mirror of
https://github.com/10h30/ultimatemember.git
synced 2026-06-05 15:09:37 +09:00
- fixed issue with lack of the nonces in the um_adm_action handler;
This commit is contained in:
Mykyta Synelnikov
@@ -118,6 +118,7 @@ if ( ! class_exists( 'um\admin\core\Admin_Columns' ) ) {
|
||||
'um_adm_action' => 'duplicate_form',
|
||||
'post_id' => $id,
|
||||
'nonce' => wp_create_nonce( "um-duplicate_form{$id}" ),
|
||||
'_wpnonce' => wp_create_nonce( 'duplicate_form' ),
|
||||
),
|
||||
admin_url( 'edit.php' )
|
||||
);
|
||||
|
||||
@@ -369,7 +369,6 @@ if ( ! class_exists( 'um\admin\core\Admin_Notices' ) ) {
|
||||
);
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Regarding page setup
|
||||
*/
|
||||
@@ -381,9 +380,16 @@ if ( ! class_exists( 'um\admin\core\Admin_Notices' ) ) {
|
||||
foreach ( $pages as $slug => $page_id ) {
|
||||
$page = get_post( $page_id );
|
||||
|
||||
if ( ! isset( $page->ID ) && in_array( $slug, array_keys( UM()->config()->core_pages ) ) ) {
|
||||
if ( ! isset( $page->ID ) && array_key_exists( $slug, UM()->config()->core_pages ) ) {
|
||||
$url = add_query_arg(
|
||||
array(
|
||||
'um_adm_action' => 'install_core_pages',
|
||||
'_wpnonce' => wp_create_nonce( 'install_core_pages' ),
|
||||
)
|
||||
);
|
||||
|
||||
ob_start(); ?>
|
||||
ob_start();
|
||||
?>
|
||||
|
||||
<p>
|
||||
<?php
|
||||
@@ -393,18 +399,23 @@ if ( ! class_exists( 'um\admin\core\Admin_Notices' ) ) {
|
||||
</p>
|
||||
|
||||
<p>
|
||||
<a href="<?php echo esc_url( add_query_arg( 'um_adm_action', 'install_core_pages' ) ); ?>" class="button button-primary"><?php _e( 'Create Pages', 'ultimate-member' ) ?></a>
|
||||
<a href="<?php echo esc_url( $url ); ?>" class="button button-primary"><?php esc_html_e( 'Create Pages', 'ultimate-member' ); ?></a>
|
||||
|
||||
<a href="javascript:void(0);" class="button-secondary um_secondary_dimiss"><?php _e( 'No thanks', 'ultimate-member' ) ?></a>
|
||||
<a href="javascript:void(0);" class="button-secondary um_secondary_dimiss"><?php esc_html_e( 'No thanks', 'ultimate-member' ); ?></a>
|
||||
</p>
|
||||
|
||||
<?php $message = ob_get_clean();
|
||||
<?php
|
||||
$message = ob_get_clean();
|
||||
|
||||
$this->add_notice( 'wrong_pages', array(
|
||||
'class' => 'updated',
|
||||
'message' => $message,
|
||||
'dismissible' => true
|
||||
), 20 );
|
||||
$this->add_notice(
|
||||
'wrong_pages',
|
||||
array(
|
||||
'class' => 'updated',
|
||||
'message' => $message,
|
||||
'dismissible' => true,
|
||||
),
|
||||
20
|
||||
);
|
||||
|
||||
break;
|
||||
}
|
||||
@@ -413,23 +424,30 @@ if ( ! class_exists( 'um\admin\core\Admin_Notices' ) ) {
|
||||
if ( isset( $pages['user'] ) ) {
|
||||
$test = get_post( $pages['user'] );
|
||||
if ( isset( $test->post_parent ) && $test->post_parent > 0 ) {
|
||||
$this->add_notice( 'wrong_user_page', array(
|
||||
'class' => 'updated',
|
||||
'message' => '<p>' . __( 'Ultimate Member Setup Error: User page can not be a child page.', 'ultimate-member' ) . '</p>',
|
||||
), 25 );
|
||||
$this->add_notice(
|
||||
'wrong_user_page',
|
||||
array(
|
||||
'class' => 'updated',
|
||||
'message' => '<p>' . esc_html__( 'Ultimate Member Setup Error: User page can not be a child page.', 'ultimate-member' ) . '</p>',
|
||||
),
|
||||
25
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
if ( isset( $pages['account'] ) ) {
|
||||
$test = get_post( $pages['account'] );
|
||||
if ( isset( $test->post_parent ) && $test->post_parent > 0 ) {
|
||||
$this->add_notice( 'wrong_account_page', array(
|
||||
'class' => 'updated',
|
||||
'message' => '<p>' . __( 'Ultimate Member Setup Error: Account page can not be a child page.', 'ultimate-member' ) . '</p>',
|
||||
), 30 );
|
||||
$this->add_notice(
|
||||
'wrong_account_page',
|
||||
array(
|
||||
'class' => 'updated',
|
||||
'message' => '<p>' . esc_html__( 'Ultimate Member Setup Error: Account page can not be a child page.', 'ultimate-member' ) . '</p>',
|
||||
),
|
||||
30
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
@@ -441,12 +459,18 @@ if ( ! class_exists( 'um\admin\core\Admin_Notices' ) ) {
|
||||
$hide_exif_notice = get_option( 'um_hide_exif_notice' );
|
||||
|
||||
if ( ! extension_loaded( 'exif' ) && ! $hide_exif_notice ) {
|
||||
$url = add_query_arg(
|
||||
array(
|
||||
'um_adm_action' => 'um_hide_exif_notice',
|
||||
'_wpnonce' => wp_create_nonce( 'um_hide_exif_notice' ),
|
||||
)
|
||||
);
|
||||
$this->add_notice(
|
||||
'exif_disabled',
|
||||
array(
|
||||
'class' => 'updated',
|
||||
// translators: %s: query args.
