Ultimate Member – User Profile & Membership Plugin - Version 2.0.46

Version Description

Download this release

Release Info

Developer nsinelnikov
Plugin Icon 128x128 Ultimate Member – User Profile & Membership Plugin
Version 2.0.46
Comparing to
See all releases

Code changes from version 2.0.45 to 2.0.46

Files changed (17) hide show
  1. assets/js/um-functions.js +1 -1
  2. includes/admin/core/class-admin-menu.php +1 -1
  3. includes/admin/core/class-admin-notices.php +1 -1
  4. includes/admin/core/class-admin-settings.php +2 -2
  5. includes/class-functions.php +15 -0
  6. includes/core/class-files.php +11 -2
  7. includes/core/class-logout.php +3 -0
  8. includes/core/class-plugin-updater.php +216 -37
  9. includes/core/class-uploader.php +11 -2
  10. includes/core/class-validation.php +2 -2
  11. includes/core/um-actions-profile.php +13 -6
  12. includes/core/um-actions-register.php +1 -1
  13. includes/core/um-filters-fields.php +26 -2
  14. languages/ultimate-member-en_US.mo +0 -0
  15. languages/ultimate-member-en_US.po +34 -34
  16. readme.txt +8 -1
  17. ultimate-member.php +1 -1
assets/js/um-functions.js CHANGED
@@ -406,7 +406,7 @@ function initFileUpload_UM( trigger ) {
406
  }else if( key == 'original_name' ){
407
 
408
  trigger.parents('.um-modal-body').find('.um-single-fileinfo a').attr('data-orignal-name', value );
409
- trigger.parents('.um-modal-body').find('.um-single-fileinfo span.filename').html( value );
410
 
411
  } else if ( key == 'url' ) {
412
 
406
  }else if( key == 'original_name' ){
407
 
408
  trigger.parents('.um-modal-body').find('.um-single-fileinfo a').attr('data-orignal-name', value );
409
+ trigger.parents('.um-modal-body').find('.um-single-fileinfo span.filename').html( value );
410
 
411
  } else if ( key == 'url' ) {
412
 
includes/admin/core/class-admin-menu.php CHANGED
@@ -223,7 +223,7 @@ if ( ! class_exists( 'um\admin\core\Admin_Menu' ) ) {
223
  add_meta_box( 'um-metaboxes-sidebox-2', __( 'User Cache', 'ultimate-member' ), array( &$this, 'user_cache' ), $this->pagehook, 'side', 'core' );
224
 
225
  //If there are active and licensed extensions - show metabox for upgrade it
226
- $exts = UM()->plugin_updater()->um_get_active_plugins();
227
  if ( 0 < count( $exts ) ) {
228
  add_meta_box( 'um-metaboxes-sidebox-3', __( 'Upgrade\'s Manual Request', 'ultimate-member' ), array( &$this, 'upgrade_request' ), $this->pagehook, 'side', 'core' );
229
  }
223
  add_meta_box( 'um-metaboxes-sidebox-2', __( 'User Cache', 'ultimate-member' ), array( &$this, 'user_cache' ), $this->pagehook, 'side', 'core' );
224
 
225
  //If there are active and licensed extensions - show metabox for upgrade it
226
+ $exts = UM()->plugin_updater()->get_active_plugins();
227
  if ( 0 < count( $exts ) ) {
228
  add_meta_box( 'um-metaboxes-sidebox-3', __( 'Upgrade\'s Manual Request', 'ultimate-member' ), array( &$this, 'upgrade_request' ), $this->pagehook, 'side', 'core' );
229
  }
includes/admin/core/class-admin-notices.php CHANGED
@@ -534,7 +534,7 @@ if ( ! class_exists( 'um\admin\core\Admin_Notices' ) ) {
534
  if ( ! empty( $arr_inactive_license_keys ) ) {
535
  $this->add_notice( 'license_key', array(
536
  'class' => 'error',
537
- 'message' => '<p>' . sprintf( __( 'There are %d inactive %s license keys for this site. This site is not authorized to get plugin updates. You can active this site on <a href="%s">www.ultimatemember.com</a>.', 'ultimate-member' ), count( $arr_inactive_license_keys ) , ultimatemember_plugin_name, 'https://ultimatemember.com' ) . '</p>',
538
  ), 3 );
539
  }
540
 
534
  if ( ! empty( $arr_inactive_license_keys ) ) {
535
  $this->add_notice( 'license_key', array(
536
  'class' => 'error',
537
+ 'message' => '<p>' . sprintf( __( 'There are %d inactive %s license keys for this site. This site is not authorized to get plugin updates. You can active this site on <a href="%s">www.ultimatemember.com</a>.', 'ultimate-member' ), count( $arr_inactive_license_keys ) , ultimatemember_plugin_name, UM()->store_url ) . '</p>',
538
  ), 3 );
539
  }
540
 
includes/admin/core/class-admin-settings.php CHANGED
@@ -1703,9 +1703,9 @@ if ( ! class_exists( 'um\admin\core\Admin_Settings' ) ) {
1703
  );
1704
 
1705
  $request = wp_remote_post(
1706
- 'https://ultimatemember.com/',
1707
  array(
1708
- 'timeout' => 15,
1709
  'sslverify' => false,
1710
  'body' => $api_params
1711
  )
1703
  );
1704
 
1705
  $request = wp_remote_post(
1706
+ UM()->store_url,
1707
  array(
1708
+ 'timeout' => UM()->request_timeout,
1709
  'sslverify' => false,
1710
  'body' => $api_params
1711
  )
includes/class-functions.php CHANGED
@@ -10,6 +10,21 @@ if ( ! class_exists( 'UM_Functions' ) ) {
10
  class UM_Functions {
11
 
12
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
13
  /**
14
  * UM_Functions constructor.
15
  */
10
  class UM_Functions {
11
 
12
 
13
+ /**
14
+ * Store URL
15
+ *
16
+ * @var string
17
+ */
18
+ var $store_url = 'https://ultimatemember.com/';
19
+
20
+
21
+ /**
22
+ * WP remote Post timeout
23
+ * @var int
24
+ */
25
+ var $request_timeout = 60;
26
+
27
+
28
  /**
29
  * UM_Functions constructor.
30
  */
includes/core/class-files.php CHANGED
@@ -171,6 +171,11 @@ if ( ! class_exists( 'um\core\Files' ) ) {
171
  }
172
  }
173
 
 
 
 
 
 
174
  $file_info = get_user_meta( $user_id, $field_key . "_metadata", true );
175
 
176
  $pathinfo = pathinfo( $file_path );
@@ -211,6 +216,11 @@ if ( ! class_exists( 'um\core\Files' ) ) {
211
  }
212
  }
213
 
 
 
 
 
 
214
  $file_info = get_user_meta( $user_id, $field_key . "_metadata", true );
215
 
216
  $pathinfo = pathinfo( $file_path );
@@ -427,7 +437,7 @@ if ( ! class_exists( 'um\core\Files' ) ) {
427
 
