User registration & user profile – Profile Builder - Version 2.7.5

Version Description

  • Improved security on forms
  • Implemented a better plugin notification system
Download this release

Release Info

Developer madalin.ungureanu
Plugin Icon 128x128 User registration & user profile – Profile Builder
Version 2.7.5
Comparing to
See all releases

Code changes from version 2.7.4 to 2.7.5

Files changed (8) hide show
  1. admin/admin-functions.php +18 -1
  2. assets/css/style-back-end.css +25 -0
  3. assets/lib/class_notices.php +199 -1
  4. front-end/class-formbuilder.php +6 -1
  5. front-end/default-fields/user-role/user-role.php +8 -1
  6. front-end/login.php +2 -2
  7. index.php +2 -2
  8. readme.txt +5 -1
admin/admin-functions.php CHANGED
@@ -206,4 +206,21 @@ function wppb_admin_rate_us( $footer_text ) {
206
  return $footer_text;
207
  }
208
  }
209
- add_filter('admin_footer_text','wppb_admin_rate_us');
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
206
  return $footer_text;
207
  }
208
  }
209
+ add_filter('admin_footer_text','wppb_admin_rate_us');
210
+
211
+ /* In plugin notifications */
212
+ add_action( 'admin_init', 'wppb_add_plugin_notifications' );
213
+ function wppb_add_plugin_notifications() {
214
+ /* initiate the plugin notifications class */
215
+ $notifications = WPPB_Plugin_Notifications::get_instance();
216
+ /* this must be unique */
217
+ $notification_id = 'wppb_new_add_on_woocommerce';
218
+
219
+ $message = '<img style="float: left; margin: 10px 12px 10px 0; max-width: 100px;" src="https://www.cozmoslabs.com/wp-content/themes/cozmiclight/img/pb_addon_small_woosync.png" alt="WooSync Addon"/>';
220
+ $message .= '<p style="margin-top: 16px;">' . __( 'Extend WooCommerce checkout page with support for all the Profile Builder Pro custom field types, conditional logic and repeater fields with the latest <strong>WooSync addon</strong> for Profile Builder.', 'profile-builder' ) . '</p>';
221
+ // be careful to use wppb_dismiss_admin_notification as query arg
222
+ $message .= '<p><a href="' . add_query_arg( array( 'page' => 'profile-builder-add-ons', 'wppb_dismiss_admin_notification' => $notification_id ), admin_url( 'admin.php' ) ) . '" class="button-primary">' . __( 'Check it out!', 'profile-builder' ) . '</a></p>';
223
+ $message .= '<a href="' . add_query_arg( array( 'wppb_dismiss_admin_notification' => $notification_id ) ) . '" type="button" class="notice-dismiss"><span class="screen-reader-text">' . __( 'Dismiss this notice.', 'profile-builder' ) . '</span></a>';
224
+
225
+ $notifications->add_notification( $notification_id, $message, 'wppb-notice wppb-narrow notice notice-info', true, array( 'profile-builder-add-ons' ) );
226
+ }
assets/css/style-back-end.css CHANGED
@@ -666,4 +666,29 @@ p .wppb-button-free {
666
 
667
  .mb-table-container .wck-state-highlight{
668
  height:45px;
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
669
  }
666
 
