Previously, empty `meta_value` entries were included in the query, potentially causing inaccurate results. This update adds a condition to exclude empty `meta_value` entries, ensuring more reliable directory filtering.
Updated the condition to ensure proper validation for secondary email fields. This change ensures unique email addresses and prevents potential conflicts in user data.
Updated conditions to handle empty and invalid email input more accurately. Ensures required emails are not skipped and includes stricter checks for existing or incorrect emails.
Introduced new filter hooks for primary button classes in forms and improved URL handling for password resets and account activations. Deprecated several unused functions and replaced them with updated alternatives to streamline the codebase. Updated documentation and templates accordingly.
Updated the user ID comparison logic in the Ultimate Member plugin to use `absint` for both values. This prevents type mismatches and ensures robust validation during form submission.
Added `strip_shortcodes` across various sanitization routines to ensure user inputs do not execute shortcodes. This enhances security by blocking unintended shortcode processing in fields such as text, email, URLs, and form descriptions.
Updated the structure of debug information methods by replacing `array_merge` with simpler array extensions and renaming variables for clarity. This ensures consistent handling of role metadata and improves readability and maintainability of code across multiple plugins.
This update adds a condition to exclude empty `meta_value` entries in multiple queries within the member directory class. It ensures more accurate results and prevents potential issues caused by blank metadata in the `usermeta` table.
Added checks to enforce primary email requirement and prevent secondary email duplication with the primary email. Improved user lookup for unique email verification using meta queries.
Introduced new filters to customize CSS classes for primary buttons in login, registration, and password reset forms. This allows developers to extend button styling by applying custom classes via WordPress hooks. Changes enhance flexibility and improve theme compatibility.
The login form shortcode functionality was outdated and no longer in use. By removing it, the codebase is simplified and unnecessary complexity is eliminated. This improves maintainability and aligns with the current state of the plugin.
Introduce the `[um_login]` shortcode for rendering the login form, with backend logic for customization and error handling. Enhance flexibility by adding filters to dynamically modify primary button classes for login, register, and password-reset forms.
Streamline placeholder handling for emails by introducing universal patterns and replacements, and update email dispatch functions for efficiency. Deprecated various redundant user and password-related methods, consolidating logic into common utility classes for better maintainability.
Simplified conditional checks for password and account form submissions by replacing `isset` with `!empty` where applicable. This improves readability and reduces redundancy while maintaining functionality and security. Added comments to clarify nonce verification status.
Added a mechanism to dynamically retrieve and merge updated WordPress function lists into the blacklist to prevent unsafe usage in dropdown options. Addresses a security issue (CVE-2025-47691) by using a JSON-based function source tied to WordPress versioning.
Added optional parameter to `reset_url` for user-specific handling. Updated email dispatch logic to include dynamic generation of the password reset link with proper placeholder replacements.
Ensure proper handling of user data in password reset functions by adding checks and updating parameter handling. Introduce a new filter to extend site health information and include a setting for enabling email sending via Action Scheduler. Improve code clarity with updated comments and function annotations.
Update country name from "Turkey" to "Türkiye"
Replaced the outdated reference to "Turkey" with "Türkiye" in the Ultimate Member plugin's built-in country list. This aligns with the country's preferred naming convention.
This update enhances security by introducing checks for banned and blacklisted meta keys in custom fields. It includes CSS updates for admin builder styles and ensures banned fields are flagged accurately in the site health tool.
Updated the user meta key from `um_registration_in_progress` to `_um_registration_in_progress` across multiple files for consistency and proper functionality. This change ensures accurate checking and handling of users in the registration process.
Introduced a new batch process to handle users lacking an `account_status` meta efficiently. Refactored legacy methods, added async scheduling, and created helper functions to manage and track progress. These changes improve performance and reliability for large user bases.
Introduce a new `Users` class to handle scheduled tasks for user status checks and batch processing. Refactor user approval functionality to allow silent operations and avoid sending notifications where unnecessary. Enhance user registration to prevent unfinished registrations from being processed in scheduled checks.
Updated the setting name across relevant files to improve clarity and better reflect its functionality. Adjusted related logic to ensure consistent behavior with the new naming.
Updated the registration process to avoid sending notifications for admin-created users. Simplified and clarified user status handling, ensuring consistent behavior across frontend and admin actions.
Improved code readability by consolidating and consistently ignoring nonce verification warnings where it has already been verified. This simplifies the logic and ensures clearer handling of `$_POST` variables in the member directory search functionality.
Ensure proper validation for `directory_id` when processing search queries. Default include and exclude fields are applied if `directory_id` is absent, preserving functionality and preventing errors.
Replaced deprecated and complex search query methods with a more streamlined and flexible implementation. Introduced improved handling of core and custom search fields, optimized search logic, and added better filter support. Incremented plugin version to 2.10.2 to reflect these changes.
Simplified the regex patterns for detecting and preventing `sleep` and `benchmark` injections. This improves the accuracy and maintainability of the security checks in the member directory code.
Updated regular expressions to strengthen protection against sleep and benchmark injection attacks. This change improves the security of queries by handling potential edge cases more effectively.
Mykyta Synelnikov