Ultimate Member – User Profile & Membership Plugin - Version 2.1.11

Version Description

Download this release

Release Info

Developer nsinelnikov
Plugin Icon 128x128 Ultimate Member – User Profile & Membership Plugin
Version 2.1.11
Comparing to
See all releases

Code changes from version 2.1.10 to 2.1.11

Files changed (13) hide show
  1. includes/admin/core/class-admin-enqueue.php +0 -4
  2. includes/admin/core/class-admin-menu.php +3 -3
  3. includes/admin/templates/extensions.php +0 -6
  4. includes/core/class-access.php +12 -7
  5. includes/core/class-form.php +32 -18
  6. includes/core/class-plugin-updater.php +37 -0
  7. includes/core/class-roles-capabilities.php +0 -12
  8. includes/core/um-actions-form.php +23 -0
  9. includes/core/um-actions-profile.php +51 -10
  10. includes/core/um-actions-register.php +2 -0
  11. includes/um-short-functions.php +37 -6
  12. readme.txt +11 -4
  13. ultimate-member.php +1 -1
includes/admin/core/class-admin-enqueue.php CHANGED
@@ -505,10 +505,6 @@ if ( ! class_exists( 'um\admin\core\Admin_Enqueue' ) ) {
505
  /**
506
  * create gutenberg blocks
507
  */
508
- register_block_type( 'um-block/um-user-profile-wall', array(
509
- 'editor_script' => 'um-blocks-shortcode-js',
510
- ) );
511
-
512
  register_block_type( 'um-block/um-forms', array(
513
  'editor_script' => 'um-blocks-shortcode-js',
514
  ) );
505
  /**
506
  * create gutenberg blocks
507
  */
 
 
 
 
508
  register_block_type( 'um-block/um-forms', array(
509
  'editor_script' => 'um-blocks-shortcode-js',
510
  ) );
includes/admin/core/class-admin-menu.php CHANGED
@@ -125,15 +125,15 @@ if ( ! class_exists( 'um\admin\core\Admin_Menu' ) ) {
125
  if ( is_array( $menu ) ) {
126
  foreach ( $menu as $key => $menu_item ) {
127
  if ( 0 === strpos( $menu_item[0], _x( 'Users', 'Admin menu name' ) ) ) {
128
- $menu[ $key ][0] .= ' <span class="update-plugins count-'.$count.'"><span class="processing-count">'.$count.'</span></span>';
129
  }
130
  }
131
  }
132
 
133
- if ( is_array( $submenu ) ) {
134
  foreach ( $submenu['users.php'] as $key => $menu_item ) {
135
  if ( 0 === strpos( $menu_item[0], _x( 'All Users', 'Admin menu name' ) ) ) {
136
- $submenu['users.php'][ $key ][0] .= ' <span class="update-plugins count-'.$count.'"><span class="processing-count">'.$count.'</span></span>';
137
  }
138
  }
139
  }
125
  if ( is_array( $menu ) ) {
126
  foreach ( $menu as $key => $menu_item ) {
127
  if ( 0 === strpos( $menu_item[0], _x( 'Users', 'Admin menu name' ) ) ) {
128
+ $menu[ $key ][0] .= ' <span class="update-plugins count-' . $count . '"><span class="processing-count">' . $count . '</span></span>';
129
  }
130
  }
131
  }
132
 
133
+ if ( is_array( $submenu ) && isset( $submenu['users.php'] ) ) {
134
  foreach ( $submenu['users.php'] as $key => $menu_item ) {
135
  if ( 0 === strpos( $menu_item[0], _x( 'All Users', 'Admin menu name' ) ) ) {
136
+ $submenu['users.php'][ $key ][0] .= ' <span class="update-plugins count-' .$count . '"><span class="processing-count">' . $count . '</span></span>';
137
  }
138
  }
139
  }
includes/admin/templates/extensions.php CHANGED
@@ -66,12 +66,6 @@ $premium['social-login'] = array(
66
  'desc' => 'Let users register & login to your site via Facebook, Twitter, G+, LinkedIn, and more',
67
  );
68
 
69
- $premium['instagram'] = array(
70
- 'url' => 'https://ultimatemember.com/extensions/instagram/',
71
- 'name' => 'Instagram',
72
- 'desc' => 'Allow users to show their Instagram photos on their profile',
73
- );
74
-
75
  $premium['user-tags'] = array(
76
  'url' => 'https://ultimatemember.com/extensions/user-tags/',
77
  'name' => 'User Tags',
66
  'desc' => 'Let users register & login to your site via Facebook, Twitter, G+, LinkedIn, and more',
67
  );
68
 
 
 
