10h30/ultimatemember
1
0
Fork 0
mirror of https://github.com/10h30/ultimatemember.git synced 2026-06-05 15:09:37 +09:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1087 from ultimatemember/development/2.5.1

Browse Source 
2.5.1 release
This commit is contained in:
Nikita Sinelnikov
2022-10-27 01:34:27 +03:00
committed by GitHub
parent aa6e59f55b 8ff70c0003
commit cb4ca7dbe5
20 changed files with 265 additions and 136 deletions
Download Patch File Download Diff File Expand all files Collapse all files
README.md
+1 -1
View File
@@ -41,7 +41,7 @@ GNU Version 2 or Any Later Version
## Releases
[Official Release Version: 2.5.0](https://github.com/ultimatemember/ultimatemember/releases/tag/2.5.0).
[Official Release Version: 2.5.1](https://github.com/ultimatemember/ultimatemember/releases/tag/2.5.1).
## Changelog
includes/admin/core/class-admin-builder.php
+4
View File
@@ -1220,6 +1220,10 @@ if ( ! class_exists( 'um\admin\core\Admin_Builder' ) ) {
$arr_options['function_exists'] = function_exists( $um_callback_func );
}
if ( in_array( $um_callback_func, UM()->fields()->dropdown_options_source_blacklist(), true ) ) {
wp_send_json_error( __( 'This is not possible for security reasons. Don\'t use internal PHP functions.', 'ultimate-member' ) );
}
$arr_options['data'] = array();
if ( function_exists( $um_callback_func ) ) {
$arr_options['data'] = call_user_func( $um_callback_func );
includes/admin/core/class-admin-settings.php
-1
View File
@@ -3172,7 +3172,6 @@ do_action( "um_install_info_after_page_config" ); ?>
Default New User Role: <?php echo UM()->options()->get('register_role') . "\n"; ?>
Profile Permalink Base: <?php echo UM()->options()->get('permalink_base') . "\n"; ?>
User Display Name: <?php echo UM()->options()->get('display_name') . "\n"; ?>
Force Name to Uppercase: <?php echo $this->info_value( UM()->options()->get('force_display_name_capitlized'), 'yesno', true ); ?>
Redirect author to profile: <?php echo $this->info_value( UM()->options()->get('author_redirect'), 'yesno', true ); ?>
Enable Members Directory: <?php echo $this->info_value( UM()->options()->get('members_page'), 'yesno', true ); ?>
Use Gravatars: <?php echo $this->info_value( UM()->options()->get('use_gravatars'), 'yesno', true ); ?>
includes/admin/core/class-admin-upgrade.php
+15 -5
View File
@@ -356,10 +356,20 @@ if ( ! class_exists( 'um\admin\core\Admin_Upgrade' ) ) {
if ( empty( $_POST['pack'] ) ) {
exit('');
} else {
ob_start();
include_once $this->packages_dir . sanitize_text_field( $_POST['pack'] ) . DIRECTORY_SEPARATOR . 'init.php';
ob_get_flush();
exit;
$pack = sanitize_text_field( $_POST['pack'] );
if ( in_array( $pack, $this->necessary_packages, true ) ) {
$file = $this->packages_dir . $pack . DIRECTORY_SEPARATOR . 'init.php';
if ( file_exists( $file ) ) {
ob_start();
include_once $file;
ob_get_flush();
exit;
} else {
exit('');
}
} else {
exit('');
}
}
}
@@ -407,4 +417,4 @@ if ( ! class_exists( 'um\admin\core\Admin_Upgrade' ) ) {
}
}
}
}
includes/core/class-access.php
+25 -23
View File
@@ -48,23 +48,10 @@ if ( ! class_exists( 'um\core\Access' ) ) {
$this->allow_access = false;
// NEW HOOKS
// Change recent posts widget query
add_filter( 'widget_posts_args', array( &$this, 'exclude_restricted_posts_widget' ), 99, 1 );
// Exclude pages displayed by wp_list_pages function
add_filter( 'wp_list_pages_excludes', array( &$this, 'exclude_restricted_pages' ), 10, 1 );
// Archives list change where based on restricted posts
add_filter( 'getarchives_where', array( &$this, 'exclude_restricted_posts_archives_widget' ), 99, 2 );
// Navigation line below the post content, change query to exclude restricted
add_filter( 'get_next_post_where', array( &$this, 'exclude_navigation_posts' ), 99, 5 );
add_filter( 'get_previous_post_where', array( &$this, 'exclude_navigation_posts' ), 99, 5 );
// callbacks for changing posts query
add_action( 'pre_get_posts', array( &$this, 'exclude_posts' ), 99, 1 );
add_filter( 'posts_where', array( &$this, 'exclude_posts_where' ), 10, 2 );
add_filter( 'wp_count_posts', array( &$this, 'custom_count_posts_handler' ), 99, 3 );
// change the title of the post
