10h30/ultimatemember
1
0
Fork 0
mirror of https://github.com/10h30/ultimatemember.git synced 2026-06-05 15:09:37 +09:00
Code Issues Packages Projects Releases Wiki Activity
4,836 Commits 4 Branches 13 Tags
9d83fba560a6fd3995eb9eaa3d90158841e98c2d
Commit Graph

73 Commits

Author SHA1 Message Date
Mykyta Synelnikov 9d83fba560 Update dynamic function blacklist for security enhancement 
Added a mechanism to dynamically retrieve and merge updated WordPress function lists into the blacklist to prevent unsafe usage in dropdown options. Addresses a security issue (CVE-2025-47691) by using a JSON-based function source tied to WordPress versioning.
 2025-05-12 13:16:17 +03:00
Mykyta Synelnikov f89b29426a Add validation for banned and blacklisted custom fields. 
This update enhances security by introducing checks for banned and blacklisted meta keys in custom fields. It includes CSS updates for admin builder styles and ensures banned fields are flagged accurately in the site health tool.
 2025-04-15 18:08:44 +03:00
Mykyta Synelnikov 920fb168dc * fix related to commit 945b79a97940406b40a5996f9aa2159bd11e29ab 2024-11-11 18:53:17 +02:00
Mykyta Synelnikov 7778186f83 - fixed builder issues; 2023-12-06 17:55:20 +02:00
Mykyta Synelnikov 4eb3ff2093 - fixed #1328; 
- reviewed #1373;
 2023-12-05 14:24:33 +02:00
Mykyta Synelnikov f772dbd708 Merge pull request #1362 from ultimatemember/fix/content_block_new_line 
Content block field new line
 2023-11-21 14:06:58 +02:00
ashubawork a530ed6de5 - add a comment for str_replace 2023-11-21 13:42:23 +02:00
ashubawork 094c07e30a - fix new line in the content block field 2023-11-14 15:30:36 +02:00
Mykyta Synelnikov 3e96b00136 - wp-admin assets refactoring (in process); 2023-11-09 16:13:32 +02:00
Mykyta Synelnikov b40edd26e6 - wp-admin assets refactoring (in process); 2023-11-03 17:31:18 +02:00
ashubawork bf7f3f06e6 - fix validation 2023-09-13 15:08:52 +03:00
ashubawork 35132844c5 - change validation 2023-09-13 15:06:22 +03:00
Mykyta Synelnikov e41cd58e21 - reviewed #1239; 2023-07-11 14:27:57 +03:00
Mykyta Synelnikov 2529a0db7f - fixed edit "Master row" in form builder; 
- maybe fixed "Confirm Password";
 2023-06-29 12:21:40 +03:00
Mykyta Synelnikov 5c33c9b1d3 - small code enhancement + PHPDoc for um_admin_field_update_error_handling(); 2023-06-22 23:55:23 +03:00
Mykyta Synelnikov 3c11dfb47a - removed extract() from dynamic_modal_content() function; 
- wpcs for `dynamic_modal_content()`;
- updated hookdocs for `um_admin_ajax_modal_content__hook_{$act_id}` hook;
- updated hookdocs for `um_admin_ajax_modal_content__hook` hook;
 2023-06-22 23:29:57 +03:00
Mykyta Synelnikov 4246f6e66a - removed extract() from update_field() function; 
- wpcs for `update_field()`;
- updated hookdocs for `um_admin_pre_save_field_to_form` hook;
- updated hookdocs for `um_admin_pre_save_field_to_db` hook;
 2023-06-22 20:02:44 +03:00
Mykyta Synelnikov 069a8d15ac - removed extract() from show_builder() function; 
- wpcs for `show_builder()`;
 2023-06-22 17:06:01 +03:00
Mykyta Synelnikov d5990c7bbb - removed extract() from um_admin_pre_save_fields_hook() function; 
- updated hookdoc for `um_admin_pre_save_fields_hook` hook;
- updated hookdoc for `um_fields_without_metakey` hook;
 2023-06-22 16:09:17 +03:00
Mykyta Synelnikov 4869d273ba - removed extract() function from um_admin_field_update_error_handling() function; 
- added hookdoc for `um_admin_builder_skip_field_validation` hook;
- updated hookdoc for `um_admin_field_update_error_handling` hook;
- fixed deprecated PHP notice for $set_field_type variable;
- changed htmlspecialchars to esc_attr() for form builder modal;
 2023-06-22 12:00:45 +03:00
Mykyta Synelnikov 596c2673fd - PHP8.2 compatibility; 2023-05-01 20:43:50 +03:00
