mirror of
https://github.com/10h30/ultimatemember.git
synced 2026-06-05 15:09:37 +09:00
* reviewed #1582;
This commit is contained in:
Mykyta Synelnikov
@@ -687,7 +687,6 @@ if ( ! class_exists( 'um\core\Roles_Capabilities' ) ) {
|
||||
return $roles;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Current user can
|
||||
*
|
||||
@@ -696,11 +695,13 @@ if ( ! class_exists( 'um\core\Roles_Capabilities' ) ) {
|
||||
*
|
||||
* @return bool|int
|
||||
*/
|
||||
function um_current_user_can( $cap, $user_id ) {
|
||||
public function um_current_user_can( $cap, $user_id ) {
|
||||
if ( ! is_user_logged_in() ) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$user_id = absint( $user_id ); // typecast
|
||||
|
||||
$return = 1;
|
||||
|
||||
if ( get_current_user_id() !== um_user( 'ID' ) ) {
|
||||
@@ -712,37 +713,23 @@ if ( ! class_exists( 'um\core\Roles_Capabilities' ) ) {
|
||||
|
||||
switch( $cap ) {
|
||||
case 'edit':
|
||||
|
||||
if ( get_current_user_id() == $user_id ) {
|
||||
if ( um_user( 'can_edit_profile' ) ) {
|
||||
$return = 1;
|
||||
} else {
|
||||
$return = 0;
|
||||
}
|
||||
} else {
|
||||
|
||||
if ( ! um_user( 'can_access_private_profile' ) && UM()->user()->is_private_profile( $user_id ) ) {
|
||||
$return = 0;
|
||||
} else {
|
||||
if ( ! um_user( 'can_edit_everyone' ) ) {
|
||||
$return = 0;
|
||||
} else {
|
||||
if ( um_user( 'can_edit_roles' ) && ( empty( $current_user_roles ) || count( array_intersect( $current_user_roles, um_user( 'can_edit_roles' ) ) ) <= 0 ) ) {
|
||||
$return = 0;
|
||||
} else {
|
||||
$return = 1;
|
||||
}
|
||||
}
|
||||
}
|
||||
if ( get_current_user_id() === $user_id && ! um_user( 'can_edit_profile' ) ) {
|
||||
$return = 0;
|
||||
} elseif ( ! um_user( 'can_access_private_profile' ) && UM()->user()->is_private_profile( $user_id ) ) {
|
||||
$return = 0;
|
||||
} elseif ( ! um_user( 'can_edit_everyone' ) ) {
|
||||
$return = 0;
|
||||
} elseif ( um_user( 'can_edit_roles' ) && ( empty( $current_user_roles ) || count( array_intersect( $current_user_roles, um_user( 'can_edit_roles' ) ) ) <= 0 ) ) {
|
||||
$return = 0;
|
||||
}
|
||||
|
||||
break;
|
||||
|
||||
case 'delete':
|
||||
if ( ! um_user( 'can_delete_everyone' ) )
|
||||
if ( ! um_user( 'can_delete_everyone' ) ) {
|
||||
$return = 0;
|
||||
elseif ( um_user( 'can_delete_roles' ) && ( empty( $current_user_roles ) || count( array_intersect( $current_user_roles, um_user( 'can_delete_roles' ) ) ) <= 0 ) )
|
||||
} elseif ( um_user( 'can_delete_roles' ) && ( empty( $current_user_roles ) || count( array_intersect( $current_user_roles, um_user( 'can_delete_roles' ) ) ) <= 0 ) ) {
|
||||
$return = 0;
|
||||
}
|
||||
break;
|
||||
|
||||
}
|
||||
|
||||
@@ -14,27 +14,28 @@ function um_avatar_defaults( $avatar_defaults ) {
|
||||
}
|
||||
add_filter( 'avatar_defaults', 'um_avatar_defaults', 99999 );
|
||||
|
||||
|
||||
/**
|
||||
* Get user UM avatars
|
||||
* Get user UM avatars.
