From 6e9d1224949ef62b72fa5fd6fead99314c69bb34 Mon Sep 17 00:00:00 2001
From: Mykyta Synelnikov <nsinelnikov.work@gmail.com>
Date: Sat, 2 Sep 2023 00:53:51 +0300
Subject: [PATCH] - fixed "is_block" argument for ultimatemember shortcodes; -
 added sanitize shortcode arguments functions;

---
 includes/core/class-account.php    | 16 ++++++++--------
 includes/core/class-fields.php     | 10 +++++-----
 includes/core/class-shortcodes.php |  8 ++++++--
 3 files changed, 19 insertions(+), 15 deletions(-)

diff --git a/includes/core/class-account.php b/includes/core/class-account.php
index 03786d90..d48e08d1 100644
--- a/includes/core/class-account.php
+++ b/includes/core/class-account.php
@@ -610,8 +610,8 @@ if ( ! class_exists( 'um\core\Account' ) ) {
 					$this->init_displayed_fields( $fields, $id );
 
 					foreach ( $fields as $key => $data ) {
-						if ( isset( $shortcode_args['is_block'] ) && 1 === (int) $shortcode_args['is_block'] ) {
-							$data['is_block'] = 1;
+						if ( ! empty( $shortcode_args['is_block'] ) ) {
+							$data['is_block'] = true;
 						}
 						$output .= UM()->fields()->edit_field( $key, $data );
 					}
@@ -653,8 +653,8 @@ if ( ! class_exists( 'um\core\Account' ) ) {
 					$this->init_displayed_fields( $fields, $id );
 
 					foreach ( $fields as $key => $data ) {
-						if ( isset( $shortcode_args['is_block'] ) && 1 === (int) $shortcode_args['is_block'] ) {
-							$data['is_block'] = 1;
+						if ( ! empty( $shortcode_args['is_block'] ) ) {
+							$data['is_block'] = true;
 						}
 						$output .= UM()->fields()->edit_field( $key, $data );
 					}
@@ -710,8 +710,8 @@ if ( ! class_exists( 'um\core\Account' ) ) {
 					$this->init_displayed_fields( $fields, $id );
 
 					foreach ( $fields as $key => $data ) {
-						if ( isset( $shortcode_args['is_block'] ) && 1 === (int) $shortcode_args['is_block'] ) {
-							$data['is_block'] = 1;
+						if ( ! empty( $shortcode_args['is_block'] ) ) {
+							$data['is_block'] = true;
 						}
 						$output .= UM()->fields()->edit_field( $key, $data );
 					}
@@ -751,8 +751,8 @@ if ( ! class_exists( 'um\core\Account' ) ) {
 					$this->init_displayed_fields( $fields, $id );
 
 					foreach ( $fields as $key => $data ) {
-						if ( isset( $shortcode_args['is_block'] ) && 1 === (int) $shortcode_args['is_block'] ) {
-							$data['is_block'] = 1;
+						if ( ! empty( $shortcode_args['is_block'] ) ) {
+							$data['is_block'] = true;
 						}
 						$output .= UM()->fields()->edit_field( $key, $data );
 					}
diff --git a/includes/core/class-fields.php b/includes/core/class-fields.php
index fdbba3ec..298a617e 100644
--- a/includes/core/class-fields.php
+++ b/includes/core/class-fields.php
@@ -2094,7 +2094,7 @@ if ( ! class_exists( 'um\core\Fields' ) ) {
 		public function edit_field( $key, $data, $rule = false, $args = array() ) {
 			global $_um_profile_id;
 
-			if ( isset( $data['is_block'] ) && 1 === (int) $data['is_block'] ) {
+			if ( ! empty( $data['is_block'] ) ) {
 				$form_suffix = '';
 			} else {
 				$form_suffix = UM()->form()->form_suffix;
@@ -2106,7 +2106,7 @@ if ( ! class_exists( 'um\core\Fields' ) ) {
 				$_um_profile_id = um_user( 'ID' );
 			}
 
-			if ( isset( $data['is_block'] ) && 1 === (int) $data['is_block'] && ! is_user_logged_in() ) {
+			if ( ! empty( $data['is_block'] ) && ! is_user_logged_in() ) {
 				$_um_profile_id = 0;
 			}
 
@@ -4124,7 +4124,7 @@ if ( ! class_exists( 'um\core\Fields' ) ) {
 									if ( $col1_fields ) {
 										foreach ( $col1_fields as $key => $data ) {
 											if ( ! empty( $args['is_block'] ) ) {
-												$data['is_block'] = 1;
+												$data['is_block'] = true;
 											}
 											$output .= $this->edit_field( $key, $data );
 										}
@@ -4138,7 +4138,7 @@ if ( ! class_exists( 'um\core\Fields' ) ) {
 									if ( $col1_fields ) {
 										foreach ( $col1_fields as $key => $data ) {
 											if ( ! empty( $args['is_block'] ) ) {
-												$data['is_block'] = 1;
+												$data['is_block'] = true;
 											}
 											$output .= $this->edit_field( $key, $data );
 										}
@@ -4150,7 +4150,7 @@ if ( ! class_exists( 'um\core\Fields' ) ) {
 									if ( $col2_fields ) {
 										foreach ( $col2_fields as $key => $data ) {
 											if ( ! empty( $args['is_block'] ) ) {
-												$data['is_block'] = 1;
+												$data['is_block'] = true;
 											}
 											$output .= $this->edit_field( $key, $data );
 										}
diff --git a/includes/core/class-shortcodes.php b/includes/core/class-shortcodes.php
index 87175b7b..ef725888 100644
--- a/includes/core/class-shortcodes.php
+++ b/includes/core/class-shortcodes.php
@@ -606,12 +606,16 @@ if ( ! class_exists( 'um\core\Shortcodes' ) ) {
 			$args = shortcode_atts(
 				array(
 					'form_id'  => '',
-					'is_block' => 0,
+					'is_block' => false,
 				),
 				$args,
 				'ultimatemember'
 			);
 
+			// Sanitize shortcode arguments.
+			$args['form_id']  = ! empty( $args['form_id'] ) ? absint( $args['form_id'] ) : '';
+			$args['is_block'] = (bool) $args['is_block'];
+
 			/**
 			 * Filters variable for enable singleton shortcode loading on the same page.
 			 * Note: Set it to `false` if you don't need to render the same form twice or more on the same page.
@@ -779,7 +783,7 @@ if ( ! class_exists( 'um\core\Shortcodes' ) ) {
 				}
 			}
 
-			if ( isset( $args['is_block'] ) && 1 === (int) $args['is_block'] && 'profile' === $mode && ! is_user_logged_in() ) {
+			if ( 'profile' === $mode && ! empty( $args['is_block'] ) && ! is_user_logged_in() ) {
 				ob_get_clean();
 				return '';
 			}