Ultimate Member – User Profile & Membership Plugin - Version 2.2.4

Version Description

Download this release

Release Info

Developer nsinelnikov
Plugin Icon 128x128 Ultimate Member – User Profile & Membership Plugin
Version 2.2.4
Comparing to
See all releases

Code changes from version 2.2.3 to 2.2.4

Files changed (6) hide show
  1. includes/admin/assets/js/um-admin-global.js +15 -10
  2. includes/admin/core/class-admin-notices.php +23 -39
  3. includes/core/class-access.php +2104 -2055
  4. includes/core/class-form.php +2 -1
  5. readme.txt +10 -1
  6. ultimate-member.php +1 -1
includes/admin/assets/js/um-admin-global.js CHANGED
@@ -28,15 +28,6 @@ jQuery(document).ready(function() {
28
  jQuery(this).parents('.um-admin-notice').find( '.notice-dismiss' ).trigger('click');
29
  });
30
 
31
- jQuery(document.body).on('click', '.um_opt_in_link', function (e) {
32
- jQuery(this).parents('.um-admin-notice').find( '.notice-dismiss' ).trigger('click');
33
- });
34
-
35
-
36
- jQuery(document.body).on('click', '#um_opt_in_start', function (e) {
37
- jQuery(this).parents('.um-admin-notice').find( '.notice-dismiss' ).trigger('click');
38
- });
39
-
40
 
41
  jQuery(document.body).on( 'click', '.um-admin-notice.is-dismissible .notice-dismiss', function(e) {
42
  var notice_key = jQuery(this).parents('.um-admin-notice').data('key');
@@ -50,10 +41,24 @@ jQuery(document).ready(function() {
50
  return true;
51
  },
52
  error: function( data ) {
 
53
  return false;
54
  }
55
  });
56
  });
57
 
58
 
59
- });
 
 
 
 
 
 
 
 
 
 
 
 
 
28
  jQuery(this).parents('.um-admin-notice').find( '.notice-dismiss' ).trigger('click');
29
  });
30
 
 
 
 
 
 
 
 
 
 
31
 
32
  jQuery(document.body).on( 'click', '.um-admin-notice.is-dismissible .notice-dismiss', function(e) {
33
  var notice_key = jQuery(this).parents('.um-admin-notice').data('key');
41
  return true;
42
  },
43
  error: function( data ) {
44
+ um_admin_dismiss_notice_fallback( notice_key );
45
  return false;
46
  }
47
  });
48
  });
49
 
50
 
51
+ });
52
+
53
+ /**
54
+ * Dismiss fallback of ajax request
55
+ */
56
+ function um_admin_dismiss_notice_fallback( notice_key ) {
57
+ var href_index = "";
58
+ if ( window.location.href.indexOf("?") > -1 ) {
59
+ href_index = window.location.href + "&";
60
+ } else {
61
+ href_index = window.location.href + "?";
62
+ }
63
+ window.location.href = href_index + "um_dismiss_notice=" + notice_key + "&um_admin_nonce=" + um_admin_scripts.nonce;
64
+ }
includes/admin/core/class-admin-notices.php CHANGED
@@ -32,6 +32,7 @@ if ( ! class_exists( 'um\admin\core\Admin_Notices' ) ) {
32
  add_action( 'admin_notices', array( &$this, 'render_notices' ), 1 );
33
 
34
  add_action( 'wp_ajax_um_dismiss_notice', array( &$this, 'dismiss_notice' ) );
 
35
  }
36
 
37
 
@@ -44,7 +45,6 @@ if ( ! class_exists( 'um\admin\core\Admin_Notices' ) ) {
44
  $this->exif_extension_notice();
45
  $this->show_update_messages();
46
  $this->check_wrong_install_folder();
47
- //$this->admin_notice_opt_in();
48
  $this->need_upgrade();
49
  $this->check_wrong_licenses();
50
 
@@ -483,44 +483,6 @@ if ( ! class_exists( 'um\admin\core\Admin_Notices' ) ) {
483
  }
484
 
485
 
486
- /**
487
- * Show admin notices
488
- */
489
- public function admin_notice_opt_in() {
490
-
491
- if ( ! current_user_can( 'manage_options' ) ) {
492
- return;
493
- }
494
-
495
- //backward compatibility
496
- $hide_notice = get_option( 'um_tracking_notice' );
497
-
498
- if ( $hide_notice ) {
499
- return;
500
- }
501
-
502
- ob_start(); ?>
503
-
504
- <p>
505
- <?php printf( __( 'Thanks for installing <strong>%s</strong>! We hope you like the plugin. To fund full-time development and support of the plugin we also sell extensions. If you subscribe to our mailing list we will send you a 20%% discount code for one of our <a href="%s" target="_blank">access passes</a>.', 'ultimate-member' ), ultimatemember_plugin_name, 'https://ultimatemember.com/pricing/' ); ?>
506
- </p>
507
-
508
- <p>
509
- <a href="http://ultimatemember.com/discount/" target="_blank" id="um_opt_in_start" class="button button-primary"><?php _e( 'Claim 20% discount code', 'ultimate-member' ) ?></a>
510
- &nbsp;
511
- <a href="javascript:void(0);" class="button-secondary um_opt_in_link"><?php _e( 'No thanks', 'ultimate-member' ) ?></a>
512
- </p>
513
-
514
- <?php $message = ob_get_clean();
515
-
516
- $this->add_notice( 'opt_in_notice', array(
517
- 'class' => 'updated',
518
- 'message' => $message,
519
- 'dismissible' => true
520
- ), 2 );
521
- }
522
-
523
-
524
  function check_wrong_licenses() {
525
  $invalid_license = 0;
526
  $arr_inactive_license_keys = array();
@@ -691,11 +653,33 @@ if ( ! class_exists( 'um\admin\core\Admin_Notices' ) ) {
691
  }
692
 
693
  $hidden_notices = get_option( 'um_hidden_admin_notices', array() );
 
 
 
 
694
  $hidden_notices[] = sanitize_key( $_POST['key'] );
695
 
696
  update_option( 'um_hidden_admin_notices', $hidden_notices );
697
 
698
  wp_send_json_success();
699
  }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
700
  }
701
  }
32
  add_action( 'admin_notices', array( &$this, 'render_notices' ), 1 );
33
 
34
  add_action( 'wp_ajax_um_dismiss_notice', array( &$this, 'dismiss_notice' ) );
35
+ add_action( 'admin_init', array( &$this, 'force_dismiss_notice' ) );
36
  }
37
 
38
 
45
  $this->exif_extension_notice();
46
  $this->show_update_messages();
47
  $this->check_wrong_install_folder();
 
48
  $this->need_upgrade();
49
  $this->check_wrong_licenses();
50
 
483
  }
484
 
485
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
486
  function check_wrong_licenses() {
487
  $invalid_license = 0;
488
  $arr_inactive_license_keys = array();
653
  }
654
 
655
  $hidden_notices = get_option( 'um_hidden_admin_notices', array() );
656
+ if ( ! is_array( $hidden_notices ) ) {
657
+ $hidden_notices = array();
658
+ }
659
+
660
  $hidden_notices[] = sanitize_key( $_POST['key'] );
661
 
