diff --git a/assets/dynamic_css/dynamic-directory.php b/assets/dynamic_css/dynamic-directory.php new file mode 100644 index 00000000..31f12f1c --- /dev/null +++ b/assets/dynamic_css/dynamic-directory.php @@ -0,0 +1,38 @@ + + diff --git a/assets/dynamic_css/dynamic-global.php b/assets/dynamic_css/dynamic-global.php new file mode 100644 index 00000000..641ebf62 --- /dev/null +++ b/assets/dynamic_css/dynamic-global.php @@ -0,0 +1,21 @@ + + diff --git a/assets/dynamic_css/dynamic-profile.php b/assets/dynamic_css/dynamic-profile.php new file mode 100644 index 00000000..14803fd2 --- /dev/null +++ b/assets/dynamic_css/dynamic-profile.php @@ -0,0 +1,37 @@ + + diff --git a/assets/dynamic_css/dynamic_directory.php b/assets/dynamic_css/dynamic_directory.php deleted file mode 100644 index f1105145..00000000 --- a/assets/dynamic_css/dynamic_directory.php +++ /dev/null @@ -1,45 +0,0 @@ - \ No newline at end of file diff --git a/assets/dynamic_css/dynamic_global.php b/assets/dynamic_css/dynamic_global.php deleted file mode 100644 index 2e867156..00000000 --- a/assets/dynamic_css/dynamic_global.php +++ /dev/null @@ -1,17 +0,0 @@ - diff --git a/assets/dynamic_css/dynamic_profile.php b/assets/dynamic_css/dynamic_profile.php deleted file mode 100644 index ae7309d2..00000000 --- a/assets/dynamic_css/dynamic_profile.php +++ /dev/null @@ -1,49 +0,0 @@ - - - \ No newline at end of file diff --git a/includes/class-functions.php b/includes/class-functions.php index 2399bf0b..0a1aed80 100644 --- a/includes/class-functions.php +++ b/includes/class-functions.php @@ -171,14 +171,23 @@ if ( ! class_exists( 'UM_Functions' ) ) { * * @return string|void */ - function get_template( $template_name, $basename = '', $t_args = array(), $echo = false ) { + public function get_template( $template_name, $basename = '', $t_args = array(), $echo = false ) { if ( ! empty( $t_args ) && is_array( $t_args ) ) { - extract( $t_args ); + /* + * This use of extract() cannot be removed. There are many possible ways that + * templates could depend on variables that it creates existing, and no way to + * detect and deprecate it. + * + * Passing the EXTR_SKIP flag is the safest option, ensuring globals and + * function variables cannot be overwritten. + */ + // phpcs:ignore WordPress.PHP.DontExtract.extract_extract + extract( $t_args, EXTR_SKIP ); } $path = ''; if ( $basename ) { - // use '/' instead of "DIRECTORY_SEPARATOR", because wp_normalize_path makes the correct replace + // use '/' instead of "DIRECTORY_SEPARATOR", because wp_normalize_path makes the correct replacement $array = explode( '/', wp_normalize_path( trim( $basename ) ) ); $path = $array[0]; } @@ -189,7 +198,6 @@ if ( ! class_exists( 'UM_Functions' ) ) { return; } - /** * UM hook * @@ -240,7 +248,7 @@ if ( ! class_exists( 'UM_Functions' ) ) { * ?> */ do_action( 'um_before_template_part', $template_name, $path, $located, $t_args ); - include( $located ); + include $located; /** * UM hook diff --git a/includes/core/class-account.php b/includes/core/class-account.php index f8bea1b5..a86b63ef 100644 --- a/includes/core/class-account.php +++ b/includes/core/class-account.php @@ -245,69 +245,14 @@ if ( ! class_exists( 'um\core\Account' ) ) { $this->current_tab = apply_filters( 'um_change_default_tab', $this->current_tab, $args ); - /** - * UM hook - * - * @type action - * @title um_pre_{$mode}_shortcode - * @description Make some action before account tabs loading - * @input_vars - * [{"var":"$args","type":"array","desc":"Account Page Arguments"}] - * @change_log - * ["Since: 2.0"] - * @usage add_action( 'um_pre_{$mode}_shortcode', 'function_name', 10, 1 ); - * @example - * - */ + /** This filter is documented in includes/core/class-shortcodes.php */ do_action( "um_pre_{$args['mode']}_shortcode", $args ); - /** - * UM hook - * - * @type action - * @title um_before_form_is_loaded - * @description Make some action before account tabs loading - * @input_vars - * [{"var":"$args","type":"array","desc":"Account Page Arguments"}] - * @change_log - * ["Since: 2.0"] - * @usage add_action( 'um_before_form_is_loaded', 'function_name', 10, 1 ); - * @example - * - */ + /** This filter is documented in includes/core/class-shortcodes.php */ do_action( 'um_before_form_is_loaded', $args ); - /** - * UM hook - * - * @type action - * @title um_before_{$mode}_form_is_loaded - * @description Make some action before account tabs loading - * @input_vars - * [{"var":"$args","type":"array","desc":"Account Page Arguments"}] - * @change_log - * ["Since: 2.0"] - * @usage add_action( 'um_before_{$mode}_form_is_loaded', 'function_name', 10, 1 ); - * @example - * - */ + /** This filter is documented in includes/core/class-shortcodes.php */ do_action( "um_before_{$args['mode']}_form_is_loaded", $args ); UM()->shortcodes()->template_load( $args['template'], $args ); - } if ( ! is_admin() && ! defined( 'DOING_AJAX' ) ) { diff --git a/includes/core/class-fields.php b/includes/core/class-fields.php index 34a3677a..ccab2037 100644 --- a/includes/core/class-fields.php +++ b/includes/core/class-fields.php @@ -48,7 +48,7 @@ if ( ! class_exists( 'um\core\Fields' ) ) { /** * @var array */ - public $field_icons = array(); + public $field_icons = ''; /** * @var array @@ -277,14 +277,13 @@ if ( ! class_exists( 'um\core\Fields' ) ) { UM()->query()->update_attr( 'custom_fields', $form_id, $fields ); } - /** * Deletes a field in form only * - * @param integer $id - * @param integer $form_id + * @param string $id + * @param int $form_id */ - function delete_field_from_form( $id, $form_id ) { + public function delete_field_from_form( $id, $form_id ) { $fields = UM()->query()->get_attr( 'custom_fields', $form_id ); if ( isset( $fields[ $id ] ) ) { @@ -324,13 +323,12 @@ if ( ! class_exists( 'um\core\Fields' ) ) { } } - /** - * Deletes a field from custom fields + * Deletes a field from custom fields. * - * @param integer $id + * @param string $id */ - function delete_field_from_db( $id ) { + public function delete_field_from_db( $id ) { $fields = UM()->builtin()->saved_fields; if ( isset( $fields[ $id ] ) ) { $args = $fields[ $id ]; @@ -353,6 +351,7 @@ if ( ! class_exists( 'um\core\Fields' ) ) { foreach ( $directories as $directory_id ) { // Frontend filters $directory_search_fields = get_post_meta( $directory_id, '_um_search_fields', true ); + $directory_search_fields = ! is_array( $directory_search_fields ) ? array() : $directory_search_fields; $directory_search_fields = array_values( array_diff( $directory_search_fields, array( $id ) ) ); update_post_meta( $directory_id, '_um_search_fields', $directory_search_fields ); @@ -365,16 +364,19 @@ if ( ! class_exists( 'um\core\Fields' ) ) { // display in tagline $directory_reveal_fields = get_post_meta( $directory_id, '_um_reveal_fields', true ); + $directory_reveal_fields = ! is_array( $directory_reveal_fields ) ? array() : $directory_reveal_fields; $directory_reveal_fields = array_values( array_diff( $directory_reveal_fields, array( $id ) ) ); update_post_meta( $directory_id, '_um_reveal_fields', $directory_reveal_fields ); // extra user information section $directory_tagline_fields = get_post_meta( $directory_id, '_um_tagline_fields', true ); + $directory_tagline_fields = ! is_array( $directory_tagline_fields ) ? array() : $directory_tagline_fields; $directory_tagline_fields = array_values( array_diff( $directory_tagline_fields, array( $id ) ) ); update_post_meta( $directory_id, '_um_tagline_fields', $directory_tagline_fields ); // Custom fields selected in "Choose field(s) to enable in sorting" $directory_sorting_fields = get_post_meta( $directory_id, '_um_sorting_fields', true ); + $directory_sorting_fields = ! is_array( $directory_sorting_fields ) ? array() : $directory_sorting_fields; foreach ( $directory_sorting_fields as $key => $sorting_data ) { if ( is_array( $sorting_data ) && array_key_exists( $id, $sorting_data ) ) { unset( $directory_sorting_fields[ $key ] ); @@ -396,68 +398,30 @@ if ( ! class_exists( 'um\core\Fields' ) ) { update_post_meta( $directory_id, '_um_sortby_custom_order', '' ); } } - } } - /** - * Quickly adds a field from custom fields + * Quickly adds a field from custom fields. * - * @param integer $global_id - * @param integer $form_id - * @param array $position + * @param string $global_id + * @param int $form_id + * @param array $position */ - function add_field_from_list( $global_id, $form_id, $position = array() ) { - $fields = UM()->query()->get_attr( 'custom_fields', $form_id ); + private function add_field_from_list( $global_id, $form_id, $position = array() ) { + $fields = UM()->query()->get_attr( 'custom_fields', $form_id ); $field_scope = UM()->builtin()->saved_fields; if ( ! isset( $fields[ $global_id ] ) ) { - $count = 1; if ( ! empty( $fields ) ) { $count = count( $fields ) + 1; } - $fields[ $global_id ] = $field_scope[ $global_id ]; + $fields[ $global_id ] = $field_scope[ $global_id ]; $fields[ $global_id ]['position'] = $count; - // set position - if ( $position ) { - foreach ( $position as $key => $val) { - $fields[ $global_id ][ $key ] = $val; - } - } - - // add field to form - UM()->query()->update_attr( 'custom_fields', $form_id, $fields ); - - } - } - - - /** - * Quickly adds a field from pre-defined fields - * - * @param integer $global_id - * @param integer $form_id - * @param array $position - */ - function add_field_from_predefined( $global_id, $form_id, $position = array() ) { - $fields = UM()->query()->get_attr( 'custom_fields', $form_id ); - $field_scope = UM()->builtin()->predefined_fields; - - if ( ! isset( $fields[ $global_id ] ) ) { - - $count = 1; - if ( ! empty( $fields ) ) { - $count = count( $fields ) + 1; - } - - $fields[ $global_id ] = $field_scope[ $global_id ]; - $fields[ $global_id ]['position'] = $count; - - // set position + // Set position. if ( $position ) { foreach ( $position as $key => $val ) { $fields[ $global_id ][ $key ] = $val; @@ -469,39 +433,65 @@ if ( ! class_exists( 'um\core\Fields' ) ) { } } + /** + * Quickly adds a field from pre-defined fields. + * + * @param string $global_id + * @param int $form_id + * @param array $position + */ + private function add_field_from_predefined( $global_id, $form_id, $position = array() ) { + $fields = UM()->query()->get_attr( 'custom_fields', $form_id ); + $field_scope = UM()->builtin()->predefined_fields; + + if ( ! isset( $fields[ $global_id ] ) ) { + $count = 1; + if ( ! empty( $fields ) ) { + $count = count( $fields ) + 1; + } + + $fields[ $global_id ] = $field_scope[ $global_id ]; + $fields[ $global_id ]['position'] = $count; + + // Set position. + if ( $position ) { + foreach ( $position as $key => $val ) { + $fields[ $global_id ][ $key ] = $val; + } + } + + // add field to form + UM()->query()->update_attr( 'custom_fields', $form_id, $fields ); + } + } /** - * Duplicates a frield by meta key + * Duplicates a field by meta key. * - * @param integer $id - * @param integer $form_id + * @param string $id + * @param int $form_id */ - function duplicate_field( $id, $form_id ) { - $fields = UM()->query()->get_attr( 'custom_fields', $form_id ); + private function duplicate_field( $id, $form_id ) { + $fields = UM()->query()->get_attr( 'custom_fields', $form_id ); $all_fields = UM()->builtin()->saved_fields; $inc = count( $fields ) + 1; $duplicate = $fields[ $id ]; - $new_metakey = $id . "_" . $inc; - $new_title = $fields[ $id ]['title'] . " #" . $inc; + $new_metakey = $id . '_' . $inc; + $new_title = $fields[ $id ]['title'] . ' #' . $inc; $new_position = $inc; - $duplicate['title'] = $new_title; - $duplicate['metakey'] = $new_metakey; + $duplicate['title'] = $new_title; + $duplicate['metakey'] = $new_metakey; $duplicate['position'] = $new_position; - $fields[ $new_metakey ] = $duplicate; + $fields[ $new_metakey ] = $duplicate; $all_fields[ $new_metakey ] = $duplicate; - // not global attributes - unset( $all_fields[ $new_metakey ]['in_row'] ); - unset( $all_fields[ $new_metakey ]['in_sub_row'] ); - unset( $all_fields[ $new_metakey ]['in_column'] ); - unset( $all_fields[ $new_metakey ]['in_group'] ); - unset( $all_fields[ $new_metakey ]['position'] ); - + // Not global attributes. + unset( $all_fields[ $new_metakey ]['in_row'], $all_fields[ $new_metakey ]['in_sub_row'], $all_fields[ $new_metakey ]['in_column'], $all_fields[ $new_metakey ]['in_group'], $all_fields[ $new_metakey ]['position'] ); do_action( 'um_add_new_field', $new_metakey, $duplicate ); @@ -1036,7 +1026,6 @@ if ( ! class_exists( 'um\core\Fields' ) ) { $value = ''; } - /** * UM hook * @@ -1054,19 +1043,18 @@ if ( ! class_exists( 'um\core\Fields' ) ) { return apply_filters( 'um_field_value', $value, $default, $key, $type, $data ); } - /** - * Checks if an option is selected + * Checks if an option is selected. * * is used by Select, Multiselect and Checkbox fields * - * @param string $key - * @param string $value - * @param array $data + * @param string $key + * @param string $value + * @param array $data * * @return boolean */ - function is_selected( $key, $value, $data ) { + public function is_selected( $key, $value, $data ) { global $wpdb; /** @@ -1126,19 +1114,19 @@ if ( ! class_exists( 'um\core\Fields' ) ) { $value = (int) $value; } - if ( strstr( $key, 'role_' ) || $key == 'role' ) { - $field_value = strtolower( UM()->roles()->get_editable_priority_user_role( um_user( 'ID' ) ) ); - + if ( strstr( $key, 'role_' ) || 'role' === $key ) { $role_keys = get_option( 'um_roles', array() ); - if ( ! empty( $role_keys ) ) { - if ( in_array( $field_value, $role_keys ) ) { - $field_value = 'um_' . $field_value; + $field_value = UM()->roles()->get_editable_priority_user_role( um_user( 'ID' ) ); + if ( ! empty( $field_value ) ) { + $field_value = strtolower( $field_value ); + if ( in_array( $field_value, $role_keys, true ) ) { + $field_value = 'um_' . $field_value; + } } } } - /** * UM hook * @@ -1252,7 +1240,6 @@ if ( ! class_exists( 'um\core\Fields' ) ) { return false; } - /** * Checks if a radio button is selected * @@ -2102,14 +2089,13 @@ if ( ! class_exists( 'um\core\Fields' ) ) { return $arr_restricted_fields; } - /** * Gets a field in 'input mode' * * @param string $key - * @param array $data - * @param bool $rule - * @param array $args + * @param array $data + * @param bool $rule + * @param array $args * * @return string|null * @throws \Exception @@ -2129,81 +2115,25 @@ if ( ! class_exists( 'um\core\Fields' ) ) { $_um_profile_id = um_user( 'ID' ); } - if ( ! is_user_logged_in() && isset( $data['is_block'] ) && 1 === (int) $data['is_block'] ) { + if ( isset( $data['is_block'] ) && 1 === (int) $data['is_block'] && ! is_user_logged_in() ) { $_um_profile_id = 0; } - // get whole field data + // Get whole field data. if ( isset( $data ) && is_array( $data ) ) { $origin_data = $this->get_field( $key ); if ( is_array( $origin_data ) ) { // Merge data passed with original field data. $data = array_merge( $origin_data, $data ); } - - /** - * @var string $in_row - * @var boolean $in_sub_row - * @var boolean $in_column - * @var string $type - * @var string $metakey - * @var int $position - * @var string $title - * @var string $help - * @var array $options - * @var string $visibility - * @var string $label - * @var string $placeholder - * @var boolean $public - * @var boolean $editable - * @var string $icon - * @var boolean $in_group - * @var boolean $required - * @var string $validate - * @var string $default - * @var string $conditional - * @var string $input - * @var string $js_format - * @var string $date_max - * @var string $date_min - * @var string $disabled_weekdays - * @var string $years_x - * @var string $years - * @var string $range - * @var string $intervals - * @var string $height - * @var string $spacing - * @var string $borderwidth - * @var string $borderstyle - * @var string $bordercolor - * @var string $divider_text - * @var string $crop_class - * @var string $crop_data - * @var string $modal_size - * @var string $ratio - * @var string $min_width - * @var string $min_height - * @var string $button_text - * @var string $max_size - * @var string $max_size_error - * @var string $extension_error - * @var string $allowed_types - * @var string $upload_text - * @var string $max_files_error - * @var string $upload_help_text - * @var string $min_size_error - * @var string $filter - * @var string $content - * @var string $max_entries - */ - extract( $data ); } if ( ! isset( $data['type'] ) ) { return ''; } + $type = $data['type']; - if ( isset( $data['in_group'] ) && $data['in_group'] != '' && $rule != 'group' ) { + if ( isset( $data['in_group'] ) && '' !== $data['in_group'] && 'group' !== $rule ) { return ''; } @@ -2215,26 +2145,23 @@ if ( ! class_exists( 'um\core\Fields' ) ) { // required option? 'required_opt' - it's field attribute predefined in the field data in code if ( isset( $data['required_opt'] ) ) { $opt = $data['required_opt']; - if ( UM()->options()->get( $opt[0] ) != $opt[1] ) { + if ( UM()->options()->get( $opt[0] ) !== $opt[1] ) { return ''; } } // required user permission 'required_perm' - it's field attribute predefined in the field data in code - if ( isset( $data['required_perm'] ) ) { - if ( ! UM()->roles()->um_user_can( $data['required_perm'] ) ) { - return ''; - } + if ( isset( $data['required_perm'] ) && ! UM()->roles()->um_user_can( $data['required_perm'] ) ) { + return ''; } // fields that need to be disabled in edit mode (profile) (email, username, etc.) $arr_restricted_fields = $this->get_restricted_fields_for_edit( $_um_profile_id ); - if ( in_array( $key, $arr_restricted_fields ) && $this->editing == true && $this->set_mode == 'profile' ) { + if ( true === $this->editing && 'profile' === $this->set_mode && in_array( $key, $arr_restricted_fields, true ) ) { return ''; } - - if ( $visibility == 'view' && $this->set_mode != 'register' ) { + if ( 'register' !== $this->set_mode && array_key_exists( 'visibility', $data ) && 'view' === $data['visibility'] ) { return ''; } @@ -2246,15 +2173,14 @@ if ( ! class_exists( 'um\core\Fields' ) ) { // Stop return empty values build field attributes: - if ( $visibility == 'view' && $this->set_mode == 'register' ) { - + if ( 'register' === $this->set_mode && array_key_exists( 'visibility', $data ) && 'view' === $data['visibility'] ) { um_fetch_user( get_current_user_id() ); if ( ! um_user( 'can_edit_everyone' ) ) { $disabled = ' disabled="disabled" '; } um_fetch_user( $_um_profile_id ); - if ( isset( $data['public'] ) && $data['public'] == '-2' && $data['roles'] ) { + if ( isset( $data['public'] ) && '-2' === $data['public'] && $data['roles'] ) { $current_user_roles = um_user( 'roles' ); if ( ! empty( $current_user_roles ) && count( array_intersect( $current_user_roles, $data['roles'] ) ) > 0 ) { $disabled = ''; @@ -2262,55 +2188,78 @@ if ( ! class_exists( 'um\core\Fields' ) ) { } } - if ( ! empty( $this->editing ) && $this->set_mode == 'profile' ) { + if ( ! empty( $this->editing ) && 'profile' === $this->set_mode ) { if ( ! UM()->roles()->um_user_can( 'can_edit_everyone' ) ) { - if ( isset( $data['editable'] ) && $data['editable'] == 0 ) { + if ( isset( $data['editable'] ) && 0 === $data['editable'] ) { $disabled = ' disabled="disabled" '; } } } + /** + * Filters a field disabled attribute. + * + * @since 2.0 + * @hook um_is_field_disabled + * + * @param {string} $disabled Disable global CSS. + * @param {array} $data Field data. + * + * @return {string} Set string to ' disabled="disabled" ' to make a field disabled. + * + * @example Make a field disabled on the edit mode. + * function my_is_field_disabled( $disabled, $data ) { + * $disabled = ' disabled="disabled" '; + * return $disabled; + * } + * add_filter( 'um_is_field_disabled', 'my_is_field_disabled', 10, 2 ); + */ $disabled = apply_filters( 'um_is_field_disabled', $disabled, $data ); - if ( ! isset( $data['autocomplete'] ) ) { - $autocomplete = 'off'; - } + $autocomplete = array_key_exists( 'autocomplete', $data ) ? $data['autocomplete'] : 'off'; - if ( isset( $data['classes'] ) ) { - $classes = explode( " ", $data['classes'] ); + $classes = ''; + if ( array_key_exists( 'classes', $data ) ) { + $classes = explode( ' ', $data['classes'] ); } um_fetch_user( $_um_profile_id ); + $input = array_key_exists( 'input', $data ) ? $data['input'] : 'text'; + $default = array_key_exists( 'default', $data ) ? $data['default'] : false; + $validate = array_key_exists( 'validate', $data ) ? $data['validate'] : ''; + $placeholder = array_key_exists( 'placeholder', $data ) ? $data['placeholder'] : ''; + + $conditional = ''; + if ( ! empty( $data['conditional'] ) ) { + $conditional = $data['conditional']; + } + /** - * UM hook + * Filters a field type on the edit mode. * - * @type filter - * @title um_hook_for_field_{$type} - * @description Change field type - * @input_vars - * [{"var":"$type","type":"string","desc":"Field Type"}] - * @change_log - * ["Since: 2.0"] - * @usage add_filter( 'um_hook_for_field_{$type}', 'function_name', 10, 1 ); - * @example - * Change a field type. + * function my_field_type( $type ) { * // your code here * return $type; * } - * ?> + * add_filter( 'um_hook_for_field_{$type}', 'my_field_type', 10, 1 ); */ $type = apply_filters( "um_hook_for_field_{$type}", $type ); switch ( $type ) { - case 'textarea': case 'multiselect': - $field_id = $field_name = $key; + $field_id = $key; + $field_name = $key; $field_value = $this->field_value( $key, $default, $data ); break; - case 'select': case 'radio': $form_key = str_replace( array( 'role_select', 'role_radio' ), 'role', $key ); @@ -2322,126 +2271,74 @@ if ( ! class_exists( 'um\core\Fields' ) ) { } /** - * UM hook + * Filters change core id not allowed duplicate. * - * @type filter - * @title um_completeness_field_id - * @description use for change core id not allowed duplicate - * @input_vars - * [{"var":"$field_id","type":"string","desc":"Field id"}, - * {"var":"$data","type":"array","desc":"Field Data"}] - * {"var":"$args","type":"array","desc":"Optional field arguments"}] - * @change_log - * ["Since: 2.0.13"] - * @usage add_filter( 'um_completeness_field_id', 'function_name', 10, 3 ); - * @example - * Change field core id. * function function_name( $field_id, $data, $args ) { * // your code here * return $field_id; * } - * ?> + * add_filter( 'um_completeness_field_id', 'function_name', 10, 3 ); */ $field_id = apply_filters( 'um_completeness_field_id', $field_id, $data, $args ); - /* Begin by field type */ switch ( $type ) { - - /* Default: Integration */ + // Default case for integration. default: - $mode = ( isset( $this->set_mode ) ) ? $this->set_mode : 'no_mode'; + $mode = isset( $this->set_mode ) ? $this->set_mode : 'no_mode'; /** - * UM hook + * Filters change field html by $mode and field $type * - * @type filter - * @title um_edit_field_{$mode}_{$type} - * @description Change field html by $mode and field $type - * @input_vars - * [{"var":"$output","type":"string","desc":"Field HTML"}, - * {"var":"$data","type":"array","desc":"Field Data"}] - * @change_log - * ["Since: 2.0"] - * @usage add_filter( 'um_edit_field_{$mode}_{$type}', 'function_name', 10, 2 ); - * @example - * Change field html by $mode and field $type. * function my_edit_field_html( $output, $data ) { * // your code here * return $output; * } - * ?> + * add_filter( 'um_edit_field_{$mode}_{$type}', 'my_edit_field_html', 10, 2 ); */ - $output .= apply_filters( "um_edit_field_{$mode}_{$type}", $output, $data ); break; - /* Other fields */ case 'googlemap': case 'youtube_video': case 'vimeo_video': case 'spotify': case 'soundcloud_track': - $output .= '
