10h30/ultimatemember
1
0
Fork 0
mirror of https://github.com/10h30/ultimatemember.git synced 2026-06-05 15:09:37 +09:00
Code Issues Packages Projects Releases Wiki Activity
Files
74647d42cc8d63f5d4f687efcd0792c246c23039
ultimatemember/includes/core
T
History
Mykyta Synelnikov 74647d42cc Fix improper namespace usage and enhance regex validation due to CVE ID: CVE-2025-1702 
Replaced \WP_User_Query with correctly imported WP_User_Query to ensure proper namespace handling. Added a new regex pattern to block sleep injections, enhancing security within the member directory query validation.
2025-02-28 12:13:15 +02:00
..
rest
* fixed CVE-2024-12276;
2025-02-03 16:17:37 +02:00
class-access.php
* fixed CVE-2024-12276;
2025-02-03 16:17:37 +02:00
class-account.php
Refactor password handling to bypass wp_unslash.
2025-02-12 17:47:19 +02:00
class-ajax-common.php
* maybe fixed CVE-2024-10528;
2024-11-05 11:55:07 +02:00
class-blocks.php
- change blocks folder
2024-11-06 12:12:13 +02:00
class-builtin.php
- fixed Telegram and Discord social links in profile header
2024-06-14 21:52:05 +03:00
class-cron.php
- UM cron class review;
2023-07-07 13:34:55 +03:00
class-date-time.php
- finally reviewed #1361;
2023-12-01 12:50:13 +02:00
class-external-integrations.php
- fixed using esc_attr() in href="" attributes;
2024-03-27 11:06:02 +02:00
class-fields.php
* using wp_is_mobile instead of MobileDetect library
2024-12-17 21:53:18 +02:00
class-files.php
* sorted deprecated function;
2024-11-29 14:24:35 +02:00
class-fonticons.php
- FontIcons libraries moving to legacy;
2023-09-26 12:25:49 +03:00
class-form.php
Refactor password handling to bypass wp_unslash.
2025-02-12 17:47:19 +02:00
class-gdpr.php
- partially reviewed #1361;
2023-11-30 10:55:00 +02:00
class-login.php
- updated hookdocs;
2023-07-18 12:06:17 +03:00
class-logout.php
- updated hookdocs;
2023-07-18 12:06:17 +03:00
class-mail.php
* changed hook for initialization of email templates paths;
2024-11-29 14:09:23 +02:00
class-member-directory-meta.php
* fixed CVE-2024-12276;
2025-02-03 16:17:37 +02:00
class-member-directory.php
Fix improper namespace usage and enhance regex validation due to CVE ID: CVE-2025-1702
2025-02-28 12:13:15 +02:00
class-multisite.php
- fixed scroll via enqueue new scroll library;
2019-05-02 18:29:00 +03:00
class-options.php
- WPCS;
2024-03-07 14:56:55 +02:00
class-password.php
Refactor password handling to bypass wp_unslash.
2025-02-12 17:47:19 +02:00
class-permalinks.php
Fixes 'um_dispatch_email' action #1589
2024-11-19 17:48:10 +02:00
class-plugin-updater.php
* updated requests to site URL;
2025-01-31 15:19:28 +02:00
class-profile.php
- reviewed #1481;
2024-04-02 17:28:54 +03:00
class-query.php
* fixed CVE-2024-12276;
2025-02-03 16:17:37 +02:00
class-register.php
- updated hookdocs;
2023-07-18 12:06:17 +03:00
class-rewrite.php
* Admin Users bulk-actions
2024-09-24 13:18:48 +03:00
class-roles-capabilities.php
* fixed um_current_user_can();
2024-11-15 11:16:55 +02:00
class-setup.php
Merge remote-tracking branch 'origin/development/2.8.x' into feature/new_fa
2024-04-25 01:41:04 +03:00
class-shortcodes.php
* fixed #1436;
2024-09-26 12:20:26 +03:00
class-templates.php
- WPCS for defined constants;
2023-09-13 22:56:32 +03:00
class-uploader.php
* fixed CVE-2024-12276;
2025-02-03 16:17:37 +02:00
class-user-posts.php
* fixed CVE-2024-12276;
2025-02-03 16:17:37 +02:00
class-user.php
* sorted deprecated function;
2024-11-29 14:24:35 +02:00
class-validation.php
- reviewd #1237;
2023-07-04 12:44:06 +03:00
um-actions-access.php
* fixed sending emails upon registration;
2024-10-10 18:18:56 +03:00
um-actions-account.php
fixed "Download your data" and "Erase of your data" fields layout.
2025-01-17 16:03:51 +02:00
um-actions-ajax.php
- intermediate results with sanitizing form handlers;
2021-06-29 02:51:54 +03:00
um-actions-form.php
* fixed security issue CVE ID: CVE-2025-0308
2025-01-08 12:20:35 +02:00
um-actions-global.php
* added honeypot scripts/styles via
2025-01-30 13:00:17 +02:00
um-actions-login.php
* fixed login form after recent updates
2024-10-11 17:10:42 +03:00
um-actions-misc.php
* added security condition to check that one logged-in user cannot activate another one user via email activation link;
2024-10-11 18:47:40 +03:00
um-actions-profile.php
Refactor profile image handling in Ultimate Member.
2025-02-28 11:22:24 +02:00
um-actions-register.php
Fixes 'um_dispatch_email' action #1589
2024-11-19 17:48:10 +02:00
um-actions-save-profile.php
* fixed #1434;
2024-09-26 17:39:57 +03:00
um-actions-user.php
- added escape functions, security fix for XSS;
2019-08-08 00:36:33 +03:00
um-actions-wpadmin.php
- intermediate results with sanitizing form handlers;
2021-06-29 02:51:54 +03:00
um-filters-account.php
- reviewd #1237;
2023-07-04 12:44:06 +03:00
um-filters-avatars.php
* reviewed #1582;
2024-11-13 17:20:52 +02:00
um-filters-commenting.php
- fixed using esc_attr() in href="" attributes;
2024-03-27 11:06:02 +02:00
um-filters-fields.php
* fixed HTML formatted textarea;
2024-10-10 11:56:55 +03:00
um-filters-files.php
- fixed user registration;
2018-03-20 13:24:38 +02:00
um-filters-login.php
* fixed sending emails upon registration;
2024-10-10 18:18:56 +03:00
um-filters-misc.php
- fixed user registration;
2018-03-20 13:24:38 +02:00
um-filters-navmenu.php
- fixed conditional menu handlers for MegaMenu themes (#1334);
2024-01-04 00:54:19 +02:00
um-filters-profile.php
* fixed deprecated function
2024-09-27 18:01:58 +03:00
um-filters-user.php
* Admin Users bulk-actions
2024-09-24 13:18:48 +03:00