add_filter( 'the_title', array( &$this, 'filter_restricted_post_title' ), 10, 2 );
// change the content of the restricted post
@@ -91,13 +78,6 @@ if ( ! class_exists( 'um\core\Access' ) ) {
// Gutenberg blocks restrictions
add_filter( 'render_block', array( $this, 'restrict_blocks' ), 10, 2 );
// there is posts (Posts/Page/CPT) filtration if site is accessible
// there also will be redirects if they need
// protect posts types
add_filter( 'the_posts', array( &$this, 'filter_protected_posts' ), 99, 2 );
// protect pages for wp_list_pages func
add_filter( 'get_pages', array( &$this, 'filter_protected_posts' ), 99, 2 );
// check the site's accessible more priority have Individual Post/Term Restriction settings
add_action( 'template_redirect', array( &$this, 'template_redirect' ), 1000 );
add_action( 'um_access_check_individual_term_settings', array( &$this, 'um_access_check_individual_term_settings' ) );
@@ -111,9 +91,31 @@ if ( ! class_exists( 'um\core\Access' ) ) {
* Rollback function for old business logic to avoid security enhancements with 404 errors
*/
function disable_restriction_pre_queries() {
// callbacks for changing terms query
// Using inside plugins_loaded hook because of there can be earlier direct queries without hooks.
// Avoid using to not getting fatal error for not exists WordPress native functions.
// Change recent posts widget query.
add_filter( 'widget_posts_args', array( &$this, 'exclude_restricted_posts_widget' ), 99, 1 );
// Exclude pages displayed by wp_list_pages function.
add_filter( 'wp_list_pages_excludes', array( &$this, 'exclude_restricted_pages' ), 10, 1 );
// Archives list change where based on restricted posts.
add_filter( 'getarchives_where', array( &$this, 'exclude_restricted_posts_archives_widget' ), 99, 2 );
// Callbacks for changing posts query.
add_action( 'pre_get_posts', array( &$this, 'exclude_posts' ), 99, 1 );
add_filter( 'posts_where', array( &$this, 'exclude_posts_where' ), 10, 2 );
add_filter( 'wp_count_posts', array( &$this, 'custom_count_posts_handler' ), 99, 3 );
// Callbacks for changing terms query.
add_action( 'pre_get_terms', array( &$this, 'exclude_hidden_terms_query' ), 99, 1 );
// there is posts (Posts/Page/CPT) filtration if site is accessible
// there also will be redirects if they need
// protect posts types
add_filter( 'the_posts', array( &$this, 'filter_protected_posts' ), 99, 2 );
// protect pages for wp_list_pages func
add_filter( 'get_pages', array( &$this, 'filter_protected_posts' ), 99, 2 );
if ( ! UM()->options()->get( 'disable_restriction_pre_queries' ) ) {
return;
}
@@ -1136,7 +1138,7 @@ if ( ! class_exists( 'um\core\Access' ) ) {
continue;
} else {
$restriction_settings = $this->get_post_privacy_settings( $menu_item->object_id );
if ( empty( $restriction_settings['_um_access_hide_from_queries'] ) || ! UM()->options()->get( 'disable_restriction_pre_queries' ) ) {
if ( empty( $restriction_settings['_um_access_hide_from_queries'] ) || UM()->options()->get( 'disable_restriction_pre_queries' ) ) {
$filtered_items[] = $this->maybe_replace_nav_menu_title( $menu_item );
continue;
}
@@ -1414,7 +1416,7 @@ if ( ! class_exists( 'um\core\Access' ) ) {
}
}
} else {
if ( empty( $restriction['_um_access_hide_from_queries'] ) || ! UM()->options()->get( 'disable_restriction_pre_queries' ) ) {
if ( empty( $restriction['_um_access_hide_from_queries'] ) || UM()->options()->get( 'disable_restriction_pre_queries' ) ) {
$filtered_posts[] = $this->maybe_replace_title( $post );
continue;
}
includes/core/class-builtin.php
+17 -14
View File
@@ -1058,21 +1058,24 @@ if ( ! class_exists( 'um\core\Builtin' ) ) {
),
'youtube' => array(
'title' => __('YouTube','ultimate-member'),
'metakey' => 'youtube',
'type' => 'url',
'label' => __('YouTube','ultimate-member'),
'required' => 0,
'public' => 1,
'editable' => 1,
'title' => __( 'YouTube', 'ultimate-member' ),
'metakey' => 'youtube',
'type' => 'url',
'label' => __( 'YouTube', 'ultimate-member' ),
'required' => 0,
'public' => 1,
'editable' => 1,
'url_target' => '_blank',
'url_rel' => 'nofollow',
'icon' => 'um-faicon-youtube',
'validate' => 'youtube_url',
'url_text' => 'YouTube',