 
 
 
 
69
  $premium['user-tags'] = array(
70
  'url' => 'https://ultimatemember.com/extensions/user-tags/',
71
  'name' => 'User Tags',
includes/core/class-access.php CHANGED
@@ -248,11 +248,12 @@ if ( ! class_exists( 'um\core\Access' ) ) {
248
  $ms_empty_role_access = is_multisite() && is_user_logged_in() && !UM()->roles()->get_priority_user_role( um_user('ID') );
249
 
250
  if ( is_front_page() ) {
251
- if ( is_user_logged_in() && !$ms_empty_role_access ) {
252
 
253
  $user_default_homepage = um_user( 'default_homepage' );
254
- if ( ! empty( $user_default_homepage ) )
255
  return;
 
256
 
257
  $redirect_homepage = um_user( 'redirect_homepage' );
258
  /**
@@ -291,8 +292,9 @@ if ( ! class_exists( 'um\core\Access' ) ) {
291
  if ( $home_page_accessible == 0 ) {
292
  //get redirect URL if not set get login page by default
293
  $redirect = UM()->options()->get( 'access_redirect' );
294
- if ( ! $redirect )
295
  $redirect = um_get_core_page( 'login' );
 
296
 
297
  $this->redirect_handler = $this->set_referer( esc_url( add_query_arg( 'redirect_to', urlencode_deep( $curr ), $redirect ) ), 'global' );
298
  } else {
@@ -312,8 +314,9 @@ if ( ! class_exists( 'um\core\Access' ) ) {
312
  if ( $category_page_accessible == 0 ) {
313
  //get redirect URL if not set get login page by default
314
  $redirect = UM()->options()->get( 'access_redirect' );
315
- if ( ! $redirect )
316
  $redirect = um_get_core_page( 'login' );
 
317
 
318
  $this->redirect_handler = $this->set_referer( esc_url( add_query_arg( 'redirect_to', urlencode_deep( $curr ), $redirect ) ), 'global' );
319
  } else {
@@ -326,7 +329,7 @@ if ( ! class_exists( 'um\core\Access' ) ) {
326
 
327
  $access = UM()->options()->get( 'accessible' );
328
 
329
- if ( $access == 2 && ( !is_user_logged_in() || $ms_empty_role_access ) ) {
330
 
331
  //build exclude URLs pages
332
  $redirects = array();
@@ -391,8 +394,9 @@ if ( ! class_exists( 'um\core\Access' ) ) {
391
  //also skip if we currently at UM Register|Login|Reset Password pages
392
  if ( um_is_core_post( $post, 'register' ) ||
393
  um_is_core_post( $post, 'password-reset' ) ||
394
- um_is_core_post( $post, 'login' ) )
395
  return;
 
396
 
397
  /**
398
  * UM hook
@@ -413,8 +417,9 @@ if ( ! class_exists( 'um\core\Access' ) ) {
413
  */
414
  do_action( 'um_access_check_individual_term_settings' );
415
  //exit from function if term page is accessible
416
- if ( $this->check_access() )
417
  return;
 
418
 
419
  /**
420
  * UM hook
248
  $ms_empty_role_access = is_multisite() && is_user_logged_in() && !UM()->roles()->get_priority_user_role( um_user('ID') );
249
 
250
  if ( is_front_page() ) {
251
+ if ( is_user_logged_in() && ! $ms_empty_role_access ) {
252
 
253
  $user_default_homepage = um_user( 'default_homepage' );
254
+ if ( ! empty( $user_default_homepage ) ) {
255
  return;
256
+ }
257
 
258
  $redirect_homepage = um_user( 'redirect_homepage' );
259
  /**
292
  if ( $home_page_accessible == 0 ) {
293
  //get redirect URL if not set get login page by default
294
  $redirect = UM()->options()->get( 'access_redirect' );
295
+ if ( ! $redirect ) {
296
  $redirect = um_get_core_page( 'login' );
297
+ }
298
 
299
  $this->redirect_handler = $this->set_referer( esc_url( add_query_arg( 'redirect_to', urlencode_deep( $curr ), $redirect ) ), 'global' );
300
  } else {
314
  if ( $category_page_accessible == 0 ) {
315
  //get redirect URL if not set get login page by default
316
  $redirect = UM()->options()->get( 'access_redirect' );
317
+ if ( ! $redirect ) {
318
  $redirect = um_get_core_page( 'login' );
319
+ }
320
 
321
  $this->redirect_handler = $this->set_referer( esc_url( add_query_arg( 'redirect_to', urlencode_deep( $curr ), $redirect ) ), 'global' );
322
  } else {
329
 
