10h30/ultimatemember
1
0
Fork 0
mirror of https://github.com/10h30/ultimatemember.git synced 2026-06-05 15:09:37 +09:00
Code Issues Packages Projects Releases Wiki Activity

- fixed vulnerabilities;

Browse Source 
- small changes and fixes;
This commit is contained in:
nikitozzzzzzz
2017-08-07 16:30:12 +03:00
parent 2b21ebbc7c
commit c4b6484438
18 changed files with 59 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files
includes/core/class-common.php
+20
View File
@@ -33,6 +33,16 @@ if ( ! class_exists( 'Common' ) ) {
'not_found_in_trash' => __('Nothing found in Trash'),
'search_items' => __('Search Forms')
),
'capabilities' => array(
'edit_post' => 'update_core',
'read_post' => 'update_core',
'delete_post' => 'update_core',
'edit_posts' => 'update_core',
'edit_others_posts' => 'update_core',
'delete_posts' => 'update_core',
'publish_posts' => 'update_core',
'read_private_posts' => 'update_core'
),
'show_ui' => true,
'show_in_menu' => false,
'public' => false,
@@ -52,6 +62,16 @@ if ( ! class_exists( 'Common' ) ) {
'not_found_in_trash' => __('Nothing found in Trash'),
'search_items' => __('Search Member Directories')
),
'capabilities' => array(
'edit_post' => 'update_core',
'read_post' => 'update_core',
'delete_post' => 'update_core',
'edit_posts' => 'update_core',
'edit_others_posts' => 'update_core',
'delete_posts' => 'update_core',
'publish_posts' => 'update_core',
'read_private_posts' => 'update_core'
),
'show_ui' => true,
'show_in_menu' => false,
'public' => false,
includes/core/class-files.php
+2 -2
View File
@@ -476,8 +476,8 @@ if ( ! class_exists( 'Files' ) ) {
***/
function delete_file( $src ) {
if ( strstr( $src, '?' ) ){
$splitted = explode('?', $src );
if ( strstr( $src, '?' ) ) {
$splitted = explode( '?', $src );
$src = $splitted[0];
}
includes/core/class-form.php
+1 -1
View File
@@ -181,7 +181,7 @@ if ( ! class_exists( 'Form' ) ) {
$role = current( $_POST['role'] );
}
if ( isset( $custom_field_roles ) && is_array( $custom_field_roles ) && ! empty( $role ) && ! in_array( $role , $custom_field_roles ) ) {
if ( /*isset( $custom_field_roles ) && is_array( $custom_field_roles ) &&*/ ! empty( $role ) && ! in_array( $role , $custom_field_roles ) ) {
wp_die( __( 'This is not possible for security reasons.','ultimate-member') );
}
includes/core/class-user.php
+3
View File
@@ -119,6 +119,9 @@ if ( ! class_exists( 'User' ) ) {
$userdata = get_userdata( $user_id );
if ( empty( $userdata ) )
return UM()->permalinks()->profile_permalink( $profile_slug );
$user_in_url = '';
// Username
if ( $permalink_base == 'user_login' ) {
includes/core/um-actions-account.php
+1 -1
View File
@@ -10,7 +10,7 @@
if ( $_POST['user_password'] && $_POST['confirm_user_password'] ) {
$changes['user_pass'] = $_POST['user_password'];
$args['id'] = um_user('ID');
$args['user_id'] = um_user('ID');
do_action('send_password_change_email', $args );
includes/core/um-actions-password.php
+2 -2
View File
@@ -61,9 +61,9 @@
*
*/
add_action('send_password_change_email','um_send_password_change_email');
function um_send_password_change_email( $args ){
function um_send_password_change_email( $args ) {
extract( $args );
extract( $args );
um_fetch_user( $user_id );
includes/core/um-actions-wpadmin.php
+6 -6
View File
@@ -3,7 +3,7 @@
/***
*** @redirect wp-admin for non guests
***/
add_action( 'init', 'um_block_wpadmin_for_guests' );
/* add_action( 'init', 'um_block_wpadmin_for_guests' );
function um_block_wpadmin_for_guests() {
global $pagenow;
@@ -44,13 +44,11 @@
$redirect = $custom_url;
}
/* ---------- */
//Add support query string data after user login
if($_SERVER['QUERY_STRING']) {
$redirect .= '?'.$_SERVER['QUERY_STRING'];
}
/* ---------- */
exit( wp_redirect( $redirect ) );
}
}
@@ -94,13 +92,15 @@
}
}
}*/
/***
*** @checks if user can access the backend
***/
function um_block_wpadmin_by_user_role() {
