From e7c86052ab4bd43e037196ca10ba395ac0d83cc4 Mon Sep 17 00:00:00 2001
From: Mykyta Synelnikov <nsinelnikov.work@gmail.com>
Date: Thu, 12 Sep 2024 16:22:37 +0300
Subject: [PATCH] - WPCS;

---
 includes/admin/core/class-admin-users.php | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

diff --git a/includes/admin/core/class-admin-users.php b/includes/admin/core/class-admin-users.php
index 6582793a..6db6d889 100644
--- a/includes/admin/core/class-admin-users.php
+++ b/includes/admin/core/class-admin-users.php
@@ -149,7 +149,6 @@ if ( ! class_exists( 'um\admin\core\Admin_Users' ) ) {
 
 				case 'um_approve_membership':
 				case 'um_reenable':
-
 					add_filter( 'um_template_tags_patterns_hook', array( UM()->password(), 'add_placeholder' ), 10, 1 );
 					add_filter( 'um_template_tags_replaces_hook', array( UM()->password(), 'add_replace_placeholder' ), 10, 1 );
 
@@ -161,7 +160,6 @@ if ( ! class_exists( 'um\admin\core\Admin_Users' ) ) {
 					break;
 
 				case 'um_resend_activation':
-
 					add_filter( 'um_template_tags_patterns_hook', array( UM()->user(), 'add_activation_placeholder' ), 10, 1 );
 					add_filter( 'um_template_tags_replaces_hook', array( UM()->user(), 'add_activation_replace_placeholder' ), 10, 1 );
 
@@ -174,7 +172,7 @@ if ( ! class_exists( 'um\admin\core\Admin_Users' ) ) {
 
 				case 'um_delete':
 					if ( is_admin() ) {
-						wp_die( __( 'This action is not allowed in backend.', 'ultimate-member' ) );
+						wp_die( esc_html__( 'This action is not allowed in backend.', 'ultimate-member' ) );
 					}
 					UM()->user()->delete();
 					break;
@@ -484,6 +482,10 @@ if ( ! class_exists( 'um\admin\core\Admin_Users' ) ) {
 				$rolename = UM()->roles()->get_priority_user_role( get_current_user_id() );
 				$role     = get_role( $rolename );
 
+				if ( empty( $role ) ) {
+					wp_die( esc_html__( 'You do not have enough permissions to do that.', 'ultimate-member' ) );
+				}
+
 				if ( ! current_user_can( 'edit_users' ) && ! $role->has_cap( 'edit_users' ) ) {
 					wp_die( esc_html__( 'You do not have enough permissions to do that.', 'ultimate-member' ) );
 				}
@@ -540,14 +542,14 @@ if ( ! class_exists( 'um\admin\core\Admin_Users' ) ) {
 				$uri = $this->set_redirect_uri( admin_url( 'users.php' ) );
 				$uri = add_query_arg( 'update', 'um_users_updated', $uri );
 
-				wp_redirect( $uri );
+				wp_safe_redirect( $uri );
 				exit;
-			} elseif ( ! empty( $_REQUEST['um_bulkedit'] ) ) {
+			}
 
+			if ( ! empty( $_REQUEST['um_bulkedit'] ) ) {
 				$uri = $this->set_redirect_uri( admin_url( 'users.php' ) );
-				wp_redirect( $uri );
+				wp_safe_redirect( $uri );
 				exit;
-
 			}
 		}