'advanced' => 'social',
'color' => '#e52d27',
'match' => 'https://youtube.com/',
'url_rel' => 'nofollow',
'icon' => 'um-faicon-youtube',
'validate' => 'youtube_url',
'url_text' => __( 'YouTube', 'ultimate-member' ),
'advanced' => 'social',
'color' => '#e52d27',
'match' => array(
'https://youtube.com/',
'https://youtu.be/',
),
),
'soundcloud' => array(
includes/core/class-fields.php
+55 -27
View File
@@ -86,9 +86,10 @@ if ( ! class_exists( 'um\core\Fields' ) ) {
}
foreach ( $social as $k => $arr ) {
if ( um_profile( $k ) ) { ?>
if ( um_profile( $k ) ) {
$match = is_array( $arr['match'] ) ? $arr['match'][0] : $arr['match']; ?>
<a href="<?php echo esc_url( um_filtered_social_link( $k, $arr['match'] ) ); ?>"
<a href="<?php echo esc_url( um_filtered_social_link( $k, $match ) ); ?>"
style="background: <?php echo esc_attr( $arr['color'] ); ?>;" target="_blank" class="um-tip-n"
title="<?php echo esc_attr( $arr['title'] ); ?>"><i class="<?php echo esc_attr( $arr['icon'] ); ?>"></i></a>
@@ -146,17 +147,19 @@ if ( ! class_exists( 'um\core\Fields' ) ) {
if ( array_key_exists( 'custom_dropdown_options_source', $args ) ) {
if ( function_exists( wp_unslash( $args['custom_dropdown_options_source'] ) ) ) {
$allowed_callbacks = UM()->options()->get( 'allowed_choice_callbacks' );
if ( ! empty( $allowed_callbacks ) ) {
$allowed_callbacks = array_map( 'rtrim', explode( "\n", $allowed_callbacks ) );
$allowed_callbacks[] = $args['custom_dropdown_options_source'];
} else {
$allowed_callbacks = array( $args['custom_dropdown_options_source'] );
}
$allowed_callbacks = array_unique( $allowed_callbacks );
$allowed_callbacks = implode( "\r\n", $allowed_callbacks );
if ( ! in_array( $args['custom_dropdown_options_source'], UM()->fields()->dropdown_options_source_blacklist(), true ) ) {
$allowed_callbacks = UM()->options()->get( 'allowed_choice_callbacks' );
if ( ! empty( $allowed_callbacks ) ) {
$allowed_callbacks = array_map( 'rtrim', explode( "\n", $allowed_callbacks ) );
$allowed_callbacks[] = $args['custom_dropdown_options_source'];
} else {
$allowed_callbacks = array( $args['custom_dropdown_options_source'] );
}
$allowed_callbacks = array_unique( $allowed_callbacks );
$allowed_callbacks = implode( "\r\n", $allowed_callbacks );
UM()->options()->update( 'allowed_choice_callbacks', $allowed_callbacks );
UM()->options()->update( 'allowed_choice_callbacks', $allowed_callbacks );
}
}
}
@@ -201,19 +204,21 @@ if ( ! class_exists( 'um\core\Fields' ) ) {
if ( array_key_exists( 'custom_dropdown_options_source', $args ) ) {
if ( function_exists( wp_unslash( $args['custom_dropdown_options_source'] ) ) ) {
$allowed_callbacks = UM()->options()->get( 'allowed_choice_callbacks' );
if ( ! empty( $allowed_callbacks ) ) {
$allowed_callbacks = array_map( 'rtrim', explode( "\n", $allowed_callbacks ) );
$allowed_callbacks[] = $args['custom_dropdown_options_source'];
} else {
$allowed_callbacks = array( $args['custom_dropdown_options_source'] );
if ( ! in_array( $args['custom_dropdown_options_source'], UM()->fields()->dropdown_options_source_blacklist(), true ) ) {
$allowed_callbacks = UM()->options()->get( 'allowed_choice_callbacks' );
if ( ! empty( $allowed_callbacks ) ) {
$allowed_callbacks = array_map( 'rtrim', explode( "\n", $allowed_callbacks ) );
$allowed_callbacks[] = $args['custom_dropdown_options_source'];
} else {
$allowed_callbacks = array( $args['custom_dropdown_options_source'] );
}
$allowed_callbacks = array_unique( $allowed_callbacks );
$allowed_callbacks = implode( "\r\n", $allowed_callbacks );
UM()->options()->update( 'allowed_choice_callbacks', $allowed_callbacks );
$args['custom_dropdown_options_source'] = wp_unslash( $args['custom_dropdown_options_source'] );
}
$allowed_callbacks = array_unique( $allowed_callbacks );
$allowed_callbacks = implode( "\r\n", $allowed_callbacks );
UM()->options()->update( 'allowed_choice_callbacks', $allowed_callbacks );
$args['custom_dropdown_options_source'] = wp_unslash( $args['custom_dropdown_options_source'] );
}
}
@@ -1291,6 +1296,18 @@ if ( ! class_exists( 'um\core\Fields' ) ) {
return '';
}
/**
* Getting the blacklist of the functions that cannot be used as callback.
