Ultimate Member – User Profile & Membership Plugin - Version 2.1.12

Version Description

Download this release

Release Info

Developer nsinelnikov
Plugin Icon 128x128 Ultimate Member – User Profile & Membership Plugin
Version 2.1.12
Comparing to
See all releases

Code changes from version 2.1.11 to 2.1.12

Files changed (13) hide show
  1. assets/css/um-styles.css +5 -0
  2. assets/img/extensions/instagram.png +0 -0
  3. includes/admin/core/class-admin-users.php +9 -9
  4. includes/class-init.php +8 -8
  5. includes/core/class-fields.php +8 -0
  6. includes/core/class-form.php +35 -9
  7. includes/core/class-member-directory.php +33 -27
  8. includes/core/class-user.php +13 -7
  9. includes/core/um-actions-profile.php +10 -1
  10. includes/core/um-actions-register.php +4 -0
  11. readme.txt +20 -1
  12. templates/members.php +1 -1
  13. ultimate-member.php +1 -1
assets/css/um-styles.css CHANGED
@@ -1056,4 +1056,9 @@ small.um-max-filesize span{
1056
  }
1057
  .um-field-multiselect .um-field-area.um-field-area-has-icon ul:first-child {
1058
  margin-left: 30px !important;
 
 
 
 
 
1059
  }
1056
  }
1057
  .um-field-multiselect .um-field-area.um-field-area-has-icon ul:first-child {
1058
  margin-left: 30px !important;
1059
+ }
1060
+
1061
+ .um-field-area .wp-switch-editor{
1062
+ float: none;
1063
+ height: auto;
1064
  }
assets/img/extensions/instagram.png DELETED
Binary file
includes/admin/core/class-admin-users.php CHANGED
@@ -164,8 +164,8 @@ if ( ! class_exists( 'um\admin\core\Admin_Users' ) ) {
164
 
165
  </div>
166
 
167
- <?php if ( ! empty( $_REQUEST['status'] ) ) { ?>
168
- <input type="hidden" name="status" id="um_status" value="<?php echo esc_attr( sanitize_key( $_REQUEST['status'] ) );?>"/>
169
  <?php }
170
  }
171
 
@@ -329,9 +329,9 @@ if ( ! class_exists( 'um\admin\core\Admin_Users' ) ) {
329
  function filter_users_by_status( $query ) {
330
  global $wpdb, $pagenow;
331
 
332
- if ( is_admin() && $pagenow == 'users.php' && ! empty( $_GET['status'] ) ) {
333
 
334
- $status = sanitize_key( $_GET['status'] );
335
 
336
  if ( $status == 'needs-verification' ) {
337
  $query->query_where = str_replace('WHERE 1=1',
@@ -369,7 +369,7 @@ if ( ! class_exists( 'um\admin\core\Admin_Users' ) ) {
369
  $old_views = $views;
370
  $views = array();
371
 
372
- if ( ! isset( $_REQUEST['role'] ) && ! isset( $_REQUEST['status'] ) ) {
373
  $views['all'] = '<a href="' . admin_url( 'users.php' ) . '" class="current">' . __( 'All', 'ultimate-member' ) . ' <span class="count">(' . UM()->query()->count_users() . ')</span></a>';
374
  } else {
375
  $views['all'] = '<a href="' . admin_url( 'users.php' ) . '">' . __( 'All', 'ultimate-member' ) . ' <span class="count">(' . UM()->query()->count_users() . ')</span></a>';
@@ -386,13 +386,13 @@ if ( ! class_exists( 'um\admin\core\Admin_Users' ) ) {
386
  UM()->query()->count_users_by_status( 'unassigned' );
387
 
388
  foreach ( $status as $k => $v ) {
389
- if ( isset( $_REQUEST['status'] ) && sanitize_key( $_REQUEST['status'] ) == $k ) {
390
  $current = 'class="current"';
391
  } else {
392
  $current = '';
393
  }
394
 
395
- $views[ $k ] = '<a href="' . esc_url( admin_url( 'users.php' ) . '?status=' . $k ) . '" ' . $current . '>' . $v . ' <span class="count">(' . UM()->query()->count_users_by_status( $k ) . ')</span></a>';
396
  }
397
 
398
  /**
@@ -544,8 +544,8 @@ if ( ! class_exists( 'um\admin\core\Admin_Users' ) ) {
544
  $uri = add_query_arg( 's', sanitize_text_field( $_REQUEST['s'] ), $uri );
545
  }
546
 