667
  .mb-table-container .wck-state-highlight{
668
  height:45px;
669
+ }
670
+
671
+ /**************************************************/
672
+ /* Extra styling for admin notices
673
+ /**************************************************/
674
+ div.wppb-notice {
675
+ position: relative;
676
+ }
677
+
678
+ div.wppb-notice:after {
679
+ display: block;
680
+ content: '';
681
+ clear: both;
682
+ }
683
+
684
+ div.wppb-notice.wppb-narrow {
685
+ max-width: 825px;
686
+ }
687
+
688
+ div.wppb-notice .notice-dismiss {
689
+ text-decoration: none;
690
+ }
691
+
692
+ .wrap div.wppb-admin-notice {
693
+ margin-bottom: 0;
694
  }
assets/lib/class_notices.php CHANGED
@@ -61,4 +61,202 @@ class WPPB_Add_General_Notices{
61
  do_action( $this->notificationId.'_after_notification_dismissed', $current_user );
62
  }
63
  }
64
- ?>
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
61
  do_action( $this->notificationId.'_after_notification_dismissed', $current_user );
62
  }
63
  }
64
+
65
+ Class WPPB_Plugin_Notifications {
66
+
67
+ public $notifications = array();
68
+ private static $_instance = null;
69
+ private $prefix = 'wppb';
70
+ private $menu_slug = 'profile-builder';
71
+ public $pluginPages = array( 'profile-builder-', 'manage-fields', 'wppb-', 'admin-email-customizer', 'user-email-customizer' );
72
+
73
+ protected function __construct() {
74
+ add_action( 'admin_init', array( $this, 'dismiss_admin_notifications' ), 200 );
75
+ add_action( 'admin_init', array( $this, 'add_admin_menu_notification_counts' ), 1000 );
76
+ }
77
+
78
+
79
+ function dismiss_admin_notifications() {
80
+ if( ! empty( $_GET[$this->prefix.'_dismiss_admin_notification'] ) ) {
81
+ $notifications = self::get_instance();
82
+ $notifications->dismiss_notification( sanitize_text_field( $_GET[$this->prefix.'_dismiss_admin_notification'] ) );
83
+ }
84
+
85
+ }
86
+
87
+ function add_admin_menu_notification_counts() {
88
+
89
+ global $menu, $submenu;
90
+
91
+ $notifications = WPPB_Plugin_Notifications::get_instance();
92
+
93
+ if( ! empty( $menu ) ) {
94
+ foreach( $menu as $menu_position => $menu_data ) {
95
+ if( ! empty( $menu_data[2] ) && $menu_data[2] == $this->menu_slug ) {
96
+ $menu_count = $notifications->get_count_in_menu();
97
+ if( ! empty( $menu_count ) )
98
+ $menu[$menu_position][0] .= '<span class="update-plugins '.$this->prefix.'-update-plugins"><span class="plugin-count">' . $menu_count . '</span></span>';
99
+ }
100
+ }
101
+ }
102
+
103
+ if( ! empty( $submenu[$this->menu_slug] ) ) {
104
+ foreach( $submenu[$this->menu_slug] as $menu_position => $menu_data ) {
105
+ $menu_count = $notifications->get_count_in_submenu( $menu_data[2] );
106
+
107
+ if( ! empty( $menu_count ) )
108
+ $submenu[$this->menu_slug][$menu_position][0] .= '<span class="update-plugins '.$this->prefix.'-update-plugins"><span class="plugin-count">' . $menu_count . '</span></span>';
109
+ }
110
+ }
111
+ }
112
+
113
+ /**
114
+ *
115
+ *
116
+ */
117
+ public static function get_instance() {
118
+ if( is_null( self::$_instance ) )
119
+ self::$_instance = new WPPB_Plugin_Notifications();
120
+
121
+ return self::$_instance;
122
+ }
123
+
124
+
125
+ /**
126
+ *
127
+ *
128
+ */
129
+ public function add_notification( $notification_id = '', $notification_message = '', $notification_class = 'update-nag', $count_in_menu = true, $count_in_submenu = array() ) {
130
+
131
+ if( empty( $notification_id ) )
132
+ return;
133
+
134
+ if( empty( $notification_message ) )
135
+ return;
136
+
137
+ global $current_user;
138
+
139
+ if( get_user_meta( $current_user->ID, $notification_id . '_dismiss_notification' ) )
140
+ return;
141
+
142
+ $this->notifications[$notification_id] = array(
143
+ 'id' => $notification_id,
144
+ 'message' => $notification_message,
145
+ 'class' => $notification_class,
146
+ 'count_in_menu' => $count_in_menu,
147
+ 'count_in_submenu' => $count_in_submenu
148
+ );
149
+
150
+
151
+ if( $this->is_plugin_page() ) {
152
+ new WPPB_Add_General_Notices( $notification_id, $notification_message, $notification_class );
153
+ }
154
+
155
+ }
156
+
157
+
158
+ /**
159
+ *
160
+ *
161
+ */
162
+ public function get_notifications() {
163
+ return $this->notifications;
164
+ }
165
+
166
+
167
+ /**
168
+ *
169
+ *
170
+ */
171
+ public function get_notification( $notification_id = '' ) {
172
+
173
+ if( empty( $notification_id ) )
174
+ return null;
175
+
176
+ $notifications = $this->get_notifications();
177
+
178
+ if( ! empty( $notifications[$notification_id] ) )
179
+ return $notifications[$notification_id];
180
+ else
181
+ return null;
182
+
183
+ }
184
+
185
+
186
+ /**
187
+ *
188
+ *
189
+ */
190
+ public function dismiss_notification( $notification_id = '' ) {
191
+ global $current_user;
192
+ add_user_meta( $current_user->ID, $notification_id . '_dismiss_notification', 'true', true );
193
+ }
194
+
195
+
196
+ /**
197
+ *
198
+ *
199
+ */
200
+ public function get_count_in_menu() {
201
+ $count = 0;
202
+
203
+ foreach( $this->notifications as $notification ) {
204
+ if( ! empty( $notification['count_in_menu'] ) )
205
+ $count++;
206
+ }
207
+
208
+ return $count;
209
+ }
210
+
211
+
212
+ /**
213
+ *
214
+ *
215
+ */
216
+ public function get_count_in_submenu( $submenu = '' ) {
217
+
218
+ if( empty( $submenu ) )
219
+ return 0;
220
+
221
+ $count = 0;
222
+
223
+ foreach( $this->notifications as $notification ) {
224
+ if( empty( $notification['count_in_submenu'] ) )
225
+ continue;
226
+
227
+ if( ! is_array( $notification['count_in_submenu'] ) )
228
+ continue;
229
+
230
+ if( ! in_array( $submenu, $notification['count_in_submenu'] ) )
231
+ continue;
232
+
233
+ $count++;
234
+ }
235
+
236
+ return $count;
237
+
238
+ }
239
+
240
+
241
+ /**
242
+ *
243
+ *
244
+ */
245
+ protected function is_plugin_page() {
246
+ if( !empty( $this->pluginPages ) ){
247
+ foreach ( $this->pluginPages as $pluginPage ){
248
+ if( ! empty( $_GET['page'] ) && false !== strpos( $_GET['page'], $pluginPage ) )
249
+ return true;
250
+
251
+ if( ! empty( $_GET['post_type'] ) && false !== strpos( $_GET['post_type'], $pluginPage ) )
252
+ return true;
253
+
254
+ if( ! empty( $_GET['post'] ) && false !== strpos( get_post_type( (int)$_GET['post'] ), $pluginPage ) )
255
+ return true;
256
+ }
257
+ }
258
+
259
+ return false;
260
+ }
261
+
262
+ }
front-end/class-formbuilder.php CHANGED
@@ -259,6 +259,11 @@ class Profile_Builder_Form_Creator{
259
  $field_check_errors = array();
260
 