662
  update_option( 'um_hidden_admin_notices', $hidden_notices );
663
 
664
  wp_send_json_success();
665
  }
666
+
667
+
668
+ function force_dismiss_notice() {
669
+ if ( ! empty( $_REQUEST['um_dismiss_notice'] ) && ! empty( $_REQUEST['um_admin_nonce'] ) ) {
670
+ if ( wp_verify_nonce( $_REQUEST['um_admin_nonce'], 'um-admin-nonce' ) ) {
671
+ $hidden_notices = get_option( 'um_hidden_admin_notices', array() );
672
+ if ( ! is_array( $hidden_notices ) ) {
673
+ $hidden_notices = array();
674
+ }
675
+
676
+ $hidden_notices[] = sanitize_key( $_REQUEST['um_dismiss_notice'] );
677
+
678
+ update_option( 'um_hidden_admin_notices', $hidden_notices );
679
+ } else {
680
+ wp_die( __( 'Security Check', 'ultimate-member' ) );
681
+ }
682
+ }
683
+ }
684
  }
685
  }
includes/core/class-access.php CHANGED
@@ -1,2055 +1,2104 @@
1
- <?php
2
- namespace um\core;
3
-
4
- // Exit if accessed directly
5
- if ( ! defined( 'ABSPATH' ) ) exit;
6
-
7
- if ( ! class_exists( 'um\core\Access' ) ) {
8
-
9
-
10
- /**
11
- * Class Access
12
- * @package um\core
13
- */
14
- class Access {
15
-
16
-
17
- /**
18
- * If true then we use individual restrict content options
19
- * for post
20
- *
21
- * @var bool
22
- */
23
- private $singular_page;
24
-
25
-
26
- /**
27
- * @var bool
28
- */
29
- private $redirect_handler;
30
-
31
-
32
- /**
33
- * @var bool
34
- */
35
- private $allow_access;
36
-
37
-
38
- private $ignore_exclude = false;
39
-
40
-
41
- /**
42
- * Access constructor.
43
- */
44
- function __construct() {
45
- $this->singular_page = false;
46
-
47
- $this->redirect_handler = false;
48
- $this->allow_access = false;
49
-
50
- // NEW HOOKS
51
-
52
- // callbacks for changing terms query
53
- add_action( 'pre_get_terms', array( &$this, 'exclude_hidden_terms_query' ), 99, 1 );
54
-
55
- // Change recent posts widget query
56
- add_filter( 'widget_posts_args', array( &$this, 'exclude_restricted_posts_widget' ), 99, 1 );
57
- // Exclude pages displayed by wp_list_pages function
58
- add_filter( 'wp_list_pages_excludes', array( &$this, 'exclude_restricted_pages' ), 10, 1 );
59
- // Archives list change where based on restricted posts
60
- add_filter( 'getarchives_where', array( &$this, 'exclude_restricted_posts_archives_widget' ), 99, 2 );
61
-
62
- // Navigation line below the post content, change query to exclude restricted
63
- add_filter( 'get_next_post_where', array( &$this, 'exclude_navigation_posts' ), 99, 5 );
64
- add_filter( 'get_previous_post_where', array( &$this, 'exclude_navigation_posts' ), 99, 5 );
65
-
66
- // callbacks for changing posts query
67
- add_action( 'pre_get_posts', array( &$this, 'exclude_posts' ), 99, 1 );
68
- add_filter( 'posts_where', array( &$this, 'exclude_posts_where' ), 10, 2 );
69
- add_filter( 'wp_count_posts', array( &$this, 'custom_count_posts_handler' ), 99, 3 );
70
-
71
- // change the title of the post
72
- add_filter( 'the_title', array( &$this, 'filter_restricted_post_title' ), 10, 2 );
73
- // change the content of the restricted post
74
- add_filter( 'the_content', array( &$this, 'filter_restricted_post_content' ), 999999, 1 );
75
- // change the excerpt of the restricted post
76
- add_filter( 'get_the_excerpt', array( &$this, 'filter_restricted_post_excerpt' ), 999999, 2 );
77
-
78
- // filter attachment
79
- add_filter( 'wp_get_attachment_url', array( &$this, 'filter_attachment' ), 99, 2 );
80
- add_filter( 'has_post_thumbnail', array( &$this, 'filter_post_thumbnail' ), 99, 3 );
81
-
82
- // comments queries
83
- add_action( 'pre_get_comments', array( &$this, 'exclude_posts_comments' ), 99, 1 );
84
- add_filter( 'wp_count_comments', array( &$this, 'custom_comments_count_handler' ), 99, 2 );
85
- // comments RSS
86
- add_filter( 'comment_feed_where', array( &$this, 'exclude_posts_comments_feed' ), 99, 2 );
87
- // Disable comments if user has not permission to access current post
88
- add_filter( 'comments_open', array( $this, 'disable_comments_open' ), 99, 2 );
89
- add_filter( 'get_comments_number', array( $this, 'disable_comments_open_number' ), 99, 2 );
90
-
91
- // filter menu items
92
- add_filter( 'wp_nav_menu_objects', array( &$this, 'filter_menu' ), 99, 2 );
93
-
94
- // Gutenberg blocks restrictions
95
- add_filter( 'render_block', array( $this, 'restrict_blocks' ), 10, 2 );
96
-
97
- // there is posts (Posts/Page/CPT) filtration if site is accessible
98
- // there also will be redirects if they need
99
- // protect posts types
100
- add_filter( 'the_posts', array( &$this, 'filter_protected_posts' ), 99, 2 );
101
- // protect pages for wp_list_pages func
102
- add_filter( 'get_pages', array( &$this, 'filter_protected_posts' ), 99, 2 );
103
-
104
- // check the site's accessible more priority have Individual Post/Term Restriction settings
105
- add_action( 'template_redirect', array( &$this, 'template_redirect' ), 1000 );
106
- add_action( 'um_access_check_individual_term_settings', array( &$this, 'um_access_check_individual_term_settings' ) );
107
- add_action( 'um_access_check_global_settings', array( &$this, 'um_access_check_global_settings' ) );
108
-
109
-
110
- add_action( 'plugins_loaded', array( &$this, 'disable_restriction_pre_queries' ), 1 );
111
- }
112
-
113
-
114
- /**
115
- * Rollback function for old business logic to avoid security enhancements with 404 errors
116
- */
117
- function disable_restriction_pre_queries() {
118
- if ( ! UM()->options()->get( 'disable_restriction_pre_queries' ) ) {
119
- return;
120
- }
121
-
122
- remove_action( 'pre_get_terms', array( &$this, 'exclude_hidden_terms_query' ), 99 );
123
- remove_filter( 'widget_posts_args', array( &$this, 'exclude_restricted_posts_widget' ), 99 );
124
- remove_filter( 'wp_list_pages_excludes', array( &$this, 'exclude_restricted_pages' ), 10 );
125
- remove_filter( 'getarchives_where', array( &$this, 'exclude_restricted_posts_archives_widget' ), 99 );
126
- remove_filter( 'get_next_post_where', array( &$this, 'exclude_navigation_posts' ), 99 );
127
- remove_filter( 'get_previous_post_where', array( &$this, 'exclude_navigation_posts' ), 99 );
128
- remove_action( 'pre_get_posts', array( &$this, 'exclude_posts' ), 99 );
129
- remove_filter( 'posts_where', array( &$this, 'exclude_posts_where' ), 10 );
130
- remove_filter( 'wp_count_posts', array( &$this, 'custom_count_posts_handler' ), 99 );
131
- remove_filter( 'the_title', array( &$this, 'filter_restricted_post_title' ), 10 );
132
- }
133
-
134
-
135
- /**
136
- * Get array with restricted posts
137
- *
138
- * @param bool $force
139
- * @param bool|array|string $post_types
140
- *
141
- * @return array
142
- */
143
- function exclude_posts_array( $force = false, $post_types = false ) {
144
- if ( $this->ignore_exclude ) {
145
- return array();
146
- }
147
-
148
- static $cache = array();
149
-
150
- $cache_key = $force ? 'force' : 'default';
151
-
152
- // `force` cache contains all restricted post IDs we can get them all from cache instead new queries
153
- $force_cache_key = '';
154
- if ( 'default' === $cache_key ) {
155
- $force_cache_key = 'force';
156
- }
157
-
158
- // make $post_types as array if string
159
- if ( ! empty( $post_types ) ) {
160
- $post_types = is_array( $post_types ) ? $post_types : array( $post_types );
161
- $cache_key .= md5( serialize( $post_types ) );
162
- if ( ! empty( $force_cache_key ) ) {
163
- $force_cache_key .= md5( serialize( $post_types ) );
164
- }
165
- }
166
-
167
- if ( array_key_exists( $cache_key, $cache ) ) {
168
- return $cache[ $cache_key ];
169
- }
170
-
171
- $exclude_posts = array();
172
- if ( current_user_can( 'administrator' ) ) {
173
- $cache[ $cache_key ] = $exclude_posts;
174
- return $exclude_posts;
175
- }
176
-
177
- // @todo using Object Cache `wp_cache_get()` `wp_cache_set()` functions
178
-
179
- // `force` cache contains all restricted post IDs we can get them all from cache instead new queries
180
- if ( ! empty( $force_cache_key ) && array_key_exists( $force_cache_key, $cache ) ) {
181
- $post_ids = $cache[ $force_cache_key ];
182
-
183
- if ( ! empty( $post_ids ) ) {
184
- foreach ( $post_ids as $post_id ) {
185
- $content_restriction = $this->get_post_privacy_settings( $post_id );
186
- if ( ! empty( $content_restriction['_um_access_hide_from_queries'] ) ) {
187
- array_push( $exclude_posts, $post_id );
188
- }
189
- }
190
- }
191
- } else {
192
- $restricted_posts = UM()->options()->get( 'restricted_access_post_metabox' );
193
- if ( ! empty( $restricted_posts ) ) {
194
- $restricted_posts = array_keys( $restricted_posts );
195
- if ( ! empty( $post_types ) ) {
196
- $restricted_posts = array_intersect( $post_types, $restricted_posts );
197
- }
198
- }
199
-
200
- if ( ! empty( $restricted_posts ) ) {
201
- $this->ignore_exclude = true;
202
- // exclude all posts assigned to current term without individual restriction settings
203
- $post_ids = get_posts(
204
- array(
205
- 'fields' => 'ids',
206
- 'post_status' => 'any',
207
- 'post_type' => $restricted_posts,
208
- 'numberposts' => -1,
209
- 'meta_query' => array(
210
- array(
211
- 'key' => 'um_content_restriction',
212
- 'compare' => 'EXISTS',
213
- ),
214
- ),
215
- )
216
- );
217
-
218
- $this->ignore_exclude = false;
219
- }
220
-
221
- $post_ids = empty( $post_ids ) ? array() : $post_ids;
222
-
223
- $restricted_taxonomies = UM()->options()->get( 'restricted_access_taxonomy_metabox' );
224
-
225
- if ( ! empty( $restricted_taxonomies ) ) {
226
- $restricted_taxonomies = array_keys( $restricted_taxonomies );
227
- foreach ( $restricted_taxonomies as $k => $taxonomy ) {
228
- if ( ! taxonomy_exists( $taxonomy ) ) {
229
- unset( $restricted_taxonomies[ $k ] );
230
- }
231
- }
232
- $restricted_taxonomies = array_values( $restricted_taxonomies );
233
-
234
- if ( ! empty( $post_types ) ) {
235
- $taxonomies = array();
236
- foreach ( $post_types as $p_t ) {
237
- $taxonomies = array_merge( $taxonomies, get_object_taxonomies( $p_t ) );
238
- }
239
- $restricted_taxonomies = array_intersect( $taxonomies, $restricted_taxonomies );
240
- }
241
- }
242
-
243
- if ( ! empty( $restricted_taxonomies ) ) {
244
- global $wpdb;
245
-
246
- $terms = $wpdb->get_results(
247
- "SELECT tm.term_id AS term_id,
248
- tt.taxonomy AS taxonomy
249
- FROM {$wpdb->termmeta} tm
250
- LEFT JOIN {$wpdb->term_taxonomy} tt ON tt.term_id = tm.term_id
251
- WHERE tm.meta_key = 'um_content_restriction' AND
252
- tt.taxonomy IN('" . implode( "','", $restricted_taxonomies ) . "')",
253
- ARRAY_A
254
- );
255
-
256
- if ( ! empty( $terms ) ) {
257
- foreach ( $terms as $term ) {
258
- if ( ! $this->is_restricted_term( $term['term_id'] ) ) {
259
- continue;
260
- }
261
-
262
- $this->ignore_exclude = true;
263
- // exclude all posts assigned to current term without individual restriction settings
264
- $posts = get_posts(
265
- array(
266
- 'fields' => 'ids',
267
- 'post_status' => 'any',
268
- 'numberposts' => -1,
269
- 'tax_query' => array(
270
- array(
271
- 'taxonomy' => $term['taxonomy'],
272
- 'field' => 'id',
273
- 'terms' => $term['term_id'],
274
- ),
275
- ),
276
- 'meta_query' => array(
277
- 'relation' => 'OR',
278
- array(
279
- 'relation' => 'AND',
280
- array(
281
- 'key' => 'um_content_restriction',
282
- 'value' => 's:26:"_um_custom_access_settings";s:1:"1"',
283
- 'compare' => 'NOT LIKE',
284
- ),
285
- array(
286
- 'key' => 'um_content_restriction',
287
- 'value' => 's:26:"_um_custom_access_settings";b:1',
288
- 'compare' => 'NOT LIKE',
289
- ),
290
- ),
291
- array(
292
- 'key' => 'um_content_restriction',
293
- 'compare' => 'NOT EXISTS',
294
- ),
295
- ),
296
- )
297
- );
298
- $this->ignore_exclude = false;
299
-
300
- if ( empty( $posts ) ) {
301
- continue;
302
- }
303
-
304
- $post_ids = array_merge( $post_ids, $posts );
305
- }
306
- }
307
- }
308
-
309
- if ( ! empty( $post_ids ) ) {
310
- $post_ids = array_unique( $post_ids );