330
  $access = UM()->options()->get( 'accessible' );
331
 
332
+ if ( $access == 2 && ( ! is_user_logged_in() || $ms_empty_role_access ) ) {
333
 
334
  //build exclude URLs pages
335
  $redirects = array();
394
  //also skip if we currently at UM Register|Login|Reset Password pages
395
  if ( um_is_core_post( $post, 'register' ) ||
396
  um_is_core_post( $post, 'password-reset' ) ||
397
+ um_is_core_post( $post, 'login' ) ) {
398
  return;
399
+ }
400
 
401
  /**
402
  * UM hook
417
  */
418
  do_action( 'um_access_check_individual_term_settings' );
419
  //exit from function if term page is accessible
420
+ if ( $this->check_access() ) {
421
  return;
422
+ }
423
 
424
  /**
425
  * UM hook
includes/core/class-form.php CHANGED
@@ -379,25 +379,30 @@ if ( ! class_exists( 'um\core\Form' ) ) {
379
  $custom_field_roles = $this->custom_field_roles( $this->form_data['custom_fields'] );
380
 
381
  if ( ! empty( $_POST['role'] ) ) {
382
- $role = $_POST['role'];
383
-
384
- if ( is_array( $_POST['role'] ) ) {
385
- $role = current( $_POST['role'] );
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
386
  }
387
-
388
- global $wp_roles;
389
- $role_keys = array_map( function( $item ) {
390
- return 'um_' . $item;
391
- }, get_option( 'um_roles', array() ) );
392
- $exclude_roles = array_diff( array_keys( $wp_roles->roles ), array_merge( $role_keys, array( 'subscriber' ) ) );
393
-
394
- if ( ! empty( $role ) &&
395
- ( ! in_array( $role, $custom_field_roles, true ) || in_array( $role, $exclude_roles ) ) ) {
396
- wp_die( __( 'This is not possible for security reasons.', 'ultimate-member' ) );
397
- }
398
-
399
- $this->post_form['role'] = $role;
400
- $this->post_form['submitted']['role'] = $role;
401
  }
402
 
403
  } elseif ( isset( $this->post_form['mode'] ) && $this->post_form['mode'] == 'register' ) {
@@ -606,6 +611,15 @@ if ( ! class_exists( 'um\core\Form' ) ) {
606
  foreach ( $fields as $field_key => $field_settings ) {
607
 
608
  if ( strstr( $field_key, 'role_' ) && is_array( $field_settings['options'] ) ) {
 
 
 
 
 
 
 
 
 
609
  $intersected_options = array();
610
  foreach ( $field_settings['options'] as $key => $title ) {
611
  if ( false !== $search_key = array_search( $title, $roles ) ) {
379
  $custom_field_roles = $this->custom_field_roles( $this->form_data['custom_fields'] );
380
 
381
  if ( ! empty( $_POST['role'] ) ) {
382
+ if ( ! empty( $custom_field_roles ) ) {
383
+ $role = $_POST['role'];
384
+
385
+ if ( is_array( $_POST['role'] ) ) {
386
+ $role = current( $_POST['role'] );
387
+ }
388
+
389
+ global $wp_roles;
390
+ $role_keys = array_map( function( $item ) {
391
+ return 'um_' . $item;
392
+ }, get_option( 'um_roles', array() ) );
393
+ $exclude_roles = array_diff( array_keys( $wp_roles->roles ), array_merge( $role_keys, array( 'subscriber' ) ) );
394
+
395
+ if ( ! empty( $role ) &&
396
+ ( ! in_array( $role, $custom_field_roles, true ) || in_array( $role, $exclude_roles ) ) ) {
397
+ wp_die( __( 'This is not possible for security reasons.', 'ultimate-member' ) );
398
+ }
399
+
400
+ $this->post_form['role'] = $role;
401
+ $this->post_form['submitted']['role'] = $role;
402
+ } else {
403
+ unset( $this->post_form['role'] );
404
+ unset( $this->post_form['submitted']['role'] );
405
  }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
406
  }
407
 
408
  } elseif ( isset( $this->post_form['mode'] ) && $this->post_form['mode'] == 'register' ) {
611
  foreach ( $fields as $field_key => $field_settings ) {
612
 
613
  if ( strstr( $field_key, 'role_' ) && is_array( $field_settings['options'] ) ) {
614
+
615
+ if ( $field_settings['editable'] == 0 ) {
616
+ continue;
617
+ }
618
+
619
+ if ( ! um_can_view_field( $field_settings ) ) {
620
+ continue;
621
+ }
622
+
623
  $intersected_options = array();
624
  foreach ( $field_settings['options'] as $key => $title ) {
625
  if ( false !== $search_key = array_search( $title, $roles ) ) {
includes/core/class-plugin-updater.php CHANGED
@@ -37,6 +37,30 @@ if ( ! class_exists( 'um\core\Plugin_Updater' ) ) {
37
 
