fc2c5456e4
Implement directory privacy settings and add rate limiting
...
Adds configurable privacy options for member directories, allowing restrictions on visibility based on roles or login status. Introduces rate limiting for unauthenticated AJAX requests to prevent brute-force attacks or abuse.
2025-12-11 17:36:42 +02:00
a102d22ce1
Prevent shortcode execution in user input sanitization.
...
Added `strip_shortcodes` across various sanitization routines to ensure user inputs do not execute shortcodes. This enhances security by blocking unintended shortcode processing in fields such as text, email, URLs, and form descriptions.
2025-06-24 17:16:28 +03:00
422d2b7c67
Refactor password handling to bypass wp_unslash.
...
Introduce a dedicated method to handle password fields securely, avoiding `wp_unslash` for these fields. This enhances consistency and security when processing form data across the plugin.
2025-02-12 17:47:19 +02:00
17d95a189b
Task CU-86cxwy7ww
...
- password sanitize has been changed to the standard WordPress one.
2025-02-04 23:23:26 +02:00
b63ebf1a63
Merge pull request #1578 from ultimatemember/fix/registration_role
...
Fixes validation of the form slug
2024-11-13 00:37:32 +02:00
8b8f3667bd
* removed extra unwrapping for wp_editor field values;
2024-10-21 17:34:12 +03:00
cd70fe6df6
Merge pull request #1563 from ultimatemember/fix/textarea_html_on
...
Fix HTML formatted textarea
2024-10-14 12:56:04 +03:00
3c56190fa3
* fixed login form after recent updates
...
* updated um_submit_form_{$mode} hook documentation
2024-10-11 17:10:42 +03:00
07949b9c35
* fixed HTML formatted textarea;
2024-10-10 11:56:55 +03:00
cccce6ebc3
* fixed running UM()->fields()->get_restricted_fields_for_edit() function in the fields loop;
2024-09-27 17:55:44 +03:00
5e7018e9f2
* checking not empty $match;
2024-09-27 14:48:23 +03:00
592b4e6ecd
* fixed #1434 ;
2024-09-26 17:39:57 +03:00
b509018276
- make it impossible to create a user without a role even with incorrect "Registration Default Role" setting.
2024-09-18 23:16:11 +03:00
518e84d27f
Moved tel to other types that use same sanitization
2024-07-29 15:01:28 +02:00
744362706a
Added sanitized tel input type
2024-07-29 14:12:11 +02:00
cdd888a4d3
- fixed social URLs where user can put his social username (e.g. Instagram, Facebook);
...
- WPCS for the built-in fields;
- added blueprint.json;
2024-04-10 15:40:43 +03:00
2c5f396795
- partially reviewed #1361 ;
2023-12-01 00:30:37 +02:00
edf0ed3085
- minified scripts;
...
- wpcs;
2023-11-28 15:07:53 +02:00
5d750f35dc
- reviewed #1343 ;
...
- wpcs;
2023-11-21 15:28:20 +02:00
9f1d64e473
Merge pull request #1351 from ultimatemember/fix/social_url_characters
...
Social URL characters
2023-11-21 14:52:21 +02:00
16d376d91a
- fix social url with the esc_url_raw()
2023-11-21 14:28:19 +02:00
9798c81a5e
- minified assets;
...
- updated readme.txt > changelog section;
- PHPDoc + Hookdocs updated for enqueue classes (common, admin, frontend);
- fixed typos in PHPDoc;
2023-11-17 17:25:47 +02:00
b40edd26e6
- wp-admin assets refactoring (in process);
2023-11-03 17:31:18 +02:00
9bbad3ce21
- fix special characters in social urls
2023-10-31 11:53:47 +02:00
3ccb9cf619
- fixed custom callback member directories filters with child dropdown filters;
2023-10-13 15:35:39 +03:00
66d9f83364
- reviewed #1330 ;
2023-10-12 00:05:45 +03:00
e84ab0b677
- updated phpdocs;
2023-10-10 12:34:19 +03:00
2cf7387b69
- for member directory
2023-09-26 09:05:22 +03:00
e5b8ff400e
- fixed editable attribute base on the legacy code;
...
- if `editable` attribute doesn't exist then we set `editable` to true by default;
2023-09-05 01:12:16 +03:00
26de093b38
- fixed variable type for UM()->form()->processing and UM()->fields()->set_id;
2023-08-23 15:00:21 +03:00
999deb6145
- fixed HTML validation for user description field in header;
2023-08-15 23:04:46 +03:00
d99b011380
- fixed HTML validation for user description field in header;
2023-08-15 22:39:18 +03:00
bdfcd0f55f
- added form administrative roles notice;
...
- fixed #1245 ;
2023-07-11 22:31:02 +03:00
5fa9b23233
- fixed registration with empty role field (set default if empty);
2023-07-02 21:21:50 +03:00
77889c6070
- fixed typo;
2023-07-02 20:45:09 +03:00
12167f8612
- fixed updating user description if there isn't custom field on profile form, but field is displayed on profile top;
2023-07-02 12:58:22 +03:00
d6d129d53b
- prepared for release;
2023-07-01 13:54:57 +03:00
dad4c8017c
- fix for profile form;
2023-07-01 01:52:43 +03:00
2ca243787e
- fix for registration form;
2023-06-30 22:10:16 +03:00
7fafa3a4b3
- fix for registration form;
2023-06-30 21:55:59 +03:00
246de13726
- finished with UM Forms validations;
2023-06-30 16:58:12 +03:00
71f2360694
- review login form and submission data. optimized submission;
2023-06-30 15:56:30 +03:00
78a1a32530
Merge pull request #1219 from ultimatemember/fix/remove_extract_frontend
...
Remove extract() frontend
2023-06-28 21:41:00 +03:00
fc07de48b7
- fixed vulnerability with banned keys (made them not case-sensitive);
2023-06-28 11:17:28 +03:00
c2757d824b
- review ajax_muted_action();
2023-06-26 17:04:58 +03:00
5c8c3411e7
- wpcs fixes;
2023-06-23 16:53:38 +03:00
f79712b549
- fix ajax_muted_action()
2023-06-22 12:57:43 +03:00
43a5e22473
- fixed PHP deprecated warning for PHP8.2
2023-06-21 20:27:17 +03:00
4c6a2c3b45
- add a spotify field
2023-06-13 09:32:03 +03:00
76cb1cc448
- fixed PHP notice;
2023-06-05 18:44:38 +03:00
Mykyta Synelnikov