if ( is_admin() && ! defined('DOING_AJAX') && um_user( 'ID' ) && ! um_user( 'can_access_wpadmin' ) && ! is_super_admin( um_user('ID') ) ) {
/*var_dump( is_admin() && ! defined('DOING_AJAX') && um_user( 'ID' ) && ! um_user( 'can_access_wpadmin' ) && ! is_super_admin( um_user('ID') ) );
exit;*/
if ( is_admin() && ! defined('DOING_AJAX') && um_user( 'ID' ) && ! um_user( 'can_access_wpadmin' ) && ! is_super_admin( um_user('ID') ) ) {
um_redirect_home();
}
}
includes/lib/upload/um-file-upload.php
+5
View File
@@ -24,6 +24,11 @@ require_once( $wp_load );
$ret['error'] = null;
$ret = array();
if ( ! is_user_logged_in() ) {
$ret['error'] = 'Invalid user';
die( json_encode( $ret ) );
}
$nonce = $_POST['_wpnonce'];
$id = $_POST['key'];
$timestamp = $_POST['timestamp'];
includes/um-short-functions.php
+10 -5
View File
@@ -567,17 +567,22 @@
*** @Check that temp upload is valid
***/
function um_is_temp_upload( $url ) {
$url = explode('/ultimatemember/temp/', $url);
$url = realpath( $url );
if ( ! $url )
return false;
$url = explode( '/ultimatemember/temp/', $url );
if ( isset( $url[1] ) ) {
if ( strstr( $url[1], '../' ) || strstr( $url[1], '%' ) ) {
if ( strstr( $url[1], '../' ) || strstr( $url[1], '%' ) )
return false;
}
$src = UM()->files()->upload_temp . $url[1];
if ( !file_exists( $src ) ) {
if ( ! file_exists( $src ) )
return false;
}
return $src;
}
return false;
templates/account.php
+1 -1
View File
@@ -1,4 +1,4 @@
<div class="um <?php echo $this->get_class( $mode ); ?> um-<?php echo $form_id; ?>">
<div class="um <?php echo $this->get_class( $mode ); ?> um-<?php echo esc_attr( $form_id ); ?>">
<div class="um-form">
templates/login.php
+1 -1
View File
@@ -1,4 +1,4 @@
<div class="um <?php echo $this->get_class( $mode ); ?> um-<?php echo $form_id; ?>">
<div class="um <?php echo $this->get_class( $mode ); ?> um-<?php echo esc_attr( $form_id ); ?>">
<div class="um-form">
templates/logout.php
+1 -1
View File
@@ -1,4 +1,4 @@
<div class="um <?php echo $this->get_class( $mode, $args ); ?> um-<?php echo $form_id; ?>">
<div class="um <?php echo $this->get_class( $mode, $args ); ?> um-<?php echo esc_attr( $form_id ); ?>">
<div class="um-form">
templates/members.php
+1 -1
View File
@@ -1,4 +1,4 @@
<div class="um <?php echo $this->get_class( $mode ); ?> um-<?php echo $form_id; ?>">
<div class="um <?php echo $this->get_class( $mode ); ?> um-<?php echo esc_attr( $form_id ); ?>">
<div class="um-form">
templates/message.php
+1 -1
View File
@@ -1,4 +1,4 @@
<div class="um <?php echo $this->get_class( $mode ); ?> um-<?php echo $form_id; ?>">
<div class="um <?php echo $this->get_class( $mode ); ?> um-<?php echo esc_attr( $form_id ); ?>">
<div class="um-postmessage">
templates/password-change.php
+1 -1
View File
@@ -1,4 +1,4 @@
<div class="um <?php echo $this->get_class( $mode ); ?> um-<?php echo $form_id; ?>">
<div class="um <?php echo $this->get_class( $mode ); ?> um-<?php echo esc_attr( $form_id ); ?>">
<div class="um-form">
templates/password-reset.php
+1 -1
View File
@@ -1,4 +1,4 @@
<div class="um <?php echo $this->get_class( $mode ); ?> um-<?php echo $form_id; ?>">
<div class="um <?php echo $this->get_class( $mode ); ?> um-<?php echo esc_attr( $form_id ); ?>">
<div class="um-form">
templates/profile.php
+1 -1
View File
@@ -1,4 +1,4 @@
<div class="um <?php echo $this->get_class( $mode ); ?> um-<?php echo $form_id; ?> um-role-<?php echo um_user( 'role' ); ?> ">
<div class="um <?php echo $this->get_class( $mode ); ?> um-<?php echo esc_attr( $form_id ); ?> um-role-<?php echo um_user( 'role' ); ?> ">
<div class="um-form">
templates/register.php
+1 -1
View File
@@ -1,4 +1,4 @@
<div class="um <?php echo $this->get_class( $mode ); ?> um-<?php echo $form_id; ?>">
<div class="um <?php echo $this->get_class( $mode ); ?> um-<?php echo esc_attr( $form_id ); ?>">
<div class="um-form">