10h30/ultimatemember
1
0
Fork 0
mirror of https://github.com/10h30/ultimatemember.git synced 2026-06-05 15:09:37 +09:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' of https://github.com/ultimatemember/ultimatemember

Browse Source
This commit is contained in:
Yurii Nalivaiko
2018-11-22 14:04:18 +02:00
parent 10d699333c 0ceab69793
commit a32ddcd13b
55 changed files with 576 additions and 658 deletions
Download Patch File Download Diff File Expand all files Collapse all files
includes/admin/assets/js/um-admin-ajax.js
+11 -1
View File
@@ -31,7 +31,17 @@ jQuery(document).ready(function() {
jQuery.ajax({
url: wp.ajax.settings.url,
type: 'POST',
data: { action:'um_do_ajax_action',act_id : act_id, arg1 : arg1, arg2 : arg2, in_row: in_row, in_sub_row: in_sub_row, in_column: in_column, in_group: in_group },
data: {
action:'um_do_ajax_action',
act_id : act_id,
arg1 : arg1,
arg2 : arg2,
in_row: in_row,
in_sub_row: in_sub_row,
in_column: in_column,
in_group: in_group,
nonce: um_admin_scripts.nonce
},
success: function(data){
jQuery('.um-col-demon-settings').data('in_row', '');
includes/admin/assets/js/um-admin-builder.js
+2 -1
View File
@@ -14,7 +14,8 @@ function um_admin_update_builder() {
type: 'POST',
data: {
action:'um_update_builder',
form_id: form_id
form_id: form_id,
nonce: um_admin_scripts.nonce
},
success: function(data){
includes/admin/assets/js/um-admin-field.js
+7 -1
View File
@@ -13,7 +13,13 @@ jQuery(document).ready(function() {
jQuery.ajax({
url: wp.ajax.settings.url,
type: 'POST',
data: {action:'um_do_ajax_action',act_id : 'um_admin_remove_field_global', arg1 : arg1 },
data: {
action:'um_do_ajax_action',
act_id : 'um_admin_remove_field_global',
arg1 : arg1,
nonce: um_admin_scripts.nonce
},
success: function(data){
},
includes/admin/assets/js/um-admin-modal.js
+17 -2
View File
@@ -59,7 +59,18 @@ function um_admin_modal_ajaxcall( act_id, arg1, arg2, arg3 ) {
jQuery.ajax({
url: wp.ajax.settings.url,
type: 'POST',
data: { action:'um_dynamic_modal_content',act_id: act_id, arg1 : arg1, arg2 : arg2, arg3: arg3, in_row: in_row, in_sub_row: in_sub_row, in_column: in_column, in_group: in_group },
data: {
action:'um_dynamic_modal_content',
act_id: act_id,
arg1 : arg1,
arg2 : arg2,
arg3: arg3,
in_row: in_row,
in_sub_row: in_sub_row,
in_column: in_column,
in_group: in_group,
nonce: um_admin_scripts.nonce
},
complete: function(){
um_admin_modal_loaded();
um_admin_modal_responsive();
@@ -461,7 +472,11 @@ jQuery(document).ready(function() {
jQuery.ajax({
url: wp.ajax.settings.url,
type: 'POST',
data: { action:'populate_dropdown_options',um_option_callback: um_option_callback },
data: {
action:'um_populate_dropdown_options',
um_option_callback: um_option_callback,
nonce: um_admin_scripts.nonce
},
complete: function(){
},
includes/admin/class-admin-functions.php
+15
View File
@@ -22,6 +22,21 @@ if ( ! class_exists( 'um\admin\Admin_Functions' ) ) {
}
/**
* Check wp-admin nonce
*
* @param bool $action
*/
function check_ajax_nonce( $action = false ) {
$nonce = isset( $_POST['nonce'] ) ? $_POST['nonce'] : '';
$action = empty( $action ) ? 'um-admin-nonce' : $action;
if ( ! wp_verify_nonce( $nonce, $action ) ) {
wp_send_json_error( esc_js( __( 'Wrong Nonce', 'ultimate-member' ) ) );
}
}
/**
* Boolean check if we're viewing UM backend
*
includes/admin/class-admin.php
-36
View File
@@ -37,7 +37,6 @@ if ( ! class_exists( 'um\admin\Admin' ) ) {
add_action( 'um_admin_do_action__purge_temp', array( &$this, 'purge_temp' ) );
add_action( 'um_admin_do_action__manual_upgrades_request', array( &$this, 'manual_upgrades_request' ) );
add_action( 'um_admin_do_action__duplicate_form', array( &$this, 'duplicate_form' ) );
add_action( 'um_admin_do_action__um_language_downloader', array( &$this, 'um_language_downloader' ) );
add_action( 'um_admin_do_action__um_hide_locale_notice', array( &$this, 'um_hide_notice' ) );
add_action( 'um_admin_do_action__um_can_register_notice', array( &$this, 'um_hide_notice' ) );
add_action( 'um_admin_do_action__um_hide_exif_notice', array( &$this, 'um_hide_notice' ) );
@@ -209,41 +208,6 @@ if ( ! class_exists( 'um\admin\Admin' ) ) {
}
/**
* Download a language remotely
*
* @param $action
*/
function um_language_downloader( $action ) {
if ( !is_admin() || !current_user_can('manage_options') ) die();
$locale = get_option('WPLANG');
if ( !$locale ) return;
if ( !isset( UM()->available_languages[$locale] ) ) return;
$path = UM()->files()->upload_basedir;
$path = str_replace('/uploads/ultimatemember','',$path);
$path = $path . '/languages/plugins/';
$path = str_replace('//','/',$path);
$remote = 'https://ultimatemember.com/wp-content/languages/plugins/ultimatemember-' . $locale . '.po';
$remote2 = 'https://ultimatemember.com/wp-content/languages/plugins/ultimatemember-' . $locale . '.mo';
$remote_tmp = download_url( $remote, $timeout = 300 );
copy( $remote_tmp, $path . 'ultimatemember-' . $locale . '.po' );
unlink( $remote_tmp );
$remote2_tmp = download_url( $remote2, $timeout = 300 );
copy( $remote2_tmp, $path . 'ultimatemember-' . $locale . '.mo' );
unlink( $remote2_tmp );
$url = remove_query_arg('um_adm_action', UM()->permalinks()->get_current_url() );
$url = add_query_arg('update','language_updated',$url);
exit( wp_redirect($url) );
}
/**
* Action to hide notices in admin
*
includes/admin/core/class-admin-builder.php
+16 -9
View File
@@ -305,9 +305,10 @@ if ( ! class_exists( 'um\admin\core\Admin_Builder' ) ) {
* Update the builder area
*/
function update_builder() {
UM()->admin()->check_ajax_nonce();
if ( ! is_user_logged_in() || ! current_user_can( 'manage_options' ) ) {
die( 'Please login as administrator' );
wp_send_json_error( __( 'Please login as administrator', 'ultimate-member' ) );
}
extract( $_POST );
@@ -618,8 +619,11 @@ if ( ! class_exists( 'um\admin\core\Admin_Builder' ) ) {
*
*/
function update_field() {
if ( ! is_user_logged_in() || ! current_user_can( 'manage_options' ) )
die( __('Please login as administrator','ultimate-member') );
UM()->admin()->check_ajax_nonce();
if ( ! is_user_logged_in() || ! current_user_can( 'manage_options' ) ) {
wp_send_json_error( __( 'Please login as administrator', 'ultimate-member' ) );
}
$output['error'] = null;
