From 6a5396106a661e6bbe2cd77f44559811f67f2425 Mon Sep 17 00:00:00 2001
From: nikitasinelnikov <nsinelnikov.work@gmail.com>
Date: Tue, 29 Sep 2020 15:40:20 +0300
Subject: [PATCH] - added profile form nonce;

---
 includes/core/um-actions-form.php    | 23 +++++++++++++++++++++++
 includes/core/um-actions-profile.php | 15 ++++++++++++++-
 readme.txt                           |  7 +++++++
 ultimate-member.php                  |  2 +-
 4 files changed, 45 insertions(+), 2 deletions(-)

diff --git a/includes/core/um-actions-form.php b/includes/core/um-actions-form.php
index 0d0ed613..eea20d85 100644
--- a/includes/core/um-actions-form.php
+++ b/includes/core/um-actions-form.php
@@ -135,6 +135,29 @@ function um_submit_form_errors_hook( $args ) {
 		 */
 		do_action( 'um_submit_form_errors_hook__registration', $args );
 
+	} elseif ( $mode == 'profile' ) {
+
+		/**
+		 * UM hook
+		 *
+		 * @type action
+		 * @title um_submit_form_errors_hook__registration
+		 * @description Submit registration form validation
+		 * @input_vars
+		 * [{"var":"$args","type":"array","desc":"Form Arguments"}]
+		 * @change_log
+		 * ["Since: 2.0"]
+		 * @usage add_action( 'um_submit_form_errors_hook__registration', 'function_name', 10, 1 );
+		 * @example
+		 * <?php
+		 * add_action( 'um_submit_form_errors_hook__profile', 'my_submit_form_errors_hook__profile', 10, 1 );
+		 * function my_submit_form_errors_registration( $args ) {
+		 *     // your code here
+		 * }
+		 * ?>
+		 */
+		do_action( 'um_submit_form_errors_hook__profile', $args );
+
 	}
 
 	/**
diff --git a/includes/core/um-actions-profile.php b/includes/core/um-actions-profile.php
index 9131c656..b2e7a3eb 100644
--- a/includes/core/um-actions-profile.php
+++ b/includes/core/um-actions-profile.php
@@ -367,7 +367,7 @@ function um_user_edit_profile( $args ) {
 		$to_update[ $description_key ] = $args['submitted'][ $description_key ];
 	}
 
-	if ( is_admin() || ( ! is_admin() && ( isset( $fields['role_select'] ) || isset( $fields['role_radio'] ) ) ) ) {  // Secure selected role
+	if ( is_admin() || ( ! is_admin() && ( isset( $fields['role'] ) || isset( $fields['role_select'] ) || isset( $fields['role_radio'] ) ) ) ) {  // Secure selected role
 
 		if ( ! empty( $args['submitted']['role'] ) ) {
 			global $wp_roles;
@@ -541,6 +541,18 @@ function um_user_edit_profile( $args ) {
 add_action( 'um_user_edit_profile', 'um_user_edit_profile', 10 );
 
 
+/**
+ * @param array $post_form
+ */
+function um_profile_validate_nonce( $post_form ) {
+	$nonce = isset( $post_form['profile_nonce'] ) ? $post_form['profile_nonce'] : '';
+	if ( empty( $nonce ) || ! wp_verify_nonce( $nonce, 'um-profile-nonce' ) ) {
+		wp_die( __( 'This is not possible for security reasons.', 'ultimate-member' ) );
+	}
+}
+add_action( 'um_submit_form_errors_hook__profile', 'um_profile_validate_nonce', 10, 1 );
+
+
 add_filter( 'um_user_pre_updating_files_array', array( UM()->validation(), 'validate_files' ), 10, 1 );
 add_filter( 'um_before_save_filter_submitted', array( UM()->validation(), 'validate_fields_values' ), 10, 2 );
 
@@ -585,6 +597,7 @@ function um_editing_user_id_input( $args ) {
 	if ( UM()->fields()->editing == 1 && UM()->fields()->set_mode == 'profile' && UM()->user()->target_id ) { ?>
 
 		<input type="hidden" name="user_id" id="user_id" value="<?php echo esc_attr( UM()->user()->target_id ); ?>" />
+		<input type="hidden" name="profile_nonce" id="profile_nonce" value="<?php echo esc_attr( wp_create_nonce( 'um-profile-nonce' ) ); ?>" />
 
 	<?php }
 }
diff --git a/readme.txt b/readme.txt
index ee1af075..c79e8d6a 100644
--- a/readme.txt
+++ b/readme.txt
@@ -156,6 +156,13 @@ The plugin works with popular caching plugins by automatically excluding Ultimat
 * To learn more about version 2.1 please see this [docs](https://docs.ultimatemember.com/article/1512-upgrade-2-1-0)
 * UM2.1+ is a significant update to the Member Directories' code base from 2.0.x. Please make sure you take a full-site backup with restore point before updating the plugin
 
+= 2.1.11: October xx, 2020 =
+
+* Bugfixes:
+
+  - Fixed can_view_profile function
+  - Fixed security patch for role change via profile form
+
 = 2.1.10: September 23, 2020 =
 
 * Enhancements:
diff --git a/ultimate-member.php b/ultimate-member.php
index 0f376c8c..5540be2e 100644
--- a/ultimate-member.php
+++ b/ultimate-member.php
@@ -3,7 +3,7 @@
 Plugin Name: Ultimate Member
 Plugin URI: http://ultimatemember.com/
 Description: The easiest way to create powerful online communities and beautiful user profiles with WordPress
-Version: 2.1.10
+Version: 2.1.11-rc.1
 Author: Ultimate Member
 Author URI: http://ultimatemember.com/
 Text Domain: ultimate-member