10h30/ultimatemember
1
0
Fork 0
mirror of https://github.com/10h30/ultimatemember.git synced 2026-06-05 15:09:37 +09:00
Code Issues Packages Projects Releases Wiki Activity

- fixed profile form nonce;

Browse Source 
- fixed profile form getting ID and data;
- fixed class-access.php when restricted taxonomies are disabled;
This commit is contained in:
Nikita Sinelnikov
2021-08-19 12:58:13 +03:00
parent 6e4ed30171
commit 5d773256b9
4 changed files with 32 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files
includes/core/class-access.php
+10 -8
View File
@@ -204,14 +204,14 @@ if ( ! class_exists( 'um\core\Access' ) ) {
}
}
$restricted_taxonomies = array_values( $restricted_taxonomies );
}
if ( ! empty( $post_types ) ) {
$taxonomies = array();
foreach ( $post_types as $p_t ) {
$taxonomies = array_merge( $taxonomies, get_object_taxonomies( $p_t ) );
if ( ! empty( $post_types ) ) {
$taxonomies = array();
foreach ( $post_types as $p_t ) {
$taxonomies = array_merge( $taxonomies, get_object_taxonomies( $p_t ) );
}
$restricted_taxonomies = array_intersect( $taxonomies, $restricted_taxonomies );
}
$restricted_taxonomies = array_intersect( $taxonomies, $restricted_taxonomies );
}
if ( ! empty( $restricted_taxonomies ) ) {
@@ -327,9 +327,11 @@ if ( ! class_exists( 'um\core\Access' ) ) {
}
}
$restricted_taxonomies = array_values( $restricted_taxonomies );
}
$restricted_taxonomies = array_intersect( $query->query_vars['taxonomy'], $restricted_taxonomies );
if ( ! empty( $restricted_taxonomies ) ) {
$restricted_taxonomies = array_intersect( $query->query_vars['taxonomy'], $restricted_taxonomies );
}
}
if ( empty( $restricted_taxonomies ) ) {
return $exclude;
includes/core/class-fields.php
+11
View File
@@ -709,6 +709,12 @@ if ( ! class_exists( 'um\core\Fields' ) ) {
return '';
}
if ( 'profile' === $this->set_mode ) {
if ( ! isset( UM()->form()->post_form['profile_nonce'] ) || UM()->form()->post_form['profile_nonce'] !== UM()->form()->nonce ) {
return '';
}
}
return stripslashes_deep( UM()->form()->post_form[ $key ] );
} elseif ( um_user( $key ) && $this->editing == true ) {
@@ -3879,6 +3885,11 @@ if ( ! class_exists( 'um\core\Fields' ) ) {
UM()->form()->form_suffix = '-' . $this->global_args['form_id'];
$this->set_mode = $mode;
if ( 'profile' === $mode ) {
UM()->form()->nonce = wp_create_nonce( 'um-profile-nonce' . UM()->user()->target_id );
}
$this->set_id = $this->global_args['form_id'];
$this->field_icons = ( isset( $this->global_args['icons'] ) ) ? $this->global_args['icons'] : 'label';
includes/core/class-form.php
+10 -3
View File
@@ -32,6 +32,9 @@ if ( ! class_exists( 'um\core\Form' ) ) {
var $post_form = null;
var $nonce = null;
/**
* Form constructor.
*/
@@ -331,14 +334,18 @@ if ( ! class_exists( 'um\core\Form' ) ) {
if ( $http_post && ! is_admin() && isset( $_POST['form_id'] ) && is_numeric( $_POST['form_id'] ) ) {
$this->form_id = absint( $_POST['form_id'] );
$this->form_status = get_post_status( $this->form_id );
$this->form_data = UM()->query()->post_data( $this->form_id );
$this->form_id = absint( $_POST['form_id'] );
if ( 'um_form' !== get_post_type( $this->form_id ) ) {
return;
}
$this->form_status = get_post_status( $this->form_id );
if ( 'publish' !== $this->form_status ) {
return;
}
$this->form_data = UM()->query()->post_data( $this->form_id );
/**
* UM hook
*
includes/core/um-actions-profile.php
+1 -1
View File
@@ -629,7 +629,7 @@ function um_editing_user_id_input( $args ) {
if ( UM()->fields()->editing == 1 && UM()->fields()->set_mode == 'profile' && UM()->user()->target_id ) { ?>
<input type="hidden" name="user_id" id="user_id" value="<?php echo esc_attr( UM()->user()->target_id ); ?>" />
<input type="hidden" name="profile_nonce" id="profile_nonce" value="<?php echo esc_attr( wp_create_nonce( 'um-profile-nonce' . UM()->user()->target_id ) ); ?>" />
<input type="hidden" name="profile_nonce" id="profile_nonce" value="<?php echo esc_attr( UM()->form()->nonce ); ?>" />
<?php }
}