diff --git a/includes/core/um-actions-form.php b/includes/core/um-actions-form.php
index 0d0ed613..eea20d85 100644
--- a/includes/core/um-actions-form.php
+++ b/includes/core/um-actions-form.php
@@ -135,6 +135,29 @@ function um_submit_form_errors_hook( $args ) {
*/
do_action( 'um_submit_form_errors_hook__registration', $args );
+ } elseif ( $mode == 'profile' ) {
+
+ /**
+ * UM hook
+ *
+ * @type action
+ * @title um_submit_form_errors_hook__registration
+ * @description Submit registration form validation
+ * @input_vars
+ * [{"var":"$args","type":"array","desc":"Form Arguments"}]
+ * @change_log
+ * ["Since: 2.0"]
+ * @usage add_action( 'um_submit_form_errors_hook__registration', 'function_name', 10, 1 );
+ * @example
+ *
+ */
+ do_action( 'um_submit_form_errors_hook__profile', $args );
+
}
/**
diff --git a/includes/core/um-actions-profile.php b/includes/core/um-actions-profile.php
index 9131c656..b2e7a3eb 100644
--- a/includes/core/um-actions-profile.php
+++ b/includes/core/um-actions-profile.php
@@ -367,7 +367,7 @@ function um_user_edit_profile( $args ) {
$to_update[ $description_key ] = $args['submitted'][ $description_key ];
}
- if ( is_admin() || ( ! is_admin() && ( isset( $fields['role_select'] ) || isset( $fields['role_radio'] ) ) ) ) { // Secure selected role
+ if ( is_admin() || ( ! is_admin() && ( isset( $fields['role'] ) || isset( $fields['role_select'] ) || isset( $fields['role_radio'] ) ) ) ) { // Secure selected role
if ( ! empty( $args['submitted']['role'] ) ) {
global $wp_roles;
@@ -541,6 +541,18 @@ function um_user_edit_profile( $args ) {
add_action( 'um_user_edit_profile', 'um_user_edit_profile', 10 );
+/**
+ * @param array $post_form
+ */
+function um_profile_validate_nonce( $post_form ) {
+ $nonce = isset( $post_form['profile_nonce'] ) ? $post_form['profile_nonce'] : '';
+ if ( empty( $nonce ) || ! wp_verify_nonce( $nonce, 'um-profile-nonce' ) ) {
+ wp_die( __( 'This is not possible for security reasons.', 'ultimate-member' ) );
+ }
+}
+add_action( 'um_submit_form_errors_hook__profile', 'um_profile_validate_nonce', 10, 1 );
+
+
add_filter( 'um_user_pre_updating_files_array', array( UM()->validation(), 'validate_files' ), 10, 1 );
add_filter( 'um_before_save_filter_submitted', array( UM()->validation(), 'validate_fields_values' ), 10, 2 );
@@ -585,6 +597,7 @@ function um_editing_user_id_input( $args ) {
if ( UM()->fields()->editing == 1 && UM()->fields()->set_mode == 'profile' && UM()->user()->target_id ) { ?>
+