Theme My Login - Version 6.4.11

Version Description

Fix fatal error when attempting to rewrite login links before init action
Add the test cookie functionality from wp-login.php
Fix a notice in the postpass action handler
Make User Moderation login type aware
Fix display of password length requirements
Fix a multisite error when the main site is not ID 1
Don't allow squashing of the main instance by shortcode attribute

Release Info

Developer	jfarthing84
Plugin	Theme My Login
Version	6.4.11
Comparing to
See all releases

Code changes from version 6.4.10 to 6.4.11

Files changed (8) hide show

includes/class-theme-my-login-ms-signup.php +2 -2
includes/class-theme-my-login-template.php +1 -1
includes/class-theme-my-login.php +80 -8
modules/custom-passwords/custom-passwords.php +3 -3
modules/user-moderation/user-moderation.php +3 -5
readme.txt +12 -2
templates/login-form.php +1 -0
theme-my-login.php +1 -1

includes/class-theme-my-login-ms-signup.php CHANGED Viewed

	@@ -543,9 +543,9 @@ class Theme_My_Login_MS_Signup extends Theme_My_Login_Abstract {
543
544	$url = $this->site_url( $url, $path, $orig_scheme );
545
546	- switch_to_blog( 1 );
547
548	- $url = Theme_My_Login::get_object()->site_url( $url, $path, $orig_scheme, ~~$current_site->blog_id~~ );
549
550	restore_current_blog();
551


543
544	$url = $this->site_url( $url, $path, $orig_scheme );
545
546	+ switch_to_blog( $current_site->blog_id );
547
548	+ $url = Theme_My_Login::get_object()->site_url( $url, $path, $orig_scheme );
549
550	restore_current_blog();
551

includes/class-theme-my-login-template.php CHANGED Viewed

	@@ -50,7 +50,7 @@ class Theme_My_Login_Template extends Theme_My_Login_Abstract {
50	public static function default_options() {
51	return array(
52	'instance' => 0,
53	- 'default_action' => '',
54	'login_template' => '',
55	'register_template' => '',
56	'lostpassword_template' => '',


50	public static function default_options() {
51	return array(
52	'instance' => 0,
53	+ 'default_action' => 'login',
54	'login_template' => '',
55	'register_template' => '',
56	'lostpassword_template' => '',

includes/class-theme-my-login.php CHANGED Viewed

	@@ -21,7 +21,7 @@ class Theme_My_Login extends Theme_My_Login_Abstract {
21	* @since 6.3.2
22	* @const string
23	*/
24	- const VERSION = '6.4.10';
25
26	/**
27	* Holds options key
	@@ -68,6 +68,15 @@ class Theme_My_Login extends Theme_My_Login_Abstract {
68	*/
69	public $request_instance = 0;
70









71	/**
72	* Holds loaded instances
73	*
	@@ -220,6 +229,13 @@ class Theme_My_Login extends Theme_My_Login_Abstract {
220	*/
221	public function wp() {
222	if ( self::is_tml_page() ) {







223	do_action( 'login_init' );
224
225	remove_action( 'wp_head', 'feed_links', 2 );
	@@ -310,6 +326,15 @@ class Theme_My_Login extends Theme_My_Login_Abstract {
310
311	do_action_ref_array( 'tml_request', array( &$this ) );
312









313	// allow plugins to override the default actions, and to add extra actions if they want
314	do_action( 'login_form_' . $this->request_action );
315
	@@ -328,6 +353,7 @@ class Theme_My_Login extends Theme_My_Login_Abstract {
328	$hasher = new PasswordHash( 8, true );
329
330	$expire = apply_filters( 'post_password_expires', time() + 10 * DAY_IN_SECONDS );

331	if ( $referer ) {
332	$secure = ( 'https' === parse_url( $referer, PHP_URL_SCHEME ) );
333	} else {
	@@ -481,6 +507,27 @@ class Theme_My_Login extends Theme_My_Login_Abstract {
481
482	$user = wp_signon( '', $secure_cookie );
483





