* All internal PHP functions are insecure for using inside callback functions.
*
* @return array
*/
public function dropdown_options_source_blacklist() {
$list = get_defined_functions();
$blacklist = ! empty( $list['internal'] ) ? $list['internal'] : array();
$blacklist = apply_filters( 'um_dropdown_options_source_blacklist', $blacklist );
return $blacklist;
}
/**
* Gets selected option value from a callback function
@@ -1305,6 +1322,10 @@ if ( ! class_exists( 'um\core\Fields' ) ) {
if ( in_array( $type, array( 'select', 'multiselect' ) ) && ! empty( $data['custom_dropdown_options_source'] ) ) {
if ( in_array( $data['custom_dropdown_options_source'], $this->dropdown_options_source_blacklist(), true ) ) {
return $value;
}
$has_custom_source = apply_filters( "um_has_dropdown_options_source__{$data['metakey']}", false );
if ( $has_custom_source ) {
@@ -1372,6 +1393,10 @@ if ( ! class_exists( 'um\core\Fields' ) ) {
if ( in_array( $type, array( 'select', 'multiselect' ) ) && ! empty( $data['custom_dropdown_options_source'] ) ) {
if ( in_array( $data['custom_dropdown_options_source'], $this->dropdown_options_source_blacklist(), true ) ) {
return $arr_options;
}
if ( function_exists( $data['custom_dropdown_options_source'] ) ) {
if ( isset( $data['parent_dropdown_relationship'] ) ) {
$arr_options = call_user_func( $data['custom_dropdown_options_source'], $data['parent_dropdown_relationship'] );
@@ -3037,7 +3062,9 @@ if ( ! class_exists( 'um\core\Fields' ) ) {
if ( ! empty( $data['custom_dropdown_options_source'] ) && $has_parent_option && function_exists( $data['custom_dropdown_options_source'] ) &&
um_user( $data['parent_dropdown_relationship'] )
) {
$options = call_user_func( $data['custom_dropdown_options_source'], $data['parent_dropdown_relationship'] );
if ( ! in_array( $data['custom_dropdown_options_source'], $this->dropdown_options_source_blacklist(), true ) ) {
$options = call_user_func( $data['custom_dropdown_options_source'], $data['parent_dropdown_relationship'] );
}
$disabled_by_parent_option = '';
if ( um_user( $form_key ) ) {
@@ -3053,10 +3080,11 @@ if ( ! class_exists( 'um\core\Fields' ) ) {
// Child dropdown
if ( $has_parent_option ) {
if ( ! empty( $data['custom_dropdown_options_source'] ) && $has_parent_option &&
function_exists( $data['custom_dropdown_options_source'] ) && isset( UM()->form()->post_form[ $form_key ] ) ) {
$options = call_user_func( $data['custom_dropdown_options_source'], $data['parent_dropdown_relationship'] );
if ( ! in_array( $data['custom_dropdown_options_source'], $this->dropdown_options_source_blacklist(), true ) ) {
$options = call_user_func( $data['custom_dropdown_options_source'], $data['parent_dropdown_relationship'] );
}
}
}
includes/core/class-form.php
+48 -13
View File
@@ -148,6 +148,13 @@ if ( ! class_exists( 'um\core\Form' ) ) {
wp_send_json( $arr_options );
}
if ( in_array( $ajax_source_func, UM()->fields()->dropdown_options_source_blacklist(), true ) ) {
$arr_options['status'] = 'error';
$arr_options['message'] = __( 'This is not possible for security reasons.', 'ultimate-member' );
wp_send_json( $arr_options );
}
if ( isset( $_POST['form_id'] ) ) {
UM()->fields()->set_id = absint( $_POST['form_id'] );
}
@@ -438,7 +445,7 @@ if ( ! class_exists( 'um\core\Form' ) ) {
* }
* ?>
*/
$this->post_form = apply_filters( 'um_submit_post_form', $_POST );
$this->post_form = apply_filters( 'um_submit_post_form', wp_unslash( $_POST ) );
if ( isset( $this->post_form[ UM()->honeypot ] ) && '' !== $this->post_form[ UM()->honeypot ] ) {
wp_die( esc_html__( 'Hello, spam bot!', 'ultimate-member' ) );