311
-
312
- foreach ( $post_ids as $post_id ) {
313
- // handle every post privacy setting based on post type maybe it's inactive for now
314
- // if individual restriction is enabled then get post terms restriction settings
315
- if ( $this->is_restricted( $post_id ) ) {
316
- if ( true === $force ) {
317
- array_push( $exclude_posts, $post_id );
318
- } else {
319
- $content_restriction = $this->get_post_privacy_settings( $post_id );
320
- if ( ! empty( $content_restriction['_um_access_hide_from_queries'] ) ) {
321
- array_push( $exclude_posts, $post_id );
322
- }
323
- }
324
- }
325
- }
326
- }
327
- }
328
-
329
- $exclude_posts = apply_filters( 'um_exclude_restricted_posts_ids', $exclude_posts, $force );
330
-
331
- $cache[ $cache_key ] = $exclude_posts;
332
- return $exclude_posts;
333
- }
334
-
335
-
336
-
337
- /**
338
- * Get array with restricted terms
339
- *
340
- * @param \WP_Term_Query $query
341
- *
342
- * @return array
343
- */
344
- function exclude_terms_array( $query ) {
345
- $exclude = array();
346
-
347
- $restricted_taxonomies = UM()->options()->get( 'restricted_access_taxonomy_metabox' );
348
- if ( ! empty( $restricted_taxonomies ) ) {
349
- $restricted_taxonomies = array_keys( $restricted_taxonomies );
350
- foreach ( $restricted_taxonomies as $k => $taxonomy ) {
351
- if ( ! taxonomy_exists( $taxonomy ) ) {
352
- unset( $restricted_taxonomies[ $k ] );
353
- }
354
- }
355
- $restricted_taxonomies = array_values( $restricted_taxonomies );
356
-
357
- if ( ! empty( $restricted_taxonomies ) ) {
358
- if ( isset( $query->query_vars['taxonomy'] ) && is_array( $query->query_vars['taxonomy'] ) ) {
359
- $restricted_taxonomies = array_intersect( $query->query_vars['taxonomy'], $restricted_taxonomies );
360
- } elseif ( ! empty( $query->query_vars['term_taxonomy_id'] ) ) {
361
- $term_taxonomy_ids = is_array( $query->query_vars['term_taxonomy_id'] ) ? $query->query_vars['term_taxonomy_id'] : array( $query->query_vars['term_taxonomy_id'] );
362
-
363
- global $wpdb;
364
- $tax_in_query = $wpdb->get_col( "SELECT DISTINCT taxonomy FROM {$wpdb->term_taxonomy} WHERE term_taxonomy_id IN('" . implode( "','", $term_taxonomy_ids ) . "')" );
365
- if ( ! empty( $tax_in_query ) ) {
366
- $restricted_taxonomies = array_intersect( $tax_in_query, $restricted_taxonomies );
367
- } else {
368
- $restricted_taxonomies = array();
369
- }
370
- }
371
- }
372
- }
373
-
374
- if ( empty( $restricted_taxonomies ) ) {
375
- return $exclude;
376
- }
377
-
378
- $cache_key = md5( serialize( $restricted_taxonomies ) );
379
-
380
- static $cache = array();
381
-
382
- if ( array_key_exists( $cache_key, $cache ) ) {
383
- return $cache[ $cache_key ];
384
- }
385
-
386
- $term_ids = get_terms(
387
- array(
388
- 'taxonomy' => $restricted_taxonomies,
389
- 'hide_empty' => false,
390
- 'fields' => 'ids',
391
- 'meta_query' => array(
392
- 'key' => 'um_content_restriction',
393
- 'compare' => 'EXISTS',
394
- ),
395
- 'um_ignore_exclude' => true,
396
- )
397
- );
398
-
399
- if ( empty( $term_ids ) || is_wp_error( $term_ids ) ) {
400
- $cache[ $cache_key ] = $exclude;
401
- return $exclude;
402
- }
403
-
404
- foreach ( $term_ids as $term_id ) {
405
- if ( $this->is_restricted_term( $term_id ) ) {
406
- $exclude[] = $term_id;
407
- }
408
- }
409
-
410
- $exclude = apply_filters( 'um_exclude_restricted_terms_ids', $exclude );
411
- $cache[ $cache_key ] = $exclude;
412
- return $exclude;
413
- }
414
-
415
-
416
- /**
417
- * @param \WP_Term_Query $query
418
- */
419
- function exclude_hidden_terms_query( $query ) {
420
- if ( current_user_can( 'administrator' ) || ! empty( $query->query_vars['um_ignore_exclude'] ) ) {
421
- return;
422
- }
423
-
424
- $exclude = $this->exclude_terms_array( $query );
425
- if ( ! empty( $exclude ) ) {
426
- $query->query_vars['exclude'] = ! empty( $query->query_vars['exclude'] ) ? wp_parse_id_list( $query->query_vars['exclude'] ) : $exclude;
427
- }
428
- }
429
-
430
-
431
- /**
432
- * @param \WP_Query $query
433
- */
434
- function exclude_posts( $query ) {
435
- if ( current_user_can( 'administrator' ) ) {
436
- return;
437
- }
438
-
439
- // use these functions is_search() || is_admin() for getting force hide all posts
440
- // don't handle `hide from WP_Query` and show 404 option for searching and wp-admin query
441
- if ( $query->is_main_query() || ! empty( $query->query_vars['um_main_query'] ) ) {
442
- $force = is_feed() || is_search() || is_admin();
443
-
444
- if ( is_object( $query ) ) {
445
- $is_singular = $query->is_singular();
446
- } else {
447
- $is_singular = ! empty( $query->is_singular ) ? true : false;
448
- }
449
-
450
- if ( ! $is_singular ) {
451
- // need to know what post type is here
452
- $q_values = ! empty( $query->query_vars['post_type'] ) ? $query->query_vars['post_type'] : array();
453
- if ( ! is_array( $q_values ) ) {
454
- $q_values = explode( ',', $query->query_vars['post_type'] );
455
- }
456
-
457
- // 'any' will cause the query var to be ignored.
458
- if ( in_array( 'any', $q_values, true ) || empty( $q_values ) ) {
459
- $exclude_posts = $this->exclude_posts_array( $force );
460
- } else {
461
- $exclude_posts = $this->exclude_posts_array( $force, $q_values );
462
- }
463
-
464
- if ( ! empty( $exclude_posts ) ) {
465
- $post__not_in = $query->get( 'post__not_in', array() );
466
- $query->set( 'post__not_in', array_merge( wp_parse_id_list( $post__not_in ), $exclude_posts ) );
467
- }
468
- }
469
- }
470
- }
471
-
472
-
473
- /**
474
- * Exclude restricted post from query if there is a single query that exclude post_not_in by default in \WP_Query
475
- *
476
- * @param string $where
477
- * @param \WP_Query $query
478
- *
479
- * @return mixed
480
- */
481
- function exclude_posts_where( $where, $query ) {
482
- if ( current_user_can( 'administrator' ) ) {
483
- return $where;
484
- }
485
-
486
- if ( ! $query->is_main_query() ) {
487
- return $where;
488
- }
489
-
490
- if ( ! empty( $query->query_vars['p'] ) && $this->is_restricted( $query->query_vars['p'] ) ) {
491
- $restriction_settings = $this->get_post_privacy_settings( $query->query_vars['p'] );
492
- if ( ! empty( $restriction_settings['_um_access_hide_from_queries'] ) && ! empty( $query->query_vars['post__not_in'] ) ) {
493
- global $wpdb;
494
- $post__not_in = implode( ',', array_map( 'absint', $query->query_vars['post__not_in'] ) );
495
- $where .= " AND {$wpdb->posts}.ID NOT IN ($post__not_in)";
496
- }
497
- }
498
-
499
- return $where;
500
- }
501
-
502
-
503
- /**
504
- * Change the posts count based on restriction settings
505
- *
506
- * @param object $counts Post counts
507
- * @param string $type Post type
508
- * @param string $perm The permission to determine if the posts are 'readable'
509
- * by the current user.
510
- *
511
- * @return object
512
- */
513
- function custom_count_posts_handler( $counts, $type, $perm ) {
514
- if ( current_user_can( 'administrator' ) ) {
515
- return $counts;
516
- }
517
-
518
- global $wpdb;
519
-
520
- static $cache = array();
521
-
522
- $cache_key = _count_posts_cache_key( $type, $perm );
523
- $force = is_feed() || is_search() || is_admin();
524
- $cache_key .= $force ? 'force' : '';
525
-
526
- if ( array_key_exists( $cache_key, $cache ) ) {
527
- return $cache[ $cache_key ];
528
- }
529
-
530
- $exclude_posts = $this->exclude_posts_array( $force, array( $type ) );
531
- if ( empty( $exclude_posts ) ) {
532
- $cache[ $cache_key ] = $counts;
533
- return $counts;
534
- }
535
-
536
- $query = "SELECT post_status, COUNT( * ) AS num_posts FROM {$wpdb->posts} WHERE post_type = %s";
537
-
538
- if ( 'readable' === $perm && is_user_logged_in() ) {
539
- $post_type_object = get_post_type_object( $type );
540
- if ( ! current_user_can( $post_type_object->cap->read_private_posts ) ) {
541
- $query .= $wpdb->prepare(
542
- " AND (post_status != 'private' OR ( post_author = %d AND post_status = 'private' ))",
543
- get_current_user_id()
544
- );
545
- }
546
- }
547
-
548
- $query .= " AND ID NOT IN('" . implode( "','", $exclude_posts ) . "')";
549
-
550
- $query .= ' GROUP BY post_status';
551
-
552
- $results = (array) $wpdb->get_results( $wpdb->prepare( $query, $type ), ARRAY_A );
553
- $counts = array_fill_keys( get_post_stati(), 0 );
554
-
555
- foreach ( $results as $row ) {
556
- $counts[ $row['post_status'] ] = $row['num_posts'];
557
- }
558
-
559
- $counts = (object) $counts;
560
-
561
- $cache[ $cache_key ] = $counts;
562
- return $counts;
563
- }
564
-
565
-
566
- /**
567
- * Exclude restricted posts in Recent Posts widget
568
- *
569
- * @param array $array Query args
570
- *
571
- * @return array
572
- */
573
- function exclude_restricted_posts_widget( $array ) {
574
- if ( current_user_can( 'administrator' ) ) {
575
- return $array;
576
- }
577
-
578
- $exclude_posts = $this->exclude_posts_array( false, 'post' );
579
- if ( ! empty( $exclude_posts ) ) {
580
- $post__not_in = ! empty( $array['post__not_in'] ) ? $array['post__not_in'] : array();
581
- $array['post__not_in'] = array_merge( wp_parse_id_list( $post__not_in ), $exclude_posts );
582
- }
583
-
584
- return $array;
585
- }
586
-
587
-
588
- /**
589
- * Exclude restricted posts in Recent Posts widget
590
- *
591
- * @param array $array Query args
592
- *
593
- * @return array
594
- */
595
- function exclude_restricted_pages( $array ) {
596
- if ( current_user_can( 'administrator' ) ) {
597
- return $array;
598
- }
599
-
600
- $exclude_posts = $this->exclude_posts_array( false, 'page' );
601
- if ( ! empty( $exclude_posts ) ) {
602
- $array = array_merge( $array, $exclude_posts );
603
- }
604
-
605
- return $array;
606
- }
607
-
608
-
609
- /**
610
- * Exclude restricted posts in widgets
611
- *
612
- * @param string $sql_where
613
- * @param array $parsed_args
614
- *
615
- * @return string
616
- */
617
- function exclude_restricted_posts_archives_widget( $sql_where, $parsed_args ) {
618
- if ( current_user_can( 'administrator' ) ) {
619
- return $sql_where;
620
- }
621
-
622
- $exclude_posts = $this->exclude_posts_array( false, $parsed_args['post_type'] );
623
- if ( ! empty( $exclude_posts ) ) {
624
- $exclude_string = implode( ',', $exclude_posts );
625
- $sql_where .= ' AND ID NOT IN ( ' . $exclude_string . ' )';
626
- }
627
-
628
- return $sql_where;
629
- }
630
-
631
-
632
- /**
633
- * Exclude posts from next, previous navigation
634
- *
635
- * @param string $where
636
- * @param bool $in_same_term
637
- * @param array $excluded_terms
638
- * @param string $taxonomy.
639
- * @param \WP_Post $post
640
- *
641
- * @return string
642
- */
643
- function exclude_navigation_posts( $where, $in_same_term, $excluded_terms, $taxonomy, $post ) {
644
- if ( current_user_can( 'administrator' ) ) {
645
- return $where;
646
- }
647
-
648
- $exclude_posts = $this->exclude_posts_array( false, $post->post_type );
649
- if ( ! empty( $exclude_posts ) ) {
650
- $exclude_string = implode( ',', $exclude_posts );
651
- $where .= ' AND ID NOT IN ( ' . $exclude_string . ' )';
652
- }
653
-
654
- return $where;
655
- }
656
-
657
-
658
- /**
659
- * Replace titles of restricted posts
660
- *
661
- * @param string $title
662
- * @param int|null $id
663
- *
664
- * @return string
665
- */
666
- function filter_restricted_post_title( $title, $id = null ) {
667
- if ( ! UM()->options()->get( 'restricted_post_title_replace' ) ) {
668
- return $title;
669
- }
670
-
671
- if ( current_user_can( 'administrator' ) ) {
672
- return $title;
673
- }
674
-
675
- if ( ! isset( $id ) ) {
676
- return $title;
677
- }
678
-
679
- if ( ! is_numeric( $id ) ) {
680
- $id = absint( $id );
681
- }
682
-
683
- $ignore = apply_filters( 'um_ignore_restricted_title', false, $id );
684
- if ( $ignore ) {
685
- return $title;
686
- }
687
-
688
- if ( $this->is_restricted( $id ) ) {
689