get_atts( $key, $classes, $conditional, $data ) . '>'; if ( isset( $data['label'] ) ) { - $output .= $this->field_label( $label, $key, $data ); + $output .= $this->field_label( $data['label'], $key, $data ); } $output .= '
'; - if ( ! empty( $icon ) && isset( $this->field_icons ) && $this->field_icons == 'field' ) { - - $output .= '
'; - + if ( ! empty( $data['icon'] ) && isset( $this->field_icons ) && 'field' === $this->field_icons ) { + $output .= '
'; } $field_name = $key . $form_suffix; $field_value = $this->field_value( $key, $default, $data ); - $field_value = ! is_null( $field_value ) ? htmlspecialchars( $field_value ) : null; - $output .= ' - -
'; - - if ( ! empty( $disabled ) ) { - $output .= $this->disabled_hidden_field( $field_name, $field_value ); - } - - if ( $this->is_error( $key ) ) { - $output .= $this->field_error( $this->show_error( $key ) ); - }else if ( $this->is_notice( $key ) ) { - $output .= $this->field_notice( $this->show_notice( $key ) ); - } - - $output .= '
'; - break; - - /* Text */ - case 'text': - - $output .= '
get_atts( $key, $classes, $conditional, $data ) . '>'; - - if ( isset( $data['label'] ) ) { - $output .= $this->field_label( $label, $key, $data ); - } - - $output .= '
'; - - if ( ! empty( $icon ) && isset( $this->field_icons ) && $this->field_icons == 'field' ) { - - $output .= '
'; - - } - - $field_name = $key . $form_suffix; - $field_value = $this->field_value( $key, $default, $data ); - $field_value = ! is_null( $field_value ) ? htmlspecialchars( $field_value ) : null; - - $output .= ' + $output .= '
'; @@ -2457,29 +2354,25 @@ if ( ! class_exists( 'um\core\Fields' ) ) { $output .= '
'; break; - - /* Tel */ + /* Text and Tel */ + case 'text': case 'tel': - $output .= '
get_atts( $key, $classes, $conditional, $data ) . '>'; if ( isset( $data['label'] ) ) { - $output .= $this->field_label( $label, $key, $data ); + $output .= $this->field_label( $data['label'], $key, $data ); } $output .= '
'; - if ( ! empty( $icon ) && isset( $this->field_icons ) && $this->field_icons == 'field' ) { - - $output .= '
'; - + if ( ! empty( $data['icon'] ) && isset( $this->field_icons ) && 'field' === $this->field_icons ) { + $output .= '
'; } $field_name = $key . $form_suffix; $field_value = $this->field_value( $key, $default, $data ); - $field_value = ! is_null( $field_value ) ? htmlspecialchars( $field_value ) : null; - $output .= ' + $output .= '
'; @@ -2489,95 +2382,86 @@ if ( ! class_exists( 'um\core\Fields' ) ) { if ( $this->is_error( $key ) ) { $output .= $this->field_error( $this->show_error( $key ) ); - }else if ( $this->is_notice( $key ) ) { + } elseif ( $this->is_notice( $key ) ) { $output .= $this->field_notice( $this->show_notice( $key ) ); } $output .= '
'; break; - /* Number */ case 'number': - $output .= '
get_atts( $key, $classes, $conditional, $data ) . '>'; if ( isset( $data['label'] ) ) { - $output .= $this->field_label( $label, $key, $data ); + $output .= $this->field_label( $data['label'], $key, $data ); } $output .= '
'; - if ( ! empty( $icon ) && isset( $this->field_icons ) && $this->field_icons == 'field' ) { - - $output .= '
'; - + if ( ! empty( $data['icon'] ) && isset( $this->field_icons ) && 'field' === $this->field_icons ) { + $output .= '
'; } $number_limit = ''; - if ( isset( $min ) ) { - $number_limit .= ' min="' . esc_attr( $min ) . '" '; + if ( isset( $data['min'] ) ) { + $number_limit .= ' min="' . esc_attr( $data['min'] ) . '" '; } - if ( isset( $max ) ) { - $number_limit .= ' max="' . esc_attr( $max ) . '" '; + if ( isset( $data['max'] ) ) { + $number_limit .= ' max="' . esc_attr( $data['max'] ) . '" '; } + $field_name = $key . $form_suffix; $field_value = $this->field_value( $key, $default, $data ); - $field_value = ! is_null( $field_value ) ? htmlspecialchars( $field_value ) : null; - $output .= ' + $output .= '
'; if ( $this->is_error( $key ) ) { $output .= $this->field_error( $this->show_error( $key ) ); - }else if ( $this->is_notice( $key ) ) { + } elseif ( $this->is_notice( $key ) ) { $output .= $this->field_notice( $this->show_notice( $key ) ); } $output .= '
'; break; - /* Password */ case 'password': - $original_key = $key; - if ( $key == 'single_user_password' ) { - + if ( 'single_user_password' === $key ) { $key = $original_key; $output .= '
get_atts( $key, $classes, $conditional, $data ) . '>'; if ( isset( $data['label'] ) ) { - $output .= $this->field_label( $label, $key, $data ); + $output .= $this->field_label( $data['label'], $key, $data ); } $output .= '
'; - if ( ! empty( $icon ) && isset( $this->field_icons ) && $this->field_icons == 'field' ) { - - $output .= '
'; - + if ( ! empty( $data['icon'] ) && isset( $this->field_icons ) && 'field' === $this->field_icons ) { + $output .= '
'; } - $output .= ' + $field_name = $key . $form_suffix; + $field_value = $this->field_value( $key, $default, $data ); + + $output .= '
'; if ( $this->is_error( $key ) ) { $output .= $this->field_error( $this->show_error( $key ) ); - }else if ( $this->is_notice( $key ) ) { + } elseif ( $this->is_notice( $key ) ) { $output .= $this->field_notice( $this->show_notice( $key ) ); } $output .= '
'; - } else { + if ( ( 'account' === $this->set_mode || um_is_core_page( 'account' ) ) && UM()->account()->current_password_is_required( 'password' ) ) { - if ( UM()->account()->current_password_is_required( 'password' ) && - ( $this->set_mode == 'account' || um_is_core_page( 'account' ) ) ) { - - $key = 'current_' . $original_key; + $key = 'current_' . $original_key; $output .= '
get_atts( $key, $classes, $conditional, $data ) . '>'; if ( isset( $data['label'] ) ) { @@ -2586,13 +2470,14 @@ if ( ! class_exists( 'um\core\Fields' ) ) { $output .= '
'; - if ( ! empty( $icon ) && isset( $this->field_icons ) && $this->field_icons == 'field') { - - $output .= '
'; - + if ( ! empty( $data['icon'] ) && isset( $this->field_icons ) && 'field' === $this->field_icons ) { + $output .= '
'; } - $output .= ' + $field_name = $key . $form_suffix; + $field_value = $this->field_value( $key, $default, $data ); + + $output .= '
'; @@ -2610,30 +2495,30 @@ if ( ! class_exists( 'um\core\Fields' ) ) { $output .= '
get_atts( $key, $classes, $conditional, $data ) . '>'; - if ( $this->set_mode == 'account' && um_is_core_page( 'account' ) || $this->set_mode == 'password' && um_is_core_page( 'password-reset' ) ) { + if ( ( 'account' === $this->set_mode && um_is_core_page( 'account' ) ) || ( 'password' === $this->set_mode && um_is_core_page( 'password-reset' ) ) ) { $output .= $this->field_label( __( 'New Password', 'ultimate-member' ), $key, $data ); } elseif ( isset( $data['label'] ) ) { - $output .= $this->field_label( $label, $key, $data ); + $output .= $this->field_label( $data['label'], $key, $data ); } $output .= '
'; - if ( ! empty( $icon ) && isset( $this->field_icons ) && $this->field_icons == 'field') { - - $output .= '
'; - + if ( ! empty( $data['icon'] ) && isset( $this->field_icons ) && 'field' === $this->field_icons ) { + $output .= '
'; } $name = $key . $form_suffix; - if ( $this->set_mode == 'password' && um_is_core_page( 'password-reset' ) ) { + if ( 'password' === $this->set_mode && um_is_core_page( 'password-reset' ) ) { $name = $key; } - $output .= ' + $field_value = $this->field_value( $key, $default, $data ); + + $output .= '
'; @@ -2645,105 +2530,96 @@ if ( ! class_exists( 'um\core\Fields' ) ) { $output .= '
'; - if ( $this->set_mode != 'login' && isset( $data['force_confirm_pass'] ) && $data['force_confirm_pass'] == 1 ) { + if ( 'login' !== $this->set_mode && isset( $data['force_confirm_pass'] ) && 1 === $data['force_confirm_pass'] ) { - $key = 'confirm_' . $original_key; + $key = 'confirm_' . $original_key; $output .= '
get_atts( $key, $classes, $conditional, $data ) . '>'; if ( ! empty( $data['label_confirm_pass'] ) ) { $label_confirm_pass = __( $data['label_confirm_pass'], 'ultimate-member' ); - $output .= $this->field_label( $label_confirm_pass, $key, $data ); + $output .= $this->field_label( $label_confirm_pass, $key, $data ); } elseif ( isset( $data['label'] ) ) { $data['label'] = __( $data['label'], 'ultimate-member' ); + /* translators: 1: label, 2: key, 3: data. */ $output .= $this->field_label( sprintf( __( 'Confirm %s', 'ultimate-member' ), $data['label'] ), $key, $data ); } $output .= '
'; - if ( ! empty( $icon ) && isset( $this->field_icons ) && $this->field_icons == 'field' ) { - - $output .= '
'; - + if ( ! empty( $data['icon'] ) && isset( $this->field_icons ) && 'field' === $this->field_icons ) { + $output .= '
'; } $name = $key . $form_suffix; - if ( $this->set_mode == 'password' && um_is_core_page( 'password-reset' ) ) { + if ( 'password' === $this->set_mode && um_is_core_page( 'password-reset' ) ) { $name = $key; } - if ( ! empty( $label_confirm_pass ) ) { - $placeholder = $label_confirm_pass; - } elseif( ! empty( $placeholder ) && ! isset( $data['label'] ) ) { + if ( ! empty( $data['label_confirm_pass'] ) ) { + $placeholder = __( $data['label_confirm_pass'], 'ultimate-member' );; + } elseif ( ! empty( $placeholder ) && ! isset( $data['label'] ) ) { + /* translators: 1: placeholder. */ $placeholder = sprintf( __( 'Confirm %s', 'ultimate-member' ), $placeholder ); - } elseif( isset( $data['label'] ) ) { + } elseif ( isset( $data['label'] ) ) { + /* translators: 1: label. */ $placeholder = sprintf( __( 'Confirm %s', 'ultimate-member' ), $data['label'] ); } - - $output .= ''; - + $output .= ''; $output .= '
'; if ( $this->is_error( $key ) ) { $output .= $this->field_error( $this->show_error( $key ) ); - }else if ( $this->is_notice( $key ) ) { + } elseif ( $this->is_notice( $key ) ) { $output .= $this->field_notice( $this->show_notice( $key ) ); } $output .= '
'; - } - } - break; - /* URL */ case 'url': - $output .= '
get_atts( $key, $classes, $conditional, $data ) . '>'; if ( isset( $data['label'] ) ) { - $output .= $this->field_label( $label, $key, $data ); + $output .= $this->field_label( $data['label'], $key, $data ); } $output .= '
'; - if ( ! empty( $icon ) && isset( $this->field_icons ) && $this->field_icons == 'field' ) { - - $output .= '
'; - + if ( ! empty( $data['icon'] ) && isset( $this->field_icons ) && 'field' === $this->field_icons ) { + $output .= '
'; } - $output .= ' + $field_name = $key . $form_suffix; + $field_value = $this->field_value( $key, $default, $data ); + + $output .= '
'; if ( $this->is_error( $key ) ) { $output .= $this->field_error( $this->show_error( $key ) ); - }else if ( $this->is_notice( $key ) ) { + } elseif ( $this->is_notice( $key ) ) { $output .= $this->field_notice( $this->show_notice( $key ) ); } $output .= '
'; break; - /* Date */ case 'date': - $output .= '
get_atts( $key, $classes, $conditional, $data ) . '>'; - if (isset( $data['label'] )) { - $output .= $this->field_label( $label, $key, $data ); + if ( isset( $data['label'] ) ) { + $output .= $this->field_label( $data['label'], $key, $data ); } $output .= '
'; - if ( ! empty( $icon ) && isset( $this->field_icons ) && $this->field_icons == 'field' ) { - - $output .= '
'; - + if ( ! empty( $data['icon'] ) && isset( $this->field_icons ) && 'field' === $this->field_icons ) { + $output .= '
'; } // Normalise date format. @@ -2759,75 +2635,78 @@ if ( ! class_exists( 'um\core\Fields' ) ) { $value = date( 'Y/m/d', $unixtimestamp ); } - $output .= ' + $field_name = $key . $form_suffix; + + $output .= '
'; if ( $this->is_error( $key ) ) { $output .= $this->field_error( $this->show_error( $key ) ); - }else if ( $this->is_notice( $key ) ) { + } elseif ( $this->is_notice( $key ) ) { $output .= $this->field_notice( $this->show_notice( $key ) ); } $output .= '
'; break; - /* Time */ case 'time': - $output .= '
get_atts( $key, $classes, $conditional, $data ) . '>'; - if (isset( $data['label'] )) { - $output .= $this->field_label( $label, $key, $data ); + if ( isset( $data['label'] ) ) { + $output .= $this->field_label( $data['label'], $key, $data ); } $output .= '
'; - if ( ! empty( $icon ) && isset( $this->field_icons ) && $this->field_icons == 'field' ) { - - $output .= '
'; - + if ( ! empty( $data['icon'] ) && isset( $this->field_icons ) && 'field' === $this->field_icons ) { + $output .= '
'; } - $output .= ' + $field_name = $key . $form_suffix; + $field_value = $this->field_value( $key, $default, $data ); + + $output .= '
'; if ( $this->is_error( $key ) ) { $output .= $this->field_error( $this->show_error( $key ) ); - }else if ( $this->is_notice( $key ) ) { + } elseif ( $this->is_notice( $key ) ) { $output .= $this->field_notice( $this->show_notice( $key ) ); } $output .= '
'; break; - /* Row */ case 'row': $output .= ''; break; - /* Textarea */ case 'textarea': $output .= '
get_atts( $key, $classes, $conditional, $data ) . '>'; if ( isset( $data['label'] ) ) { - $output .= $this->field_label( $label, $key, $data ); + $output .= $this->field_label( $data['label'], $key, $data ); } + $field_id = $key; + $field_name = $key; + $field_value = $this->field_value( $key, $default, $data ); + $output .= '
'; - if ( isset( $data['html'] ) && $data['html'] != 0 && 'description' !== $key ) { + if ( isset( $data['html'] ) && 0 !== $data['html'] && 'description' !== $key ) { $textarea_settings = array( 'media_buttons' => false, 'wpautop' => false, 'editor_class' => $this->get_class( $key, $data ), - 'editor_height' => $height, + 'editor_height' => $data['height'], 'tinymce' => array( 'toolbar1' => 'formatselect,bullist,numlist,bold,italic,underline,forecolor,blockquote,hr,removeformat,link,unlink,undo,redo', 'toolbar2' => '', - ) + ), ); if ( ! empty( $disabled ) ) { @@ -2835,26 +2714,24 @@ if ( ! class_exists( 'um\core\Fields' ) ) { } /** - * UM hook + * Filters WP Editor options for textarea init. * - * @type filter - * @title um_form_fields_textarea_settings - * @description Change WP Editor options for textarea init - * @input_vars - * [{"var":"$textarea_settings","type":"array","desc":"WP Editor settings"}] - * @change_log - * ["Since: 2.0"] - * @usage add_filter( 'um_form_fields_textarea_settings', 'function_name', 10, 1 ); - * @example - * Change WP Editor options. + * function function_name( $textarea_settings, $data ) { * // your code here * return $textarea_settings; * } - * ?> + * add_filter( 'um_form_fields_textarea_settings', 'function_name', 10, 2 ); */ - $textarea_settings = apply_filters( 'um_form_fields_textarea_settings', $textarea_settings ); + $textarea_settings = apply_filters( 'um_form_fields_textarea_settings', $textarea_settings, $data ); // turn on the output buffer ob_start(); @@ -2864,13 +2741,13 @@ if ( ! class_exists( 'um\core\Fields' ) ) { // add the contents of the buffer to the output variable $output .= ob_get_clean(); - $output .= '
' . $placeholder . ''; + $output .= '
' . esc_html( $placeholder ) . ''; } else { $textarea_field_value = ''; if ( ! empty( $field_value ) ) { $textarea_field_value = ! empty( $data['html'] ) ? $field_value : wp_strip_all_tags( $field_value ); } - $output .= ''; + $output .= ''; } $output .= '
'; @@ -2881,19 +2758,18 @@ if ( ! class_exists( 'um\core\Fields' ) ) { if ( $this->is_error( $key ) ) { $output .= $this->field_error( $this->show_error( $key ) ); - }else if ( $this->is_notice( $key ) ) { + } elseif ( $this->is_notice( $key ) ) { $output .= $this->field_notice( $this->show_notice( $key ) ); } $output .= '
'; break; - /* Rating */ case 'rating': $output .= '
get_atts( $key, $classes, $conditional, $data ) . '>'; if ( isset( $data['label'] ) ) { - $output .= $this->field_label( $label, $key, $data ); + $output .= $this->field_label( $data['label'], $key, $data ); } $output .= '
'; @@ -2910,85 +2786,103 @@ if ( ! class_exists( 'um\core\Fields' ) ) { $output .= '
'; break; - /* Gap/Space */ case 'spacing': - $output .= '
get_atts( $key, $classes, $conditional, $data, array( 'height' => $spacing ) ) . '>
'; + $field_style = array(); + if ( array_key_exists( 'spacing', $data ) ) { + $field_style = array( 'height' => $data['spacing'] ); + } + $output .= '
get_atts( $key, $classes, $conditional, $data, $field_style ) . '>
'; break; - /* A line divider */ case 'divider': - $output .= '
get_atts( $key, $classes, $conditional, $data, array( 'border-bottom' => $borderwidth . 'px ' . $borderstyle . ' ' . $bordercolor ) ) . '>'; - if ( $divider_text ) { - $output .= '
' . esc_html( $divider_text ) . '
'; + $border_style = ''; + if ( array_key_exists( 'borderwidth', $data ) ) { + $border_style .= $data['borderwidth'] . 'px'; + } + if ( array_key_exists( 'borderstyle', $data ) ) { + $border_style .= ' ' . $data['borderstyle']; + } + if ( array_key_exists( 'bordercolor', $data ) ) { + $border_style .= ' ' . $data['bordercolor']; + } + $field_style = array(); + if ( ! empty( $border_style ) ) { + $field_style = array( 'border-bottom' => $border_style ); + } + $output .= '
get_atts( $key, $classes, $conditional, $data, $field_style ) . '>'; + if ( ! empty( $data['divider_text'] ) ) { + $output .= '
' . esc_html( $data['divider_text'] ) . '
'; } $output .= '
'; break; - /* Single Image Upload */ case 'image': $output .= '
get_atts( $key, $classes, $conditional, $data ) . ' data-mode="' . esc_attr( $this->set_mode ) . '" data-upload-label="' . ( ! empty( $data['button_text'] ) ? esc_attr( $data['button_text'] ) : esc_attr__( 'Upload', 'ultimate-member' ) ) . '">'; - if ( in_array( $key, array( 'profile_photo', 'cover_photo' ) ) ) { + if ( in_array( $key, array( 'profile_photo', 'cover_photo' ), true ) ) { $field_value = ''; } else { $field_value = $this->field_value( $key, $default, $data ); } - $output .= ''; + + $field_name = $key . $form_suffix; + + $output .= ''; if ( isset( $data['label'] ) ) { - $output .= $this->field_label( $label, $key, $data ); + $output .= $this->field_label( $data['label'], $key, $data ); } - $modal_label = ( isset( $data['label'] ) ) ? $data['label'] : __( 'Upload Photo', 'ultimate-member' ); - $output .= '
'; + $modal_label = array_key_exists( 'label', $data ) ? $data['label'] : __( 'Upload Photo', 'ultimate-member' ); + $output .= '
'; - if ( ! empty( $field_value ) && $field_value != 'empty_file' ) { - if ( ! in_array( $key, array( 'profile_photo', 'cover_photo' ) ) ) { - if ( isset( $this->set_mode ) && 'register' == $this->set_mode ) { - $image_info = get_transient("um_{$field_value}"); - } else { - $image_info = um_user( $data['metakey']."_metadata" ); - } + if ( ! empty( $field_value ) && 'empty_file' !== $field_value ) { + if ( ! in_array( $key, array( 'profile_photo', 'cover_photo' ), true ) ) { +// if ( isset( $this->set_mode ) && 'register' === $this->set_mode ) { +// $image_info = get_transient( "um_{$field_value}" ); +// } else { +// $image_info = um_user( $data['metakey'] . '_metadata' ); +// } - if ( ( isset( $this->set_mode ) && $this->set_mode == 'register' ) || file_exists( UM()->uploader()->get_core_temp_dir() . DIRECTORY_SEPARATOR . $field_value ) ) { - $imgValue = UM()->uploader()->get_core_temp_url() . "/" . $this->field_value( $key, $default, $data ); + if ( ( isset( $this->set_mode ) && 'register' === $this->set_mode ) || file_exists( UM()->uploader()->get_core_temp_dir() . DIRECTORY_SEPARATOR . $field_value ) ) { + $img_value = UM()->uploader()->get_core_temp_url() . '/' . $this->field_value( $key, $default, $data ); } else { - $imgValue = UM()->files()->get_download_link( $this->set_id, $key, um_user( 'ID' ) ); + $img_value = UM()->files()->get_download_link( $this->set_id, $key, um_user( 'ID' ) ); } - $img = ''; + $img = ''; } else { $img = ''; } - $output .= '
'; + $output .= '
'; if ( empty( $disabled ) ) { $output .= ''; } $output .= $img; $output .= '
'; if ( empty( $disabled ) ) { - $output .= '' . __( 'Change photo', 'ultimate-member' ) . ''; + $output .= '' . esc_html__( 'Change photo', 'ultimate-member' ) . ''; } - - } else { - $output .= '
'; + $output .= '
'; if ( empty( $disabled ) ) { $output .= ''; } $output .= '
'; if ( empty( $disabled ) ) { - $output .= '' . $button_text . ''; + $output .= '' . esc_html( $data['button_text'] ) . ''; } } $output .= '