@@ -650,19 +657,47 @@ if ( ! class_exists( 'um\core\Form' ) ) {
$v = sanitize_text_field( $form[ $k ] );
// Make a proper social link
if ( ! empty( $v ) && ! strstr( $v, $f['match'] ) ) {
$domain = trim( strtr( $f['match'], array(
'https://' => '',
'http://' => '',
) ), ' /' );
if ( ! empty( $v ) ) {
$replace_match = is_array( $f['match'] ) ? $f['match'][0] : $f['match'];
if ( ! strstr( $v, $domain ) ) {
$v = $f['match'] . $v;
} else {
$v = 'https://' . trim( strtr( $v, array(
'https://' => '',
'http://' => '',
) ), ' /' );
$need_replace = false;
if ( is_array( $f['match'] ) ) {
$need_replace = true;
foreach ( $f['match'] as $arr_match ) {
if ( strstr( $v, $arr_match ) ) {
$need_replace = false;
}
}
}
if ( ! is_array( $f['match'] ) || $need_replace ) {
if ( ! strstr( $v, $replace_match ) ) {
$domain = trim(
strtr(
$replace_match,
array(
'https://' => '',
'http://' => '',
)
),
' /'
);
if ( ! strstr( $v, $domain ) ) {
$v = $replace_match . $v;
} else {
$v = 'https://' . trim(
strtr(
$v,
array(
'https://' => '',
'http://' => '',
)
),
' /'
);
}
}
}
}
includes/core/class-shortcodes.php
+6 -1
View File
@@ -283,7 +283,12 @@ if ( ! class_exists( 'um\core\Shortcodes' ) ) {
}
if ( file_exists( $file ) ) {
include $file;
// Avoid Directory Traversal vulnerability by the checking the realpath.
// Templates can be situated only in the get_stylesheet_directory() or plugindir templates.
$real_file = wp_normalize_path( realpath( $file ) );
if ( 0 === strpos( $real_file, wp_normalize_path( um_path . "templates" . DIRECTORY_SEPARATOR ) ) || 0 === strpos( $real_file, wp_normalize_path( get_stylesheet_directory() . DIRECTORY_SEPARATOR . 'ultimate-member' . DIRECTORY_SEPARATOR . 'templates' . DIRECTORY_SEPARATOR ) ) ) {
include $file;
}
}
}
includes/core/class-uploader.php
+6 -6
View File
@@ -786,14 +786,14 @@ if ( ! class_exists( 'um\core\Uploader' ) ) {
if ( isset( $image_info['invalid_image'] ) && $image_info['invalid_image'] == true ) {
$error = sprintf(__('Your image is invalid or too large!','ultimate-member') );
} elseif ( isset($data['min_size']) && ( $image_info['size'] < $data['min_size'] ) ) {
} elseif ( isset( $data['min_size'] ) && ( $image_info['size'] < $data['min_size'] ) ) {
$error = $data['min_size_error'];
} elseif ( isset($data['max_file_size']) && ( $image_info['size'] > $data['max_file_size'] ) ) {
} elseif ( isset( $data['max_file_size'] ) && ( $image_info['size'] > $data['max_file_size'] ) ) {
$error = $data['max_file_size_error'];
} elseif ( isset($data['min_width']) && ( $image_info['width'] < $data['min_width'] ) ) {
$error = sprintf(__('Your photo is too small. It must be at least %spx wide.','ultimate-member'), $data['min_width']);
} elseif ( isset($data['min_height']) && ( $image_info['height'] < $data['min_height'] ) ) {
$error = sprintf(__('Your photo is too small. It must be at least %spx wide.','ultimate-member'), $data['min_height']);
} elseif ( isset( $data['min_width'] ) && ( $image_info['width'] < $data['min_width'] ) ) {
$error = sprintf( __( 'Your photo is too small. It must be at least %spx wide.', 'ultimate-member' ), $data['min_width'] );
} elseif ( isset( $data['min_height'] ) && ( $image_info['height'] < $data['min_height'] ) ) {
$error = sprintf( __( 'Your photo is too small. It must be at least %spx high.', 'ultimate-member' ), $data['min_height'] );
}
return $error;
includes/core/class-user.php
+21 -1
View File
@@ -1641,6 +1641,11 @@ if ( ! class_exists( 'um\core\User' ) ) {
function email_pending() {
$this->assign_secretkey();
$this->set_status( 'awaiting_email_confirmation' );
//clear all sessions for email confirmation pending users