484	$redirect_to = apply_filters( 'login_redirect', $redirect_to, isset( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : '', $user );
485
486	if ( ! is_wp_error( $user ) && ! $reauth ) {
	@@ -655,7 +702,6 @@ if(typeof wpOnload=='function')wpOnload()
655	* @param string $url The URL
656	* @param string $path The path specified
657	* @param string $orig_scheme The current connection scheme (HTTP/HTTPS)
658	- * @param int $blog_id Blog ID
659	* @return string The modified URL
660	*/
661	public function site_url( $url, $path, $orig_scheme ) {
	@@ -892,13 +938,15 @@ if(typeof wpOnload=='function')wpOnload()
892	if ( ! empty( $this->request_instance ) )
893	$instance->set_active( false );
894
895	- if ( ~~! empty(~~ $this->~~request_action ) )~~
896	- $atts['default_action'] = $this->request_action;
897
898	if ( ! isset( $atts['show_title'] ) )
899	$atts['show_title'] = false;
900
901	foreach ( $atts as $option => $value ) {



902	$instance->set_option( $option, $value );
903	}
904
	@@ -906,6 +954,9 @@ if(typeof wpOnload=='function')wpOnload()
906	} else {
907	$instance = $this->load_instance( $atts );
908	}



909	return $instance->display();
910	}
911
	@@ -948,12 +999,21 @@ if(typeof wpOnload=='function')wpOnload()
948	* @return string Login page link with optional $query arguments appended
949	*/
950	public static function get_page_link( $action, $query = '' ) {
951	- ~~$page_id~~ ~~= self::get_page_id(~~ $~~action )~~;
952
953	- if ( $page_id ) {
954	- ~~$link~~ ~~= get_permalink~~( $~~page_id~~ );




955	} elseif ( $page_id = self::get_page_id( 'login' ) ) {
956	- ~~$link~~ ~~= add_query_arg~~( ~~'action',~~ $~~action,~~ ~~get_permalink(~~ ~~$page_id~~ ) );





957	} else {
958	// Remove site_url filter so we can use wp-login.php
959	remove_filter( 'site_url', array( self::get_object(), 'site_url' ), 10, 3 );
	@@ -1048,6 +1108,18 @@ if(typeof wpOnload=='function')wpOnload()
1048	return $this->get_instance( (int) $this->request_instance );
1049	}
1050












1051	/**
1052	* Retrieves a loaded instance object
1053	*


21	* @since 6.3.2
22	* @const string
23	*/
24	+ const VERSION = '6.4.11';
25
26	/**
27	* Holds options key

68	*/
69	public $request_instance = 0;
70
71	+ /**
72	+ * Holds the current instance being displayed
73	+ *
74	+ * @since 6.4.11
75	+ * @access public
76	+ * @var int
77	+ */
78	+ public $current_instance = 0;
79	+
80	/**
81	* Holds loaded instances
82	*

229	*/
230	public function wp() {
231	if ( self::is_tml_page() ) {
232	+
233	+ // Define the page being requested
234	+ $this->request_page = self::get_page_action( get_the_id() );
235	+ if ( empty( $this->request_action ) ) {
236	+ $this->request_action = $this->request_page;
237	+ }
238	+
239	do_action( 'login_init' );
240
241	remove_action( 'wp_head', 'feed_links', 2 );

326
327	do_action_ref_array( 'tml_request', array( &$this ) );
328
329	+ //Set a cookie now to see if they are supported by the browser.
330	+ $secure = ( 'https' === parse_url( wp_login_url(), PHP_URL_SCHEME ) );
331	+ if ( ! isset( $_COOKIE[ TEST_COOKIE ] ) ) {
332	+ setcookie( TEST_COOKIE, 'WP Cookie check', 0, COOKIEPATH, COOKIE_DOMAIN, $secure );
333	+ if ( SITECOOKIEPATH != COOKIEPATH ) {
334	+ setcookie( TEST_COOKIE, 'WP Cookie check', 0, SITECOOKIEPATH, COOKIE_DOMAIN, $secure );
335	+ }
336	+ }
337	+
338	// allow plugins to override the default actions, and to add extra actions if they want
339	do_action( 'login_form_' . $this->request_action );
340

353	$hasher = new PasswordHash( 8, true );
354
355	$expire = apply_filters( 'post_password_expires', time() + 10 * DAY_IN_SECONDS );
356	+ $referer = wp_get_referer();
357	if ( $referer ) {
358	$secure = ( 'https' === parse_url( $referer, PHP_URL_SCHEME ) );
359	} else {