@@ -770,12 +774,14 @@ if ( ! class_exists( 'um\admin\core\Admin_Builder' ) ) {
*
*/
function dynamic_modal_content() {
$metabox = UM()->metabox();
UM()->admin()->check_ajax_nonce();
if ( ! is_user_logged_in() || ! current_user_can( 'manage_options' ) ) {
die( __( 'Please login as administrator', 'ultimate-member' ) );
wp_send_json_error( __( 'Please login as administrator', 'ultimate-member' ) );
}
$metabox = UM()->metabox();
/**
* @var $act_id
* @var $arg1
@@ -1144,12 +1150,14 @@ if ( ! class_exists( 'um\admin\core\Admin_Builder' ) ) {
* Retrieves dropdown/multi-select options from a callback function
*/
function populate_dropdown_options() {
$arr_options = array();
UM()->admin()->check_ajax_nonce();
if ( ! current_user_can('manage_options') ) {
wp_die( __( 'This is not possible for security reasons.', 'ultimate-member' ) );
if ( ! is_user_logged_in() || ! current_user_can( 'manage_options' ) ) {
wp_send_json_error( __( 'This is not possible for security reasons.', 'ultimate-member' ) );
}
$arr_options = array();
$um_callback_func = $_POST['um_option_callback'];
if ( empty( $um_callback_func ) ) {
$arr_options['status'] = 'empty';
@@ -1158,7 +1166,6 @@ if ( ! class_exists( 'um\admin\core\Admin_Builder' ) ) {
}
$arr_options['data'] = array();
if ( function_exists( $um_callback_func ) ) {
$arr_options['data'] = call_user_func( $um_callback_func );
}
includes/admin/core/class-admin-dragdrop.php
+7 -4
View File
@@ -26,9 +26,11 @@ if ( ! class_exists( 'um\admin\core\Admin_DragDrop' ) ) {
* Update order of fields
*/
function update_order() {
UM()->admin()->check_ajax_nonce();
if ( ! is_user_logged_in() || ! current_user_can( 'manage_options' ) )
die( 'Please login as administrator' );
if ( ! is_user_logged_in() || ! current_user_can( 'manage_options' ) ) {
wp_send_json_error( __( 'Please login as administrator', 'ultimate-member' ) );
}
/**
* @var $form_id
@@ -43,8 +45,8 @@ if ( ! class_exists( 'um\admin\core\Admin_DragDrop' ) ) {
if ( ! empty( $fields ) ) {
foreach ( $fields as $key => $array ) {
if ( $array['type'] == 'row' ) {
$this->row_data[$key] = $array;
unset( $fields[$key] );
$this->row_data[ $key ] = $array;
unset( $fields[ $key ] );
}
}
} else {
@@ -217,6 +219,7 @@ if ( ! class_exists( 'um\admin\core\Admin_DragDrop' ) ) {
<input type="hidden" name="form_id" id="form_id" value="<?php echo get_the_ID(); ?>" />
<input type="hidden" name="action" value="um_update_order" />
<input type="hidden" name="nonce" value="<?php echo wp_create_nonce( 'um-admin-nonce' ) ?>" />
<div class="um_update_order_fields">
includes/admin/core/class-admin-enqueue.php
+2 -3
View File
@@ -332,9 +332,8 @@ if ( ! class_exists( 'um\admin\core\Admin_Enqueue' ) ) {
* }
* ?>
*/
$localize_data = apply_filters('um_admin_enqueue_localize_data', array(
'ajaxurl' => admin_url( 'admin-ajax.php' ),
'nonce' => wp_create_nonce( "um-admin-nonce" )
$localize_data = apply_filters( 'um_admin_enqueue_localize_data', array(
'nonce' => wp_create_nonce( "um-admin-nonce" )
)
);
includes/admin/core/class-admin-menu.php
+11 -77
View File
@@ -76,7 +76,8 @@ if ( ! class_exists( 'um\admin\core\Admin_Menu' ) ) {
url: wp.ajax.settings.url,
type: 'post',
data: {
action: 'um_rated'
action: 'um_rated',
nonce: um_admin_scripts.nonce
},
success: function(){
@@ -98,8 +99,14 @@ if ( ! class_exists( 'um\admin\core\Admin_Menu' ) ) {
* When user clicks the review link in backend
*/
function ultimatemember_rated() {
UM()->admin()->check_ajax_nonce();
if ( ! is_user_logged_in() || ! current_user_can( 'manage_options' ) ) {
wp_send_json_error( __( 'Please login as administrator', 'ultimate-member' ) );
}
update_option( 'um_admin_footer_text_rated', 1 );
die();
wp_send_json_success();
}
@@ -109,8 +116,9 @@ if ( ! class_exists( 'um\admin\core\Admin_Menu' ) ) {
public function menu_order_count() {
global $menu, $submenu;
if ( ! current_user_can( 'list_users' ) )
if ( ! current_user_can( 'list_users' ) ) {
return;
}
$count = UM()->user()->get_pending_users_count();
if ( is_array( $menu ) ) {
@@ -215,14 +223,6 @@ if ( ! class_exists( 'um\admin\core\Admin_Menu' ) ) {
add_meta_box( 'um-metaboxes-sidebox-2', __( 'User Cache', 'ultimate-member' ), array( &$this, 'user_cache' ), $this->pagehook, 'side', 'core' );
if ( $this->language_avaialable_not_installed() ) {
add_meta_box( 'um-metaboxes-sidebox-2', __( 'Language', 'ultimate-member' ), array( &$this, 'dl_language' ), $this->pagehook, 'side', 'core' );
} else if ( $this->language_avaialable_installed() ) {
add_meta_box( 'um-metaboxes-sidebox-2', __( 'Language', 'ultimate-member' ), array( &$this, 'up_language' ), $this->pagehook, 'side', 'core' );
} else if ( $this->language_not_available() ) {
add_meta_box( 'um-metaboxes-sidebox-2', __( 'Language', 'ultimate-member' ), array( &$this, 'ct_language' ), $this->pagehook, 'side', 'core' );
}
//If there are active and licensed extensions - show metabox for upgrade it
$exts = UM()->plugin_updater()->um_get_active_plugins();
if ( 0 < count( $exts ) ) {
@@ -231,33 +231,6 @@ if ( ! class_exists( 'um\admin\core\Admin_Menu' ) ) {
}
/**
*
*/
function up_language() {
$locale = get_option('WPLANG');
include_once UM()->admin()->templates_path . 'dashboard/language-update.php';
}
/**
*
*/
function dl_language() {
$locale = get_option('WPLANG');
include_once UM()->admin()->templates_path . 'dashboard/language-download.php';
}
/**
*
*/
function ct_language() {
$locale = get_option('WPLANG');
include_once UM()->admin()->templates_path . 'dashboard/language-contrib.php';
}
/**
*
*/
@@ -298,45 +271,6 @@ if ( ! class_exists( 'um\admin\core\Admin_Menu' ) ) {
}
/**
* Language not available
*
* @return bool
*/
function language_not_available() {
$locale = get_option( 'WPLANG' );
if ( $locale && !strstr($locale, 'en_') && !isset( UM()->available_languages[$locale] ) && !file_exists( WP_LANG_DIR . '/plugins/ultimatemember-' . $locale . '.mo' ) )
return true;
return false;
}
/**
* Language available but not installed
*
* @return bool
*/
function language_avaialable_not_installed() {
$locale = get_option('WPLANG');
if ( $locale && isset( UM()->available_languages[$locale] ) && !file_exists( WP_LANG_DIR . '/plugins/ultimatemember-' . $locale . '.mo' ) )
