10h30/ultimatemember
1
0
Fork 0
mirror of https://github.com/10h30/ultimatemember.git synced 2026-06-05 15:09:37 +09:00
Code Issues Packages Projects Releases Wiki Activity

- fixed issue with lack of the nonces in the um_adm_action handler;

Browse Source 
- fixed #1263;
This commit is contained in:
Mykyta Synelnikov
2023-07-24 22:30:33 +03:00
parent fa2108172f
commit e14f165e73
4 changed files with 107 additions and 129 deletions
Download Patch File Download Diff File Expand all files Collapse all files
includes/admin/class-admin.php
+78 -108
View File
@@ -61,21 +61,18 @@ if ( ! class_exists( 'um\admin\Admin' ) ) {
public function __construct() {
parent::__construct();
$this->templates_path = um_path . 'includes/admin/templates/';
$this->templates_path = UM_PATH . 'includes/admin/templates/';
add_action( 'admin_init', array( &$this, 'admin_init' ), 0 );
$prefix = is_network_admin() ? 'network_admin_' : '';
add_filter( "{$prefix}plugin_action_links_" . um_plugin, array( &$this, 'plugin_links' ) );
add_filter( "{$prefix}plugin_action_links_" . UM_PLUGIN, array( &$this, 'plugin_links' ) );
add_action( 'um_admin_do_action__user_cache', array( &$this, 'user_cache' ) );
add_action( 'um_admin_do_action__user_status_cache', array( &$this, 'user_status_cache' ) );
add_action( 'um_admin_do_action__purge_temp', array( &$this, 'purge_temp' ) );
add_action( 'um_admin_do_action__manual_upgrades_request', array( &$this, 'manual_upgrades_request' ) );
add_action( 'um_admin_do_action__duplicate_form', array( &$this, 'duplicate_form' ) );
add_action( 'um_admin_do_action__um_hide_locale_notice', array( &$this, 'um_hide_notice' ) );
add_action( 'um_admin_do_action__um_can_register_notice', array( &$this, 'um_hide_notice' ) );
add_action( 'um_admin_do_action__um_hide_exif_notice', array( &$this, 'um_hide_notice' ) );
add_action( 'um_admin_do_action__user_action', array( &$this, 'user_action' ) );
add_action( 'um_admin_do_action__check_templates_version', array( &$this, 'check_templates_version' ) );
@@ -1606,22 +1603,17 @@ if ( ! class_exists( 'um\admin\Admin' ) ) {
return $classes;
}
/**
*
*/
public function manual_upgrades_request() {
if ( ! is_admin() || ! current_user_can( 'manage_options' ) ) {
die();
}
$last_request = get_option( 'um_last_manual_upgrades_request', false );
if ( empty( $last_request ) || time() > $last_request + DAY_IN_SECONDS ) {
if ( is_multisite() ) {
$blogs_ids = get_sites();
foreach( $blogs_ids as $b ) {
foreach ( $blogs_ids as $b ) {
switch_to_blog( $b->blog_id );
wp_clean_update_cache();
@@ -1638,22 +1630,30 @@ if ( ! class_exists( 'um\admin\Admin' ) ) {
update_option( 'um_last_manual_upgrades_request', time() );
}
$url = add_query_arg( array( 'page' => 'ultimatemember', 'update' => 'um_got_updates' ), admin_url( 'admin.php' ) );
$url = add_query_arg(
array(
'page' => 'ultimatemember',
'update' => 'um_got_updates',
),
admin_url( 'admin.php' )
);
} else {
$url = add_query_arg( array( 'page' => 'ultimatemember', 'update' => 'um_often_updates' ), admin_url( 'admin.php' ) );
$url = add_query_arg(
array(
'page' => 'ultimatemember',
'update' => 'um_often_updates',
),
admin_url( 'admin.php' )
);
}
exit( wp_redirect( $url ) );
wp_safe_redirect( $url );
exit;
}
/**
* Core pages installation
* Core pages installation.