- $restricted_global_title = UM()->options()->get( 'restricted_access_post_title' );
690
- $title = stripslashes( $restricted_global_title );
691
- }
692
-
693
- return $title;
694
- }
695
-
696
-
697
- /**
698
- * Replace content of restricted posts
699
- *
700
- * @param string $content
701
- *
702
- * @return string
703
- */
704
- function filter_restricted_post_content( $content ) {
705
- if ( current_user_can( 'administrator' ) ) {
706
- return $content;
707
- }
708
-
709
- $id = get_the_ID();
710
- if ( ! $id || is_admin() ) {
711
- return $content;
712
- }
713
-
714
- $ignore = apply_filters( 'um_ignore_restricted_content', false, $id );
715
- if ( $ignore ) {
716
- return $content;
717
- }
718
-
719
- if ( $this->is_restricted( $id ) ) {
720
- $restriction = $this->get_post_privacy_settings( $id );
721
-
722
- if ( ! isset( $restriction['_um_restrict_by_custom_message'] ) || '0' == $restriction['_um_restrict_by_custom_message'] ) {
723
- $content = stripslashes( UM()->options()->get( 'restricted_access_message' ) );
724
- } elseif ( '1' == $restriction['_um_restrict_by_custom_message'] ) {
725
- $content = ! empty( $restriction['_um_restrict_custom_message'] ) ? stripslashes( $restriction['_um_restrict_custom_message'] ) : '';
726
- }
727
- }
728
-
729
- return $content;
730
- }
731
-
732
-
733
- /**
734
- * Replace excerpt of restricted posts
735
- *
736
- * @param string $post_excerpt
737
- * @param \WP_Post $post
738
- *
739
- * @return string
740
- */
741
- function filter_restricted_post_excerpt( $post_excerpt, $post ) {
742
- if ( empty( $post ) ) {
743
- return $post_excerpt;
744
- }
745
-
746
- if ( current_user_can( 'administrator' ) || is_admin() ) {
747
- return $post_excerpt;
748
- }
749
-
750
- $ignore = apply_filters( 'um_ignore_restricted_excerpt', false, $post->ID );
751
- if ( $ignore ) {
752
- return $post_excerpt;
753
- }
754
-
755
- if ( $this->is_restricted( $post->ID ) ) {
756
- $post_excerpt = '';
757
- }
758
-
759
- return $post_excerpt;
760
- }
761
-
762
-
763
- /**
764
- * Hide attachment if the post is restricted
765
- *
766
- * @param string $url
767
- * @param int $attachment_id
768
- *
769
- * @return boolean|string
770
- */
771
- function filter_attachment( $url, $attachment_id ) {
772
- if ( current_user_can( 'administrator' ) ) {
773
- return $url;
774
- }
775
-
776
- return ( $attachment_id && $this->is_restricted( $attachment_id ) ) ? false : $url;
777
- }
778
-
779
-
780
- /**
781
- * Hide attachment if the post is restricted
782
- *
783
- * @param $has_thumbnail
784
- * @param $post
785
- * @param $thumbnail_id
786
- *
787
- * @return bool
788
- */
789
- function filter_post_thumbnail( $has_thumbnail, $post, $thumbnail_id ) {
790
- if ( current_user_can( 'administrator' ) ) {
791
- return $has_thumbnail;
792
- }
793
-
794
- if ( $this->is_restricted( $thumbnail_id ) ) {
795
- $has_thumbnail = false;
796
- } elseif ( ! empty( $post ) && ! empty( $post->ID ) ) {
797
- if ( $this->is_restricted( $post->ID ) ) {
798
- $has_thumbnail = false;
799
- }
800
- } else {
801
- $post_id = get_the_ID();
802
- if ( false !== $post_id && $this->is_restricted( $post_id ) ) {
803
- $has_thumbnail = false;
804
- }
805
- }
806
-
807
- $has_thumbnail = apply_filters( 'um_restrict_post_thumbnail', $has_thumbnail, $post, $thumbnail_id );
808
-
809
- return $has_thumbnail;
810
- }
811
-
812
-
813
-
814
- /**
815
- * Exclude comments from restricted posts in widgets
816
- *
817
- * @param \WP_Comment_Query $query
818
- */
819
- function exclude_posts_comments( $query ) {
820
- if ( current_user_can( 'administrator' ) ) {
821
- return;
822
- }
823
-
824
- if ( ! empty( $query->query_vars['post_id'] ) ) {
825
- $exclude_posts = array();
826
- if ( $this->is_restricted( $query->query_vars['post_id'] ) ) {
827
- $exclude_posts[] = $query->query_vars['post_id'];
828
- }
829
- } else {
830
- $q_values = ! empty( $query->query_vars['post_type'] ) ? $query->query_vars['post_type'] : array();
831
- if ( ! is_array( $q_values ) ) {
832
- $q_values = explode( ',', $query->query_vars['post_type'] );
833
- }
834
-
835
- // 'any' will cause the query var to be ignored.
836
- if ( in_array( 'any', $q_values, true ) || empty( $q_values ) ) {
837
- $exclude_posts = $this->exclude_posts_array( true, $this->get_available_comments_post_types() );
838
- } else {
839
- $exclude_posts = $this->exclude_posts_array( true, $q_values );
840
- }
841
- }
842
-
843
- if ( ! empty( $exclude_posts ) ) {
844
- $post__not_in = ! empty( $query->query_vars['post__not_in'] ) ? $query->query_vars['post__not_in'] : array();
845
- $query->query_vars['post__not_in'] = array_merge( wp_parse_id_list( $post__not_in ), $exclude_posts );
846
- }
847
- }
848
-
849
-
850
- /**
851
- * @return array
852
- */
853
- function get_available_comments_post_types() {
854
- global $wp_taxonomies;
855
-
856
- $restricted_posts = UM()->options()->get( 'restricted_access_post_metabox' );
857
- if ( empty( $restricted_posts ) ) {
858
- $restricted_posts = array();
859
- }
860
- $restricted_posts = array_keys( $restricted_posts );
861
-
862
- $restricted_taxonomies = UM()->options()->get( 'restricted_access_taxonomy_metabox' );
863
- if ( ! empty( $restricted_taxonomies ) ) {
864
- $restricted_taxonomies = array_keys( $restricted_taxonomies );
865
- foreach ( $restricted_taxonomies as $k => $taxonomy ) {
866
- if ( taxonomy_exists( $taxonomy ) ) {
867
- $restricted_posts = array_merge( $restricted_posts, $wp_taxonomies[ $taxonomy ]->object_type );
868
- }
869
- }
870
- }
871
-
872
- $restricted_posts = array_unique( $restricted_posts );
873
- foreach ( $restricted_posts as $k => $post_type ) {
874
- if ( 'closed' === get_default_comment_status( $post_type ) ) {
875
- unset( $restricted_posts[ $k ] );
876
- }
877
- }
878
-
879
- $restricted_posts = array_values( $restricted_posts );
880
-
881
- return $restricted_posts;
882
- }
883
-
884
-
885
- /**
886
- * Exclude comments from comments feed
887
- *
888
- * @param string $where
889
- * @param \WP_Query $query
890
- *
891
- * @return string
892
- */
893
- function exclude_posts_comments_feed( $where, $query ) {
894
- if ( current_user_can( 'administrator' ) ) {
895
- return $where;
896
- }
897
-
898
- $exclude_posts = $this->exclude_posts_array( true, $this->get_available_comments_post_types() );
899
- if ( ! empty( $exclude_posts ) ) {
900
- $exclude_string = implode( ',', $exclude_posts );
901
- $where .= ' AND comment_post_ID NOT IN ( ' . $exclude_string . ' )';
902
- }
903
-
904
- return $where;
905
- }
906
-
907
-
908
- /**
909
- * @param object $stats
910
- * @param int $post_id Post ID. Can be 0 for the whole website
911
- *
912
- * @return object
913
- */
914
- function custom_comments_count_handler( $stats, $post_id ) {
915
- if ( ! empty( $stats ) || current_user_can( 'administrator' ) ) {
916
- return $stats;
917
- }
918
-
919
- if ( $post_id === 0 ) {
920
- $exclude_posts = $this->exclude_posts_array( true, $this->get_available_comments_post_types() );
921
- if ( empty( $exclude_posts ) ) {
922
- return $stats;
923
- }
924
- } else {
925
- $exclude_posts = array();
926
- if ( $this->is_restricted( $post_id ) ) {
927
- $exclude_posts[] = $post_id;
928
- }
929
- }
930
-
931
- $stats = $this->get_comment_count( $post_id, $exclude_posts );
932
- $stats['moderated'] = $stats['awaiting_moderation'];
933
- unset( $stats['awaiting_moderation'] );
934
-
935
- $stats_object = (object) $stats;
936
-
937
- return $stats_object;
938
- }
939
-
940
-
941
- /**
942
- * @param int $post_id
943
- * @param array $exclude_posts
944
- *
945
- * @return array
946
- */
947
- function get_comment_count( $post_id = 0, $exclude_posts = array() ) {
948
- static $cache = array();
949
-
950
- if ( isset( $cache[ $post_id ] ) ) {
951
- return $cache[ $post_id ];
952
- }
953
-
954
- global $wpdb;
955
-
956
- $post_id = (int) $post_id;
957
-
958
- $where = 'WHERE 1=1';
959
- if ( $post_id > 0 ) {
960
- $where .= $wpdb->prepare( ' AND comment_post_ID = %d', $post_id );
961
- }
962
-
963
- if ( ! empty( $exclude_posts ) ) {
964
- $exclude_string = implode( ',', $exclude_posts );
965
- $where .= ' AND comment_post_ID NOT IN ( ' . $exclude_string . ' )';
966
- }
967
-
968
- $totals = (array) $wpdb->get_results(
969
- "
970
- SELECT comment_approved, COUNT( * ) AS total
971
- FROM {$wpdb->comments}
972
- {$where}
973
- GROUP BY comment_approved
974
- ",
975
- ARRAY_A
976
- );
977
-
978
- $comment_count = array(
979
- 'approved' => 0,
980
- 'awaiting_moderation' => 0,
981
- 'spam' => 0,
982
- 'trash' => 0,
983
- 'post-trashed' => 0,
984
- 'total_comments' => 0,
985
- 'all' => 0,
986
- );
987
-
988
- foreach ( $totals as $row ) {
989
- switch ( $row['comment_approved'] ) {
990
- case 'trash':
991
- $comment_count['trash'] = $row['total'];
992
- break;
993
- case 'post-trashed':
994
- $comment_count['post-trashed'] = $row['total'];
995
- break;
996
- case 'spam':
997
- $comment_count['spam'] = $row['total'];
998
- $comment_count['total_comments'] += $row['total'];
999
- break;
1000
- case '1':
1001
- $comment_count['approved'] = $row['total'];
1002
- $comment_count['total_comments'] += $row['total'];
1003
- $comment_count['all'] += $row['total'];
1004
- break;
1005
- case '0':
1006
- $comment_count['awaiting_moderation'] = $row['total'];
1007
- $comment_count['total_comments'] += $row['total'];
1008
- $comment_count['all'] += $row['total'];
1009
- break;
1010
- default:
1011
- break;
1012
- }
1013
- }
1014
-
1015
- $comment_count = array_map( 'intval', $comment_count );
1016
- $cache[ $post_id ] = $comment_count;
1017
-
1018
- return $comment_count;
1019
- }
1020
-
1021
-
1022
- /**
1023
- * Disable comments if user has not permission to access this post
1024
- *
1025
- * @param mixed $open
1026
- * @param int $post_id
1027
- * @return boolean
1028
- */
1029
- function disable_comments_open( $open, $post_id ) {
1030
- if ( current_user_can( 'administrator' ) ) {
1031
- return $open;
1032
- }
1033
-
1034
- static $cache = array();
1035
-
1036
- if ( isset( $cache[ $post_id ] ) ) {
1037
- return $cache[ $post_id ] ? $open : false;
1038
- }
1039
-
1040
- if ( ! $this->is_restricted( $post_id ) ) {
1041
- $cache[ $post_id ] = $open;
1042
- return $open;
1043
- }
1044
-
1045
- $open = false;
1046
-
1047
- $cache[ $post_id ] = $open;
1048
- return $open;
1049
- }
1050
-
1051
-
1052
- /**
1053
- * Disable comments if user has not permission to access this post
1054
- *
1055
- * @param int $count
1056
- * @param int $post_id
1057
- * @return boolean
1058
- */
1059
- function disable_comments_open_number( $count, $post_id ) {
1060
- if ( current_user_can( 'administrator' ) ) {
1061
- return $count;
1062
- }
1063
-
1064
- static $cache_number = array();
1065
-
1066
- if ( isset( $cache_number[ $post_id ] ) ) {
1067
- return $cache_number[ $post_id ];
1068
- }
1069
-
1070
- if ( ! $this->is_restricted( $post_id ) ) {
1071
- $cache_number[ $post_id ] = $count;
1072
- return $count;
1073
- }
1074
-
1075
- $count = 0;
1076
-
1077
- $cache_number[ $post_id ] = $count;
1078
- return $count;
1079
- }
1080
-
1081
-
1082
- /**
1083
- * Protect Post Types in menu query
1084
- * Restrict content new logic
1085
- * @param $menu_items
1086
- * @param $args
1087
- * @return array
1088
- */
1089
- function filter_menu( $menu_items, $args ) {
1090
- //if empty
1091
- if ( empty( $menu_items ) ) {
1092
- return $menu_items;
1093
- }
1094
-
1095
- if ( current_user_can( 'administrator' ) ) {
1096
- return $menu_items;
1097
- }
1098
-
1099
- $filtered_items = array();
1100
-
1101
- //other filter
1102
- foreach ( $menu_items as $menu_item ) {
1103
- if ( ! empty( $menu_item->object_id ) && ! empty( $menu_item->object ) ) {
1104
- if ( isset( $menu_item->type ) && 'taxonomy' === $menu_item->type ) {
1105
- if ( ! $this->is_restricted_term( $menu_item->object_id ) ) {