return true;
return false;
}
/**
* Language available and installed
*
* @return bool
*/
function language_avaialable_installed() {
$locale = get_option('WPLANG');
if ( $locale && isset( UM()->available_languages[$locale] ) && file_exists( WP_LANG_DIR . '/plugins/ultimatemember-' . $locale . '.mo' ) )
return true;
return false;
}
/**
* Get a directory size
*
includes/admin/core/class-admin-notices.php
+1 -45
View File
@@ -38,7 +38,6 @@ if ( ! class_exists( 'um\admin\core\Admin_Notices' ) ) {
$this->old_extensions_notice();
$this->install_core_page_notice();
$this->exif_extension_notice();
$this->localize_note();
$this->show_update_messages();
$this->check_wrong_install_folder();
$this->admin_notice_opt_in();
@@ -358,45 +357,6 @@ if ( ! class_exists( 'um\admin\core\Admin_Notices' ) ) {
}
/**
* Localization notice
*/
function localize_note() {
$locale = get_option( 'WPLANG' );
if ( ! $locale || strstr( $locale, 'en_' ) ) {
return;
}
if ( file_exists( WP_LANG_DIR . '/plugins/ultimatemember-' . $locale . '.mo' ) ) {
return;
}
$hide_locale_notice = get_option( 'um_hide_locale_notice' );
if ( $hide_locale_notice ) {
return;
}
if ( isset( UM()->available_languages[ $locale ] ) ) {
$download_uri = add_query_arg( 'um_adm_action', 'um_language_downloader' );
$this->add_notice( 'locale', array(
'class' => 'updated',
'message' => '<p>' . sprintf( __( 'Your site language is <strong>%1$s</strong>. Good news! Ultimate Member is already available in <strong>%2$s language</strong>. <a href="%3$s">Download the translation</a> files and start using the plugin in your language now. <a href="%4$s">Hide this notice</a>','ultimate-member'), $locale, UM()->available_languages[ $locale ], $download_uri, add_query_arg( 'um_adm_action', 'um_hide_locale_notice' ) ) . '</p>',
), 40 );
} else {
$this->add_notice( 'locale', array(
'class' => 'updated',
'message' => '<p>' . sprintf( __( 'Ultimate Member has not yet been translated to your language: <strong>%1$s</strong>. If you have translated the plugin you need put these files <code>ultimatemember-%1$s.po and ultimatemember-%1$s.mo</code> in <strong>/wp-content/languages/plugins/</strong> for the plugin to be translated in your language. <a href="%2$s">Hide this notice</a>', 'ultimate-member' ), $locale, add_query_arg( 'um_adm_action', 'um_hide_locale_notice' ) ) . '</p>',
), 40 );
}
}
/**
* Updating users
*/
@@ -706,11 +666,7 @@ if ( ! class_exists( 'um\admin\core\Admin_Notices' ) ) {
function dismiss_notice() {
$nonce = isset( $_POST["nonce"] ) ? $_POST["nonce"] : "";
if ( ! wp_verify_nonce( $nonce, "um-admin-nonce" ) ) {
wp_send_json_error( esc_js( __( "Wrong Nonce", 'ultimate-member' ) ) );
}
UM()->admin()->check_ajax_nonce();
if ( empty( $_POST['key'] ) ) {
wp_send_json_error( __( 'Wrong Data', 'ultimate-member' ) );
includes/admin/core/class-admin-settings.php
+20 -11
View File
@@ -1061,19 +1061,25 @@ if ( ! class_exists( 'um\admin\core\Admin_Settings' ) ) {
*/
function sorting_licenses_options( $settings ) {
//sorting licenses
if ( empty( $settings['licenses']['fields'] ) )
if ( empty( $settings['licenses']['fields'] ) ) {
return $settings;
}
$licenses = $settings['licenses']['fields'];
@uasort( $licenses, create_function( '$a,$b', 'return strnatcasecmp($a["label"],$b["label"]);' ) );
@uasort( $licenses, function( $a, $b ) {
return strnatcasecmp( $a["label"], $b["label"] );
} );
$settings['licenses']['fields'] = $licenses;
//sorting extensions
if ( empty( $settings['extensions']['sections'] ) )
if ( empty( $settings['extensions']['sections'] ) ) {
return $settings;
}
$extensions = $settings['extensions']['sections'];
@uasort( $extensions, create_function( '$a,$b', 'return strnatcasecmp($a["title"],$b["title"]);' ) );
@uasort( $extensions, function( $a, $b ) {
return strnatcasecmp( $a["title"], $b["title"] );
} );
$keys = array_keys( $extensions );
if ( $keys[0] != "" ) {
@@ -1082,7 +1088,9 @@ if ( ! class_exists( 'um\admin\core\Admin_Settings' ) ) {
$extensions[$new_key] = $temp;
$extensions[""] = $extensions[$keys[0]];
unset( $extensions[$keys[0]] );
@uasort( $extensions, create_function( '$a,$b', 'return strnatcasecmp($a["title"],$b["title"]);' ) );
@uasort( $extensions, function( $a, $b ) {
return strnatcasecmp( $a["title"], $b["title"] );
} );
}
$settings['extensions']['sections'] = $extensions;
@@ -1099,13 +1107,14 @@ if ( ! class_exists( 'um\admin\core\Admin_Settings' ) ) {
*/
function get_section_fields( $tab, $section ) {
if ( empty( $this->settings_structure[$tab] ) )
if ( empty( $this->settings_structure[ $tab ] ) ) {
return array();
}
if ( ! empty( $this->settings_structure[$tab]['sections'][$section]['fields'] ) ) {
return $this->settings_structure[$tab]['sections'][$section]['fields'];
} elseif ( ! empty( $this->settings_structure[$tab]['fields'] ) ) {
return $this->settings_structure[$tab]['fields'];
if ( ! empty( $this->settings_structure[ $tab ]['sections'][ $section ]['fields'] ) ) {
return $this->settings_structure[ $tab ]['sections'][ $section ]['fields'];
} elseif ( ! empty( $this->settings_structure[ $tab ]['fields'] ) ) {
return $this->settings_structure[ $tab ]['fields'];
}
return array();
includes/admin/core/class-admin-upgrade.php
+8 -32
View File
@@ -260,7 +260,8 @@ if ( ! class_exists( 'um\admin\core\Admin_Upgrade' ) ) {
type: 'POST',
dataType: 'json',
data: {
action: 'um_get_packages'
action: 'um_get_packages',
nonce: um_admin_scripts.nonce
},
success: function( response ) {
um_packages = response.data.packages;
@@ -290,7 +291,8 @@ if ( ! class_exists( 'um\admin\core\Admin_Upgrade' ) ) {
dataType: 'html',
data: {
action: 'um_run_package',
pack: pack
pack: pack,
nonce: um_admin_scripts.nonce
},
success: function( html ) {
um_add_upgrade_log( 'Package "' + pack + '" is ready. Start the execution...' );
@@ -334,6 +336,8 @@ if ( ! class_exists( 'um\admin\core\Admin_Upgrade' ) ) {
function ajax_run_package() {
UM()->admin()->check_ajax_nonce();
if ( empty( $_POST['pack'] ) ) {
exit('');
} else {
@@ -346,40 +350,12 @@ if ( ! class_exists( 'um\admin\core\Admin_Upgrade' ) ) {
function ajax_get_packages() {
UM()->admin()->check_ajax_nonce();
$update_versions = $this->need_run_upgrades();
