Version Description
Download this release
Release Info
Developer | nsinelnikov |
Plugin | Ultimate Member – User Profile & Membership Plugin |
Version | 2.1.9 |
Comparing to | |
See all releases |
Code changes from version 2.1.8 to 2.1.9
- includes/admin/core/class-admin-notices.php +3 -3
- includes/core/class-form.php +9 -6
- readme.txt +7 -1
- ultimate-member.php +1 -1
includes/admin/core/class-admin-notices.php
CHANGED
@@ -655,9 +655,9 @@ if ( ! class_exists( 'um\admin\core\Admin_Notices' ) ) {
|
|
655 |
<?php $message = ob_get_clean();
|
656 |
|
657 |
$this->add_notice( 'reviews_notice', array(
|
658 |
-
'class'
|
659 |
-
'message'
|
660 |
-
'dismissible'
|
661 |
), 1 );
|
662 |
}
|
663 |
|
655 |
<?php $message = ob_get_clean();
|
656 |
|
657 |
$this->add_notice( 'reviews_notice', array(
|
658 |
+
'class' => 'updated',
|
659 |
+
'message' => $message,
|
660 |
+
'dismissible' => true
|
661 |
), 1 );
|
662 |
}
|
663 |
|
includes/core/class-form.php
CHANGED
@@ -374,14 +374,14 @@ if ( ! class_exists( 'um\core\Form' ) ) {
|
|
374 |
|
375 |
$this->post_form = array_merge( $this->form_data, $this->post_form );
|
376 |
|
377 |
-
if ( isset( $this->form_data['custom_fields'] )
|
378 |
|
379 |
$custom_field_roles = $this->custom_field_roles( $this->form_data['custom_fields'] );
|
380 |
|
381 |
if ( ! empty( $_POST['role'] ) ) {
|
382 |
$role = $_POST['role'];
|
383 |
|
384 |
-
if( is_array( $_POST['role'] ) ){
|
385 |
$role = current( $_POST['role'] );
|
386 |
}
|
387 |
|
@@ -392,8 +392,8 @@ if ( ! class_exists( 'um\core\Form' ) ) {
|
|
392 |
$exclude_roles = array_diff( array_keys( $wp_roles->roles ), array_merge( $role_keys, array( 'subscriber' ) ) );
|
393 |
|
394 |
if ( ! empty( $role ) &&
|
395 |
-
( ! in_array( $role
|
396 |
-
wp_die( __( 'This is not possible for security reasons.','ultimate-member') );
|
397 |
}
|
398 |
|
399 |
$this->post_form['role'] = $role;
|
@@ -401,6 +401,7 @@ if ( ! class_exists( 'um\core\Form' ) ) {
|
|
401 |
}
|
402 |
|
403 |
} elseif ( isset( $this->post_form['mode'] ) && $this->post_form['mode'] == 'register' ) {
|
|
|
404 |
$role = $this->assigned_role( $this->form_id );
|
405 |
$this->post_form['role'] = $role;
|
406 |
//fix for social login
|
@@ -587,14 +588,16 @@ if ( ! class_exists( 'um\core\Form' ) ) {
|
|
587 |
|
588 |
$fields = maybe_unserialize( $custom_fields );
|
589 |
|
590 |
-
if ( ! is_array( $fields )
|
591 |
return false;
|
|
|
592 |
|
593 |
foreach ( $fields as $field_key => $field_settings ) {
|
594 |
|
595 |
if ( strstr( $field_key , 'role_' ) ) {
|
596 |
if ( is_array( $field_settings['options'] ) ) {
|
597 |
-
|
|
|
598 |
}
|
599 |
}
|
600 |
|
374 |
|
375 |
$this->post_form = array_merge( $this->form_data, $this->post_form );
|
376 |
|
377 |
+
if ( isset( $this->form_data['custom_fields'] ) && strstr( $this->form_data['custom_fields'], 'role_' ) ) { // Secure selected role
|
378 |
|
379 |
$custom_field_roles = $this->custom_field_roles( $this->form_data['custom_fields'] );
|
380 |
|
381 |
if ( ! empty( $_POST['role'] ) ) {
|
382 |
$role = $_POST['role'];
|
383 |
|
384 |
+
if ( is_array( $_POST['role'] ) ) {
|
385 |
$role = current( $_POST['role'] );
|
386 |
}
|
387 |
|
392 |
$exclude_roles = array_diff( array_keys( $wp_roles->roles ), array_merge( $role_keys, array( 'subscriber' ) ) );
|
393 |
|
394 |
if ( ! empty( $role ) &&
|
395 |
+