Nikita Sinelnikov 2004aa7dde Custom dropdown callback functions security enhancements: 
- avoid using different letter case for bypass the blacklist e.g. phpInfo
- avoid using root namespace for bypass the blacklist e.g. \phpinfo
 2022-11-09 03:17:23 +02:00
Nikita Sinelnikov aa6a238c61 - added callbacks blacklist. Added PHP command execution functions here to exclude the running them from the custom callback; 2022-09-30 12:31:40 +03:00
Nikita Sinelnikov fe88b40939 - using slashes in the callback function setting of the dropdown fields; 2022-06-08 21:24:23 +03:00
Nikita Sinelnikov 7a9e2b118b - code formatting; 2021-08-02 17:47:50 +03:00
yuriinalivaiko ed5c3c7203 Merge remote-tracking branch 'origin/master' into fix/form_columns_display 2021-08-02 16:32:24 +03:00
yuriinalivaiko bc5aec27d3 Fix columns 2021-08-02 16:31:58 +03:00
Nikita Sinelnikov 418da5b50f - fixed builder PHP errors; 2021-08-02 16:23:50 +03:00
Nikita Sinelnikov 7380313760 - fixed issues with sanitizing and filters; 2021-07-30 15:43:25 +03:00
Nikita Sinelnikov eeb7c39471 - fixed maybe serialized custom fields; 
- fixed sanitizing;
 2021-07-16 01:35:13 +03:00
Nikita Sinelnikov 8ad07b264f - fixed saving shortcode + content block settings using sanitize; 2021-07-15 17:09:20 +03:00
Nikita Sinelnikov a6fa8ab3ea - fixed sanitizing data on submit field data in wp-admin builder; 2021-07-15 13:50:23 +03:00
Nikita Sinelnikov 07e664be80 - intermediate results with sanitizing form handlers; 2021-06-29 02:51:54 +03:00
andrewshuba a0d9ad9746 - added a tooltip with meta key name for fields in a form settings 2020-12-16 13:41:31 +02:00
nikitasinelnikov 5afebdd786 - Added: Ability for the integration with Gutenberg Block restriction settings (extends the block restriction settings via 3rd-party plugins); 
- Added: Invalid nonce validation on Login and Registration pages instead of wp_die()
 2020-12-04 03:54:59 +02:00
nikitasinelnikov e9801ee98e Merge remote-tracking branch 'remotes/origin/feature/instruction_for_condition_operator' 2020-12-04 00:18:57 +02:00
nikitasinelnikov c112f02743 - added WP Users restrictions by UM Roles settings; 
- added new extensions to the list;
 2020-08-31 18:05:54 +03:00
denisbaranov ed7ce130a6 Added: Instruction how to use condition operator. 2020-06-03 13:26:13 +03:00
ashubawork 523e00133a - add apply_shortcodes 2020-04-03 11:21:35 +03:00
nikitasinelnikov 0aab9853d9 - sanitizing variables in wp-admin classes; 2020-02-28 15:51:45 +02:00
Champ Camba 70e4082f0b Push updates 2020-01-28 20:57:14 +08:00
nikitasinelnikov 6a93771511 - added fix for options if they contains spaces in the start and the end of option (added trim); 2020-01-21 15:13:33 +02:00
nikitasinelnikov e965b1b3c1 - code formatted; 
- added handlers when you create UM custom fields;
 2020-01-06 11:05:32 +02:00
nikitasinelnikov 31e84f3e11 - fixed forms preview by overlay; 
- fixed profile submit and wrong $user_id from um_user();
 2019-11-29 19:08:17 +02:00
nikitasinelnikov 8859c48cdc - fixed select-type filters options; 2019-11-21 11:41:52 +02:00
denisbaranov 122d71a244 Skip field validation for '_options' if Choices Callback specified 2019-11-13 13:41:07 +02:00
nikitasinelnikov 61df68a5b2 - fixed builder, added fields only for view; 2019-11-12 16:31:32 +02:00
nikitasinelnikov 2547d54ddd - fixed validation on edit mode for username, username or email, password and email fields; 2019-10-24 16:17:16 +03:00
nikitasinelnikov 78c8a57ea7 - fixed preview of the Profile form; 2019-10-23 17:40:35 +03:00
nikitasinelnikov 58cfb1549d - changed Reviews_API() method to Reviews(); 
- added a few translations for admin builder;
- account page CSS responsive fix;
- translations updated;
 2019-10-23 13:13:11 +03:00