547
- if ( ! empty( $_REQUEST['status'] ) ) {
548
- $uri = add_query_arg( 'status', sanitize_key( $_REQUEST['status'] ), $uri );
549
  }
550
 
551
  return $uri;
164
 
165
  </div>
166
 
167
+ <?php if ( ! empty( $_REQUEST['um_status'] ) ) { ?>
168
+ <input type="hidden" name="um_status" id="um_status" value="<?php echo esc_attr( sanitize_key( $_REQUEST['um_status'] ) );?>"/>
169
  <?php }
170
  }
171
 
329
  function filter_users_by_status( $query ) {
330
  global $wpdb, $pagenow;
331
 
332
+ if ( is_admin() && $pagenow == 'users.php' && ! empty( $_GET['um_status'] ) ) {
333
 
334
+ $status = sanitize_key( $_GET['um_status'] );
335
 
336
  if ( $status == 'needs-verification' ) {
337
  $query->query_where = str_replace('WHERE 1=1',
369
  $old_views = $views;
370
  $views = array();
371
 
372
+ if ( ! isset( $_REQUEST['role'] ) && ! isset( $_REQUEST['um_status'] ) ) {
373
  $views['all'] = '<a href="' . admin_url( 'users.php' ) . '" class="current">' . __( 'All', 'ultimate-member' ) . ' <span class="count">(' . UM()->query()->count_users() . ')</span></a>';
374
  } else {
375
  $views['all'] = '<a href="' . admin_url( 'users.php' ) . '">' . __( 'All', 'ultimate-member' ) . ' <span class="count">(' . UM()->query()->count_users() . ')</span></a>';
386
  UM()->query()->count_users_by_status( 'unassigned' );
387
 
388
  foreach ( $status as $k => $v ) {
389
+ if ( isset( $_REQUEST['um_status'] ) && sanitize_key( $_REQUEST['um_status'] ) == $k ) {
390
  $current = 'class="current"';
391
  } else {
392
  $current = '';
393
  }
394
 
395
+ $views[ $k ] = '<a href="' . esc_url( admin_url( 'users.php' ) . '?um_status=' . $k ) . '" ' . $current . '>' . $v . ' <span class="count">(' . UM()->query()->count_users_by_status( $k ) . ')</span></a>';
396
  }
397
 
398
  /**
544
  $uri = add_query_arg( 's', sanitize_text_field( $_REQUEST['s'] ), $uri );
545
  }
546
 
547
+ if ( ! empty( $_REQUEST['um_status'] ) ) {
548
+ $uri = add_query_arg( 'um_status', sanitize_key( $_REQUEST['um_status'] ), $uri );
549
  }
550
 
551
  return $uri;
includes/class-init.php CHANGED
@@ -926,28 +926,28 @@ if ( ! class_exists( 'UM' ) ) {
926
  /**
927
  * @since 2.0
928
  *
929
- * @param $data array
930
  * @return um\admin\core\Admin_Forms()
931
  */
932
  function admin_forms( $data = false ) {
933
- if ( empty( $this->classes['admin_forms_' . $data['class']] ) ) {
934
- $this->classes['admin_forms_' . $data['class']] = new um\admin\core\Admin_Forms( $data );
935
  }
936
- return $this->classes['admin_forms_' . $data['class']];
937
  }
938
 
939
 
940
  /**
941
  * @since 2.0
942
  *
943
- * @param $data array
944
  * @return um\admin\core\Admin_Forms_Settings()
945
  */
946
  function admin_forms_settings( $data = false ) {
947
- if ( empty( $this->classes['admin_forms_settings_' . $data['class']] ) ) {
948
- $this->classes['admin_forms_settings_' . $data['class']] = new um\admin\core\Admin_Forms_Settings( $data );
949
  }
950
- return $this->classes['admin_forms_settings_' . $data['class']];
951
  }
952
 
953
 
926
  /**
927
  * @since 2.0
928
  *
929
+ * @param bool|array $data
930
  * @return um\admin\core\Admin_Forms()
931
  */
932
  function admin_forms( $data = false ) {
933
+ if ( ! isset( $this->classes[ 'admin_forms_' . $data['class'] ] ) || empty( $this->classes[ 'admin_forms_' . $data['class'] ] ) ) {
934
+ $this->classes[ 'admin_forms_' . $data['class'] ] = new um\admin\core\Admin_Forms( $data );
935
  }
936
+ return $this->classes[ 'admin_forms_' . $data['class'] ];
937
  }
938
 