'; /* modal hidden */ if ( empty( $disabled ) ) { - if ( ! isset( $allowed_types ) ) { + if ( ! isset( $data['allowed_types'] ) ) { $allowed_types = 'gif,jpg,jpeg,png'; - } elseif ( is_array( $allowed_types ) ) { - $allowed_types = implode( ',', $allowed_types ); + } elseif ( is_array( $data['allowed_types'] ) ) { + $allowed_types = implode( ',', $data['allowed_types'] ); + } else { + $allowed_types = $data['allowed_types']; } $output .= '
'; - $output .= '
' . $modal_label . '
'; + $output .= '
' . esc_html( $modal_label ) . '
'; $output .= '
'; if ( isset( $this->set_id ) ) { $set_id = $this->set_id; @@ -2998,13 +2892,18 @@ if ( ! class_exists( 'um\core\Fields' ) ) { $set_mode = ''; } + $data_icon = ''; + if ( ! empty( $data['icon'] ) && isset( $this->field_icons ) && 'field' === $this->field_icons ) { + $data_icon = ' data-icon="' . esc_attr( $data['icon'] ) . '"'; + } + $nonce = wp_create_nonce( 'um_upload_nonce-' . $this->timestamp ); - $output .= '
'; - $output .= '
' . $button_text . '
'; + $output .= '
'; + $output .= '
' . esc_html( $data['button_text'] ) . '
'; $output .= '
- ' . __( 'Apply', 'ultimate-member' ) . ' - ' . __( 'Cancel', 'ultimate-member' ) . ' + ' . esc_html__( 'Apply', 'ultimate-member' ) . ' + ' . esc_html__( 'Cancel', 'ultimate-member' ) . '
'; @@ -3020,26 +2919,27 @@ if ( ! class_exists( 'um\core\Fields' ) ) { $output .= '
'; break; - /* Single File Upload */ case 'file': $output .= '
get_atts( $key, $classes, $conditional, $data ) . ' data-mode="' . esc_attr( $this->set_mode ) . '" data-upload-label="' . ( ! empty( $data['button_text'] ) ? esc_attr( $data['button_text'] ) : esc_attr__( 'Upload', 'ultimate-member' ) ) . '">'; - $output .= ''; - if ( isset( $data['label'] ) ) { - $output .= $this->field_label( $label, $key, $data ); - } - $modal_label = ( isset( $data['label'] ) ) ? $data['label'] : __( 'Upload File', 'ultimate-member' ); - $output .= '
'; + $field_name = $key . $form_suffix; $file_field_value = $this->field_value( $key, $default, $data ); - if ( ! empty( $file_field_value ) && 'empty_file' !== $file_field_value ) { + $output .= ''; + if ( isset( $data['label'] ) ) { + $output .= $this->field_label( $data['label'], $key, $data ); + } + $modal_label = array_key_exists( 'label', $data ) ? $data['label'] : __( 'Upload File', 'ultimate-member' ); + $output .= '
'; + + if ( ! empty( $file_field_value ) && 'empty_file' !== $file_field_value ) { $file_type = wp_check_filetype( $file_field_value ); if ( um_is_temp_file( $file_field_value ) ) { $file_info = get_transient( "um_{$file_field_value}" ); } else { - $file_info = um_user( $data['metakey'] . "_metadata" ); + $file_info = um_user( $data['metakey'] . '_metadata' ); } $file_field_name = $file_field_value; @@ -3047,41 +2947,44 @@ if ( ! class_exists( 'um\core\Fields' ) ) { $file_field_name = $file_info['original_name']; } - if ( ( isset( $this->set_mode ) && 'register' == $this->set_mode ) || file_exists( UM()->uploader()->get_core_temp_dir() . DIRECTORY_SEPARATOR . $file_field_value ) ) { + if ( ( isset( $this->set_mode ) && 'register' === $this->set_mode ) || file_exists( UM()->uploader()->get_core_temp_dir() . DIRECTORY_SEPARATOR . $file_field_value ) ) { $file_url = UM()->uploader()->get_core_temp_url() . DIRECTORY_SEPARATOR . $file_field_value; $file_dir = UM()->uploader()->get_core_temp_dir() . DIRECTORY_SEPARATOR . $file_field_value; } else { $file_url = UM()->files()->get_download_link( $this->set_id, $key, um_user( 'ID' ) ); - $file_dir = UM()->uploader()->get_upload_base_dir() . um_user( 'ID' ) . DIRECTORY_SEPARATOR . $this->field_value( $key, $default, $data ); + $file_dir = UM()->uploader()->get_upload_base_dir() . um_user( 'ID' ) . DIRECTORY_SEPARATOR . $file_field_value; } - //multisite fix for old customers + // Multisite fix for old customers. if ( ! file_exists( $file_dir ) && is_multisite() ) { $file_dir = str_replace( DIRECTORY_SEPARATOR . 'sites' . DIRECTORY_SEPARATOR . get_current_blog_id() . DIRECTORY_SEPARATOR, DIRECTORY_SEPARATOR, $file_dir ); } if ( file_exists( $file_dir ) ) { - $output .= "
"; + $output .= '
'; if ( empty( $disabled ) ) { - $output .= ""; + $output .= ''; } - $output .= "
- - files()->get_fonticon_bg_by_ext( $file_type['ext'] ) . "\">files()->get_fonticon_by_ext( $file_type['ext'] ) . "\"> - {$file_field_name} - -
"; + + $fonticon_bg = UM()->files()->get_fonticon_bg_by_ext( $file_type['ext'] ); + $fonticon = UM()->files()->get_fonticon_by_ext( $file_type['ext'] ); + + $output .= '
'; + $output .= ''; + $output .= ''; + $output .= '' . esc_html( $file_field_name ) . ''; + $output .= '
'; } else { - $output .= "
" . __('This file has been removed.','ultimate-member') . "
"; + $output .= '
' . esc_html__( 'This file has been removed.', 'ultimate-member' ) . '
'; } if ( empty( $disabled ) ) { - $output .= "" . __( 'Change file', 'ultimate-member' ) . ""; + $output .= '' . esc_html__( 'Change file', 'ultimate-member' ) . ''; } } else { - $output .= "
"; + $output .= '
'; if ( empty( $disabled ) ) { - $output .= "{$button_text}"; + $output .= '' . esc_html( $data['button_text'] ) . ''; } } $output .= '
'; @@ -3090,11 +2993,13 @@ if ( ! class_exists( 'um\core\Fields' ) ) { if ( ! isset( $allowed_types ) ) { $allowed_types = 'pdf,txt'; } elseif ( is_array( $allowed_types ) ) { - $allowed_types = implode( ',', $allowed_types ); + $allowed_types = implode( ',', $data['allowed_types'] ); + } else { + $allowed_types = $data['allowed_types']; } $output .= '
'; - $output .= '
' . $modal_label . '
'; + $output .= '
' . esc_html( $modal_label ) . '
'; $output .= '
'; if ( isset( $this->set_id ) ) { $set_id = $this->set_id; @@ -3112,12 +3017,18 @@ if ( ! class_exists( 'um\core\Fields' ) ) {
'; - $nonce = wp_create_nonce( 'um_upload_nonce-' . $this->timestamp ); - $output .= '
' . $button_text . '
'; + + $data_icon = ''; + if ( ! empty( $data['icon'] ) && isset( $this->field_icons ) && 'field' === $this->field_icons ) { + $data_icon = ' data-icon="' . esc_attr( $data['icon'] ) . '"'; + } + + $nonce = wp_create_nonce( 'um_upload_nonce-' . $this->timestamp ); + $output .= '
' . esc_html( $data['button_text'] ) . '
'; $output .= '
- ' . __( 'Save', 'ultimate-member' ) . ' - ' . __( 'Cancel', 'ultimate-member' ) . ' + ' . esc_html__( 'Save', 'ultimate-member' ) . ' + ' . esc_html__( 'Cancel', 'ultimate-member' ) . '
'; @@ -3127,83 +3038,78 @@ if ( ! class_exists( 'um\core\Fields' ) ) { /* end */ if ( $this->is_error( $key ) ) { $output .= $this->field_error( $this->show_error( $key ) ); - }else if ( $this->is_notice( $key ) ) { + } elseif ( $this->is_notice( $key ) ) { $output .= $this->field_notice( $this->show_notice( $key ) ); } $output .= '
'; break; - /* Select dropdown */ case 'select': - $output .= '
get_atts( $key, $classes, $conditional, $data ) . '>'; - if ( isset( $data['allowclear'] ) && $data['allowclear'] == 0 ) { + $form_key = str_replace( array( 'role_select', 'role_radio' ), 'role', $key ); + $field_id = $form_key; + + $class = 'um-s1'; + if ( isset( $data['allowclear'] ) && 0 === $data['allowclear'] ) { $class = 'um-s2'; - } else { - $class = 'um-s1'; } if ( isset( $data['label'] ) ) { - $output .= $this->field_label( $label, $key, $data ); + $output .= $this->field_label( $data['label'], $key, $data ); } - $output .= '
'; - if ( ! empty( $icon ) && isset( $this->field_icons ) && $this->field_icons == 'field' ) { - $output .= '
'; + $has_icon = ! empty( $data['icon'] ) && isset( $this->field_icons ) && 'field' === $this->field_icons; + + $output .= '
'; + if ( $has_icon ) { + $output .= '
'; } - $options = array(); - $has_parent_option = false; - $disabled_by_parent_option = ''; - $atts_ajax = ''; + $options = array(); + $has_parent_option = false; + $disabled_by_parent_option = ''; + $atts_ajax = ''; $select_original_option_value = ''; - if ( isset( $data[ 'options' ] ) && is_array( $data[ 'options' ] ) ) { - $options = $data[ 'options' ]; + if ( isset( $data['options'] ) && is_array( $data['options'] ) ) { + $options = $data['options']; } if ( ! empty( $data['parent_dropdown_relationship'] ) && ! UM()->user()->preview ) { - - $disabled_by_parent_option = 'disabled = disabled'; - - $has_parent_option = true; + $has_parent_option = true; + $disabled_by_parent_option = ' disabled="disabled" '; /** - * UM hook + * Filters parent dropdown relationship by $form_key. * - * @type filter - * @title um_custom_dropdown_options_parent__{$form_key} - * @description Change parent dropdown relationship by $form_key - * @input_vars - * [{"var":"$parent","type":"string","desc":"Parent dropdown relationship"}, - * {"var":"$data","type":"array","desc":"Field Data"}] - * @change_log - * ["Since: 2.0"] - * @usage add_filter( 'um_custom_dropdown_options_parent__{$form_key}', 'function_name', 10, 2 ); - * @example - * Change parent dropdown relationship. + * function function_name( $parent, $data ) { * // your code here * return $parent; * } - * ?> + * add_filter( 'um_custom_dropdown_options_parent__{$form_key}', 'function_name', 10, 2 ); */ $parent_dropdown_relationship = apply_filters( "um_custom_dropdown_options_parent__{$form_key}", $data['parent_dropdown_relationship'], $data ); - $atts_ajax .= " data-um-parent='{$parent_dropdown_relationship}' "; + $atts_ajax .= ' data-um-parent="' . esc_attr( $parent_dropdown_relationship ) . '" '; - if ( ! empty( $data['custom_dropdown_options_source'] ) && $has_parent_option && function_exists( $data['custom_dropdown_options_source'] ) && - um_user( $data['parent_dropdown_relationship'] ) - ) { + if ( ! empty( $data['custom_dropdown_options_source'] ) && function_exists( $data['custom_dropdown_options_source'] ) && um_user( $data['parent_dropdown_relationship'] ) ) { if ( ! $this->is_source_blacklisted( $data['custom_dropdown_options_source'] ) ) { $options = call_user_func( $data['custom_dropdown_options_source'], $data['parent_dropdown_relationship'] ); } $disabled_by_parent_option = ''; if ( um_user( $form_key ) ) { - $select_original_option_value = " data-um-original-value='" . um_user( $form_key ) . "' "; + $select_original_option_value = ' data-um-original-value="' . esc_attr( um_user( $form_key ) ) . '" '; } } } @@ -3215,8 +3121,7 @@ if ( ! class_exists( 'um\core\Fields' ) ) { // Child dropdown if ( $has_parent_option ) { - if ( ! empty( $data['custom_dropdown_options_source'] ) && $has_parent_option && - function_exists( $data['custom_dropdown_options_source'] ) && isset( UM()->form()->post_form[ $form_key ] ) ) { + if ( ! empty( $data['custom_dropdown_options_source'] ) && function_exists( $data['custom_dropdown_options_source'] ) && isset( UM()->form()->post_form[ $form_key ] ) ) { if ( ! $this->is_source_blacklisted( $data['custom_dropdown_options_source'] ) ) { $options = call_user_func( $data['custom_dropdown_options_source'], $data['parent_dropdown_relationship'] ); } @@ -3224,170 +3129,132 @@ if ( ! class_exists( 'um\core\Fields' ) ) { } if ( ! empty( $data['custom_dropdown_options_source'] ) ) { - /** - * UM hook + * Filters a custom dropdown options source by $form_key. * - * @type filter - * @title um_custom_dropdown_options_source__{$form_key} - * @description Change custom dropdown options source by $form_key - * @input_vars - * [{"var":"$source","type":"string","desc":"Dropdown options source"}, - * {"var":"$data","type":"array","desc":"Field Data"}] - * @change_log - * ["Since: 2.0"] - * @usage add_filter( 'um_custom_dropdown_options_source__{$form_key}', 'function_name', 10, 2 ); - * @example - * Change custom dropdown options source. + * function function_name( $source, $data ) { * // your code here * return $source; * } - * ?> + * add_filter( 'um_custom_dropdown_options_source__{$form_key}', 'function_name', 10, 2 ); */ $ajax_source = apply_filters( "um_custom_dropdown_options_source__{$form_key}", $data['custom_dropdown_options_source'], $data ); - $atts_ajax .= ' data-um-ajax-source="' . esc_attr( $ajax_source ) . '" '; - - /** - * UM hook - * - * @type filter - * @title um_custom_dropdown_options_source_url__{$form_key} - * @description Change custom dropdown options source URL by $form_key - * @input_vars - * [{"var":"$url","type":"string","desc":"Dropdown options source URL"}, - * {"var":"$data","type":"array","desc":"Field Data"}] - * @change_log - * ["Since: 2.0"] - * @usage add_filter( 'um_custom_dropdown_options_source_url__{$form_key}', 'function_name', 10, 2 ); - * @example - * - */ - // todo maybe deprecate -// $ajax_source_url = apply_filters( "um_custom_dropdown_options_source_url__{$form_key}", admin_url( 'admin-ajax.php' ), $data ); -// $atts_ajax .= ' data-um-ajax-url="' . esc_url( $ajax_source_url ) . '" '; - + $atts_ajax .= ' data-um-ajax-source="' . esc_attr( $ajax_source ) . '" '; } - /** - * UM hook - * - * @type filter - * @title um_fields_options_enable_pairs__{$key} - * @description Enable options pairs by field $key - * @input_vars - * [{"var":"$options_pairs","type":"string","desc":"Enable pairs"}] - * @change_log - * ["Since: 2.0"] - * @usage add_filter( 'um_fields_options_enable_pairs__{$key}', 'function_name', 10, 1 ); - * @example - * - */ - $enable_options_pair = apply_filters( "um_fields_options_enable_pairs__{$key}", false ); - if ( ! $has_parent_option ) { - if ( isset( $options ) && $options == 'builtin' ) { - $options = UM()->builtin()->get ( $filter ); + if ( isset( $options ) && 'builtin' === $options ) { + $options = UM()->builtin()->get( $data['filter'] ); } // 'country' - if ( $key === 'country' && empty( $options ) ) { + if ( 'country' === $key && empty( $options ) ) { $options = UM()->builtin()->get( 'countries' ); - } else if ( empty( $options ) && isset( $data['options'] ) ) { + } elseif ( empty( $options ) && isset( $data['options'] ) ) { $options = $data['options']; } + /** + * Filters dropdown options. + * + * @since 2.0 + * @hook um_selectbox_options + * + * @param {array} $options Field options. + * @param {string} $key Field metakey. + * + * @return {array} Field options. + * + * @example Extend dropdown options. + * function my_um_selectbox_options( $options, $key ) { + * // your code here + * return $options; + * } + * add_filter( 'um_selectbox_options', 'my_um_selectbox_options', 10, 2 ); + */ $options = apply_filters( 'um_selectbox_options', $options, $key ); - if ( isset( $options ) ) { /** - * UM hook + * Filters dropdown dynamic options. * - * @type filter - * @title um_select_dropdown_dynamic_options - * @description Extend dropdown dynamic options - * @input_vars - * [{"var":"$options","type":"array","desc":"Dynamic options"}, - * {"var":"$data","type":"array","desc":"Field Data"}] - * @change_log - * ["Since: 2.0"] - * @usage add_filter( 'um_select_dropdown_dynamic_options', 'function_name', 10, 2 ); - * @example - * Extend dropdown dynamic options. * function my_select_dropdown_dynamic_options( $options, $data ) { * // your code here * return $options; * } - * ?> + * add_filter( 'um_select_dropdown_dynamic_options', 'my_select_dropdown_dynamic_options', 10, 2 ); */ $options = apply_filters( 'um_select_dropdown_dynamic_options', $options, $data ); /** - * UM hook + * Filters dropdown dynamic options by field $key. * - * @type filter - * @title um_select_dropdown_dynamic_options_{$key} - * @description Extend dropdown dynamic options by field $key - * @input_vars - * [{"var":"$options","type":"array","desc":"Dynamic options"}] - * @change_log - * ["Since: 2.0"] - * @usage add_filter( 'um_select_dropdown_dynamic_options_{$key}', 'function_name', 10, 1 ); - * @example - * Extend dropdown dynamic options by field $key. * function my_select_dropdown_dynamic_options( $options ) { * // your code here * return $options; * } - * ?> + * add_filter( 'um_select_dropdown_dynamic_options_{$key}', 'my_select_dropdown_dynamic_options', 10, 1 ); */ $options = apply_filters( "um_select_dropdown_dynamic_options_{$key}", $options ); } } - if ( $form_key === 'role' ) { + if ( 'role' === $form_key ) { $options = $this->get_available_roles( $form_key, $options ); } /** - * UM hook + * Filters enable options pair by field $data. * - * @type filter - * @title um_select_option_value - * @description Enable options pair by field $data - * @input_vars - * [{"var":"$options_pair","type":"null","desc":"Enable pairs"}, - * {"var":"$data","type":"array","desc":"Field Data"}] + * @since 2.0 + * @hook um_select_options_pair + * + * @param {bool|null} $options_pair Enable pairs. + * @param {array} $data Field Data. + * + * @return {bool} Enable pairs. + * + * @example Enable options pair. + * function my_um_select_options_pair( $options_pair, $data ) { + * // your code here + * return $options_pair; + * } + * add_filter( 'um_select_options_pair', 'my_um_select_options_pair', 10, 2 ); */ $options_pair = apply_filters( 'um_select_options_pair', null, $data ); - // switch options pair for custom options from a callback function + // Switch options pair for custom options from a callback function. if ( ! empty( $data['custom_dropdown_options_source'] ) ) { $options_pair = true; } $field_value = ''; - if ( ! empty( $placeholder ) && is_string( $placeholder ) ) { - $placeholder = strip_tags( $placeholder ); - } - - $output .= ''; $output .= ''; // add options @@ -3396,34 +3263,30 @@ if ( ! class_exists( 'um\core\Fields' ) ) { $v = rtrim( $v ); - $option_value = $v; + $option_value = $v; $um_field_checkbox_item_title = $v; - - if ( ! is_numeric( $k ) && in_array( $form_key, array( 'role' ) ) || - ( $this->set_mode == 'account' || um_is_core_page( 'account' ) ) ) { + if ( ( ! is_numeric( $k ) && 'role' === $form_key ) || ( 'account' === $this->set_mode || um_is_core_page( 'account' ) ) ) { $option_value = $k; - $um_field_checkbox_item_title = $v; } if ( isset( $options_pair ) ) { $option_value = $k; - $um_field_checkbox_item_title = $v; } $option_value = $this->filter_field_non_utf8_value( $option_value ); - $output .= ''; + $output .= '>' . esc_html__( $um_field_checkbox_item_title, 'ultimate-member' ) . ''; } } @@ -3435,70 +3298,68 @@ if ( ! class_exists( 'um\core\Fields' ) ) { $output .= '
'; - if ( $this->is_error( $form_key ) ) { $output .= $this->field_error( $this->show_error( $form_key ) ); } elseif ( $this->is_notice( $form_key ) ) { $output .= $this->field_notice( $this->show_notice( $form_key ) ); } - $output .= '
'; break; - /* Multi-Select dropdown */ case 'multiselect': + $options = array(); + if ( isset( $data['options'] ) && is_array( $data['options'] ) ) { + $options = $data['options']; + } + $max_selections = isset( $data['max_selections'] ) ? absint( $data['max_selections'] ) : 0; - $max_selections = ( isset( $max_selections ) ) ? absint( $max_selections ) : 0; + $field_id = $key; + $field_name = $key; $output .= '
get_atts( $key, $classes, $conditional, $data ) . '>'; - if ( isset( $data['allowclear'] ) && $data['allowclear'] == 0 ) { + $class = 'um-s1'; + if ( isset( $data['allowclear'] ) && 0 === $data['allowclear'] ) { $class = 'um-s2'; - } else { - $class = 'um-s1'; } if ( isset( $data['label'] ) ) { - $output .= $this->field_label( $label, $key, $data ); + $output .= $this->field_label( $data['label'], $key, $data ); } - $field_icon = false; - $field_icon_output = ''; - /** - * UM hook + * Filters multiselect keyword data. * - * @type filter - * @title um_multiselect_option_value - * @description Change multiselect keyword data - * @input_vars - * [{"var":"$keyword","type":"int","desc":"Option Value"}, - * {"var":"$type","type":"string","desc":"Field Type"}] - * @change_log - * ["Since: 2.0"] - * @usage add_filter( 'um_multiselect_option_value', 'function_name', 10, 2 ); - * @example - * Change multiselect keyword data. Enable it. * function my_multiselect_option_value( $keyword, $type ) { * // your code here + * $keyword = 1; * return $keyword; * } - * ?> + * add_filter( 'um_multiselect_option_value', 'my_multiselect_option_value', 10, 2 ); */ - $use_keyword = apply_filters( 'um_multiselect_option_value', 0, $data['type'] ); + $use_keyword = apply_filters( 'um_multiselect_option_value', 0, $type ); - $output .= '
'; - if ( ! empty( $icon ) && isset( $this->field_icons ) && $this->field_icons == 'field') { - $output .= '
'; + $has_icon = ! empty( $data['icon'] ) && isset( $this->field_icons ) && 'field' === $this->field_icons; + + $output .= '
'; + if ( $has_icon ) { + $output .= '
'; } $output .= 'is_radio_checked( $key, $option_value, $data ) ) { - $output .= 'checked'; + $output .= 'checked'; $field_value[ $key ] = $option_value; } @@ -3774,10 +3614,9 @@ if ( ! class_exists( 'um\core\Fields' ) ) { $output .= '' . esc_html__( $um_field_checkbox_item_title, 'ultimate-member' ) . ''; $output .= ''; - if ( $i % 2 == 0 ) { + if ( 0 === $i % 2 ) { $output .= '
'; } - } } @@ -3793,79 +3632,73 @@ if ( ! class_exists( 'um\core\Fields' ) ) { if ( $this->is_error( $key ) ) { $output .= $this->field_error( $this->show_error( $key ) ); - }else if ( $this->is_notice( $key ) ) { + } elseif ( $this->is_notice( $key ) ) { $output .= $this->field_notice( $this->show_notice( $key ) ); } $output .= '