38
  //plugin information info
39
  add_filter( 'plugins_api', array( &$this, 'plugin_information' ), 9999, 3 );
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
40
  }
41
 
42
 
@@ -367,6 +391,10 @@ if ( ! class_exists( 'um\core\Plugin_Updater' ) ) {
367
  continue;
368
  }
369
 
 
 
 
 
370
  $path = wp_normalize_path( WP_PLUGIN_DIR . DIRECTORY_SEPARATOR . $slug );
371
  if ( ! file_exists( $path ) ) {
372
  continue;
@@ -390,11 +418,20 @@ if ( ! class_exists( 'um\core\Plugin_Updater' ) ) {
390
  if ( version_compare( $plugin_data['Version'], $version_info->new_version, '<' ) ) {
391
  $_transient_data->response[ $slug ] = $version_info;
392
  $_transient_data->response[ $slug ]->plugin = $slug;
 
 
 
393
  }
394
 
395
  $_transient_data->last_checked = time();
396
  $_transient_data->checked[ $slug ] = $plugin_data['Version'];
397
 
 
 
 
 
 
 
398
  }
399
  }
400
 
37
 
38
  //plugin information info
39
  add_filter( 'plugins_api', array( &$this, 'plugin_information' ), 9999, 3 );
40
+
41
+ // make this only for version which have the update packages
42
+ //add_filter( 'auto_update_plugin', array( &$this, 'prevent_dangerous_auto_updates' ), 99, 2 );
43
+ }
44
+
45
+
46
+ /**
47
+ * Prevent auto-updating the WooCommerce plugin on major releases if there are untested extensions active.
48
+ *
49
+ * @since 3.2.0
50
+ * @param bool $should_update If should update.
51
+ * @param object $plugin Plugin data.
52
+ * @return bool
53
+ */
54
+ function prevent_dangerous_auto_updates( $should_update, $plugin ) {
55
+ if ( ! isset( $plugin->plugin, $plugin->new_version ) ) {
56
+ return $should_update;
57
+ }
58
+
59
+ if ( 'ultimate-member/ultimate-member.php' !== $plugin->plugin ) {
60
+ return $should_update;
61
+ }
62
+
63
+ return $should_update;
64
  }
65
 
66
 
391
  continue;
392
  }
393
 
394
+ /*if ( ! empty( $_transient_data->no_update ) && ! empty( $_transient_data->no_update[ $slug ] ) && $_transient_data->last_checked > time() - DAY_IN_SECONDS ) {
395
+ continue;
396
+ }*/
397
+
398
  $path = wp_normalize_path( WP_PLUGIN_DIR . DIRECTORY_SEPARATOR . $slug );
399
  if ( ! file_exists( $path ) ) {
400
  continue;
418
  if ( version_compare( $plugin_data['Version'], $version_info->new_version, '<' ) ) {
419
  $_transient_data->response[ $slug ] = $version_info;
420
  $_transient_data->response[ $slug ]->plugin = $slug;
421
+ } else {
422
+ $_transient_data->no_update[ $slug ] = $version_info;
423
+ $_transient_data->no_update[ $slug ]->plugin = $slug;
424
  }
425
 
426
  $_transient_data->last_checked = time();
427
  $_transient_data->checked[ $slug ] = $plugin_data['Version'];
428
 
429
+ } elseif ( false !== $version_info && is_object( $version_info ) && ! isset( $version_info->new_version ) ) {
430
+ $_transient_data->no_update[ $slug ] = $version_info;
431
+ $_transient_data->no_update[ $slug ]->plugin = $slug;
432
+
433
+ $_transient_data->last_checked = time();
434
+ $_transient_data->checked[ $slug ] = $plugin_data['Version'];
435
  }
436
  }
437
 
includes/core/class-roles-capabilities.php CHANGED
@@ -345,18 +345,6 @@ if ( ! class_exists( 'um\core\Roles_Capabilities' ) ) {
345
  }
346
 
347
 
348
- /**
349
- * Set roles to user (remove all previous roles)
350
- * make user only with $roles roles
351
- *
352
- * @param int $user_id
353
- * @param string|array $roles
354
- */
355
- function set_roles( $user_id, $roles ) {
356
-
357
- }
358
-
359
-
360
  /**
361
  * Get user one of UM roles if it has it
362
  *
345
  }
346
 
347
 
 
 
 
 
 
 
 
 