507
508	$user = wp_signon( '', $secure_cookie );
509
510	+ if ( empty( $_COOKIE[ LOGGED_IN_COOKIE ] ) ) {
511	+ if ( headers_sent() ) {
512	+ /* translators: 1: Browser cookie documentation URL, 2: Support forums URL */
513	+ $user = new WP_Error(
514	+ 'test_cookie', sprintf(
515	+ __( '<strong>ERROR</strong>: Cookies are blocked due to unexpected output. For help, please see <a href="%1$s">this documentation</a> or try the <a href="%2$s">support forums</a>.' ),
516	+ __( 'https://codex.wordpress.org/Cookies' ), __( 'https://wordpress.org/support/' )
517	+ )
518	+ );
519	+ } elseif ( isset( $_POST['testcookie'] ) && empty( $_COOKIE[ TEST_COOKIE ] ) ) {
520	+ // If cookies are disabled we can't log in even with a valid user+pass
521	+ /* translators: 1: Browser cookie documentation URL */
522	+ $user = new WP_Error(
523	+ 'test_cookie', sprintf(
524	+ __( '<strong>ERROR</strong>: Cookies are blocked or not supported by your browser. You must <a href="%s">enable cookies</a> to use WordPress.' ),
525	+ __( 'https://codex.wordpress.org/Cookies' )
526	+ )
527	+ );
528	+ }
529	+ }
530	+
531	$redirect_to = apply_filters( 'login_redirect', $redirect_to, isset( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : '', $user );
532
533	if ( ! is_wp_error( $user ) && ! $reauth ) {

702	* @param string $url The URL
703	* @param string $path The path specified
704	* @param string $orig_scheme The current connection scheme (HTTP/HTTPS)

705	* @return string The modified URL
706	*/
707	public function site_url( $url, $path, $orig_scheme ) {

938	if ( ! empty( $this->request_instance ) )
939	$instance->set_active( false );
940
941	+ $atts['default_action'] = $this->request_page;

942
943	if ( ! isset( $atts['show_title'] ) )
944	$atts['show_title'] = false;
945
946	foreach ( $atts as $option => $value ) {
947	+ if ( 'instance' == $option ) {
948	+ continue;
949	+ }
950	$instance->set_option( $option, $value );
951	}
952

954	} else {
955	$instance = $this->load_instance( $atts );
956	}
957	+
958	+ $this->current_instance = $instance->get_option( 'instance' );
959	+
960	return $instance->display();
961	}
962

999	* @return string Login page link with optional $query arguments appended
1000	*/
1001	public static function get_page_link( $action, $query = '' ) {
1002	+ global $wp_rewrite;
1003
1004	+ if ( $page_id = self::get_page_id( $action ) ) {
1005	+ if ( $wp_rewrite instanceof WP_Rewrite ) {
1006	+ $link = get_permalink( $page_id );
1007	+ } else {
1008	+ $link = home_url( '?page_id=' . $page_id );
1009	+ }
1010	} elseif ( $page_id = self::get_page_id( 'login' ) ) {
1011	+ if ( $wp_rewrite instanceof WP_Rewrite ) {
1012	+ $link = get_permalink( $page_id );
1013	+ } else {
1014	+ $link = home_url( '?page_id=' . $page_id );
1015	+ }
1016	+ $link = add_query_arg( 'action', $action, $link );
1017	} else {
1018	// Remove site_url filter so we can use wp-login.php
1019	remove_filter( 'site_url', array( self::get_object(), 'site_url' ), 10, 3 );

1108	return $this->get_instance( (int) $this->request_instance );
1109	}
1110
1111	+ /**
1112	+ * Get the current instance object
1113	+ *
1114	+ * @since 6.4.11
1115	+ * @access public
1116	+ *
1117	+ * @return object Instance object
1118	+ */
1119	+ public function get_current_instance() {
1120	+ return $this->get_instance( (int) $this->current_instance );
1121	+ }
1122	+
1123	/**
1124	* Retrieves a loaded instance object
1125	*