939
 
940
  /**
941
  * @since 2.0
942
  *
943
+ * @param bool|array $data
944
  * @return um\admin\core\Admin_Forms_Settings()
945
  */
946
  function admin_forms_settings( $data = false ) {
947
+ if ( ! isset( $this->classes[ 'admin_forms_settings_' . $data['class'] ] ) || empty( $this->classes[ 'admin_forms_settings_' . $data['class'] ] ) ) {
948
+ $this->classes[ 'admin_forms_settings_' . $data['class'] ] = new um\admin\core\Admin_Forms_Settings( $data );
949
  }
950
+ return $this->classes[ 'admin_forms_settings_' . $data['class'] ];
951
  }
952
 
953
 
includes/core/class-fields.php CHANGED
@@ -2382,6 +2382,8 @@ if ( ! class_exists( 'um\core\Fields' ) ) {
2382
  $name = $key;
2383
  }
2384
 
 
 
2385
  $output .= '<input class="' . $this->get_class( $key, $data ) . '" type="' . esc_attr( $input ) . '" name="' . esc_attr( $name ) . '" id="' . esc_attr( $key . UM()->form()->form_suffix ) . '" value="' . $this->field_value( $key, $default, $data ) . '" placeholder="' . esc_attr( $placeholder ) . '" data-validate="' . esc_attr( $validate ) . '" data-key="' . esc_attr( $key ) . '" />
2386
 
2387
  </div>';
@@ -2584,6 +2586,12 @@ if ( ! class_exists( 'um\core\Fields' ) ) {
2584
 
2585
  $output .= '<div class="um-rating um-raty" id="' . esc_attr( $key ) . '" data-key="' . esc_attr( $key ) . '" data-number="' . esc_attr( $data['number'] ) . '" data-score="' . $this->field_value( $key, $default, $data ) . '"></div>';
2586
  $output .= '</div>';
 
 
 
 
 
 
2587
 
2588
  $output .= '</div>';
2589
 
2382
  $name = $key;
2383
  }
2384
 
2385
+ $placeholder = sprintf( __( 'Confirm %s', 'ultimate-member' ), $data['label'] );
2386
+
2387
  $output .= '<input class="' . $this->get_class( $key, $data ) . '" type="' . esc_attr( $input ) . '" name="' . esc_attr( $name ) . '" id="' . esc_attr( $key . UM()->form()->form_suffix ) . '" value="' . $this->field_value( $key, $default, $data ) . '" placeholder="' . esc_attr( $placeholder ) . '" data-validate="' . esc_attr( $validate ) . '" data-key="' . esc_attr( $key ) . '" />
2388
 
2389
  </div>';
2586
 
2587
  $output .= '<div class="um-rating um-raty" id="' . esc_attr( $key ) . '" data-key="' . esc_attr( $key ) . '" data-number="' . esc_attr( $data['number'] ) . '" data-score="' . $this->field_value( $key, $default, $data ) . '"></div>';
2588
  $output .= '</div>';
2589
+
2590
+ if ( $this->is_error( $key ) ) {
2591
+ $output .= $this->field_error( $this->show_error( $key ) );
2592
+ } elseif ( $this->is_notice( $key ) ) {
2593
+ $output .= $this->field_notice( $this->show_notice( $key ) );
2594
+ }
2595
 
2596
  $output .= '</div>';
2597
 
includes/core/class-form.php CHANGED
@@ -374,11 +374,36 @@ if ( ! class_exists( 'um\core\Form' ) ) {
374
 
375
  $this->post_form = array_merge( $this->form_data, $this->post_form );
376
 
377
- if ( isset( $this->form_data['custom_fields'] ) && strstr( $this->form_data['custom_fields'], 'role_' ) ) { // Secure selected role
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
378
 
379
- $custom_field_roles = $this->custom_field_roles( $this->form_data['custom_fields'] );
 
 
380
 
381
  if ( ! empty( $_POST['role'] ) ) {
 
 
 
382
  if ( ! empty( $custom_field_roles ) ) {
383
  $role = $_POST['role'];
384
 
@@ -402,15 +427,15 @@ if ( ! class_exists( 'um\core\Form' ) ) {
402
  } else {
403
  unset( $this->post_form['role'] );
404
  unset( $this->post_form['submitted']['role'] );
 
 
 
 
 
 
405
  }
406
  }
407
 
408
- } elseif ( isset( $this->post_form['mode'] ) && $this->post_form['mode'] == 'register' ) {
409
-
410
- $role = $this->assigned_role( $this->form_id );
411
- $this->post_form['role'] = $role;
412
- //fix for social login
413
- //$this->post_form['submitted']['role'] = $role;
414
  }
415
 
