10h30/ultimatemember
1
0
Fork 0
mirror of https://github.com/10h30/ultimatemember.git synced 2026-06-05 15:09:37 +09:00
Code Issues Packages Projects Releases Wiki Activity
5,007 Commits 4 Branches 13 Tags
fd44b978cf6e16a3029010db74d464927dbf7f5f
Commit Graph

103 Commits

Author SHA1 Message Date
Mykyta Synelnikov 4b0e4eec25 Merge branch 'development/2.9.x' into fix/CVE-2025-13220 2025-12-16 17:13:37 +02:00
Mykyta Synelnikov fc2c5456e4 Implement directory privacy settings and add rate limiting 
Adds configurable privacy options for member directories, allowing restrictions on visibility based on roles or login status. Introduces rate limiting for unauthenticated AJAX requests to prevent brute-force attacks or abuse.
 2025-12-11 17:36:42 +02:00
Mykyta Synelnikov e9abab925f Fix security vulnerability CVE-2025-13220 in Ultimate Member. 
Addressed CVE-2025-13220 by implementing necessary fixes in the plugin's shortcodes and updating sanitization for shortcode attributes. Removed redundant compatibility checks for WordPress versions earlier than 5.4 and improved stability in the shortcode handling logic.
 2025-12-05 17:41:51 +02:00
Mykyta Synelnikov 88607b854b Update dependencies and enhance emotize method 
Bumps required plugin version dependencies for compatibility. Refactors the `emotize` method by adding a `$stripslashes` parameter to provide optional handling of string slashes, improving flexibility and functionality.
 2025-11-07 14:18:38 +02:00
ashubawork e79dfef4d5 - fix emotize regex 2025-09-30 14:26:55 +03:00
ashubawork 1d3dde0141 - small typo fix 2025-06-16 10:05:04 +03:00
Mykyta Synelnikov 6bf75f412d * fixed #1436; 2024-09-26 12:20:26 +03:00
Mykyta Synelnikov 3b5eba768d - added 'um_loggedin_inner_content' hook; 
- added wp_kses for inner content of [um_loggedin] shortcode;
 2024-09-19 16:06:28 +03:00
Mykyta Synelnikov 6c632a2c68 - fixed CVE ID: CVE-2024-8519 
- WPCS;
 2024-09-12 16:44:53 +03:00
Mykyta Synelnikov f049832b73 - updated docs; 2024-01-15 11:48:18 +02:00
Mykyta Synelnikov bd151875c9 - reviewed #1375; 2024-01-15 11:36:57 +02:00
Mykyta Synelnikov 897258ed90 Merge pull request #1375 from ultimatemember/feature/um_profile_link_shortcode 
Shortcode to display profile link.
 2024-01-15 11:23:05 +02:00
yuriinalivaiko 85f056040e - fixed: the um class removed from the body classes 2024-01-01 21:17:02 +02:00
yuriinalivaiko 7ac78a6f57 - added shortcode um_profile_link 2023-12-22 15:28:46 +02:00
Mykyta Synelnikov 9798c81a5e - minified assets; 
- updated readme.txt > changelog section;
- PHPDoc + Hookdocs updated for enqueue classes (common, admin, frontend);
- fixed typos in PHPDoc;
 2023-11-17 17:25:47 +02:00
Mykyta Synelnikov b40edd26e6 - wp-admin assets refactoring (in process); 2023-11-03 17:31:18 +02:00
Mykyta Synelnikov b83da8b814 - WPCS for defined constants; 
* um_url -> UM_URL
   * um_path -> UM_PATH
   * um_plugin -> UM_PLUGIN
   * ultimatemember_version -> UM_VERSION
   * ultimatemember_plugin_name -> UM_PLUGIN_NAME
 2023-09-13 22:56:32 +03:00
Mykyta Synelnikov af140bda82 - added hooks for easy integration cases like #1279; 2023-09-05 02:04:03 +03:00
Mykyta Synelnikov 6e9d122494 - fixed "is_block" argument for ultimatemember shortcodes; 
- added sanitize shortcode arguments functions;
 2023-09-02 00:53:51 +03:00
Mykyta Synelnikov fca7b4b0d5 - fixed [ultimatemember] shortcode attributes; 2023-08-31 11:27:11 +03:00
Mykyta Synelnikov 8b19234dcf - fixed [ultimatemember] shortcode using with a wrong|empty form_id; 2023-08-28 15:10:42 +03:00
Mykyta Synelnikov 42bfa3fa61 - added um_force_shortcode_render hook for echo custom content in ultimatemember shortcode; 2023-08-24 17:37:41 +03:00