|
||||
'message' => '<p>' . sprintf( __( 'Exif is not enabled on your server. Mobile photo uploads will not be rotated correctly until you enable the exif extension. <a href="%s">Hide this notice</a>', 'ultimate-member' ), add_query_arg( 'um_adm_action', 'um_hide_exif_notice' ) ) . '</p>',
|
||||
'message' => '<p>' . sprintf( __( 'Exif is not enabled on your server. Mobile photo uploads will not be rotated correctly until you enable the exif extension. <a href="%s">Hide this notice</a>', 'ultimate-member' ), $url ) . '</p>',
|
||||
),
|
||||
10
|
||||
);
|
||||
|
||||
@@ -3072,10 +3072,17 @@ if ( ! class_exists( 'um\admin\core\Admin_Settings' ) ) {
|
||||
*/
|
||||
public function settings_override_templates_tab() {
|
||||
$um_check_version = get_transient( 'um_check_template_versions' );
|
||||
|
||||
$check_url = add_query_arg(
|
||||
array(
|
||||
'um_adm_action' => 'check_templates_version',
|
||||
'_wpnonce' => wp_create_nonce( 'check_templates_version' ),
|
||||
)
|
||||
);
|
||||
?>
|
||||
|
||||
<p class="description" style="margin: 20px 0 0 0;">
|
||||
<a href="<?php echo esc_url( add_query_arg( 'um_adm_action', 'check_templates_version' ) ); ?>" class="button" style="margin-right: 10px;">
|
||||
<a href="<?php echo esc_url( $check_url ); ?>" class="button" style="margin-right: 10px;">
|
||||
<?php esc_html_e( 'Re-check templates', 'ultimate-member' ); ?>
|
||||
</a>
|
||||
<?php
|
||||
|
||||
@@ -1,4 +1,5 @@
|
||||
<?php if ( ! defined( 'ABSPATH' ) ) {
|
||||
<?php
|
||||
if ( ! defined( 'ABSPATH' ) ) {
|
||||
exit;
|
||||
}
|
||||
|
||||
@@ -9,18 +10,32 @@ $count = $wpdb->get_var(
|
||||
FROM {$wpdb->options}
|
||||
WHERE option_name LIKE 'um_cache_userdata_%'"
|
||||
);
|
||||
|
||||
$url_user_cache = add_query_arg(
|
||||
array(
|
||||
'um_adm_action' => 'user_cache',
|
||||
'_wpnonce' => wp_create_nonce( 'user_cache' ),
|
||||
)
|
||||
);
|
||||
|
||||
$url_user_status_cache = add_query_arg(
|
||||
array(
|
||||
'um_adm_action' => 'user_status_cache',
|
||||
'_wpnonce' => wp_create_nonce( 'user_status_cache' ),
|
||||
)
|
||||
);
|
||||
?>
|
||||
|
||||
<p><?php _e( 'Run this task from time to time to keep your DB clean.', 'ultimate-member' ) ?></p>
|
||||
<p><?php esc_html_e( 'Run this task from time to time to keep your DB clean.', 'ultimate-member' ); ?></p>
|
||||
|
||||
<p>
|
||||
<a href="<?php echo esc_url( add_query_arg( 'um_adm_action', 'user_cache' ) ); ?>" class="button">
|
||||
<a href="<?php echo esc_url( $url_user_cache ); ?>" class="button">
|
||||
<?php
|
||||
// translators: %s: users number.