261
  if( isset( $_REQUEST['action'] ) && $_REQUEST['form_name'] == $this->args['form_name'] ) {
 
 
 
 
 
262
  $field_check_errors = $this->wppb_test_required_form_values( $_REQUEST );
263
  if( empty( $field_check_errors ) ) {
264
 
@@ -437,7 +442,7 @@ class Profile_Builder_Form_Creator{
437
  }
438
  ?>
439
  </p><!-- .form-submit -->
440
- <?php wp_nonce_field( 'verify_form_submission', $this->args['form_type'].'_nonce_field' ); ?>
441
  </form>
442
  <?php
443
  // use this action hook to add extra content after the register form
259
  $field_check_errors = array();
260
 
261
  if( isset( $_REQUEST['action'] ) && $_REQUEST['form_name'] == $this->args['form_name'] ) {
262
+ if( ! isset( $_POST[$this->args['form_type'].'_'. $this->args['form_name'] .'_nonce_field'] ) || ! wp_verify_nonce( $_POST[$this->args['form_type'].'_'. $this->args['form_name'] .'_nonce_field'], 'wppb_verify_form_submission' ) ) {
263
+ echo '<span class="wppb-form-error wppb-error">'. __( 'You are not allowed to do this.', 'profile-builder' ) . '</span>';
264
+ return;
265
+ }
266
+
267
  $field_check_errors = $this->wppb_test_required_form_values( $_REQUEST );
268
  if( empty( $field_check_errors ) ) {
269
 