wp_send_json_success( array( 'packages' => $update_versions ) );
}
/**
* Load packages
*/
/*public function packages() {
if ( ! ini_get( 'safe_mode' ) ) {
@set_time_limit(0);
}
$this->set_update_versions();
$um_last_version_upgrade = get_option( 'um_last_version_upgrade' );
$um_last_version_upgrade = ! $um_last_version_upgrade ? '0.0.0' : $um_last_version_upgrade;
foreach ( $this->update_versions as $update_version ) {
if ( version_compare( $update_version, $um_last_version_upgrade, '<=' ) )
continue;
if ( version_compare( $update_version, ultimatemember_version, '>' ) )
continue;
$file_path = $this->packages_dir . $update_version . '.php';
if ( file_exists( $file_path ) ) {
include_once( $file_path );
update_option( 'um_last_version_upgrade', $update_version );
}
}
}*/
/**
* Parse packages dir for packages files
includes/admin/core/packages/1.3.39/functions.php
Vendored
+2
View File
@@ -1,5 +1,7 @@
<?php
function um_upgrade_usermetaquery1339() {
UM()->admin()->check_ajax_nonce();
include 'usermeta_query.php';
update_option( 'um_last_version_upgrade', '1.3.39' );
includes/admin/core/packages/1.3.39/init.php
Vendored
+3 -2
View File
@@ -5,11 +5,12 @@
um_add_upgrade_log( 'Upgrade Usermeta...' );
jQuery.ajax({
url: '<?php echo admin_url( 'admin-ajax.php' ) ?>',
url: wp.ajax.settings.url,
type: 'POST',
dataType: 'json',
data: {
action: 'um_usermetaquery1339'
action: 'um_usermetaquery1339',
nonce: um_admin_scripts.nonce
},
success: function( response ) {
if ( typeof response.data != 'undefined' ) {
includes/admin/core/packages/2.0-beta1/functions.php
+31
View File
@@ -1,5 +1,7 @@
<?php
function um_upgrade_styles20beta1() {
UM()->admin()->check_ajax_nonce();
um_maybe_unset_time_limit();
include 'styles.php';
@@ -8,6 +10,8 @@ function um_upgrade_styles20beta1() {
function um_upgrade_user_roles20beta1() {
UM()->admin()->check_ajax_nonce();
um_maybe_unset_time_limit();
/**
* @var $response_roles_data
@@ -19,7 +23,10 @@ function um_upgrade_user_roles20beta1() {
function um_upgrade_get_users_per_role20beta1() {
UM()->admin()->check_ajax_nonce();
um_maybe_unset_time_limit();
if ( ! empty( $_POST['key_in_meta'] ) ) {
$args = array(
'meta_query' => array(
@@ -43,6 +50,8 @@ function um_upgrade_get_users_per_role20beta1() {
function um_upgrade_update_users_per_page20beta1() {
UM()->admin()->check_ajax_nonce();
um_maybe_unset_time_limit();
if ( ! empty( $_POST['key_in_meta'] ) && ! empty( $_POST['role_key'] ) && ! empty( $_POST['page'] ) ) {
$users_per_page = 100;
@@ -85,6 +94,8 @@ function um_upgrade_update_users_per_page20beta1() {
function um_upgrade_content_restriction20beta1() {
UM()->admin()->check_ajax_nonce();
um_maybe_unset_time_limit();
include 'content_restriction.php';
@@ -94,6 +105,8 @@ function um_upgrade_content_restriction20beta1() {
function um_upgrade_settings20beta1() {
UM()->admin()->check_ajax_nonce();
um_maybe_unset_time_limit();
include 'settings.php';
@@ -102,6 +115,8 @@ function um_upgrade_settings20beta1() {
function um_upgrade_menus20beta1() {
UM()->admin()->check_ajax_nonce();
um_maybe_unset_time_limit();
include 'menus.php';
@@ -110,6 +125,8 @@ function um_upgrade_menus20beta1() {
function um_upgrade_mc_lists20beta1() {
UM()->admin()->check_ajax_nonce();
um_maybe_unset_time_limit();
include 'mc_lists.php';
@@ -118,6 +135,8 @@ function um_upgrade_mc_lists20beta1() {
function um_upgrade_social_login20beta1() {
UM()->admin()->check_ajax_nonce();
um_maybe_unset_time_limit();
include 'social_login.php';
@@ -126,6 +145,8 @@ function um_upgrade_social_login20beta1() {
function um_upgrade_cpt20beta1() {
UM()->admin()->check_ajax_nonce();
um_maybe_unset_time_limit();
include 'um_cpt.php';
@@ -134,6 +155,8 @@ function um_upgrade_cpt20beta1() {
function um_upgrade_get_forums20beta1() {
UM()->admin()->check_ajax_nonce();
um_maybe_unset_time_limit();
remove_all_actions( 'pre_get_posts' );
@@ -149,6 +172,8 @@ function um_upgrade_get_forums20beta1() {
function um_upgrade_update_forum_per_page20beta1() {
UM()->admin()->check_ajax_nonce();
um_maybe_unset_time_limit();
if ( ! empty( $_POST['page'] ) ) {
@@ -205,6 +230,8 @@ function um_upgrade_update_forum_per_page20beta1() {
function um_upgrade_get_products20beta1() {
UM()->admin()->check_ajax_nonce();
um_maybe_unset_time_limit();
$wc_products = get_posts( array(
@@ -218,6 +245,8 @@ function um_upgrade_get_products20beta1() {
function um_upgrade_update_products_per_page20beta1() {
UM()->admin()->check_ajax_nonce();
um_maybe_unset_time_limit();
if ( ! empty( $_POST['page'] ) ) {
@@ -296,6 +325,8 @@ function um_upgrade_update_products_per_page20beta1() {
function um_upgrade_email_templates20beta1() {
UM()->admin()->check_ajax_nonce();
um_maybe_unset_time_limit();
include 'email_templates.php';
includes/admin/core/packages/2.0-beta1/init.php
+45 -30
View File
@@ -13,11 +13,12 @@
um_add_upgrade_log( '<?php echo esc_js( __( 'Upgrade Styles...', 'ultimate-member' ) ) ?>' );
jQuery.ajax({
url: '<?php echo admin_url( 'admin-ajax.php' ) ?>',
url: wp.ajax.settings.url,
type: 'POST',
dataType: 'json',
data: {
action: 'um_styles20beta1'
action: 'um_styles20beta1',
nonce: um_admin_scripts.nonce
},
success: function( response ) {
if ( typeof response.data != 'undefined' ) {
@@ -36,11 +37,12 @@
function upgrade_roles() {
um_add_upgrade_log( '<?php echo esc_js( __( 'Upgrade Roles...', 'ultimate-member' ) ) ?>' );
jQuery.ajax({
url: '<?php echo admin_url( 'admin-ajax.php' ) ?>',
url: wp.ajax.settings.url,
type: 'POST',
dataType: 'json',
data: {
action: 'um_user_roles20beta1'
action: 'um_user_roles20beta1',
nonce: um_admin_scripts.nonce
},
success: function( response ) {
if ( typeof response.data != 'undefined' ) {
@@ -70,12 +72,13 @@
var role = um_roles_data.shift();
um_add_upgrade_log( '<?php echo esc_js( __( 'Getting ', 'ultimate-member' ) ) ?>"' + role.role_key + '"<?php echo esc_js( __( ' users...', 'ultimate-member' ) ) ?>' );
jQuery.ajax({
url: '<?php echo admin_url( 'admin-ajax.php' ) ?>',
url: wp.ajax.settings.url,
type: 'POST',
dataType: 'json',
data: {
action: 'um_get_users_per_role20beta1',
key_in_meta: role.key_in_meta
key_in_meta: role.key_in_meta,
nonce: um_admin_scripts.nonce
},
success: function( response ) {