'; break; - /* Checkbox */ case 'checkbox': - - if ( isset( $options ) ) { - /** - * UM hook - * - * @type filter - * @title um_checkbox_field_options - * @description Extend checkbox options - * @input_vars - * [{"var":"$options","type":"array","desc":"Checkbox Options"}, - * {"var":"$data","type":"array","desc":"Field Data"}] - * @change_log - * ["Since: 2.0"] - * @usage add_filter( 'um_checkbox_field_options', 'function_name', 10, 2 ); - * @example - * - */ - $options = apply_filters( 'um_checkbox_field_options', $options, $data ); - /** - * UM hook - * - * @type filter - * @title um_checkbox_field_options_{$key} - * @description Extend checkbox options by field $key - * @input_vars - * [{"var":"$options","type":"array","desc":"Checkbox Options"}] - * @change_log - * ["Since: 2.0"] - * @usage add_filter( 'um_checkbox_field_options_{$key}', 'function_name', 10, 1 ); - * @example - * - */ - $options = apply_filters( "um_checkbox_field_options_{$key}", $options ); + $options = array(); + if ( isset( $data['options'] ) && is_array( $data['options'] ) ) { + $options = $data['options']; } + /** + * Filters checkbox options. + * + * @since 1.3.x + * @hook um_checkbox_field_options + * + * @param {array} $options Checkbox Options. + * @param {array} $data Field Data. + * + * @return {array} Checkbox Options. + * + * @example Extend checkbox options. + * function um_checkbox_field_options( $options, $data ) { + * // your code here + * return $options; + * } + * add_filter( 'um_checkbox_field_options', 'um_checkbox_field_options', 10, 2 ); + */ + $options = apply_filters( 'um_checkbox_field_options', $options, $data ); + /** + * Filters checkbox options by field $key. + * + * @since 1.3.x + * @hook um_checkbox_field_options_{$key} + * + * @param {array} $options Checkbox Options. + * + * @return {array} Checkbox Options. + * + * @example Extend checkbox options. + * function my_checkbox_options( $options ) { + * // your code here + * return $options; + * } + * add_filter( 'um_checkbox_field_options_{$key}', 'my_checkbox_options', 10, 1 ); + */ + $options = apply_filters( "um_checkbox_field_options_{$key}", $options ); + $output .= '
get_atts( $key, $classes, $conditional, $data ) . '>'; if ( isset( $data['label'] ) ) { - $output .= $this->field_label( $label, $key, $data ); + $output .= $this->field_label( $data['label'], $key, $data ); } $output .= '
'; - // add options + // Add options. $i = 0; - foreach ( $options as $k => $v ) { $v = rtrim( $v ); $i++; - if ( $i % 2 == 0 ) { + if ( 0 === $i % 2 ) { $col_class = ' right '; } else { $col_class = ''; @@ -3873,14 +3706,14 @@ if ( ! class_exists( 'um\core\Fields' ) ) { if ( $this->is_selected( $key, $v, $data ) ) { $active = 'active'; - $class = "um-icon-android-checkbox-outline"; + $class = 'um-icon-android-checkbox-outline'; } else { $active = ''; - $class = "um-icon-android-checkbox-outline-blank"; + $class = 'um-icon-android-checkbox-outline-blank'; } - if ( isset( $data['editable'] ) && $data['editable'] == 0 ) { - $col_class .= " um-field-radio-state-disabled"; + if ( isset( $data['editable'] ) && 0 === $data['editable'] ) { + $col_class .= ' um-field-radio-state-disabled'; } $output .= ''; - if ( $i % 2 == 0 ) { + if ( 0 === $i % 2 ) { $output .= '
'; } - } $output .= '
'; - $output .= '
'; - if ( $this->is_error( $key ) ) { $output .= $this->field_error( $this->show_error( $key ) ); - }else if ( $this->is_notice( $key ) ) { + } elseif ( $this->is_notice( $key ) ) { $output .= $this->field_notice( $this->show_notice( $key ) ); } $output .= '
'; break; - /* HTML */ case 'block': + $content = array_key_exists( 'content', $data ) ? $data['content'] : ''; + // @todo WP_KSES for $content $output .= '
get_atts( $key, $classes, $conditional, $data ) . '>' . $content . '
'; break; - /* Shortcode */ case 'shortcode': - + $content = array_key_exists( 'content', $data ) ? $data['content'] : ''; $content = str_replace( '{profile_id}', um_profile_id(), $content ); - if ( version_compare( get_bloginfo('version'),'5.4', '<' ) ) { - $content = do_shortcode( $content ); - } else { - $content = apply_shortcodes( $content ); - } - + $content = apply_shortcodes( $content ); + // @todo WP_KSES for $content $output .= '
get_atts( $key, $classes, $conditional, $data ) . '>' . $content . '
'; break; - /* Unlimited Group */ case 'group': - $fields = $this->get_fields_in_group( $key ); if ( ! empty( $fields ) ) { - $output .= '
-
' . esc_html__( $label, 'ultimate-member' ) . '
'; + $output .= '
+
' . esc_html__( $data['label'], 'ultimate-member' ) . '
'; $output .= '
'; foreach ( $fields as $subkey => $subdata ) { @@ -3986,33 +3809,28 @@ if ( ! class_exists( 'um\core\Fields' ) ) { $output .= '
'; } - break; - } - // Custom filter for field output + // Custom filter for field output. if ( isset( $this->set_mode ) ) { /** - * UM hook + * Filters change field HTML on edit mode by field $key. * - * @type filter - * @title um_{$key}_form_edit_field - * @description Change field HTML on edit mode by field $key - * @input_vars - * [{"var":"$output","type":"string","desc":"Field HTML"}, - * {"var":"$mode","type":"string","desc":"Fields Mode"}] - * @change_log - * ["Since: 2.0"] - * @usage add_filter( 'um_{$key}_form_edit_field', 'function_name', 10, 2 ); - * @example - * Change field HTML. + * function um_checkbox_field_options( $output, $mode ) { * // your code here * return $output; * } - * ?> + * add_filter( 'um_{$key}_form_edit_field', 'my_form_edit_field', 10, 2 ); */ $output = apply_filters( "um_{$key}_form_edit_field", $output, $this->set_mode ); } @@ -4020,7 +3838,6 @@ if ( ! class_exists( 'um\core\Fields' ) ) { return $output; } - /** * Filter for user roles * @@ -4029,7 +3846,7 @@ if ( ! class_exists( 'um\core\Fields' ) ) { * @return array */ function get_available_roles( $form_key, $options = array() ) { - if ( $form_key != 'role' ) { + if ( 'role' !== $form_key ) { return $options; } @@ -4355,52 +4172,42 @@ if ( ! class_exists( 'um\core\Fields' ) ) { * @return string|null * @throws \Exception */ - function view_field( $key, $data, $rule = false ) { + public function view_field( $key, $data, $rule = false ) { $output = ''; - // get whole field data + // Get whole field data. if ( is_array( $data ) ) { $data = $this->get_field( $key ); - - if ( is_array( $data ) ) { - /** - * @var $visibility - * @var $type - * @var $default - * @var $classes - * @var $conditional - * @var $content - * @var $divider_text - * @var $spacing - * @var $borderwidth - * @var $borderstyle - * @var $bordercolor - * @var $label - */ - extract( $data ); - } } //hide if empty type - if ( ! isset( $data['type'] ) ) { + if ( ! array_key_exists( 'type', $data ) || empty( $data['type'] ) ) { + return ''; + } + $type = $data['type']; + + if ( isset( $data['in_group'] ) && '' !== $data['in_group'] && 'group' !== $rule ) { return ''; } - if ( isset( $data['in_group'] ) && $data['in_group'] != '' && $rule != 'group' ) { + // Invisible on profile page. + if ( 'password' === $type || ( array_key_exists( 'visibility', $data ) && 'edit' === $data['visibility'] ) ) { return ''; } - //invisible on profile page - if ( $visibility == 'edit' || $type == 'password' ) { + // Disable these fields in profile view only. + if ( 'user_password' === $key && 'profile' === $this->set_mode ) { return ''; } - //hide if empty + $default = array_key_exists( 'default', $data ) ? $data['default'] : false; + + // Hide if empty. $fields_without_metakey = UM()->builtin()->get_fields_without_metakey(); - if ( ! in_array( $type, $fields_without_metakey ) ) { + if ( ! in_array( $type, $fields_without_metakey, true ) ) { $_field_value = $this->field_value( $key, $default, $data ); - if ( ! isset( $_field_value ) || $_field_value == '' ) { + if ( ! isset( $_field_value ) || '' === $_field_value ) { return ''; } } @@ -4409,31 +4216,26 @@ if ( ! class_exists( 'um\core\Fields' ) ) { return ''; } - // disable these fields in profile view only - if ( in_array( $key, array( 'user_password' ) ) && $this->set_mode == 'profile' ) { - return ''; - } - if ( ! um_field_conditions_are_met( $data ) ) { return ''; } + $classes = ''; + if ( ! empty( $data['classes'] ) ) { + $classes = explode( ' ', $data['classes'] ); + } - if ( isset( $data['classes'] ) ) { - $classes = explode( " ", $data['classes'] ); + $conditional = ''; + if ( ! empty( $data['conditional'] ) ) { + $conditional = $data['conditional']; } switch ( $type ) { - /* Default */ default: - $_field_value = $this->field_value( $key, $default, $data ); - if ( ! in_array( $type, $fields_without_metakey ) && ( ! isset( $_field_value ) || $_field_value == '' ) ) { - $output = ''; - } else { - + if ( ( isset( $_field_value ) && '' !== $_field_value ) || in_array( $type, $fields_without_metakey, true ) ) { $output .= '
get_atts( $key, $classes, $conditional, $data ) . '>'; if ( isset( $data['label'] ) || ! empty( $data['icon'] ) ) { @@ -4445,8 +4247,7 @@ if ( ! class_exists( 'um\core\Fields' ) ) { $output .= $this->field_label( $data['label'], $key, $data ); } - $res = $this->field_value( $key, $default, $data ); - + $res = $_field_value; if ( ! empty( $res ) ) { $res = stripslashes( $res ); } @@ -4461,54 +4262,49 @@ if ( ! class_exists( 'um\core\Fields' ) ) { } $data['is_view_field'] = true; + /** - * UM hook + * Filters the inner field HTML on view mode. * - * @type filter - * @title um_view_field - * @description Change field HTML on view mode - * @input_vars - * [{"var":"$output","type":"string","desc":"Field HTML"}, - * {"var":"$data","type":"string","desc":"Field Data"}, - * {"var":"$type","type":"string","desc":"Field Type"}] - * @change_log - * ["Since: 2.0"] - * @usage add_filter( 'um_view_field', 'function_name', 10, 3 ); - * @example - * Change field's inner HTML on view mode. + * function my_view_field( $output, $data, $type ) { * // your code here * return $output; * } - * ?> + * add_filter( 'um_view_field', 'my_view_field', 10, 3 ); */ $res = apply_filters( 'um_view_field', $res, $data, $type ); /** - * UM hook + * Filters the inner field HTML on view mode by field type {$type}. * - * @type filter - * @title um_view_field_value_{$type} - * @description Change field HTML on view mode by field type - * @input_vars - * [{"var":"$output","type":"string","desc":"Field HTML"}, - * {"var":"$data","type":"string","desc":"Field Data"}] - * @change_log - * ["Since: 2.0"] - * @usage add_filter( 'um_view_field_value_{$type}', 'function_name', 10, 2 ); - * @example - * Change field HTML on view mode by field type. + * function my_view_field( $output, $data ) { * // your code here * return $output; * } - * ?> + * add_filter( 'um_view_field_value_{$type}', 'my_view_field', 10, 2 ); */ $res = apply_filters( "um_view_field_value_{$type}", $res, $data ); $id_attr = ''; - if ( ! in_array( $type, $fields_without_metakey ) ) { + if ( ! in_array( $type, $fields_without_metakey, true ) ) { $id_attr = ' id="' . esc_attr( $key . UM()->form()->form_suffix ) . '"'; } @@ -4524,109 +4320,116 @@ if ( ! class_exists( 'um\core\Fields' ) ) { } break; - - /* HTML */ + /* HTML */ case 'block': + $content = array_key_exists( 'content', $data ) ? $data['content'] : ''; $output .= '
get_atts( $key, $classes, $conditional, $data ) . '>' . $content . '
'; break; - - /* Shortcode */ + /* Shortcode */ case 'shortcode': - + $content = array_key_exists( 'content', $data ) ? $data['content'] : ''; $content = str_replace( '{profile_id}', um_profile_id(), $content ); - if ( version_compare( get_bloginfo('version'),'5.4', '<' ) ) { - $content = do_shortcode( $content ); - } else { - $content = apply_shortcodes( $content ); - } + $content = apply_shortcodes( $content ); $output .= '
get_atts( $key, $classes, $conditional, $data ) . '>' . $content . '
'; break; - - /* Gap/Space */ + /* Gap/Space */ case 'spacing': - $output .= '
get_atts( $key, $classes, $conditional, $data, array( 'height' => $spacing ) ) . '>
'; + $field_style = array(); + if ( array_key_exists( 'spacing', $data ) ) { + $field_style = array( 'height' => $data['spacing'] ); + } + $output .= '
get_atts( $key, $classes, $conditional, $data, $field_style ) . '>
'; break; - - /* A line divider */ + /* A line divider */ case 'divider': - $output .= '
get_atts( $key, $classes, $conditional, $data, array( 'border-bottom' => $borderwidth . 'px ' . $borderstyle . ' ' . $bordercolor ) ) . '>'; - if ( $divider_text ) { - $output .= '
' . $divider_text . '
'; + $border_style = ''; + if ( array_key_exists( 'borderwidth', $data ) ) { + $border_style .= $data['borderwidth'] . 'px'; + } + if ( array_key_exists( 'borderstyle', $data ) ) { + $border_style .= ' ' . $data['borderstyle']; + } + if ( array_key_exists( 'bordercolor', $data ) ) { + $border_style .= ' ' . $data['bordercolor']; + } + $field_style = array(); + if ( ! empty( $border_style ) ) { + $field_style = array( 'border-bottom' => $border_style ); + } + $output .= '
get_atts( $key, $classes, $conditional, $data, $field_style ) . '>'; + if ( ! empty( $data['divider_text'] ) ) { + $output .= '
' . esc_html( $data['divider_text'] ) . '
'; } $output .= '
'; break; - - /* Rating */ + /* Rating */ case 'rating': - $output .= '
get_atts( $key, $classes, $conditional, $data ) . '>'; if ( isset( $data['label'] ) || ! empty( $data['icon'] ) ) { - $output .= $this->field_label( $label, $key, $data ); + $output .= $this->field_label( $data['label'], $key, $data ); } - ob_start(); ?> + $number = 5; + if ( array_key_exists( 'number', $data ) && in_array( absint( $data['number'] ), array( 5, 10 ), true ) ) { + $number = $data['number']; + } + ob_start(); + ?>
-
+
- '; - break; - } - // Custom filter for field output + // Custom filter for field output. if ( isset( $this->set_mode ) ) { /** - * UM hook + * Filters outer field HTML by field $key. * - * @type filter - * @title um_{$key}_form_show_field - * @description Change field HTML by field $key - * @input_vars - * [{"var":"$output","type":"string","desc":"Field HTML"}, - * {"var":"$mode","type":"string","desc":"Form Mode"}] - * @change_log - * ["Since: 2.0"] - * @usage add_filter( 'um_{$key}_form_show_field', 'function_name', 10, 2 ); - * @example - * Change field outer HTML by field $key. * function my_form_show_field( $output, $mode ) { * // your code here * return $output; * } - * ?> + * add_filter( 'um_{$key}_form_show_field', 'my_form_show_field', 10, 2 ); */ $output = apply_filters( "um_{$key}_form_show_field", $output, $this->set_mode ); /** - * UM hook + * Filters outer field HTML by field $type. * - * @type filter - * @title um_{$type}_form_show_field - * @description Change field HTML by field $type - * @input_vars - * [{"var":"$output","type":"string","desc":"Field HTML"}, - * {"var":"$mode","type":"string","desc":"Form Mode"}] - * @change_log - * ["Since: 2.0"] - * @usage add_filter( 'um_{$type}_form_show_field', 'function_name', 10, 2 ); - * @example - * Change field outer HTML by field $type. * function my_form_show_field( $output, $mode ) { * // your code here * return $output; * } - * ?> + * add_filter( 'um_{$type}_form_show_field', 'my_form_show_field', 10, 2 ); */ $output = apply_filters( "um_{$type}_form_show_field", $output, $this->set_mode ); } @@ -4865,180 +4668,164 @@ if ( ! class_exists( 'um\core\Fields' ) ) { return $output; } - /** - * Get new row in form + * Get new row in form. * - * @param string $row_id - * @param array $row_array + * @param string $row_id + * @param array $row_array * * @return string */ - function new_row_output( $row_id, $row_array ) { - $output = null; - extract( $row_array ); + public function new_row_output( $row_id, $row_array ) { + $output = ''; - $padding = ( isset( $padding ) ) ? $padding : ''; - $margin = ( isset( $margin ) ) ? $margin : ''; - $background = ( isset( $background ) ) ? $background : ''; - $text_color = ( isset( $text_color ) ) ? $text_color : ''; - $borderradius = ( isset( $borderradius ) ) ? $borderradius : ''; - $border = ( isset( $border ) ) ? $border : ''; - $bordercolor = ( isset( $bordercolor ) ) ? $bordercolor : ''; - $borderstyle = ( isset( $borderstyle ) ) ? $borderstyle : ''; - $heading = ( isset( $heading ) ) ? $heading : ''; - $css_class = ( isset( $css_class ) ) ? $css_class : ''; + $background = array_key_exists( 'background', $row_array ) ? $row_array['background'] : ''; + $text_color = array_key_exists( 'text_color', $row_array ) ? $row_array['text_color'] : ''; + $padding = array_key_exists( 'padding', $row_array ) ? $row_array['padding'] : ''; + $margin = array_key_exists( 'margin', $row_array ) ? $row_array['margin'] : ''; + $border = array_key_exists( 'border', $row_array ) ? $row_array['border'] : ''; + $borderradius = array_key_exists( 'borderradius', $row_array ) ? $row_array['borderradius'] : ''; + $borderstyle = array_key_exists( 'borderstyle', $row_array ) ? $row_array['borderstyle'] : ''; + $bordercolor = array_key_exists( 'bordercolor', $row_array ) ? $row_array['bordercolor'] : ''; + $heading = ! empty( $row_array['heading'] ); + $css_class = array_key_exists( 'css_class', $row_array ) ? $row_array['css_class'] : ''; + + $css_borderradius = ''; + + // Row CSS rules. + $css_background = ''; + if ( ! empty( $background ) ) { + $css_background = 'background-color: ' . esc_attr( $background ) . ';'; + } + + $css_text_color = ''; + if ( ! empty( $text_color ) ) { + $css_text_color = 'color: ' . esc_attr( $text_color ) . ' !important;'; + $css_class .= ' um-customized-row'; + } $css_padding = ''; - $css_margin = ''; - $css_background = ''; - $css_borderradius = ''; + if ( ! empty( $padding ) ) { + $css_padding = 'padding: ' . esc_attr( $padding ) . ';'; + } + + $css_margin = 'margin: 0 0 30px 0;'; + if ( ! empty( $margin ) ) { + $css_margin = 'margin: ' . esc_attr( $margin ) . ';'; + } + $css_border = ''; - $css_bordercolor = ''; + if ( ! empty( $border ) ) { + $css_border = 'border-width: ' . esc_attr( $border ) . ';'; + } + $css_borderstyle = ''; - $css_heading_background_color = ''; - $css_heading_padding = ''; - $css_heading_text_color = ''; - $css_heading_borderradius = ''; - $css_text_color = ''; - - // row css rules - if ( $padding ) { - $css_padding = 'padding: ' . $padding . ';'; - } - if ( $margin ) { - $css_margin = 'margin: ' . $margin . ';'; - } else { - $css_margin = 'margin: 0 0 30px 0;'; + if ( ! empty( $borderstyle ) ) { + $css_borderstyle = 'border-style: ' . esc_attr( $borderstyle ) . ';'; } - if ( $background ) { - $css_background = 'background-color: ' . $background . ';'; - } - if ( $borderradius ) { - $css_borderradius = 'border-radius: 0px 0px ' . $borderradius . ' ' . $borderradius . ';'; - } - if ( $border ) { - $css_border = 'border-width: ' . $border . ';'; - } - if ( $bordercolor ) { - $css_bordercolor = 'border-color: ' . $bordercolor . ';'; - } - if ( $borderstyle ) { - $css_borderstyle = 'border-style: ' . $borderstyle . ';'; - } - if ( $text_color ) { - $css_text_color = 'color: ' . $text_color . ' !important;'; - $css_class .= ' um-customized-row'; + $css_bordercolor = ''; + if ( ! empty( $bordercolor ) ) { + $css_bordercolor = 'border-color: ' . esc_attr( $bordercolor ) . ';'; } - // show the heading + // Show the heading. if ( $heading ) { - - if ( ! empty( $heading_background_color ) ) { - $css_heading_background_color = "background-color: $heading_background_color;"; - $css_heading_padding = 'padding: 10px 15px;'; + if ( ! empty( $borderradius ) ) { + $css_borderradius = 'border-radius: 0px 0px ' . esc_attr( $borderradius ) . ' ' . esc_attr( $borderradius ) . ';'; } - $css_heading_borderradius = empty( $borderradius ) ? '' : "border-radius: $borderradius $borderradius 0px 0px;"; - $css_heading_border = $css_border . $css_borderstyle . $css_bordercolor . $css_heading_borderradius . 'border-bottom-width: 0px;'; - $css_heading_margin = $css_margin . 'margin-bottom: 0px;'; - $css_heading_text_color = empty( $heading_text_color ) ? '' : "color: $heading_text_color;"; - $css_icon_color = empty( $icon_color ) ? '' : "color: $icon_color;"; - - $output .= '
'; - - if ( ! empty( $icon ) ) { - $output .= ''; + $css_heading_background_color = ''; + $css_heading_padding = ''; + if ( ! empty( $row_array['heading_background_color'] ) ) { + $css_heading_background_color = 'background-color: ' . $row_array['heading_background_color'] . ';'; + $css_heading_padding = 'padding: 10px 15px;'; } - if ( ! empty( $heading_text ) ) { - $output .= htmlspecialchars( $heading_text ); + + $css_heading_borderradius = ! empty( $borderradius ) ? 'border-radius: ' . esc_attr( $borderradius ) . ' ' . esc_attr( $borderradius ) . ' 0px 0px;' : ''; + $css_heading_border = $css_border . $css_borderstyle . $css_bordercolor . $css_heading_borderradius . 'border-bottom-width: 0px;'; + $css_heading_margin = $css_margin . 'margin-bottom: 0px;'; + $css_heading_text_color = ! empty( $row_array['heading_text_color'] ) ? 'color: ' . esc_attr( $row_array['heading_text_color'] ) . ';' : ''; + + $output .= '
'; + + if ( ! empty( $row_array['icon'] ) ) { + $css_icon_color = ! empty( $row_array['icon_color'] ) ? 'color: ' . esc_attr( $row_array['icon_color'] ) . ';' : ''; + $output .= ''; + } + + if ( ! empty( $row_array['heading_text'] ) ) { + $output .= esc_html( $row_array['heading_text'] ); } $output .= '
'; $css_border .= 'border-top-width: 0px;'; $css_margin .= 'margin-top: 0px;'; - } else { - - // no heading - $css_borderradius = empty( $borderradius ) ? '' : "border-radius: $borderradius;"; - + // No heading. + if ( ! empty( $borderradius ) ) { + $css_borderradius = 'border-radius: ' . esc_attr( $borderradius ) . ';'; + } } - $output .= '
'; - + $output .= '
