Ultimate Member – User Profile & Membership Plugin - Version 2.0.40

Version Description

Download this release

Release Info

Developer nsinelnikov
Plugin Icon 128x128 Ultimate Member – User Profile & Membership Plugin
Version 2.0.40
Comparing to
See all releases

Code changes from version 2.0.39 to 2.0.40

Files changed (6) hide show
  1. includes/core/class-account.php +28 -7
  2. includes/core/um-actions-account.php +6 -1
  3. languages/ultimate-member-en_US.mo +0 -0
  4. languages/ultimate-member-en_US.po +21 -17
  5. readme.txt +7 -2
  6. ultimate-member.php +1 -1
includes/core/class-account.php CHANGED
@@ -362,13 +362,13 @@ if ( ! class_exists( 'um\core\Account' ) ) {
362
  */
363
  do_action( 'um_submit_account_errors_hook', UM()->form()->post_form );
364
 
365
- if ( ! isset( UM()->form()->errors ) ) {
 
 
 
 
366
 
367
- if ( um_is_core_page( 'account' ) && get_query_var( 'um_tab' ) ) {
368
- $this->current_tab = get_query_var( 'um_tab' );
369
- } else {
370
- $this->current_tab = UM()->form()->post_form['_um_account_tab'];
371
- }
372
 
373
  /**
374
  * UM hook
@@ -391,6 +391,25 @@ if ( ! class_exists( 'um\core\Account' ) ) {
391
  */
392
  do_action( 'um_submit_account_details', UM()->form()->post_form );
393
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
394
  }
395
 
396
  }
@@ -757,7 +776,9 @@ if ( ! class_exists( 'um\core\Account' ) ) {
757
 
758
  <div class="um-col-alt um-col-alt-b">
759
  <div class="um-left">
760
- <input type="submit" name="um_account_submit" id="um_account_submit_<?php echo $tab_id ?>" class="um-button" value="<?php echo ! empty( $tab_data['submit_title'] ) ? $tab_data['submit_title'] : $tab_data['title']; ?>" />
 
 
761
  </div>
762
 
763
  <?php
362
  */
363
  do_action( 'um_submit_account_errors_hook', UM()->form()->post_form );
364
 
365
+ if ( um_is_core_page( 'account' ) && get_query_var( 'um_tab' ) ) {
366
+ $this->current_tab = get_query_var( 'um_tab' );
367
+ } else {
368
+ $this->current_tab = UM()->form()->post_form['_um_account_tab'];
369
+ }
370
 
371
+ if ( ! isset( UM()->form()->errors ) ) {
 
 
 
 
372
 
373
  /**
374
  * UM hook
391
  */
392
  do_action( 'um_submit_account_details', UM()->form()->post_form );
393
 
394
+ } elseif ( UM()->form()->has_error( 'um_account_security' ) ) {
395
+ $url = '';
396
+ if ( um_is_core_page( 'account' ) ) {
397
+
398
+ $url = UM()->account()->tab_link( $this->current_tab );
399
+
400
+ $url = add_query_arg( 'err', 'account', $url );
401
+
402
+ if ( function_exists( 'icl_get_current_language' ) ) {
403
+ if ( icl_get_current_language() != icl_get_default_language() ) {
404
+ $url = UM()->permalinks()->get_current_url( true );
405
+ $url = add_query_arg( 'err', 'account', $url );
406
+
407
+ exit( wp_redirect( $url ) );
408
+ }
409
+ }
410
+ }
411
+
412
+ exit( wp_redirect( $url ) );
413
  }
414
 
415
  }
776
 
777
  <div class="um-col-alt um-col-alt-b">
778
  <div class="um-left">
779
+ <?php $submit_title = ! empty( $tab_data['submit_title'] ) ? $tab_data['submit_title'] : $tab_data['title']; ?>
780
+ <input type="hidden" name="um_account_nonce_<?php echo esc_attr( $tab_id ) ?>" value="<?php echo esc_attr( wp_create_nonce( 'um_update_account_' . $tab_id ) ) ?>" />
781
+ <input type="submit" name="um_account_submit" id="um_account_submit_<?php echo $tab_id ?>" class="um-button" value="<?php echo esc_attr( $submit_title ) ?>" />
782
  </div>
783
 
784
  <?php
includes/core/um-actions-account.php CHANGED
@@ -9,8 +9,13 @@ if ( ! defined( 'ABSPATH' ) ) exit;
9
  */
10
  function um_submit_account_errors_hook( $args ) {
11
 
12
- if ( ! isset( $_POST['um_account_submit'] ) )
13
  return;
 
 
 
 
 