428
  $ret['error'] = $uploaded['error'];
429
 
430
- }else{
431
 
432
  $uploaded_file = $uploaded['handle_upload'];
433
  $ret['url'] = $uploaded_file['file_info']['name'];
@@ -436,7 +446,6 @@ if ( ! class_exists( 'um\core\Files' ) ) {
436
  $ret['filename'] = $uploaded_file['file_info']['basename'];
437
  $ret['original_name'] = $uploaded_file['file_info']['original_name'];
438
 
439
-
440
  }
441
 
442
  }
171
  }
172
  }
173
 
174
+ //validate traversal file
175
+ if ( validate_file( $file_path ) === 1 ) {
176
+ return;
177
+ }
178
+
179
  $file_info = get_user_meta( $user_id, $field_key . "_metadata", true );
180
 
181
  $pathinfo = pathinfo( $file_path );
216
  }
217
  }
218
 
219
+ //validate traversal file
220
+ if ( validate_file( $file_path ) === 1 ) {
221
+ return;
222
+ }
223
+
224
  $file_info = get_user_meta( $user_id, $field_key . "_metadata", true );
225
 
226
  $pathinfo = pathinfo( $file_path );
437
 
438
  $ret['error'] = $uploaded['error'];
439
 
440
+ } else {
441
 
442
  $uploaded_file = $uploaded['handle_upload'];
443
  $ret['url'] = $uploaded_file['file_info']['name'];
446
  $ret['filename'] = $uploaded_file['file_info']['basename'];
447
  $ret['original_name'] = $uploaded_file['file_info']['original_name'];
448
 
 
449
  }
450
 
451
  }
includes/core/class-logout.php CHANGED
@@ -71,10 +71,12 @@ if ( ! class_exists( 'um\core\Logout' ) ) {
71
  add_filter( 'wp_safe_redirect_fallback', array( &$this, 'safe_redirect_default' ), 10, 2 );
72
 
73
  if ( isset( $_REQUEST['redirect_to'] ) && $_REQUEST['redirect_to'] !== '' ) {
 
74
  wp_logout();
75
  session_unset();
76
  exit( wp_safe_redirect( $_REQUEST['redirect_to'] ) );
77
  } else if ( um_user('after_logout') == 'redirect_home' ) {
 
78
  wp_logout();
79
  session_unset();
80
  exit( wp_safe_redirect( home_url() ) );
@@ -102,6 +104,7 @@ if ( ! class_exists( 'um\core\Logout' ) ) {
102
  * ?>
103
  */
104
  $redirect_url = apply_filters( 'um_logout_redirect_url', um_user( 'logout_redirect_url' ), um_user( 'ID' ) );
 
105
  wp_logout();
106
  session_unset();
107
  exit( wp_safe_redirect( $redirect_url ) );
71
  add_filter( 'wp_safe_redirect_fallback', array( &$this, 'safe_redirect_default' ), 10, 2 );
72
 
73
  if ( isset( $_REQUEST['redirect_to'] ) && $_REQUEST['redirect_to'] !== '' ) {
74
+ wp_destroy_current_session();
75
  wp_logout();
76
  session_unset();
77
  exit( wp_safe_redirect( $_REQUEST['redirect_to'] ) );
78
  } else if ( um_user('after_logout') == 'redirect_home' ) {
79
+ wp_destroy_current_session();
80
  wp_logout();
81
  session_unset();
82
  exit( wp_safe_redirect( home_url() ) );
104
  * ?>
105
  */
106
  $redirect_url = apply_filters( 'um_logout_redirect_url', um_user( 'logout_redirect_url' ), um_user( 'ID' ) );
107
+ wp_destroy_current_session();
108
  wp_logout();
109
  session_unset();
110
  exit( wp_safe_redirect( $redirect_url ) );
includes/core/class-plugin-updater.php CHANGED
@@ -25,14 +25,14 @@ if ( ! class_exists( 'um\core\Plugin_Updater' ) ) {
25
 
26
  register_deactivation_hook( um_plugin, array( &$this, 'um_plugin_updater_deactivation_hook' ) );
27
 
28
- //cron request to ultimatemember.com
29
  add_action( 'um_check_extensions_licenses', array( &$this, 'um_checklicenses' ) );
30
 
31
  //update plugin info
32
- add_filter( 'pre_set_site_transient_update_plugins', array( &$this, 'um_check_update' ) );
33
 
34
  //plugin information info
35
- add_filter( 'plugins_api', array( &$this, 'um_plugins_api_filter' ), 9999, 3 );
36
  }
37
 
38
 
@@ -41,7 +41,7 @@ if ( ! class_exists( 'um\core\Plugin_Updater' ) ) {
41
  *
42
  * @return array
43
  */
44
- function um_get_active_plugins() {
45
  $paid_extensions = array(
46
  'um-bbpress/um-bbpress.php' => array(
47
  'key' => 'bbpress',
@@ -179,8 +179,9 @@ if ( ! class_exists( 'um\core\Plugin_Updater' ) ) {
179
  if ( in_array( $value, array_keys( $paid_extensions ) ) ) {
180
  $license = UM()->options()->get( "um_{$paid_extensions[ $value ]['key']}_license_key" );
181
 
182
- if ( empty( $license ) )
183
  continue;
 
184
 
185
  $active_um_plugins[ $value ] = $paid_extensions[ $value ];
186
  $active_um_plugins[ $value ]['license'] = $license;
@@ -204,7 +205,7 @@ if ( ! class_exists( 'um\core\Plugin_Updater' ) ) {
204
  * Check license function
205
  */
206
  function um_checklicenses() {
207
- $exts = $this->um_get_active_plugins();
208
 
209
  if ( 0 == count( $exts ) ) {
210
  return;
@@ -232,49 +233,68 @@ if ( ! class_exists( 'um\core\Plugin_Updater' ) ) {
232
  }
233
 
234
  $request = wp_remote_post(
235
- 'https://ultimatemember.com/',
236
  array(
237
- 'timeout' => 45,
238
  'sslverify' => false,
239
  'body' => $api_params
240
  )
241
  );
242
 
243
- if ( ! is_wp_error( $request ) )
244
  $request = json_decode( wp_remote_retrieve_body( $request ) );
 
245
 
246
  $request = ( $request ) ? maybe_unserialize( $request ) : false;
247
 
248
  if ( $request ) {
249
  foreach ( $exts as $slug => $data ) {
250
- if ( ! empty( $request->$slug->license_check ) )
251
  update_option( "{$data['key']}_edd_answer", $request->$slug->license_check );
 
252
 
253
  if ( ! empty( $request->$slug->get_version_check ) ) {
254
 
255
  $request->$slug->get_version_check = json_decode( $request->$slug->get_version_check );
256
 
257
- if ( ! empty( $request->$slug->get_version_check->package ) )
258
  $request->$slug->get_version_check->package = $this->extend_download_url( $request->$slug->get_version_check->package, $slug, $data );
 
259
 
260
- if ( ! empty( $request->$slug->get_version_check->download_link ) )
261
  $request->$slug->get_version_check->download_link = $this->extend_download_url( $request->$slug->get_version_check->download_link, $slug, $data );
 