 
 
 
 
348
  /**
349
  * Get user one of UM roles if it has it
350
  *
includes/core/um-actions-form.php CHANGED
@@ -135,6 +135,29 @@ function um_submit_form_errors_hook( $args ) {
135
  */
136
  do_action( 'um_submit_form_errors_hook__registration', $args );
137
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
138
  }
139
 
140
  /**
135
  */
136
  do_action( 'um_submit_form_errors_hook__registration', $args );
137
 
138
+ } elseif ( $mode == 'profile' ) {
139
+
140
+ /**
141
+ * UM hook
142
+ *
143
+ * @type action
144
+ * @title um_submit_form_errors_hook__registration
145
+ * @description Submit registration form validation
146
+ * @input_vars
147
+ * [{"var":"$args","type":"array","desc":"Form Arguments"}]
148
+ * @change_log
149
+ * ["Since: 2.0"]
150
+ * @usage add_action( 'um_submit_form_errors_hook__registration', 'function_name', 10, 1 );
151
+ * @example
152
+ * <?php
153
+ * add_action( 'um_submit_form_errors_hook__profile', 'my_submit_form_errors_hook__profile', 10, 1 );
154
+ * function my_submit_form_errors_registration( $args ) {
155
+ * // your code here
156
+ * }
157
+ * ?>
158
+ */
159
+ do_action( 'um_submit_form_errors_hook__profile', $args );
160
+
161
  }
162
 
163
  /**
includes/core/um-actions-profile.php CHANGED
@@ -367,18 +367,45 @@ function um_user_edit_profile( $args ) {
367
  $to_update[ $description_key ] = $args['submitted'][ $description_key ];
368
  }
369
 
370
- if ( ! empty( $args['submitted']['role'] ) ) {
371
- global $wp_roles;
372
- $role_keys = array_map( function( $item ) {
373
- return 'um_' . $item;
374
- }, get_option( 'um_roles' ) );
375
- $exclude_roles = array_diff( array_keys( $wp_roles->roles ), array_merge( $role_keys, array( 'subscriber' ) ) );
376
 
377
- if ( ! in_array( $args['submitted']['role'], $exclude_roles ) ) {
378
- $to_update['role'] = $args['submitted']['role'];
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
379
  }
380
 
381
- $args['roles_before_upgrade'] = UM()->roles()->get_all_user_roles( $user_id );
382
  }
383
 
384
  /**
@@ -537,6 +564,19 @@ function um_user_edit_profile( $args ) {
537
  add_action( 'um_user_edit_profile', 'um_user_edit_profile', 10 );
538
 
539
 
 
 
 
 
 
 
 
 
 
 
 
 
 
540
  add_filter( 'um_user_pre_updating_files_array', array( UM()->validation(), 'validate_files' ), 10, 1 );
541
  add_filter( 'um_before_save_filter_submitted', array( UM()->validation(), 'validate_fields_values' ), 10, 2 );
542
 
@@ -548,7 +588,7 @@ add_filter( 'um_before_save_filter_submitted', array( UM()->validation(), 'valid
548
  * @param $to_update
549
  */
550
  function um_restore_default_roles( $user_id, $args, $to_update ) {
551
- if ( ! empty( $args['submitted']['role'] ) ) {
552
  $wp_user = new WP_User( $user_id );
553
 
554
  $role_keys = array_map( function( $item ) {
@@ -581,6 +621,7 @@ function um_editing_user_id_input( $args ) {
581
  if ( UM()->fields()->editing == 1 && UM()->fields()->set_mode == 'profile' && UM()->user()->target_id ) { ?>
582
 
583
  <input type="hidden" name="user_id" id="user_id" value="<?php echo esc_attr( UM()->user()->target_id ); ?>" />
 
584
 
585
  <?php }
586
  }
367
  $to_update[ $description_key ] = $args['submitted'][ $description_key ];
368
  }
369
 
 
 
 
 
 
 
