10h30/ultimatemember
1
0
Fork 0
mirror of https://github.com/10h30/ultimatemember.git synced 2026-06-05 15:09:37 +09:00
Code Issues Packages Projects Releases Wiki Activity

- added argument $original_post for restriction content hooks;

Browse Source 
- fixed sanitizing issues with directly using values from inputs as HTML in JS;
This commit is contained in:
Nikita Sinelnikov
2021-07-23 15:31:30 +03:00
parent 01c20b8157
commit b70cb55051
5 changed files with 34 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files
assets/js/um-members.js
+10 -8
View File
@@ -584,7 +584,7 @@ function um_run_search( directory ) {
var pre_search = um_get_data_for_directory( directory, 'search' );
var search = directory.find('.um-search-line').val();
var search = um_sanitize_value( directory.find('.um-search-line').val() );
if ( search === pre_search || ( search === '' && typeof pre_search == 'undefined' ) ) {
um_members_hide_preloader( directory );
return;
@@ -956,7 +956,9 @@ jQuery(document.body).ready( function() {
//filtration process
jQuery( document.body ).on( 'change', '.um-directory .um-search-filter select', function() {
if ( jQuery(this).val() === '' ) {
var selected_val = um_sanitize_value( jQuery(this).val() );
if ( selected_val === '' ) {
return;
}
@@ -977,8 +979,8 @@ jQuery(document.body).ready( function() {
current_value = current_value.split( '||' );
}
if ( -1 === jQuery.inArray( jQuery(this).val(), current_value ) ) {
current_value.push( jQuery(this).val() );
if ( -1 === jQuery.inArray( selected_val, current_value ) ) {
current_value.push( selected_val );
current_value = current_value.join( '||' );
um_set_url_from_data( directory, 'filter_' + filter_name, current_value );
@@ -989,7 +991,7 @@ jQuery(document.body).ready( function() {
}
//disable options and disable select if all options are disabled
jQuery(this).find('option[value="' + jQuery(this).val() + '"]').prop('disabled', true).hide();
jQuery(this).find('option[value="' + selected_val + '"]').prop('disabled', true).hide();
if ( jQuery(this).find('option:not(:disabled)').length === 1 ) {
jQuery(this).prop('disabled', true);
}
@@ -1020,7 +1022,7 @@ jQuery(document.body).ready( function() {
return;
}
var current_value = jQuery(this).val();
var current_value = um_sanitize_value( jQuery(this).val() );
var filter_name = jQuery(this).prop('name');
var url_value = um_get_data_for_directory( directory, 'filter_' + filter_name );
@@ -1058,7 +1060,7 @@ jQuery(document.body).ready( function() {
return;
}
var current_value = jQuery(this).val();
var current_value = um_sanitize_value( jQuery(this).val() );
var filter_name = jQuery(this).prop('name');
var url_value = um_get_data_for_directory( directory, 'filter_' + filter_name );
@@ -1774,4 +1776,4 @@ jQuery(document.body).ready( function() {
});
});
});
});
assets/js/um-members.min.js
Vendored
+1 -1
View File
File diff suppressed because one or more lines are too long
assets/js/um-scripts.js
+14 -2
View File
@@ -1,3 +1,15 @@
function um_sanitize_value( value, el ) {
var element = document.createElement( 'div' );
element.innerText = value;
var sanitized_value = element.innerHTML;
if ( el ) {
jQuery( el ).val( sanitized_value );
}
return sanitized_value;
}
function um_init_datetimepicker() {
jQuery('.um-datepicker:not(.picker__input)').each(function(){
var elem = jQuery(this);
@@ -249,7 +261,7 @@ jQuery(document).ready(function() {
parent.find('.um-single-image-preview img').attr( 'src', '' );
parent.find('.um-single-image-preview').hide();
parent.find('.um-btn-auto-width').html( parent.data('upload-label') );
parent.find('input[type=hidden]').val( 'empty_file' );
parent.find('input[type="hidden"]').val( 'empty_file' );
}
};
@@ -684,4 +696,4 @@ jQuery(document).ready(function() {
}
}
});
});
assets/js/um-scripts.min.js
Vendored
+1 -1
View File
File diff suppressed because one or more lines are too long
includes/core/class-access.php
+8 -6
View File
@@ -715,6 +715,8 @@ if ( ! class_exists( 'um\core\Access' ) ) {
//other filter
foreach ( $posts as $post ) {
$original_post = $post;
//Woocommerce AJAX fixes....remove filtration on wc-ajax which goes to Front Page
if ( ! empty( $_GET['wc-ajax'] ) && defined( 'WC_DOING_AJAX' ) && WC_DOING_AJAX ) {
$filtered_posts[] = $post;
@@ -761,7 +763,7 @@ if ( ! class_exists( 'um\core\Access' ) ) {
$post->post_excerpt = '';
}
$post = apply_filters( 'um_restricted_archive_post', $post, $restriction );
$post = apply_filters( 'um_restricted_archive_post', $post, $restriction, $original_post );
$filtered_posts[] = $post;
continue;
@@ -780,7 +782,7 @@ if ( ! class_exists( 'um\core\Access' ) ) {
$post->post_title = stripslashes( $restricted_global_title );
}
$post = apply_filters( 'um_restricted_singular_post', $post, $restriction );
$post = apply_filters( 'um_restricted_singular_post', $post, $restriction, $original_post );
$this->current_single_post = $post;
@@ -871,7 +873,7 @@ if ( ! class_exists( 'um\core\Access' ) ) {
$post->post_excerpt = '';
}
$post = apply_filters( 'um_restricted_archive_post', $post, $restriction );
$post = apply_filters( 'um_restricted_archive_post', $post, $restriction, $original_post );
$filtered_posts[] = $post;
continue;
@@ -902,7 +904,7 @@ if ( ! class_exists( 'um\core\Access' ) ) {
}
}
$post = apply_filters( 'um_restricted_singular_post', $post, $restriction );
$post = apply_filters( 'um_restricted_singular_post', $post, $restriction, $original_post );
/**
* UM hook
@@ -964,7 +966,7 @@ if ( ! class_exists( 'um\core\Access' ) ) {
$post->post_excerpt = '';
}
$post = apply_filters( 'um_restricted_archive_post', $post, $restriction );
$post = apply_filters( 'um_restricted_archive_post', $post, $restriction, $original_post );
$filtered_posts[] = $post;
continue;
@@ -995,7 +997,7 @@ if ( ! class_exists( 'um\core\Access' ) ) {
}
}
$post = apply_filters( 'um_restricted_singular_post', $post, $restriction );
$post = apply_filters( 'um_restricted_singular_post', $post, $restriction, $original_post );
/**
* UM hook