Ultimate Member – User Profile & Membership Plugin - Version 2.0.40

Version Description

Download this release

Release Info

Developer nsinelnikov
Plugin Icon 128x128 Ultimate Member – User Profile & Membership Plugin
Version 2.0.40
Comparing to
See all releases

Code changes from version 2.0.39 to 2.0.40

includes/core/class-account.php CHANGED
@@ -362,13 +362,13 @@ if ( ! class_exists( 'um\core\Account' ) ) {
362
*/
363
do_action( 'um_submit_account_errors_hook', UM()->form()->post_form );
364
365
- if ( ! isset( UM()->form()->errors ) ) {
366
367
- if ( um_is_core_page( 'account' ) && get_query_var( 'um_tab' ) ) {
368
- $this->current_tab = get_query_var( 'um_tab' );
369
- } else {
370
- $this->current_tab = UM()->form()->post_form['_um_account_tab'];
371
- }
372
373
/**
374
* UM hook
@@ -391,6 +391,25 @@ if ( ! class_exists( 'um\core\Account' ) ) {
391
*/
392
do_action( 'um_submit_account_details', UM()->form()->post_form );
393
394
}
395
396
}
@@ -757,7 +776,9 @@ if ( ! class_exists( 'um\core\Account' ) ) {
757
758
<div class="um-col-alt um-col-alt-b">
759
<div class="um-left">
760
- <input type="submit" name="um_account_submit" id="um_account_submit_<?php echo $tab_id ?>" class="um-button" value="<?php echo ! empty( $tab_data['submit_title'] ) ? $tab_data['submit_title'] : $tab_data['title']; ?>" />
761
</div>
762
763
<?php
362
*/
363
do_action( 'um_submit_account_errors_hook', UM()->form()->post_form );
364
365
+ if ( um_is_core_page( 'account' ) && get_query_var( 'um_tab' ) ) {
366
+ $this->current_tab = get_query_var( 'um_tab' );
367
+ } else {
368
+ $this->current_tab = UM()->form()->post_form['_um_account_tab'];
369
+ }
370
371
+ if ( ! isset( UM()->form()->errors ) ) {
372
373
/**
374
* UM hook
391
*/
392
do_action( 'um_submit_account_details', UM()->form()->post_form );
393
394
+ } elseif ( UM()->form()->has_error( 'um_account_security' ) ) {
395
+ $url = '';
396
+ if ( um_is_core_page( 'account' ) ) {
397
+
398
+ $url = UM()->account()->tab_link( $this->current_tab );
399
+
400
+ $url = add_query_arg( 'err', 'account', $url );
401
+
402
+ if ( function_exists( 'icl_get_current_language' ) ) {
403
+ if ( icl_get_current_language() != icl_get_default_language() ) {
404
+ $url = UM()->permalinks()->get_current_url( true );
405
+ $url = add_query_arg( 'err', 'account', $url );
406
+
407
+ exit( wp_redirect( $url ) );
408
+ }
409
+ }
410
+ }
411
+
412
+ exit( wp_redirect( $url ) );
413
}
414
415
}
776
777
<div class="um-col-alt um-col-alt-b">
778
<div class="um-left">
779
+ <?php $submit_title = ! empty( $tab_data['submit_title'] ) ? $tab_data['submit_title'] : $tab_data['title']; ?>
780
+ <input type="hidden" name="um_account_nonce_<?php echo esc_attr( $tab_id ) ?>" value="<?php echo esc_attr( wp_create_nonce( 'um_update_account_' . $tab_id ) ) ?>" />
781
+ <input type="submit" name="um_account_submit" id="um_account_submit_<?php echo $tab_id ?>" class="um-button" value="<?php echo esc_attr( $submit_title ) ?>" />
782
</div>
783
784
<?php
includes/core/um-actions-account.php CHANGED
@@ -9,8 +9,13 @@ if ( ! defined( 'ABSPATH' ) ) exit;
9
*/
10
function um_submit_account_errors_hook( $args ) {
11
12
- if ( ! isset( $_POST['um_account_submit'] ) )
13
return;
14
15
$user = get_user_by( 'login', um_user( 'user_login' ) );
16
9
*/
10
function um_submit_account_errors_hook( $args ) {
11
12
+ if ( ! isset( $_POST['um_account_submit'] ) ) {
13
return;
14
+ }
15
+
16
+ if ( ! wp_verify_nonce( $_POST[ 'um_account_nonce_' . $_POST['_um_account_tab'] ], 'um_update_account_' . $_POST['_um_account_tab'] ) ) {
17