if ( typeof response.data.count != 'undefined' ) {
@@ -103,14 +106,15 @@
function update_user_per_page( role_key, key_in_meta ) {
if ( current_page <= users_pages ) {
jQuery.ajax({
url: '<?php echo admin_url( 'admin-ajax.php' ) ?>',
url: wp.ajax.settings.url,
type: 'POST',
dataType: 'json',
data: {
action: 'um_update_users_per_page20beta1',
role_key: role_key,
key_in_meta: key_in_meta,
page: current_page
page: current_page,
nonce: um_admin_scripts.nonce
},
success: function( response ) {
if ( typeof response.data != 'undefined' ) {
@@ -135,11 +139,12 @@
um_add_upgrade_log( '<?php echo esc_js( __( 'Upgrade Content Restriction Settings...', 'ultimate-member' ) ) ?>' );
jQuery.ajax({
url: '<?php echo admin_url( 'admin-ajax.php' ) ?>',
url: wp.ajax.settings.url,
type: 'POST',
dataType: 'json',
data: {
action: 'um_content_restriction20beta1'
action: 'um_content_restriction20beta1',
nonce: um_admin_scripts.nonce
},
success: function( response ) {
if ( typeof response.data != 'undefined' ) {
@@ -160,11 +165,12 @@
um_add_upgrade_log( '<?php echo esc_js( __( 'Upgrade Settings...', 'ultimate-member' ) ) ?>' );
jQuery.ajax({
url: '<?php echo admin_url( 'admin-ajax.php' ) ?>',
url: wp.ajax.settings.url,
type: 'POST',
dataType: 'json',
data: {
action: 'um_settings20beta1'
action: 'um_settings20beta1',
nonce: um_admin_scripts.nonce
},
success: function( response ) {
if ( typeof response.data != 'undefined' ) {
@@ -185,11 +191,12 @@
um_add_upgrade_log( '<?php echo esc_js( __( 'Upgrade Menu Items...', 'ultimate-member' ) ) ?>' );
jQuery.ajax({
url: '<?php echo admin_url( 'admin-ajax.php' ) ?>',
url: wp.ajax.settings.url,
type: 'POST',
dataType: 'json',
data: {
action: 'um_menus20beta1'
action: 'um_menus20beta1',
nonce: um_admin_scripts.nonce
},
success: function( response ) {
if ( typeof response.data != 'undefined' ) {
@@ -210,11 +217,12 @@
um_add_upgrade_log( '<?php echo esc_js( __( 'Upgrade Mailchimp Lists...', 'ultimate-member' ) ) ?>' );
jQuery.ajax({
url: '<?php echo admin_url( 'admin-ajax.php' ) ?>',
url: wp.ajax.settings.url,
type: 'POST',
dataType: 'json',
data: {
action: 'um_mc_lists20beta1'
action: 'um_mc_lists20beta1',
nonce: um_admin_scripts.nonce
},
success: function( response ) {
if ( typeof response.data != 'undefined' ) {
@@ -235,11 +243,12 @@
um_add_upgrade_log( '<?php echo esc_js( __( 'Upgrade Social Login Forms...', 'ultimate-member' ) ) ?>' );
jQuery.ajax({
url: '<?php echo admin_url( 'admin-ajax.php' ) ?>',
url: wp.ajax.settings.url,
type: 'POST',
dataType: 'json',
data: {
action: 'um_social_login20beta1'
action: 'um_social_login20beta1',
nonce: um_admin_scripts.nonce
},
success: function( response ) {
if ( typeof response.data != 'undefined' ) {
@@ -260,11 +269,12 @@
um_add_upgrade_log( '<?php echo esc_js( __( 'Upgrade UM Custom Post Types...', 'ultimate-member' ) ) ?>' );
jQuery.ajax({
url: '<?php echo admin_url( 'admin-ajax.php' ) ?>',
url: wp.ajax.settings.url,
type: 'POST',
dataType: 'json',
data: {
action: 'um_cpt20beta1'
action: 'um_cpt20beta1',
nonce: um_admin_scripts.nonce
},
success: function( response ) {
if ( typeof response.data != 'undefined' ) {
@@ -286,11 +296,12 @@
um_add_upgrade_log( '<?php echo esc_js( __( 'Get bbPress Forums count...', 'ultimate-member' ) ) ?>' );
current_page = 1;
jQuery.ajax({
url: '<?php echo admin_url( 'admin-ajax.php' ) ?>',
url: wp.ajax.settings.url,
type: 'POST',
dataType: 'json',
data: {
action: 'um_get_forums20beta1'
action: 'um_get_forums20beta1',
nonce: um_admin_scripts.nonce
},
success: function( response ) {
if ( typeof response.data != 'undefined' ) {
@@ -313,12 +324,13 @@
function update_forums_per_page() {
if ( current_page <= forums_pages ) {
jQuery.ajax({
url: '<?php echo admin_url( 'admin-ajax.php' ) ?>',
url: wp.ajax.settings.url,
type: 'POST',
dataType: 'json',
data: {
action: 'um_update_forum_per_page20beta1',
page: current_page
page: current_page,
nonce: um_admin_scripts.nonce
},
success: function( response ) {
if ( typeof response.data != 'undefined' ) {
@@ -346,11 +358,12 @@
current_page = 1;
jQuery.ajax({
url: '<?php echo admin_url( 'admin-ajax.php' ) ?>',
url: wp.ajax.settings.url,
type: 'POST',
dataType: 'json',
data: {
action: 'um_get_products20beta1'
action: 'um_get_products20beta1',
nonce: um_admin_scripts.nonce
},
success: function( response ) {
if ( typeof response.data != 'undefined' ) {
@@ -373,12 +386,13 @@
function update_products_per_page() {
if ( current_page <= products_pages ) {
jQuery.ajax({
url: '<?php echo admin_url( 'admin-ajax.php' ) ?>',
url: wp.ajax.settings.url,
type: 'POST',
dataType: 'json',
data: {
action: 'um_update_products_per_page20beta1',
page: current_page
page: current_page,
nonce: um_admin_scripts.nonce
},
success: function( response ) {
if ( typeof response.data != 'undefined' ) {
@@ -402,11 +416,12 @@
function upgrade_email_templates() {
um_add_upgrade_log( '<?php echo esc_js( __( 'Upgrade Email Templates...', 'ultimate-member' ) ) ?>' );
jQuery.ajax({
url: '<?php echo admin_url( 'admin-ajax.php' ) ?>',
url: wp.ajax.settings.url,
type: 'POST',
dataType: 'json',
data: {
action: 'um_email_templates20beta1'
action: 'um_email_templates20beta1',
nonce: um_admin_scripts.nonce
},
success: function( response ) {
if ( typeof response.data != 'undefined' ) {
includes/admin/core/packages/2.0.10/functions.php
Vendored
+4
View File
@@ -1,5 +1,7 @@
<?php
function um_upgrade_styles2010() {
UM()->admin()->check_ajax_nonce();
um_maybe_unset_time_limit();
include 'styles.php';
@@ -8,6 +10,8 @@ function um_upgrade_styles2010() {
function um_upgrade_cache2010() {
UM()->admin()->check_ajax_nonce();
um_maybe_unset_time_limit();
UM()->user()->remove_cache_all_users();
includes/admin/core/packages/2.0.10/init.php
Vendored
+6 -4
View File
@@ -6,11 +6,12 @@
um_add_upgrade_log( '<?php echo esc_js( __( 'Upgrade Styles...', 'ultimate-member' ) ) ?>' );
jQuery.ajax({
url: '<?php echo admin_url( 'admin-ajax.php' ) ?>',
url: wp.ajax.settings.url,
type: 'POST',
dataType: 'json',
data: {
action: 'um_styles2010'
action: 'um_styles2010',
nonce: um_admin_scripts.nonce
},
success: function( response ) {
if ( typeof response.data != 'undefined' ) {
@@ -30,11 +31,12 @@
function um_clear_cache2010() {