262
 
263
  if ( isset( $request->$slug->get_version_check->sections ) ) {
264
  $request->$slug->get_version_check->sections = maybe_unserialize( $request->$slug->get_version_check->sections );
265
- $request->$slug->get_version_check = json_encode( $request->$slug->get_version_check );
266
  } else {
267
  $request->$slug->get_version_check = new \WP_Error( 'plugins_api_failed',
268
  sprintf(
269
  /* translators: %s: support forums URL */
270
- __( 'An unexpected error occurred. Something may be wrong with https://ultimatemember.com/ or this server&#8217;s configuration. If you continue to have problems, please try the <a href="%s">support forums</a>.' ),
 
271
  __( 'https://wordpress.org/support/' )
272
  ),
273
  wp_remote_retrieve_body( $request->$slug->get_version_check )
274
  );
275
  }
276
 
277
- update_option( "{$data['key']}_version_check_edd_answer", $request->$slug->get_version_check );
 
 
 
 
 
 
 
 
 
 
 
 
 
 
278
  }
279
  }
280
  }
@@ -290,31 +310,45 @@ if ( ! class_exists( 'um\core\Plugin_Updater' ) ) {
290
  * @param array $_transient_data plugin update array build by WordPress.
291
  * @return \stdClass modified plugin update array.
292
  */
293
- function um_check_update( $_transient_data ) {
294
  global $pagenow;
295
 
296
- if ( ! is_object( $_transient_data ) )
297
  $_transient_data = new \stdClass;
 
298
 
299
- if ( 'plugins.php' == $pagenow && is_multisite() )
300
  return $_transient_data;
 
 
 
301
 
302
- $exts = $this->um_get_active_plugins();
303
  foreach ( $exts as $slug => $data ) {
 
 
 
 
304
 
305
  $plugin_data = get_plugin_data( WP_PLUGIN_DIR . DIRECTORY_SEPARATOR . $slug );
306
 
307
- //if response for current product isn't empty check for override
308
- if ( ! empty( $_transient_data->response ) && ! empty( $_transient_data->response[ $slug ] ) )
309
- continue;
 
 
 
 
 
310
 
311
- $version_info = get_option( "{$data['key']}_version_check_edd_answer" );
312
- $version_info = json_decode( $version_info );
313
 
314
  if ( false !== $version_info && is_object( $version_info ) && isset( $version_info->new_version ) ) {
315
  //show update version block if new version > then current
316
- if ( version_compare( $plugin_data['Version'], $version_info->new_version, '<' ) )
317
  $_transient_data->response[ $slug ] = $version_info;
 
 
318
 
319
  $_transient_data->last_checked = time();
320
  $_transient_data->checked[ $slug ] = $plugin_data['Version'];
@@ -326,6 +360,74 @@ if ( ! class_exists( 'um\core\Plugin_Updater' ) ) {
326
  }
327
 
328
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
329
  /**
330
  * Updates information on the "View version x.x details" popup with custom data.
331
  *
@@ -334,27 +436,37 @@ if ( ! class_exists( 'um\core\Plugin_Updater' ) ) {
334
  * @param object $_args
335
  * @return object $_data
336
  */
337
- function um_plugins_api_filter( $_data, $_action = '', $_args = null ) {
338
  //by default $data = false (from Wordpress)
339
-
340
- if ( $_action != 'plugin_information' )
341
  return $_data;
 
342
 
343
- $exts = $this->um_get_active_plugins();
344
-
345
  foreach ( $exts as $slug => $data ) {
346
- if ( isset( $_args->slug ) && $_args->slug == $slug )
347
- $api_request_transient = get_option( "{$data['key']}_version_check_edd_answer" );
 
 
 
 
 
 
 
 
 
 
 
 
 
 
348
  }
349
 
350
  //If we have no transient-saved value, run the API, set a fresh transient with the API value, and return that value too right now.
351
- if ( ! empty( $api_request_transient ) ) {
352
- $_data = json_decode( $api_request_transient );
353
  }
354
 
355
- if ( isset( $_data->sections ) )
356
- $_data->sections = (array)$_data->sections;
357
-
358
  return $_data;
359
  }
360
 
@@ -405,6 +517,73 @@ if ( ! class_exists( 'um\core\Plugin_Updater' ) ) {
405
 
406
  return $download_url;
407
  }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
408
  }
409
 
410
  }
25
 
26
  register_deactivation_hook( um_plugin, array( &$this, 'um_plugin_updater_deactivation_hook' ) );
27
 
28
+ //cron request to UM()->store_url;
29
  add_action( 'um_check_extensions_licenses', array( &$this, 'um_checklicenses' ) );
30
 
31
  //update plugin info
32
+ add_filter( 'pre_set_site_transient_update_plugins', array( &$this, 'check_update' ) );
33
 
34
  //plugin information info
35
+ add_filter( 'plugins_api', array( &$this, 'plugin_information' ), 9999, 3 );
36
  }
37
 
38
 
41
  *
42
  * @return array
43
  */
44
+ function get_active_plugins() {
45
  $paid_extensions = array(
46
  'um-bbpress/um-bbpress.php' => array(
47
  'key' => 'bbpress',
179
  if ( in_array( $value, array_keys( $paid_extensions ) ) ) {
180
  $license = UM()->options()->get( "um_{$paid_extensions[ $value ]['key']}_license_key" );
181
 
182
+ if ( empty( $license ) ) {
183
  continue;
184
+ }
185
 
186
  $active_um_plugins[ $value ] = $paid_extensions[ $value ];
187
  $active_um_plugins[ $value ]['license'] = $license;
205
  * Check license function
206
  */
207
  function um_checklicenses() {
208
+ $exts = $this->get_active_plugins();
209
 
210
  if ( 0 == count( $exts ) ) {
211
  return;
233
  }
234
 
235
  $request = wp_remote_post(
236
+ UM()->store_url,
237
  array(
238
+ 'timeout' => UM()->request_timeout,
239
  'sslverify' => false,
240
  'body' => $api_params
241
  )
242
  );
243
 
244
+ if ( ! is_wp_error( $request ) ) {
245
  $request = json_decode( wp_remote_retrieve_body( $request ) );
246
+ }
247
 
248
  $request = ( $request ) ? maybe_unserialize( $request ) : false;
249
 
250
  if ( $request ) {
251
  foreach ( $exts as $slug => $data ) {
252
+ if ( ! empty( $request->$slug->license_check ) ) {
253
  update_option( "{$data['key']}_edd_answer", $request->$slug->license_check );
254
+ }
255
 
256
  if ( ! empty( $request->$slug->get_version_check ) ) {
257
 
258
  $request->$slug->get_version_check = json_decode( $request->$slug->get_version_check );
259
 
260
+ if ( ! empty( $request->$slug->get_version_check->package ) ) {
261
  $request->$slug->get_version_check->package = $this->extend_download_url( $request->$slug->get_version_check->package, $slug, $data );
262
+ }
263
 
264
+ if ( ! empty( $request->$slug->get_version_check->download_link ) ) {
265
  $request->$slug->get_version_check->download_link = $this->extend_download_url( $request->$slug->get_version_check->download_link, $slug, $data );
266
+ }
267
 
