Theme My Login - Version 7.1.2

Version Description

  • Fix site crashing on Bluehost
  • Add requester IP address to password reset emails
  • Fix multisite settings for WP 5.5+
  • Default AJAX requests to off
  • Bring wp-login.php duplicated code up to date
Download this release

Release Info

Developer jfarthing84
Plugin Icon 128x128 Theme My Login
Version 7.1.2
Comparing to
See all releases

Code changes from version 7.1.1 to 7.1.2

Files changed (8) hide show
  1. admin/settings.php +13 -5
  2. includes/actions.php +2 -5
  3. includes/compat.php +14 -2
  4. includes/forms.php +1 -3
  5. includes/functions.php +1 -1
  6. includes/options.php +1 -1
  7. readme.txt +8 -1
  8. theme-my-login.php +2 -2
admin/settings.php CHANGED
@@ -138,7 +138,7 @@ function tml_admin_get_settings_fields() {
138
  'label_for' => 'tml_ajax',
139
  'label' => __( 'Enable AJAX requests', 'theme-my-login' ),
140
  'value' => '1',
141
- 'checked' => get_site_option( 'tml_ajax', '1' ),
142
  ),
143
  ),
144
  );
@@ -583,14 +583,22 @@ function tml_admin_save_ms_settings() {
583
  return;
584
  }
585
 
586
- /* This filter is documented in wp-admin/options.php */
587
  $whitelist_options = apply_filters( 'whitelist_options', array() );
588
 
589
- if ( ! isset( $whitelist_options[ $option_page ] ) ) {
590
- wp_die( __( '<strong>Error</strong>: Options page not found.' ) );
 
 
 
 
 
 
 
 
591
  }
592
 
593
- foreach ( $whitelist_options[ $option_page ] as $option ) {
594
  $option = trim( $option );
595
  $value = null;
596
  if ( isset( $_POST[ $option ] ) ) {
138
  'label_for' => 'tml_ajax',
139
  'label' => __( 'Enable AJAX requests', 'theme-my-login' ),
140
  'value' => '1',
141
+ 'checked' => get_site_option( 'tml_ajax', '0' ),
142
  ),
143
  ),
144
  );
583
  return;
584
  }
585
 
586
+ /** This filter is documented in wp-admin/options.php */
587
  $whitelist_options = apply_filters( 'whitelist_options', array() );
588
 
589
+ /* This filter is documented in wp-admin/options.php */
590
+ $allowed_options = apply_filters( 'allowed_options', $whitelist_options );
591
+
592
+ if ( ! isset( $allowed_options[ $option_page ] ) ) {
593
+ wp_die(
594
+ sprintf(
595
+ __( '<strong>Error</strong>: Options page %s not found in the options whitelist.' ),
596
+ '<code>' . esc_html( $option_page ) . '</code>'
597
+ )
598
+ );
599
  }
600
 
601
+ foreach ( $allowed_options[ $option_page ] as $option ) {
602
  $option = trim( $option );
603
  $value = null;
604
  if ( isset( $_POST[ $option ] ) ) {
includes/actions.php CHANGED
@@ -509,16 +509,13 @@ function tml_login_handler() {
509
  $errors->add( 'registerdisabled', __( 'User registration is currently not allowed.' ) );
510
 
511
  } elseif ( isset( $_GET['checkemail'] ) && 'confirm' == $_GET['checkemail'] ) {
512
- $errors->add( 'confirm', __( 'Check your email for the confirmation link.' ), 'message' );
513
-
514
- } elseif ( isset( $_GET['checkemail'] ) && 'newpass' == $_GET['checkemail'] ) {
515
- $errors->add( 'newpass', __( 'Check your email for your new password.' ), 'message' );
516
 
517
  } elseif ( isset( $_GET['checkemail'] ) && 'registered' == $_GET['checkemail'] ) {
518
  if ( tml_allow_user_passwords() ) {
519
  $errors->add( 'registered', __( 'Registration complete. You may now log in.', 'theme-my-login' ), 'message' );
520
  } else {
521
- $errors->add( 'registered', __( 'Registration complete. Please check your email.' ), 'message' );
522
  }
523
 
524
  } elseif ( isset( $_GET['resetpass'] ) && 'complete' == $_GET['resetpass'] ) {
509
  $errors->add( 'registerdisabled', __( 'User registration is currently not allowed.' ) );
510
 
511
  } elseif ( isset( $_GET['checkemail'] ) && 'confirm' == $_GET['checkemail'] ) {
512
+ $errors->add( 'confirm', sprintf( __( 'Check your email for the confirmation link, then visit the <a href="%s">login page</a>.' ), wp_login_url() ) , 'message' );
 
