member' ); ?></a></p>
+
 					<div class="um-admin-clear"></div>
 
 					<?php if ( isset( $edit_array['conditions'] ) && count( $edit_array['conditions'] ) != 0 ) {
@@ -267,11 +275,6 @@ if ( ! class_exists( 'um\admin\core\Admin_Builder' ) ) {
 						</div>
 
 					<?php } ?>
-					<small>
-						<br><?php _e( 'Use the condition operator `equals to` or `not equals` if the parent field has a single option.', 'ultimate-member' ); ?>
-						<br><?php _e( 'Use the condition operator `greater than` or `less than` if the parent field is a number.', 'ultimate-member' ); ?>
-						<br><?php _e( 'Use the condition operator `contains` if the parent field has multiple options.', 'ultimate-member' ); ?>
-					</small>
 				</div>
 			</div>
 

includes/admin/core/class-admin-enqueue.php

@@ -437,7 +437,7 @@ if ( ! class_exists( 'um\admin\core\Admin_Enqueue' ) ) {
 				return;
 			}
 
-			wp_register_script( 'um_block_js', $this->js_url . 'um-admin-blocks.js', array( 'wp-i18n', 'wp-blocks', 'wp-components' ), ultimatemember_version, true );
+			wp_register_script( 'um_block_js', $this->js_url . 'um-admin-blocks.js', array( 'wp-i18n', 'wp-blocks', 'wp-components', 'wp-hooks' ), ultimatemember_version, true );
 			wp_set_script_translations( 'um_block_js', 'ultimate-member' );
 
 			$restrict_options = array();

includes/admin/core/class-admin-settings.php

@@ -1703,7 +1703,7 @@ if ( ! class_exists( 'um\admin\core\Admin_Settings' ) ) {
 
 				if ( ( ! wp_verify_nonce( $nonce, 'um-settings-nonce' ) || empty( $nonce ) ) || ! current_user_can( 'manage_options' ) ) {
 					// This nonce is not valid.
-					wp_die( 'Security Check' );
+					wp_die( __( 'Security Check', 'ultimate-member' ) );
 				}
 
 				/**

includes/admin/core/class-admin-users.php

@@ -138,7 +138,7 @@ if ( ! class_exists( 'um\admin\core\Admin_Users' ) ) {
 
 				case 'um_delete':
 					if ( is_admin() ) {
-						wp_die( 'This action is not allowed in backend.', 'ultimate-member' );
+						wp_die( __( 'This action is not allowed in backend.', 'ultimate-member' ) );
 					}
 					UM()->user()->delete();
 					break;

includes/core/class-access.php

@@ -1394,6 +1394,9 @@ if ( ! class_exists( 'um\core\Access' ) ) {
 							}
 						}
 					} else {
+						$display = true;
+
+						// What roles can access this content?
 						if ( ! empty( $block['attrs']['um_roles_access'] ) ) {
 							$display = false;
 							foreach ( $block['attrs']['um_roles_access'] as $role ) {
@@ -1401,15 +1404,17 @@ if ( ! class_exists( 'um\core\Access' ) ) {
 									$display = true;
 								}
 							}
+						}
 
-							if ( ! $display ) {
-								$block_content = '';
-								if ( isset( $block['attrs']['um_message_type'] ) ) {
-									if ( $block['attrs']['um_message_type'] == '1' ) {
-										$block_content = $default_message;
-									} elseif ( $block['attrs']['um_message_type'] == '2' ) {
-										$block_content = $block['attrs']['um_message_content'];
-									}
+						$display = apply_filters( 'um_loggedin_block_restriction', $display, $block );
+
+						if ( ! $display ) {
+							$block_content = '';
+							if ( isset( $block['attrs']['um_message_type'] ) ) {
+								if ( $block['attrs']['um_message_type'] == '1' ) {
+									$block_content = $default_message;
+								} elseif ( $block['attrs']['um_message_type'] == '2' ) {
+									$block_content = $block['attrs']['um_message_content'];
 								}
 							}
 						}

includes/core/class-form.php

@@ -439,7 +439,7 @@ if ( ! class_exists( 'um\core\Form' ) ) {
 					}
 
 					if ( isset( $_POST[ UM()->honeypot ] ) && $_POST[ UM()->honeypot ] != '' ) {
-						wp_die( 'Hello, spam bot!', 'ultimate-member' );
+						wp_die( __( 'Hello, spam bot!', 'ultimate-member' ) );
 					}
 