416
  if ( isset( $_POST[ UM()->honeypot ] ) && $_POST[ UM()->honeypot ] != '' ) {
@@ -612,7 +637,8 @@ if ( ! class_exists( 'um\core\Form' ) ) {
612
 
613
  if ( strstr( $field_key, 'role_' ) && is_array( $field_settings['options'] ) ) {
614
 
615
- if ( $field_settings['editable'] == 0 ) {
 
616
  continue;
617
  }
618
 
374
 
375
  $this->post_form = array_merge( $this->form_data, $this->post_form );
376
 
377
+ // Remove role from post_form at first if role ! empty and there aren't custom fields with role name
378
+ if ( ! empty( $_POST['role'] ) ) {
379
+ if ( ! isset( $this->form_data['custom_fields'] ) || ! strstr( $this->form_data['custom_fields'], 'role_' ) ) {
380
+ unset( $this->post_form['role'] );
381
+ unset( $this->post_form['submitted']['role'] );
382
+ }
383
+ }
384
+
385
+ // Secure sanitize of the submitted data
386
+ if ( ! empty( $this->post_form ) ) {
387
+ $this->post_form = array_diff_key( $this->post_form, array_flip( UM()->user()->banned_keys ) );
388
+ }
389
+ if ( ! empty( $this->post_form['submitted'] ) ) {
390
+ $this->post_form['submitted'] = array_diff_key( $this->post_form['submitted'], array_flip( UM()->user()->banned_keys ) );
391
+ }
392
+
393
+ // set default role from settings on registration form
394
+ if ( isset( $this->post_form['mode'] ) && $this->post_form['mode'] == 'register' ) {
395
+
396
+ $role = $this->assigned_role( $this->form_id );
397
+ $this->post_form['role'] = $role;
398
 
399
+ }
400
+
401
+ if ( isset( $this->form_data['custom_fields'] ) && strstr( $this->form_data['custom_fields'], 'role_' ) ) { // Secure selected role
402
 
403
  if ( ! empty( $_POST['role'] ) ) {
404
+
405
+ $custom_field_roles = $this->custom_field_roles( $this->form_data['custom_fields'] );
406
+
407
  if ( ! empty( $custom_field_roles ) ) {
408
  $role = $_POST['role'];
409
 
427
  } else {
428
  unset( $this->post_form['role'] );
429
  unset( $this->post_form['submitted']['role'] );
430
+
431
+ // set default role for registration form if custom field hasn't proper value
432
+ if ( isset( $this->post_form['mode'] ) && $this->post_form['mode'] == 'register' ) {
433
+ $role = $this->assigned_role( $this->form_id );
434
+ $this->post_form['role'] = $role;
435
+ }
436
  }
437
  }
438
 
 
 
 
 
 
 
439
  }
440
 
441
  if ( isset( $_POST[ UM()->honeypot ] ) && $_POST[ UM()->honeypot ] != '' ) {
637
 
638
  if ( strstr( $field_key, 'role_' ) && is_array( $field_settings['options'] ) ) {
639
 
640
+ if ( isset( $this->post_form['mode'] ) && $this->post_form['mode'] == 'profile' &&
641
+ isset( $field_settings['editable'] ) && $field_settings['editable'] == 0 ) {
642
  continue;
643
  }
644
 
includes/core/class-member-directory.php CHANGED
@@ -652,11 +652,13 @@ if ( ! class_exists( 'um\core\Member_Directory' ) ) {
652
 
653
  ksort( $attrs['options'] );
654
 
655
- $attrs['options'] = apply_filters( 'um_member_directory_filter_select_options_sorted', $attrs['options'], $attrs ); ?>
 
 
656
 
657
  <select class="um-s1" id="<?php echo esc_attr( $filter ); ?>" name="<?php echo esc_attr( $filter ); ?><?php if ( $admin && count( $attrs['options'] ) > 1 ) { ?>[]<?php } ?>"
658
- data-placeholder="<?php esc_attr_e( stripslashes( $attrs['label'] ), 'ultimate-member' ); ?>"
659
- aria-label="<?php esc_attr_e( stripslashes( $attrs['label'] ), 'ultimate-member' ); ?>"
660
  <?php if ( $admin && count( $attrs['options'] ) > 1 ) { ?>multiple<?php } ?>
661
  <?php echo $custom_dropdown; ?>>
662
 