268
  if ( isset( $request->$slug->get_version_check->sections ) ) {
269
  $request->$slug->get_version_check->sections = maybe_unserialize( $request->$slug->get_version_check->sections );
270
+ $request->$slug->get_version_check->sections = (array) $request->$slug->get_version_check->sections;
271
  } else {
272
  $request->$slug->get_version_check = new \WP_Error( 'plugins_api_failed',
273
  sprintf(
274
  /* translators: %s: support forums URL */
275
+ __( 'An unexpected error occurred. Something may be wrong with %s or this server&#8217;s configuration. If you continue to have problems, please try the <a href="%s">support forums</a>.' ),
276
+ UM()->store_url,
277
  __( 'https://wordpress.org/support/' )
278
  ),
279
  wp_remote_retrieve_body( $request->$slug->get_version_check )
280
  );
281
  }
282
 
283
+ if ( isset( $request->$slug->get_version_check->banners ) ) {
284
+ $request->$slug->get_version_check->banners = maybe_unserialize( $request->$slug->get_version_check->banners );
285
+ }
286
+
287
+ if ( isset( $request->$slug->get_version_check->icons ) ) {
288
+ $request->$slug->get_version_check->icons = maybe_unserialize( $request->$slug->get_version_check->icons );
289
+ }
290
+
291
+ if ( ! empty( $request->$slug->get_version_check->sections ) ) {
292
+ foreach( $request->$slug->get_version_check->sections as $key => $section ) {
293
+ $request->$slug->get_version_check->$key = (array) $section;
294
+ }
295
+ }
296
+
297
+ $this->set_version_info_cache( $slug, $request->$slug->get_version_check );
298
  }
299
  }
300
  }
310
  * @param array $_transient_data plugin update array build by WordPress.
311
  * @return \stdClass modified plugin update array.
312
  */
313
+ function check_update( $_transient_data ) {
314
  global $pagenow;
315
 
316
+ if ( ! is_object( $_transient_data ) ) {
317
  $_transient_data = new \stdClass;
318
+ }
319
 
320
+ if ( 'plugins.php' == $pagenow && is_multisite() ) {
321
  return $_transient_data;
322
+ }
323
+
324
+ $exts = $this->get_active_plugins();
325
 
 
326
  foreach ( $exts as $slug => $data ) {
327
+ //if response for current product isn't empty check for override
328
+ if ( ! empty( $_transient_data->response ) && ! empty( $_transient_data->response[ $slug ] ) && $_transient_data->last_checked > time() - DAY_IN_SECONDS ) {
329
+ continue;
330
+ }
331
 
332
  $plugin_data = get_plugin_data( WP_PLUGIN_DIR . DIRECTORY_SEPARATOR . $slug );
333
 
334
+ $version_info = $this->get_cached_version_info( $slug );
335
+ if ( false === $version_info ) {
336
+ $version_info = $this->single_request( 'plugin_latest_version', array(
337
+ 'slug' => $slug,
338
+ 'license' => $data['license'],
339
+ 'item_name' => $data['title'],
340
+ 'version' => $plugin_data['Version']
341
+ ) );
342
 
343
+ $this->set_version_info_cache( $slug, $version_info );
344
+ }
345
 
346
  if ( false !== $version_info && is_object( $version_info ) && isset( $version_info->new_version ) ) {
347
  //show update version block if new version > then current
348
+ if ( version_compare( $plugin_data['Version'], $version_info->new_version, '<' ) ) {
349
  $_transient_data->response[ $slug ] = $version_info;
350
+ $_transient_data->response[ $slug ]->plugin = $slug;
351
+ }
352
 
353
  $_transient_data->last_checked = time();
354
  $_transient_data->checked[ $slug ] = $plugin_data['Version'];
360
  }
361
 
362
 
363
+
364
+ /**
365
+ * Calls the API and, if successfull, returns the object delivered by the API.
366
+ *
367
+ * @uses get_bloginfo()
368
+ * @uses wp_remote_post()
369
+ * @uses is_wp_error()
370
+ *
371
+ * @param string $_action The requested action.
372
+ * @param array $_data Parameters for the API action.
373
+ * @return false|object
374
+ */
375
+ private function single_request( $_action, $_data ) {
376
+ $api_params = array(
377
+ 'edd_action' => 'get_version',
378
+ 'author' => 'Ultimate Member',
379
+ 'url' => home_url(),
380
+ 'beta' => false,
381
+ );
382
+
383
+ $api_params = array_merge( $api_params, $_data );
384
+
385
+ $request = wp_remote_post(
386
+ UM()->store_url,
387
+ array(
388
+ 'timeout' => UM()->request_timeout,
389
+ 'sslverify' => false,
390
+ 'body' => $api_params
391
+ )
392
+ );
393
+
394
+ if ( ! is_wp_error( $request ) ) {
395
+ $request = json_decode( wp_remote_retrieve_body( $request ) );
396
+ }
397
+
398
+ if ( $request && isset( $request->sections ) ) {
399
+ $request->sections = maybe_unserialize( $request->sections );
400
+ $request->sections = (array) $request->sections;
401
+ } else {
402
+ $request = false;
403
+ }
404
+
405
+ if ( $request && isset( $request->banners ) ) {
406
+ $request->banners = maybe_unserialize( $request->banners );
407
+ }
408
+
409
+ if ( $request && isset( $request->icons ) ) {
410
+ $request->icons = maybe_unserialize( $request->icons );
411
+ }
412
+
413
+ if( ! empty( $request->sections ) ) {
414
+ foreach ( $request->sections as $key => $section ) {
415
+ $request->$key = (array) $section;
416
+ }
417
+ }
418
+
419
+ if ( ! empty( $request->package ) ) {
420
+ $request->package = $this->extend_download_url( $request->package, $_data['slug'], $_data );
421
+ }
422
+
423
+ if ( ! empty( $request->download_link ) ) {
424
+ $request->download_link = $this->extend_download_url( $request->download_link, $_data['slug'], $_data );
425
+ }
426
+
427
+ return $request;
428
+ }
429
+
430
+
431
  /**
432
  * Updates information on the "View version x.x details" popup with custom data.
433
  *
436
  * @param object $_args
437
  * @return object $_data
438
  */
439
+ function plugin_information( $_data, $_action = '', $_args = null ) {
440
  //by default $data = false (from Wordpress)
441
+ if ( $_action != 'plugin_information' ) {
 
442
  return $_data;
443
+ }
444
 
445
+ $exts = $this->get_active_plugins();
 
446
  foreach ( $exts as $slug => $data ) {
447
+ if ( isset( $_args->slug ) && $_args->slug == $slug ) {
448
+ $api_request_transient = $this->get_cached_version_info( $slug );
449
+
450
+ if ( false === $api_request_transient ) {
451
+ $plugin_data = get_plugin_data( WP_PLUGIN_DIR . DIRECTORY_SEPARATOR . $slug );
452
+
453
+ $api_request_transient = $this->single_request( 'plugin_latest_version', array(
454
+ 'slug' => $slug,
455
+ 'license' => $data['license'],
456
+ 'item_name' => $data['title'],
457
+ 'version' => $plugin_data['Version']
458
+ ) );
459
+ $this->set_version_info_cache( $slug, $api_request_transient );
460
+ }
461
+ break;
462
+ }
463
  }
464
 