+ UM()->form()->add_error('um_account_security', __( 'Are you hacking? Please try again!', 'ultimate-member' ) );
18
+ }
19
20
$user = get_user_by( 'login', um_user( 'user_login' ) );
21
languages/ultimate-member-en_US.mo CHANGED
Binary file
languages/ultimate-member-en_US.po CHANGED
@@ -1,8 +1,8 @@
1
msgid ""
2
msgstr ""
3
"Project-Id-Version: Ultimate Member\n"
4
- "POT-Creation-Date: 2019-02-11 18:50+0200\n"
5
- "PO-Revision-Date: 2019-02-11 18:50+0200\n"
6
"Last-Translator: \n"
7
"Language-Team: \n"
8
"Language: en_US\n"
@@ -226,7 +226,7 @@ msgstr ""
226
#: includes/admin/templates/form/register_gdpr.php:23
227
#: includes/core/class-builtin.php:1130 includes/core/class-builtin.php:1144
228
#: includes/core/class-builtin.php:1145
229
- #: includes/core/um-actions-account.php:251
230
msgid "No"
231
msgstr ""
232
@@ -6382,15 +6382,15 @@ msgstr ""
6382
msgid "You must enter a new password"
6383
msgstr ""
6384
6385
- #: includes/core/class-password.php:538 includes/core/um-actions-account.php:54
6386
msgid "Your password must contain at least 8 characters"
6387
msgstr ""
6388
6389
- #: includes/core/class-password.php:542 includes/core/um-actions-account.php:58
6390
msgid "Your password must contain less than 30 characters"
6391
msgstr ""
6392
6393
- #: includes/core/class-password.php:546 includes/core/um-actions-account.php:62
6394
#: includes/core/um-actions-form.php:476
6395
msgid ""
6396
"Your password must contain at least one lowercase letter, one capital letter "
@@ -6559,44 +6559,48 @@ msgstr ""
6559
msgid "Membership Inactive"
6560
msgstr ""
6561
6562
- #: includes/core/um-actions-account.php:22
6563
msgid "You must enter your password"
6564
msgstr ""
6565
6566
- #: includes/core/um-actions-account.php:25
6567
- #: includes/core/um-actions-account.php:42
6568
msgid "This is not your password"
6569
msgstr ""
6570
6571
- #: includes/core/um-actions-account.php:47
6572
msgid "Your new password does not match"
6573
msgstr ""
6574
6575
- #: includes/core/um-actions-account.php:80
6576
msgid "Your username is invalid"
6577
msgstr ""
6578
6579
- #: includes/core/um-actions-account.php:85
6580
msgid "You must provide your first name"
6581
msgstr ""
6582
6583
- #: includes/core/um-actions-account.php:89
6584
msgid "You must provide your last name"
6585
msgstr ""
6586
6587
- #: includes/core/um-actions-account.php:94
6588
msgid "You must provide your e-mail"
6589
msgstr ""
6590
6591
- #: includes/core/um-actions-account.php:97
6592
msgid "Please provide a valid e-mail"
6593
msgstr ""
6594
6595
- #: includes/core/um-actions-account.php:100
6596
msgid "Email already linked to another account"
6597
msgstr ""
6598
6599
- #: includes/core/um-actions-account.php:396
6600
msgid "Email me when"
6601
msgstr ""
6602
1
msgid ""
2
msgstr ""
3
"Project-Id-Version: Ultimate Member\n"
4
+ "POT-Creation-Date: 2019-03-12 14:40+0200\n"
5
+ "PO-Revision-Date: 2019-03-12 14:40+0200\n"
6
"Last-Translator: \n"
7
"Language-Team: \n"
8
"Language: en_US\n"
226
#: includes/admin/templates/form/register_gdpr.php:23
227
#: includes/core/class-builtin.php:1130 includes/core/class-builtin.php:1144
228
#: includes/core/class-builtin.php:1145
229
+ #: includes/core/um-actions-account.php:256
230
msgid "No"
231
msgstr ""
232
6382
msgid "You must enter a new password"
6383
msgstr ""
6384
6385
+ #: includes/core/class-password.php:538 includes/core/um-actions-account.php:59
6386
msgid "Your password must contain at least 8 characters"
6387
msgstr ""
6388
6389
+ #: includes/core/class-password.php:542 includes/core/um-actions-account.php:63
6390