 
 
513
 
514
  } elseif ( isset( $_GET['checkemail'] ) && 'registered' == $_GET['checkemail'] ) {
515
  if ( tml_allow_user_passwords() ) {
516
  $errors->add( 'registered', __( 'Registration complete. You may now log in.', 'theme-my-login' ), 'message' );
517
  } else {
518
+ $errors->add( 'registered', sprintf( __( 'Registration complete. Please check your email, then visit the <a href="%s">login page</a>.' ), wp_login_url() ), 'message' );
519
  }
520
 
521
  } elseif ( isset( $_GET['resetpass'] ) && 'complete' == $_GET['resetpass'] ) {
includes/compat.php CHANGED
@@ -22,7 +22,7 @@ function tml_retrieve_password() {
22
  $user_data = false;
23
 
24
  if ( empty( $_POST['user_login'] ) || ! is_string( $_POST['user_login'] ) ) {
25
- $errors->add( 'empty_username', __( '<strong>Error</strong>: Enter a username or email address.' ) );
26
  } elseif ( strpos( $_POST['user_login'], '@' ) ) {
27
  $user_data = get_user_by( 'email', trim( wp_unslash( $_POST['user_login'] ) ) );
28
  if ( empty( $user_data ) ) {
@@ -36,6 +36,9 @@ function tml_retrieve_password() {
36
  /** This action is documented in wp-login.php */
37
  do_action( 'lostpassword_post', $errors, $user_data );
38
 
 
 
 
39
  if ( $errors->get_error_code() ) {
40
  return $errors;
41
  }
@@ -89,7 +92,16 @@ function tml_retrieve_password_notification( $user, $key ) {
89
  $message .= sprintf( __( 'Username: %s' ), $user->user_login ) . "\r\n\r\n";
90
  $message .= __( 'If this was a mistake, just ignore this email and nothing will happen.' ) . "\r\n\r\n";
91
  $message .= __( 'To reset your password, visit the following address:' ) . "\r\n\r\n";
92
- $message .= network_site_url( "wp-login.php?action=rp&key=$key&login=" . rawurlencode( $user->user_login ), 'login' ) . "\r\n";
 
 
 
 
 
 
 
 
 
93
 
94
  /* translators: Password reset email subject. %s: Site name */
95
  $title = sprintf( __( '[%s] Password Reset' ), $site_name );
22
  $user_data = false;
23
 
24
  if ( empty( $_POST['user_login'] ) || ! is_string( $_POST['user_login'] ) ) {
25
+ $errors->add( 'empty_username', __( '<strong>Error</strong>: Please enter a username or email address.' ) );
26
  } elseif ( strpos( $_POST['user_login'], '@' ) ) {
27
  $user_data = get_user_by( 'email', trim( wp_unslash( $_POST['user_login'] ) ) );
28
  if ( empty( $user_data ) ) {
36
  /** This action is documented in wp-login.php */
37
  do_action( 'lostpassword_post', $errors, $user_data );
38
 
39
+ /** This filter is documented in wp-login.php */
40
+ $errors = apply_filters( 'lostpassword_errors', $errors, $user_data );
41
+
42
  if ( $errors->get_error_code() ) {
43
  return $errors;
44
  }
92
  $message .= sprintf( __( 'Username: %s' ), $user->user_login ) . "\r\n\r\n";
93
  $message .= __( 'If this was a mistake, just ignore this email and nothing will happen.' ) . "\r\n\r\n";
94
  $message .= __( 'To reset your password, visit the following address:' ) . "\r\n\r\n";
95
+ $message .= network_site_url( "wp-login.php?action=rp&key=$key&login=" . rawurlencode( $user->user_login ), 'login' ) . "\r\n\r\n";
96
+
97
+ $requester_ip = $_SERVER['REMOTE_ADDR'];
98
+ if ( $requester_ip ) {
99
+ $message .= sprintf(
100
+ /* translators: %s: IP address of password reset requester. */
101
+ __( 'This password reset request originated from the IP address %s.' ),
102
+ $requester_ip
103
+ ) . "\r\n";
104
+ }
105
 
106
  /* translators: Password reset email subject. %s: Site name */
107
  $title = sprintf( __( '[%s] Password Reset' ), $site_name );
includes/forms.php CHANGED
@@ -79,9 +79,7 @@ function tml_register_login_form() {
79
 
80
  tml_add_form_field( 'login', 'redirect_to', array(
81
  'type' => 'hidden',
82
- 'value' => apply_filters( 'login_redirect',
83
- ! empty( $redirect_to ) ? $redirect_to : admin_url(), $redirect_to, null
84
- ),
85
  'priority' => 30,
86
  ) );
87
  }
79
 
