10h30/ultimatemember
1
0
Fork 0
mirror of https://github.com/10h30/ultimatemember.git synced 2026-06-05 15:09:37 +09:00
Code Issues Packages Projects Releases Wiki Activity

- XSS validation;

Browse Source 
- fixed saving radio button field;
This commit is contained in:
nikitasinelnikov
2019-05-08 18:50:25 +03:00
parent 337bbbbbdb
commit aaab2668d6
4 changed files with 31 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files
includes/core/class-validation.php
+2 -2
View File
@@ -73,7 +73,7 @@ if ( ! class_exists( 'um\core\Validation' ) ) {
}
//validation of correct values from options in wp-admin
if ( in_array( $fields[ $key ]['type'], array( 'select', 'radio' ) ) &&
if ( in_array( $fields[ $key ]['type'], array( 'select' ) ) &&
isset( $value ) && ! empty( $fields[ $key ]['options'] ) &&
! in_array( $value, $fields[ $key ]['options'] ) ) {
unset( $changes[ $key ] );
@@ -81,7 +81,7 @@ if ( ! class_exists( 'um\core\Validation' ) ) {
//validation of correct values from options in wp-admin
//the user cannot set invalid value in the hidden input at the page
if ( in_array( $fields[ $key ]['type'], array( 'multiselect', 'checkbox' ) ) &&
if ( in_array( $fields[ $key ]['type'], array( 'multiselect', 'checkbox', 'radio' ) ) &&
isset( $value ) && ! empty( $fields[ $key ]['options'] ) ) {
$changes[ $key ] = array_intersect( $value, $fields[ $key ]['options'] );
includes/core/um-actions-profile.php
+2 -2
View File
@@ -247,7 +247,7 @@ function um_user_edit_profile( $args ) {
}
//validation of correct values from options in wp-admin
if ( in_array( $array['type'], array( 'select', 'radio' ) ) &&
if ( in_array( $array['type'], array( 'select' ) ) &&
isset( $args['submitted'][ $key ] ) && ! empty( $array['options'] ) &&
! in_array( $args['submitted'][ $key ], $array['options'] ) ) {
continue;
@@ -255,7 +255,7 @@ function um_user_edit_profile( $args ) {
//validation of correct values from options in wp-admin
//the user cannot set invalid value in the hidden input at the page
if ( in_array( $array['type'], array( 'multiselect', 'checkbox' ) ) &&
if ( in_array( $array['type'], array( 'multiselect', 'checkbox', 'radio' ) ) &&
isset( $args['submitted'][ $key ] ) && ! empty( $array['options'] ) ) {
$args['submitted'][ $key ] = array_intersect( $args['submitted'][ $key ], $array['options'] );
includes/core/um-filters-fields.php
+26 -2
View File
@@ -658,14 +658,38 @@ function um_profile_field_filter_xss_validation( $value, $data, $type = '' ) {
$value = stripslashes( $value );
$data['validate'] = isset( $data['validate'] ) ? $data['validate'] : '';
if( 'text' == $type && ! in_array( $data['validate'], array( 'unique_email' ) ) || 'password' == $type ) {
if ( 'text' == $type && ! in_array( $data['validate'], array( 'unique_email' ) ) || 'password' == $type ) {
$value = esc_attr( $value );
} elseif( $type == 'url' ) {
} elseif ( $type == 'url' ) {
$value = esc_url( $value );
} elseif ( 'textarea' == $type ) {
if ( empty( $data['html'] ) ) {
$value = wp_kses_post( $value );
}
} elseif ( 'rating' == $type ) {
if ( ! is_numeric( $value ) ) {
$value = 0;
} else {
if ( $data['number'] == 5 ) {
if ( ! in_array( $value, range( 1, 5 ) ) ) {
$value = 0;
}
} elseif ( $data['number'] == 10 ) {
if ( ! in_array( $value, range( 1, 10 ) ) ) {
$value = 0;
}
}
}
} elseif ( 'select' == $type || 'radio' == $type ) {
if ( ! empty( $data['options'] ) && ! in_array( $value, $data['options'] ) ) {
$value = '';
}
}
} elseif ( ! empty( $value ) ) {
if ( 'multiselect' == $type || 'checkbox' == $type ) {
if ( ! empty( $data['options'] ) && is_array( $value ) ) {
$value = array_intersect( $value, $data['options'] );
}
}
}