@@ -839,8 +841,8 @@ if ( ! class_exists( 'um\core\Member_Directory' ) ) {
839
  MAX( meta_value ) as max_meta,
840
  COUNT( DISTINCT meta_value ) as amount
841
  FROM {$wpdb->usermeta}
842
- WHERE meta_key = 'birth_date' AND
843
- meta_value != ''",
844
  ARRAY_A );
845
 
846
  if ( empty( $meta ) || ! isset( $meta['amount'] ) || $meta['amount'] === 1 ) {
@@ -1249,26 +1251,7 @@ if ( ! class_exists( 'um\core\Member_Directory' ) ) {
1249
  }
1250
  }
1251
 
1252
- if ( $sortby == $directory_data['sortby_custom'] || in_array( $sortby, $custom_sort ) ) {
1253
-
1254
- $custom_sort_type = apply_filters( 'um_member_directory_custom_sorting_type', 'CHAR', $sortby, $directory_data );
1255
-
1256
- $this->query_args['meta_query'][] = array(
1257
- 'relation' => 'OR',
1258
- $sortby . '_cs' => array(
1259
- 'key' => $sortby,
1260
- 'compare' => 'EXISTS',
1261
- 'type' => $custom_sort_type,
1262
- ),
1263
- array(
1264
- 'key' => $sortby,
1265
- 'compare' => 'NOT EXISTS',
1266
- )
1267
- );
1268
-
1269
- $this->query_args['orderby'] = array( $sortby . '_cs' => 'ASC', 'user_login' => 'ASC' );
1270
-
1271
- } elseif ( 'display_name' == $sortby ) {
1272
 
1273
  $display_name = UM()->options()->get( 'display_name' );
1274
  if ( $display_name == 'username' ) {
@@ -1333,6 +1316,25 @@ if ( ! class_exists( 'um\core\Member_Directory' ) ) {
1333
  $this->query_args['orderby'] = array( 'last_name_c' => 'ASC', 'first_name_c' => 'ASC' );
1334
  unset( $this->query_args['order'] );
1335
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1336
  } else {
1337
 
1338
  if ( strstr( $sortby, '_desc' ) ) {
@@ -2594,11 +2596,15 @@ if ( ! class_exists( 'um\core\Member_Directory' ) ) {
2594
  }
2595
 
2596
 
2597
-
 
 
 
2598
  function default_filter_settings() {
2599
  UM()->admin()->check_ajax_nonce();
2600
 
2601
- $filter_key = sanitize_key( $_REQUEST['key'] );
 
2602
  $directory_id = absint( $_REQUEST['directory_id'] );
2603
 
2604
  $html = $this->show_filter( $filter_key, array( 'form_id' => $directory_id ), false, true );
652
 
653
  ksort( $attrs['options'] );
654
 
655
+ $attrs['options'] = apply_filters( 'um_member_directory_filter_select_options_sorted', $attrs['options'], $attrs );
656
+
657
+ $label = isset( $attrs['label'] ) ? $attrs['label'] : ''; ?>
658
 
659
  <select class="um-s1" id="<?php echo esc_attr( $filter ); ?>" name="<?php echo esc_attr( $filter ); ?><?php if ( $admin && count( $attrs['options'] ) > 1 ) { ?>[]<?php } ?>"
660
+ data-placeholder="<?php esc_attr_e( stripslashes( $label ), 'ultimate-member' ); ?>"
661
+ aria-label="<?php esc_attr_e( stripslashes( $label ), 'ultimate-member' ); ?>"
662
  <?php if ( $admin && count( $attrs['options'] ) > 1 ) { ?>multiple<?php } ?>
663
  <?php echo $custom_dropdown; ?>>
664
 
841
  MAX( meta_value ) as max_meta,
842
  COUNT( DISTINCT meta_value ) as amount
843
  FROM {$wpdb->usermeta}
844
+ WHERE meta_key = 'birth_date' AND
845
+ meta_value != ''",
846
  ARRAY_A );
847
 
848
  if ( empty( $meta ) || ! isset( $meta['amount'] ) || $meta['amount'] === 1 ) {
1251
  }
1252
  }
1253
 
1254
+ if ( 'display_name' == $sortby ) {
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1255
 
1256
  $display_name = UM()->options()->get( 'display_name' );
1257
  if ( $display_name == 'username' ) {
1316
  $this->query_args['orderby'] = array( 'last_name_c' => 'ASC', 'first_name_c' => 'ASC' );
1317
  unset( $this->query_args['order'] );
1318
 