80
  tml_add_form_field( 'login', 'redirect_to', array(
81
  'type' => 'hidden',
82
+ 'value' => ! empty( $redirect_to ) ? $redirect_to : admin_url(),
 
 
83
  'priority' => 30,
84
  ) );
85
  }
includes/functions.php CHANGED
@@ -686,7 +686,7 @@ function tml_validate_new_user_password( $errors = null ) {
686
  $errors->add( 'password_backslash', __( '<strong>Error</strong>: Passwords may not contain the character "\\".', 'theme-my-login' ) );
687
 
688
  } elseif ( $_POST['user_pass1'] !== $_POST['user_pass2'] ) {
689
- $errors->add( 'password_mismatch', __( '<strong>Error</strong>: Please enter the same password in both password fields.', 'theme-my-login' ) );
690
  }
691
  }
692
 
686
  $errors->add( 'password_backslash', __( '<strong>Error</strong>: Passwords may not contain the character "\\".', 'theme-my-login' ) );
687
 
688
  } elseif ( $_POST['user_pass1'] !== $_POST['user_pass2'] ) {
689
+ $errors->add( 'password_mismatch', __( '<strong>Error</strong>: Passwords don&#8217;t match. Please enter the same password in both password fields.', 'theme-my-login' ) );
690
  }
691
  }
692
 
includes/options.php CHANGED
@@ -68,7 +68,7 @@ function tml_use_permalinks() {
68
  * @return bool Whether forms should use AJAX or not.
69
  */
70
  function tml_use_ajax() {
71
- $use_ajax = get_site_option( 'tml_ajax', 1 );
72
 
73
  /**
74
  * Filter whether forms should use AJAX or not.
68
  * @return bool Whether forms should use AJAX or not.
69
  */
70
  function tml_use_ajax() {
71
+ $use_ajax = get_site_option( 'tml_ajax', false );
72
 
73
  /**
74
  * Filter whether forms should use AJAX or not.
readme.txt CHANGED
@@ -2,7 +2,7 @@
2
  Contributors: thememylogin, jfarthing84
3
  Tags: login, register, password, branding, customize, widget, wp-login, wp-login.php
4
  Requires at least: 5.4
5
- Tested up to: 5.4.2
6
  Stable tag: trunk
7
 
8
  The ultimate login branding solution! Theme My Login offers matchless customization of your WordPress user experience!
@@ -59,6 +59,13 @@ Report bugs, suggest ideas and participate in development at [GitHub](https://gi
59
 
60
  == Changelog ==
61
 
 
 
 
 
 
 
 
62
  = 7.1.1 =
63
  * Implement option to enable/disable AJAX
64
  * Fix AJAX not working on certain server environments
2
  Contributors: thememylogin, jfarthing84
3
  Tags: login, register, password, branding, customize, widget, wp-login, wp-login.php
4
  Requires at least: 5.4
5
+ Tested up to: 5.5.4
6
  Stable tag: trunk
7
 
8
  The ultimate login branding solution! Theme My Login offers matchless customization of your WordPress user experience!
59
 
60
  == Changelog ==
61
 
62
+ = 7.1.2 =
63
+ * Fix site crashing on Bluehost
64
+ * Add requester IP address to password reset emails
65
+ * Fix multisite settings for WP 5.5+
66
+ * Default AJAX requests to off
67
+ * Bring wp-login.php duplicated code up to date
68
+
69
  = 7.1.1 =
70
  * Implement option to enable/disable AJAX
71
  * Fix AJAX not working on certain server environments
theme-my-login.php CHANGED
@@ -10,7 +10,7 @@
10
  Plugin Name: Theme My Login
11
  Plugin URI: https://thememylogin.com
12
  Description: Creates an alternate login, registration and password recovery experience within your theme.
13
- Version: 7.1.1
14
  Author: Theme My Login
15
  Author URI: https://thememylogin.com
16
  License: GPLv2
@@ -24,7 +24,7 @@ Network: true
24
  *
25
  * @since 7.0
26
  */
27
- define( 'THEME_MY_LOGIN_VERSION', '7.1.1' );
28
 
29
  /**
30
  * Stores the path to TML.
10
  Plugin Name: Theme My Login
11
  Plugin URI: https://thememylogin.com
12
  Description: Creates an alternate login, registration and password recovery experience within your theme.
13
+ Version: 7.1.2
14
  Author: Theme My Login
15
  Author URI: https://thememylogin.com
16
  License: GPLv2
24
  *
25
  * @since 7.0
26
  */
27
+ define( 'THEME_MY_LOGIN_VERSION', '7.1.2' );
28
 
29
  /**
30
  * Stores the path to TML.