$user = \WP_Session_Tokens::get_instance( um_user( 'ID' ) );
$user->destroy_all();
UM()->mail()->send( um_user( 'user_email' ), 'checkmail_email' );
}
@@ -1662,6 +1667,11 @@ if ( ! class_exists( 'um\core\User' ) ) {
*/
function pending() {
$this->set_status( 'awaiting_admin_review' );
//clear all sessions for awaiting admin confirmation users
$user = \WP_Session_Tokens::get_instance( um_user( 'ID' ) );
$user->destroy_all();
UM()->mail()->send( um_user( 'user_email' ), 'pending_email' );
}
@@ -1684,6 +1694,11 @@ if ( ! class_exists( 'um\core\User' ) ) {
*/
function reject() {
$this->set_status( 'rejected' );
//clear all sessions for rejected users
$user = \WP_Session_Tokens::get_instance( um_user( 'ID' ) );
$user->destroy_all();
UM()->mail()->send( um_user( 'user_email' ), 'rejected_email' );
}
@@ -1705,6 +1720,11 @@ if ( ! class_exists( 'um\core\User' ) ) {
*/
function deactivate() {
$this->set_status( 'inactive' );
//clear all sessions for inactive users
$user = \WP_Session_Tokens::get_instance( um_user( 'ID' ) );
$user->destroy_all();
/**
* UM hook
*
@@ -2087,7 +2107,7 @@ if ( ! class_exists( 'um\core\User' ) ) {
update_user_meta( $this->id, $key, $value );
}
} else {
$args[ $key ] = esc_attr( $changes[ $key ] );
$args[ $key ] = $changes[ $key ];
}
}
includes/core/class-validation.php
+4 -2
View File
@@ -95,8 +95,10 @@ if ( ! class_exists( 'um\core\Validation' ) ) {
isset( $fields[ $key ]['custom_dropdown_options_source'] ) &&
! empty( $fields[ $key ]['custom_dropdown_options_source'] ) &&
function_exists( $fields[ $key ]['custom_dropdown_options_source'] ) ) {
$arr_options = call_user_func( $fields[ $key ]['custom_dropdown_options_source'] );
$fields[ $key ]['options'] = array_keys( $arr_options );
if ( ! in_array( $fields[ $key ]['custom_dropdown_options_source'], UM()->fields()->dropdown_options_source_blacklist(), true ) ) {
$arr_options = call_user_func( $fields[ $key ]['custom_dropdown_options_source'] );
$fields[ $key ]['options'] = array_keys( $arr_options );
}
}
// Unset changed value that doesn't match the option list
includes/core/um-actions-form.php
+2 -2
View File
@@ -702,7 +702,7 @@ function um_submit_form_errors_hook_( $args ) {
break;
case 'youtube_url':
if ( ! UM()->validation()->is_url( $args[ $key ], 'youtube.com' ) ) {
if ( ! UM()->validation()->is_url( $args[ $key ], 'youtube.com' ) && ! UM()->validation()->is_url( $args[ $key ], 'youtu.be' ) ) {
UM()->form()->add_error( $key, sprintf( __( 'Please enter a valid %s username or profile URL', 'ultimate-member' ), $array['label'] ) );
}
break;
@@ -806,7 +806,7 @@ function um_submit_form_errors_hook_( $args ) {
$args['user_id'] = um_get_requested_user();
}
$email_exists = email_exists( $args[ $key ] );
$email_exists = email_exists( $args[ $key ] );
if ( $args[ $key ] == '' && in_array( $key, array( 'user_email' ) ) ) {
UM()->form()->add_error( $key, __( 'You must provide your email', 'ultimate-member' ) );
includes/core/um-actions-profile.php
+6 -4
View File
@@ -294,10 +294,12 @@ function um_user_edit_profile( $args ) {
if ( isset( $array['options'] ) && in_array( $array['type'], array( 'select', 'multiselect' ) ) ) {
$options = array();
if ( ! empty( $array['custom_dropdown_options_source'] ) && function_exists( $array['custom_dropdown_options_source'] ) && ! $has_custom_source ) {
$callback_result = call_user_func( $array['custom_dropdown_options_source'], $array['options'] );
if ( is_array( $callback_result ) ) {
$options = array_keys( $callback_result );
if ( ! empty( $array['custom_dropdown_options_source'] ) && function_exists( $array['custom_dropdown_options_source'] ) && ! $has_custom_source ) {