'; return $output; } - /** - * + * Admin Builder silent AJAX handler for actions with fields. */ - function do_ajax_action() { + public function do_ajax_action() { UM()->admin()->check_ajax_nonce(); + // phpcs:disable WordPress.Security.NonceVerification if ( ! is_user_logged_in() || ! current_user_can( 'manage_options' ) ) { - wp_send_json_error( __( 'Please login as administrator', 'ultimate-member' ) ); + wp_send_json_error( __( 'Please login as administrator.', 'ultimate-member' ) ); } - /** - * @var $in_row - * @var $in_sub_row - * @var $in_column - * @var $in_group - * @var $act_id - * @var $arg1 - * @var $arg2 - */ - extract( $_POST ); - - $output = null; - - $position = array(); - if ( ! empty( $in_column ) ) { - $position['in_row'] = '_um_row_' . ( (int) $in_row + 1 ); - $position['in_sub_row'] = $in_sub_row; - $position['in_column'] = $in_column; - $position['in_group'] = $in_group; + if ( ! isset( $_POST['act_id'] ) ) { + wp_send_json_error( __( 'Invalid action.', 'ultimate-member' ) ); } - switch ( $act_id ) { + $in_row = isset( $_POST['in_row'] ) ? absint( $_POST['in_row'] ) : 0; + $position = array( + 'in_row' => '_um_row_' . ( $in_row + 1 ), + 'in_sub_row' => isset( $_POST['in_sub_row'] ) ? absint( $_POST['in_sub_row'] ) : '', + 'in_column' => isset( $_POST['in_column'] ) ? absint( $_POST['in_column'] ) : '', + 'in_group' => isset( $_POST['in_group'] ) ? absint( $_POST['in_group'] ) : '', + ); + switch ( sanitize_key( $_POST['act_id'] ) ) { case 'um_admin_duplicate_field': - $this->duplicate_field( $arg1, $arg2 ); + // arg1 is a field metakey(id) + // arg2 is a form ID. + $this->duplicate_field( sanitize_text_field( $_POST['arg1'] ), absint( $_POST['arg2'] ) ); break; - case 'um_admin_remove_field_global': - $this->delete_field_from_db( $arg1 ); + // arg1 is a field metakey(id) + $this->delete_field_from_db( sanitize_text_field( $_POST['arg1'] ) ); break; - case 'um_admin_remove_field': - $this->delete_field_from_form( $arg1, $arg2 ); + // arg1 is a field metakey(id) + // arg2 is a form ID. + $this->delete_field_from_form( sanitize_text_field( $_POST['arg1'] ), absint( $_POST['arg2'] ) ); break; - case 'um_admin_add_field_from_predefined': - $this->add_field_from_predefined( $arg1, $arg2, $position ); + // arg1 is a field metakey(id) + // arg2 is a form ID. + $this->add_field_from_predefined( sanitize_text_field( $_POST['arg1'] ), absint( $_POST['arg2'] ), $position ); break; - case 'um_admin_add_field_from_list': - $this->add_field_from_list( $arg1, $arg2, $position ); + // arg1 is a field metakey(id) + // arg2 is a form ID. + $this->add_field_from_list( sanitize_text_field( $_POST['arg1'] ), absint( $_POST['arg2'] ), $position ); break; - } - - if ( is_array( $output ) ) { - print_r( $output ); - } else { - echo $output; - } - die; - + // phpcs:enable WordPress.Security.NonceVerification + wp_send_json_success(); } - - /** * Get rendered field attributes * diff --git a/includes/core/class-files.php b/includes/core/class-files.php index 8a702456..834db12d 100644 --- a/includes/core/class-files.php +++ b/includes/core/class-files.php @@ -1,12 +1,12 @@ check_ajax_nonce(); - - /** - * @var $key - * @var $src - * @var $coord - * @var $user_id - */ - extract( $_REQUEST ); - - if ( ! isset( $src ) || ! isset( $coord ) ) { + // phpcs:disable WordPress.Security.NonceVerification -- verified by the `check_ajax_nonce()` + if ( ! isset( $_REQUEST['src'], $_REQUEST['coord'], $_REQUEST['key'] ) ) { wp_send_json_error( esc_js( __( 'Invalid parameters', 'ultimate-member' ) ) ); } - $coord_n = substr_count( $coord, "," ); - if ( $coord_n != 3 ) { + $coord_n = substr_count( $_REQUEST['coord'], ',' ); + if ( 3 !== $coord_n ) { wp_send_json_error( esc_js( __( 'Invalid coordinates', 'ultimate-member' ) ) ); } + $key = sanitize_text_field( $_REQUEST['key'] ); + $coord = sanitize_text_field( $_REQUEST['coord'] ); $user_id = empty( $_REQUEST['user_id'] ) ? get_current_user_id() : absint( $_REQUEST['user_id'] ); UM()->fields()->set_id = isset( $_POST['set_id'] ) ? absint( $_POST['set_id'] ) : null; UM()->fields()->set_mode = isset( $_POST['set_mode'] ) ? sanitize_text_field( $_POST['set_mode'] ) : null; - if ( UM()->fields()->set_mode != 'register' && ! UM()->roles()->um_current_user_can( 'edit', $user_id ) ) { + if ( 'register' !== UM()->fields()->set_mode && ! UM()->roles()->um_current_user_can( 'edit', $user_id ) ) { $ret['error'] = esc_js( __( 'You have no permission to edit this user', 'ultimate-member' ) ); wp_send_json_error( $ret ); } - $src = esc_url_raw( $src ); - + $src = esc_url_raw( $_REQUEST['src'] ); $image_path = um_is_file_owner( $src, $user_id, true ); if ( ! $image_path ) { wp_send_json_error( esc_js( __( 'Invalid file ownership', 'ultimate-member' ) ) ); } UM()->uploader()->replace_upload_dir = true; - $output = UM()->uploader()->resize_image( $image_path, $src, sanitize_text_field( $key ), $user_id, sanitize_text_field( $coord ) ); + + $output = UM()->uploader()->resize_image( $image_path, $src, $key, $user_id, $coord ); + UM()->uploader()->replace_upload_dir = false; delete_option( "um_cache_userdata_{$user_id}" ); - + // phpcs:enable WordPress.Security.NonceVerification -- verified by the `check_ajax_nonce()` wp_send_json_success( $output ); } - /** * Image upload by AJAX * diff --git a/includes/core/class-form.php b/includes/core/class-form.php index 626047f1..76ce15f8 100644 --- a/includes/core/class-form.php +++ b/includes/core/class-form.php @@ -63,58 +63,43 @@ if ( ! class_exists( 'um\core\Form' ) ) { add_action( 'init', array( &$this, 'field_declare' ), 10 ); } - /** * */ public function ajax_muted_action() { UM()->check_ajax_nonce(); + // phpcs:disable WordPress.Security.NonceVerification + if ( ! isset( $_REQUEST['hook'] ) ) { + die( esc_html__( 'Invalid hook', 'ultimate-member' ) ); + } + + if ( isset( $_REQUEST['user_id'] ) ) { + $user_id = absint( $_REQUEST['user_id'] ); + } + if ( ! isset( $user_id ) || ! UM()->roles()->um_current_user_can( 'edit', $user_id ) ) { + die( esc_html__( 'You can not edit this user.', 'ultimate-member' ) ); + } + + $hook = sanitize_key( $_REQUEST['hook'] ); /** - * @var $user_id - * @var $hook + * Fires on AJAX muted action. + * + * @since 1.3.x + * @hook um_run_ajax_function__{$hook} + * + * @param {array} $request Request. + * + * @example Make any custom action on AJAX muted action. + * function my_run_ajax_function( $request ) { + * // your code here + * } + * add_action( 'um_run_ajax_function__{$hook}', 'my_run_ajax_function', 10, 1 ); */ - extract( $_REQUEST ); - - if ( isset( $user_id ) ) { - $user_id = absint( $user_id ); - } - - if ( isset( $hook ) ) { - $hook = sanitize_key( $hook ); - } - - if ( ! UM()->roles()->um_current_user_can( 'edit', $user_id ) ) { - die( esc_html__( 'You can not edit this user', 'ultimate-member' ) ); - } - - switch ( $hook ) { - default: - /** - * UM hook - * - * @type action - * @title um_run_ajax_function__{$hook} - * @description Action on AJAX muted action - * @input_vars - * [{"var":"$request","type":"int","desc":"Request"}] - * @change_log - * ["Since: 2.0"] - * @usage add_action( 'um_run_ajax_function__{$hook}', 'function_name', 10, 1 ); - * @example - * - */ - do_action( "um_run_ajax_function__{$hook}", $_REQUEST ); - break; - } + do_action( "um_run_ajax_function__{$hook}", $_REQUEST ); + // phpcs:enable WordPress.Security.NonceVerification } - /** * */ @@ -608,11 +593,9 @@ if ( ! class_exists( 'um\core\Form' ) ) { * ?> */ do_action( "um_submit_form_{$this->post_form['mode']}", $this->post_form ); - } } - /** * Beautify form data * diff --git a/includes/core/class-password.php b/includes/core/class-password.php index df8c3c2e..a839458e 100644 --- a/includes/core/class-password.php +++ b/includes/core/class-password.php @@ -33,7 +33,6 @@ if ( ! class_exists( 'um\core\Password' ) ) { add_action( 'um_change_password_process_hook', array( &$this, 'um_change_password_process_hook' ) ); } - /** * Get Reset URL * @@ -109,7 +108,6 @@ if ( ! class_exists( 'um\core\Password' ) ) { return $classes; } - /** * Shortcode * @@ -117,44 +115,41 @@ if ( ! class_exists( 'um\core\Password' ) ) { * * @return string */ - function ultimatemember_password( $args = array() ) { - ob_start(); - - $defaults = array( - 'template' => 'password-reset', - 'mode' => 'password', - 'form_id' => 'um_password_id', - 'max_width' => '450px', - 'align' => 'center', + public function ultimatemember_password( $args = array() ) { + /** There is possible to use 'shortcode_atts_ultimatemember_password' filter for getting customized $atts. This filter is documented in wp-includes/shortcodes.php "shortcode_atts_{$shortcode}" */ + $args = shortcode_atts( + array( + 'template' => 'password-reset', + 'mode' => 'password', + 'form_id' => 'um_password_id', + 'max_width' => '450px', + 'align' => 'center', + ), + $args, + 'ultimatemember_password' ); - $args = wp_parse_args( $args, $defaults ); if ( empty( $args['use_custom_settings'] ) ) { $args = array_merge( $args, UM()->shortcodes()->get_css_args( $args ) ); } else { $args = array_merge( UM()->shortcodes()->get_css_args( $args ), $args ); } - /** - * UM hook + * Filters extend Reset Password Arguments * - * @type filter - * @title um_reset_password_shortcode_args_filter - * @description Extend Reset Password Arguments - * @input_vars - * [{"var":"$args","type":"array","desc":"Shortcode arguments"}] - * @change_log - * ["Since: 2.0"] - * @usage - * - * @example - * Extend Reset Password Arguments. * function my_reset_password_shortcode_args( $args ) { * // your code here * return $args; * } - * ?> + * add_filter( 'um_reset_password_shortcode_args_filter', 'my_reset_password_shortcode_args', 10, 1 ); */ $args = apply_filters( 'um_reset_password_shortcode_args_filter', $args ); @@ -162,7 +157,7 @@ if ( ! class_exists( 'um\core\Password' ) ) { // then COOKIE are valid then get data from them and populate hidden fields for the password reset form $args['template'] = 'password-change'; $args['rp_key'] = ''; - $rp_cookie = 'wp-resetpass-' . COOKIEHASH; + $rp_cookie = 'wp-resetpass-' . COOKIEHASH; if ( isset( $_COOKIE[ $rp_cookie ] ) && 0 < strpos( $_COOKIE[ $rp_cookie ], ':' ) ) { list( $rp_login, $rp_key ) = explode( ':', wp_unslash( $_COOKIE[ $rp_cookie ] ), 2 ); @@ -171,86 +166,30 @@ if ( ! class_exists( 'um\core\Password' ) ) { } } - UM()->fields()->set_id = 'um_password_id'; + if ( empty( $args['mode'] ) || empty( $args['template'] ) ) { + return ''; + } - /** - * @var $mode - * @var $template - */ - extract( $args, EXTR_SKIP ); + UM()->fields()->set_id = $args['form_id']; - /** - * UM hook - * - * @type action - * @title um_pre_{$mode}_shortcode - * @description Action pre-load password form shortcode - * @input_vars - * [{"var":"$args","type":"array","desc":"Form shortcode pre-loading"}] - * @change_log - * ["Since: 2.0"] - * @usage add_action( 'um_pre_{$mode}_shortcode', 'function_name', 10, 1 ); - * @example - * - */ - do_action( "um_pre_{$mode}_shortcode", $args ); - /** - * UM hook - * - * @type action - * @title um_before_form_is_loaded - * @description Action pre-load password form shortcode - * @input_vars - * [{"var":"$args","type":"array","desc":"Form shortcode pre-loading"}] - * @change_log - * ["Since: 2.0"] - * @usage add_action( 'um_before_form_is_loaded', 'function_name', 10, 1 ); - * @example - * - */ - do_action( "um_before_form_is_loaded", $args ); - /** - * UM hook - * - * @type action - * @title um_before_{$mode}_form_is_loaded - * @description Action pre-load password form shortcode - * @input_vars - * [{"var":"$args","type":"array","desc":"Form shortcode pre-loading"}] - * @change_log - * ["Since: 2.0"] - * @usage add_action( 'um_before_{$mode}_form_is_loaded', 'function_name', 10, 1 ); - * @example - * - */ - do_action( "um_before_{$mode}_form_is_loaded", $args ); + ob_start(); - UM()->shortcodes()->template_load( $template, $args ); + /** This filter is documented in includes/core/class-shortcodes.php */ + do_action( "um_pre_{$args['mode']}_shortcode", $args ); + /** This filter is documented in includes/core/class-shortcodes.php */ + do_action( 'um_before_form_is_loaded', $args ); + /** This filter is documented in includes/core/class-shortcodes.php */ + do_action( "um_before_{$args['mode']}_form_is_loaded", $args ); + + UM()->shortcodes()->template_load( $args['template'], $args ); if ( ! is_admin() && ! defined( 'DOING_AJAX' ) ) { UM()->shortcodes()->dynamic_css( $args ); } - $output = ob_get_clean(); - return $output; + return ob_get_clean(); } - /** * Check if a legitimate password reset request is in action * diff --git a/includes/core/class-query.php b/includes/core/class-query.php index 80b72e42..2a4fbe49 100644 --- a/includes/core/class-query.php +++ b/includes/core/class-query.php @@ -1,87 +1,78 @@ check_ajax_nonce(); - /** - * @var $hook - * @var $args - */ - extract( $_REQUEST ); + // phpcs:disable WordPress.Security.NonceVerification + if ( ! isset( $_REQUEST['hook'] ) ) { + wp_send_json_error( __( 'Invalid hook.', 'ultimate-member' ) ); + } + $hook = sanitize_key( $_REQUEST['hook'] ); + + $args = ! empty( $_REQUEST['args'] ) ? $_REQUEST['args'] : array(); + // phpcs:enable WordPress.Security.NonceVerification ob_start(); /** - * UM hook + * Fires on posts loading by AJAX in User Profile tabs. * - * @type action - * @title um_ajax_load_posts__{$hook} - * @description Action on posts loading by AJAX - * @input_vars - * [{"var":"$args","type":"array","desc":"Query arguments"}] - * @change_log - * ["Since: 2.0"] - * @usage add_action( 'um_ajax_load_posts__{$hook}', 'function_name', 10, 1 ); - * @example - * Make any custom action on when posts loading by AJAX in User Profile. * function my_ajax_load_posts( $args ) { * // your code here * } - * ?> + * add_action( 'um_ajax_load_posts__{$hook}', 'my_ajax_load_posts', 10, 1 ); */ do_action( "um_ajax_load_posts__{$hook}", $args ); $output = ob_get_clean(); - + // @todo: investigate using WP_KSES die( $output ); } - /** * Get wp pages * * @return array|string */ - function wp_pages() { + public function wp_pages() { global $wpdb; if( isset( $this->wp_pages ) && ! empty( $this->wp_pages ) ){ @@ -114,13 +105,12 @@ if ( ! class_exists( 'um\core\Query' ) ) { return $array; } - /** * Get all forms * * @return mixed */ - function forms() { + public function forms() { $results = array(); $args = array( @@ -137,65 +127,55 @@ if ( ! class_exists( 'um\core\Query' ) ) { return $results; } - /** * Do custom queries * - * @param $args + * @param array $args * * @return array|bool|int|\WP_Query */ - function make( $args ) { - + public function make( $args ) { $defaults = array( - 'post_type' => 'post', - 'post_status' => array('publish') + 'post_type' => 'post', + 'post_status' => array( 'publish' ), ); - $args = wp_parse_args( $args, $defaults ); + $args = wp_parse_args( $args, $defaults ); - if ( isset( $args['post__in'] ) && empty( $args['post__in'] ) ) + if ( isset( $args['post__in'] ) && empty( $args['post__in'] ) ) { return false; + } - extract( $args ); - - if ( $post_type == 'comment' ) { // comments - + if ( 'comment' === $args['post_type'] ) { + // Comments query. unset( $args['post_type'] ); - /** - * UM hook + * Filters excluded comment types. * - * @type filter - * @title um_excluded_comment_types - * @description Extend excluded comment types - * @input_vars - * [{"var":"$types","type":"array","desc":"Comment Types"}] - * @change_log - * ["Since: 2.0"] - * @usage - * - * @example - * Extend excluded comment types. + * function my_excluded_comment_types( $types ) { * // your code here * return $types; * } - * ?> + * add_filter( 'um_excluded_comment_types', 'my_excluded_comment_types' ); */ - $args['type__not_in'] = apply_filters( 'um_excluded_comment_types', array('') ); + $args['type__not_in'] = apply_filters( 'um_excluded_comment_types', array( '' ) ); - $comments = get_comments($args); - return $comments; - - } else { - $custom_posts = new \WP_Query(); - $args['post_status'] = is_array( $args['post_status'] ) ? $args['post_status'] : explode( ',', $args['post_status'] ); - - $custom_posts->query( $args ); - - return $custom_posts; + return get_comments( $args ); } + + $custom_posts = new \WP_Query(); + $args['post_status'] = is_array( $args['post_status'] ) ? $args['post_status'] : explode( ',', $args['post_status'] ); + + $custom_posts->query( $args ); + + return $custom_posts; } @@ -206,7 +186,7 @@ if ( ! class_exists( 'um\core\Query' ) ) { * * @return array */ - function get_recent_users($number = 5){ + function get_recent_users( $number = 5 ) { $args = array( 'fields' => 'ID', 'number' => $number, 'orderby' => 'user_registered', 'order' => 'desc' ); $users = new \WP_User_Query( $args ); diff --git a/includes/core/class-roles-capabilities.php b/includes/core/class-roles-capabilities.php index 9b60c143..6e0cb8a9 100644 --- a/includes/core/class-roles-capabilities.php +++ b/includes/core/class-roles-capabilities.php @@ -592,19 +592,24 @@ if ( ! class_exists( 'um\core\Roles_Capabilities' ) ) { /** - * Get role data + * Get role data. + * + * @param int $role_id Role ID. * - * @param int $roleID Role ID * @return array */ - function role_data( $roleID ) { - if ( strpos( $roleID, 'um_' ) === 0 ) { - $roleID = substr( $roleID, 3 ); - $role_data = get_option( "um_role_{$roleID}_meta", array() ); + public function role_data( $role_id ) { + if ( empty( $role_id ) ) { + return array(); + } + + if ( strpos( $role_id, 'um_' ) === 0 ) { + $role_id = substr( $role_id, 3 ); + $role_data = get_option( "um_role_{$role_id}_meta", array() ); } if ( empty( $role_data ) ) { - $role_data = get_option( "um_role_{$roleID}_meta", array() ); + $role_data = get_option( "um_role_{$role_id}_meta", array() ); } if ( ! $role_data ) { @@ -612,21 +617,36 @@ if ( ! class_exists( 'um\core\Roles_Capabilities' ) ) { } $temp = array(); - foreach ( $role_data as $key=>$value ) { + foreach ( $role_data as $key => $value ) { if ( strpos( $key, '_um_' ) === 0 ) { - $key = preg_replace('/_um_/', '', $key, 1); + $key = preg_replace( '/_um_/', '', $key, 1 ); } - - //$key = str_replace( '_um_', '', $key, $count ); $temp[ $key ] = $value; } - - $temp = apply_filters( 'um_change_role_data', $temp, $roleID ); - - return $temp; + /** + * Filters the Ultimate Member related user role data. + * + * @since 2.0 + * @hook um_change_role_data + * + * @param {array} $role_data Role data. + * @param {string} $role_id Role ID. + * + * @return {array} Role data. + * + * @example Set {some_capability_key} capability for subscriber user role. + * function my_change_role_data( $role_data, $role_id ) { + * // your code here + * if ( 'subscriber' === $role_id ) { + * $role_data['{some_capability_key}'] = true; + * } + * return $role_data; + * } + * add_filter( 'um_change_role_data', 'my_change_role_data', 10, 2 ); + */ + return apply_filters( 'um_change_role_data', $temp, $role_id ); } - /** * Query for UM roles * diff --git a/includes/core/class-shortcodes.php b/includes/core/class-shortcodes.php index e300d2e2..f1b6bb78 100644 --- a/includes/core/class-shortcodes.php +++ b/includes/core/class-shortcodes.php @@ -297,16 +297,23 @@ if ( ! class_exists( 'um\core\Shortcodes' ) ) { if ( isset( $this->set_args ) && is_array( $this->set_args ) ) { $args = $this->set_args; - unset( $args['file'] ); - unset( $args['theme_file'] ); - unset( $args['tpl'] ); + unset( $args['file'], $args['theme_file'], $args['tpl'] ); $args = apply_filters( 'um_template_load_args', $args, $tpl ); - extract( $args ); + /* + * This use of extract() cannot be removed. There are many possible ways that + * templates could depend on variables that it creates existing, and no way to + * detect and deprecate it. + * + * Passing the EXTR_SKIP flag is the safest option, ensuring globals and + * function variables cannot be overwritten. + */ + // phpcs:ignore WordPress.PHP.DontExtract.extract_extract + extract( $args, EXTR_SKIP ); } - $file = um_path . "templates/{$tpl}.php"; + $file = UM_PATH . "templates/{$tpl}.php"; $theme_file = get_stylesheet_directory() . "/ultimate-member/templates/{$tpl}.php"; if ( file_exists( $theme_file ) ) { $file = $theme_file; @@ -582,7 +589,6 @@ if ( ! class_exists( 'um\core\Shortcodes' ) ) { } } - /** * Shortcode * @@ -590,11 +596,10 @@ if ( ! class_exists( 'um\core\Shortcodes' ) ) { * * @return string */ - function ultimatemember( $args = array() ) { + public function ultimatemember( $args = array() ) { return $this->load( $args ); } - /** * Load a module with global function * @@ -602,47 +607,43 @@ if ( ! class_exists( 'um\core\Shortcodes' ) ) { * * @return string */ - function load( $args ) { + public function load( $args ) { $defaults = array(); - $args = wp_parse_args( $args, $defaults ); + $args = wp_parse_args( $args, $defaults ); - // when to not continue - $this->form_id = isset( $args['form_id'] ) ? $args['form_id'] : null; - if ( ! $this->form_id ) { - return; + // When to not continue. + if ( ! array_key_exists( 'form_id', $args ) ) { + return ''; } + $this->form_id = $args['form_id']; $this->form_status = get_post_status( $this->form_id ); - if ( $this->form_status != 'publish' ) { - return; + if ( 'publish' !== $this->form_status ) { + return ''; } // get data into one global array $post_data = UM()->query()->post_data( $this->form_id ); - $args = array_merge( $args, $post_data ); + $args = array_merge( $args, $post_data ); ob_start(); /** - * UM hook + * Filters arguments for loading Ultimate Member shortcodes. * - * @type filter - * @title um_pre_args_setup - * @description Change arguments on load shortcode - * @input_vars - * [{"var":"$post_data","type":"string","desc":"$_POST data"}] - * @change_log - * ["Since: 2.0"] - * @usage - * - * @example - * Change arguments on load shortcode. + * function my_pre_args_setup( $args ) { * // your code here - * return $post_data; + * return $args; * } - * ?> + * add_filter( 'um_pre_args_setup', 'my_pre_args_setup' ); */ $args = apply_filters( 'um_pre_args_setup', $args ); @@ -650,7 +651,7 @@ if ( ! class_exists( 'um\core\Shortcodes' ) ) { $args['template'] = ''; } - if ( isset( $post_data['template'] ) && $post_data['template'] != $args['template'] ) { + if ( isset( $post_data['template'] ) && $post_data['template'] !== $args['template'] ) { $args['template'] = $post_data['template']; } @@ -662,7 +663,7 @@ if ( ! class_exists( 'um\core\Shortcodes' ) ) { $post_data['template'] = $post_data['mode']; } - if ( 'directory' == $args['mode'] ) { + if ( 'directory' === $args['mode'] ) { wp_enqueue_script( 'um_members' ); if ( is_rtl() ) { wp_enqueue_style( 'um_members_rtl' ); @@ -671,7 +672,7 @@ if ( ! class_exists( 'um\core\Shortcodes' ) ) { } } - if ( 'directory' != $args['mode'] ) { + if ( 'directory' !