442
  }
443
  ?>
444
  </p><!-- .form-submit -->
445
+ <?php wp_nonce_field( 'wppb_verify_form_submission', $this->args['form_type'].'_'. $this->args['form_name'] .'_nonce_field' ); ?>
446
  </form>
447
  <?php
448
  // use this action hook to add extra content after the register form
front-end/default-fields/user-role/user-role.php CHANGED
@@ -109,7 +109,14 @@ function wppb_user_role_handler( $output, $form_location, $field, $user_id, $fie
109
 
110
  }
111
  else{
112
- $output .= '<input type="hidden" disabled="disabled" readonly="readonly" value="'.$input_value.'">';
 
 
 
 
 
 
 
113
  }
114
 
115
  return apply_filters( 'wppb_'.$form_location.'_user_role_custom_field_'.$field['id'], $output, $form_location, $field, $user_id, $field_check_errors, $request_data, $input_value, $input_value_multiple );
109
 
110
  }
111
  else{
112
+ if( !empty( $input_value_multiple ) ){
113
+ foreach( $input_value_multiple as $input_value_multi ){
114
+ $output .= '<input type="hidden" disabled="disabled" readonly="readonly" value="'.$input_value_multi.'">';
115
+ }
116
+ }
117
+ else {
118
+ $output .= '<input type="hidden" disabled="disabled" readonly="readonly" value="' . $input_value . '">';
119
+ }
120
  }
121
 
122
  return apply_filters( 'wppb_'.$form_location.'_user_role_custom_field_'.$field['id'], $output, $form_location, $field, $user_id, $field_check_errors, $request_data, $input_value, $input_value_multiple );
front-end/login.php CHANGED
@@ -15,7 +15,7 @@ function wppb_login_form_bottom( $form_part, $args ){
15
  $form_part .= '<input type="hidden" name="wppb_lostpassword_url" value="'.esc_url( $args['lostpassword_url'] ).'"/>';
16
  $form_part .= '<input type="hidden" name="wppb_redirect_priority" value="'. esc_attr( isset( $args['redirect_priority'] ) ? $args['redirect_priority'] : '' ) .'"/>';
17
  $form_part .= '<input type="hidden" name="wppb_referer_url" value="'.esc_url( isset( $_SERVER['HTTP_REFERER'] ) ? $_SERVER['HTTP_REFERER'] : '' ).'"/>';
18
- $form_part .= wp_nonce_field( 'wppb_login', 'CSRFToken', true, false );
19
  }
20
 
21
  $form_part .= '<input type="hidden" name="wppb_redirect_check" value="true"/>';
@@ -317,7 +317,7 @@ function wppb_front_end_login( $atts ){
317
  function wppb_login_security_check( $user, $password ) {
318
 
319
  if( isset( $_POST['wppb_login'] ) ) {
320
- if( ! isset( $_POST['CSRFToken'] ) || ! wp_verify_nonce( $_POST['CSRFToken'], 'wppb_login' ) ) {
321
  $errorMessage = __( 'You are not allowed to do this.', 'profile-builder' );
322
 
323
  return new WP_Error( 'wppb_login_csrf_token_error', $errorMessage );
15
  $form_part .= '<input type="hidden" name="wppb_lostpassword_url" value="'.esc_url( $args['lostpassword_url'] ).'"/>';
16
  $form_part .= '<input type="hidden" name="wppb_redirect_priority" value="'. esc_attr( isset( $args['redirect_priority'] ) ? $args['redirect_priority'] : '' ) .'"/>';
17
  $form_part .= '<input type="hidden" name="wppb_referer_url" value="'.esc_url( isset( $_SERVER['HTTP_REFERER'] ) ? $_SERVER['HTTP_REFERER'] : '' ).'"/>';
18
+ $form_part .= wp_nonce_field( 'wppb_login', 'CSRFToken-wppb', true, false );
19
  }
20
 
21
  $form_part .= '<input type="hidden" name="wppb_redirect_check" value="true"/>';
317
  function wppb_login_security_check( $user, $password ) {
318
 
