10h30/ultimatemember
1
0
Fork 0
mirror of https://github.com/10h30/ultimatemember.git synced 2026-06-05 15:09:37 +09:00
Code Issues Packages Projects Releases Wiki Activity
5,030 Commits 4 Branches 13 Tags
50737e041c7ebb6d95bc5bb4116c8e8454d12b77
Commit Graph

51 Commits

Author SHA1 Message Date
Mykyta Synelnikov ecfb652059 Fix: CVE-2025-14081 and update field filtering logic. 
Addressed a security vulnerability (CVE-2025-14081) and enhanced the logic for filtering fields based on user permissions. Made `filter_fields_by_attrs` a private function for improved encapsulation.
 2025-12-05 18:08:59 +02:00
ashubawork 8083ad4e99 - fix change email permissions 2025-04-30 12:02:03 +03:00
Mykyta Synelnikov 422d2b7c67 Refactor password handling to bypass wp_unslash. 
Introduce a dedicated method to handle password fields securely, avoiding `wp_unslash` for these fields. This enhances consistency and security when processing form data across the plugin.
 2025-02-12 17:47:19 +02:00
yuriinalivaiko 17d95a189b Task CU-86cxwy7ww 
- password sanitize has been changed to the standard WordPress one.
 2025-02-04 23:23:26 +02:00
Mykyta Synelnikov a4d20fe4fd - reviewed #1481; 2024-04-02 17:28:54 +03:00
Mykyta Synelnikov 31ef4924f3 - fixed #1316; 2023-10-03 15:40:10 +03:00
Mykyta Synelnikov 47e97ceb59 - updated hookdocs; 
- partially reviewed site health functionality;
- hide notifications tab setting when there aren't any possible notifications for disabling in User Account (#1318)
 2023-10-03 13:30:02 +03:00
Mykyta Synelnikov 6e9d122494 - fixed "is_block" argument for ultimatemember shortcodes; 
- added sanitize shortcode arguments functions;
 2023-09-02 00:53:51 +03:00
Mykyta Synelnikov 26de093b38 - fixed variable type for UM()->form()->processing and UM()->fields()->set_id; 2023-08-23 15:00:21 +03:00
Mykyta Synelnikov bfef1f9dc7 - reviewed #1269; 
- unified `UM()->fields()->editing` and `UM()->fields()->viewing` to bool variables use true|false in conditions to make `===` or `!==` comparing;
 2023-08-15 03:49:13 +03:00
Mykyta Synelnikov bf2ddacb73 - fixed singleton for Account shortcode; 
- there were a conflicts with plugins who render shortcodes in hidden mode before loading shortcodes on the page content;
 2023-07-22 00:51:26 +03:00
Mykyta Synelnikov 8718e19707 - fixed loading account shortcode twice; 2023-07-13 15:50:56 +03:00
ashubawork 973dd64713 - fix user page blocks 2023-07-12 11:46:03 +03:00
ashubawork b56573dd9b - checking for account block 2023-07-12 09:41:25 +03:00
Mykyta Synelnikov f8da8f0433 - review ultimatemember_password(); 
- made UM()->password()->change_password variable as private and avoid dynamic for PHP8 compatibility;
- marked `um_before_{$mode}_form_is_loaded` hook as has to be deprecated since 2.7.0 because it duplicates previous 2 hooks with similar;
- updated hookdocs for `um_before_{$mode}_form_is_loaded`;
- updated hookdocs for `um_before_form_is_loaded`;
- updated hookdocs for `um_pre_{$mode}_shortcode`;
 2023-06-26 16:54:43 +03:00
Mykyta Synelnikov 936190d93e - updated using get_option( 'permalink_structure' ) to UM()->is_permalinks which is the same; 
- code review for WPML profile links;
- fixed User Profile tabs and subtabs link with WPML arguments in link;
- added deprecated function to outdated `um_rel_canonical_()`. @todo remove since 2.7.0;
- fixed WPCS in class-permalinks.php;
- deprecated `um_localize_permalink_filter`. Use `post_link` instead;
- added new hooks: `um_profile_permalink`,`um_external_profile_url` and new docs for them;
- added new hookdocs for `um_get_current_page_url`;
- temporarily added development/2.6.3 branch to build-docs.yml
 2023-06-09 12:28:15 +03:00
ashubawork 35f9aac031 - not show account and profile on profile and account pages 2023-05-08 19:50:01 +03:00
ashubawork 81eddaa7ea - fix checking attr widget 2023-05-01 10:42:37 +03:00
ashubawork 5c40cf7b08 - fix wrong user id in account block 2023-04-27 12:51:57 +03:00
yuriinalivaiko 861930f108 - fixed input POST data on Change Password 2023-03-01 15:33:11 +02:00
Nikita Sinelnikov 07e664be80 - intermediate results with sanitizing form handlers; 2021-06-29 02:51:54 +03:00
nikitasinelnikov 5e782cf922 - fixed account submission for password reset; 2020-08-03 18:06:26 +03:00
nikitasinelnikov 02fde13b39 - added profile privacy setting for the avoiding profile indexation; 2020-06-19 13:07:04 +03:00
nikitasinelnikov 6903822e2c * Enhancements: 
- Updated select2 JS library to 4.0.12 version
  - Added a few member directories filters for 3rd-party integrations