( ! in_array( $role, $custom_field_roles, true ) || in_array( $role, $exclude_roles ) ) ) {
|
396 |
+
wp_die( __( 'This is not possible for security reasons.', 'ultimate-member' ) );
|
397 |
}
|
398 |
|
399 |
$this->post_form['role'] = $role;
|
401 |
}
|
402 |
|
403 |
} elseif ( isset( $this->post_form['mode'] ) && $this->post_form['mode'] == 'register' ) {
|
404 |
+
|
405 |
$role = $this->assigned_role( $this->form_id );
|
406 |
$this->post_form['role'] = $role;
|
407 |
//fix for social login
|
588 |
|
589 |
$fields = maybe_unserialize( $custom_fields );
|
590 |
|
591 |
+
if ( ! is_array( $fields ) ) {
|
592 |
return false;
|
593 |
+
}
|
594 |
|
595 |
foreach ( $fields as $field_key => $field_settings ) {
|
596 |
|
597 |
if ( strstr( $field_key , 'role_' ) ) {
|
598 |
if ( is_array( $field_settings['options'] ) ) {
|
599 |
+
$option_pairs = apply_filters( 'um_select_options_pair', null, $field_settings );
|
600 |
+
return ! empty( $option_pairs ) ? array_keys( $field_settings['options'] ) : array_values( $field_settings['options'] );
|
601 |
}
|
602 |
}
|
603 |
|
readme.txt
CHANGED
@@ -7,7 +7,7 @@ Tags: community, member, membership, user-profile, user-registration
|
|
7 |
Requires PHP: 5.6
|
8 |
Requires at least: 5.0
|
9 |
Tested up to: 5.5
|
10 |
-
Stable tag: 2.1.
|
11 |
License: GNU Version 2 or Any Later Version
|
12 |
License URI: http://www.gnu.org/licenses/gpl-3.0.txt
|
13 |
|
@@ -156,6 +156,12 @@ The plugin works with popular caching plugins by automatically excluding Ultimat
|
|
156 |
* To learn more about version 2.1 please see this [docs](https://docs.ultimatemember.com/article/1512-upgrade-2-1-0)
|
157 |
* UM2.1+ is a significant update to the Member Directories' code base from 2.0.x. Please make sure you take a full-site backup with restore point before updating the plugin
|
158 |
|
|
|
|
|
|
|
|
|
|
|
|
|
159 |
= 2.1.8: September 2, 2020 =
|
160 |
|
161 |
* Enhancements:
|
7 |
Requires PHP: 5.6
|
8 |
Requires at least: 5.0
|
9 |
Tested up to: 5.5
|
10 |
+
Stable tag: 2.1.9
|
11 |
License: GNU Version 2 or Any Later Version
|
12 |
License URI: http://www.gnu.org/licenses/gpl-3.0.txt
|
13 |
|
156 |
* To learn more about version 2.1 please see this [docs](https://docs.ultimatemember.com/article/1512-upgrade-2-1-0)
|
157 |
* UM2.1+ is a significant update to the Member Directories' code base from 2.0.x. Please make sure you take a full-site backup with restore point before updating the plugin
|
158 |
|
159 |
+
= 2.1.9: September 9, 2020 =
|
160 |
+
|
161 |
+
* Bugfixes:
|
162 |
+
|
163 |
+
- Fixed security patch for role change via profile form
|
164 |
+
|
165 |
= 2.1.8: September 2, 2020 =
|
166 |
|
167 |
* Enhancements:
|
ultimate-member.php
CHANGED
@@ -3,7 +3,7 @@
|
|
3 |
Plugin Name: Ultimate Member
|
4 |
Plugin URI: http://ultimatemember.com/
|
5 |
Description: The easiest way to create powerful online communities and beautiful user profiles with WordPress
|
6 |
-
Version: 2.1.
|
7 |
Author: Ultimate Member
|
8 |
Author URI: http://ultimatemember.com/
|
9 |
Text Domain: ultimate-member
|
3 |
Plugin Name: Ultimate Member
|
4 |
Plugin URI: http://ultimatemember.com/
|
5 |
Description: The easiest way to create powerful online communities and beautiful user profiles with WordPress
|
6 |
+
Version: 2.1.9
|
7 |
Author: Ultimate Member
|
8 |
Author URI: http://ultimatemember.com/
|
9 |
Text Domain: ultimate-member
|