*/
function install_core_pages() {
if ( ! is_admin() ) {
die();
}
public function install_core_pages() {
UM()->setup()->install_default_pages();
//check empty pages in settings
@@ -1664,7 +1664,7 @@ if ( ! class_exists( 'um\admin\Admin' ) ) {
foreach ( $pages as $slug => $page_id ) {
$page = get_post( $page_id );
if ( ! isset( $page->ID ) && in_array( $slug, array_keys( UM()->config()->core_pages ) ) ) {
if ( ! isset( $page->ID ) && array_key_exists( $slug, UM()->config()->core_pages ) ) {
$empty_pages[] = $slug;
}
}
@@ -1672,27 +1672,22 @@ if ( ! class_exists( 'um\admin\Admin' ) ) {
//if there aren't empty pages - then hide pages notice
if ( empty( $empty_pages ) ) {
$hidden_notices = get_option( 'um_hidden_admin_notices', array() );
$hidden_notices = get_option( 'um_hidden_admin_notices', array() );
$hidden_notices[] = 'wrong_pages';
update_option( 'um_hidden_admin_notices', $hidden_notices );
}
$url = add_query_arg( array( 'page' => 'um_options' ), admin_url( 'admin.php' ) );
exit( wp_redirect( $url ) );
wp_safe_redirect( $url );
exit;
}
/**
* Clear all users cache
*
* @param $action
* Clear all users cache.
*/
function user_cache( $action ) {
public function user_cache() {
global $wpdb;
if ( ! is_admin() || ! current_user_can( 'manage_options' ) ) {
die();
}
$wpdb->query( "DELETE FROM {$wpdb->options} WHERE option_name LIKE 'um_cache_userdata_%'" );
@@ -1703,21 +1698,14 @@ if ( ! class_exists( 'um\admin\Admin' ) ) {
),
admin_url( 'admin.php' )
);
wp_redirect( $url );
wp_safe_redirect( $url );
exit;
}
/**
* Clear all users statuses count cache
*
* @param $action
* Clear all users statuses count cache.
*/
function user_status_cache( $action ) {
if ( ! is_admin() || ! current_user_can( 'manage_options' ) ) {
die();
}
public function user_status_cache() {
$statuses = array(
'approved',
'awaiting_admin_review',
@@ -1741,43 +1729,37 @@ if ( ! class_exists( 'um\admin\Admin' ) ) {
),
admin_url( 'admin.php' )
);
wp_redirect( $url );
wp_safe_redirect( $url );
exit;
}
/**
* Purge temp uploads dir
* @param $action
* Purge temp uploads dir.
*/
function purge_temp( $action ) {
if ( ! is_admin() || ! current_user_can( 'manage_options' ) ) {
die();
}
public function purge_temp() {
UM()->files()->remove_dir( UM()->files()->upload_temp );
$url = add_query_arg( array( 'page' => 'ultimatemember', 'update' => 'um_purged_temp' ), admin_url( 'admin.php' ) );
exit( wp_redirect( $url ) );
$url = add_query_arg(
array(
'page' => 'ultimatemember',
'update' => 'um_purged_temp',
),
admin_url( 'admin.php' )
);
wp_safe_redirect( $url );
exit;
}
/**
* Duplicate form
*
* @param $action
*/
public function duplicate_form( $action ) {
if ( ! is_admin() || ! current_user_can( 'manage_options' ) ) {
die();
}
if ( empty( $_REQUEST['post_id'] ) || empty( $_REQUEST['nonce'] ) || ! wp_verify_nonce( $_REQUEST['nonce'], "um-duplicate_form{$_REQUEST['post_id']}" ) ) {
die();
public function duplicate_form() {
if ( empty( $_REQUEST['post_id'] ) || empty( $_REQUEST['_wpnonce'] ) || ! wp_verify_nonce( $_REQUEST['_wpnonce'], "um-duplicate_form{$_REQUEST['post_id']}" ) ) {
die( esc_html__( 'Security check', 'ultimate-member' ) );
}
if ( ! is_numeric( $_REQUEST['post_id'] ) ) {
die();
die( esc_html__( 'Wrong ID', 'ultimate-member' ) );
}
$post_id = absint( $_REQUEST['post_id'] );
@@ -1817,26 +1799,10 @@ if ( ! class_exists( 'um\admin\Admin' ) ) {
}
/**
* Action to hide notices in admin
*
* @param $action
* Various user actions.
*/
function um_hide_notice( $action ) {
if ( ! is_admin() || ! current_user_can( 'manage_options' ) ) {
die();
}
update_option( $action, 1 );
exit( wp_redirect( remove_query_arg( 'um_adm_action' ) ) );
}
/**
* Various user actions
*
* @param $action
*/
function user_action( $action ) {
if ( ! is_admin() || ! current_user_can( 'edit_users' ) ) {
public function user_action() {
if ( ! current_user_can( 'edit_users' ) ) {
die();
}
if ( ! isset( $_REQUEST['sub'] ) ) {
@@ -1891,17 +1857,14 @@ if ( ! class_exists( 'um\admin\Admin' ) ) {
um_reset_user();
wp_redirect( add_query_arg( 'update', 'um_user_updated', admin_url( '?page=ultimatemember' ) ) );
wp_safe_redirect( add_query_arg( 'update', 'um_user_updated', admin_url( '?page=ultimatemember' ) ) );
exit;
}
/**
* Manual check templates versions
*
* @param $action
* Manual check templates versions.