1106
- $filtered_items[] = $menu_item;
1107
- continue;
1108
- }
1109
- } elseif ( isset( $menu_item->type ) && 'post_type' === $menu_item->type ) {
1110
- if ( ! $this->is_restricted( $menu_item->object_id ) ) {
1111
- $filtered_items[] = $menu_item;
1112
- continue;
1113
- } else {
1114
- $restriction_settings = $this->get_post_privacy_settings( $menu_item->object_id );
1115
- if ( UM()->options()->get( 'disable_restriction_pre_queries' ) || empty( $restriction_settings['_um_access_hide_from_queries'] ) ) {
1116
- $filtered_items[] = $menu_item;
1117
- continue;
1118
- }
1119
- }
1120
- } elseif ( isset( $menu_item->type ) && 'custom' === $menu_item->type ) {
1121
- $filtered_items[] = $menu_item;
1122
- continue;
1123
- } else {
1124
- $filtered_items[] = $menu_item;
1125
- continue;
1126
- }
1127
- } else {
1128
- //add all other posts
1129
- $filtered_items[] = $menu_item;
1130
- }
1131
- }
1132
-
1133
- return $filtered_items;
1134
- }
1135
-
1136
-
1137
- /**
1138
- * @param $block_content
1139
- * @param $block
1140
- *
1141
- * @return string
1142
- */
1143
- function restrict_blocks( $block_content, $block ) {
1144
- if ( is_admin() ) {
1145
- return $block_content;
1146
- }
1147
-
1148
- $restricted_blocks = UM()->options()->get( 'restricted_blocks' );
1149
- if ( empty( $restricted_blocks ) ) {
1150
- return $block_content;
1151
- }
1152
-
1153
- if ( is_user_logged_in() && current_user_can( 'administrator' ) ) {
1154
- return $block_content;
1155
- }
1156
-
1157
- if ( ! isset( $block['attrs']['um_is_restrict'] ) || $block['attrs']['um_is_restrict'] !== true ) {
1158
- return $block_content;
1159
- }
1160
-
1161
- if ( empty( $block['attrs']['um_who_access'] ) ) {
1162
- return $block_content;
1163
- }
1164
-
1165
- $default_message = UM()->options()->get( 'restricted_block_message' );
1166
- switch ( $block['attrs']['um_who_access'] ) {
1167
- case '1': {
1168
- if ( ! is_user_logged_in() ) {
1169
- $block_content = '';
1170
- if ( isset( $block['attrs']['um_message_type'] ) ) {
1171
- if ( $block['attrs']['um_message_type'] == '1' ) {
1172
- $block_content = $default_message;
1173
- } elseif ( $block['attrs']['um_message_type'] == '2' ) {
1174
- $block_content = $block['attrs']['um_message_content'];
1175
- }
1176
- }
1177
- } else {
1178
- $display = true;
1179
-
1180
- // What roles can access this content?
1181
- if ( ! empty( $block['attrs']['um_roles_access'] ) ) {
1182
- $display = false;
1183
- foreach ( $block['attrs']['um_roles_access'] as $role ) {
1184
- if ( current_user_can( $role ) ) {
1185
- $display = true;
1186
- }
1187
- }
1188
- }
1189
-
1190
- $display = apply_filters( 'um_loggedin_block_restriction', $display, $block );
1191
-
1192
- if ( ! $display ) {
1193
- $block_content = '';
1194
- if ( isset( $block['attrs']['um_message_type'] ) ) {
1195
- if ( $block['attrs']['um_message_type'] == '1' ) {
1196
- $block_content = $default_message;
1197
- } elseif ( $block['attrs']['um_message_type'] == '2' ) {
1198
- $block_content = $block['attrs']['um_message_content'];
1199
- }
1200
- }
1201
- }
1202
- }
1203
- break;
1204
- }
1205
- case '2': {
1206
- if ( is_user_logged_in() ) {
1207
- $block_content = '';
1208
- if ( isset( $block['attrs']['um_message_type'] ) ) {
1209
- if ( $block['attrs']['um_message_type'] == '1' ) {
1210
- $block_content = $default_message;
1211
- } elseif ( $block['attrs']['um_message_type'] == '2' ) {
1212
- $block_content = $block['attrs']['um_message_content'];
1213
- }
1214
- }
1215
- }
1216
- break;
1217
- }
1218
- }
1219
-
1220
- return $block_content;
1221
- }
1222
-
1223
-
1224
- /**
1225
- * Protect Post Types in query
1226
- * Restrict content new logic
1227
- *
1228
- * @param $posts
1229
- * @param \WP_Query $query
1230
- * @return array
1231
- */
1232
- function filter_protected_posts( $posts, $query ) {
1233
- if ( current_user_can( 'administrator' ) ) {
1234
- return $posts;
1235
- }
1236
-
1237
- //Woocommerce AJAX fixes....remove filtration on wc-ajax which goes to Front Page
1238
- if ( ! empty( $_GET['wc-ajax'] ) && defined( 'WC_DOING_AJAX' ) && WC_DOING_AJAX ) {
1239
- return $posts;
1240
- }
1241
-
1242
- //if empty
1243
- if ( empty( $posts ) || is_admin() ) {
1244
- return $posts;
1245
- }
1246
-
1247
- if ( is_object( $query ) ) {
1248
- $is_singular = $query->is_singular();
1249
- } else {
1250
- $is_singular = ! empty( $query->is_singular ) ? true : false;
1251
- }
1252
-
1253
- if ( is_object( $query ) && is_a( $query, '\WP_Query' ) &&
1254
- ( $query->is_main_query() || ! empty( $query->query_vars['um_main_query'] ) ) ) {
1255
- if ( $is_singular ) {
1256
- if ( ! UM()->options()->get( 'disable_restriction_pre_queries' ) && $this->is_restricted( $posts[0]->ID ) ) {
1257
- $content_restriction = $this->get_post_privacy_settings( $posts[0]->ID );
1258
- if ( ! empty( $content_restriction['_um_access_hide_from_queries'] ) ) {
1259
- unset( $posts[0] );
1260
- return $posts;
1261
- }
1262
- }
1263
- }
1264
- }
1265
-
1266
- $filtered_posts = array();
1267
-
1268
- //other filter
1269
- foreach ( $posts as $post ) {
1270
- if ( is_user_logged_in() && isset( $post->post_author ) && $post->post_author == get_current_user_id() ) {
1271
- $filtered_posts[] = $post;
1272
- continue;
1273
- }
1274
-
1275
- $restriction = $this->get_post_privacy_settings( $post );
1276
- if ( ! $restriction ) {
1277
- $filtered_posts[] = $post;
1278
- continue;
1279
- }
1280
-
1281
- if ( $is_singular ) {
1282
- $this->singular_page = true;
1283
- }
1284
-
1285
- if ( ! $this->is_restricted( $post->ID ) ) {
1286
- $filtered_posts[] = $post;
1287
- continue;
1288
- } else {
1289
- if ( $is_singular ) {
1290
- if ( ! isset( $restriction['_um_noaccess_action'] ) || '0' == $restriction['_um_noaccess_action'] ) {
1291
- if ( UM()->options()->get( 'disable_restriction_pre_queries' ) || empty( $restriction['_um_access_hide_from_queries'] ) ) {
1292
- /**
1293
- * UM hook
1294
- *
1295
- * @type action
1296
- * @title um_access_fix_external_post_content
1297
- * @description Hook for 3-d party content filtration
1298
- * @change_log
1299
- * ["Since: 2.0"]
1300
- * @usage add_action( 'um_access_fix_external_post_content', 'function_name', 10 );
1301
- * @example
1302
- * <?php
1303
- * add_action( 'um_access_fix_external_post_content', 'my_access_fix_external_post_content', 10 );
1304
- * function my_access_fix_external_post_content() {
1305
- * // your code here
1306
- * }
1307
- * ?>
1308
- */
1309
- do_action( 'um_access_fix_external_post_content' );
1310
-
1311
- $filtered_posts[] = $post;
1312
- continue;
1313
- }
1314
- } elseif ( '1' == $restriction['_um_noaccess_action'] ) {
1315
- $curr = UM()->permalinks()->get_current_url();
1316
-
1317
- if ( ! isset( $restriction['_um_access_redirect'] ) || '0' == $restriction['_um_access_redirect'] ) {
1318
-
1319
- exit( wp_redirect( esc_url( add_query_arg( 'redirect_to', urlencode_deep( $curr ), um_get_core_page( 'login' ) ) ) ) );
1320
-
1321
- } elseif ( '1' == $restriction['_um_access_redirect'] ) {
1322
-
1323
- if ( ! empty( $restriction['_um_access_redirect_url'] ) ) {
1324
- $redirect = $restriction['_um_access_redirect_url'];
1325
- } else {
1326
- $redirect = esc_url( add_query_arg( 'redirect_to', urlencode_deep( $curr ), um_get_core_page( 'login' ) ) );
1327
- }
1328
-
1329
- exit( wp_redirect( $redirect ) );
1330
- }
1331
- }
1332
- } else {
1333
- if ( UM()->options()->get( 'disable_restriction_pre_queries' ) || empty( $restriction['_um_access_hide_from_queries'] ) ) {
1334
- $filtered_posts[] = $post;
1335
- continue;
1336
- }
1337
- }
1338
- }
1339
- }
1340
-
1341
- return $filtered_posts;
1342
- }
1343
-
1344
-
1345
- /**
1346
- * Set custom access actions and redirection
1347
- *
1348
- * Old global restrict content logic
1349
- */
1350
- function template_redirect() {
1351
- global $post, $wp_query;
1352
-
1353
- //if we logged by administrator it can access to all content
1354
- if ( current_user_can( 'administrator' ) ) {
1355
- return;
1356
- }
1357
-
1358
- if ( is_object( $wp_query ) ) {
1359
- $is_singular = $wp_query->is_singular();
1360
- } else {
1361
- $is_singular = ! empty( $wp_query->is_singular ) ? true : false;
1362
- }
1363
-
1364
- //if we use individual restrict content options skip this function
1365
- if ( $is_singular && $this->singular_page ) {
1366
- return;
1367
- }
1368
-
1369
- //also skip if we currently at wp-admin or 404 page
1370
- if ( is_admin() || is_404() ) {
1371
- return;
1372
- }
1373
-
1374
- //also skip if we currently at UM Register|Login|Reset Password pages
1375
- if ( um_is_core_post( $post, 'register' ) ||
1376
- um_is_core_post( $post, 'password-reset' ) ||
1377
- um_is_core_post( $post, 'login' ) ) {
1378
- return;
1379
- }
1380
-
1381
- /**
1382
- * UM hook
1383
- *
1384
- * @type action
1385
- * @title um_roles_add_meta_boxes_um_role_meta
1386
- * @description Check terms individual restrict options
1387
- * @change_log
1388
- * ["Since: 2.0"]
1389
- * @usage add_action( 'um_access_check_individual_term_settings', 'function_name', 10 );
1390
- * @example
1391
- * <?php
1392
- * add_action( 'um_access_check_individual_term_settings', 'my_access_check_individual_term_settings', 10 );
1393
- * function my_access_check_individual_term_settings() {
1394
- * // your code here
1395
- * }
1396
- * ?>
1397
- */
1398
- do_action( 'um_access_check_individual_term_settings' );
1399
- //exit from function if term page is accessible
1400
- if ( $this->check_access() ) {
1401
- return;
1402
- }
1403
-
1404
- /**
1405
- * UM hook
1406
- *
1407
- * @type action
1408
- * @title um_access_check_global_settings
1409
- * @description Check global restrict content options
1410
- * @change_log
1411
- * ["Since: 2.0"]
1412
- * @usage add_action( 'um_access_check_global_settings', 'function_name', 10 );
1413
- * @example
1414
- * <?php
1415
- * add_action( 'um_access_check_global_settings', 'my_access_check_global_settings', 10 );
1416
- * function my_access_check_global_settings() {
1417
- * // your code here
1418
- * }
1419
- * ?>
1420
- */
1421
- do_action( 'um_access_check_global_settings' );
1422
-
1423
- $this->check_access();
1424
- }
1425
-
1426
-
1427
- /**
1428
- * Check individual term Content Restriction settings
1429
- */
1430
- function um_access_check_individual_term_settings() {
1431
- //check only tax|tags|categories - skip archive, author, and date lists
1432
- if ( ! ( is_tax() || is_tag() || is_category() ) ) {
1433
- return;
1434
- }
1435
-
1436
- $term_id = null;
1437
- if ( is_tag() ) {
1438
- $term_id = get_query_var( 'tag_id' );
1439
- } elseif ( is_category() ) {
1440
- $term_id = get_query_var( 'cat' );
1441
- } elseif ( is_tax() ) {
1442
- $tax_name = get_query_var( 'taxonomy' );
1443
-
1444
- $term_name = get_query_var( 'term' );
1445
- $term = get_term_by( 'slug', $term_name, $tax_name );
1446
-
1447
- $term_id = ! empty( $term->term_id ) ? $term->term_id : $term_id;
1448
- }
1449
-
1450
- if ( ! isset( $term_id ) ) {
1451
- return;
1452
- }
1453
-
1454
- if ( $this->is_restricted_term( $term_id, true ) ) {
1455
- $restriction = get_term_meta( $term_id, 'um_content_restriction', true );
1456
- if ( '1' == $restriction['_um_noaccess_action'] ) {
1457
- $curr = UM()->permalinks()->get_current_url();
1458
-
1459
- if ( ! isset( $restriction['_um_access_redirect'] ) || '0' == $restriction['_um_access_redirect'] ) {
1460
-
1461
- $this->redirect_handler = $this->set_referer( esc_url( add_query_arg( 'redirect_to', urlencode_deep( $curr ), um_get_core_page( 'login' ) ) ), 'individual_term' );
1462
-
1463
- } elseif ( '1' == $restriction['_um_access_redirect'] ) {
1464
-
1465
- if ( ! empty( $restriction['_um_access_redirect_url'] ) ) {
1466
- $redirect = $restriction['_um_access_redirect_url'];
1467
- } else {
1468