465
  //If we have no transient-saved value, run the API, set a fresh transient with the API value, and return that value too right now.
466
+ if ( isset( $api_request_transient ) ) {
467
+ $_data = $api_request_transient;
468
  }
469
 
 
 
 
470
  return $_data;
471
  }
472
 
517
 
518
  return $download_url;
519
  }
520
+
521
+
522
+ /**
523
+ * @param $slug
524
+ *
525
+ * @return bool|string
526
+ */
527
+ function get_cache_key( $slug ) {
528
+ $exts = $this->get_active_plugins();
529
+
530
+ if ( empty( $exts[ $slug ] ) ) {
531
+ return false;
532
+ }
533
+
534
+ return 'edd_sl_' . md5( serialize( $slug . $exts[ $slug ]['license'] ) );
535
+ }
536
+
537
+
538
+ /**
539
+ * @param $slug
540
+ *
541
+ * @return array|bool|mixed|object
542
+ */
543
+ function get_cached_version_info( $slug ) {
544
+ $cache_key = $this->get_cache_key( $slug );
545
+ if ( empty( $cache_key ) ) {
546
+ return false;
547
+ }
548
+
549
+ $cache = get_option( $cache_key );
550
+ if ( empty( $cache['timeout'] ) || time() > $cache['timeout'] ) {
551
+ return false; // Cache is expired
552
+ }
553
+
554
+ // We need to turn the icons into an array, thanks to WP Core forcing these into an object at some point.
555
+ $cache['value'] = json_decode( $cache['value'] );
556
+ if ( ! empty( $cache['value']->icons ) ) {
557
+ $cache['value']->icons = (array) $cache['value']->icons;
558
+ }
559
+ if ( ! empty( $cache['value']->sections ) ) {
560
+ $cache['value']->sections = (array) $cache['value']->sections;
561
+ }
562
+ if ( ! empty( $cache['value']->banners ) ) {
563
+ $cache['value']->banners = (array) $cache['value']->banners;
564
+ }
565
+
566
+ return $cache['value'];
567
+ }
568
+
569
+
570
+ /**
571
+ * @param $slug
572
+ * @param string $value
573
+ */
574
+ function set_version_info_cache( $slug, $value = '' ) {
575
+ $cache_key = $this->get_cache_key( $slug );
576
+ if ( empty( $cache_key ) ) {
577
+ return;
578
+ }
579
+
580
+ $data = array(
581
+ 'timeout' => strtotime( '+6 hours', time() ),
582
+ 'value' => json_encode( $value )
583
+ );
584
+
585
+ update_option( $cache_key, $data, 'no' );
586
+ }
587
  }
588
 
589
  }
includes/core/class-uploader.php CHANGED
@@ -1151,8 +1151,17 @@ if ( ! class_exists( 'um\core\Uploader' ) ) {
1151
  $old_filename = get_user_meta( $user_id, $key, true );
1152
  if ( ! empty( $old_filename ) ) {
1153
  $file = $user_basedir . DIRECTORY_SEPARATOR . $old_filename;
1154
- if ( file_exists( $file ) ) {
1155
- unlink( $file );
 
 
 
 
 
 
 
 
 
1156
  }
1157
  }
1158
 
1151
  $old_filename = get_user_meta( $user_id, $key, true );
1152
  if ( ! empty( $old_filename ) ) {
1153
  $file = $user_basedir . DIRECTORY_SEPARATOR . $old_filename;
1154
+
1155
+ $valid = true;
1156
+ //validate traversal file
1157
+ if ( validate_file( $file ) === 1 ) {
1158
+ $valid = false;
1159
+ }
1160
+
1161
+ if ( $valid ) {
1162
+ if ( file_exists( $file ) && um_is_file_owner( $file, $user_id ) ) {
1163
+ unlink( $file );
1164
+ }
1165
  }
1166
  }
1167
 
includes/core/class-validation.php CHANGED
@@ -73,7 +73,7 @@ if ( ! class_exists( 'um\core\Validation' ) ) {
73
  }
74
 
75
  //validation of correct values from options in wp-admin
76
- if ( in_array( $fields[ $key ]['type'], array( 'select', 'radio' ) ) &&
77
  isset( $value ) && ! empty( $fields[ $key ]['options'] ) &&
78
  ! in_array( $value, $fields[ $key ]['options'] ) ) {
79
  unset( $changes[ $key ] );
@@ -81,7 +81,7 @@ if ( ! class_exists( 'um\core\Validation' ) ) {
81
 
82
  //validation of correct values from options in wp-admin
83
  //the user cannot set invalid value in the hidden input at the page
84
- if ( in_array( $fields[ $key ]['type'], array( 'multiselect', 'checkbox' ) ) &&
85
  isset( $value ) && ! empty( $fields[ $key ]['options'] ) ) {
86
 
87
  $changes[ $key ] = array_intersect( $value, $fields[ $key ]['options'] );
73
  }
74
 
75
  //validation of correct values from options in wp-admin
76
+ if ( in_array( $fields[ $key ]['type'], array( 'select' ) ) &&
77
  isset( $value ) && ! empty( $fields[ $key ]['options'] ) &&
78
  ! in_array( $value, $fields[ $key ]['options'] ) ) {
79
  unset( $changes[ $key ] );
81
 
82
  //validation of correct values from options in wp-admin
83
  //the user cannot set invalid value in the hidden input at the page
84
+ if ( in_array( $fields[ $key ]['type'], array( 'multiselect', 'checkbox', 'radio' ) ) &&
85
  isset( $value ) && ! empty( $fields[ $key ]['options'] ) ) {
86
 
87
  $changes[ $key ] = array_intersect( $value, $fields[ $key ]['options'] );
includes/core/um-actions-profile.php CHANGED
@@ -247,7 +247,7 @@ function um_user_edit_profile( $args ) {
247
  }
248
 
249
  //validation of correct values from options in wp-admin
250
- if ( in_array( $array['type'], array( 'select', 'radio' ) ) &&
251
  isset( $args['submitted'][ $key ] ) && ! empty( $array['options'] ) &&
252
  ! in_array( $args['submitted'][ $key ], $array['options'] ) ) {
253
  continue;
@@ -255,7 +255,7 @@ function um_user_edit_profile( $args ) {
255
 
256
  //validation of correct values from options in wp-admin
257
  //the user cannot set invalid value in the hidden input at the page
258
- if ( in_array( $array['type'], array( 'multiselect', 'checkbox' ) ) &&
259
  isset( $args['submitted'][ $key ] ) && ! empty( $array['options'] ) ) {
260
 
261
  $args['submitted'][ $key ] = array_intersect( $args['submitted'][ $key ], $array['options'] );
@@ -267,11 +267,15 @@ function um_user_edit_profile( $args ) {
267
 
