Version Description
Download this release
Release Info
Developer | ultimatemember |
Plugin | Ultimate Member – User Profile & Membership Plugin |
Version | 1.0.79 |
Comparing to | |
See all releases |
Code changes from version 1.0.78 to 1.0.79
- core/um-files.php +4 -2
- core/um-filters-fields.php +1 -1
- core/um-short-functions.php +8 -1
- index.php +1 -1
- readme.txt +9 -1
core/um-files.php
CHANGED
@@ -365,10 +365,12 @@ class UM_Files {
|
|
365 |
}
|
366 |
|
367 |
$is_temp = um_is_temp_upload( $src );
|
368 |
-
if ( $is_temp )
|
369 |
unlink( $is_temp );
|
370 |
rmdir( dirname( $is_temp ) );
|
371 |
-
|
|
|
|
|
372 |
}
|
373 |
|
374 |
/***
|
365 |
}
|
366 |
|
367 |
$is_temp = um_is_temp_upload( $src );
|
368 |
+
if ( $is_temp ) {
|
369 |
unlink( $is_temp );
|
370 |
rmdir( dirname( $is_temp ) );
|
371 |
+
} else {
|
372 |
+
die('Not a valid temp file');
|
373 |
+
}
|
374 |
}
|
375 |
|
376 |
/***
|
core/um-filters-fields.php
CHANGED
@@ -131,7 +131,7 @@
|
|
131 |
|
132 |
if ( !$value ) return '';
|
133 |
|
134 |
-
if ( ( isset( $data['validate'] ) && $data['validate'] != '' && strstr( $data['validate'], 'url' ) ) || ( $data['type'] == 'url' ) ) {
|
135 |
$alt = ( isset( $data['url_text'] ) && !empty( $data['url_text'] ) ) ? $data['url_text'] : $value;
|
136 |
$url_rel = ( isset( $data['url_rel'] ) ) ? 'rel="nofollow"' : '';
|
137 |
if( !strstr( $value, 'http' )
|
131 |
|
132 |
if ( !$value ) return '';
|
133 |
|
134 |
+
if ( ( isset( $data['validate'] ) && $data['validate'] != '' && strstr( $data['validate'], 'url' ) ) || ( isset( $data['type'] ) && $data['type'] == 'url' ) ) {
|
135 |
$alt = ( isset( $data['url_text'] ) && !empty( $data['url_text'] ) ) ? $data['url_text'] : $value;
|
136 |
$url_rel = ( isset( $data['url_rel'] ) ) ? 'rel="nofollow"' : '';
|
137 |
if( !strstr( $value, 'http' )
|
core/um-short-functions.php
CHANGED
@@ -219,11 +219,18 @@ function um_profile_id() {
|
|
219 |
***/
|
220 |
function um_is_temp_upload( $url ) {
|
221 |
global $ultimatemember;
|
|
|
222 |
$url = explode('/ultimatemember/temp/', $url);
|
223 |
if ( isset( $url[1] ) ) {
|
|
|
|
|
|
|
|
|
|
|
224 |
$src = $ultimatemember->files->upload_temp . $url[1];
|
225 |
-
if ( !file_exists( $src ) )
|
226 |
return false;
|
|
|
227 |
return $src;
|
228 |
}
|
229 |
return false;
|
219 |
***/
|
220 |
function um_is_temp_upload( $url ) {
|
221 |
global $ultimatemember;
|
222 |
+
|
223 |
$url = explode('/ultimatemember/temp/', $url);
|
224 |
if ( isset( $url[1] ) ) {
|
225 |
+
|
226 |
+
if ( strstr( $url[1], '../' ) || strstr( $url[1], '%' ) ) {
|
227 |
+
return false;
|
228 |
+
}
|
229 |
+
|
230 |
$src = $ultimatemember->files->upload_temp . $url[1];
|
231 |
+
if ( !file_exists( $src ) ) {
|
232 |
return false;
|
233 |
+
}
|
234 |
return $src;
|
235 |
}
|
236 |
return false;
|
index.php
CHANGED
@@ -3,7 +3,7 @@
|
|
3 |
Plugin Name: Ultimate Member
|
4 |
Plugin URI: http://ultimatemember.com/
|
5 |
Description: The easiest way to create powerful online communities and beautiful user profiles with WordPress
|
6 |
-
Version: 1.0.
|
7 |
Author: Ultimate Member
|
8 |
Author URI: http://ultimatemember.com/
|
9 |
*/
|
3 |
Plugin Name: Ultimate Member
|
4 |
Plugin URI: http://ultimatemember.com/
|
5 |
Description: The easiest way to create powerful online communities and beautiful user profiles with WordPress
|
6 |
+
Version: 1.0.79
|
7 |
Author: Ultimate Member
|
8 |
Author URI: http://ultimatemember.com/
|
9 |
*/
|
readme.txt
CHANGED
@@ -7,7 +7,7 @@ Tags: access control, author, authors, author profile, comments, community, comm
|
|
7 |
Requires at least: 4.1
|
8 |
Tested up to: 4.1.1
|
9 |
|
10 |
-
Stable Tag: 1.0.
|
11 |
|
12 |
License: GNU Version 2 or Any Later Version
|
13 |
|
@@ -189,6 +189,14 @@ The plugin works with popular caching plugins by automatically excluding Ultimat
|
|
189 |
|
190 |
== Changelog ==
|
191 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
192 |
= 1.0.78: March 10, 2015 =
|
193 |
|
194 |
* Fixed: important correction from previous version
|
7 |
Requires at least: 4.1
|
8 |
Tested up to: 4.1.1
|
9 |
|
10 |
+
Stable Tag: 1.0.79
|
11 |
|
12 |
License: GNU Version 2 or Any Later Version
|
13 |
|
189 |
|
190 |
== Changelog ==
|
191 |
|
192 |
+
= 1.0.79: March 10, 2015 =
|
193 |
+
|
194 |
+
* Tweak: Redux up to date
|
195 |
+
* Fixed: security issue related to deleting a temp file via ajax
|
196 |
+
* Fixed: bug with a php warning on undefined field type
|
197 |
+
|
198 |
+
Credits to "James Golovich http://www.pritect.net" for the security checks
|
199 |
+
|
200 |
= 1.0.78: March 10, 2015 =
|
201 |
|
202 |
* Fixed: important correction from previous version
|