msgid "Your password must contain less than 30 characters"
6391
msgstr ""
6392
6393
+ #: includes/core/class-password.php:546 includes/core/um-actions-account.php:67
6394
#: includes/core/um-actions-form.php:476
6395
msgid ""
6396
"Your password must contain at least one lowercase letter, one capital letter "
6559
msgid "Membership Inactive"
6560
msgstr ""
6561
6562
+ #: includes/core/um-actions-account.php:17
6563
+ msgid "Are you hacking? Please try again!"
6564
+ msgstr ""
6565
+
6566
+ #: includes/core/um-actions-account.php:27
6567
msgid "You must enter your password"
6568
msgstr ""
6569
6570
+ #: includes/core/um-actions-account.php:30
6571
+ #: includes/core/um-actions-account.php:47
6572
msgid "This is not your password"
6573
msgstr ""
6574
6575
+ #: includes/core/um-actions-account.php:52
6576
msgid "Your new password does not match"
6577
msgstr ""
6578
6579
+ #: includes/core/um-actions-account.php:85
6580
msgid "Your username is invalid"
6581
msgstr ""
6582
6583
+ #: includes/core/um-actions-account.php:90
6584
msgid "You must provide your first name"
6585
msgstr ""
6586
6587
+ #: includes/core/um-actions-account.php:94
6588
msgid "You must provide your last name"
6589
msgstr ""
6590
6591
+ #: includes/core/um-actions-account.php:99
6592
msgid "You must provide your e-mail"
6593
msgstr ""
6594
6595
+ #: includes/core/um-actions-account.php:102
6596
msgid "Please provide a valid e-mail"
6597
msgstr ""
6598
6599
+ #: includes/core/um-actions-account.php:105
6600
msgid "Email already linked to another account"
6601
msgstr ""
6602
6603
+ #: includes/core/um-actions-account.php:401
6604
msgid "Email me when"
6605
msgstr ""
6606
readme.txt CHANGED
@@ -5,8 +5,8 @@ Contributors: ultimatemember, champsupertramp, nsinelnikov
5
Donate link:
6
Tags: community, member, membership, user-profile, user-registration
7
Requires at least: 4.7
8
- Tested up to: 5.0
9
- Stable tag: 2.0.39
10
License: GNU Version 2 or Any Later Version
11
License URI: http://www.gnu.org/licenses/gpl-3.0.txt
12
@@ -133,6 +133,11 @@ The plugin works with popular caching plugins by automatically excluding Ultimat
133
134
= Important: UM2.0+ is a significant update to the code base from 1.3.88. Please make sure you take a full-site backup with restore point before updating the plugin =
135
136
= 2.0.39: February 11, 2019 =
137
138
* Enhancements:
5
Donate link:
6
Tags: community, member, membership, user-profile, user-registration
7
Requires at least: 4.7
8
+ Tested up to: 5.1
9
+ Stable tag: 2.0.40
10
License: GNU Version 2 or Any Later Version
11
License URI: http://www.gnu.org/licenses/gpl-3.0.txt
12
133
134
= Important: UM2.0+ is a significant update to the code base from 1.3.88. Please make sure you take a full-site backup with restore point before updating the plugin =
135
136
+ = 2.0.40: March 12, 2019 =
137
+
138
+ * Bugfixes:
139
+ - Fixed security issue on user Account Update
140
+
141
= 2.0.39: February 11, 2019 =
142
143
* Enhancements:
ultimate-member.php CHANGED
@@ -3,7 +3,7 @@
3
Plugin Name: Ultimate Member
4
Plugin URI: http://ultimatemember.com/
5
Description: The easiest way to create powerful online communities and beautiful user profiles with WordPress
6
- Version: 2.0.39
7
Author: Ultimate Member
8
Author URI: http://ultimatemember.com/
9
Text Domain: ultimate-member
3
Plugin Name: Ultimate Member
4
Plugin URI: http://ultimatemember.com/
5
Description: The easiest way to create powerful online communities and beautiful user profiles with WordPress
6
+ Version: 2.0.40
7
Author: Ultimate Member
8
Author URI: http://ultimatemember.com/
9
Text Domain: ultimate-member