== $args['mode'] ) { $args = array_merge( $post_data, $args ); if ( empty( $args['use_custom_settings'] ) ) { @@ -680,254 +681,255 @@ if ( ! class_exists( 'um\core\Shortcodes' ) ) { $args = array_merge( $this->get_css_args( $args ), $args ); } } - // filter for arguments /** - * UM hook + * Filters change arguments on load shortcode. * - * @type filter - * @title um_shortcode_args_filter - * @description Change arguments on load shortcode - * @input_vars - * [{"var":"$args","type":"string","desc":"Shortcode arguments"}] - * @change_log - * ["Since: 2.0"] - * @usage - * - * @example - * Change arguments on load shortcode. * function my_shortcode_args( $args ) { * // your code here * return $args; * } - * ?> + * add_filter( 'um_shortcode_args_filter', 'my_shortcode_args' ); */ $args = apply_filters( 'um_shortcode_args_filter', $args ); - /** - * @var string $mode - */ - extract( $args, EXTR_SKIP ); - - //not display on admin preview - if ( empty( $_POST['act_id'] ) || sanitize_key( $_POST['act_id'] ) !== 'um_admin_preview_form' ) { + if ( ! array_key_exists( 'mode', $args ) || ! array_key_exists( 'template', $args ) ) { + ob_get_clean(); + return ''; + } + $mode = $args['mode']; + // Not display on admin preview. + if ( empty( $_POST['act_id'] ) || 'um_admin_preview_form' !== sanitize_key( $_POST['act_id'] ) ) { // phpcs:ignore WordPress.Security.NonceVerification + /** + * Filters the ability to show registration form for the logged-in users. + * Set it to true for displaying registration form for the logged-in users. + * + * @since 2.1.20 + * @hook um_registration_for_loggedin_users + * + * @param {bool} $show Show registration form for the logged-in users. By default, it's false + * @param {array} $args Shortcode arguments. + * + * @return {bool} Show registration form for the logged-in users. + * + * @example Show registration form for the logged-in users for all UM registration forms on your website. + * add_filter( 'um_registration_for_loggedin_users', '__return_true' ); + */ $enable_loggedin_registration = apply_filters( 'um_registration_for_loggedin_users', false, $args ); - if ( 'register' == $mode && is_user_logged_in() && ! $enable_loggedin_registration ) { + if ( ! $enable_loggedin_registration && 'register' === $mode && is_user_logged_in() ) { ob_get_clean(); - return __( 'You are already registered', 'ultimate-member' ); + return __( 'You are already registered.', 'ultimate-member' ); } } - if ( ! is_user_logged_in() && isset( $args['is_block'] ) && 1 === (int) $args['is_block'] && 'profile' === $mode ) { - return; + if ( isset( $args['is_block'] ) && 1 === (int) $args['is_block'] && 'profile' === $mode && ! is_user_logged_in() ) { + ob_get_clean(); + return ''; } - // for profiles only - if ( $mode == 'profile' && um_profile_id() ) { - - //set requested user if it's not setup from permalinks (for not profile page in edit mode) + // For profiles only. + if ( 'profile' === $mode && um_profile_id() ) { + // Set requested user if it's not setup from permalinks (for not profile page in edit mode). if ( ! um_get_requested_user() ) { um_set_requested_user( um_profile_id() ); } - if ( ! empty( $args['use_custom_settings'] ) ) { // Option "Apply custom settings to this form" - if ( ! empty( $args['role'] ) ) { // Option "Make this profile form role-specific" + if ( ! empty( $args['use_custom_settings'] ) && ! empty( $args['role'] ) ) { + // Option "Apply custom settings to this form". Option "Make this profile form role-specific". + // Show the first Profile Form with role selected, don't show profile forms below the page with other role-specific setting. + if ( empty( $this->profile_role ) ) { + $current_user_roles = UM()->roles()->get_all_user_roles( um_profile_id() ); - // show the first Profile Form with role selected, don't show profile forms below the page with other role-specific setting - if ( empty( $this->profile_role ) ) { - $current_user_roles = UM()->roles()->get_all_user_roles( um_profile_id() ); - - if ( empty( $current_user_roles ) ) { - ob_get_clean(); - return ''; - } elseif ( is_array( $args['role'] ) ) { - if ( ! count( array_intersect( $args['role'], $current_user_roles ) ) ) { - ob_get_clean(); - return ''; - } - } else { - if ( ! in_array( $args['role'], $current_user_roles ) ) { - ob_get_clean(); - return ''; - } - } - - $this->profile_role = $args['role']; - } elseif ( $this->profile_role != $args['role'] ) { + if ( empty( $current_user_roles ) ) { ob_get_clean(); return ''; } + if ( is_array( $args['role'] ) ) { + if ( ! count( array_intersect( $args['role'], $current_user_roles ) ) ) { + ob_get_clean(); + return ''; + } + } elseif ( ! in_array( $args['role'], $current_user_roles, true ) ) { + ob_get_clean(); + return ''; + } + + $this->profile_role = $args['role']; + } elseif ( $this->profile_role !== $args['role'] ) { + ob_get_clean(); + return ''; } } } /** - * UM hook + * Fires before loading form shortcode. * - * @type action - * @title um_pre_{$mode}_shortcode - * @description Action pre-load form shortcode - * @input_vars - * [{"var":"$args","type":"array","desc":"Form shortcode pre-loading"}] - * @change_log - * ["Since: 2.0"] - * @usage add_action( 'um_pre_{$mode}_shortcode', 'function_name', 10, 1 ); - * @example - * Make any custom action before loading a registration form shortcode. + * function my_pre_register_shortcode( $args ) { * // your code here * } - * ?> + * add_action( 'um_pre_register_shortcode', 'my_pre_register_shortcode' ); + * @example Make any custom action before loading a login form shortcode. + * function my_pre_login_shortcode( $args ) { + * // your code here + * } + * add_action( 'um_pre_login_shortcode', 'my_pre_login_shortcode' ); + * @example Make any custom action before loading a password reset form shortcode. + * function my_pre_password_shortcode( $args ) { + * // your code here + * } + * add_action( 'um_pre_password_shortcode', 'my_pre_password_shortcode' ); + * @example Make any custom action before loading a profile form shortcode. + * function my_pre_profile_shortcode( $args ) { + * // your code here + * } + * add_action( 'um_pre_profile_shortcode', 'my_pre_profile_shortcode' ); + * @example Make any custom action before loading an account form shortcode. + * function my_pre_account_shortcode( $args ) { + * // your code here + * } + * add_action( 'um_pre_account_shortcode', 'my_pre_account_shortcode' ); */ do_action( "um_pre_{$mode}_shortcode", $args ); /** - * UM hook + * Fires before loading form shortcode. * - * @type action - * @title um_before_form_is_loaded - * @description Action pre-load form shortcode - * @input_vars - * [{"var":"$args","type":"array","desc":"Form shortcode pre-loading"}] - * @change_log - * ["Since: 2.0"] - * @usage add_action( 'um_before_form_is_loaded', 'function_name', 10, 1 ); - * @example - * Make any custom action before loading UM form shortcode. + * function my_pre_shortcode( $args ) { + * // your code here + * } * add_action( 'um_before_form_is_loaded', 'my_pre_shortcode', 10, 1 ); - * function my_pre_shortcode( $args ) { - * // your code here - * } - * ?> */ - do_action( "um_before_form_is_loaded", $args ); + do_action( 'um_before_form_is_loaded', $args ); /** - * UM hook + * Fires before loading a form shortcode. * - * @type action - * @title um_before_{$mode}_form_is_loaded - * @description Action pre-load form shortcode - * @input_vars - * [{"var":"$args","type":"array","desc":"Form shortcode pre-loading"}] - * @change_log - * ["Since: 2.0"] - * @usage add_action( 'um_before_{$mode}_form_is_loaded', 'function_name', 10, 1 ); - * @example - * + * @since 1.3.x + * @todo Deprecate since 2.7.0. Use `um_pre_{$mode}_shortcode` or `um_before_form_is_loaded` instead. + * @hook um_before_{$mode}_form_is_loaded + * + * @param {array} $args Form shortcode arguments. */ do_action( "um_before_{$mode}_form_is_loaded", $args ); - $this->template_load( $template, $args ); + $this->template_load( $args['template'], $args ); $this->dynamic_css( $args ); - if ( um_get_requested_user() || $mode == 'logout' ) { + if ( 'logout' === $mode || um_get_requested_user() ) { um_reset_user(); } /** - * UM hook + * Fires after load shortcode content. * - * @type action - * @title um_after_everything_output - * @description Action after load shortcode content - * @change_log - * ["Since: 2.0"] - * @usage add_action( 'um_after_everything_output', 'function_name', 10 ); - * @example - * Make any custom action after load shortcode content. + * function my_pre_shortcode() { * // your code here * } - * ?> + * add_action( 'um_after_everything_output', 'my_pre_shortcode', 10 ); */ do_action( 'um_after_everything_output' ); - $output = ob_get_clean(); - return $output; + return ob_get_clean(); } - /** * Get dynamic CSS args * * @param $args * @return array */ - function get_css_args( $args ) { + public function get_css_args( $args ) { $arr = um_styling_defaults( $args['mode'] ); - $arr = array_merge( $arr, array( 'form_id' => $args['form_id'], 'mode' => $args['mode'] ) ); + $arr = array_merge( + $arr, + array( + 'form_id' => $args['form_id'], + 'mode' => $args['mode'], + ) + ); return $arr; } - /** - * Load dynamic css + * Load dynamic CSS. * * @param array $args * * @return string */ - function dynamic_css( $args = array() ) { + public function dynamic_css( $args = array() ) { /** - * UM hook + * Filters for disable global dynamic CSS. It's false by default, set it to true to disable. * - * @type filter - * @title um_disable_dynamic_global_css - * @description Turn on for disable global dynamic CSS for fix the issue #306 - * @input_vars - * [{"var":"$disable","type":"bool","desc":"Disable global CSS"}] - * @change_log - * ["Since: 2.0"] - * @usage - * - * @example - * + * @since 2.0 + * @hook um_disable_dynamic_global_css + * + * @param {bool} $disable Disable global CSS. + * + * @return {bool} Disable global CSS. + * + * @example Turn off enqueue of global dynamic CSS. + * add_filter( 'um_disable_dynamic_global_css', '__return_true' ); */ $disable_css = apply_filters( 'um_disable_dynamic_global_css', false ); - if ( $disable_css ) + if ( $disable_css ) { return ''; + } - /** - * @var $mode - */ - extract( $args ); + if ( empty( $args['form_id'] ) ) { + return ''; + } - include_once um_path . 'assets/dynamic_css/dynamic_global.php'; + include_once UM_PATH . 'assets/dynamic_css/dynamic-global.php'; - if ( isset( $mode ) && in_array( $mode, array( 'profile', 'directory' ) ) ) { - $file = um_path . 'assets/dynamic_css/dynamic_' . $mode . '.php'; + if ( array_key_exists( 'mode', $args ) && in_array( $args['mode'], array( 'profile', 'directory' ), true ) ) { + $file = UM_PATH . 'assets/dynamic_css/dynamic-' . $args['mode'] . '.php'; - if ( file_exists( $file ) ) + if ( file_exists( $file ) ) { include_once $file; + } } return ''; } - /** * Loads a template file * * @param $template * @param array $args */ - function template_load( $template, $args = array() ) { + public function template_load( $template, $args = array() ) { if ( is_array( $args ) ) { $this->set_args = $args; } diff --git a/includes/core/rest/class-api-v1.php b/includes/core/rest/class-api-v1.php index e7de1394..a3aee5c2 100644 --- a/includes/core/rest/class-api-v1.php +++ b/includes/core/rest/class-api-v1.php @@ -1,9 +1,9 @@ invalid_auth(); } } - } } - /** * Retrieve the user ID based on the public key provided * @@ -116,10 +111,10 @@ if ( ! class_exists( 'um\core\rest\API_v1' ) ) { if ( false === $user ) { $user = $wpdb->get_var( $wpdb->prepare( - "SELECT user_id - FROM $wpdb->usermeta - WHERE meta_key = 'um_user_public_key' AND - meta_value = %s + "SELECT user_id + FROM $wpdb->usermeta + WHERE meta_key = 'um_user_public_key' AND + meta_value = %s LIMIT 1", $key ) ); @@ -134,106 +129,82 @@ if ( ! class_exists( 'um\core\rest\API_v1' ) ) { return false; } - /** - * Process Get users API Request + * Process Get users API Request. * - * @param $args + * @param array $args * * @return array */ public function get_users( $args ) { - /** - * @var int $number - * @var string $orderby - * @var string $order - * @var string $include - * @var string $exclude - */ - extract( $args ); - $response = array(); - if ( ! $number ) { - $number = 10; - } + $number = array_key_exists( 'number', $args ) && is_numeric( $args['number'] ) ? absint( $args['number'] ) : 10; + $orderby = array_key_exists( 'orderby', $args ) ? sanitize_key( $args['orderby'] ) : 'user_registered'; + $order = array_key_exists( 'order', $args ) ? sanitize_key( $args['order'] ) : 'desc'; - if ( ! $orderby ) { - $orderby = 'user_registered'; - } + $loop_a = array( + 'number' => $number, + 'orderby' => $orderby, + 'order' => $order, + ); - if ( ! $order ) { - $order = 'desc'; - } - - $loop_a = array( 'number' => $number, 'orderby' => $orderby, 'order' => $order ); - - if ( $include ) { - $include = explode(',', $include ); + if ( array_key_exists( 'include', $args ) ) { + $include = explode( ',', sanitize_text_field( $args['include'] ) ); $loop_a['include'] = $include; } - if ( $exclude ) { - $exclude = explode(',', $exclude ); + if ( array_key_exists( 'exclude', $args ) ) { + $exclude = explode( ',', sanitize_text_field( $args['exclude'] ) ); $loop_a['exclude'] = $exclude; } $loop = get_users( $loop_a ); foreach ( $loop as $user ) { - - unset( $user->data->user_status ); - unset( $user->data->user_activation_key ); - unset( $user->data->user_pass ); + unset( $user->data->user_status, $user->data->user_activation_key, $user->data->user_pass ); um_fetch_user( $user->ID ); foreach ( $user as $key => $val ) { - if ( $key != 'data' ) { + if ( 'data' !== $key ) { continue; } - $key = 'profile'; - $val->roles = $user->roles; - $val->first_name = um_user('first_name'); - $val->last_name = um_user('last_name'); - $val->account_status = um_user('account_status'); - $val->profile_pic_original = um_get_user_avatar_url('', 'original'); - $val->profile_pic_normal = um_get_user_avatar_url('', 200); - $val->profile_pic_small = um_get_user_avatar_url('', 40); - $val->cover_photo = $this->getsrc( um_user('cover_photo', 1000) ); + $val->roles = $user->roles; + $val->first_name = um_user( 'first_name' ); + $val->last_name = um_user( 'last_name' ); + $val->account_status = um_user( 'account_status' ); + $val->profile_pic_original = um_get_user_avatar_url( '', 'original' ); + $val->profile_pic_normal = um_get_user_avatar_url( '', 200 ); + $val->profile_pic_small = um_get_user_avatar_url( '', 40 ); + $val->cover_photo = $this->getsrc( um_user( 'cover_photo', 1000 ) ); /** - * UM hook + * Filters the output data for Rest API userdata call. * - * @type filter - * @title um_rest_userdata - * @description Change output data for Rest API userdata call - * @input_vars - * [{"var":"$value","type":"array","desc":"Output Data"}, - * {"var":"$user_id","type":"string","desc":"User ID"}] - * @change_log - * ["Since: 2.0"] - * @usage - * - * @example - * Force change the output data for Rest API userdata call. + * function my_custom_um_rest_userdata( $value, $user_id ) { * // your code here - * return $value; + * return $response; * } - * ?> + * add_filter( 'um_rest_userdata', 'my_custom_um_rest_userdata', 10, 2 ); */ - $val = apply_filters( 'um_rest_userdata', $val, $user->ID ); - $response[ $user->ID ] = $val; + $response[ $user->ID ] = apply_filters( 'um_rest_userdata', $val, $user->ID ); } } return $response; } - /** * Update user API query * @@ -242,26 +213,28 @@ if ( ! class_exists( 'um\core\rest\API_v1' ) ) { * @return array */ public function update_user( $args ) { - /** - * @var int $id - * @var string $data - * @var string $value - */ - extract( $args ); - $response = array(); - $error = array(); + $error = array(); - if ( ! $id ) { + if ( empty( $args['id'] ) ) { $error['error'] = __( 'You must provide a user ID', 'ultimate-member' ); return $error; } - if ( ! $data ) { + if ( empty( $args['data'] ) ) { $error['error'] = __( 'You need to provide data to update', 'ultimate-member' ); return $error; } + if ( ! array_key_exists( 'value', $args ) ) { + $error['error'] = __( 'You need to provide value to update', 'ultimate-member' ); + return $error; + } + + $id = absint( $args['id'] ); + $data = sanitize_text_field( $args['data'] ); + $value = sanitize_text_field( $args['value'] ); + um_fetch_user( $id ); switch ( $data ) { @@ -271,35 +244,16 @@ if ( ! class_exists( 'um\core\rest\API_v1' ) ) { break; case 'role': $wp_user_object = new \WP_User( $id ); - $old_roles = $wp_user_object->roles; + $old_roles = $wp_user_object->roles; $wp_user_object->set_role( $value ); - /** - * UM hook - * - * @type action - * @title um_after_member_role_upgrade - * @description Action after user role was changed - * @input_vars - * [{"var":"$new_roles","type":"array","desc":"New User Roles"}, - * {"var":"$old_roles","type":"array","desc":"Old roles"}] - * @change_log - * ["Since: 2.0"] - * @usage add_action( 'um_after_member_role_upgrade', 'function_name', 10, 2 ); - * @example - * - */ + /** This action is documented in includes/core/class-user.php */ do_action( 'um_after_member_role_upgrade', array( $value ), $old_roles, $id ); $response['success'] = __( 'User role has been changed.', 'ultimate-member' ); break; default: - update_user_meta( $id, $data, esc_attr( $value ) ); + update_user_meta( $id, $data, $value ); $response['success'] = __( 'User meta has been changed.', 'ultimate-member' ); break; } @@ -307,7 +261,6 @@ if ( ! class_exists( 'um\core\rest\API_v1' ) ) { return $response; } - /** * Process delete user via API * @@ -316,19 +269,16 @@ if ( ! class_exists( 'um\core\rest\API_v1' ) ) { * @return array */ public function delete_user( $args ) { - /** - * @var int $id - */ - extract( $args ); - $response = array(); - $error = array(); + $error = array(); - if ( ! isset( $id ) ) { + if ( empty( $args['id'] ) ) { $error['error'] = __( 'You must provide a user ID', 'ultimate-member' ); return $error; } + $id = absint( $args['id'] ); + $user = get_userdata( $id ); if ( ! $user ) { $error['error'] = __( 'Invalid user specified', 'ultimate-member' ); @@ -343,7 +293,6 @@ if ( ! class_exists( 'um\core\rest\API_v1' ) ) { return $response; } - /** * Process Get user API Request * @@ -352,145 +301,101 @@ if ( ! class_exists( 'um\core\rest\API_v1' ) ) { * @return array|mixed */ public function get_auser( $args ) { - /** - * @var int $um_id - * @var string $um_fields - */ - extract( $args ); - $response = array(); - $error = array(); + $error = array(); - if ( ! isset( $id ) ) { - $error['error'] = __('You must provide a user ID','ultimate-member'); + if ( empty( $args['id'] ) ) { + $error['error'] = __( 'You must provide a user ID', 'ultimate-member' ); return $error; } + $id = absint( $args['id'] ); $user = get_userdata( $id ); if ( ! $user ) { - $error['error'] = __('Invalid user specified','ultimate-member'); + $error['error'] = __( 'Invalid user specified', 'ultimate-member' ); return $error; } - unset( $user->data->user_status ); - unset( $user->data->user_activation_key ); - unset( $user->data->user_pass ); + unset( $user->data->user_status, $user->data->user_activation_key, $user->data->user_pass ); um_fetch_user( $user->ID ); - if ( isset( $fields ) && $fields ) { - $fields = explode(',', $fields ); - $response['ID'] = $user->ID; + if ( array_key_exists( 'fields', $args ) ) { + $fields = explode( ',', sanitize_text_field( $args['fields'] ) ); + $response['ID'] = $user->ID; $response['username'] = $user->user_login; foreach ( $fields as $field ) { switch ( $field ) { - default: - $response[ $field ] = ( um_profile( $field ) ) ? um_profile( $field ) : ''; + $profile_data = um_profile( $field ); + $response[ $field ] = $profile_data ? $profile_data : ''; /** - * UM hook + * Filters the output data for Rest API user authentication call. * - * @type filter - * @title um_rest_get_auser - * @description Change output data for Rest API user authentification call - * @input_vars - * [{"var":"$response","type":"array","desc":"Output Data"}, - * {"var":"$field","type":"string","desc":"Field Key"}, - * {"var":"$user_id","type":"int","desc":"User ID"}] - * @change_log - * ["Since: 2.0"] - * @usage - * - * @example - * Force change the output data for Rest API user authentication call. + * function my_custom_um_rest_get_auser( $response, $field, $user_id ) { * // your code here * return $response; * } - * ?> + * add_filter( 'um_rest_get_auser', 'my_custom_um_rest_get_auser', 10, 3 ); */ $response = apply_filters( 'um_rest_get_auser', $response, $field, $user->ID ); break; - case 'cover_photo': - $response['cover_photo'] = $this->getsrc( um_user('cover_photo', 1000) ); + $response['cover_photo'] = $this->getsrc( um_user( 'cover_photo', 1000 ) ); break; - case 'profile_pic': - $response['profile_pic_original'] = um_get_user_avatar_url('', 'original'); - $response['profile_pic_normal'] = um_get_user_avatar_url('', 200); - $response['profile_pic_small'] = um_get_user_avatar_url('', 40); + $response['profile_pic_original'] = um_get_user_avatar_url( '', 'original' ); + $response['profile_pic_normal'] = um_get_user_avatar_url( '', 200 ); + $response['profile_pic_small'] = um_get_user_avatar_url( '', 40 ); break; - case 'status': - $response['status'] = um_user('account_status'); + $response['status'] = um_user( 'account_status' ); break; - case 'role': //get priority role here $response['role'] = um_user( 'role' ); break; - case 'email': case 'user_email': - $response['email'] = um_user('user_email'); + $response['email'] = um_user( 'user_email' ); break; - } - } } else { - foreach ( $user as $key => $val ) { - if ( $key != 'data' ) { + if ( 'data' !