 					/**

includes/core/class-login.php

@@ -75,7 +75,8 @@ if ( ! class_exists( 'um\core\Login' ) ) {
 			}
 
 			if ( ! wp_verify_nonce( $args['_wpnonce'], 'um_login_form' ) || empty( $args['_wpnonce'] ) || ! isset( $args['_wpnonce'] ) ) {
-				wp_die( __( 'Invalid Nonce.', 'ultimate-member' ) );
+				$url = apply_filters( 'um_login_invalid_nonce_redirect_url', add_query_arg( [ 'err' => 'invalid_nonce' ] ) );
+				exit( wp_redirect( $url ) );
 			}
 
 			return $args;

includes/core/class-password.php

@@ -445,7 +445,7 @@ if ( ! class_exists( 'um\core\Password' ) ) {
 		function um_reset_password_errors_hook( $args ) {
 
 			if ( $_POST[ UM()->honeypot ] != '' ) {
-				wp_die( 'Hello, spam bot!', 'ultimate-member' );
+				wp_die( __( 'Hello, spam bot!', 'ultimate-member' ) );
 			}
 
 			$user = "";
@@ -527,7 +527,7 @@ if ( ! class_exists( 'um\core\Password' ) ) {
 		 */
 		function um_change_password_errors_hook( $args ) {
 			if ( isset( $_POST[ UM()->honeypot ] ) && $_POST[ UM()->honeypot ] != '' ) {
-				wp_die( 'Hello, spam bot!', 'ultimate-member' );
+				wp_die( __( 'Hello, spam bot!', 'ultimate-member' ) );
 			}
 
 			if ( ! is_user_logged_in() && isset( $args ) && ! um_is_core_page( 'password-reset' ) ||

includes/core/class-register.php

@@ -68,7 +68,8 @@ if ( ! class_exists( 'um\core\Register' ) ) {
 			}
 
 			if ( ! wp_verify_nonce( $args['_wpnonce'], 'um_register_form' ) || empty( $args['_wpnonce'] ) || ! isset( $args['_wpnonce'] ) ) {
-				wp_die( __( 'Invalid Nonce.', 'ultimate-member' ) );
+				$url = apply_filters( 'um_register_invalid_nonce_redirect_url', add_query_arg( [ 'err' => 'invalid_nonce' ] ) );
+				exit( wp_redirect( $url ) );
 			}
 
 			return $args;

includes/core/um-actions-form.php

@@ -837,4 +837,20 @@ function um_submit_form_errors_hook_( $args ) {
 		} // end if ( isset in args array )
 	}
 }
-add_action( 'um_submit_form_errors_hook_', 'um_submit_form_errors_hook_', 10 );
+add_action( 'um_submit_form_errors_hook_', 'um_submit_form_errors_hook_', 10 );
+
+
+/**
+ * @param string $url
+ *
+ * @return string
+ */
+function um_invalid_nonce_redirect_url( $url ) {
+	$url = add_query_arg( [
+		'um-hash'   => substr( md5( rand() ), 0, 6 ),
+	], remove_query_arg( 'um-hash', $url ) );
+
+	return $url;
+}
+add_filter( 'um_login_invalid_nonce_redirect_url', 'um_invalid_nonce_redirect_url', 10, 1 );
+add_filter( 'um_register_invalid_nonce_redirect_url', 'um_invalid_nonce_redirect_url', 10, 1 );

includes/core/um-actions-misc.php

@@ -186,6 +186,10 @@ function um_add_update_notice( $args ) {
 				$err = __( 'Your membership request has been rejected.', 'ultimate-member' );
 				break;
 
+			case 'invalid_nonce':
+				$err = __( 'An error has been encountered. Probably page was cached. Please try again.', 'ultimate-member' );
+				break;
+
 		}
 	}
 

readme.txt

@@ -161,6 +161,11 @@ The plugin works with popular caching plugins by automatically excluding Ultimat
 
   - Added: `um_member_directory_cover_image_size` hook with ability to change the cover photo size on the member directory
   - Added: `um_member_directory_get_members_allow` JS hook for 3rd-party integration with the member directory. You could use a time throttle until some data is loaded
+  - Added: Notice about the fields' conditional logic rules + small CSS enhancements
+  - Added: Invalid nonce validation on Login and Registration pages instead of wp_die()
+  - Added: Privacy settings for the Divider field type (#688)
+  - Added: Ability for the integration with Gutenberg Block restriction settings (extends the block restriction settings via 3rd-party plugins)
+  - Added: Strings translations
 
 * Bugfixes:
 
@@ -170,7 +175,7 @@ The plugin works with popular caching plugins by automatically excluding Ultimat
   - Fixed: Issue with apostrophe options in the multiselect/checkbox fields (#689)
   - Fixed: Translation for Password field's label
   - Fixed: Download Personal Data URL
-  - Fixed: Vulnerability with timestamp field on UM Forms
+  - Fixed: Vulnerability with timestamp field on UM Forms (the hidden field with name='timestamp' is deprecated)
 
 * Tweaks:
 

templates/message.php

@@ -3,7 +3,9 @@
 <div class="um <?php echo esc_attr( $this->get_class( $mode ) ); ?> um-<?php echo esc_attr( $form_id ); ?>">
 
 	<div class="um-postmessage">
-		<?php printf( __( '%s', 'ultimate-member' ), $this->custom_message ); ?>
+		<?php
+		// translators: %s: The message after registration process based on a role data and user status after registration
+		printf( __( '%s', 'ultimate-member' ), $this->custom_message ); ?>
 	</div>
 
