10h30/ultimatemember
1
0
Fork 0
mirror of https://github.com/10h30/ultimatemember.git synced 2026-06-05 15:09:37 +09:00
Code Issues Packages Projects Releases Wiki Activity

- prepared for release;

Browse Source
This commit is contained in:
Mykyta Synelnikov
2023-07-01 13:54:57 +03:00
parent c8be278703
commit d6d129d53b
3 changed files with 4 additions and 60 deletions
Download Patch File Download Diff File Expand all files Collapse all files
includes/core/class-form.php
-56
View File
@@ -613,62 +613,6 @@ if ( ! class_exists( 'um\core\Form' ) ) {
$this->post_form['role'] = $role; $this->post_form['role'] = $role;
} }
// @todo REMOVE THAT !!! AND SEPARATE FORM DATA AND SUBMISSION DATA. MAY AFFECT TO EXTENSIONS
//$this->post_form = array_merge( $this->form_data, $this->post_form );
// Remove role from post_form at first if role ! empty and there aren't custom fields with role name
// if ( ! empty( $this->post_form['role'] ) ) {
// if ( ! strstr( $this->form_data['custom_fields'], 'role_' ) ) {
// unset( $this->post_form['role'] );
// //unset( $this->post_form['submitted']['role'] );
// }
// }
// Secure sanitize of the submitted data
// if ( ! empty( $this->post_form ) ) {
// $this->post_form = $this->clean_submitted_data( $this->post_form );
// }
// if ( ! empty( $this->post_form['submitted'] ) ) {
// $this->post_form['submitted'] = $this->clean_submitted_data( $this->post_form['submitted'] );
// }
// if ( isset( $this->form_data['custom_fields'] ) && strstr( $this->form_data['custom_fields'], 'role_' ) ) { // Secure selected role
// if ( ! empty( $_POST['role'] ) ) {
// $custom_field_roles = $this->custom_field_roles( $this->form_data['custom_fields'] );
//
// if ( ! empty( $custom_field_roles ) ) {
// if ( is_array( $_POST['role'] ) ) {
// $role = current( $_POST['role'] );
// $role = sanitize_key( $role );
// } else {
// $role = sanitize_key( $_POST['role'] );
// }
//
// global $wp_roles;
// $exclude_roles = array_diff( array_keys( $wp_roles->roles ), UM()->roles()->get_editable_user_roles() );
//
// if ( ! empty( $role ) &&
// ( ! in_array( $role, $custom_field_roles, true ) || in_array( $role, $exclude_roles, true ) ) ) {
// wp_die( esc_html__( 'This is not possible for security reasons.', 'ultimate-member' ) );
// }
//
// $this->post_form['role'] = $role;
// $this->post_form['submitted']['role'] = $role;
// } else {
// unset( $this->post_form['role'] );
// unset( $this->post_form['submitted']['role'] );
//
// // set default role for registration form if custom field hasn't proper value
// if ( 'register' === $this->form_data['mode'] ) {
// $role = $this->assigned_role( $this->form_id );
// $this->post_form['role'] = $role;
// }
// }
// }
// }
/** /**
* Filters $_POST submitted data by the UM login, registration or profile form. * Filters $_POST submitted data by the UM login, registration or profile form.
* It's un-slashed by `wp_unslash()`, beautified and sanitized. `role` attribute is filtered by possible role. * It's un-slashed by `wp_unslash()`, beautified and sanitized. `role` attribute is filtered by possible role.
readme.txt
+3 -3
View File
@@ -160,15 +160,15 @@ No, you do not need to use our plugins login or registration pages and can us
= Important: = = Important: =
* To learn more about version 2.1 please see this [docs](https://docs.ultimatemember.com/article/1512-upgrade-2-1-0) IMPORTANT: PLEASE UPDATE THE PLUGIN TO AT LEAST VERSION 2.6.7 IMMEDIATELY. VERSION 2.6.7 PATCHES SECURITY PRIVILEGE ESCALATION VULNERABILITY.
* UM2.1+ is a significant update to the Member Directories' code base from 2.0.x. Please make sure you take a full-site backup with restore point before updating the plugin
= 2.6.7: July xx, 2023 = = 2.6.7: July 1, 2023 =
* Bugfixes: * Bugfixes:
- Fixed: A privilege escalation vulnerability used through UM Forms. Known in the wild that vulnerability allowed strangers to create administrator-level WordPress users. Please update immediately and check all administrator-level users on your website. - Fixed: A privilege escalation vulnerability used through UM Forms. Known in the wild that vulnerability allowed strangers to create administrator-level WordPress users. Please update immediately and check all administrator-level users on your website.
- Fixed: Displaying fields on Account page > Privacy > Member directory settings - Fixed: Displaying fields on Account page > Privacy > Member directory settings
- Fixed: Allowed types for the file field
= 2.6.6: June 29, 2023 = = 2.6.6: June 29, 2023 =
ultimate-member.php
+1 -1
View File
@@ -3,7 +3,7 @@
Plugin Name: Ultimate Member Plugin Name: Ultimate Member
Plugin URI: http://ultimatemember.com/ Plugin URI: http://ultimatemember.com/
Description: The easiest way to create powerful online communities and beautiful user profiles with WordPress Description: The easiest way to create powerful online communities and beautiful user profiles with WordPress
Version: 2.6.7-alpha Version: 2.6.7
Author: Ultimate Member Author: Ultimate Member
Author URI: http://ultimatemember.com/ Author URI: http://ultimatemember.com/
Text Domain: ultimate-member Text Domain: ultimate-member