Version Description
Download this release
Release Info
| Developer | nsinelnikov |
| Plugin |  Ultimate Member – User Profile & Membership Plugin |
| Version | 2.1.9 |
| Comparing to | |
| See all releases | |
Code changes from version 2.1.8 to 2.1.9
- includes/admin/core/class-admin-notices.php +3 -3
- includes/core/class-form.php +9 -6
- readme.txt +7 -1
- ultimate-member.php +1 -1
includes/admin/core/class-admin-notices.php
CHANGED
|
@@ -655,9 +655,9 @@ if ( ! class_exists( 'um\admin\core\Admin_Notices' ) ) {
|
|
| 655 |
<?php $message = ob_get_clean();
|
| 656 |
|
| 657 |
$this->add_notice( 'reviews_notice', array(
|
| 658 |
-
'class'
|
| 659 |
-
'message'
|
| 660 |
-
'dismissible'
|
| 661 |
), 1 );
|
| 662 |
}
|
| 663 |
|
| 655 |
<?php $message = ob_get_clean();
|
| 656 |
|
| 657 |
$this->add_notice( 'reviews_notice', array(
|
| 658 |
+
'class' => 'updated',
|
| 659 |
+
'message' => $message,
|
| 660 |
+
'dismissible' => true
|
| 661 |
), 1 );
|
| 662 |
}
|
| 663 |
|
includes/core/class-form.php
CHANGED
|
@@ -374,14 +374,14 @@ if ( ! class_exists( 'um\core\Form' ) ) {
|
|
| 374 |
|
| 375 |
$this->post_form = array_merge( $this->form_data, $this->post_form );
|
| 376 |
|
| 377 |
-
if ( isset( $this->form_data['custom_fields'] )
|
| 378 |
|
| 379 |
$custom_field_roles = $this->custom_field_roles( $this->form_data['custom_fields'] );
|
| 380 |
|
| 381 |
if ( ! empty( $_POST['role'] ) ) {
|
| 382 |
$role = $_POST['role'];
|
| 383 |
|
| 384 |
-
if( is_array( $_POST['role'] ) ){
|
| 385 |
$role = current( $_POST['role'] );
|
| 386 |
}
|
| 387 |
|
|
@@ -392,8 +392,8 @@ if ( ! class_exists( 'um\core\Form' ) ) {
|
|
| 392 |
$exclude_roles = array_diff( array_keys( $wp_roles->roles ), array_merge( $role_keys, array( 'subscriber' ) ) );
|
| 393 |
|
| 394 |
if ( ! empty( $role ) &&
|
| 395 |
-
( ! in_array( $role
|
| 396 |
-
wp_die( __( 'This is not possible for security reasons.','ultimate-member') );
|
| 397 |
}
|
| 398 |
|
| 399 |
$this->post_form['role'] = $role;
|
|
@@ -401,6 +401,7 @@ if ( ! class_exists( 'um\core\Form' ) ) {
|
|
| 401 |
}
|
| 402 |
|
| 403 |
} elseif ( isset( $this->post_form['mode'] ) && $this->post_form['mode'] == 'register' ) {
|
|
|
|
| 404 |
$role = $this->assigned_role( $this->form_id );
|
| 405 |
$this->post_form['role'] = $role;
|
| 406 |
//fix for social login
|
|
@@ -587,14 +588,16 @@ if ( ! class_exists( 'um\core\Form' ) ) {
|
|
| 587 |
|
| 588 |
$fields = maybe_unserialize( $custom_fields );
|
| 589 |
|
| 590 |
-
if ( ! is_array( $fields )
|
| 591 |
return false;
|
|
|
|
| 592 |
|
| 593 |
foreach ( $fields as $field_key => $field_settings ) {
|
| 594 |
|
| 595 |
if ( strstr( $field_key , 'role_' ) ) {
|
| 596 |
if ( is_array( $field_settings['options'] ) ) {
|
| 597 |
-
|
|
|
|
| 598 |
}
|
| 599 |
}
|
| 600 |
|
| 374 |
|
| 375 |
$this->post_form = array_merge( $this->form_data, $this->post_form );
|
| 376 |
|
| 377 |
+
if ( isset( $this->form_data['custom_fields'] ) && strstr( $this->form_data['custom_fields'], 'role_' ) ) { // Secure selected role
|
| 378 |
|
| 379 |
$custom_field_roles = $this->custom_field_roles( $this->form_data['custom_fields'] );
|
| 380 |
|
| 381 |
if ( ! empty( $_POST['role'] ) ) {
|
| 382 |
$role = $_POST['role'];
|
| 383 |
|
| 384 |
+
if ( is_array( $_POST['role'] ) ) {
|
| 385 |
$role = current( $_POST['role'] );
|
| 386 |
}
|
| 387 |
|
| 392 |
$exclude_roles = array_diff( array_keys( $wp_roles->roles ), array_merge( $role_keys, array( 'subscriber' ) ) );
|
| 393 |
|
| 394 |
if ( ! empty( $role ) &&
|
| 395 |
+