um_add_upgrade_log( '<?php echo esc_js( __( 'Clear Users Cache...', 'ultimate-member' ) ) ?>' );
jQuery.ajax({
url: '<?php echo admin_url( 'admin-ajax.php' ) ?>',
url: wp.ajax.settings.url,
type: 'POST',
dataType: 'json',
data: {
action: 'um_cache2010'
action: 'um_cache2010',
nonce: um_admin_scripts.nonce
},
success: function( response ) {
if ( typeof response.data != 'undefined' ) {
includes/admin/core/packages/2.0.24/functions.php
Vendored
+2
View File
@@ -1,5 +1,7 @@
<?php
function um_upgrade_tempfolder2024() {
UM()->admin()->check_ajax_nonce();
um_maybe_unset_time_limit();
UM()->files()->remove_dir( UM()->files()->upload_temp );
includes/admin/core/packages/2.0.24/init.php
Vendored
+3 -2
View File
@@ -6,11 +6,12 @@
um_add_upgrade_log( '<?php echo esc_js( __( 'Purge temp files dir...', 'ultimate-member' ) ) ?>' );
jQuery.ajax({
url: '<?php echo admin_url( 'admin-ajax.php' ) ?>',
url: wp.ajax.settings.url,
type: 'POST',
dataType: 'json',
data: {
action: 'um_tempfolder2024'
action: 'um_tempfolder2024',
nonce: um_admin_scripts.nonce
},
success: function( response ) {
if ( typeof response.data != 'undefined' ) {
includes/admin/templates/dashboard/language-contrib.php
-7
View File
@@ -1,7 +0,0 @@
<p>
<?php printf( __( 'Ultimate Member is not yet available in your language: <strong>%1$s</strong>.', 'ultimate-member' ), $locale ); ?>
</p>
<p>
<?php _e( 'If you want to contribute this translation to the plugin, please add it on our <a href="https://ultimatemember.com/forums/">community forum</a>.', 'ultimate-member' ); ?>
</p>
includes/admin/templates/dashboard/language-download.php
-9
View File
@@ -1,9 +0,0 @@
<p>
<?php printf( __( 'Ultimate Member is available in your language: <strong>%1$s (%2$s)</strong>.', 'ultimate-member' ), UM()->available_languages[ $locale ], $locale ); ?>
</p>
<p>
<a href="<?php echo add_query_arg( 'um_adm_action', 'um_language_downloader' ); ?>" class="button">
<?php _e( 'Download Translation', 'ultimate-member' ); ?>
</a>
</p>
includes/admin/templates/dashboard/language-update.php
-9
View File
@@ -1,9 +0,0 @@
<p>
<?php printf( __( 'You are currently using Ultimate Member in your language: <strong>%1$s (%2$s)</strong>.', 'ultimate-member' ), UM()->available_languages[ $locale ], $locale ); ?>
</p>
<p>
<a href="<?php echo add_query_arg( 'um_adm_action', 'um_language_downloader' ); ?>" class="button">
<?php _e( 'Force Update Translation', 'ultimate-member' ); ?>
</a>
</p>
includes/admin/templates/extensions.php
+3 -3
View File
@@ -162,11 +162,11 @@ $free['terms-conditions'] = array(
<div class="wp-filter um-admin-notice um-filter">
<div class="alignleft">
<strong>Core Extensions Bundle</strong> Check out our extensions bundle which includes all extensions at a significant discount.
<?php _e( '<strong>All Access Pass</strong> Get access to all Ultimate Member extensions at a significant discount with our All Access Pass.', 'ultimate-member' ) ?>
</div>
<div class="alignright">
<a href="https://ultimatemember.com/core-extensions-bundle/" class="button button-primary" target="_blank">
<?php _e( 'View our Extensions Bundle', 'ultimate-member' ) ?>
<a href="https://ultimatemember.com/pricing/" class="button button-primary" target="_blank">
<?php _e( 'View Pricing', 'ultimate-member' ) ?>
</a>
</div>
</div>
includes/admin/templates/modal/dynamic_edit_field.php
+1
View File
@@ -11,6 +11,7 @@
<div class="um-admin-modal-foot">
<input type="submit" value="<?php _e('Update','ultimate-member'); ?>" class="button-primary" />
<input type="hidden" name="action" value="um_update_field" />
<input type="hidden" name="nonce" value="<?php echo wp_create_nonce( 'um-admin-nonce' ) ?>" />
<a href="#" data-action="UM_remove_modal" class="button"><?php _e('Cancel','ultimate-member'); ?></a>
</div>
includes/admin/templates/modal/dynamic_edit_row.php
+1
View File
@@ -11,6 +11,7 @@
<div class="um-admin-modal-foot">
<input type="submit" value="<?php _e('Update','ultimate-member'); ?>" class="button-primary" />
<input type="hidden" name="action" value="um_update_field" />
<input type="hidden" name="nonce" value="<?php echo wp_create_nonce( 'um-admin-nonce' ) ?>" />
<a href="#" data-action="UM_remove_modal" class="button"><?php _e('Cancel','ultimate-member'); ?></a>
</div>
includes/admin/templates/modal/dynamic_new_divider.php
+1
View File
@@ -11,6 +11,7 @@
<div class="um-admin-modal-foot">
<input type="submit" value="<?php _e('Add','ultimate-member'); ?>" class="button-primary" />
<input type="hidden" name="action" value="um_update_field" />
<input type="hidden" name="nonce" value="<?php echo wp_create_nonce( 'um-admin-nonce' ) ?>" />
<a href="#" data-action="UM_remove_modal" class="button"><?php _e('Cancel','ultimate-member'); ?></a>
</div>
includes/admin/templates/modal/dynamic_new_field.php
+1
View File
@@ -11,6 +11,7 @@
<div class="um-admin-modal-foot">
<input type="submit" value="<?php _e('Add','ultimate-member'); ?>" class="button-primary" />
<input type="hidden" name="action" value="um_update_field" />
<input type="hidden" name="nonce" value="<?php echo wp_create_nonce( 'um-admin-nonce' ) ?>" />
<a href="#" data-modal="UM_fields" class="button"><?php _e('Cancel','ultimate-member'); ?></a>
</div>
includes/admin/templates/modal/dynamic_new_group.php
+1
View File
@@ -11,6 +11,7 @@
<div class="um-admin-modal-foot">
<input type="submit" value="<?php _e('Add','ultimate-member'); ?>" class="button-primary" />
<input type="hidden" name="action" value="um_update_field" />
<input type="hidden" name="nonce" value="<?php echo wp_create_nonce( 'um-admin-nonce' ) ?>" />
<a href="#" data-action="UM_remove_modal" class="button"><?php _e('Cancel','ultimate-member'); ?></a>
</div>
includes/class-functions.php
+15
View File
@@ -16,6 +16,21 @@ if ( ! class_exists( 'UM_Functions' ) ) {
}
/**
* Check frontend nonce
*
* @param bool $action
*/
function check_ajax_nonce( $action = false ) {
$nonce = isset( $_POST['nonce'] ) ? $_POST['nonce'] : '';
$action = empty( $action ) ? 'um-frontend-nonce' : $action;
if ( ! wp_verify_nonce( $nonce, $action ) ) {
wp_send_json_error( esc_js( __( 'Wrong Nonce', 'ultimate-member' ) ) );
}
}
/**
* What type of request is this?