*/
public function check_templates_version( $action ) {
public function check_templates_version() {
$templates = UM()->admin_settings()->get_override_templates( true );
$out_date = false;
@@ -1928,13 +1891,13 @@ if ( ! class_exists( 'um\admin\Admin' ) ) {
}
/**
* Add any custom links to plugin page
* Add any custom links to plugin page.
*
* @param array $links
*
* @return array
*/
function plugin_links( $links ) {
public function plugin_links( $links ) {
$more_links[] = '<a href="http://docs.ultimatemember.com/">' . esc_html__( 'Docs', 'ultimate-member' ) . '</a>';
$more_links[] = '<a href="' . admin_url() . 'admin.php?page=um_options">' . esc_html__( 'Settings', 'ultimate-member' ) . '</a>';
@@ -1951,8 +1914,17 @@ if ( ! class_exists( 'um\admin\Admin' ) ) {
if ( ! empty( $_REQUEST['um_adm_action'] ) && is_admin() && current_user_can( 'manage_options' ) ) {
$action = sanitize_key( $_REQUEST['um_adm_action'] );
if ( empty( $_REQUEST['_wpnonce'] ) || ! wp_verify_nonce( $_REQUEST['_wpnonce'], $action ) ) {
wp_die( esc_attr__( 'Security Check', 'ultimate-member' ) );
$individual_nonce_actions = array(
'user_action',
'duplicate_form',
);
$individual_nonce_actions = apply_filters( 'um_adm_action_individual_nonce_actions', $individual_nonce_actions );
// Some actions have their own nonce. Verify individually.
if ( ! in_array( $action, $individual_nonce_actions, true ) ) {
if ( empty( $_REQUEST['_wpnonce'] ) || ! wp_verify_nonce( $_REQUEST['_wpnonce'], $action ) ) {
wp_die( esc_attr__( 'Security Check', 'ultimate-member' ) );
}
}
/**
@@ -1998,7 +1970,6 @@ if ( ! class_exists( 'um\admin\Admin' ) ) {
}
}
/**
* Updated post messages
*
@@ -2006,31 +1977,30 @@ if ( ! class_exists( 'um\admin\Admin' ) ) {
*
* @return array
*/
function post_updated_messages( $messages ) {
public function post_updated_messages( $messages ) {
global $post_ID;
$post_type = get_post_type( $post_ID );
if ( $post_type == 'um_form' ) {
if ( 'um_form' === $post_type ) {
$messages['um_form'] = array(
0 => '',
1 => __( 'Form updated.', 'ultimate-member' ),
2 => __( 'Custom field updated.', 'ultimate-member' ),
3 => __( 'Custom field deleted.', 'ultimate-member' ),
4 => __( 'Form updated.', 'ultimate-member' ),
5 => isset( $_GET['revision'] ) ? __( 'Form restored to revision.', 'ultimate-member' ) : false,
6 => __( 'Form created.', 'ultimate-member' ),
7 => __( 'Form saved.', 'ultimate-member' ),
8 => __( 'Form submitted.', 'ultimate-member' ),
9 => __( 'Form scheduled.', 'ultimate-member' ),
10 => __( 'Form draft updated.', 'ultimate-member' ),
0 => '',
1 => __( 'Form updated.', 'ultimate-member' ),
2 => __( 'Custom field updated.', 'ultimate-member' ),
3 => __( 'Custom field deleted.', 'ultimate-member' ),
4 => __( 'Form updated.', 'ultimate-member' ),
5 => isset( $_GET['revision'] ) ? __( 'Form restored to revision.', 'ultimate-member' ) : false,
6 => __( 'Form created.', 'ultimate-member' ),
7 => __( 'Form saved.', 'ultimate-member' ),
8 => __( 'Form submitted.', 'ultimate-member' ),
9 => __( 'Form scheduled.', 'ultimate-member' ),
10 => __( 'Form draft updated.', 'ultimate-member' ),
);
}
return $messages;
}
/**
* Gettext filters
*