- $redirect = esc_url( add_query_arg( 'redirect_to', urlencode_deep( $curr ), um_get_core_page( 'login' ) ) );
1469
- }
1470
-
1471
- $this->redirect_handler = $this->set_referer( $redirect, 'individual_term' );
1472
-
1473
- }
1474
- } else {
1475
- add_filter( 'tag_template', array( &$this, 'taxonomy_message' ), 10, 3 );
1476
- add_filter( 'archive_template', array( &$this, 'taxonomy_message' ), 10, 3 );
1477
- add_filter( 'category_template', array( &$this, 'taxonomy_message' ), 10, 3 );
1478
- add_filter( 'taxonomy_template', array( &$this, 'taxonomy_message' ), 10, 3 );
1479
- }
1480
- }
1481
- }
1482
-
1483
-
1484
- /**
1485
- * @param $template
1486
- * @param $type
1487
- * @param $templates
1488
- *
1489
- * @return string
1490
- */
1491
- function taxonomy_message( $template, $type, $templates ) {
1492
- return UM()->locate_template( 'restricted-taxonomy.php' );
1493
- }
1494
-
1495
-
1496
- /**
1497
- * Check global accessible settings
1498
- */
1499
- function um_access_check_global_settings() {
1500
- global $post;
1501
-
1502
- $curr = UM()->permalinks()->get_current_url();
1503
- $ms_empty_role_access = is_multisite() && is_user_logged_in() && ! UM()->roles()->get_priority_user_role( um_user( 'ID' ) );
1504
-
1505
- if ( is_front_page() ) {
1506
- if ( is_user_logged_in() && ! $ms_empty_role_access ) {
1507
-
1508
- $user_default_homepage = um_user( 'default_homepage' );
1509
- if ( ! empty( $user_default_homepage ) ) {
1510
- return;
1511
- }
1512
-
1513
- $redirect_homepage = um_user( 'redirect_homepage' );
1514
- /**
1515
- * UM hook
1516
- *
1517
- * @type filter
1518
- * @title um_custom_homepage_redirect_url
1519
- * @description Change custom homepage redirect
1520
- * @input_vars
1521
- * [{"var":"$url","type":"string","desc":"Redirect URL"},
1522
- * {"var":"$id","type":"int","desc":"User ID"}]
1523
- * @change_log
1524
- * ["Since: 2.0"]
1525
- * @usage
1526
- * <?php add_filter( 'um_custom_homepage_redirect_url', 'function_name', 10, 2 ); ?>
1527
- * @example
1528
- * <?php
1529
- * add_filter( 'um_custom_homepage_redirect_url', 'my_custom_homepage_redirect_url', 10, 2 );
1530
- * function my_custom_homepage_redirect_url( $url, $id ) {
1531
- * // your code here
1532
- * return $url;
1533
- * }
1534
- * ?>
1535
- */
1536
- $redirect_homepage = apply_filters( 'um_custom_homepage_redirect_url', $redirect_homepage, um_user( 'ID' ) );
1537
- $redirect_to = ! empty( $redirect_homepage ) ? $redirect_homepage : um_get_core_page( 'user' );
1538
- $this->redirect_handler = $this->set_referer( esc_url( add_query_arg( 'redirect_to', urlencode_deep( $curr ), $redirect_to ) ), 'custom_homepage' );
1539
-
1540
- } else {
1541
- $access = UM()->options()->get( 'accessible' );
1542
-
1543
- if ( $access == 2 ) {
1544
- //global settings for accessible home page
1545
- $home_page_accessible = UM()->options()->get( 'home_page_accessible' );
1546
-
1547
- if ( $home_page_accessible == 0 ) {
1548
- //get redirect URL if not set get login page by default
1549
- $redirect = UM()->options()->get( 'access_redirect' );
1550
- if ( ! $redirect ) {
1551
- $redirect = um_get_core_page( 'login' );
1552
- }
1553
-
1554
- $this->redirect_handler = $this->set_referer( esc_url( add_query_arg( 'redirect_to', urlencode_deep( $curr ), $redirect ) ), 'global' );
1555
- } else {
1556
- $this->allow_access = true;
1557
- return;
1558
- }
1559
- }
1560
- }
1561
- } elseif ( is_category() ) {
1562
- if ( ! is_user_logged_in() || $ms_empty_role_access ) {
1563
-
1564
- $access = UM()->options()->get( 'accessible' );
1565
-
1566
- if ( $access == 2 ) {
1567
- //global settings for accessible home page
1568
- $category_page_accessible = UM()->options()->get( 'category_page_accessible' );
1569
- if ( $category_page_accessible == 0 ) {
1570
- //get redirect URL if not set get login page by default
1571
- $redirect = UM()->options()->get( 'access_redirect' );
1572
- if ( ! $redirect ) {
1573
- $redirect = um_get_core_page( 'login' );
1574
- }
1575
-
1576
- $this->redirect_handler = $this->set_referer( esc_url( add_query_arg( 'redirect_to', urlencode_deep( $curr ), $redirect ) ), 'global' );
1577
- } else {
1578
- $this->allow_access = true;
1579
- return;
1580
- }
1581
- }
1582
- }
1583
- }
1584
-
1585
- $access = UM()->options()->get( 'accessible' );
1586
-
1587
- if ( $access == 2 && ( ! is_user_logged_in() || $ms_empty_role_access ) ) {
1588
-
1589
- //build exclude URLs pages
1590
- $redirects = array();
1591
- $redirects[] = trim( untrailingslashit( UM()->options()->get( 'access_redirect' ) ) );
1592
-
1593
- $exclude_uris = UM()->options()->get( 'access_exclude_uris' );
1594
- if ( ! empty( $exclude_uris ) ) {
1595
- $exclude_uris = array_map( 'trim', $exclude_uris );
1596
- $redirects = array_merge( $redirects, $exclude_uris );
1597
- }
1598
-
1599
- $redirects = array_unique( $redirects );
1600
-
1601
- $current_url = UM()->permalinks()->get_current_url( get_option( 'permalink_structure' ) );
1602
- $current_url = untrailingslashit( $current_url );
1603
- $current_url_slash = trailingslashit( $current_url );
1604
-
1605
- if ( ! ( isset( $post->ID ) && ( in_array( $current_url, $redirects ) || in_array( $current_url_slash, $redirects ) ) ) ) {
1606
- //if current page not in exclude URLs
1607
- //get redirect URL if not set get login page by default
1608
- $redirect = UM()->options()->get( 'access_redirect' );
1609
- if ( ! $redirect ) {
1610
- $redirect = um_get_core_page( 'login' );
1611
- }
1612
-
1613
- $this->redirect_handler = $this->set_referer( esc_url( add_query_arg( 'redirect_to', urlencode_deep( $curr ), $redirect ) ), 'global' );
1614
- } else {
1615
- $this->redirect_handler = false;
1616
- $this->allow_access = true;
1617
- }
1618
- }
1619
- }
1620
-
1621
-
1622
- /**
1623
- * Check access
1624
- *
1625
- * @return bool
1626
- */
1627
- function check_access() {
1628
- if ( $this->allow_access === true ) {
1629
- return true;
1630
- }
1631
-
1632
- if ( $this->redirect_handler ) {
1633
- wp_redirect( $this->redirect_handler );
1634
- exit;
1635
- }
1636
-
1637
- return false;
1638
- }
1639
-
1640
-
1641
- /**
1642
- * Sets a custom access referer in a redirect URL
1643
- *
1644
- * @param string $url
1645
- * @param string $referer
1646
- *
1647
- * @return string
1648
- */
1649
- function set_referer( $url, $referer ) {
1650
-
1651
- /**
1652
- * UM hook
1653
- *
1654
- * @type filter
1655
- * @title um_access_enable_referer
1656
- * @description Access Referrer Enable/Disable
1657
- * @input_vars
1658
- * [{"var":"$referrer","type":"bool","desc":"Access referrer"}]
1659
- * @change_log
1660
- * ["Since: 2.0"]
1661
- * @usage add_filter( 'um_access_enable_referer', 'function_name', 10, 1 );
1662
- * @example
1663
- * <?php
1664
- * add_filter( 'um_access_enable_referer', 'my_access_enable_referer', 10, 1 );
1665
- * function my_access_enable_referer( $referrer ) {
1666
- * // your code here
1667
- * return $referrer;
1668
- * }
1669
- * ?>
1670
- */
1671
- $enable_referer = apply_filters( 'um_access_enable_referer', false );
1672
- if ( ! $enable_referer ) {
1673
- return $url;
1674
- }
1675
-
1676
- $url = add_query_arg( 'um_ref', $referer, $url );
1677
- return $url;
1678
- }
1679
-
1680
-
1681
- /**
1682
- * Get privacy settings for post
1683
- * return false if post is not private
1684
- * Restrict content new logic
1685
- *
1686
- * @param \WP_Post|int $post Post ID or object
1687
- * @return bool|array
1688
- */
1689
- function get_post_privacy_settings( $post ) {
1690
- // break for incorrect post
1691
- if ( empty( $post ) ) {
1692
- return false;
1693
- }
1694
-
1695
- static $cache = array();
1696
-
1697
- $cache_key = is_numeric( $post ) ? $post : $post->ID;
1698
-
1699
- if ( isset( $cache[ $cache_key ] ) ) {
1700
- return $cache[ $cache_key ];
1701
- }
1702
-
1703
- if ( is_numeric( $post ) ) {
1704
- $post = get_post( $post );
1705
- }
1706
-
1707
- //if logged in administrator all pages are visible
1708
- if ( current_user_can( 'administrator' ) ) {
1709
- $cache[ $cache_key ] = false;
1710
- return false;
1711
- }
1712
-
1713
- $exclude = false;
1714
- //exclude from privacy UM default pages (except Members list and User(Profile) page)
1715
- if ( ! empty( $post->post_type ) && $post->post_type === 'page' ) {
1716
-
1717
- if ( um_is_core_post( $post, 'login' ) || um_is_core_post( $post, 'register' ) ||
1718
- um_is_core_post( $post, 'account' ) || um_is_core_post( $post, 'logout' ) ||
1719
- um_is_core_post( $post, 'password-reset' ) || ( is_user_logged_in() && um_is_core_post( $post, 'user' ) ) )
1720
- $exclude = true;
1721
- }
1722
-
1723
- $exclude = apply_filters( 'um_exclude_posts_from_privacy', $exclude, $post );
1724
- if ( $exclude ) {
1725
- $cache[ $cache_key ] = false;
1726
- return false;
1727
- }
1728
-
1729
- $restricted_posts = UM()->options()->get( 'restricted_access_post_metabox' );
1730
-
1731
- if ( ! empty( $post->post_type ) && ! empty( $restricted_posts[ $post->post_type ] ) ) {
1732
- $restriction = get_post_meta( $post->ID, 'um_content_restriction', true );
1733
-
1734
- if ( ! empty( $restriction['_um_custom_access_settings'] ) ) {
1735
- if ( ! isset( $restriction['_um_accessible'] ) ) {
1736
- $restricted_taxonomies = UM()->options()->get( 'restricted_access_taxonomy_metabox' );
1737
-
1738
- //get all taxonomies for current post type
1739
- $taxonomies = get_object_taxonomies( $post );
1740
-
1741
- //get all post terms
1742
- $terms = array();
1743
- if ( ! empty( $taxonomies ) ) {
1744
- foreach ( $taxonomies as $taxonomy ) {
1745
- if ( empty( $restricted_taxonomies[ $taxonomy ] ) ) {
1746
- continue;
1747
- }
1748
-
1749
- $terms = array_merge( $terms, wp_get_post_terms( $post->ID, $taxonomy, array( 'fields' => 'ids', 'um_ignore_exclude' => true, ) ) );
1750
- }
1751
- }
1752
-
1753
- //get restriction options for first term with privacy settigns
1754
- foreach ( $terms as $term_id ) {
1755
- $restriction = get_term_meta( $term_id, 'um_content_restriction', true );
1756
-
1757
- if ( ! empty( $restriction['_um_custom_access_settings'] ) ) {
1758
- if ( ! isset( $restriction['_um_accessible'] ) ) {
1759
- continue;
1760
- } else {
1761
- $cache[ $cache_key ] = $restriction;
1762
- return $restriction;
1763
- }
1764
- }
1765
- }
1766
-
1767
- $cache[ $cache_key ] = false;
1768
- return false;
1769
- } else {
1770
-
1771
- // set default redirect if Profile page is restricted for not-logged in users and showing message instead of redirect
1772
- // this snippet was added to make the same action for {site_url}/user and {site_url}/user/{user_slug} URLs
1773
- // by default {site_url}/user is redirected to Homepage in rewrite rules because hasn't found username in query when user is not logged in
1774
- if ( ! is_user_logged_in() && um_is_core_post( $post, 'user' ) && $restriction['_um_accessible'] == '2' && $restriction['_um_noaccess_action'] == '0' ) {
1775
- if ( isset( $restriction['_um_access_roles'] ) ) {
1776
- $restriction = array(
1777
- '_um_accessible' => '2',
1778
- '_um_access_roles' => $restriction['_um_access_roles'],
1779
- '_um_noaccess_action' => '1',
1780
- '_um_access_redirect' => '1',
1781
- '_um_access_redirect_url' => get_home_url( get_current_blog_id() )
1782
- );
1783
- } else {
1784
- $restriction = array(
1785
- '_um_accessible' => '2',
1786
- '_um_noaccess_action' => '1',
1787
- '_um_access_redirect' => '1',
1788
- '_um_access_redirect_url' => get_home_url( get_current_blog_id() )
1789
- );
1790
- }
1791
- }
1792
-
1793
- $restriction = apply_filters( 'um_post_content_restriction_settings', $restriction, $post );
1794
-
1795
- $cache[ $cache_key ] = $restriction;
1796
- return $restriction;
1797
- }
1798
- }
1799
- }
1800
-
1801
- //post hasn't privacy settings....check all terms of this post
1802
- $restricted_taxonomies = UM()->options()->get( 'restricted_access_taxonomy_metabox' );