370
 
371
+ // Secure selected role
372
+ if ( is_admin() ) {
373
+
374
+ if ( ! empty( $args['submitted']['role'] ) ) {
375
+ global $wp_roles;
376
+ $role_keys = array_map( function( $item ) {
377
+ return 'um_' . $item;
378
+ }, get_option( 'um_roles' ) );
379
+ $exclude_roles = array_diff( array_keys( $wp_roles->roles ), array_merge( $role_keys, array( 'subscriber' ) ) );
380
+
381
+ if ( ! in_array( $args['submitted']['role'], $exclude_roles ) ) {
382
+ $to_update['role'] = $args['submitted']['role'];
383
+ }
384
+
385
+ $args['roles_before_upgrade'] = UM()->roles()->get_all_user_roles( $user_id );
386
+ }
387
+
388
+ } else {
389
+
390
+ if ( ( isset( $fields['role'] ) && $fields['role']['editable'] != 0 && um_can_view_field( $fields['role'] ) ) ||
391
+ ( isset( $fields['role_select'] ) && $fields['role_select']['editable'] != 0 && um_can_view_field( $fields['role_select'] ) ) ||
392
+ ( isset( $fields['role_radio'] ) ) && $fields['role_radio']['editable'] != 0 && um_can_view_field( $fields['role_radio'] ) ) {
393
+
394
+ if ( ! empty( $args['submitted']['role'] ) ) {
395
+ global $wp_roles;
396
+ $role_keys = array_map( function( $item ) {
397
+ return 'um_' . $item;
398
+ }, get_option( 'um_roles' ) );
399
+ $exclude_roles = array_diff( array_keys( $wp_roles->roles ), array_merge( $role_keys, array( 'subscriber' ) ) );
400
+
401
+ if ( ! in_array( $args['submitted']['role'], $exclude_roles ) ) {
402
+ $to_update['role'] = $args['submitted']['role'];
403
+ }
404
+
405
+ $args['roles_before_upgrade'] = UM()->roles()->get_all_user_roles( $user_id );
406
+ }
407
  }
408
 
 
409
  }
410
 
411
  /**
564
  add_action( 'um_user_edit_profile', 'um_user_edit_profile', 10 );
565
 
566
 
567
+ /**
568
+ * @param array $post_form
569
+ */
570
+ function um_profile_validate_nonce( $post_form ) {
571
+ $user_id = isset( $post_form['user_id'] ) ? $post_form['user_id'] : '';
572
+ $nonce = isset( $post_form['profile_nonce'] ) ? $post_form['profile_nonce'] : '';
573
+ if ( empty( $nonce ) || ! wp_verify_nonce( $nonce, 'um-profile-nonce' . $user_id ) ) {
574
+ wp_die( __( 'This is not possible for security reasons.', 'ultimate-member' ) );
575
+ }
576
+ }
577
+ add_action( 'um_submit_form_errors_hook__profile', 'um_profile_validate_nonce', 10, 1 );
578
+
579
+
580
  add_filter( 'um_user_pre_updating_files_array', array( UM()->validation(), 'validate_files' ), 10, 1 );
581
  add_filter( 'um_before_save_filter_submitted', array( UM()->validation(), 'validate_fields_values' ), 10, 2 );
582
 
588
  * @param $to_update
589
  */
590
  function um_restore_default_roles( $user_id, $args, $to_update ) {
591
+ if ( ! empty( $args['submitted']['role'] ) && ! empty( $to_update['role'] ) ) {
592
  $wp_user = new WP_User( $user_id );
593
 
594
  $role_keys = array_map( function( $item ) {
621
  if ( UM()->fields()->editing == 1 && UM()->fields()->set_mode == 'profile' && UM()->user()->target_id ) { ?>
622
 
623
  <input type="hidden" name="user_id" id="user_id" value="<?php echo esc_attr( UM()->user()->target_id ); ?>" />
624
+ <input type="hidden" name="profile_nonce" id="profile_nonce" value="<?php echo esc_attr( wp_create_nonce( 'um-profile-nonce' . UM()->user()->target_id ) ); ?>" />
625
 
626
  <?php }
627
  }
includes/core/um-actions-register.php CHANGED
@@ -206,6 +206,8 @@ function um_check_user_status( $user_id, $args ) {
206
  exit( wp_safe_redirect( urldecode( $args['redirect_to'] ) ) );
207
  }
208
 
 
 
209
  if ( um_user( 'auto_approve_act' ) == 'redirect_url' && um_user( 'auto_approve_url' ) !== '' ) {
210
  exit( wp_redirect( um_user( 'auto_approve_url' ) ) );
211
  }
206
  exit( wp_safe_redirect( urldecode( $args['redirect_to'] ) ) );
207
  }
208
 
209
+ um_fetch_user( $user_id );
210
+
211
  if ( um_user( 'auto_approve_act' ) == 'redirect_url' && um_user( 'auto_approve_url' ) !== '' ) {
212
  exit( wp_redirect( um_user( 'auto_approve_url' ) ) );
213
  }
includes/um-short-functions.php CHANGED
@@ -1574,10 +1574,6 @@ function um_can_view_field( $data ) {
1574
  * @return bool
1575
  */
1576
  function um_can_view_profile( $user_id ) {
1577
- if ( ! um_user( 'can_view_all' ) && $user_id != get_current_user_id() && is_user_logged_in() ) {
1578
- return false;
1579
- }
1580
-
1581
  if ( UM()->roles()->um_current_user_can( 'edit', $user_id ) ) {
1582
  return true;
1583
  }
@@ -1589,19 +1585,24 @@ function um_can_view_profile( $user_id ) {
1589
  $temp_id = um_user('ID');
1590
  um_fetch_user( get_current_user_id() );
1591
 