268
  if ( isset( $args['submitted'][ $key ] ) ) {
269
 
270
- if ( isset( $array['type'] ) && in_array( $array['type'], array( 'image', 'file' ) ) &&
271
- ( /*um_is_file_owner( UM()->uploader()->get_upload_base_url() . um_user( 'ID' ) . '/' . $args['submitted'][ $key ], um_user( 'ID' ) ) ||*/
272
- um_is_temp_file( $args['submitted'][ $key ] ) || $args['submitted'][ $key ] == 'empty_file' ) ) {
273
 
274
- $files[ $key ] = $args['submitted'][ $key ];
 
 
 
 
 
 
275
 
276
  } else {
277
  if ( $array['type'] == 'password' ) {
@@ -461,6 +465,9 @@ function um_user_edit_profile( $args ) {
461
  add_action( 'um_user_edit_profile', 'um_user_edit_profile', 10 );
462
 
463
 
 
 
 
464
  /**
465
  * Leave roles for User, which are not in the list of update profile (are default WP or 3rd plugins roles)
466
  *
247
  }
248
 
249
  //validation of correct values from options in wp-admin
250
+ if ( in_array( $array['type'], array( 'select' ) ) &&
251
  isset( $args['submitted'][ $key ] ) && ! empty( $array['options'] ) &&
252
  ! in_array( $args['submitted'][ $key ], $array['options'] ) ) {
253
  continue;
255
 
256
  //validation of correct values from options in wp-admin
257
  //the user cannot set invalid value in the hidden input at the page
258
+ if ( in_array( $array['type'], array( 'multiselect', 'checkbox', 'radio' ) ) &&
259
  isset( $args['submitted'][ $key ] ) && ! empty( $array['options'] ) ) {
260
 
261
  $args['submitted'][ $key ] = array_intersect( $args['submitted'][ $key ], $array['options'] );
267
 
268
  if ( isset( $args['submitted'][ $key ] ) ) {
269
 
270
+ if ( isset( $array['type'] ) && in_array( $array['type'], array( 'image', 'file' ) ) ) {
 
 
271
 
272
+ if ( /*um_is_file_owner( UM()->uploader()->get_upload_base_url() . um_user( 'ID' ) . '/' . $args['submitted'][ $key ], um_user( 'ID' ) ) ||*/ um_is_temp_file( $args['submitted'][ $key ] ) || $args['submitted'][ $key ] == 'empty_file' ) {
273
+ $files[ $key ] = $args['submitted'][ $key ];
274
+ } elseif( um_is_file_owner( UM()->uploader()->get_upload_base_url() . um_user( 'ID' ) . '/' . $args['submitted'][ $key ], um_user( 'ID' ) ) ) {
275
+ /*$files[ $key ] = 'empty_file';*/
276
+ } else {
277
+ $files[ $key ] = 'empty_file';
278
+ }
279
 
280
  } else {
281
  if ( $array['type'] == 'password' ) {
465
  add_action( 'um_user_edit_profile', 'um_user_edit_profile', 10 );
466
 
467
 
468
+ add_filter( 'um_user_pre_updating_files_array', array( UM()->validation(), 'validate_files' ), 10, 1 );
469
+ add_filter( 'um_before_save_filter_submitted', array( UM()->validation(), 'validate_fields_values' ), 10, 2 );
470
+
471
  /**
472
  * Leave roles for User, which are not in the list of update profile (are default WP or 3rd plugins roles)
473
  *
includes/core/um-actions-register.php CHANGED
@@ -602,7 +602,7 @@ function um_registration_save_files( $user_id, $args ) {
602
 
603
  foreach ( $fields as $key => $array ) {
604
 
605
- if ( isset( $args['submitted'][$key] ) ) {
606
 
607
  if ( isset( $fields[ $key ]['type'] ) && in_array( $fields[ $key ]['type'], array( 'image', 'file' ) ) &&
608
  ( um_is_temp_file( $args['submitted'][ $key ] ) || $args['submitted'][ $key ] == 'empty_file' )
602
 
603
  foreach ( $fields as $key => $array ) {
604
 
605
+ if ( isset( $args['submitted'][ $key ] ) ) {
606
 
607
  if ( isset( $fields[ $key ]['type'] ) && in_array( $fields[ $key ]['type'], array( 'image', 'file' ) ) &&
608
  ( um_is_temp_file( $args['submitted'][ $key ] ) || $args['submitted'][ $key ] == 'empty_file' )
includes/core/um-filters-fields.php CHANGED
@@ -658,14 +658,38 @@ function um_profile_field_filter_xss_validation( $value, $data, $type = '' ) {
658
  $value = stripslashes( $value );
659
  $data['validate'] = isset( $data['validate'] ) ? $data['validate'] : '';
660
 
661
- if( 'text' == $type && ! in_array( $data['validate'], array( 'unique_email' ) ) || 'password' == $type ) {
662
  $value = esc_attr( $value );
663
- } elseif( $type == 'url' ) {
664
  $value = esc_url( $value );
665
  } elseif ( 'textarea' == $type ) {
666
  if ( empty( $data['html'] ) ) {
667
  $value = wp_kses_post( $value );
668
  }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
669
  }
670
  }
671
 
658
  $value = stripslashes( $value );
659
  $data['validate'] = isset( $data['validate'] ) ? $data['validate'] : '';
660
 
661
+ if ( 'text' == $type && ! in_array( $data['validate'], array( 'unique_email' ) ) || 'password' == $type ) {
662
  $value = esc_attr( $value );
663
+ } elseif ( $type == 'url' ) {
664
  $value = esc_url( $value );
665
  } elseif ( 'textarea' == $type ) {
666
  if ( empty( $data['html'] ) ) {
667
  $value = wp_kses_post( $value );
668
  }
669
+ } elseif ( 'rating' == $type ) {
670
+ if ( ! is_numeric( $value ) ) {
671
+ $value = 0;
672
+ } else {
673
+ if ( $data['number'] == 5 ) {
674
+ if ( ! in_array( $value, range( 1, 5 ) ) ) {
675
+ $value = 0;
676
+ }
677
+ } elseif ( $data['number'] == 10 ) {
678
+ if ( ! in_array( $value, range( 1, 10 ) ) ) {
679
+ $value = 0;
680
+ }
681
+ }
682
+ }
683
+ } elseif ( 'select' == $type || 'radio' == $type ) {
684
+ if ( ! empty( $data['options'] ) && ! in_array( $value, $data['options'] ) ) {
685
+ $value = '';
686
+ }
687
+ }
688
+ } elseif ( ! empty( $value ) ) {
689
+ if ( 'multiselect' == $type || 'checkbox' == $type ) {
690
+ if ( ! empty( $data['options'] ) && is_array( $value ) ) {
691
+ $value = array_intersect( $value, $data['options'] );
692
+ }
693
  }
694
  }
695
 
languages/ultimate-member-en_US.mo CHANGED
Binary file
languages/ultimate-member-en_US.po CHANGED
@@ -1,8 +1,8 @@
1
  msgid ""
2
  msgstr ""
3
  "Project-Id-Version: Ultimate Member\n"
4
- "POT-Creation-Date: 2019-05-08 17:47+0300\n"
5
- "PO-Revision-Date: 2019-05-08 17:47+0300\n"
6
  "Last-Translator: \n"
7
  "Language-Team: \n"
8
  "Language: en_US\n"
@@ -21,7 +21,7 @@ msgstr ""
21
  "X-Poedit-SearchPath-0: .\n"
22
  "X-Poedit-SearchPathExcluded-0: *.js\n"
23
 