1319
+ } elseif ( ( ! empty( $directory_data['sortby_custom'] ) && $sortby == $directory_data['sortby_custom'] ) || in_array( $sortby, $custom_sort ) ) {
1320
+
1321
+ $custom_sort_type = apply_filters( 'um_member_directory_custom_sorting_type', 'CHAR', $sortby, $directory_data );
1322
+
1323
+ $this->query_args['meta_query'][] = array(
1324
+ 'relation' => 'OR',
1325
+ $sortby . '_cs' => array(
1326
+ 'key' => $sortby,
1327
+ 'compare' => 'EXISTS',
1328
+ 'type' => $custom_sort_type,
1329
+ ),
1330
+ array(
1331
+ 'key' => $sortby,
1332
+ 'compare' => 'NOT EXISTS',
1333
+ )
1334
+ );
1335
+
1336
+ $this->query_args['orderby'] = array( $sortby . '_cs' => 'ASC', 'user_login' => 'ASC' );
1337
+
1338
  } else {
1339
 
1340
  if ( strstr( $sortby, '_desc' ) ) {
2596
  }
2597
 
2598
 
2599
+ /**
2600
+ * AJAX handler - Get options for the member directory "Admin filtering"
2601
+ * @version 2.1.12
2602
+ */
2603
  function default_filter_settings() {
2604
  UM()->admin()->check_ajax_nonce();
2605
 
2606
+ // we can't use function "sanitize_key" because it changes uppercase to lowercase
2607
+ $filter_key = sanitize_text_field( $_REQUEST['key'] );
2608
  $directory_id = absint( $_REQUEST['directory_id'] );
2609
 
2610
  $html = $this->show_filter( $filter_key, array( 'form_id' => $directory_id ), false, true );
includes/core/class-user.php CHANGED
@@ -26,13 +26,15 @@ if ( ! class_exists( 'um\core\User' ) ) {
26
  $this->profile = null;
27
  $this->cannot_edit = null;
28
 
 
 
29
  $this->banned_keys = array(
30
  'metabox','postbox','meta-box',
31
  'dismissed_wp_pointers', 'session_tokens',
32
  'screen_layout', 'wp_user-', 'dismissed',
33
- 'cap_key', 'wp_capabilities',
34
- 'managenav', 'nav_menu','user_activation_key',
35
- 'level_', 'wp_user_level'
36
  );
37
 
38
  add_action( 'init', array( &$this, 'set' ), 1 );
@@ -343,7 +345,7 @@ if ( ! class_exists( 'um\core\User' ) ) {
343
  return;
344
  }
345
 
346
- if ( ! empty( $_POST['um-role'] ) ) {
347
  if ( ! user_can( $user_id, $_POST['um-role'] ) ) {
348
  UM()->roles()->set_role( $user_id, $_POST['um-role'] );
349
  }
@@ -364,7 +366,7 @@ if ( ! class_exists( 'um\core\User' ) ) {
364
  return;
365
  }
366
 
367
- if ( ! empty( $_POST['um-role'] ) ) {
368
  if ( ! user_can( $user_id, $_POST['um-role'] ) ) {
369
  UM()->roles()->set_role( $user_id, $_POST['um-role'] );
370
  }
@@ -587,7 +589,7 @@ if ( ! class_exists( 'um\core\User' ) ) {
587
 
588
  if ( is_admin() ) {
589
  //if there custom 2 role not empty
590
- if ( ! empty( $_POST['um-role'] ) ) {
591
  $user = get_userdata( $user_id );
592
  $user->add_role( $_POST['um-role'] );
593
  UM()->user()->profile['role'] = $_POST['um-role'];
@@ -637,7 +639,7 @@ if ( ! class_exists( 'um\core\User' ) ) {
637
  $new_roles = $userdata->roles;
638
 
639
  if ( is_admin() ) {
640
- if ( ! empty( $_POST['um-role'] ) ) {
641
  $new_roles = array_merge( $new_roles, array( $_POST['um-role'] ) );
642
  if ( ! user_can( $user_id, $_POST['um-role'] ) ) {
643
  UM()->roles()->set_role( $user_id, $_POST['um-role'] );
@@ -1835,6 +1837,10 @@ if ( ! class_exists( 'um\core\User' ) ) {
1835
  $changes = apply_filters( 'um_before_update_profile', $changes, $args['ID'] );
1836
 
1837
  foreach ( $changes as $key => $value ) {
 
 
 
 
1838
  if ( ! in_array( $key, $this->update_user_keys ) ) {
1839
  if ( $value === 0 ) {
1840
  update_user_meta( $this->id, $key, '0' );
26
  $this->profile = null;
27
  $this->cannot_edit = null;
28
 