319
  if( isset( $_POST['wppb_login'] ) ) {
320
+ if( ! isset( $_POST['CSRFToken-wppb'] ) || ! wp_verify_nonce( $_POST['CSRFToken-wppb'], 'wppb_login' ) ) {
321
  $errorMessage = __( 'You are not allowed to do this.', 'profile-builder' );
322
 
323
  return new WP_Error( 'wppb_login_csrf_token_error', $errorMessage );
index.php CHANGED
@@ -3,7 +3,7 @@
3
  Plugin Name: Profile Builder
4
  Plugin URI: https://www.cozmoslabs.com/wordpress-profile-builder/
5
  Description: Login, registration and edit profile shortcodes for the front-end. Also you can chose what fields should be displayed or add new (custom) ones both in the front-end and in the dashboard.
6
- Version: 2.7.4
7
  Author: Cozmoslabs, Madalin Ungureanu, Antohe Cristian, Barina Gabriel, Mihai Iova
8
  Author URI: https://www.cozmoslabs.com/
9
  License: GPL2
@@ -73,7 +73,7 @@ function wppb_free_plugin_init() {
73
  *
74
  *
75
  */
76
- define('PROFILE_BUILDER_VERSION', '2.7.4' );
77
  define('WPPB_PLUGIN_DIR', plugin_dir_path(__FILE__));
78
  define('WPPB_PLUGIN_URL', plugin_dir_url(__FILE__));
79
  define('WPPB_SERVER_MAX_UPLOAD_SIZE_BYTE', apply_filters('wppb_server_max_upload_size_byte_constant', wppb_return_bytes(ini_get('upload_max_filesize'))));
3
  Plugin Name: Profile Builder
4
  Plugin URI: https://www.cozmoslabs.com/wordpress-profile-builder/
5
  Description: Login, registration and edit profile shortcodes for the front-end. Also you can chose what fields should be displayed or add new (custom) ones both in the front-end and in the dashboard.
6
+ Version: 2.7.5
7
  Author: Cozmoslabs, Madalin Ungureanu, Antohe Cristian, Barina Gabriel, Mihai Iova
8
  Author URI: https://www.cozmoslabs.com/
9
  License: GPL2
73
  *
74
  *
75
  */
76
+ define('PROFILE_BUILDER_VERSION', '2.7.5' );
77
  define('WPPB_PLUGIN_DIR', plugin_dir_path(__FILE__));
78
  define('WPPB_PLUGIN_URL', plugin_dir_url(__FILE__));
79
  define('WPPB_SERVER_MAX_UPLOAD_SIZE_BYTE', apply_filters('wppb_server_max_upload_size_byte_constant', wppb_return_bytes(ini_get('upload_max_filesize'))));
readme.txt CHANGED
@@ -4,7 +4,7 @@ Donate link: http://www.cozmoslabs.com/wordpress-profile-builder/
4
  Tags: user registration, user profile, user registration form, user fields, extra user fields, edit profile, user custom fields, front-end login, front-end edit profile, front-end user registration, email confirmation, login form, content restriction, restrict content
5
  Requires at least: 3.1
6
  Tested up to: 4.9.2
7
- Stable tag: 2.7.4
8
  License: GPLv2 or later
9
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
10
 
@@ -163,6 +163,10 @@ This plugin adds/removes user fields in the front-end. Both default and extra pr
163
  12. Role Editor
164
 
165
  == Changelog ==
 
 
 
 
166
  = 2.7.4 =
167
  * Improved admin interface speed in most cases by up to 100% by reducing the number of ajax calls
168
  * Improved the admin interface with small visual tweaks and bug-fixes
4
  Tags: user registration, user profile, user registration form, user fields, extra user fields, edit profile, user custom fields, front-end login, front-end edit profile, front-end user registration, email confirmation, login form, content restriction, restrict content
5
  Requires at least: 3.1
6
  Tested up to: 4.9.2
7
+ Stable tag: 2.7.5
8
  License: GPLv2 or later
9
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
10
 
163
  12. Role Editor
164
 
165
  == Changelog ==
166
+ = 2.7.5 =
167
+ * Improved security on forms
168
+ * Implemented a better plugin notification system
169
+
170
  = 2.7.4 =
171
  * Improved admin interface speed in most cases by up to 100% by reducing the number of ajax calls
172
  * Improved the admin interface with small visual tweaks and bug-fixes