diff --git a/includes/core/class-files.php b/includes/core/class-files.php index 8f5389cc..0101a957 100644 --- a/includes/core/class-files.php +++ b/includes/core/class-files.php @@ -376,6 +376,8 @@ if ( ! class_exists( 'um\core\Files' ) ) { wp_send_json_error( esc_js( __( 'You have no permission to edit this user through this form', 'ultimate-member' ) ) ); } + $post_data['role'] = maybe_unserialize( $post_data['role'] ); + if ( is_array( $post_data['role'] ) ) { if ( ! count( array_intersect( $post_data['role'], $current_user_roles ) ) ) { wp_send_json_error( esc_js( __( 'You have no permission to edit this user through this form', 'ultimate-member' ) ) ); @@ -538,6 +540,8 @@ if ( ! class_exists( 'um\core\Files' ) ) { wp_send_json_error( $ret ); } + $post_data['role'] = maybe_unserialize( $post_data['role'] ); + if ( is_array( $post_data['role'] ) ) { if ( ! count( array_intersect( $post_data['role'], $current_user_roles ) ) ) { $ret['error'] = esc_html__( 'You have no permission to edit this user through this form', 'ultimate-member' ); @@ -706,6 +710,8 @@ if ( ! class_exists( 'um\core\Files' ) ) { wp_send_json_error( $ret ); } + $post_data['role'] = maybe_unserialize( $post_data['role'] ); + if ( is_array( $post_data['role'] ) ) { if ( ! count( array_intersect( $post_data['role'], $current_user_roles ) ) ) { $ret['error'] = esc_html__( 'You have no permission to edit this user through this form', 'ultimate-member' ); diff --git a/readme.txt b/readme.txt index 50a77ae8..991966f0 100644 --- a/readme.txt +++ b/readme.txt @@ -172,6 +172,7 @@ IMPORTANT: PLEASE UPDATE THE PLUGIN TO AT LEAST VERSION 2.6.7 IMMEDIATELY. VERSI * Fixed: "Load textdomain just in time" issue * Fixed: Capabilities checking in the wp-admin > Users list table +* Fixed: File/image upload on the role specific profile form * Fixed: Issues when the form's custom fields meta has a wrong format * Fixed: Validation of the "Registration Default Role" slug * Fixed: Allowed query variables via registered REST API class only when REST_REQUEST is defined