29
+ global $wpdb;
30
+
31
  $this->banned_keys = array(
32
  'metabox','postbox','meta-box',
33
  'dismissed_wp_pointers', 'session_tokens',
34
  'screen_layout', 'wp_user-', 'dismissed',
35
+ 'cap_key', $wpdb->get_blog_prefix(). 'capabilities',
36
+ 'managenav', 'nav_menu', 'user_activation_key',
37
+ 'level_', $wpdb->get_blog_prefix() . 'user_level'
38
  );
39
 
40
  add_action( 'init', array( &$this, 'set' ), 1 );
345
  return;
346
  }
347
 
348
+ if ( ! empty( $_POST['um-role'] ) && current_user_can( 'promote_users' ) ) {
349
  if ( ! user_can( $user_id, $_POST['um-role'] ) ) {
350
  UM()->roles()->set_role( $user_id, $_POST['um-role'] );
351
  }
366
  return;
367
  }
368
 
369
+ if ( ! empty( $_POST['um-role'] ) && current_user_can( 'promote_users' ) ) {
370
  if ( ! user_can( $user_id, $_POST['um-role'] ) ) {
371
  UM()->roles()->set_role( $user_id, $_POST['um-role'] );
372
  }
589
 
590
  if ( is_admin() ) {
591
  //if there custom 2 role not empty
592
+ if ( ! empty( $_POST['um-role'] ) && current_user_can( 'promote_users' ) ) {
593
  $user = get_userdata( $user_id );
594
  $user->add_role( $_POST['um-role'] );
595
  UM()->user()->profile['role'] = $_POST['um-role'];
639
  $new_roles = $userdata->roles;
640
 
641
  if ( is_admin() ) {
642
+ if ( ! empty( $_POST['um-role'] ) && current_user_can( 'promote_users' ) ) {
643
  $new_roles = array_merge( $new_roles, array( $_POST['um-role'] ) );
644
  if ( ! user_can( $user_id, $_POST['um-role'] ) ) {
645
  UM()->roles()->set_role( $user_id, $_POST['um-role'] );
1837
  $changes = apply_filters( 'um_before_update_profile', $changes, $args['ID'] );
1838
 
1839
  foreach ( $changes as $key => $value ) {
1840
+ if ( in_array( $key, $this->banned_keys ) ) {
1841
+ continue;
1842
+ }
1843
+
1844
  if ( ! in_array( $key, $this->update_user_keys ) ) {
1845
  if ( $value === 0 ) {
1846
  update_user_meta( $this->id, $key, '0' );
includes/core/um-actions-profile.php CHANGED
@@ -262,6 +262,11 @@ function um_user_edit_profile( $args ) {
262
  continue;
263
  }
264
 
 
 
 
 
 
265
  //the same code in class-validation.php validate_fields_values for registration form
266
  //rating field validation
267
  if ( $array['type'] == 'rating' && isset( $args['submitted'][ $key ] ) ) {
@@ -371,7 +376,7 @@ function um_user_edit_profile( $args ) {
371
  // Secure selected role
372
  if ( is_admin() ) {
373
 
374
- if ( ! empty( $args['submitted']['role'] ) ) {
375
  global $wp_roles;
376
  $role_keys = array_map( function( $item ) {
377
  return 'um_' . $item;
@@ -1470,6 +1475,10 @@ function um_submit_form_profile( $args ) {
1470
  UM()->fields()->set_mode = 'profile';
1471
  UM()->fields()->editing = true;
1472
 
 
 
 
 
1473
  /**
1474
  * UM hook
1475
  *
262
  continue;
263
  }
264
 
265
+ // skip saving role here
266
+ if ( in_array( $key, [ 'role', 'role_select', 'role_radio' ] ) ) {
267
+ continue;
268
+ }
269
+
270
  //the same code in class-validation.php validate_fields_values for registration form
271
  //rating field validation
272
  if ( $array['type'] == 'rating' && isset( $args['submitted'][ $key ] ) ) {
376
  // Secure selected role
377
  if ( is_admin() ) {
378
 
379
+ if ( ! empty( $args['submitted']['role'] ) && current_user_can( 'promote_users' ) ) {
380
  global $wp_roles;
381
  $role_keys = array_map( function( $item ) {
382
  return 'um_' . $item;
1475
  UM()->fields()->set_mode = 'profile';
1476
  UM()->fields()->editing = true;
1477
 