if ( ! in_array( $array['custom_dropdown_options_source'], UM()->fields()->dropdown_options_source_blacklist(), true ) ) {
$callback_result = call_user_func( $array['custom_dropdown_options_source'], $array['options'] );
if ( is_array( $callback_result ) ) {
$options = array_keys( $callback_result );
}
}
}
includes/core/um-actions-register.php
+5 -2
View File
@@ -178,8 +178,11 @@ function um_check_user_status( $user_id, $args ) {
do_action( "track_{$status}_user_registration" );
if ( $status == 'approved' ) {
UM()->user()->auto_login( $user_id );
// Check if user is logged in because there can be the customized way when through 'um_registration_for_loggedin_users' hook the registration is enabled for the logged in users (e.g. Administrator).
if ( ! is_user_logged_in() ) {
// Custom way if 'um_registration_for_loggedin_users' hook after custom callbacks returns true. Then don't make auto-login because user is already logged-in.
UM()->user()->auto_login( $user_id );
}
UM()->user()->generate_profile_slug( $user_id );
/**
includes/core/um-filters-fields.php
+3
View File
@@ -694,6 +694,9 @@ add_filter( 'um_field_non_utf8_value', 'um_field_non_utf8_value' );
*/
function um_select_dropdown_dynamic_callback_options( $options, $data ) {
if ( ! empty( $data['custom_dropdown_options_source'] ) && function_exists( $data['custom_dropdown_options_source'] ) ) {
if ( in_array( $data['custom_dropdown_options_source'], UM()->fields()->dropdown_options_source_blacklist(), true ) ) {
return $options;
}
$options = call_user_func( $data['custom_dropdown_options_source'] );
}
includes/core/um-filters-navmenu.php
+19 -16
View File
@@ -20,13 +20,13 @@ if ( ! is_admin() ) {
}
foreach ( $sorted_menu_items as &$menu_item ) {
if ( $menu_item->title ) {
if ( ! empty( $menu_item->title ) ) {
$menu_item->title = UM()->shortcodes()->convert_user_tags( $menu_item->title );
}
if ( $menu_item->attr_title ) {
if ( ! empty( $menu_item->attr_title ) ) {
$menu_item->attr_title = UM()->shortcodes()->convert_user_tags( $menu_item->attr_title );
}
if ( $menu_item->description ) {
if ( ! empty( $menu_item->description ) ) {
$menu_item->description = UM()->shortcodes()->convert_user_tags( $menu_item->description );
}
}
@@ -56,19 +56,22 @@ if ( ! is_admin() ) {
um_fetch_user( get_current_user_id() );
$filtered_items = array();
$filtered_items = array();
$hide_children_of = array();
//other filter
foreach ( $menu_items as $item ) {
if ( empty( $item->ID ) ) {
continue;
}
$mode = get_post_meta( $item->ID, 'menu-item-um_nav_public', true );
$mode = get_post_meta( $item->ID, 'menu-item-um_nav_public', true );
$roles = get_post_meta( $item->ID, 'menu-item-um_nav_roles', true );
$visible = true;
// hide any item that is the child of a hidden item
if ( in_array( $item->menu_item_parent, $hide_children_of ) ) {
if ( isset( $item->menu_item_parent ) && in_array( $item->menu_item_parent, $hide_children_of ) ) {
$visible = false;
$hide_children_of[] = $item->ID; // for nested menus
}
@@ -79,16 +82,16 @@ if ( ! is_admin() ) {
case 2:
if ( is_user_logged_in() && ! empty( $roles ) ) {
if ( current_user_can( 'administrator' ) ) {
$visible = true;
} else {
$current_user_roles = um_user( 'roles' );
if ( empty( $current_user_roles ) ) {
$visible = false;
} else {
$visible = ( count( array_intersect( $current_user_roles, (array)$roles ) ) > 0 ) ? true : false;
}
}
if ( current_user_can( 'administrator' ) ) {
$visible = true;
} else {
$current_user_roles = um_user( 'roles' );
if ( empty( $current_user_roles ) ) {
$visible = false;
} else {
$visible = ( count( array_intersect( $current_user_roles, (array)$roles ) ) > 0 ) ? true : false;
