Version Description
Download this release
Release Info
| Developer | ultimatemember |
| Plugin |  Ultimate Member – User Profile & Membership Plugin |
| Version | 1.0.79 |
| Comparing to | |
| See all releases | |
Code changes from version 1.0.78 to 1.0.79
- core/um-files.php +4 -2
- core/um-filters-fields.php +1 -1
- core/um-short-functions.php +8 -1
- index.php +1 -1
- readme.txt +9 -1
core/um-files.php
CHANGED
|
@@ -365,10 +365,12 @@ class UM_Files {
|
|
| 365 |
}
|
| 366 |
|
| 367 |
$is_temp = um_is_temp_upload( $src );
|
| 368 |
-
if ( $is_temp )
|
| 369 |
unlink( $is_temp );
|
| 370 |
rmdir( dirname( $is_temp ) );
|
| 371 |
-
|
|
|
|
|
|
|
| 372 |
}
|
| 373 |
|
| 374 |
/***
|
| 365 |
}
|
| 366 |
|
| 367 |
$is_temp = um_is_temp_upload( $src );
|
| 368 |
+
if ( $is_temp ) {
|
| 369 |
unlink( $is_temp );
|
| 370 |
rmdir( dirname( $is_temp ) );
|
| 371 |
+
} else {
|
| 372 |
+
die('Not a valid temp file');
|
| 373 |
+
}
|
| 374 |
}
|
| 375 |
|
| 376 |
/***
|
core/um-filters-fields.php
CHANGED
|
@@ -131,7 +131,7 @@
|
|
| 131 |
|
| 132 |
if ( !$value ) return '';
|
| 133 |
|
| 134 |
-
if ( ( isset( $data['validate'] ) && $data['validate'] != '' && strstr( $data['validate'], 'url' ) ) || ( $data['type'] == 'url' ) ) {
|
| 135 |
$alt = ( isset( $data['url_text'] ) && !empty( $data['url_text'] ) ) ? $data['url_text'] : $value;
|
| 136 |
$url_rel = ( isset( $data['url_rel'] ) ) ? 'rel="nofollow"' : '';
|
| 137 |
if( !strstr( $value, 'http' )
|
| 131 |
|
| 132 |
if ( !$value ) return '';
|
| 133 |
|
| 134 |
+
if ( ( isset( $data['validate'] ) && $data['validate'] != '' && strstr( $data['validate'], 'url' ) ) || ( isset( $data['type'] ) && $data['type'] == 'url' ) ) {
|
| 135 |
$alt = ( isset( $data['url_text'] ) && !empty( $data['url_text'] ) ) ? $data['url_text'] : $value;
|
| 136 |
$url_rel = ( isset( $data['url_rel'] ) ) ? 'rel="nofollow"' : '';
|
| 137 |
if( !strstr( $value, 'http' )
|
core/um-short-functions.php
CHANGED
|
@@ -219,11 +219,18 @@ function um_profile_id() {
|
|
| 219 |
***/
|
| 220 |
function um_is_temp_upload( $url ) {
|
| 221 |
global $ultimatemember;
|
|
|
|
| 222 |
$url = explode('/ultimatemember/temp/', $url);
|
| 223 |
if ( isset( $url[1] ) ) {
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 224 |
$src = $ultimatemember->files->upload_temp . $url[1];
|
| 225 |
-
if ( !file_exists( $src ) )
|
| 226 |
return false;
|
|
|
|
| 227 |
return $src;
|
| 228 |
}
|
| 229 |
return false;
|
| 219 |
***/
|
| 220 |
function um_is_temp_upload( $url ) {
|
| 221 |
global $ultimatemember;
|
| 222 |
+
|
| 223 |
$url = explode('/ultimatemember/temp/', $url);
|
| 224 |
if ( isset( $url[1] ) ) {
|
| 225 |
+
|
| 226 |
+
if ( strstr( $url[1], '../' ) || strstr( $url[1], '%' ) ) {
|
| 227 |
+
return false;
|
| 228 |
+
}
|
| 229 |
+
|
| 230 |
$src = $ultimatemember->files->upload_temp . $url[1];
|
| 231 |
+
if ( !file_exists( $src ) ) {
|
| 232 |
return false;
|
| 233 |
+
}
|
| 234 |
return $src;
|
| 235 |
}
|
| 236 |
return false;
|
index.php
CHANGED
|
@@ -3,7 +3,7 @@
|
|
| 3 |
Plugin Name: Ultimate Member
|
| 4 |
Plugin URI: http://ultimatemember.com/
|
| 5 |
Description: The easiest way to create powerful online communities and beautiful user profiles with WordPress
|
| 6 |
-
Version: 1.0.
|
| 7 |
Author: Ultimate Member
|
| 8 |
Author URI: http://ultimatemember.com/
|
| 9 |
*/
|
| 3 |
Plugin Name: Ultimate Member
|
| 4 |
Plugin URI: http://ultimatemember.com/
|
| 5 |
Description: The easiest way to create powerful online communities and beautiful user profiles with WordPress
|
| 6 |
+
Version: 1.0.79
|
| 7 |
Author: Ultimate Member
|
| 8 |
Author URI: http://ultimatemember.com/
|
| 9 |
*/
|
readme.txt
CHANGED
|
@@ -7,7 +7,7 @@ Tags: access control, author, authors, author profile, comments, community, comm
|
|
| 7 |
Requires at least: 4.1
|
| 8 |
Tested up to: 4.1.1
|
| 9 |
|
| 10 |
-
Stable Tag: 1.0.
|
| 11 |
|
| 12 |
License: GNU Version 2 or Any Later Version
|
| 13 |
|
|
@@ -189,6 +189,14 @@ The plugin works with popular caching plugins by automatically excluding Ultimat
|
|
| 189 |
|
| 190 |
== Changelog ==
|
| 191 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 192 |
= 1.0.78: March 10, 2015 =
|
| 193 |
|
| 194 |
* Fixed: important correction from previous version
|
| 7 |
Requires at least: 4.1
|
| 8 |
Tested up to: 4.1.1
|
| 9 |
|
| 10 |
+
Stable Tag: 1.0.79
|
| 11 |
|
| 12 |
License: GNU Version 2 or Any Later Version
|
| 13 |
|
| 189 |
|
| 190 |
== Changelog ==
|
| 191 |
|
| 192 |
+
= 1.0.79: March 10, 2015 =
|
| 193 |
+
|
| 194 |
+
* Tweak: Redux up to date
|
| 195 |
+
* Fixed: security issue related to deleting a temp file via ajax
|
| 196 |
+
* Fixed: bug with a php warning on undefined field type
|
| 197 |
+
|
| 198 |
+
Credits to "James Golovich http://www.pritect.net" for the security checks
|
| 199 |
+
|
| 200 |
= 1.0.78: March 10, 2015 =
|
| 201 |
|
| 202 |
* Fixed: important correction from previous version
|