24
- #: includes/admin/class-admin-functions.php:35 includes/class-functions.php:30
25
  msgid "Wrong Nonce"
26
  msgstr ""
27
 
@@ -268,7 +268,7 @@ msgstr ""
268
  #: includes/admin/core/class-admin-forms.php:951
269
  #: includes/admin/core/class-admin-forms.php:960
270
  #: includes/admin/core/class-admin-notices.php:390
271
- #: includes/core/um-actions-profile.php:592
272
  msgid "Remove"
273
  msgstr ""
274
 
@@ -3615,11 +3615,11 @@ msgstr ""
3615
  #: includes/admin/templates/modal/fonticons.php:11
3616
  #: includes/admin/templates/role/publish.php:24
3617
  #: includes/core/class-fields.php:2333 includes/core/class-fields.php:2430
3618
- #: includes/core/um-actions-profile.php:593
3619
- #: includes/core/um-actions-profile.php:732
3620
- #: includes/core/um-actions-profile.php:765
3621
- #: includes/core/um-actions-profile.php:1110
3622
  #: includes/core/um-actions-profile.php:1117
 
3623
  msgid "Cancel"
3624
  msgstr ""
3625
 
@@ -3982,7 +3982,7 @@ msgid "Members"
3982
  msgstr ""
3983
 
3984
  #: includes/class-config.php:133 includes/class-config.php:745
3985
- #: includes/core/um-actions-profile.php:1116
3986
  #: includes/core/um-actions-user.php:15
3987
  msgid "Logout"
3988
  msgstr ""
@@ -4399,7 +4399,7 @@ msgid "Cover Photo"
4399
  msgstr ""
4400
 
4401
  #: includes/core/class-builtin.php:1085
4402
- #: includes/core/um-actions-profile.php:555
4403
  msgid "Change your cover photo"
4404
  msgstr ""
4405
 
@@ -6369,7 +6369,7 @@ msgid "Upload Photo"
6369
  msgstr ""
6370
 
6371
  #: includes/core/class-fields.php:2308 includes/core/class-fields.php:2332
6372
- #: includes/core/um-actions-profile.php:763
6373
  msgid "Change photo"
6374
  msgstr ""
6375
 
@@ -6404,35 +6404,35 @@ msgstr ""
6404
  msgid "This user has not added any information to their profile yet."
6405
  msgstr ""
6406
 
6407
- #: includes/core/class-files.php:271
6408
  msgid "Invalid parameters"
6409
  msgstr ""
6410
 
6411
- #: includes/core/class-files.php:276
6412
  msgid "Invalid coordinates"
6413
  msgstr ""
6414
 
6415
- #: includes/core/class-files.php:281
6416
  msgid "Invalid file ownership"
6417
  msgstr ""
6418
 
6419
- #: includes/core/class-files.php:336
6420
  msgid "Invalid nonce"
6421
  msgstr ""
6422
 
6423
- #: includes/core/class-files.php:358 includes/core/class-files.php:445
6424
  msgid "A theme or plugin compatibility issue"
6425
  msgstr ""
6426
 
6427
- #: includes/core/class-files.php:988
6428
  msgid "Ultimate Member: Not a valid temp file"
6429
  msgstr ""
6430
 
6431
- #: includes/core/class-files.php:1116
6432
  msgid "Invalid user ID: "
6433
  msgstr ""
6434
 
6435
- #: includes/core/class-files.php:1125 includes/core/class-files.php:1153
6436
  msgid "Unauthorized to do this attempt."
6437
  msgstr ""
6438
 
@@ -6492,15 +6492,15 @@ msgid "This activation link is expired or have already been used."
6492
  msgstr ""
6493
 
6494
  #. translators: %s: support forums URL
6495
- #: includes/core/class-plugin-updater.php:270
6496
  #, php-format
6497
  msgid ""
6498
- "An unexpected error occurred. Something may be wrong with https://"
6499
- "ultimatemember.com/ or this server&#8217;s configuration. If you continue to "
6500
- "have problems, please try the <a href=\"%s\">support forums</a>."
6501
  msgstr ""
6502
 
6503
- #: includes/core/class-plugin-updater.php:271
6504
  msgid "https://wordpress.org/support/"
6505
  msgstr ""
6506
 
@@ -6949,42 +6949,42 @@ msgstr ""
6949
  msgid "You are not allowed to edit this user."
6950
  msgstr ""
6951
 
6952
- #: includes/core/um-actions-profile.php:279
6953
  #, php-format
6954
  msgid "Your choosed %s"
6955
  msgstr ""
6956
 
6957
- #: includes/core/um-actions-profile.php:591
6958
  msgid "Change cover photo"
6959
  msgstr ""
6960
 
6961
- #: includes/core/um-actions-profile.php:634
6962
  msgid "Upload a cover photo"
6963
  msgstr ""
6964
 
6965
- #: includes/core/um-actions-profile.php:731
6966
  msgid "Upload photo"
6967
  msgstr ""
6968
 
6969
- #: includes/core/um-actions-profile.php:764
6970
  msgid "Remove photo"
6971
  msgstr ""
6972
 
6973
- #: includes/core/um-actions-profile.php:928
6974
  msgid "Tell us a bit about yourself..."
6975
  msgstr ""
6976
 
6977
- #: includes/core/um-actions-profile.php:944
6978
  #, php-format
6979
  msgid "This user account status is %s"
6980
  msgstr ""
6981
 
6982
- #: includes/core/um-actions-profile.php:1083
6983
- #: includes/core/um-actions-profile.php:1114
6984
  msgid "Edit Profile"
6985
  msgstr ""
6986
 
6987
- #: includes/core/um-actions-profile.php:1115
6988
  msgid "My Account"
6989
  msgstr ""
6990
 
1
  msgid ""
2
  msgstr ""
3
  "Project-Id-Version: Ultimate Member\n"
4
+ "POT-Creation-Date: 2019-05-10 20:47+0300\n"
5
+ "PO-Revision-Date: 2019-05-10 20:47+0300\n"
6
  "Last-Translator: \n"
7
  "Language-Team: \n"
8
  "Language: en_US\n"
21
  "X-Poedit-SearchPath-0: .\n"
22
  "X-Poedit-SearchPathExcluded-0: *.js\n"
23
 
24
+ #: includes/admin/class-admin-functions.php:35 includes/class-functions.php:45
25
  msgid "Wrong Nonce"
26
  msgstr ""
27
 
268
  #: includes/admin/core/class-admin-forms.php:951
269
  #: includes/admin/core/class-admin-forms.php:960
270
  #: includes/admin/core/class-admin-notices.php:390
271
+ #: includes/core/um-actions-profile.php:599
272
  msgid "Remove"
273
  msgstr ""
274
 