}
}
} else {
$visible = is_user_logged_in() ? true : false;
}
includes/um-short-functions.php
+1 -16
View File
@@ -2306,10 +2306,6 @@ function um_user( $data, $attrs = null ) {
$name = um_profile( $data );
if ( UM()->options()->get( 'force_display_name_capitlized' ) ) {
$name = implode( '-', array_map( 'ucfirst', explode( '-', $name ) ) );
}
/**
* UM hook
*
@@ -2366,14 +2362,7 @@ function um_user( $data, $attrs = null ) {
$f_and_l_initial = um_profile( $data );
}
$f_and_l_initial = UM()->validation()->safe_name_in_url( $f_and_l_initial );
if ( UM()->options()->get( 'force_display_name_capitlized' ) ) {
$name = implode( '-', array_map( 'ucfirst', explode( '-', $f_and_l_initial ) ) );
} else {
$name = $f_and_l_initial;
}
$name = UM()->validation()->safe_name_in_url( $f_and_l_initial );
return $name;
break;
@@ -2459,10 +2448,6 @@ function um_user( $data, $attrs = null ) {
}
}
if ( UM()->options()->get( 'force_display_name_capitlized' ) ) {
$name = implode( '-', array_map( 'ucfirst', explode( '-', $name ) ) );
}
/**
* UM hook
*
readme.txt
+26 -1
View File
@@ -7,7 +7,7 @@ Tags: community, member, membership, user-profile, user-registration
Requires PHP: 5.6
Requires at least: 5.0
Tested up to: 6.0
Stable tag: 2.5.0
Stable tag: 2.5.1
License: GNU Version 2 or Any Later Version
License URI: http://www.gnu.org/licenses/gpl-3.0.txt
@@ -163,6 +163,31 @@ No, you do not need to use our plugins login or registration pages and can us
* To learn more about version 2.1 please see this [docs](https://docs.ultimatemember.com/article/1512-upgrade-2-1-0)
* UM2.1+ is a significant update to the Member Directories' code base from 2.0.x. Please make sure you take a full-site backup with restore point before updating the plugin
= 2.5.1: October 26, 2022 =
* Enhancements:
- Added: Custom fields callbacks blacklist. Use `um_dropdown_options_source_blacklist` filter for adding your custom functions to the custom callbacks blacklist. By default there are all PHP internal functions.
* Bugfixes:
- Fixed: Posts' restriction that is based on term restriction settings
- Fixed: Issue with class name in checkbox and radio. Class name being 'activeright' instead of 'active right'
- Fixed: Admin upgrade scripts and upgrades pack validation
- Fixed: Directory traversal vulnerabilities
- Fixed: Destroying user sessions after changing "Approved" status to something else (e.g. deactivated)
- Fixed: Conflict when `wp_get_current_user()` not exists. Transferred restriction settings callbacks to `plugins_loaded` hook
- Fixed: Restriction post displaying when 404 is enabled and old restiction logic isn't active
- Fixed: PHP warning when nav menu is empty
- Fixed: Disable auto-login after user is registered by Administrator and UM Registration form
- Fixed: Some typos errors
- Fixed: Using an apostrophe symbols in emails for registration and login both
- Fixed: Sanitizing YouTube links. Applying both https://youtu.be/xxxxxxx and https://youtube.com/xxxxxxx links
* Deprecated:
- Removed: Outdated setting using in code (force_display_name_capitlized). Moved the functionality to extended [repo](https://github.com/ultimatemember/Extended/tree/main/um-capitalize-name#readme)
= 2.5.0: August 17, 2022 =
* Enhancements:
ultimate-member.php
+1 -1
View File
@@ -3,7 +3,7 @@
Plugin Name: Ultimate Member
Plugin URI: http://ultimatemember.com/
Description: The easiest way to create powerful online communities and beautiful user profiles with WordPress
Version: 2.5.0
Version: 2.5.1
Author: Ultimate Member
Author URI: http://ultimatemember.com/
Text Domain: ultimate-member