From 8ef597ad74a3b775ab467f5886b2bdc9afbe43b2 Mon Sep 17 00:00:00 2001 From: ashubawork Date: Mon, 14 Apr 2025 14:21:41 +0300 Subject: [PATCH] - fix banned fields and site health status --- includes/admin/class-site-health.php | 135 +++++++++++++++++++++++++++ includes/core/class-builtin.php | 2 +- includes/core/class-user.php | 3 + 3 files changed, 139 insertions(+), 1 deletion(-) diff --git a/includes/admin/class-site-health.php b/includes/admin/class-site-health.php index bc1a3558..f8405802 100644 --- a/includes/admin/class-site-health.php +++ b/includes/admin/class-site-health.php @@ -48,6 +48,20 @@ class Site_Health { ); } + $custom_fields = get_option( 'um_fields', array() ); + if ( ! empty( $custom_fields ) ) { + $keys = array_merge( UM()->builtin()->blacklist_fields, UM()->user()->banned_keys ); + foreach ( $keys as $key ) { + if ( isset( $custom_fields[ $key ] ) ) { + $tests['direct']['um_banned_fields'] = array( + 'label' => esc_html__( 'Are the banned custom fields?', 'ultimate-member' ), + 'test' => array( $this, 'banned_fields_test' ), + ); + break; + } + } + } + return $tests; } @@ -210,6 +224,127 @@ class Site_Health { return $result; } + public function get_banned_fields() { + $keys = array_merge( UM()->builtin()->blacklist_fields, UM()->user()->banned_keys ); + + $result = array( + 'description' => '', + 'actions' => '', + ); + + $forms = get_posts( + array( + 'post_type' => 'um_form', + 'posts_per_page' => -1, + 'fields' => 'ids', + ) + ); + + $forms_count = 0; + $break_forms = array(); + if ( ! empty( $forms ) ) { + foreach ( $forms as $form_id ) { + $fields = UM()->query()->get_attr( 'custom_fields', $form_id ); + if ( empty( $fields ) ) { + continue; + } + foreach ( $fields as $field ) { + if ( empty( $field['metakey'] ) ) { + continue; + } + if ( in_array( $field['metakey'], $keys, true ) ) { + $break_forms[] = array( + 'id' => $form_id, + 'title' => get_the_title( $form_id ), + 'link' => get_edit_post_link( $form_id ), + 'key' => $field['metakey'], + ); + ++$forms_count; + } + } + } + } + + if ( 0 < $forms_count ) { + $result['description'] .= sprintf( + '

%s

', + __( 'Your fields in the Ultimate Member Forms are banned.', 'ultimate-member' ) + ); + + if ( ! empty( $break_forms ) ) { + $result['description'] .= sprintf( + '

%s', + __( 'Related to Ultimate Member Forms: ', 'ultimate-member' ) + ); + + $form_links = array(); + foreach ( $break_forms as $break_form ) { + $form_links[] = sprintf( + '%s in %s (#ID: %s)', + esc_url( $break_form['link'] ), + esc_html__( 'field', 'ultimate-member' ) . ' "' . esc_html( $break_form['key'] ) . '"', + esc_html( $break_form['title'] ), + esc_html( $break_form['id'] ) + ); + } + + $result['description'] .= sprintf( + '%s

', + implode( ', ', $form_links ) + ); + } + + $result['actions'] .= sprintf( + '

%s

', + admin_url( 'edit.php?post_type=um_form' ), + esc_html__( 'Edit form fields and update', 'ultimate-member' ) + ); + } + + $result = apply_filters( 'um_get_banned_fields_result', $result, $keys ); + + if ( ! empty( $result['description'] ) ) { + $result['description'] .= sprintf( + '

%s

', + __( 'Using banned meta keys may break the website\'s functionality.', 'ultimate-member' ) + ); + } + + if ( ! empty( $result['description'] ) && ! empty( $result['actions'] ) ) { + return $result; + } + + return false; + } + + public function banned_fields_test() { + $result = array( + 'label' => __( 'You have correct Ultimate Member fields', 'ultimate-member' ), + 'status' => 'good', + 'badge' => array( + 'label' => UM_PLUGIN_NAME, + 'color' => self::BADGE_COLOR, + ), + 'description' => sprintf( + '

%s

', + __( 'Your all custom Ultimate Member fields are correct.', 'ultimate-member' ) + ), + 'actions' => '', + 'test' => 'um_banned_fields', + ); + + $banned_fields = $this->get_banned_fields(); + if ( false !== $banned_fields ) { + $result['label'] = __( 'Some field from Ultimate Member forms has banned meta key', 'ultimate-member' ); + $result['status'] = 'recommended'; + $result['badge']['color'] = 'orange'; + $result['description'] = $banned_fields['description']; + $result['actions'] = $banned_fields['actions']; + } + + return $result; + } + private function get_roles() { return UM()->roles()->get_roles(); } diff --git a/includes/core/class-builtin.php b/includes/core/class-builtin.php index a0fd52c4..aa0fb5c0 100644 --- a/includes/core/class-builtin.php +++ b/includes/core/class-builtin.php @@ -183,7 +183,7 @@ if ( ! class_exists( 'um\core\Builtin' ) ) { * @return int|string Empty or error string. */ public function blacklist_field_err( $key ) { - if ( in_array( strtolower( $key ), $this->blacklist_fields, true ) ) { + if ( in_array( strtolower( $key ), $this->blacklist_fields, true ) || in_array( strtolower( $key ), UM()->user()->banned_keys, true ) ) { return __( 'Your meta key can not be used', 'ultimate-member' ); } diff --git a/includes/core/class-user.php b/includes/core/class-user.php index f8d70584..ea358262 100644 --- a/includes/core/class-user.php +++ b/includes/core/class-user.php @@ -93,6 +93,9 @@ if ( ! class_exists( 'um\core\User' ) ) { $this->banned_keys = array( 'metabox', + 'user_id', + 'role', + 'user_pass', 'postbox', 'meta-box', 'dismissed_wp_pointers',