10h30/ultimatemember
1
0
Fork 0
mirror of https://github.com/10h30/ultimatemember.git synced 2026-06-05 15:09:37 +09:00
Code Issues Packages Projects Releases Wiki Activity

- fixed issue with lack of the nonces in the um_adm_action handler;

Browse Source
This commit is contained in:
Mykyta Synelnikov
2023-07-24 12:57:18 +03:00
parent 2ac7324f77
commit fa2108172f
7 changed files with 110 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files
includes/admin/core/class-admin-columns.php
+1
View File
@@ -118,6 +118,7 @@ if ( ! class_exists( 'um\admin\core\Admin_Columns' ) ) {
'um_adm_action' => 'duplicate_form',
'post_id' => $id,
'nonce' => wp_create_nonce( "um-duplicate_form{$id}" ),
'_wpnonce' => wp_create_nonce( 'duplicate_form' ),
),
admin_url( 'edit.php' )
);
includes/admin/core/class-admin-notices.php
+45 -21
View File
@@ -369,7 +369,6 @@ if ( ! class_exists( 'um\admin\core\Admin_Notices' ) ) {
);
}
/**
* Regarding page setup
*/
@@ -381,9 +380,16 @@ if ( ! class_exists( 'um\admin\core\Admin_Notices' ) ) {
foreach ( $pages as $slug => $page_id ) {
$page = get_post( $page_id );
if ( ! isset( $page->ID ) && in_array( $slug, array_keys( UM()->config()->core_pages ) ) ) {
if ( ! isset( $page->ID ) && array_key_exists( $slug, UM()->config()->core_pages ) ) {
$url = add_query_arg(
array(
'um_adm_action' => 'install_core_pages',
'_wpnonce' => wp_create_nonce( 'install_core_pages' ),
)
);
ob_start(); ?>
ob_start();
?>
<p>
<?php
@@ -393,18 +399,23 @@ if ( ! class_exists( 'um\admin\core\Admin_Notices' ) ) {
</p>
<p>
<a href="<?php echo esc_url( add_query_arg( 'um_adm_action', 'install_core_pages' ) ); ?>" class="button button-primary"><?php _e( 'Create Pages', 'ultimate-member' ) ?></a>
<a href="<?php echo esc_url( $url ); ?>" class="button button-primary"><?php esc_html_e( 'Create Pages', 'ultimate-member' ); ?></a>
&nbsp;
<a href="javascript:void(0);" class="button-secondary um_secondary_dimiss"><?php _e( 'No thanks', 'ultimate-member' ) ?></a>
<a href="javascript:void(0);" class="button-secondary um_secondary_dimiss"><?php esc_html_e( 'No thanks', 'ultimate-member' ); ?></a>
</p>
<?php $message = ob_get_clean();
<?php
$message = ob_get_clean();
$this->add_notice( 'wrong_pages', array(
'class' => 'updated',
'message' => $message,
'dismissible' => true
), 20 );
$this->add_notice(
'wrong_pages',
array(
'class' => 'updated',
'message' => $message,
'dismissible' => true,
),
20
);
break;
}
@@ -413,23 +424,30 @@ if ( ! class_exists( 'um\admin\core\Admin_Notices' ) ) {
if ( isset( $pages['user'] ) ) {
$test = get_post( $pages['user'] );
if ( isset( $test->post_parent ) && $test->post_parent > 0 ) {
$this->add_notice( 'wrong_user_page', array(
'class' => 'updated',
'message' => '<p>' . __( 'Ultimate Member Setup Error: User page can not be a child page.', 'ultimate-member' ) . '</p>',
), 25 );
$this->add_notice(
'wrong_user_page',
array(
'class' => 'updated',
'message' => '<p>' . esc_html__( 'Ultimate Member Setup Error: User page can not be a child page.', 'ultimate-member' ) . '</p>',
),
25
);
}
}
if ( isset( $pages['account'] ) ) {
$test = get_post( $pages['account'] );
if ( isset( $test->post_parent ) && $test->post_parent > 0 ) {
$this->add_notice( 'wrong_account_page', array(
'class' => 'updated',
'message' => '<p>' . __( 'Ultimate Member Setup Error: Account page can not be a child page.', 'ultimate-member' ) . '</p>',
), 30 );
$this->add_notice(
'wrong_account_page',
array(
'class' => 'updated',
'message' => '<p>' . esc_html__( 'Ultimate Member Setup Error: Account page can not be a child page.', 'ultimate-member' ) . '</p>',
),
30
);
}
}
}
}
@@ -441,12 +459,18 @@ if ( ! class_exists( 'um\admin\core\Admin_Notices' ) ) {
$hide_exif_notice = get_option( 'um_hide_exif_notice' );
if ( ! extension_loaded( 'exif' ) && ! $hide_exif_notice ) {
$url = add_query_arg(
array(
'um_adm_action' => 'um_hide_exif_notice',
'_wpnonce' => wp_create_nonce( 'um_hide_exif_notice' ),
)
);
$this->add_notice(
'exif_disabled',
array(
'class' => 'updated',
// translators: %s: query args.
'message' => '<p>' . sprintf( __( 'Exif is not enabled on your server. Mobile photo uploads will not be rotated correctly until you enable the exif extension. <a href="%s">Hide this notice</a>', 'ultimate-member' ), add_query_arg( 'um_adm_action', 'um_hide_exif_notice' ) ) . '</p>',
'message' => '<p>' . sprintf( __( 'Exif is not enabled on your server. Mobile photo uploads will not be rotated correctly until you enable the exif extension. <a href="%s">Hide this notice</a>', 'ultimate-member' ), $url ) . '</p>',
),
10
);
includes/admin/core/class-admin-settings.php
+8 -1
View File
@@ -3072,10 +3072,17 @@ if ( ! class_exists( 'um\admin\core\Admin_Settings' ) ) {
*/
public function settings_override_templates_tab() {
$um_check_version = get_transient( 'um_check_template_versions' );
$check_url = add_query_arg(
array(
'um_adm_action' => 'check_templates_version',
'_wpnonce' => wp_create_nonce( 'check_templates_version' ),
)
);
?>
<p class="description" style="margin: 20px 0 0 0;">
<a href="<?php echo esc_url( add_query_arg( 'um_adm_action', 'check_templates_version' ) ); ?>" class="button" style="margin-right: 10px;">
<a href="<?php echo esc_url( $check_url ); ?>" class="button" style="margin-right: 10px;">
<?php esc_html_e( 'Re-check templates', 'ultimate-member' ); ?>
</a>
<?php