|
||||
echo esc_html( sprintf( __( 'Clear cache of %s users', 'ultimate-member' ), $count ) );
|
||||
?>
|
||||
</a>
|
||||
<a href="<?php echo esc_url( add_query_arg( 'um_adm_action', 'user_status_cache' ) ); ?>" class="button">
|
||||
<a href="<?php echo esc_url( $url_user_status_cache ); ?>" class="button">
|
||||
<?php esc_html_e( 'Clear user statuses cache', 'ultimate-member' ); ?>
|
||||
</a>
|
||||
</p>
|
||||
|
||||
@@ -1,7 +1,15 @@
|
||||
<?php if ( ! defined( 'ABSPATH' ) ) {
|
||||
<?php
|
||||
if ( ! defined( 'ABSPATH' ) ) {
|
||||
exit;
|
||||
}
|
||||
|
||||
$url = add_query_arg(
|
||||
array(
|
||||
'um_adm_action' => 'purge_temp',
|
||||
'_wpnonce' => wp_create_nonce( 'purge_temp' ),
|
||||
)
|
||||
);
|
||||
|
||||
if ( $this->dir_size( 'temp' ) > 0.1 ) { ?>
|
||||
|
||||
<p>
|
||||
@@ -12,8 +20,8 @@ if ( $this->dir_size( 'temp' ) > 0.1 ) { ?>
|
||||
</p>
|
||||
|
||||
<p>
|
||||
<a href="<?php echo esc_url( add_query_arg( 'um_adm_action', 'purge_temp' ) ); ?>" class="button">
|
||||
<?php _e( 'Purge Temp', 'ultimate-member' ); ?>
|
||||
<a href="<?php echo esc_url( $url ); ?>" class="button">
|
||||
<?php esc_html_e( 'Purge Temp', 'ultimate-member' ); ?>
|
||||
</a>
|
||||
</p>
|
||||
|
||||
|
||||
@@ -1,9 +1,19 @@
|
||||
<?php if ( ! defined( 'ABSPATH' ) ) exit; ?>
|
||||
<?php
|
||||
if ( ! defined( 'ABSPATH' ) ) {
|
||||
exit;
|
||||
}
|
||||
|
||||
$url = add_query_arg(
|
||||
array(
|
||||
'um_adm_action' => 'manual_upgrades_request',
|
||||
'_wpnonce' => wp_create_nonce( 'manual_upgrades_request' ),
|
||||
)
|
||||
);
|
||||
?>
|
||||
|
||||
<p><?php _e( 'Run this task from time to time if you have issues with WP Cron and need to get UM extension updates.', 'ultimate-member' ) ?></p>
|
||||
<p><?php esc_html_e( 'Run this task from time to time if you have issues with WP Cron and need to get UM extension updates.', 'ultimate-member' ); ?></p>
|
||||
<p>
|
||||
<a href="<?php echo esc_url( add_query_arg( 'um_adm_action', 'manual_upgrades_request' ) ); ?>" class="button">
|
||||
<?php _e( 'Get latest versions', 'ultimate-member' ) ?>
|
||||
<a href="<?php echo esc_url( $url ); ?>" class="button">
|
||||
<?php esc_html_e( 'Get latest versions', 'ultimate-member' ); ?>
|
||||
</a>
|
||||
</p>
|
||||
</p>
|
||||
|
||||
@@ -482,13 +482,20 @@ if ( ! class_exists( 'um\core\Permalinks' ) ) {
|
||||
* @param $action
|
||||
* @param $subaction
|
||||
*
|
||||
* @deprecated 2.6.9
|
||||
*
|
||||
* @return mixed|string|void
|
||||
*/
|
||||
public function admin_act_url( $action, $subaction ) {
|
||||
$url = $this->get_current_url();
|
||||
$url = add_query_arg( 'um_adm_action', $action, $url );
|
||||
$url = add_query_arg( 'sub', $subaction, $url );
|
||||
$url = add_query_arg( 'user_id', um_user( 'ID' ), $url );
|
||||
_deprecated_function( __METHOD__, '2.6.9' );
|
||||
$url = add_query_arg(
|
||||
array(
|
||||
'um_adm_action' => $action,
|
||||
'sub' => $subaction,
|
||||
'user_id' => um_user( 'ID' ),
|
||||
'_wpnonce' => wp_create_nonce( $action ),
|
||||
)
|
||||
);
|
||||
return $url;
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user