Mykyta Synelnikov bfef1f9dc7 - reviewed #1269; 
- unified `UM()->fields()->editing` and `UM()->fields()->viewing` to bool variables use true|false in conditions to make `===` or `!==` comparing;
 2023-08-15 03:49:13 +03:00
Mykyta Synelnikov ad11a6c479 - fixed singleton for shortcode; 
- there were a conflicts with plugins who render shortcodes in hidden mode before loading shortcodes on the page content;
 2023-07-21 15:47:01 +03:00
Mykyta Synelnikov 565a8f074a - fixed loading UM forms shortcode twice; 2023-07-13 16:03:28 +03:00
ashubawork 973dd64713 - fix user page blocks 2023-07-12 11:46:03 +03:00
Mykyta Synelnikov 6f9109adca - review edit_field(); 2023-06-28 20:56:09 +03:00
Mykyta Synelnikov 03e5424867 - review dynamic_css(); 2023-06-26 20:46:23 +03:00
Mykyta Synelnikov 8749b2cf5e - review load(); 2023-06-26 18:00:25 +03:00
Mykyta Synelnikov f8da8f0433 - review ultimatemember_password(); 
- made UM()->password()->change_password variable as private and avoid dynamic for PHP8 compatibility;
- marked `um_before_{$mode}_form_is_loaded` hook as has to be deprecated since 2.7.0 because it duplicates previous 2 hooks with similar;
- updated hookdocs for `um_before_{$mode}_form_is_loaded`;
- updated hookdocs for `um_before_form_is_loaded`;
- updated hookdocs for `um_pre_{$mode}_shortcode`;
 2023-06-26 16:54:43 +03:00
ashubawork f6c2e17017 - fix dynamic_css() 2023-06-22 14:49:40 +03:00
ashubawork 9cc48e0a8c - fix load() 2023-06-22 14:40:44 +03:00
Mykyta Synelnikov 8057d06f81 - reviewed #769; 
- added `get_member_directory_id()` function for getting member directory ID based on page ID;
- commented hooks 'um_prepare_user_results_array', 'um_prepare_user_results_array_meta'
- added snippet fo hiding filters from member directory based on public or private visibility;
 2023-06-12 15:22:35 +03:00
Nikita Sinelnikov 212cbec9f8 Merge branch 'development/2.6.1' into feature/um-blocks 2023-05-23 11:14:37 +03:00
ashubawork 0c7bfbf9d7 - fix profile block for guests 2023-05-09 13:30:39 +03:00
ashubawork 35f9aac031 - not show account and profile on profile and account pages 2023-05-08 19:50:01 +03:00
ashubawork bcadcfc7bd - fix profile form for guests 2023-04-25 11:18:22 +03:00
Mykyta Synelnikov af2f9abae3 - fixed dynamically declared class variables; 2023-04-24 02:25:10 +03:00
Mykyta Synelnikov 034d9e8b43 - fixed dynamically declared variables inside the classes; 2023-04-17 20:16:15 +03:00
ashubawork a08ed9b6c1 - reset password block 2023-03-29 14:38:11 +03:00
Nikita Sinelnikov 6746f0ce03 - fixed directory checking for localhosts; 2022-10-10 15:29:30 +03:00
Nikita Sinelnikov e1bc94c110 - fixed Directory Traversal vulnerability. Using realpath for that; 2022-09-27 15:13:35 +03:00
Nikita Sinelnikov 14dc36b813 - fixed directory traversal vulnerability; 2022-09-27 13:58:01 +03:00
Nikita Sinelnikov 9cdf65973c - prepared for 2.4.0 release; 2022-05-24 18:29:39 +03:00
Nikita Sinelnikov 07e664be80 - intermediate results with sanitizing form handlers; 2021-06-29 02:51:54 +03:00
Nikita Sinelnikov 71dc8d4730 - fixed displaying different profile form shortcodes with different role visibility settings on the same page; 
- fixed displaying avatar on the logout page;
 2021-06-15 12:18:56 +03:00
nikitasinelnikov ea496625f8 Added: Hook to unlock the ability to add new users through the registration form 2021-04-27 00:21:32 +03:00
nikitasinelnikov 4ac6071aa2 - fixed roles field, which isn't customized; 2020-09-22 14:30:25 +03:00
nikitasinelnikov ec1db4f5cd - fixed roles options; 2020-09-11 00:14:20 +03:00
nikitasinelnikov 073a9bc329 Merge remote-tracking branch 'remotes/origin/feature/apply_shortcodes' 2020-05-25 17:37:49 +03:00