3615
  #: includes/admin/templates/modal/fonticons.php:11
3616
  #: includes/admin/templates/role/publish.php:24
3617
  #: includes/core/class-fields.php:2333 includes/core/class-fields.php:2430
3618
+ #: includes/core/um-actions-profile.php:600
3619
+ #: includes/core/um-actions-profile.php:739
3620
+ #: includes/core/um-actions-profile.php:772
 
3621
  #: includes/core/um-actions-profile.php:1117
3622
+ #: includes/core/um-actions-profile.php:1124
3623
  msgid "Cancel"
3624
  msgstr ""
3625
 
3982
  msgstr ""
3983
 
3984
  #: includes/class-config.php:133 includes/class-config.php:745
3985
+ #: includes/core/um-actions-profile.php:1123
3986
  #: includes/core/um-actions-user.php:15
3987
  msgid "Logout"
3988
  msgstr ""
4399
  msgstr ""
4400
 
4401
  #: includes/core/class-builtin.php:1085
4402
+ #: includes/core/um-actions-profile.php:562
4403
  msgid "Change your cover photo"
4404
  msgstr ""
4405
 
6369
  msgstr ""
6370
 
6371
  #: includes/core/class-fields.php:2308 includes/core/class-fields.php:2332
6372
+ #: includes/core/um-actions-profile.php:770
6373
  msgid "Change photo"
6374
  msgstr ""
6375
 
6404
  msgid "This user has not added any information to their profile yet."
6405
  msgstr ""
6406
 
6407
+ #: includes/core/class-files.php:281
6408
  msgid "Invalid parameters"
6409
  msgstr ""
6410
 
6411
+ #: includes/core/class-files.php:286
6412
  msgid "Invalid coordinates"
6413
  msgstr ""
6414
 
6415
+ #: includes/core/class-files.php:291
6416
  msgid "Invalid file ownership"
6417
  msgstr ""
6418
 
6419
+ #: includes/core/class-files.php:346
6420
  msgid "Invalid nonce"
6421
  msgstr ""
6422
 
6423
+ #: includes/core/class-files.php:368 includes/core/class-files.php:454
6424
  msgid "A theme or plugin compatibility issue"
6425
  msgstr ""
6426
 
6427
+ #: includes/core/class-files.php:997
6428
  msgid "Ultimate Member: Not a valid temp file"
6429
  msgstr ""
6430
 
6431
+ #: includes/core/class-files.php:1125
6432
  msgid "Invalid user ID: "
6433
  msgstr ""
6434
 
6435
+ #: includes/core/class-files.php:1134 includes/core/class-files.php:1162
6436
  msgid "Unauthorized to do this attempt."
6437
  msgstr ""
6438
 
6492
  msgstr ""
6493
 
6494
  #. translators: %s: support forums URL
6495
+ #: includes/core/class-plugin-updater.php:275
6496
  #, php-format
6497
  msgid ""
6498
+ "An unexpected error occurred. Something may be wrong with %s or this "
6499
+ "server&#8217;s configuration. If you continue to have problems, please try "
6500
+ "the <a href=\"%s\">support forums</a>."
6501
  msgstr ""
6502
 
6503
+ #: includes/core/class-plugin-updater.php:277
6504
  msgid "https://wordpress.org/support/"
6505
  msgstr ""
6506
 
6949
  msgid "You are not allowed to edit this user."
6950
  msgstr ""
6951
 
6952
+ #: includes/core/um-actions-profile.php:283
6953
  #, php-format
6954
  msgid "Your choosed %s"
6955
  msgstr ""
6956
 
6957
+ #: includes/core/um-actions-profile.php:598
6958
  msgid "Change cover photo"
6959
  msgstr ""
6960
 
6961
+ #: includes/core/um-actions-profile.php:641
6962
  msgid "Upload a cover photo"
6963
  msgstr ""
6964
 
6965
+ #: includes/core/um-actions-profile.php:738
6966
  msgid "Upload photo"
6967
  msgstr ""
6968
 
6969
+ #: includes/core/um-actions-profile.php:771
6970
  msgid "Remove photo"
6971
  msgstr ""
6972
 
6973
+ #: includes/core/um-actions-profile.php:935
6974
  msgid "Tell us a bit about yourself..."
6975
  msgstr ""
6976
 
6977
+ #: includes/core/um-actions-profile.php:951
6978
  #, php-format
6979
  msgid "This user account status is %s"
6980
  msgstr ""
6981
 
6982
+ #: includes/core/um-actions-profile.php:1090
6983
+ #: includes/core/um-actions-profile.php:1121
6984
  msgid "Edit Profile"
6985
  msgstr ""
6986
 
6987
+ #: includes/core/um-actions-profile.php:1122
6988
  msgid "My Account"
6989
  msgstr ""
6990
 
readme.txt CHANGED
@@ -6,7 +6,7 @@ Donate link:
6
  Tags: community, member, membership, user-profile, user-registration
7
  Requires at least: 4.9
8
  Tested up to: 5.2
9
- Stable tag: 2.0.45
10
  License: GNU Version 2 or Any Later Version
11
  License URI: http://www.gnu.org/licenses/gpl-3.0.txt
12
 
@@ -133,6 +133,13 @@ The plugin works with popular caching plugins by automatically excluding Ultimat
133
 
134
  = Important: UM2.0+ is a significant update to the code base from 1.3.88. Please make sure you take a full-site backup with restore point before updating the plugin =
135
 
 
 
 
 
 
 
 
136
  = 2.0.45: May 08, 2019 =
137
 
138
  * Bugfixes:
6
  Tags: community, member, membership, user-profile, user-registration
7
  Requires at least: 4.9
8
  Tested up to: 5.2
9
+ Stable tag: 2.0.46
10
  License: GNU Version 2 or Any Later Version
11
  License URI: http://www.gnu.org/licenses/gpl-3.0.txt
12
 
133
 
134
  = Important: UM2.0+ is a significant update to the code base from 1.3.88. Please make sure you take a full-site backup with restore point before updating the plugin =
135
 
136
+ = 2.0.46: May 10, 2019 =
137
+
138
+ * Bugfixes:
139
+ - Fixed extensions' upgrader
140
+ - Security vulnerabilities on Profile/Registration submit and file/images uploading
141
+ - Fixed session clean on logout
142
+
143
  = 2.0.45: May 08, 2019 =
144
 
145
  * Bugfixes:
ultimate-member.php CHANGED
@@ -3,7 +3,7 @@
3
  Plugin Name: Ultimate Member
4
  Plugin URI: http://ultimatemember.com/
5
  Description: The easiest way to create powerful online communities and beautiful user profiles with WordPress
6
- Version: 2.0.45
7
  Author: Ultimate Member
8
  Author URI: http://ultimatemember.com/
9
  Text Domain: ultimate-member
3
  Plugin Name: Ultimate Member
4
  Plugin URI: http://ultimatemember.com/
5
  Description: The easiest way to create powerful online communities and beautiful user profiles with WordPress
6
+ Version: 2.0.46
7
  Author: Ultimate Member
8
  Author URI: http://ultimatemember.com/
9
  Text Domain: ultimate-member