 
 
 
 
 
1592
  if ( ! um_user( 'can_access_private_profile' ) && UM()->user()->is_private_profile( $user_id ) ) {
 
1593
  return false;
1594
  }
1595
 
1596
  if ( um_user( 'can_view_roles' ) && $user_id != get_current_user_id() ) {
1597
-
1598
  $can_view_roles = um_user( 'can_view_roles' );
1599
 
1600
  if ( ! is_array( $can_view_roles ) ) {
1601
  $can_view_roles = array();
1602
  }
1603
 
1604
- if ( count( array_intersect( UM()->roles()->get_all_user_roles( $user_id ), $can_view_roles ) ) <= 0 ) {
1605
  um_fetch_user( $temp_id );
1606
  return false;
1607
  }
@@ -2769,4 +2770,34 @@ if ( ! function_exists( 'um_is_profile_owner' ) ) {
2769
 
2770
  return ( $user_id == um_profile_id() );
2771
  }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
2772
  }
1574
  * @return bool
1575
  */
1576
  function um_can_view_profile( $user_id ) {
 
 
 
 
1577
  if ( UM()->roles()->um_current_user_can( 'edit', $user_id ) ) {
1578
  return true;
1579
  }
1585
  $temp_id = um_user('ID');
1586
  um_fetch_user( get_current_user_id() );
1587
 
1588
+ if ( ! um_user( 'can_view_all' ) && $user_id != get_current_user_id() && is_user_logged_in() ) {
1589
+ um_fetch_user( $temp_id );
1590
+ return false;
1591
+ }
1592
+
1593
  if ( ! um_user( 'can_access_private_profile' ) && UM()->user()->is_private_profile( $user_id ) ) {
1594
+ um_fetch_user( $temp_id );
1595
  return false;
1596
  }
1597
 
1598
  if ( um_user( 'can_view_roles' ) && $user_id != get_current_user_id() ) {
 
1599
  $can_view_roles = um_user( 'can_view_roles' );
1600
 
1601
  if ( ! is_array( $can_view_roles ) ) {
1602
  $can_view_roles = array();
1603
  }
1604
 
1605
+ if ( count( $can_view_roles ) && count( array_intersect( UM()->roles()->get_all_user_roles( $user_id ), $can_view_roles ) ) <= 0 ) {
1606
  um_fetch_user( $temp_id );
1607
  return false;
1608
  }
2770
 
2771
  return ( $user_id == um_profile_id() );
2772
  }
2773
+ }
2774
+
2775
+
2776
+ /**
2777
+ * Check whether the current page is in AMP mode or not.
2778
+ * We need to check for specific functions, as there is no special AMP header.
2779
+ *
2780
+ * @since 2.1.11
2781
+ *
2782
+ * @param bool $check_theme_support Whether theme support should be checked. Defaults to true.
2783
+ *
2784
+ * @uses is_amp_endpoint() AMP by Automattic
2785
+ * @uses is_better_amp() Better AMP
2786
+ *
2787
+ * @return bool
2788
+ */
2789
+ function um_is_amp( $check_theme_support = true ) {
2790
+
2791
+ $is_amp = false;
2792
+
2793
+ if ( ( function_exists( 'is_amp_endpoint' ) && is_amp_endpoint() ) ||
2794
+ ( function_exists( 'is_better_amp' ) && is_better_amp() ) ) {
2795
+ $is_amp = true;
2796
+ }
2797
+
2798
+ if ( $is_amp && $check_theme_support ) {
2799
+ $is_amp = current_theme_supports( 'amp' );
2800
+ }
2801
+
2802
+ return apply_filters( 'um_is_amp', $is_amp );
2803
  }
readme.txt CHANGED
@@ -1,4 +1,4 @@
1
- === Ultimate Member - User Profile, Registration & Membership Plugin ===
2
  Author URI: https://ultimatemember.com/
3
  Plugin URI: https://ultimatemember.com/
4
  Contributors: ultimatemember, champsupertramp, nsinelnikov
@@ -7,11 +7,11 @@ Tags: community, member, membership, user-profile, user-registration
7
  Requires PHP: 5.6
8
  Requires at least: 5.0
9
  Tested up to: 5.5.1
10
- Stable tag: 2.1.10
11
  License: GNU Version 2 or Any Later Version
12
  License URI: http://www.gnu.org/licenses/gpl-3.0.txt
13
 