1803
-
1804
- //get all taxonomies for current post type
1805
- $taxonomies = get_object_taxonomies( $post );
1806
-
1807
- //get all post terms
1808
- $terms = array();
1809
- if ( ! empty( $taxonomies ) ) {
1810
- foreach ( $taxonomies as $taxonomy ) {
1811
- if ( empty( $restricted_taxonomies[ $taxonomy ] ) ) {
1812
- continue;
1813
- }
1814
-
1815
- $terms = array_merge( $terms, wp_get_post_terms( $post->ID, $taxonomy, array( 'fields' => 'ids', 'um_ignore_exclude' => true, ) ) );
1816
- }
1817
- }
1818
-
1819
- //get restriction options for first term with privacy settings
1820
- foreach ( $terms as $term_id ) {
1821
- $restriction = get_term_meta( $term_id, 'um_content_restriction', true );
1822
-
1823
- if ( ! empty( $restriction['_um_custom_access_settings'] ) ) {
1824
- if ( ! isset( $restriction['_um_accessible'] ) ) {
1825
- continue;
1826
- } else {
1827
- $cache[ $cache_key ] = $restriction;
1828
- return $restriction;
1829
- }
1830
- }
1831
- }
1832
-
1833
- $cache[ $cache_key ] = false;
1834
- //post is public
1835
- return false;
1836
- }
1837
-
1838
-
1839
- /**
1840
- * Helper for checking if the user can some of the roles array
1841
- *
1842
- * @param $user_id
1843
- * @param $roles
1844
- * @return bool
1845
- */
1846
- function user_can( $user_id, $roles ) {
1847
- $user_can = false;
1848
-
1849
- if ( ! empty( $roles ) ) {
1850
- foreach ( $roles as $key => $value ) {
1851
- if ( ! empty( $value ) && user_can( $user_id, $key ) ) {
1852
- $user_can = true;
1853
- break;
1854
- }
1855
- }
1856
- }
1857
-
1858
- return $user_can;
1859
- }
1860
-
1861
-
1862
- /**
1863
- * Helper for 3rd-party integrations with content restriction settings
1864
- *
1865
- * @param array $restriction
1866
- *
1867
- * @return bool
1868
- */
1869
- function um_custom_restriction( $restriction ) {
1870
- /**
1871
- * UM hook
1872
- *
1873
- * @type filter
1874
- * @title um_custom_restriction
1875
- * @description Extend Sort Types for Member Directory
1876
- * @input_vars
1877
- * [{"var":"$custom_restriction","type":"bool","desc":"Custom Restriction"},
1878
- * {"var":"$restriction","type":"array","desc":"Restriction settings"}]
1879
- * @change_log
1880
- * ["Since: 2.0"]
1881
- * @usage add_filter( 'um_custom_restriction', 'function_name', 10, 2 );
1882
- * @example
1883
- * <?php
1884
- * add_filter( 'um_custom_restriction', 'my_custom_restriction', 10, 2 );
1885
- * function my_directory_sort_users_select( $custom_restriction, $restriction ) {
1886
- * // your code here
1887
- * return $custom_restriction;
1888
- * }
1889
- * ?>
1890
- */
1891
- return apply_filters( 'um_custom_restriction', true, $restriction );
1892
- }
1893
-
1894
-
1895
- /**
1896
- * Is post restricted?
1897
- *
1898
- * @param int $post_id
1899
- * @return bool
1900
- */
1901
- function is_restricted( $post_id ) {
1902
- // break for incorrect post
1903
- if ( empty( $post_id ) ) {
1904
- return false;
1905
- }
1906
-
1907
- static $cache = array();
1908
-
1909
- if ( isset( $cache[ $post_id ] ) ) {
1910
- return $cache[ $post_id ];
1911
- }
1912
-
1913
- if ( current_user_can( 'administrator' ) ) {
1914
- $cache[ $post_id ] = false;
1915
- return false;
1916
- }
1917
-
1918
- $post = get_post( $post_id );
1919
- if ( is_user_logged_in() && isset( $post->post_author ) && $post->post_author == get_current_user_id() ) {
1920
- $cache[ $post_id ] = false;
1921
- return false;
1922
- }
1923
-
1924
- $restricted = true;
1925
-
1926
- $restriction = $this->get_post_privacy_settings( $post_id );
1927
- if ( ! $restriction ) {
1928
- $restricted = false;
1929
- } else {
1930
- if ( '0' == $restriction['_um_accessible'] ) {
1931
- //post is private
1932
- $restricted = false;
1933
- } elseif ( '1' == $restriction['_um_accessible'] ) {
1934
- //if post for not logged in users and user is not logged in
1935
- if ( ! is_user_logged_in() ) {
1936
- $restricted = false;
1937
- }
1938
- } elseif ( '2' == $restriction['_um_accessible'] ) {
1939
- //if post for logged in users and user is not logged in
1940
- if ( is_user_logged_in() ) {
1941
- $custom_restrict = $this->um_custom_restriction( $restriction );
1942
-
1943
- if ( empty( $restriction['_um_access_roles'] ) || false === array_search( '1', $restriction['_um_access_roles'] ) ) {
1944
- if ( $custom_restrict ) {
1945
- $restricted = false;
1946
- }
1947
- } else {
1948
- $user_can = $this->user_can( get_current_user_id(), $restriction['_um_access_roles'] );
1949
-
1950
- if ( $user_can && $custom_restrict ) {
1951
- $restricted = false;
1952
- }
1953
- }
1954
- }
1955
- }
1956
- }
1957
-
1958
- $restricted = apply_filters( 'um_is_restricted_post', $restricted, $post_id );
1959
-
1960
- $cache[ $post_id ] = $restricted;
1961
-
1962
- return $restricted;
1963
- }
1964
-
1965
-
1966
- /**
1967
- * Is term restricted?
1968
- *
1969
- * @param int $term_id
1970
- * @param bool $on_term_page
1971
- * @return bool
1972
- */
1973
- function is_restricted_term( $term_id, $on_term_page = false ) {
1974
- static $cache = array();
1975
-
1976
- if ( isset( $cache[ $term_id ] ) ) {
1977
- return $cache[ $term_id ];
1978
- }
1979
-
1980
- if ( current_user_can( 'administrator' ) ) {
1981
- $cache[ $term_id ] = false;
1982
- return false;
1983
- }
1984
-
1985
- $restricted_taxonomies = UM()->options()->get( 'restricted_access_taxonomy_metabox' );
1986
- if ( empty( $restricted_taxonomies ) ) {
1987
- $cache[ $term_id ] = false;
1988
- return false;
1989
- }
1990
-
1991
- $term = get_term( $term_id );
1992
- if ( empty( $term->taxonomy ) || empty( $restricted_taxonomies[ $term->taxonomy ] ) ) {
1993
- $cache[ $term_id ] = false;
1994
- return false;
1995
- }
1996
-
1997
- $restricted = true;
1998
-
1999
- // $this->allow_access = true only in case if the
2000
-
2001
- $restriction = get_term_meta( $term_id, 'um_content_restriction', true );
2002
- if ( empty( $restriction ) ) {
2003
- $restricted = false;
2004
- } else {
2005
- if ( empty( $restriction['_um_custom_access_settings'] ) ) {
2006
- $restricted = false;
2007
- } else {
2008
- if ( '0' == $restriction['_um_accessible'] ) {
2009
- //term is private
2010
- $restricted = false;
2011
- if ( $on_term_page ) {
2012
- $this->allow_access = true;
2013
- }
2014
- } elseif ( '1' == $restriction['_um_accessible'] ) {
2015
- //if term for not logged in users and user is not logged in
2016
- if ( ! is_user_logged_in() ) {
2017
- $restricted = false;
2018
- if ( $on_term_page ) {
2019
- $this->allow_access = true;
2020
- }
2021
- }
2022
- } elseif ( '2' == $restriction['_um_accessible'] ) {
2023
- //if term for logged in users and user is not logged in
2024
- if ( is_user_logged_in() ) {
2025
- $custom_restrict = $this->um_custom_restriction( $restriction );
2026
-
2027
- if ( empty( $restriction['_um_access_roles'] ) || false === array_search( '1', $restriction['_um_access_roles'] ) ) {
2028
- if ( $custom_restrict ) {
2029
- $restricted = false;
2030
- if ( $on_term_page ) {
2031
- $this->allow_access = true;
2032
- }
2033
- }
2034
- } else {
2035
- $user_can = $this->user_can( get_current_user_id(), $restriction['_um_access_roles'] );
2036
-
2037
- if ( $user_can && $custom_restrict ) {
2038
- $restricted = false;
2039
- if ( $on_term_page ) {
2040
- $this->allow_access = true;
2041
- }
2042
- }
2043
- }
2044
- }
2045
- }
2046
- }
2047
- }
2048
-
2049
- $restricted = apply_filters( 'um_is_restricted_term', $restricted, $term_id, $on_term_page );
2050
-
2051
- $cache[ $term_id ] = $restricted;
2052
- return $restricted;
2053
- }
2054
- }
2055
- }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+ namespace um\core;
3
+
4
+ // Exit if accessed directly
5
+ if ( ! defined( 'ABSPATH' ) ) exit;
6
+
7
+ if ( ! class_exists( 'um\core\Access' ) ) {
8
+
9
+
10
+ /**
11
+ * Class Access
12
+ * @package um\core
13
+ */
14
+ class Access {
15
+
16
+
17
+ /**
18
+ * If true then we use individual restrict content options
19
+ * for post
20
+ *
21
+ * @var bool
22
+ */
23
+ private $singular_page;
24
+
25
+
26
+ /**
27
+ * @var bool
28
+ */
29
+ private $redirect_handler;
30
+
31
+
32
+ /**
33
+ * @var bool
34
+ */
35
+ private $allow_access;
36
+
37
+
38
+ private $ignore_exclude = false;
39
+
40
+
41
+ /**
42
+ * Access constructor.
43
+ */
44
+ function __construct() {
45
+ $this->singular_page = false;
46
+
47
+ $this->redirect_handler = false;
48
+ $this->allow_access = false;
49
+
50
+ // NEW HOOKS
51
+
52
+ // callbacks for changing terms query
53
+ add_action( 'pre_get_terms', array( &$this, 'exclude_hidden_terms_query' ), 99, 1 );
54
+
55
+ // Change recent posts widget query
56
+ add_filter( 'widget_posts_args', array( &$this, 'exclude_restricted_posts_widget' ), 99, 1 );
57
+ // Exclude pages displayed by wp_list_pages function
58
+ add_filter( 'wp_list_pages_excludes', array( &$this, 'exclude_restricted_pages' ), 10, 1 );
59
+ // Archives list change where based on restricted posts
60
+ add_filter( 'getarchives_where', array( &$this, 'exclude_restricted_posts_archives_widget' ), 99, 2 );
61
+
62
+ // Navigation line below the post content, change query to exclude restricted
63
+ add_filter( 'get_next_post_where', array( &$this, 'exclude_navigation_posts' ), 99, 5 );
64
+ add_filter( 'get_previous_post_where', array( &$this, 'exclude_navigation_posts' ), 99, 5 );
65
+
66
+ // callbacks for changing posts query
67
+ add_action( 'pre_get_posts', array( &$this, 'exclude_posts' ), 99, 1 );
68
+ add_filter( 'posts_where', array( &$this, 'exclude_posts_where' ), 10, 2 );
69
+ add_filter( 'wp_count_posts', array( &$this, 'custom_count_posts_handler' ), 99, 3 );
70
+
71
+ // change the title of the post
72
+ add_filter( 'the_title', array( &$this, 'filter_restricted_post_title' ), 10, 2 );
73
+ // change the content of the restricted post
74
+ add_filter( 'the_content', array( &$this, 'filter_restricted_post_content' ), 999999, 1 );
75
+ // change the excerpt of the restricted post
76
+ add_filter( 'get_the_excerpt', array( &$this, 'filter_restricted_post_excerpt' ), 999999, 2 );
77
+
78
+ // filter attachment
79
+ add_filter( 'wp_get_attachment_url', array( &$this, 'filter_attachment' ), 99, 2 );
80
+ add_filter( 'has_post_thumbnail', array( &$this, 'filter_post_thumbnail' ), 99, 3 );
81
+
82
+ // comments queries
83
+ add_action( 'pre_get_comments', array( &$this, 'exclude_posts_comments' ), 99, 1 );
84
+ add_filter( 'wp_count_comments', array( &$this, 'custom_comments_count_handler' ), 99, 2 );
85
+ // comments RSS
86
+ add_filter( 'comment_feed_where', array( &$this, 'exclude_posts_comments_feed' ), 99, 2 );
87
+ // Disable comments if user has not permission to access current post
88
+ add_filter( 'comments_open', array( $this, 'disable_comments_open' ), 99, 2 );
89
+ add_filter( 'get_comments_number', array( $this, 'disable_comments_open_number' ), 99, 2 );
90
+
91
+ // filter menu items
92
+ add_filter( 'wp_nav_menu_objects', array( &$this, 'filter_menu' ), 99, 2 );
93
+
94
+ // Gutenberg blocks restrictions
95
+ add_filter( 'render_block', array( $this, 'restrict_blocks' ), 10, 2 );
96
+
97
+ // there is posts (Posts/Page/CPT) filtration if site is accessible
98
+ // there also will be redirects if they need
99
+ // protect posts types
100
+ add_filter( 'the_posts', array( &$this, 'filter_protected_posts' ), 99, 2 );
101
+ // protect pages for wp_list_pages func
102
+ add_filter( 'get_pages', array( &$this, 'filter_protected_posts' ), 99, 2 );
103
+
104
+ // check the site's accessible more priority have Individual Post/Term Restriction settings
105
+ add_action( 'template_redirect', array( &$this, 'template_redirect' ), 1000 );
106
+ add_action( 'um_access_check_individual_term_settings', array( &$this, 'um_access_check_individual_term_settings' ) );
107
+ add_action( 'um_access_check_global_settings', array( &$this, 'um_access_check_global_settings' ) );