|
||||
* @param string $avatar
|
||||
* @param string $id_or_email
|
||||
* @param string $size
|
||||
* @param string $avatar_class
|
||||
* @param string $default
|
||||
* @param string $alt
|
||||
* @hooks filter `get_avatar`
|
||||
* @return string returns avatar in image html elements
|
||||
*/
|
||||
function um_get_avatar( $avatar = '', $id_or_email='', $size = '96', $avatar_class = '', $default = '', $alt = '' ) {
|
||||
if ( is_numeric($id_or_email) )
|
||||
if ( is_numeric( $id_or_email ) ) {
|
||||
$user_id = (int) $id_or_email;
|
||||
elseif ( is_string( $id_or_email ) && ( $user = get_user_by( 'email', $id_or_email ) ) )
|
||||
} elseif ( is_string( $id_or_email ) && ( $user = get_user_by( 'email', $id_or_email ) ) ) {
|
||||
$user_id = $user->ID;
|
||||
elseif ( is_object( $id_or_email ) && ! empty( $id_or_email->user_id ) )
|
||||
} elseif ( is_object( $id_or_email ) && ! empty( $id_or_email->user_id ) ) {
|
||||
$user_id = (int) $id_or_email->user_id;
|
||||
if ( empty( $user_id ) )
|
||||
}
|
||||
|
||||
if ( empty( $user_id ) ) {
|
||||
return $avatar;
|
||||
}
|
||||
|
||||
if ( $user_id !== um_user( 'ID' ) ) {
|
||||
$temp_id = um_user( 'ID' );
|
||||
@@ -51,7 +52,6 @@ function um_get_avatar( $avatar = '', $id_or_email='', $size = '96', $avatar_cla
|
||||
}
|
||||
add_filter( 'get_avatar', 'um_get_avatar', 99999, 5 );
|
||||
|
||||
|
||||
if ( ! function_exists( 'um_filter_get_avatar_url' ) ) {
|
||||
|
||||
/**
|
||||
@@ -76,4 +76,4 @@ if ( ! function_exists( 'um_filter_get_avatar_url' ) ) {
|
||||
|
||||
// hooked in the get_avatar_data function
|
||||
add_filter( 'get_avatar_url', 'um_filter_get_avatar_url', 20, 3 );
|
||||
}
|
||||
}
|
||||
|
||||
@@ -2170,6 +2170,7 @@ function um_get_user_avatar_data( $user_id = '', $size = '96' ) {
|
||||
if ( empty( $user_id ) ) {
|
||||
$user_id = um_user( 'ID' );
|
||||
}
|
||||
|
||||
if ( $user_id !== um_user( 'ID' ) ) {
|
||||
$temp_id = um_user( 'ID' );
|
||||
um_fetch_user( $user_id );
|
||||
@@ -2200,12 +2201,12 @@ function um_get_user_avatar_data( $user_id = '', $size = '96' ) {
|
||||
}
|
||||
|
||||
$gravatar_type = UM()->options()->get( 'use_um_gravatar_default_builtin_image' );
|
||||
if ( $gravatar_type == 'default' ) {
|
||||
if ( 'default' === $gravatar_type ) {
|
||||
if ( UM()->options()->get( 'use_um_gravatar_default_image' ) ) {
|
||||
$data['url'] = add_query_arg( 'd', $data['default'], $data['url'] );
|
||||
} else {
|
||||
$default = get_option( 'avatar_default', 'mystery' );
|
||||
if ( $default == 'gravatar_default' ) {
|
||||
if ( 'gravatar_default' === $default ) {
|
||||
$default = '';
|
||||
}
|
||||
$data['url'] = add_query_arg( 'd', $default, $data['url'] );
|
||||
@@ -2214,58 +2215,55 @@ function um_get_user_avatar_data( $user_id = '', $size = '96' ) {
|
||||
$data['url'] = add_query_arg( 'd', $gravatar_type, $data['url'] );
|
||||
}
|
||||
|
||||
$data['type'] = 'gravatar';
|
||||
$data['type'] = 'gravatar';
|
||||
$data['class'] .= ' um-avatar-gravatar';
|
||||
} else {
|
||||
$data['url'] = $data['default'];
|
||||
$data['type'] = 'default';
|
||||
$data['url'] = $data['default'];
|
||||
$data['type'] = 'default';
|
||||
$data['class'] .= ' um-avatar-default';
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* UM hook
|
||||
* Filters the user avatar URL.
|
||||
*
|
||||
* @type filter
|
||||
* @title um_user_avatar_url_filter
|
||||
* @description Change user avatar URL
|
||||
* @input_vars
|
||||
* [{"var":"$avatar_uri","type":"string","desc":"Avatar URL"},
|
||||
* {"var":"$user_id","type":"int","desc":"User ID"}]
|
||||
* @change_log
|
||||
* ["Since: 2.0"]
|
||||
* @usage add_filter( 'um_user_avatar_url_filter', 'function_name', 10, 2 );
|
||||
* @example
|
||||
* <?php
|
||||
* add_filter( 'um_user_avatar_url_filter', 'my_user_avatar_url', 10, 2 );
|
||||
* function my_user_avatar_url( $avatar_uri ) {
|
||||
* @since 1.3.x
|
||||
* @hook um_user_avatar_url_filter
|
||||
*
|
||||
* @param {string} $url Avatar URL.