modules/custom-passwords/custom-passwords.php CHANGED Viewed

	@@ -63,7 +63,7 @@ class Theme_My_Login_Custom_Passwords extends Theme_My_Login_Abstract {
63	* @access public
64	*/
65	public function password_fields() {
66	- $template = Theme_My_Login::get_object()->~~get_active_instance~~();
67	?>
68	<p class="tml-user-pass1-wrap">
69	<label for="pass1<?php $template->the_instance(); ?>"><?php _e( 'Password', 'theme-my-login' ); ?></label>
	@@ -101,7 +101,7 @@ class Theme_My_Login_Custom_Passwords extends Theme_My_Login_Abstract {
101	<p class="error"><?php echo implode( '<br />', $errors ); ?></p>
102	<?php } ?>
103	<input autocomplete="off" name="pass1" id="pass1<?php $template->the_instance(); ?>" class="input" size="20" value="" type="password" /><br />
104	- <span class="hint"><?php echo apply_filters( 'tml_password_hint', __( '(Must be at least 6 characters.)', 'theme-my-login' ) ); ?></span>
105
106	<label for="pass2<?php $template->the_instance(); ?>"><?php _e( 'Confirm Password:', 'theme-my-login' ); ?></label>
107	<input autocomplete="off" name="pass2" id="pass2<?php $template->the_instance(); ?>" class="input" size="20" value="" type="password" /><br />
	@@ -154,7 +154,7 @@ class Theme_My_Login_Custom_Passwords extends Theme_My_Login_Abstract {
154
155	// Make sure password is long enough
156	} elseif ( strlen( $_POST['pass1'] ) < apply_filters( 'tml_minimum_password_length', 6 ) ) {
157	- $errors->add( 'password_length', __( '<strong>ERROR</strong>: Your password must be at least 6 characters in length.', 'theme-my-login' ) );
158
159	// All is good, assign password to a friendlier key
160	} else {


63	* @access public
64	*/
65	public function password_fields() {
66	+ $template = Theme_My_Login::get_object()->get_current_instance();
67	?>
68	<p class="tml-user-pass1-wrap">
69	<label for="pass1<?php $template->the_instance(); ?>"><?php _e( 'Password', 'theme-my-login' ); ?></label>

101	<p class="error"><?php echo implode( '<br />', $errors ); ?></p>
102	<?php } ?>
103	<input autocomplete="off" name="pass1" id="pass1<?php $template->the_instance(); ?>" class="input" size="20" value="" type="password" /><br />
104	+ <span class="hint"><?php echo apply_filters( 'tml_password_hint', sprintf( __( '(Must be at least %d characters.)', 'theme-my-login' ), apply_filters( 'tml_minimum_password_length', 6 ) ) ); ?></span>
105
106	<label for="pass2<?php $template->the_instance(); ?>"><?php _e( 'Confirm Password:', 'theme-my-login' ); ?></label>
107	<input autocomplete="off" name="pass2" id="pass2<?php $template->the_instance(); ?>" class="input" size="20" value="" type="password" /><br />

154
155	// Make sure password is long enough
156	} elseif ( strlen( $_POST['pass1'] ) < apply_filters( 'tml_minimum_password_length', 6 ) ) {
157	+ $errors->add( 'password_length', sprintf( __( '<strong>ERROR</strong>: Your password must be at least %d characters in length.', 'theme-my-login' ), apply_filters( 'tml_minimum_password_length', 6 ) ) );
158
159	// All is good, assign password to a friendlier key
160	} else {

modules/user-moderation/user-moderation.php CHANGED Viewed

	@@ -306,16 +306,15 @@ class Theme_My_Login_User_Moderation extends Theme_My_Login_Abstract {
306	global $wpdb;
307
308	$login = isset( $_GET['login'] ) ? trim( $_GET['login'] ) : '';

309
310	- if ( ! $~~user_id~~ = ~~$wpdb->get_var~~( $~~wpdb->prepare( "SELECT ID FROM $wpdb->users WHERE user_login = %s"~~, $login ) ) ) {
311	$redirect_to = Theme_My_Login_Common::get_current_url( array( 'sendactivation' => 'failed' ) );
312	wp_redirect( $redirect_to );
313	exit;
314	}
315
316	- do_action( 'tml_user_activation_resend', $~~user_id~~ );
317	-
318	- $user = new WP_User( $user_id );
319
320	if ( in_array( 'pending', (array) $user->roles ) ) {
321	// Send activation e-mail
	@@ -479,4 +478,3 @@ endif;
479
480	if ( is_admin() )
481	include_once( dirname( __FILE__ ) . '/admin/user-moderation-admin.php' );
482	-