== $key ) { continue; } - $key = 'profile'; - $val->roles = $user->roles; - $val->first_name = um_user( 'first_name' ); - $val->last_name = um_user('last_name' ); - $val->account_status = um_user( 'account_status' ); + $val->roles = $user->roles; + $val->first_name = um_user( 'first_name' ); + $val->last_name = um_user( 'last_name' ); + $val->account_status = um_user( 'account_status' ); $val->profile_pic_original = um_get_user_avatar_url( '', 'original' ); - $val->profile_pic_normal = um_get_user_avatar_url( '', 200 ); - $val->profile_pic_small = um_get_user_avatar_url( '', 40 ); - $val->cover_photo = $this->getsrc( um_user( 'cover_photo', 1000 ) ); + $val->profile_pic_normal = um_get_user_avatar_url( '', 200 ); + $val->profile_pic_small = um_get_user_avatar_url( '', 40 ); + $val->cover_photo = $this->getsrc( um_user( 'cover_photo', 1000 ) ); - /** - * UM hook - * - * @type filter - * @title um_rest_userdata - * @description Change output data for Rest API userdata call - * @input_vars - * [{"var":"$value","type":"array","desc":"Output Data"}, - * {"var":"$user_id","type":"string","desc":"User ID"}] - * @change_log - * ["Since: 2.0"] - * @usage - * - * @example - * - */ - $val = apply_filters( 'um_rest_userdata', $val, $user->ID ); - $response = $val; + /** This filter is documented in includes/core/rest/class-api-v1.php */ + $response = apply_filters( 'um_rest_userdata', $val, $user->ID ); } - } return $response; } - /** * Get source * @@ -499,13 +404,12 @@ if ( ! class_exists( 'um\core\rest\API_v1' ) ) { * @return string */ public function getsrc( $image ) { - if (preg_match('/query_vars['format'] ) ? $wp_query->query_vars['format'] : 'json'; /** - * UM hook + * Filters the REST API output format. JSON by default. * - * @type filter - * @title um_api_output_format - * @description UM Rest API output format - * @input_vars - * [{"var":"$format","type":"string","desc":"Format"}] - * @change_log - * ["Since: 2.0"] - * @usage - * - * @example - * Changing the REST API output format. + * function my_custom_um_api_output_format( $format ) { * // your code here + * $format = 'xml'; * return $format; * } - * ?> + * add_filter( 'um_api_output_format', 'my_custom_um_api_output_format' ); */ return apply_filters( 'um_api_output_format', $format ); } } -} \ No newline at end of file +} diff --git a/includes/core/rest/class-api-v2.php b/includes/core/rest/class-api-v2.php index dcf875d5..3874b827 100644 --- a/includes/core/rest/class-api-v2.php +++ b/includes/core/rest/class-api-v2.php @@ -1,13 +1,12 @@ get_var( $wpdb->prepare( - "SELECT user_id - FROM $wpdb->usermeta - WHERE meta_key = 'um_user_public_key' AND - meta_value = %s + "SELECT user_id + FROM $wpdb->usermeta + WHERE meta_key = 'um_user_public_key' AND + meta_value = %s LIMIT 1", $key ) ); @@ -133,107 +128,65 @@ if ( ! class_exists( 'um\core\rest\API_v2' ) ) { return false; } - /** * Process Get users API Request * - * @param $args + * @param array $args * * @return array */ public function get_users( $args ) { - /** - * @var int $um_number - * @var string $um_orderby - * @var string $um_order - * @var string $um_include - * @var string $um_exclude - */ - extract( $args ); - $response = array(); - if ( ! $um_number ) { - $um_number = 10; + $number = array_key_exists( 'um_number', $args ) && is_numeric( $args['um_number'] ) ? absint( $args['um_number'] ) : 10; + $orderby = array_key_exists( 'um_orderby', $args ) ? sanitize_key( $args['um_orderby'] ) : 'user_registered'; + $order = array_key_exists( 'um_order', $args ) ? sanitize_key( $args['um_order'] ) : 'desc'; + + $loop_a = array( + 'number' => $number, + 'orderby' => $orderby, + 'order' => $order, + ); + + if ( array_key_exists( 'um_include', $args ) ) { + $include = explode( ',', sanitize_text_field( $args['um_include'] ) ); + $loop_a['include'] = $include; } - if ( ! $um_orderby ) { - $um_orderby = 'user_registered'; - } - - if ( ! $um_order ) { - $um_order = 'desc'; - } - - $loop_a = array( 'number' => $um_number, 'orderby' => $um_orderby, 'order' => $um_order ); - - if ( $um_include ) { - $um_include = explode(',', $um_include ); - $loop_a['include'] = $um_include; - } - - if ( $um_exclude ) { - $um_exclude = explode(',', $um_exclude ); - $loop_a['exclude'] = $um_exclude; + if ( array_key_exists( 'um_exclude', $args ) ) { + $exclude = explode( ',', sanitize_text_field( $args['um_exclude'] ) ); + $loop_a['exclude'] = $exclude; } $loop = get_users( $loop_a ); foreach ( $loop as $user ) { - - unset( $user->data->user_status ); - unset( $user->data->user_activation_key ); - unset( $user->data->user_pass ); + unset( $user->data->user_status, $user->data->user_activation_key, $user->data->user_pass ); um_fetch_user( $user->ID ); foreach ( $user as $key => $val ) { - if ( $key != 'data' ) { + if ( 'data' !== $key ) { continue; } - $key = 'profile'; - $val->roles = $user->roles; - $val->first_name = um_user( 'first_name' ); - $val->last_name = um_user( 'last_name' ); - $val->account_status = um_user( 'account_status' ); + $val->roles = $user->roles; + $val->first_name = um_user( 'first_name' ); + $val->last_name = um_user( 'last_name' ); + $val->account_status = um_user( 'account_status' ); $val->profile_pic_original = um_get_user_avatar_url( '', 'original' ); - $val->profile_pic_normal = um_get_user_avatar_url( '', 200 ); - $val->profile_pic_small = um_get_user_avatar_url( '', 40 ); - $val->cover_photo = $this->getsrc( um_user( 'cover_photo', 1000 ) ); + $val->profile_pic_normal = um_get_user_avatar_url( '', 200 ); + $val->profile_pic_small = um_get_user_avatar_url( '', 40 ); + $val->cover_photo = $this->getsrc( um_user( 'cover_photo', 1000 ) ); - /** - * UM hook - * - * @type filter - * @title um_rest_userdata - * @description Change output data for Rest API userdata call - * @input_vars - * [{"var":"$value","type":"array","desc":"Output Data"}, - * {"var":"$user_id","type":"string","desc":"User ID"}] - * @change_log - * ["Since: 2.0"] - * @usage - * - * @example - * - */ - $val = apply_filters( 'um_rest_userdata', $val, $user->ID ); - - $response[ $user->ID ] = $val; + /** This filter is documented in includes/core/rest/class-api-v1.php */ + $response[ $user->ID ] = apply_filters( 'um_rest_userdata', $val, $user->ID ); } } return $response; } - /** * Update user API query * @@ -242,64 +195,47 @@ if ( ! class_exists( 'um\core\rest\API_v2' ) ) { * @return array */ public function update_user( $args ) { - /** - * @var int $um_id - * @var string $um_data - * @var string $um_value - */ - extract( $args ); - $response = array(); - $error = array(); + $error = array(); - if ( ! $um_id ) { + if ( empty( $args['um_id'] ) ) { $error['error'] = __( 'You must provide a user ID', 'ultimate-member' ); return $error; } - if ( ! $um_data ) { + if ( empty( $args['um_data'] ) ) { $error['error'] = __( 'You need to provide data to update', 'ultimate-member' ); return $error; } - um_fetch_user( $um_id ); + if ( ! array_key_exists( 'um_value', $args ) ) { + $error['error'] = __( 'You need to provide value to update', 'ultimate-member' ); + return $error; + } - switch ( $um_data ) { + $id = absint( $args['um_id'] ); + $data = sanitize_text_field( $args['um_data'] ); + $value = sanitize_text_field( $args['um_value'] ); + + um_fetch_user( $id ); + + switch ( $data ) { case 'status': - UM()->user()->set_status( $um_value ); + UM()->user()->set_status( $value ); $response['success'] = __( 'User status has been changed.', 'ultimate-member' ); break; case 'role': - $wp_user_object = new \WP_User( $um_id ); - $old_roles = $wp_user_object->roles; - $wp_user_object->set_role( $um_value ); + $wp_user_object = new \WP_User( $id ); + $old_roles = $wp_user_object->roles; + $wp_user_object->set_role( $value ); - /** - * UM hook - * - * @type action - * @title um_after_member_role_upgrade - * @description Action after user role was changed - * @input_vars - * [{"var":"$new_roles","type":"array","desc":"New User Roles"}, - * {"var":"$old_roles","type":"array","desc":"Old roles"}] - * @change_log - * ["Since: 2.0"] - * @usage add_action( 'um_after_member_role_upgrade', 'function_name', 10, 2 ); - * @example - * - */ - do_action( 'um_after_member_role_upgrade', array( $um_value ), $old_roles, $um_id ); + /** This action is documented in includes/core/class-user.php */ + do_action( 'um_after_member_role_upgrade', array( $value ), $old_roles, $id ); $response['success'] = __( 'User role has been changed.', 'ultimate-member' ); break; default: - update_user_meta( $um_id, $um_data, esc_attr( $um_value ) ); + update_user_meta( $id, $data, $value ); $response['success'] = __( 'User meta has been changed.', 'ultimate-member' ); break; } @@ -307,35 +243,31 @@ if ( ! class_exists( 'um\core\rest\API_v2' ) ) { return $response; } - /** - * Process delete user via API + * Process delete user via API. * - * @param $args + * @param array $args * * @return array */ public function delete_user( $args ) { - /** - * @var int $um_id - */ - extract( $args ); - $response = array(); - $error = array(); + $error = array(); - if ( ! isset( $um_id ) ) { + if ( empty( $args['um_id'] ) ) { $error['error'] = __( 'You must provide a user ID', 'ultimate-member' ); return $error; } - $user = get_userdata( $um_id ); + $id = absint( $args['um_id'] ); + + $user = get_userdata( $id ); if ( ! $user ) { $error['error'] = __( 'Invalid user specified', 'ultimate-member' ); return $error; } - um_fetch_user( $um_id ); + um_fetch_user( $id ); UM()->user()->delete(); $response['success'] = __( 'User has been successfully deleted.', 'ultimate-member' ); @@ -343,7 +275,6 @@ if ( ! class_exists( 'um\core\rest\API_v2' ) ) { return $response; } - /** * Process Get user API Request * @@ -352,88 +283,54 @@ if ( ! class_exists( 'um\core\rest\API_v2' ) ) { * @return array */ public function get_auser( $args ) { - /** - * @var int $um_id - * @var string $um_fields - */ - extract( $args ); - $response = array(); - $error = array(); + $error = array(); - if ( ! isset( $um_id ) ) { + if ( empty( $args['um_id'] ) ) { $error['error'] = __( 'You must provide a user ID', 'ultimate-member' ); return $error; } - $user = get_userdata( $um_id ); + $id = absint( $args['um_id'] ); + $user = get_userdata( $id ); if ( ! $user ) { - $error['error'] = __('Invalid user specified','ultimate-member'); + $error['error'] = __( 'Invalid user specified', 'ultimate-member' ); return $error; } - unset( $user->data->user_status ); - unset( $user->data->user_activation_key ); - unset( $user->data->user_pass ); + unset( $user->data->user_status, $user->data->user_activation_key, $user->data->user_pass ); um_fetch_user( $user->ID ); - if ( isset( $um_fields ) && $um_fields ) { - $um_fields = explode(',', $um_fields ); - $response['ID'] = $user->ID; + if ( array_key_exists( 'um_fields', $args ) ) { + $fields = explode( ',', sanitize_text_field( $args['um_fields'] ) ); + $response['ID'] = $user->ID; $response['username'] = $user->user_login; - foreach ( $um_fields as $field ) { + foreach ( $fields as $field ) { switch ( $field ) { - default: - $response[ $field ] = ( um_profile( $field ) ) ? um_profile( $field ) : ''; + $profile_data = um_profile( $field ); + $response[ $field ] = $profile_data ? $profile_data : ''; - /** - * UM hook - * - * @type filter - * @title um_rest_get_auser - * @description Change output data for Rest API user authentification call - * @input_vars - * [{"var":"$response","type":"array","desc":"Output Data"}, - * {"var":"$field","type":"string","desc":"Field Key"}, - * {"var":"$user_id","type":"int","desc":"User ID"}] - * @change_log - * ["Since: 2.0"] - * @usage - * - * @example - * - */ + /** This filter is documented in includes/core/rest/class-api-v1.php */ $response = apply_filters( 'um_rest_get_auser', $response, $field, $user->ID ); break; - case 'cover_photo': $response['cover_photo'] = $this->getsrc( um_user( 'cover_photo', 1000 ) ); break; - case 'profile_pic': $response['profile_pic_original'] = um_get_user_avatar_url( '', 'original' ); - $response['profile_pic_normal'] = um_get_user_avatar_url( '', 200 ); - $response['profile_pic_small'] = um_get_user_avatar_url( '', 40 ); + $response['profile_pic_normal'] = um_get_user_avatar_url( '', 200 ); + $response['profile_pic_small'] = um_get_user_avatar_url( '', 40 ); break; - case 'status': $response['status'] = um_user( 'account_status' ); break; - case 'role': //get priority role here $response['role'] = um_user( 'role' ); break; - case 'email': case 'user_email': $response['email'] = um_user( 'user_email' ); @@ -441,55 +338,28 @@ if ( ! class_exists( 'um\core\rest\API_v2' ) ) { } } } else { - foreach ( $user as $key => $val ) { - if ( $key != 'data' ) { + if ( 'data' !== $key ) { continue; } - if ( $key == 'data' ) { - $key = 'profile'; - $val->roles = $user->roles; - $val->first_name = um_user( 'first_name' ); - $val->last_name = um_user( 'last_name' ); - $val->account_status = um_user( 'account_status' ); - $val->profile_pic_original = um_get_user_avatar_url( '', 'original' ); - $val->profile_pic_normal = um_get_user_avatar_url( '', 200 ); - $val->profile_pic_small = um_get_user_avatar_url( '', 40 ); - $val->cover_photo = $this->getsrc( um_user( 'cover_photo', 1000 ) ); - /** - * UM hook - * - * @type filter - * @title um_rest_userdata - * @description Change output data for Rest API userdata call - * @input_vars - * [{"var":"$value","type":"array","desc":"Output Data"}, - * {"var":"$user_id","type":"string","desc":"User ID"}] - * @change_log - * ["Since: 2.0"] - * @usage - * - * @example - * - */ - $val = apply_filters( 'um_rest_userdata', $val, $user->ID ); - } - $response = $val; + $val->roles = $user->roles; + $val->first_name = um_user( 'first_name' ); + $val->last_name = um_user( 'last_name' ); + $val->account_status = um_user( 'account_status' ); + $val->profile_pic_original = um_get_user_avatar_url( '', 'original' ); + $val->profile_pic_normal = um_get_user_avatar_url( '', 200 ); + $val->profile_pic_small = um_get_user_avatar_url( '', 40 ); + $val->cover_photo = $this->getsrc( um_user( 'cover_photo', 1000 ) ); + + /** This filter is documented in includes/core/rest/class-api-v1.php */ + $response = apply_filters( 'um_rest_userdata', $val, $user->ID ); } - } return $response; } - /** * Get source * @@ -498,13 +368,12 @@ if ( ! class_exists( 'um\core\rest\API_v2' ) ) { * @return string */ public function getsrc( $image ) { - if (preg_match('/query_vars['um_format'] ) ? $wp_query->query_vars['um_format'] : 'json'; - /** - * UM hook - * - * @type filter - * @title um_api_output_format - * @description UM Rest API output format - * @input_vars - * [{"var":"$format","type":"string","desc":"Format"}] - * @change_log - * ["Since: 2.0"] - * @usage - * - * @example - * - */ + /** This filter is documented in includes/core/rest/class-api-v1.php */ return apply_filters( 'um_api_output_format', $format ); } } -} \ No newline at end of file +} diff --git a/includes/core/um-actions-form.php b/includes/core/um-actions-form.php index 3c4eae9f..e8eea188 100644 --- a/includes/core/um-actions-form.php +++ b/includes/core/um-actions-form.php @@ -416,8 +416,8 @@ function um_check_conditions_on_submit( $condition, $fields, $args, $reset = fal */ function um_submit_form_errors_hook_( $args ) { $form_id = $args['form_id']; - $mode = $args['mode']; - $fields = unserialize( $args['custom_fields'] ); + $mode = $args['mode']; + $fields = unserialize( $args['custom_fields'] ); $um_profile_photo = um_profile('profile_photo'); if ( get_post_meta( $form_id, '_um_profile_photo_required', true ) && ( empty( $args['profile_photo'] ) && empty( $um_profile_photo ) ) ) { @@ -425,12 +425,12 @@ function um_submit_form_errors_hook_( $args ) { } if ( ! empty( $fields ) ) { - - $can_edit = false; - $current_user_roles = []; + $can_edit = false; + $current_user_roles = array(); if ( is_user_logged_in() ) { - - $can_edit = UM()->roles()->um_current_user_can( 'edit', $args['user_id'] ); + if ( array_key_exists( 'user_id', $args ) ) { + $can_edit = UM()->roles()->um_current_user_can( 'edit', $args['user_id'] ); + } um_fetch_user( get_current_user_id() ); $current_user_roles = um_user( 'roles' ); @@ -439,7 +439,7 @@ function um_submit_form_errors_hook_( $args ) { foreach ( $fields as $key => $array ) { - if ( $mode == 'profile' ) { + if ( 'profile' === $mode ) { $restricted_fields = UM()->fields()->get_restricted_fields_for_edit(); if ( is_array( $restricted_fields ) && in_array( $key, $restricted_fields ) ) { continue; @@ -447,7 +447,7 @@ function um_submit_form_errors_hook_( $args ) { } $can_view = true; - if ( isset( $array['public'] ) && $mode != 'register' ) { + if ( isset( $array['public'] ) && 'register' !== $mode ) { switch ( $array['public'] ) { case '1': // Everyone @@ -491,7 +491,6 @@ function um_submit_form_errors_hook_( $args ) { continue; } - /** * UM hook * diff --git a/includes/core/um-actions-login.php b/includes/core/um-actions-login.php index 3c4ae9b7..dbf019ea 100644 --- a/includes/core/um-actions-login.php +++ b/includes/core/um-actions-login.php @@ -1,5 +1,7 @@ -form()->add_error( 'username', __( 'Please enter your username or email', 'ultimate-member' ) ); } @@ -190,101 +191,88 @@ function um_store_lastlogin_timestamp_( $login ) { } add_action( 'wp_login', 'um_store_lastlogin_timestamp_' ); - /** * Login user process * * @param array $args */ function um_user_login( $args ) { - extract( $args ); + // phpcs:disable WordPress.Security.NonceVerification -- already verified here + $rememberme = ( isset( $_REQUEST['rememberme'], $args['rememberme'] ) && 1 === (int) $args['rememberme'] ) ? 1 : 0; - $rememberme = ( isset( $args['rememberme'] ) && 1 == $args['rememberme'] && isset( $_REQUEST['rememberme'] ) ) ? 1 : 0; - - if ( ( UM()->options()->get( 'deny_admin_frontend_login' ) && ! isset( $_GET['provider'] ) ) && strrpos( um_user('wp_roles' ), 'administrator' ) !== false ) { + // @todo check using the 'deny_admin_frontend_login' option + if ( false !== strrpos( um_user( 'wp_roles' ), 'administrator' ) && ( ! isset( $_GET['provider'] ) && UM()->options()->get( 'deny_admin_frontend_login' ) ) ) { wp_die( esc_html__( 'This action has been prevented for security measures.', 'ultimate-member' ) ); } UM()->user()->auto_login( um_user( 'ID' ), $rememberme ); /** - * UM hook + * Fires after successful login and before user is redirected. * - * @type action - * @title um_on_login_before_redirect - * @description Hook that runs after successful login and before user is redirected - * @input_vars - * [{"var":"$user_id","type":"int","desc":"User ID"}] - * @change_log - * ["Since: 2.0"] - * @usage add_action( 'um_on_login_before_redirect', 'function_name', 10, 1 ); - * @example - * Make any custom action after successful login and before user is redirected. * function my_on_login_before_redirect( $user_id ) { * // your code here * } - * ?> + * add_action( 'um_on_login_before_redirect', 'my_on_login_before_redirect', 10, 1 ); */ do_action( 'um_on_login_before_redirect', um_user( 'ID' ) ); - // Priority redirect - if ( ! empty( $args['redirect_to'] ) ) { - exit( wp_safe_redirect( $args['redirect_to'] ) ); + // Priority redirect from $_GET attribute. + if ( ! empty( $args['redirect_to'] ) ) { + wp_safe_redirect( $args['redirect_to'] ); + exit; } // Role redirect $after_login = um_user( 'after_login' ); if ( empty( $after_login ) ) { - exit( wp_redirect( um_user_profile_url() ) ); + wp_safe_redirect( um_user_profile_url() ); + exit; } switch ( $after_login ) { - case 'redirect_admin': - exit( wp_redirect( admin_url() ) ); - break; - + wp_safe_redirect( admin_url() ); + exit; case 'redirect_url': /** - * UM hook + * Filters change redirect URL after successful login. * - * @type filter - * @title um_login_redirect_url - * @description Change redirect URL after successful login - * @input_vars - * [{"var":"$url","type":"string","desc":"Redirect URL"}, - * {"var":"$id","type":"int","desc":"User ID"}] - * @change_log - * ["Since: 2.0"] - * @usage - * - * @example - * Change redirect URL. * function my_login_redirect_url( $url, $id ) { * // your code here * return $url; * } - * ?> + * add_filter( 'um_login_redirect_url', 'my_login_redirect_url', 10, 2 ); */ $redirect_url = apply_filters( 'um_login_redirect_url', um_user( 'login_redirect_url' ), um_user( 'ID' ) ); - exit( wp_redirect( $redirect_url ) ); - break; - + wp_safe_redirect( $redirect_url ); + exit; case 'refresh': - exit( wp_redirect( UM()->permalinks()->get_current_url() ) ); - break; - + wp_safe_redirect( UM()->permalinks()->get_current_url() ); + exit; case 'redirect_profile': default: - exit( wp_redirect( um_user_profile_url() ) ); - break; - + wp_safe_redirect( um_user_profile_url() ); + exit; } + // phpcs:enable WordPress.Security.NonceVerification -- already verified here } -add_action( 'um_user_login', 'um_user_login', 10 ); - +add_action( 'um_user_login', 'um_user_login' ); /** * Form processing diff --git a/includes/core/um-actions-misc.php b/includes/core/um-actions-misc.php index faf1a977..0160e190 100644 --- a/includes/core/um-actions-misc.php +++ b/includes/core/um-actions-misc.php @@ -1,8 +1,8 @@ -form()->errors ) { - switch ( sanitize_key( $_REQUEST['updated'] ) ) { + // Skip if there are errors while submission. + if ( UM()->form()->errors ) { + return; + } + + // phpcs:disable WordPress.Security.NonceVerification -- used for echo and already verified here. + if ( ! empty( $_REQUEST['updated'] ) ) { + $updated = sanitize_key( $_REQUEST['updated'] ); + switch ( $updated ) { default: /** - * UM hook + * Filters a custom success message. * - * @type filter - * @title um_custom_success_message_handler - * @description Add custom success message - * @input_vars - * [{"var":"$success","type":"string","desc":"Message"}, - * {"var":"$updated","type":"array","desc":"Updated data"}] - * @change_log - * ["Since: 2.0"] - * @usage - * - * @example - * It adds a custom message for `custom_key_on_profile` updated key. + * function my_custom_success_message( $success, $updated, $args ) { + * if ( 'custom_key_on_profile' === $updated ) { + * $success = 'Some custom message'; + * } * return $success; * } - * ?