( ! in_array( $role, $custom_field_roles, true ) || in_array( $role, $exclude_roles ) ) ) {
|
| 396 |
+
wp_die( __( 'This is not possible for security reasons.', 'ultimate-member' ) );
|
| 397 |
}
|
| 398 |
|
| 399 |
$this->post_form['role'] = $role;
|
| 401 |
}
|
| 402 |
|
| 403 |
} elseif ( isset( $this->post_form['mode'] ) && $this->post_form['mode'] == 'register' ) {
|
| 404 |
+
|
| 405 |
$role = $this->assigned_role( $this->form_id );
|
| 406 |
$this->post_form['role'] = $role;
|
| 407 |
//fix for social login
|
| 588 |
|
| 589 |
$fields = maybe_unserialize( $custom_fields );
|
| 590 |
|
| 591 |
+
if ( ! is_array( $fields ) ) {
|
| 592 |
return false;
|
| 593 |
+
}
|
| 594 |
|
| 595 |
foreach ( $fields as $field_key => $field_settings ) {
|
| 596 |
|
| 597 |
if ( strstr( $field_key , 'role_' ) ) {
|
| 598 |
if ( is_array( $field_settings['options'] ) ) {
|
| 599 |
+
$option_pairs = apply_filters( 'um_select_options_pair', null, $field_settings );
|
| 600 |
+
return ! empty( $option_pairs ) ? array_keys( $field_settings['options'] ) : array_values( $field_settings['options'] );
|
| 601 |
}
|
| 602 |
}
|
| 603 |
|
readme.txt
CHANGED
|
@@ -7,7 +7,7 @@ Tags: community, member, membership, user-profile, user-registration
|
|
| 7 |
Requires PHP: 5.6
|
| 8 |
Requires at least: 5.0
|
| 9 |
Tested up to: 5.5
|
| 10 |
-
Stable tag: 2.1.
|
| 11 |
License: GNU Version 2 or Any Later Version
|
| 12 |
License URI: http://www.gnu.org/licenses/gpl-3.0.txt
|
| 13 |
|
|
@@ -156,6 +156,12 @@ The plugin works with popular caching plugins by automatically excluding Ultimat
|
|
| 156 |
* To learn more about version 2.1 please see this [docs](https://docs.ultimatemember.com/article/1512-upgrade-2-1-0)
|
| 157 |
* UM2.1+ is a significant update to the Member Directories' code base from 2.0.x. Please make sure you take a full-site backup with restore point before updating the plugin
|
| 158 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 159 |
= 2.1.8: September 2, 2020 =
|
| 160 |
|
| 161 |
* Enhancements:
|
| 7 |
Requires PHP: 5.6
|
| 8 |
Requires at least: 5.0
|
| 9 |
Tested up to: 5.5
|
| 10 |
+
Stable tag: 2.1.9
|
| 11 |
License: GNU Version 2 or Any Later Version
|
| 12 |
License URI: http://www.gnu.org/licenses/gpl-3.0.txt
|
| 13 |
|
| 156 |
* To learn more about version 2.1 please see this [docs](https://docs.ultimatemember.com/article/1512-upgrade-2-1-0)
|
| 157 |
* UM2.1+ is a significant update to the Member Directories' code base from 2.0.x. Please make sure you take a full-site backup with restore point before updating the plugin
|
| 158 |
|
| 159 |
+
= 2.1.9: September 9, 2020 =
|
| 160 |
+
|
| 161 |
+
* Bugfixes:
|
| 162 |
+
|
| 163 |
+
- Fixed security patch for role change via profile form
|
| 164 |
+
|
| 165 |
= 2.1.8: September 2, 2020 =
|
| 166 |
|
| 167 |
* Enhancements:
|
ultimate-member.php
CHANGED
|
@@ -3,7 +3,7 @@
|
|
| 3 |
Plugin Name: Ultimate Member
|
| 4 |
Plugin URI: http://ultimatemember.com/
|
| 5 |
Description: The easiest way to create powerful online communities and beautiful user profiles with WordPress
|
| 6 |
-
Version: 2.1.
|
| 7 |
Author: Ultimate Member
|
| 8 |
Author URI: http://ultimatemember.com/
|
| 9 |
Text Domain: ultimate-member
|
| 3 |
Plugin Name: Ultimate Member
|
| 4 |
Plugin URI: http://ultimatemember.com/
|
| 5 |
Description: The easiest way to create powerful online communities and beautiful user profiles with WordPress
|
| 6 |
+
Version: 2.1.9
|
| 7 |
Author: Ultimate Member
|
| 8 |
Author URI: http://ultimatemember.com/
|
| 9 |
Text Domain: ultimate-member
|