1478
+ if ( ! empty( $args['submitted'] ) ) {
1479
+ $args['submitted'] = array_diff_key( $args['submitted'], array_flip( UM()->user()->banned_keys ) );
1480
+ }
1481
+
1482
  /**
1483
  * UM hook
1484
  *
includes/core/um-actions-register.php CHANGED
@@ -381,6 +381,10 @@ function um_submit_form_register( $args ) {
381
  'user_email' => trim( $user_email ),
382
  );
383
 
 
 
 
 
384
  $args['submitted'] = array_merge( $args['submitted'], $credentials );
385
  $args = array_merge( $args, $credentials );
386
 
381
  'user_email' => trim( $user_email ),
382
  );
383
 
384
+ if ( ! empty( $args['submitted'] ) ) {
385
+ $args['submitted'] = array_diff_key( $args['submitted'], array_flip( UM()->user()->banned_keys ) );
386
+ }
387
+
388
  $args['submitted'] = array_merge( $args['submitted'], $credentials );
389
  $args = array_merge( $args, $credentials );
390
 
readme.txt CHANGED
@@ -7,7 +7,7 @@ Tags: community, member, membership, user-profile, user-registration
7
  Requires PHP: 5.6
8
  Requires at least: 5.0
9
  Tested up to: 5.5.1
10
- Stable tag: 2.1.11
11
  License: GNU Version 2 or Any Later Version
12
  License URI: http://www.gnu.org/licenses/gpl-3.0.txt
13
 
@@ -155,6 +155,25 @@ The plugin works with popular caching plugins by automatically excluding Ultimat
155
  * To learn more about version 2.1 please see this [docs](https://docs.ultimatemember.com/article/1512-upgrade-2-1-0)
156
  * UM2.1+ is a significant update to the Member Directories' code base from 2.0.x. Please make sure you take a full-site backup with restore point before updating the plugin
157
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
158
  = 2.1.11: October 6, 2020 =
159
 
160
  * Bugfixes:
7
  Requires PHP: 5.6
8
  Requires at least: 5.0
9
  Tested up to: 5.5.1
10
+ Stable tag: 2.1.12
11
  License: GNU Version 2 or Any Later Version
12
  License URI: http://www.gnu.org/licenses/gpl-3.0.txt
13
 
155
  * To learn more about version 2.1 please see this [docs](https://docs.ultimatemember.com/article/1512-upgrade-2-1-0)
156
  * UM2.1+ is a significant update to the Member Directories' code base from 2.0.x. Please make sure you take a full-site backup with restore point before updating the plugin
157
 
158
+ = 2.1.12: October 29, 2020 =
159
+
160
+ * Enhancements:
161
+
162
+ - Added ratings required notice and warning
163
+
164
+ * Bugfixes:
165
+
166
+ - Fixed conflict with other plugins with user 'status' in admin
167
+ - Fixed security patch for UM forms handlers
168
+ - Fixed security patch for handlers on the edit users' roles
169
+ - Fixed member directory admin filtering by the field with uppercase in 'key'
170
+ - Fixed member directory sorting by the full name
171
+ - Fixed registration form with not editable role field
172
+ - Fixed PHP notice for the filter without field's label
173
+ - Fixed PHP notice on Admin_Form class initialization
174
+ - Fixed style of the textarea field
175
+ - Fixed Confirm Password field's placeholder
176
+
177
  = 2.1.11: October 6, 2020 =
178
 
179
  * Bugfixes:
templates/members.php CHANGED
@@ -368,6 +368,6 @@ if ( ( ( $search && $show_search ) || ( $filters && $show_filters && count( $sea
368
  * }
369
  * ?>
370
  */
371
- do_action( 'um_members_directory_footer', $args ); ?>
372
 
373
  </div>
368
  * }
369
  * ?>
370
  */
371
+ do_action( 'um_members_directory_footer', $args, $form_id, $not_searched ); ?>
372
 
373
  </div>
ultimate-member.php CHANGED
@@ -3,7 +3,7 @@
3
  Plugin Name: Ultimate Member
4
  Plugin URI: http://ultimatemember.com/
5
  Description: The easiest way to create powerful online communities and beautiful user profiles with WordPress
6
- Version: 2.1.11
7
  Author: Ultimate Member
8
  Author URI: http://ultimatemember.com/
9
  Text Domain: ultimate-member
3
  Plugin Name: Ultimate Member
4
  Plugin URI: http://ultimatemember.com/
5
  Description: The easiest way to create powerful online communities and beautiful user profiles with WordPress
6
+ Version: 2.1.12
7
  Author: Ultimate Member
8
  Author URI: http://ultimatemember.com/
9
  Text Domain: ultimate-member