306	global $wpdb;
307
308	$login = isset( $_GET['login'] ) ? trim( $_GET['login'] ) : '';
309	+ $field = is_email( $login ) ? 'email' : 'login';
310
311	+ if ( ! $user = get_user_by( $field, $login ) ) {
312	$redirect_to = Theme_My_Login_Common::get_current_url( array( 'sendactivation' => 'failed' ) );
313	wp_redirect( $redirect_to );
314	exit;
315	}
316
317	+ do_action( 'tml_user_activation_resend', $user->ID );


318
319	if ( in_array( 'pending', (array) $user->roles ) ) {
320	// Send activation e-mail

478
479	if ( is_admin() )
480	include_once( dirname( __FILE__ ) . '/admin/user-moderation-admin.php' );

readme.txt CHANGED Viewed

	@@ -3,8 +3,8 @@ Contributors: jfarthing84
3	Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=EZLVANPT4A9SW
4	Tags: widget, login, registration, theme, custom, log in, register, sidebar, gravatar, redirection, e-mail
5	Requires at least: 4.5
6	- Tested up to: 4.9.1
7	- Stable tag: 6.4.10
8
9	Themes the WordPress login pages according to your theme.
10
	@@ -57,6 +57,16 @@ Please visit https://wordpress.org/support/plugin/theme-my-login.
57
58	== Changelog ==
59










60	= 6.4.10 =
61	* Add weak password confirmation checkbox to password reset form
62	* Introduce `tml_enforce_private_site` filter


3	Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=EZLVANPT4A9SW
4	Tags: widget, login, registration, theme, custom, log in, register, sidebar, gravatar, redirection, e-mail
5	Requires at least: 4.5
6	+ Tested up to: 4.9.6
7	+ Stable tag: 6.4.11
8
9	Themes the WordPress login pages according to your theme.
10

57
58	== Changelog ==
59
60	+ = 6.4.11 =
61	+ * Fix fatal error when attempting to rewrite login links before `init` action
62	+ * Add the test cookie functionality from wp-login.php
63	+ * Fix a notice in the postpass action handler
64	+ * Make User Moderation login type aware
65	+ * Fix display of password length requirements
66	+ * Fix a multisite error when the main site is not ID 1
67	+ * Don't allow squashing of the main instance by shortcode attribute
68	+
69	+
70	= 6.4.10 =
71	* Add weak password confirmation checkbox to password reset form
72	* Introduce `tml_enforce_private_site` filter

templates/login-form.php CHANGED Viewed

	@@ -39,6 +39,7 @@ Theme My Login will always look in your theme's directory first, before using th
39	<input type="hidden" name="redirect_to" value="<?php $template->the_redirect_url( 'login' ); ?>" />
40	<input type="hidden" name="instance" value="<?php $template->the_instance(); ?>" />
41	<input type="hidden" name="action" value="login" />

42	</p>
43	</div>
44	</form>


39	<input type="hidden" name="redirect_to" value="<?php $template->the_redirect_url( 'login' ); ?>" />
40	<input type="hidden" name="instance" value="<?php $template->the_instance(); ?>" />
41	<input type="hidden" name="action" value="login" />
42	+ <input type="hidden" name="testcookie" value="1" />
43	</p>
44	</div>
45	</form>

theme-my-login.php CHANGED Viewed

	@@ -3,7 +3,7 @@
3	Plugin Name: Theme My Login
4	Plugin URI: http://www.jfarthing.com/extend/wordpress-plugins/theme-my-login/
5	Description: Themes the WordPress login, registration and forgot password pages according to your theme.
6	- Version: 6.4.10
7	Author: Jeff Farthing
8	Author URI: http://www.jfarthing.com
9	Text Domain: theme-my-login


3	Plugin Name: Theme My Login
4	Plugin URI: http://www.jfarthing.com/extend/wordpress-plugins/theme-my-login/
5	Description: Themes the WordPress login, registration and forgot password pages according to your theme.
6	+ Version: 6.4.11
7	Author: Jeff Farthing
8	Author URI: http://www.jfarthing.com
9	Text Domain: theme-my-login