 </div>

templates/restricted-taxonomy.php

@@ -2,52 +2,53 @@
 
 get_header(); ?>
 
-	<div class="wrap">
+<div class="wrap">
 
-		<?php if ( have_posts() ) : ?>
-			<header class="page-header">
-				<?php
-				the_archive_title( '<h1 class="page-title">', '</h1>' );
-				the_archive_description( '<div class="taxonomy-description">', '</div>' );
-				?>
-			</header><!-- .page-header -->
-		<?php endif; ?>
+	<?php if ( have_posts() ) : ?>
+		<header class="page-header">
+			<?php
+			the_archive_title( '<h1 class="page-title">', '</h1>' );
+			the_archive_description( '<div class="taxonomy-description">', '</div>' );
+			?>
+		</header><!-- .page-header -->
+	<?php endif; ?>
 
-		<div id="primary" class="content-area">
-			<main id="main" class="site-main" role="main">
+	<div id="primary" class="content-area">
+		<main id="main" class="site-main" role="main">
 
-				<?php if ( is_tag() ) {
-					$tag_id = get_query_var( 'tag_id' );
-					if ( ! empty( $tag_id ) ) {
-						$restriction = get_term_meta( $tag_id, 'um_content_restriction', true );
-					}
-				} elseif ( is_category() ) {
-					$um_category = get_category( get_query_var( 'cat' ) );
-
-					if ( ! empty( $um_category->term_id ) ) {
-						$restriction = get_term_meta( $um_category->term_id, 'um_content_restriction', true );
-					}
-				} elseif ( is_tax() ) {
-					$tax_name = get_query_var( 'taxonomy' );
-					$term_name = get_query_var( 'term' );
-					$term = get_term_by( 'slug', $term_name, $tax_name );
-					if ( ! empty( $term->term_id ) ) {
-						$restriction = get_term_meta( $term->term_id, 'um_content_restriction', true );
-					}
+			<?php if ( is_tag() ) {
+				$tag_id = get_query_var( 'tag_id' );
+				if ( ! empty( $tag_id ) ) {
+					$restriction = get_term_meta( $tag_id, 'um_content_restriction', true );
 				}
+			} elseif ( is_category() ) {
+				$um_category = get_category( get_query_var( 'cat' ) );
 
-				if ( ! isset( $restriction['_um_restrict_by_custom_message'] ) || '0' == $restriction['_um_restrict_by_custom_message'] ) {
-					$restricted_global_message = UM()->options()->get( 'restricted_access_message' );
-					$message = stripslashes( $restricted_global_message );
-				} elseif ( '1' == $restriction['_um_restrict_by_custom_message'] ) {
-					$message = ! empty( $restriction['_um_restrict_custom_message'] ) ? stripslashes( $restriction['_um_restrict_custom_message'] ) : '';
+				if ( ! empty( $um_category->term_id ) ) {
+					$restriction = get_term_meta( $um_category->term_id, 'um_content_restriction', true );
 				}
+			} elseif ( is_tax() ) {
+				$tax_name = get_query_var( 'taxonomy' );
+				$term_name = get_query_var( 'term' );
+				$term = get_term_by( 'slug', $term_name, $tax_name );
+				if ( ! empty( $term->term_id ) ) {
+					$restriction = get_term_meta( $term->term_id, 'um_content_restriction', true );
+				}
+			}
 
-				echo $message; ?>
+			if ( ! isset( $restriction['_um_restrict_by_custom_message'] ) || '0' == $restriction['_um_restrict_by_custom_message'] ) {
+				$restricted_global_message = UM()->options()->get( 'restricted_access_message' );
+				$message = stripslashes( $restricted_global_message );
+			} elseif ( '1' == $restriction['_um_restrict_by_custom_message'] ) {
+				$message = ! empty( $restriction['_um_restrict_custom_message'] ) ? stripslashes( $restriction['_um_restrict_custom_message'] ) : '';
+			}
 
-			</main><!-- #main -->
-		</div><!-- #primary -->
-		<?php get_sidebar(); ?>
-	</div><!-- .wrap -->
+			// translators: %s: Restricted taxonomy message.
+			printf( __( '%s', 'ultimate-member' ), $message ); ?>
+
+		</main><!-- #main -->
+	</div><!-- #primary -->
+	<?php get_sidebar(); ?>
+</div><!-- .wrap -->
 
 <?php get_footer();

ultimate-member.php

@@ -3,7 +3,7 @@
 Plugin Name: Ultimate Member
 Plugin URI: http://ultimatemember.com/
 Description: The easiest way to create powerful online communities and beautiful user profiles with WordPress
-Version: 2.1.13-rc.1
+Version: 2.1.13-rc.2
 Author: Ultimate Member
 Author URI: http://ultimatemember.com/
 Text Domain: ultimate-member