> + * add_filter( 'um_custom_success_message_handler', 'my_custom_success_message', 10, 3 ); */ - $success = apply_filters( 'um_custom_success_message_handler', $success, sanitize_key( $_REQUEST['updated'] ) ); + $success = apply_filters( 'um_custom_success_message_handler', $success, $updated, $args ); break; - case 'account': $success = __( 'Your account was updated successfully.', 'ultimate-member' ); break; - case 'password_changed': $success = __( 'You have successfully changed your password.', 'ultimate-member' ); break; - case 'account_active': $success = __( 'Your account is now active! You can login.', 'ultimate-member' ); break; - } } - if ( ! empty( $_REQUEST['err'] ) && ! UM()->form()->errors ) { - switch( sanitize_key( $_REQUEST['err'] ) ) { - + if ( ! empty( $_REQUEST['err'] ) ) { + $request_error = sanitize_key( $_REQUEST['err'] ); + switch ( $request_error ) { default: /** - * UM hook + * Filters a custom error message. * - * @type filter - * @title um_custom_error_message_handler - * @description Add custom error message - * @input_vars - * [{"var":"$error","type":"string","desc":"Error message"}, - * {"var":"$request_error","type":"array","desc":"Error data"}] - * @change_log - * ["Since: 2.0"] - * @usage - * - * @example - * It adds a custom error for `custom_key_on_profile` error key. + * function my_custom_error_message( $error, $request_error, $args ) { + * if ( 'custom_key_on_profile' === $request_error ) { + * $error = 'Some custom message'; + * } * return $error; * } - * ?> + * add_filter( 'um_custom_error_message_handler', 'my_custom_error_message', 10, 3 ); */ - $err = apply_filters( 'um_custom_error_message_handler', $err, sanitize_key( $_REQUEST['err'] ) ); - if ( ! $err ) { + $err = apply_filters( 'um_custom_error_message_handler', $err, $request_error, $args ); + if ( empty( $err ) ) { $err = __( 'An error has been encountered', 'ultimate-member' ); } break; - case 'registration_disabled': $err = __( 'Registration is currently disabled', 'ultimate-member' ); break; - case 'blocked_email': $err = __( 'This email address has been blocked.', 'ultimate-member' ); break; - case 'blocked_domain': $err = __( 'We do not accept registrations from that domain.', 'ultimate-member' ); break; - case 'blocked_ip': $err = __( 'Your IP address has been blocked.', 'ultimate-member' ); break; - case 'inactive': $err = __( 'Your account has been disabled.', 'ultimate-member' ); break; - case 'awaiting_admin_review': $err = __( 'Your account has not been approved yet.', 'ultimate-member' ); break; - case 'awaiting_email_confirmation': $err = __( 'Your account is awaiting e-mail verification.', 'ultimate-member' ); break; - case 'rejected': $err = __( 'Your membership request has been rejected.', 'ultimate-member' ); break; - case 'invalid_nonce': $err = __( 'An error has been encountered. Probably page was cached. Please try again.', 'ultimate-member' ); break; - } } + // phpcs:enable WordPress.Security.NonceVerification -- used for echo and already verified here. + + add_filter( 'um_late_escaping_allowed_tags', 'um_form_notices_additional_tags', 10, 2 ); if ( ! empty( $err ) ) { $output .= '

' . $err . '

'; @@ -201,6 +194,24 @@ function um_add_update_notice( $args ) { $output .= '

' . $success . '

'; } - echo $output; + echo wp_kses( $output, UM()->get_allowed_html( 'templates' ) ); + + remove_filter( 'um_late_escaping_allowed_tags', 'um_form_notices_additional_tags' ); } add_action( 'um_before_form', 'um_add_update_notice', 500 ); + +/** + * Extends allowed tags for displaying UM Form notices. + * + * @since 2.6.4 + * + * @param array $allowed_html + * @param string $context + * @return array + */ +function um_form_notices_additional_tags( $allowed_html, $context ) { + if ( 'templates' === $context ) { + $allowed_html['i']['onclick'] = true; + } + return $allowed_html; +} diff --git a/includes/core/um-actions-profile.php b/includes/core/um-actions-profile.php index e7a6dd36..4a4b10d2 100644 --- a/includes/core/um-actions-profile.php +++ b/includes/core/um-actions-profile.php @@ -1,170 +1,169 @@ -options()->get( 'profile_tab_main' ) && ! isset( $_REQUEST['um_action'] ) ) { + // phpcs:ignore WordPress.Security.NonceVerification -- $_REQUEST is used for echo only + if ( ! isset( $_REQUEST['um_action'] ) && ! UM()->options()->get( 'profile_tab_main' ) ) { return; } /** - * UM hook + * Filters user's ability to view a profile * - * @type filter - * @title um_profile_can_view_main - * @description Check user can view profile - * @input_vars - * [{"var":"$view","type":"bool","desc":"Can view?"}, - * {"var":"$user_id","type":"int","desc":"User profile ID"}] - * @change_log - * ["Since: 2.0"] - * @usage - * - * @example - * Make profile hidden. + * function my_profile_can_view_main( $can_view, $profile_id ) { + * $can_view = 1; // make profile hidden. + * return $can_view; * } - * ?> + * add_filter( 'um_profile_can_view_main', 'my_profile_can_view_main', 10, 2 ); */ $can_view = apply_filters( 'um_profile_can_view_main', -1, um_profile_id() ); - if ( $can_view == -1 ) { + if ( -1 === (int) $can_view ) { /** - * UM hook + * Fires before UM Form content. * - * @type action - * @title um_before_form - * @description Some actions before profile form - * @input_vars - * [{"var":"$args","type":"array","desc":"Profile form shortcode arguments"}] - * @change_log - * ["Since: 2.0"] - * @usage add_action( 'um_before_form', 'function_name', 10, 1 ); - * @example - * Make any custom action before UM form. * function my_before_form( $args ) { * // your code here * } - * ?> + * add_action( 'um_before_form', 'my_before_form' ); */ do_action( 'um_before_form', $args ); - /** - * UM hook + * Fires before UM Form fields. * - * @type action - * @title um_before_{$mode}_fields - * @description Some actions before profile form fields - * @input_vars - * [{"var":"$args","type":"array","desc":"{Profile} form shortcode arguments"}] - * @change_log - * ["Since: 2.0"] - * @usage add_action( 'um_before_{$mode}_fields', 'function_name', 10, 1 ); - * @example - * Make any custom action before UM Profile form fields. + * function my_before_profile_fields( $args ) { * // your code here * } - * ?> + * add_action( 'um_before_profile_fields', 'my_before_profile_fields' ); + * @example Make any custom action before UM Login form fields. + * function my_before_login_fields( $args ) { + * // your code here + * } + * add_action( 'um_before_login_fields', 'my_before_login_fields' ); + * @example Make any custom action before UM Register form fields. + * function my_before_register_fields( $args ) { + * // your code here + * } + * add_action( 'um_before_register_fields', 'my_before_register_fields' ); */ do_action( "um_before_{$mode}_fields", $args ); - /** - * UM hook + * Fires for rendering UM Form fields. * - * @type action - * @title um_main_{$mode}_fields - * @description Some actions before login form fields - * @input_vars - * [{"var":"$args","type":"array","desc":"Login form shortcode arguments"}] - * @change_log - * ["Since: 2.0"] - * @usage add_action( 'um_before_{$mode}_fields', 'function_name', 10, 1 ); - * @example - * Make any custom action when profile form fields are rendered. + * function my_main_profile_fields( $args ) { * // your code here * } - * ?> + * add_action( 'um_main_profile_fields', 'my_main_profile_fields' ); + * @example Make any custom action when login form fields are rendered. + * function my_main_login_fields( $args ) { + * // your code here + * } + * add_action( 'um_main_login_fields', 'my_main_login_fields' ); + * @example Make any custom action when register form fields are rendered. + * function my_main_register_fields( $args ) { + * // your code here + * } + * add_action( 'um_main_register_fields', 'my_main_register_fields' ); */ do_action( "um_main_{$mode}_fields", $args ); - /** - * UM hook + * Fires after UM Form fields. * - * @type action - * @title um_after_form_fields - * @description Some actions after login form fields - * @input_vars - * [{"var":"$args","type":"array","desc":"Login form shortcode arguments"}] - * @change_log - * ["Since: 2.0"] - * @usage add_action( 'um_after_form_fields', 'function_name', 10, 1 ); - * @example - * Make any custom action after UM Form fields. * function my_after_form_fields( $args ) { * // your code here * } - * ?> + * add_action( 'um_after_form_fields', 'my_after_form_fields' ); */ do_action( 'um_after_form_fields', $args ); - /** - * UM hook + * Fires after UM Form fields. * - * @type action - * @title um_after_{$mode}_fields - * @description Some actions after profile form fields - * @input_vars - * [{"var":"$args","type":"array","desc":"Profile form shortcode arguments"}] - * @change_log - * ["Since: 2.0"] - * @usage add_action( 'um_after_{$mode}_fields', 'function_name', 10, 1 ); - * @example - * Make any custom action after profile form fields. + * function my_after_profile_fields( $args ) { * // your code here * } - * ?> + * add_action( 'um_after_profile_fields', 'my_after_profile_fields' ); + * @example Make any custom action after login form fields. + * function my_after_login_fields( $args ) { + * // your code here + * } + * add_action( 'um_after_login_fields', 'my_after_login_fields' ); + * @example Make any custom action after register form fields. + * function my_after_register_fields( $args ) { + * // your code here + * } + * add_action( 'um_after_register_fields', 'my_after_register_fields' ); */ do_action( "um_after_{$mode}_fields", $args ); - /** - * UM hook + * Fires after UM Form content. * - * @type action - * @title um_after_form - * @description Some actions after profile form fields - * @input_vars - * [{"var":"$args","type":"array","desc":"Profile form shortcode arguments"}] - * @change_log - * ["Since: 2.0"] - * @usage add_action( 'um_after_form', 'function_name', 10, 1 ); - * @example - * Make any custom action after UM Form content. * function my_after_form( $args ) { * // your code here * } - * ?> + * add_action( 'um_after_form', 'my_after_form' ); */ do_action( 'um_after_form', $args ); @@ -173,7 +172,7 @@ function um_profile_content_main( $args ) {
- +
fields()->editing ) { - if ( um_get_requested_user() ) { - if ( ! UM()->roles()->um_current_user_can( 'edit', um_get_requested_user() ) ) { - um_redirect_home( um_get_requested_user(), um_is_myprofile() ); - } - um_fetch_user( um_get_requested_user() ); + if ( UM()->fields()->editing ) { + if ( um_get_requested_user() ) { + if ( ! UM()->roles()->um_current_user_can( 'edit', um_get_requested_user() ) ) { + um_redirect_home( um_get_requested_user(), um_is_myprofile() ); } + um_fetch_user( um_get_requested_user() ); + } + } else { + UM()->fields()->viewing = 1; + + if ( um_get_requested_user() ) { + if ( ! um_is_myprofile() && ! um_can_view_profile( um_get_requested_user() ) ) { + um_redirect_home( um_get_requested_user(), um_is_myprofile() ); + } + + if ( ! UM()->roles()->um_current_user_can( 'edit', um_get_requested_user() ) ) { + UM()->user()->cannot_edit = 1; + } + + um_fetch_user( um_get_requested_user() ); } else { - UM()->fields()->viewing = 1; + if ( ! is_user_logged_in() ) { + um_redirect_home( um_get_requested_user(), um_is_myprofile() ); + } - if ( um_get_requested_user() ) { - if ( ! um_can_view_profile( um_get_requested_user() ) && ! um_is_myprofile() ) { - um_redirect_home( um_get_requested_user(), um_is_myprofile() ); - } - - if ( ! UM()->roles()->um_current_user_can( 'edit', um_get_requested_user() ) ) { - UM()->user()->cannot_edit = 1; - } - - um_fetch_user( um_get_requested_user() ); - } else { - if ( ! is_user_logged_in() ) { - um_redirect_home( um_get_requested_user(), um_is_myprofile() ); - } - - if ( ! um_user( 'can_edit_profile' ) ) { - UM()->user()->cannot_edit = 1; - } + if ( ! um_user( 'can_edit_profile' ) ) { + UM()->user()->cannot_edit = 1; } } } } add_action( 'um_pre_profile_shortcode', 'um_pre_profile_shortcode' ); - /** * Display the edit profile icon * diff --git a/includes/core/um-actions-register.php b/includes/core/um-actions-register.php index 0d79bbcd..3bf016ce 100644 --- a/includes/core/um-actions-register.php +++ b/includes/core/um-actions-register.php @@ -1,11 +1,13 @@ -user()->pending(); } -add_action('um_post_registration_pending_hook', 'um_post_registration_pending_hook', 10, 2); - +add_action( 'um_post_registration_pending_hook', 'um_post_registration_pending_hook', 10, 2 ); /** * After insert a new user @@ -118,7 +117,6 @@ function um_after_insert_user( $user_id, $args ) { } add_action( 'um_user_register', 'um_after_insert_user', 1, 2 ); - /** * Send notification about registration * @@ -131,7 +129,7 @@ function um_send_registration_notification( $user_id, $args ) { $emails = um_multi_admin_email(); if ( ! empty( $emails ) ) { foreach ( $emails as $email ) { - if ( um_user( 'account_status' ) != 'pending' ) { + if ( 'pending' !== um_user( 'account_status' ) ) { UM()->mail()->send( $email, 'notification_new_user', array( 'admin' => true ) ); } else { UM()->mail()->send( $email, 'notification_review', array( 'admin' => true ) ); @@ -141,7 +139,6 @@ function um_send_registration_notification( $user_id, $args ) { } add_action( 'um_registration_complete', 'um_send_registration_notification', 10, 2 ); - /** * Check user status and redirect it after registration * @@ -270,7 +267,6 @@ function um_check_user_status( $user_id, $args ) { } add_action( 'um_registration_complete', 'um_check_user_status', 100, 2 ); - function um_submit_form_errors_hook__registration( $args ) { // Check for "\" in password. if ( array_key_exists( 'user_password', $args ) && false !== strpos( wp_unslash( trim( $args['user_password'] ) ), '\\' ) ) { @@ -280,68 +276,66 @@ function um_submit_form_errors_hook__registration( $args ) { add_action( 'um_submit_form_errors_hook__registration', 'um_submit_form_errors_hook__registration', 10, 1 ); /** - * Registration form submit handler + * Registration form submit handler. * - * @param $args - * @return bool|int|WP_Error + * @param array $args */ function um_submit_form_register( $args ) { if ( isset( UM()->form()->errors ) ) { - return false; + return; } /** - * UM hook + * Filters user data submitted by a registration form. * - * @type filter - * @title um_add_user_frontend_submitted - * @description Extend user data on registration form submit - * @input_vars - * [{"var":"$submitted","type":"array","desc":"Registration data"}] - * @change_log - * ["Since: 2.0"] - * @usage - * - * @example - * Extends registration data. * function my_add_user_frontend_submitted( $submitted ) { * // your code here * return $submitted; * } - * ?> + * add_filter( 'um_add_user_frontend_submitted', 'my_add_user_frontend_submitted' ); */ $args = apply_filters( 'um_add_user_frontend_submitted', $args ); - extract( $args ); - - if ( ! empty( $username ) && empty( $user_login ) ) { - $user_login = $username; + if ( ! empty( $args['user_login'] ) ) { + $user_login = $args['user_login']; + } + if ( ! empty( $args['username'] ) && empty( $args['user_login'] ) ) { + $user_login = $args['username']; } - if ( ! empty( $first_name ) && ! empty( $last_name ) && empty( $user_login ) ) { + if ( ! empty( $args['first_name'] ) && ! empty( $args['last_name'] ) && empty( $user_login ) ) { switch ( UM()->options()->get( 'permalink_base' ) ) { case 'name': - $user_login = str_replace( " ", ".", $first_name . " " . $last_name ); + $user_login = str_replace( ' ', '.', $args['first_name'] . ' ' . $args['last_name'] ); break; case 'name_dash': - $user_login = str_replace( " ", "-", $first_name . " " . $last_name ); + $user_login = str_replace( ' ', '-', $args['first_name'] . ' ' . $args['last_name'] ); break; case 'name_plus': - $user_login = str_replace( " ", "+", $first_name . " " . $last_name ); + $user_login = str_replace( ' ', '+', $args['first_name'] . ' ' . $args['last_name'] ); break; default: - $user_login = str_replace( " ", "", $first_name . " " . $last_name ); + $user_login = str_replace( ' ', '', $args['first_name'] . ' ' . $args['last_name'] ); break; } $user_login = sanitize_user( strtolower( remove_accents( $user_login ) ), true ); if ( ! empty( $user_login ) ) { - $count = 1; + $count = 1; $temp_user_login = $user_login; while ( username_exists( $temp_user_login ) ) { $temp_user_login = $user_login . $count; @@ -351,56 +345,57 @@ function um_submit_form_register( $args ) { } } - if ( empty( $user_login ) && ! empty( $user_email ) ) { - $user_login = $user_email; + if ( empty( $user_login ) && ! empty( $args['user_email'] ) ) { + $user_login = $args['user_email']; } - $unique_userID = uniqid(); + $unique_user_id = uniqid(); // see dbDelta and WP native DB structure user_login varchar(60) - if ( empty( $user_login ) || mb_strlen( $user_login ) > 60 && ! is_email( $user_login ) ) { - $user_login = 'user' . $unique_userID; + if ( empty( $user_login ) || ( mb_strlen( $user_login ) > 60 && ! is_email( $user_login ) ) ) { + $user_login = 'user' . $unique_user_id; while ( username_exists( $user_login ) ) { - $unique_userID = uniqid(); - $user_login = 'user' . $unique_userID; + $unique_user_id = uniqid(); + $user_login = 'user' . $unique_user_id; } } - if ( isset( $username ) && is_email( $username ) ) { - $user_email = $username; + if ( isset( $args['username'] ) && is_email( $args['username'] ) ) { + $user_email = $args['username']; + } elseif ( ! empty( $args['user_email'] ) ) { + $user_email = $args['user_email']; } - if ( ! isset( $user_password ) ) { + if ( ! isset( $args['user_password'] ) ) { $user_password = UM()->validation()->generate( 8 ); + } else { + $user_password = $args['user_password']; } if ( empty( $user_email ) ) { - $site_url = @$_SERVER['SERVER_NAME']; - $user_email = 'nobody' . $unique_userID . '@' . $site_url; + $site_url = wp_parse_url( get_site_url(), PHP_URL_HOST ); + $user_email = 'nobody' . $unique_user_id . '@' . $site_url; while ( email_exists( $user_email ) ) { - $unique_userID = uniqid(); - $user_email = 'nobody' . $unique_userID . '@' . $site_url; + $unique_user_id = uniqid(); + $user_email = 'nobody' . $unique_user_id . '@' . $site_url; } + /** - * UM hook + * Filters change user default email if it's empty on registration. * - * @type filter - * @title um_user_register_submitted__email - * @description Change user default email if it's empty on registration - * @input_vars - * [{"var":"$user_email","type":"string","desc":"Default email"}] - * @change_log - * ["Since: 2.0"] - * @usage - * - * @example - * Change user default email if it's empty on registration. * function my_user_register_submitted__email( $user_email ) { * // your code here * return $user_email; * } - * ?> + * add_filter( 'um_user_register_submitted__email', 'my_user_register_submitted__email' ); */ $user_email = apply_filters( 'um_user_register_submitted__email', $user_email ); } @@ -417,10 +412,10 @@ function um_submit_form_register( $args ) { $args['submitted'] = array_merge( $args['submitted'], $credentials ); - // set timestamp - $timestamp = current_time( 'timestamp' ); + // Set registration timestamp. + $timestamp = current_time( 'timestamp' ); // @todo Working on timestamps. $args['submitted']['timestamp'] = $timestamp; - $args['timestamp'] = $timestamp; + $args['timestamp'] = $timestamp; $args = array_merge( $args, $credentials ); @@ -433,70 +428,58 @@ function um_submit_form_register( $args ) { $exclude_roles = array_diff( array_keys( $wp_roles->roles ), UM()->roles()->get_editable_user_roles() ); //if role is properly set it - if ( ! in_array( $args['role'], $exclude_roles ) ) { + if ( ! in_array( $args['role'], $exclude_roles, true ) ) { $user_role = $args['role']; } } /** - * UM hook + * Filters change user role on registration process * - * @type filter - * @title um_registration_user_role - * @description Change user role on registration process - * @input_vars - * [{"var":"$role","type":"string","desc":"User role"}, - * {"var":"$submitted","type":"array","desc":"Registration data"}] - * @change_log - * ["Since: 2.0"] - * @usage - * - * @example - * Change user role on registration process. + * function my_registration_user_role( $user_role, $args ) { * // your code here - * return $role; + * return $user_role; * } - * ?> + * add_filter( 'um_registration_user_role', 'my_registration_user_role', 10, 2 ); */ $user_role = apply_filters( 'um_registration_user_role', $user_role, $args ); $userdata = array( - 'user_login' => $user_login, - 'user_pass' => $user_password, - 'user_email' => $user_email, - 'role' => $user_role, + 'user_login' => $user_login, + 'user_pass' => $user_password, + 'user_email' => $user_email, + 'role' => $user_role, ); $user_id = wp_insert_user( $userdata ); /** - * UM hook + * Fires after complete UM user registration. * - * @type action - * @title um_user_register - * @description After complete UM user registration. - * @input_vars - * [{"var":"$user_id","type":"int","desc":"User ID"}, - * {"var":"$args","type":"array","desc":"Form data"}] - * @change_log - * ["Since: 2.0"] - * @usage add_action( 'um_user_register', 'function_name', 10, 2 ); - * @example - * Make any custom action after complete UM user registration. + * function my_um_user_register( $user_id, $args ) { * // your code here * } - * ?> + * add_action( 'um_user_register', 'my_um_user_register', 10, 2 ); */ do_action( 'um_user_register', $user_id, $args ); - - return $user_id; } -add_action( 'um_submit_form_register', 'um_submit_form_register', 10 ); - +add_action( 'um_submit_form_register', 'um_submit_form_register' ); /** * Show the submit button