*
includes/class-init.php
-33
View File
@@ -65,14 +65,6 @@ if ( ! class_exists( 'UM' ) ) {
public $is_permalinks;
/**
* UM Available Languages
*
* @var array
*/
var $available_languages;
/**
* Main UM Instance
*
@@ -198,31 +190,6 @@ if ( ! class_exists( 'UM' ) ) {
$this->is_filtering = 0;
$this->honeypot = 'request';
$this->available_languages = array(
'en_US' => 'English (US)',
'es_ES' => 'Español',
'es_MX' => 'Español (México)',
'fr_FR' => 'Français',
'it_IT' => 'Italiano',
'de_DE' => 'Deutsch',
'nl_NL' => 'Nederlands',
'pt_BR' => 'Português do Brasil',
'fi_FI' => 'Suomi',
'ro_RO' => 'Română',
'da_DK' => 'Dansk',
'sv_SE' => 'Svenska',
'pl_PL' => 'Polski',
'cs_CZ' => 'Czech',
'el' => 'Greek',
'id_ID' => 'Indonesian',
'zh_CN' => '简体中文',
'ru_RU' => 'Русский',
'tr_TR' => 'Türkçe',
'fa_IR' => 'Farsi',
'he_IL' => 'Hebrew',
'ar' => 'العربية',
);
// textdomain loading
$this->localize();
includes/core/class-enqueue.php
+17 -10
View File
@@ -88,17 +88,15 @@ if ( ! class_exists( 'um\core\Enqueue' ) ) {
wp_register_script( 'um_fileupload', $this->js_baseurl . 'um-fileupload' . $this->suffix . '.js', array( 'jquery', 'um_jquery_form' ), ultimatemember_version, true );
$datetime_deps = array( 'jquery' );
// load a localized version for date/time
$locale = get_locale();
if ( $locale && file_exists( um_path . 'assets/js/pickadate/translations/' . $locale . '.js' ) ) {
wp_register_script('um_datetime_locale', um_url . 'assets/js/pickadate/translations/' . $locale . '.js', array( 'jquery' ), ultimatemember_version, true );
$datetime_deps[] = 'um_datetime_locale';
}
wp_register_script( 'um_datetime', $this->js_baseurl . 'pickadate/picker.js', $datetime_deps, ultimatemember_version, true );
wp_register_script( 'um_datetime', $this->js_baseurl . 'pickadate/picker.js', array( 'jquery' ), ultimatemember_version, true );
wp_register_script( 'um_datetime_date', $this->js_baseurl . 'pickadate/picker.date.js', array( 'jquery', 'um_datetime' ), ultimatemember_version, true );
wp_register_script( 'um_datetime_time', $this->js_baseurl . 'pickadate/picker.time.js', array( 'jquery', 'um_datetime' ), ultimatemember_version, true );
wp_register_script( 'um_datetime_legacy', $this->js_baseurl . 'pickadate/legacy.js', array( 'jquery', 'um_datetime' ), ultimatemember_version, true );
// load a localized version for date/time
$locale = get_locale();
if ( $locale && file_exists( um_path . 'assets/js/pickadate/translations/' . $locale . '.js' ) ) {
wp_register_script('um_datetime_locale', um_url . 'assets/js/pickadate/translations/' . $locale . '.js', array( 'jquery', 'um_datetime' ), ultimatemember_version, true );
}
wp_register_script( 'um_tipsy', $this->js_baseurl . 'um-tipsy' . $this->suffix . '.js', array( 'jquery' ), ultimatemember_version, true );
wp_register_script( 'um_raty', $this->js_baseurl . 'um-raty' . $this->suffix . '.js', array( 'jquery' ), ultimatemember_version, true );
@@ -110,7 +108,7 @@ if ( ! class_exists( 'um\core\Enqueue' ) ) {
wp_register_script('um_functions', $this->js_baseurl . 'um-functions' . $this->suffix . '.js', array( 'jquery', 'jquery-masonry', 'wp-util', 'um_scrollbar' ), ultimatemember_version, true );
wp_register_script( 'um-gdpr', $this->js_baseurl . 'um-gdpr' . $this->suffix . '.js', array( 'jquery' ), ultimatemember_version, false );
wp_register_script('um_conditional', $this->js_baseurl . 'um-conditional' . $this->suffix . '.js', array( 'jquery' ), ultimatemember_version, true );
wp_register_script('um_scripts', $this->js_baseurl . 'um-scripts' . $this->suffix . '.js', array( 'jquery', 'wp-util', 'um_conditional' ), ultimatemember_version, true );
wp_register_script('um_scripts', $this->js_baseurl . 'um-scripts' . $this->suffix . '.js', array( 'jquery', 'wp-util', 'um_conditional', 'um_datetime', 'um_datetime_date', 'um_datetime_time', 'um_datetime_legacy' ), ultimatemember_version, true );
/**
* UM hook
*
@@ -131,7 +129,9 @@ if ( ! class_exists( 'um\core\Enqueue' ) ) {
* }
* ?>
*/
$localize_data = apply_filters( 'um_enqueue_localize_data', array() );
$localize_data = apply_filters( 'um_enqueue_localize_data', array(
'nonce' => wp_create_nonce( "um-frontend-nonce" ),
) );
wp_localize_script( 'um_scripts', 'um_scripts', $localize_data );
wp_register_script('um_members', $this->js_baseurl . 'um-members' . $this->suffix . '.js', array( 'jquery' ), ultimatemember_version, true );
@@ -327,6 +327,13 @@ if ( ! class_exists( 'um\core\Enqueue' ) ) {
wp_enqueue_script('um_datetime_date');
wp_enqueue_script('um_datetime_time');
wp_enqueue_script('um_datetime_legacy');
// load a localized version for date/time
$locale = get_locale();
if ( $locale && file_exists( um_path . 'assets/js/pickadate/translations/' . $locale . '.js' ) ) {
wp_enqueue_script('um_datetime_locale' );
}
wp_enqueue_style('um_datetime');
wp_enqueue_style('um_datetime_date');
wp_enqueue_style('um_datetime_time');
includes/core/class-fields.php
+7 -3
View File
@@ -4096,21 +4096,25 @@ if ( ! class_exists( 'um\core\Fields' ) ) {
*
*/
function do_ajax_action() {
if (!is_user_logged_in() || !current_user_can( 'manage_options' )) die( __( 'Please login as administrator', 'ultimate-member' ) );
UM()->admin()->check_ajax_nonce();
if ( ! is_user_logged_in() || ! current_user_can( 'manage_options' ) ) {
wp_send_json_error( __( 'Please login as administrator', 'ultimate-member' ) );
}
extract( $_POST );
$output = null;
$position = array();
if (!empty( $in_column )) {
if ( ! empty( $in_column ) ) {
$position['in_row'] = '_um_row_' . ( (int)$in_row + 1 );
$position['in_sub_row'] = $in_sub_row;
$position['in_column'] = $in_column;
$position['in_group'] = $in_group;
}
switch ($act_id) {
switch ( $act_id ) {
case 'um_admin_duplicate_field':
$this->duplicate_field( $arg1, $arg2 );
includes/core/class-files.php
+4 -4
View File
@@ -81,11 +81,11 @@ if ( ! class_exists( 'um\core\Files' ) ) {
$field_key = urlencode( $field_key );
if ( UM()->is_permalinks ) {
$url = get_site_url( get_current_blog_id() );
$url = get_home_url( get_current_blog_id() );
$nonce = wp_create_nonce( $user_id . $form_id . 'um-download-nonce' );
$url = $url . "/um-download/{$form_id}/{$field_key}/{$user_id}/{$nonce}";
} else {
$url = get_site_url( get_current_blog_id() );
$url = get_home_url( get_current_blog_id() );
$nonce = wp_create_nonce( $user_id . $form_id . 'um-download-nonce' );