14
- The #1 user profile & membership plugin for WordPress.
15
 
16
  == Description ==
17
 
@@ -50,7 +50,6 @@ Ultimate Member has a range of extensions that allow you to extend the power of
50
  * [User Photos](https://ultimatemember.com/extensions/user-photos/) - Allow users to upload photos to their profile
51
  * [Groups](https://ultimatemember.com/extensions/groups/) - Allow users to create and join groups around shared topics, interests etc.
52
  * [Private Content](https://ultimatemember.com/extensions/private-content/) - Display private content to logged in users that only they can access
53
- * [Instagram](https://ultimatemember.com/extensions/instagram/) - Allow users to show their Instagram photos on their profile
54
  * [User Tags](https://ultimatemember.com/extensions/user-tags/) - Lets you add a user tag system to your website
55
  * [Social Activity](https://ultimatemember.com/extensions/social-activity/) - Let users create public wall posts & see the activity of other users
56
  * [WooCommerce](https://ultimatemember.com/extensions/woocommerce/) - Allow you to integrate WooCommerce with Ultimate Member
@@ -156,6 +155,14 @@ The plugin works with popular caching plugins by automatically excluding Ultimat
156
  * To learn more about version 2.1 please see this [docs](https://docs.ultimatemember.com/article/1512-upgrade-2-1-0)
157
  * UM2.1+ is a significant update to the Member Directories' code base from 2.0.x. Please make sure you take a full-site backup with restore point before updating the plugin
158
 
 
 
 
 
 
 
 
 
159
  = 2.1.10: September 23, 2020 =
160
 
161
  * Enhancements:
1
+ === Ultimate Member User Profile, User Registration, Login & Membership Plugin ===
2
  Author URI: https://ultimatemember.com/
3
  Plugin URI: https://ultimatemember.com/
4
  Contributors: ultimatemember, champsupertramp, nsinelnikov
7
  Requires PHP: 5.6
8
  Requires at least: 5.0
9
  Tested up to: 5.5.1
10
+ Stable tag: 2.1.11
11
  License: GNU Version 2 or Any Later Version
12
  License URI: http://www.gnu.org/licenses/gpl-3.0.txt
13
 
14
+ The #1 plugin for front-end user profiles, user registration & login forms, member directories, content restriction and more.
15
 
16
  == Description ==
17
 
50
  * [User Photos](https://ultimatemember.com/extensions/user-photos/) - Allow users to upload photos to their profile
51
  * [Groups](https://ultimatemember.com/extensions/groups/) - Allow users to create and join groups around shared topics, interests etc.
52
  * [Private Content](https://ultimatemember.com/extensions/private-content/) - Display private content to logged in users that only they can access
 
53
  * [User Tags](https://ultimatemember.com/extensions/user-tags/) - Lets you add a user tag system to your website
54
  * [Social Activity](https://ultimatemember.com/extensions/social-activity/) - Let users create public wall posts & see the activity of other users
55
  * [WooCommerce](https://ultimatemember.com/extensions/woocommerce/) - Allow you to integrate WooCommerce with Ultimate Member
155
  * To learn more about version 2.1 please see this [docs](https://docs.ultimatemember.com/article/1512-upgrade-2-1-0)
156
  * UM2.1+ is a significant update to the Member Directories' code base from 2.0.x. Please make sure you take a full-site backup with restore point before updating the plugin
157
 
158
+ = 2.1.11: October 6, 2020 =
159
+
160
+ * Bugfixes:
161
+
162
+ - Fixed can_view_profile() function
163
+ - Fixed security patch for role change via profile form
164
+ - Fixed admin-menu PHP notice
165
+
166
  = 2.1.10: September 23, 2020 =
167
 
168
  * Enhancements:
ultimate-member.php CHANGED
@@ -3,7 +3,7 @@
3
  Plugin Name: Ultimate Member
4
  Plugin URI: http://ultimatemember.com/
5
  Description: The easiest way to create powerful online communities and beautiful user profiles with WordPress
6
- Version: 2.1.10
7
  Author: Ultimate Member
8
  Author URI: http://ultimatemember.com/
9
  Text Domain: ultimate-member
3
  Plugin Name: Ultimate Member
4
  Plugin URI: http://ultimatemember.com/
5
  Description: The easiest way to create powerful online communities and beautiful user profiles with WordPress
6
+ Version: 2.1.11
7
  Author: Ultimate Member
8
  Author URI: http://ultimatemember.com/
9
  Text Domain: ultimate-member