14
 
15
  $user = get_user_by( 'login', um_user( 'user_login' ) );
16
 
9
  */
10
  function um_submit_account_errors_hook( $args ) {
11
 
12
+ if ( ! isset( $_POST['um_account_submit'] ) ) {
13
  return;
14
+ }
15
+
16
+ if ( ! wp_verify_nonce( $_POST[ 'um_account_nonce_' . $_POST['_um_account_tab'] ], 'um_update_account_' . $_POST['_um_account_tab'] ) ) {
17
+ UM()->form()->add_error('um_account_security', __( 'Are you hacking? Please try again!', 'ultimate-member' ) );
18
+ }
19
 
20
  $user = get_user_by( 'login', um_user( 'user_login' ) );
21
 
languages/ultimate-member-en_US.mo CHANGED
Binary file
languages/ultimate-member-en_US.po CHANGED
@@ -1,8 +1,8 @@
1
  msgid ""
2
  msgstr ""
3
  "Project-Id-Version: Ultimate Member\n"
4
- "POT-Creation-Date: 2019-02-11 18:50+0200\n"
5
- "PO-Revision-Date: 2019-02-11 18:50+0200\n"
6
  "Last-Translator: \n"
7
  "Language-Team: \n"
8
  "Language: en_US\n"
@@ -226,7 +226,7 @@ msgstr ""
226
  #: includes/admin/templates/form/register_gdpr.php:23
227
  #: includes/core/class-builtin.php:1130 includes/core/class-builtin.php:1144
228
  #: includes/core/class-builtin.php:1145
229
- #: includes/core/um-actions-account.php:251
230
  msgid "No"
231
  msgstr ""
232
 
@@ -6382,15 +6382,15 @@ msgstr ""
6382
  msgid "You must enter a new password"
6383
  msgstr ""
6384
 
6385
- #: includes/core/class-password.php:538 includes/core/um-actions-account.php:54
6386
  msgid "Your password must contain at least 8 characters"
6387
  msgstr ""
6388
 
6389
- #: includes/core/class-password.php:542 includes/core/um-actions-account.php:58
6390
  msgid "Your password must contain less than 30 characters"
6391
  msgstr ""
6392
 
6393
- #: includes/core/class-password.php:546 includes/core/um-actions-account.php:62
6394
  #: includes/core/um-actions-form.php:476
6395
  msgid ""
6396
  "Your password must contain at least one lowercase letter, one capital letter "
@@ -6559,44 +6559,48 @@ msgstr ""
6559
  msgid "Membership Inactive"
6560
  msgstr ""
6561
 
6562
- #: includes/core/um-actions-account.php:22
 
 
 
 
6563
  msgid "You must enter your password"
6564
  msgstr ""
6565
 
6566
- #: includes/core/um-actions-account.php:25
6567
- #: includes/core/um-actions-account.php:42
6568
  msgid "This is not your password"
6569
  msgstr ""
6570
 
6571
- #: includes/core/um-actions-account.php:47
6572
  msgid "Your new password does not match"
6573
  msgstr ""
6574
 
6575
- #: includes/core/um-actions-account.php:80
6576
  msgid "Your username is invalid"
6577
  msgstr ""
6578
 
6579
- #: includes/core/um-actions-account.php:85
6580
  msgid "You must provide your first name"
6581
  msgstr ""
6582
 
6583
- #: includes/core/um-actions-account.php:89
6584
  msgid "You must provide your last name"
6585
  msgstr ""
6586
 
6587
- #: includes/core/um-actions-account.php:94
6588
  msgid "You must provide your e-mail"
6589
  msgstr ""
6590
 
6591
- #: includes/core/um-actions-account.php:97
6592
  msgid "Please provide a valid e-mail"
6593
  msgstr ""
6594
 
6595
- #: includes/core/um-actions-account.php:100
6596
  msgid "Email already linked to another account"
6597
  msgstr ""
6598
 
6599
- #: includes/core/um-actions-account.php:396
6600
  msgid "Email me when"
6601
  msgstr ""
6602
 
1
  msgid ""
2
  msgstr ""
3
  "Project-Id-Version: Ultimate Member\n"
4
+ "POT-Creation-Date: 2019-03-12 14:40+0200\n"
5
+ "PO-Revision-Date: 2019-03-12 14:40+0200\n"
6
  "Last-Translator: \n"
7
  "Language-Team: \n"
8
  "Language: en_US\n"
226
  #: includes/admin/templates/form/register_gdpr.php:23
227
  #: includes/core/class-builtin.php:1130 includes/core/class-builtin.php:1144
228
  #: includes/core/class-builtin.php:1145
229
+ #: includes/core/um-actions-account.php:256
230
  msgid "No"
231
  msgstr ""
232
 