$url = add_query_arg( array( 'um_action' => 'download', 'um_form' => $form_id, 'um_field' => $field_key, 'um_user' => $user_id, 'um_verify' => $nonce ), $url );
}
@@ -241,7 +241,7 @@ if ( ! class_exists( 'um\core\Files' ) ) {
* Remove file by AJAX
*/
function ajax_remove_file() {
UM()->check_frontend_ajax_nonce();
UM()->check_ajax_nonce();
/**
* @var $src
@@ -257,7 +257,7 @@ if ( ! class_exists( 'um\core\Files' ) ) {
* Resize image AJAX handler
*/
function ajax_resize_image() {
UM()->check_frontend_ajax_nonce();
UM()->check_ajax_nonce();
/**
* @var $key
includes/core/class-form.php
+3 -1
View File
@@ -50,6 +50,8 @@ if ( ! class_exists( 'um\core\Form' ) ) {
*
*/
function ajax_muted_action() {
UM()->check_ajax_nonce();
extract( $_REQUEST );
if ( ! UM()->roles()->um_current_user_can( 'edit', $user_id ) )
@@ -86,7 +88,7 @@ if ( ! class_exists( 'um\core\Form' ) ) {
*
*/
function ajax_select_options() {
UM()->check_ajax_nonce();
$arr_options = array();
$arr_options['status'] = 'success';
includes/core/class-profile.php
+5 -1
View File
@@ -45,6 +45,8 @@ if ( ! class_exists( 'um\core\Profile' ) ) {
* Delete profile avatar AJAX handler
*/
function ajax_delete_profile_photo() {
UM()->check_ajax_nonce();
/**
* @var $user_id
*/
@@ -61,6 +63,8 @@ if ( ! class_exists( 'um\core\Profile' ) ) {
* Delete cover photo AJAX handler
*/
function ajax_delete_cover_photo() {
UM()->check_ajax_nonce();
/**
* @var $user_id
*/
@@ -218,7 +222,7 @@ if ( ! class_exists( 'um\core\Profile' ) ) {
*/
function can_view_tab( $tab ) {
$target_id = UM()->user()->target_id;
$target_id = (int) UM()->user()->target_id;
if ( empty( $target_id ) ) {
return true;
}
includes/core/class-query.php
+2
View File
@@ -39,6 +39,8 @@ if ( ! class_exists( 'um\core\Query' ) ) {
* Ajax pagination for posts
*/
function ajax_paginate() {
UM()->check_ajax_nonce();
/**
* @var $hook
* @var $args
includes/core/class-user-posts.php
+2
View File
@@ -82,6 +82,8 @@ if ( ! class_exists( 'um\core\User_posts' ) ) {
*
*/
function load_posts() {
UM()->check_ajax_nonce();
$author = ! empty( $_POST['author'] ) ? $_POST['author'] : get_current_user_id();
$page = ! empty( $_POST['page'] ) ? $_POST['page'] : 0;
includes/core/class-user.php
+7 -2
View File
@@ -87,8 +87,11 @@ if ( ! class_exists( 'um\core\User' ) ) {
add_action( 'init', array( &$this, 'check_membership' ), 10 );
add_action( 'delete_user', array( &$this, 'delete_user_handler' ), 10, 1 );
add_action( 'wpmu_delete_user', array( &$this, 'delete_user_handler' ), 10, 1 );
if ( is_multisite() ) {
add_action( 'delete_user', array( &$this, 'delete_user_handler' ), 10, 1 );
} else {
add_action( 'wpmu_delete_user', array( &$this, 'delete_user_handler' ), 10, 1 );
}
}
@@ -96,6 +99,8 @@ if ( ! class_exists( 'um\core\User' ) ) {
* @param $user_id
*/
function delete_user_handler( $user_id ) {
error_log( '----------------' );
error_log( $user_id );
um_fetch_user( $user_id );
includes/core/um-actions-ajax.php
+2
View File
@@ -8,6 +8,8 @@ if ( ! defined( 'ABSPATH' ) ) exit;
* @return boolean
*/
function ultimatemember_check_username_exists() {
UM()->check_ajax_nonce();
$username = isset($_REQUEST['username']) ? $_REQUEST['username'] : '';
$exists = username_exists( $username );
includes/core/um-actions-misc.php
+7 -11
View File
@@ -12,33 +12,30 @@ function um_browser_url_redirect_to( $args ) {
$url = '';
if ( ! empty( $_REQUEST['redirect_to'] ) ) {
$url = $_REQUEST['redirect_to'];
echo '<input type="hidden" name="redirect_to" id="redirect_to" value="'.esc_url( $url ).'" />';
} elseif ( ! empty( $args['after_login'] ) ) {
switch ( $args['after_login'] ) {
case 'redirect_admin':
$url = admin_url();
break;
case 'redirect_profile':
$url = um_user_profile_url();
break;
case 'redirect_url':
$url = $args['redirect_url'];
break;
case 'refresh':
$url = UM()->permalinks()->get_current_url();
break;
}
}
/**
@@ -66,7 +63,6 @@ function um_browser_url_redirect_to( $args ) {
if ( ! empty( $url ) ) {
echo '<input type="hidden" name="redirect_to" id="redirect_to" value="' . esc_url( $url ) . '" />';
}
}
add_action( 'um_after_form_fields', 'um_browser_url_redirect_to' );
includes/core/um-actions-profile.php
+1 -3
View File
@@ -888,9 +888,7 @@ function um_profile_header( $args ) {
data-character-limit="<?php echo UM()->options()->get( 'profile_bio_maxchars' ); ?>"
placeholder="<?php _e( 'Tell us a bit about yourself...', 'ultimate-member' ); ?>"
name="<?php echo 'description-' . $args['form_id']; ?>"
id="<?php echo 'description-' . $args['form_id']; ?>"><?php if (um_user( 'description' )) {
echo um_user( 'description' );
} ?></textarea>
id="<?php echo 'description-' . $args['form_id']; ?>"><?php echo UM()->fields()->field_value( 'description' ) ?></textarea>
<span class="um-meta-bio-character um-right"><span
class="um-bio-limit"><?php echo UM()->options()->get( 'profile_bio_maxchars' ); ?></span></span>
<?php
includes/um-short-functions.php
+14 -17
View File
@@ -585,27 +585,25 @@ function um_redirect_home() {
* @param $url
*/
function um_js_redirect( $url ) {
if (headers_sent() || empty( $url )) {
if ( headers_sent() || empty( $url ) ) {
//for blank redirects
if ('' == $url) {
if ( '' == $url ) {
$url = set_url_scheme( '//' . $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"] );
}
$funtext = "echo \"<script data-cfasync='false' type='text/javascript'>window.location = '" . $url . "'</script>\";";
register_shutdown_function( create_function( '', $funtext ) );
register_shutdown_function( function( $url ) {
echo '<script data-cfasync="false" type="text/javascript">window.location = "' . $url . '"</script>';
}, $url );
if (1 < ob_get_level()) {
while (ob_get_level() > 1) {
if ( 1 < ob_get_level() ) {
while ( ob_get_level() > 1 ) {
ob_end_clean();
}
}
?>
<script data-cfasync='false' type="text/javascript">
window.location = '<?php echo $url; ?>';
</script>
<?php
exit;
} ?>
<script data-cfasync='false' type="text/javascript">
window.location = '<?php echo $url; ?>';
</script>
<?php exit;
} else {
wp_redirect( $url );
}
@@ -1603,6 +1601,7 @@ function um_multi_admin_email() {
$emails_array = array_map( 'trim', $emails_array );
}
$emails_array = array_unique( $emails_array );
return $emails_array;
}
@@ -2655,7 +2654,5 @@ function is_ultimatemember() {
* Maybe set empty time limit
*/
function um_maybe_unset_time_limit() {
if ( ! ini_get( 'safe_mode' ) ) {
@set_time_limit(0);
}
@set_time_limit( 0 );
}