10h30/ultimatemember
1
0
Fork 0
mirror of https://github.com/10h30/ultimatemember.git synced 2026-06-05 15:09:37 +09:00
Code Issues Packages Projects Releases Wiki Activity

Implement directory privacy settings and add rate limiting

Browse Source 
Adds configurable privacy options for member directories, allowing restrictions on visibility based on roles or login status. Introduces rate limiting for unauthenticated AJAX requests to prevent brute-force attacks or abuse.
This commit is contained in:
Mykyta Synelnikov
2025-12-11 17:36:42 +02:00
parent b75a2145dd
commit fc2c5456e4
18 changed files with 285 additions and 78 deletions
Download Patch File Download Diff File Expand all files Collapse all files
includes/core/class-user-posts.php
+8
View File
@@ -105,6 +105,10 @@ if ( ! class_exists( 'um\core\User_posts' ) ) {
function load_posts() {
UM()->check_ajax_nonce();
if ( UM()->is_rate_limited( 'paginate_posts' ) ) {
wp_send_json_error( __( 'Too many requests', 'ultimate-member' ) );
}
$author = ! empty( $_POST['author'] ) ? absint( $_POST['author'] ) : get_current_user_id();
$page = ! empty( $_POST['page'] ) ? absint( $_POST['page'] ) : 0;
@@ -153,6 +157,10 @@ if ( ! class_exists( 'um\core\User_posts' ) ) {
function load_comments() {
UM()->check_ajax_nonce();
if ( UM()->is_rate_limited( 'paginate_comments' ) ) {
wp_send_json_error( __( 'Too many requests', 'ultimate-member' ) );
}
$user_id = ! empty( $_POST['user_id'] ) ? absint( $_POST['user_id'] ) : get_current_user_id();
$page = ! empty( $_POST['page'] ) ? absint( $_POST['page'] ) : 0;