6382
  msgid "You must enter a new password"
6383
  msgstr ""
6384
 
6385
+ #: includes/core/class-password.php:538 includes/core/um-actions-account.php:59
6386
  msgid "Your password must contain at least 8 characters"
6387
  msgstr ""
6388
 
6389
+ #: includes/core/class-password.php:542 includes/core/um-actions-account.php:63
6390
  msgid "Your password must contain less than 30 characters"
6391
  msgstr ""
6392
 
6393
+ #: includes/core/class-password.php:546 includes/core/um-actions-account.php:67
6394
  #: includes/core/um-actions-form.php:476
6395
  msgid ""
6396
  "Your password must contain at least one lowercase letter, one capital letter "
6559
  msgid "Membership Inactive"
6560
  msgstr ""
6561
 
6562
+ #: includes/core/um-actions-account.php:17
6563
+ msgid "Are you hacking? Please try again!"
6564
+ msgstr ""
6565
+
6566
+ #: includes/core/um-actions-account.php:27
6567
  msgid "You must enter your password"
6568
  msgstr ""
6569
 
6570
+ #: includes/core/um-actions-account.php:30
6571
+ #: includes/core/um-actions-account.php:47
6572
  msgid "This is not your password"
6573
  msgstr ""
6574
 
6575
+ #: includes/core/um-actions-account.php:52
6576
  msgid "Your new password does not match"
6577
  msgstr ""
6578
 
6579
+ #: includes/core/um-actions-account.php:85
6580
  msgid "Your username is invalid"
6581
  msgstr ""
6582
 
6583
+ #: includes/core/um-actions-account.php:90
6584
  msgid "You must provide your first name"
6585
  msgstr ""
6586
 
6587
+ #: includes/core/um-actions-account.php:94
6588
  msgid "You must provide your last name"
6589
  msgstr ""
6590
 
6591
+ #: includes/core/um-actions-account.php:99
6592
  msgid "You must provide your e-mail"
6593
  msgstr ""
6594
 
6595
+ #: includes/core/um-actions-account.php:102
6596
  msgid "Please provide a valid e-mail"
6597
  msgstr ""
6598
 
6599
+ #: includes/core/um-actions-account.php:105
6600
  msgid "Email already linked to another account"
6601
  msgstr ""
6602
 
6603
+ #: includes/core/um-actions-account.php:401
6604
  msgid "Email me when"
6605
  msgstr ""
6606
 
readme.txt CHANGED
@@ -5,8 +5,8 @@ Contributors: ultimatemember, champsupertramp, nsinelnikov
5
  Donate link:
6
  Tags: community, member, membership, user-profile, user-registration
7
  Requires at least: 4.7
8
- Tested up to: 5.0
9
- Stable tag: 2.0.39
10
  License: GNU Version 2 or Any Later Version
11
  License URI: http://www.gnu.org/licenses/gpl-3.0.txt
12
 
@@ -133,6 +133,11 @@ The plugin works with popular caching plugins by automatically excluding Ultimat
133
 
134
  = Important: UM2.0+ is a significant update to the code base from 1.3.88. Please make sure you take a full-site backup with restore point before updating the plugin =
135
 
 
 
 
 
 
136
  = 2.0.39: February 11, 2019 =
137
 
138
  * Enhancements:
5
  Donate link:
6
  Tags: community, member, membership, user-profile, user-registration
7
  Requires at least: 4.7
8
+ Tested up to: 5.1
9
+ Stable tag: 2.0.40
10
  License: GNU Version 2 or Any Later Version
11
  License URI: http://www.gnu.org/licenses/gpl-3.0.txt
12
 
133
 
134
  = Important: UM2.0+ is a significant update to the code base from 1.3.88. Please make sure you take a full-site backup with restore point before updating the plugin =
135
 
136
+ = 2.0.40: March 12, 2019 =
137
+
138
+ * Bugfixes:
139
+ - Fixed security issue on user Account Update
140
+
141
  = 2.0.39: February 11, 2019 =
142
 
143
  * Enhancements:
ultimate-member.php CHANGED
@@ -3,7 +3,7 @@
3
  Plugin Name: Ultimate Member
4
  Plugin URI: http://ultimatemember.com/
5
  Description: The easiest way to create powerful online communities and beautiful user profiles with WordPress
6
- Version: 2.0.39
7
  Author: Ultimate Member
8
  Author URI: http://ultimatemember.com/
9
  Text Domain: ultimate-member
3
  Plugin Name: Ultimate Member
4
  Plugin URI: http://ultimatemember.com/
5
  Description: The easiest way to create powerful online communities and beautiful user profiles with WordPress
6
+ Version: 2.0.40
7
  Author: Ultimate Member
8
  Author URI: http://ultimatemember.com/
9
  Text Domain: ultimate-member