* Bugfixes:

  - Added labels for member directories filters to increase Accessibility points in Audit
  - Fixed activation licenses with sslverify
 2020-01-24 14:59:47 +02:00
nikitasinelnikov 2da12b3354 - code formatting; 
- added version's changelog;
 2019-11-26 12:17:25 +02:00
andrewshuba 02c7486978 - fix set_id 2019-11-26 10:36:04 +02:00
nikitasinelnikov 91048da275 - fixed dropdown.js handlers; 
- fixed account save some fields which were initialized after adding custom;
- fixed enqueue members scripts;
- small CSS fixes;
 2019-10-21 13:31:59 +03:00
nikitasinelnikov 77e3cc608b - member directory header; 
- account tabs fields fixes;
 2019-09-27 12:38:14 +03:00
nikitasinelnikov 637f6548eb - fixed secure account fields long meta; 2019-09-26 16:52:11 +03:00
nikitasinelnikov 5f66fd5fe3 - added escape functions, security fix for XSS; 2019-08-08 00:36:33 +03:00
nikitasinelnikov a199f35cc7 - increase security via option for Password field in user account; 2019-03-12 09:13:40 +02:00
nikitasinelnikov 19ffd41e22 - update account issue; 2019-03-11 16:01:11 +02:00
nikitasinelnikov c8ff9dec4a - pre-release 2019-03-01 17:08:28 +02:00
nalivaikoyura d9ed83834d Add filter for switch default tab 
https://secure.helpscout.net/conversation/783720386/28231?folderId=1651531
 2019-02-22 12:39:14 +02:00
nikitozzzzzzz d9f75f7db0 - fixed issues with account fields; 2018-09-24 09:15:18 +03:00
nikitozzzzzzz 55ddc025f6 - fixed delete user and password change in account page; 2018-09-17 16:53:40 +03:00
nikitozzzzzzz 77b1d495bb - fixed issue with account button ID's duplicates; 2018-06-27 14:00:34 +03:00
nikitozzzzzzz 4000dca515 - fixed wp_mail text/plain and text/html headers; 
- fixed profile tabs without icons at mobile devices;
 2018-05-25 15:05:14 +03:00
Denis Baranov 60637cc3a4 fix privacy tab content 2018-05-09 16:16:32 +03:00
nikitozzzzzzz 3eca951d07 - fixed class exists operators; 2018-03-26 01:27:46 +03:00
nikitozzzzzzz 2ce33098b5 - fixed user registration; 
- phpDoc;
 2018-03-20 13:24:38 +02:00
nikitozzzzzzz 12891ff743 - hook docs; 2018-03-05 16:35:51 +02:00
nikitozzzzzzz 3d19aa00b8 - made hooks documentation; 
- some optimizations and make single functions for some hooks;
 2018-03-02 09:55:49 +02:00
yura_nalivaiko 22585ec184 - changed code for account tabs; 2018-02-26 12:54:41 +02:00
nikitozzzzzzz dca45dad6b - added filters to account tabs; 2018-01-29 01:00:02 +02:00
nikitozzzzzzz d96b612fa7 - small fix for custom account tab's buttons; 2017-12-15 10:48:30 +02:00
nikitozzzzzzz e36c3ca841 - settings optimization; 2017-12-11 09:53:38 +02:00
nikitozzzzzzz e03b16adac - fixed integration with core and another extensions (removed class_exists checking); 2017-08-14 17:24:38 +03:00
nikitozzzzzzz af191ee149 - optimized account page; 
- optimized code of shortcodes/password/account classes;
- fixed some enqueue scripts issues;
 2017-08-11 14:21:42 +03:00
nikitozzzzzzz 6c9668c0cb - fixed encoding if not installed mbstring PHP library; 
- some texts changes;
- some fixes on first install and forms metaboxes;
 2017-08-03 10:52:40 +03:00