|
||||
* @param {int} $user_id User ID.
|
||||
* @param {array} $data Avatar data.
|
||||
*
|
||||
* @return {string} Avatar URL.
|
||||
*
|
||||
* @example <caption>Change the user avatar URL.</caption>
|
||||
* function my_um_user_avatar_url_filter( $url, $user_id, $data ) {
|
||||
* // your code here
|
||||
* return $avatar_uri;
|
||||
* $url = 'some_url';
|
||||
* return $url;
|
||||
* }
|
||||
* ?>
|
||||
* add_filter( 'um_user_avatar_url_filter', 'my_um_user_avatar_url_filter', 10, 3 );
|
||||
*/
|
||||
$data['url'] = apply_filters( 'um_user_avatar_url_filter', $data['url'], $user_id, $data );
|
||||
/**
|
||||
* UM hook
|
||||
* Filters the user avatar image `alt` argument.
|
||||
*
|
||||
* @type filter
|
||||
* @title um_avatar_image_alternate_text
|
||||
* @description Change user display name on um_user function profile photo
|
||||
* @input_vars
|
||||
* [{"var":"$display_name","type":"string","desc":"User Display Name"}]
|
||||
* @change_log
|
||||
* ["Since: 2.0"]
|
||||
* @usage add_filter( 'um_avatar_image_alternate_text', 'function_name', 10, 1 );
|
||||
* @example
|
||||
* <?php
|
||||
* add_filter( 'um_avatar_image_alternate_text', 'my_avatar_image_alternate_text', 10, 1 );
|
||||
* function my_avatar_image_alternate_text( $display_name ) {
|
||||
* @since 1.3.x
|
||||
* @hook um_avatar_image_alternate_text
|
||||
*
|
||||
* @param {string} $alt Avatar `alt` text.
|
||||
* @param {array} $data Avatar data.
|
||||
*
|
||||
* @return {string} Avatar URL.
|
||||
*
|
||||
* @example <caption>Change the user avatar URL.</caption>
|
||||
* function my_um_avatar_image_alternate_text( $alt, $data ) {
|
||||
* // your code here
|
||||
* return $display_name;
|
||||
* $alt = 'some_alt';
|
||||
* return $alt;
|
||||
* }
|
||||
* ?>
|
||||
* add_filter( 'um_avatar_image_alternate_text', 'my_um_avatar_image_alternate_text', 10, 2 );
|
||||
*/
|
||||
$data['alt'] = apply_filters( "um_avatar_image_alternate_text", um_user( "display_name" ), $data );
|
||||
$data['alt'] = apply_filters( 'um_avatar_image_alternate_text', um_user( 'display_name' ), $data );
|
||||
|
||||
if ( ! empty( $temp_id ) ) {
|
||||
um_fetch_user( $temp_id );
|
||||
@@ -2274,7 +2272,6 @@ function um_get_user_avatar_data( $user_id = '', $size = '96' ) {
|
||||
return $data;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* get user avatar url
|
||||
*
|
||||
@@ -2288,7 +2285,6 @@ function um_get_user_avatar_url( $user_id = '', $size = '96' ) {
|
||||
return $data['url'];
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* default cover
|
||||
*
|
||||
|
||||
+3
-1
@@ -166,10 +166,12 @@ No specific extensions are needed. But we highly recommended keep active these P
|
||||
|
||||
IMPORTANT: PLEASE UPDATE THE PLUGIN TO AT LEAST VERSION 2.6.7 IMMEDIATELY. VERSION 2.6.7 PATCHES SECURITY PRIVILEGE ESCALATION VULNERABILITY. PLEASE SEE [THIS ARTICLE](https://docs.ultimatemember.com/article/1866-security-incident-update-and-recommended-actions) FOR MORE INFORMATION
|
||||
|
||||
= 2.9.1 xx-xx-xx =
|
||||
= 2.9.1 2024-11-14 =
|
||||
|
||||
**Bugfixes**
|
||||
|
||||
* Fixed: "Load textdomain just in time" issue
|
||||
* Fixed: Capabilities checking in the wp-admin > Users list table
|
||||
* Fixed: Issues when the form's custom fields meta has a wrong format
|
||||
* Fixed: Validation of the "Registration Default Role" slug
|
||||
* Fixed: Allowed query variables via registered REST API class only when REST_REQUEST is defined
|
||||
|
||||
Reference in New Issue
Block a user