108
+
109
+ add_action( 'plugins_loaded', array( &$this, 'disable_restriction_pre_queries' ), 1 );
110
+ }
111
+
112
+
113
+ /**
114
+ * Rollback function for old business logic to avoid security enhancements with 404 errors
115
+ */
116
+ function disable_restriction_pre_queries() {
117
+ if ( ! UM()->options()->get( 'disable_restriction_pre_queries' ) ) {
118
+ return;
119
+ }
120
+
121
+ remove_action( 'pre_get_terms', array( &$this, 'exclude_hidden_terms_query' ), 99 );
122
+ remove_filter( 'widget_posts_args', array( &$this, 'exclude_restricted_posts_widget' ), 99 );
123
+ remove_filter( 'wp_list_pages_excludes', array( &$this, 'exclude_restricted_pages' ), 10 );
124
+ remove_filter( 'getarchives_where', array( &$this, 'exclude_restricted_posts_archives_widget' ), 99 );
125
+ remove_filter( 'get_next_post_where', array( &$this, 'exclude_navigation_posts' ), 99 );
126
+ remove_filter( 'get_previous_post_where', array( &$this, 'exclude_navigation_posts' ), 99 );
127
+ remove_action( 'pre_get_posts', array( &$this, 'exclude_posts' ), 99 );
128
+ remove_filter( 'posts_where', array( &$this, 'exclude_posts_where' ), 10 );
129
+ remove_filter( 'wp_count_posts', array( &$this, 'custom_count_posts_handler' ), 99 );
130
+ remove_filter( 'the_title', array( &$this, 'filter_restricted_post_title' ), 10 );
131
+ }
132
+
133
+
134
+ /**
135
+ * Get array with restricted posts
136
+ *
137
+ * @param bool $force
138
+ * @param bool|array|string $post_types
139
+ *
140
+ * @return array
141
+ */
142
+ function exclude_posts_array( $force = false, $post_types = false ) {
143
+ if ( $this->ignore_exclude ) {
144
+ return array();
145
+ }
146
+
147
+ static $cache = array();
148
+
149
+ $cache_key = $force ? 'force' : 'default';
150
+
151
+ // `force` cache contains all restricted post IDs we can get them all from cache instead new queries
152
+ $force_cache_key = '';
153
+ if ( 'default' === $cache_key ) {
154
+ $force_cache_key = 'force';
155
+ }
156
+
157
+ // make $post_types as array if string
158
+ if ( ! empty( $post_types ) ) {
159
+ $post_types = is_array( $post_types ) ? $post_types : array( $post_types );
160
+ $cache_key .= md5( serialize( $post_types ) );
161
+ if ( ! empty( $force_cache_key ) ) {
162
+ $force_cache_key .= md5( serialize( $post_types ) );
163
+ }
164
+ }
165
+
166
+ if ( array_key_exists( $cache_key, $cache ) ) {
167
+ return $cache[ $cache_key ];
168
+ }
169
+
170
+ $exclude_posts = array();
171
+ if ( current_user_can( 'administrator' ) ) {
172
+ $cache[ $cache_key ] = $exclude_posts;
173
+ return $exclude_posts;
174
+ }
175
+
176
+ // @todo using Object Cache `wp_cache_get()` `wp_cache_set()` functions
177
+
178
+ // `force` cache contains all restricted post IDs we can get them all from cache instead new queries
179
+ if ( ! empty( $force_cache_key ) && array_key_exists( $force_cache_key, $cache ) ) {
180
+ $post_ids = $cache[ $force_cache_key ];
181
+
182
+ if ( ! empty( $post_ids ) ) {
183
+ foreach ( $post_ids as $post_id ) {
184
+ $content_restriction = $this->get_post_privacy_settings( $post_id );
185
+ if ( ! empty( $content_restriction['_um_access_hide_from_queries'] ) ) {
186
+ array_push( $exclude_posts, $post_id );
187
+ }
188
+ }
189
+ }
190
+ } else {
191
+ $restricted_posts = UM()->options()->get( 'restricted_access_post_metabox' );
192
+ if ( ! empty( $restricted_posts ) ) {
193
+ $restricted_posts = array_keys( $restricted_posts );
194
+ if ( ! empty( $post_types ) ) {
195
+ $restricted_posts = array_intersect( $post_types, $restricted_posts );
196
+ }
197
+ }
198
+
199
+ if ( ! empty( $restricted_posts ) ) {
200
+ $this->ignore_exclude = true;
201
+ // exclude all posts assigned to current term without individual restriction settings
202
+ $post_ids = get_posts(
203
+ array(
204
+ 'fields' => 'ids',
205
+ 'post_status' => 'any',
206
+ 'post_type' => $restricted_posts,
207
+ 'numberposts' => -1,
208
+ 'meta_query' => array(
209
+ array(
210
+ 'key' => 'um_content_restriction',
211
+ 'compare' => 'EXISTS',
212
+ ),
213
+ ),
214
+ )
215
+ );
216
+
217
+ $this->ignore_exclude = false;
218
+ }
219
+
220
+ $post_ids = empty( $post_ids ) ? array() : $post_ids;
221
+
222
+ $restricted_taxonomies = UM()->options()->get( 'restricted_access_taxonomy_metabox' );
223
+
224
+ if ( ! empty( $restricted_taxonomies ) ) {
225
+ $restricted_taxonomies = array_keys( $restricted_taxonomies );
226
+ foreach ( $restricted_taxonomies as $k => $taxonomy ) {
227
+ if ( ! taxonomy_exists( $taxonomy ) ) {
228
+ unset( $restricted_taxonomies[ $k ] );
229
+ }
230
+ }
231
+ $restricted_taxonomies = array_values( $restricted_taxonomies );
232
+
233
+ if ( ! empty( $post_types ) ) {
234
+ $taxonomies = array();
235
+ foreach ( $post_types as $p_t ) {
236
+ $taxonomies = array_merge( $taxonomies, get_object_taxonomies( $p_t ) );
237
+ }
238
+ $restricted_taxonomies = array_intersect( $taxonomies, $restricted_taxonomies );
239
+ }
240
+ }
241
+
242
+ if ( ! empty( $restricted_taxonomies ) ) {
243
+ global $wpdb;
244
+
245
+ $terms = $wpdb->get_results(
246
+ "SELECT tm.term_id AS term_id,
247
+ tt.taxonomy AS taxonomy
248
+ FROM {$wpdb->termmeta} tm
249
+ LEFT JOIN {$wpdb->term_taxonomy} tt ON tt.term_id = tm.term_id
250
+ WHERE tm.meta_key = 'um_content_restriction' AND
251
+ tt.taxonomy IN('" . implode( "','", $restricted_taxonomies ) . "')",
252
+ ARRAY_A
253
+ );
254
+
255
+ if ( ! empty( $terms ) ) {
256
+ foreach ( $terms as $term ) {
257
+ if ( ! $this->is_restricted_term( $term['term_id'] ) ) {
258
+ continue;
259
+ }
260
+
261
+ $this->ignore_exclude = true;
262
+ // exclude all posts assigned to current term without individual restriction settings
263
+ $posts = get_posts(
264
+ array(
265
+ 'fields' => 'ids',
266
+ 'post_status' => 'any',
267
+ 'numberposts' => -1,
268
+ 'tax_query' => array(
269
+ array(
270
+ 'taxonomy' => $term['taxonomy'],
271
+ 'field' => 'id',
272
+ 'terms' => $term['term_id'],
273
+ ),
274
+ ),
275
+ 'meta_query' => array(
276
+ 'relation' => 'OR',
277
+ array(
278
+ 'relation' => 'AND',
279
+ array(
280
+ 'key' => 'um_content_restriction',
281
+ 'value' => 's:26:"_um_custom_access_settings";s:1:"1"',
282
+ 'compare' => 'NOT LIKE',
283
+ ),
284
+ array(
285
+ 'key' => 'um_content_restriction',
286
+ 'value' => 's:26:"_um_custom_access_settings";b:1',
287
+ 'compare' => 'NOT LIKE',
288
+ ),
289
+ ),
290
+ array(
291
+ 'key' => 'um_content_restriction',
292
+ 'compare' => 'NOT EXISTS',
293
+ ),
294
+ ),
295
+ )
296
+ );
297
+ $this->ignore_exclude = false;
298
+
299
+ if ( empty( $posts ) ) {
300
+ continue;
301
+ }
302
+
303
+ $post_ids = array_merge( $post_ids, $posts );
304
+ }
305
+ }
306
+ }
307
+
308
+ if ( ! empty( $post_ids ) ) {
309
+ $post_ids = array_unique( $post_ids );
310
+
311
+ foreach ( $post_ids as $post_id ) {
312
+ // handle every post privacy setting based on post type maybe it's inactive for now
313
+ // if individual restriction is enabled then get post terms restriction settings
314
+ if ( $this->is_restricted( $post_id ) ) {
315
+ if ( true === $force ) {
316
+ array_push( $exclude_posts, $post_id );
317
+ } else {
318
+ $content_restriction = $this->get_post_privacy_settings( $post_id );
319
+ if ( ! empty( $content_restriction['_um_access_hide_from_queries'] ) ) {
320
+ array_push( $exclude_posts, $post_id );
321
+ }
322
+ }
323
+ }
324
+ }
325
+ }
326
+ }
327
+
328
+ $exclude_posts = apply_filters( 'um_exclude_restricted_posts_ids', $exclude_posts, $force );
329
+
330
+ $cache[ $cache_key ] = $exclude_posts;
331
+ return $exclude_posts;
332
+ }
333
+
334
+
335
+
336
+ /**
337
+ * Get array with restricted terms
338
+ *
339
+ * @param \WP_Term_Query $query
340
+ *
341
+ * @return array
342
+ */
343
+ function exclude_terms_array( $query ) {
344
+ $exclude = array();
345
+
346
+ $restricted_taxonomies = UM()->options()->get( 'restricted_access_taxonomy_metabox' );
347
+ if ( ! empty( $restricted_taxonomies ) ) {
348
+ $restricted_taxonomies = array_keys( $restricted_taxonomies );
349
+ foreach ( $restricted_taxonomies as $k => $taxonomy ) {
350
+ if ( ! taxonomy_exists( $taxonomy ) ) {
351
+ unset( $restricted_taxonomies[ $k ] );
352
+ }
353
+ }
354
+ $restricted_taxonomies = array_values( $restricted_taxonomies );
355
+
356
+ if ( ! empty( $restricted_taxonomies ) ) {
357
+ if ( isset( $query->query_vars['taxonomy'] ) && is_array( $query->query_vars['taxonomy'] ) ) {
358
+ $restricted_taxonomies = array_intersect( $query->query_vars['taxonomy'], $restricted_taxonomies );
359
+ } elseif ( ! empty( $query->query_vars['term_taxonomy_id'] ) ) {
360
+ $term_taxonomy_ids = is_array( $query->query_vars['term_taxonomy_id'] ) ? $query->query_vars['term_taxonomy_id'] : array( $query->query_vars['term_taxonomy_id'] );
361
+
362
+ global $wpdb;
363
+ $tax_in_query = $wpdb->get_col( "SELECT DISTINCT taxonomy FROM {$wpdb->term_taxonomy} WHERE term_taxonomy_id IN('" . implode( "','", $term_taxonomy_ids ) . "')" );
364
+ if ( ! empty( $tax_in_query ) ) {
365
+ $restricted_taxonomies = array_intersect( $tax_in_query, $restricted_taxonomies );
366
+ } else {
367
+ $restricted_taxonomies = array();
368
+ }
369
+ }
370
+ }
371
+ }
372
+
373
+ if ( empty( $restricted_taxonomies ) ) {
374
+ return $exclude;
375
+ }
376
+
377
+ $cache_key = md5( serialize( $restricted_taxonomies ) );
378
+
379
+ static $cache = array();
380
+
381
+ if ( array_key_exists( $cache_key, $cache ) ) {
382
+ return $cache[ $cache_key ];
383
+ }
384
+
385
+ $term_ids = get_terms(
386
+ array(
387
+ 'taxonomy' => $restricted_taxonomies,
388
+ 'hide_empty' => false,
389
+ 'fields' => 'ids',
390
+ 'meta_query' => array(
391
+ 'key' => 'um_content_restriction',
392
+ 'compare' => 'EXISTS',
393
+ ),
394
+ 'um_ignore_exclude' => true,
395
+ )
396
+ );
397
+
398
+ if ( empty( $term_ids ) || is_wp_error( $term_ids ) ) {
399
+ $cache[ $cache_key ] = $exclude;
400
+ return $exclude;
401
+ }
402
+
403
+ foreach ( $term_ids as $term_id ) {
404
+ if ( $this->is_restricted_term( $term_id ) ) {
405
+ $exclude[] = $term_id;
406
+ }
407
+ }
408
+
409
+ $exclude = apply_filters( 'um_exclude_restricted_terms_ids', $exclude );
410
+ $cache[ $cache_key ] = $exclude;
411
+ return $exclude;
412
+ }
413
+
414
+
415
+ /**
416
+ * @param \WP_Term_Query $query
417
+ */
418
+ function exclude_hidden_terms_query( $query ) {
419
+ if ( current_user_can( 'administrator' ) || ! empty( $query->query_vars['um_ignore_exclude'] ) ) {
420
+ return;
421
+ }
422
+
423
+ $exclude = $this->exclude_terms_array( $query );
424
+ if ( ! empty( $exclude ) ) {
425
+ $query->query_vars['exclude'] = ! empty( $query->query_vars['exclude'] ) ? wp_parse_id_list( $query->query_vars['exclude'] ) : $exclude;
426
+ }
427
+ }
428
+
429
+
430
+ /**
431
+ * @param \WP_Query $query
432
+ */
433
+ function exclude_posts( $query ) {
434
+ if ( current_user_can( 'administrator' ) ) {
435
+ return;
436
+ }
437
+
438
+ // use these functions is_search() || is_admin() for getting force hide all posts
439
+ // don't handle `hide from WP_Query` and show 404 option for searching and wp-admin query
440
+ if ( $query->is_main_query() || ! empty( $query->query_vars['um_main_query'] ) ) {
441
+ $force = is_feed() || is_search() || is_admin();
442
+
443
+ if ( is_object( $query ) ) {
444
+ $is_singular = $query->is_singular();
445
+ } else {
446
+ $is_singular = ! empty( $query->is_singular ) ? true : false;
447
+ }
448
+
449
+ if ( ! $is_singular ) {
450
+ // need to know what post type is here
451
+ $q_values = ! empty( $query->query_vars['post_type'] ) ? $query->query_vars['post_type'] : array();
452
+ if ( ! is_array( $q_values ) ) {
453
+ $q_values = explode( ',', $query->query_vars['post_type'] );
454
+ }
455
+
456
+ // 'any' will cause the query var to be ignored.
457
+ if ( in_array( 'any', $q_values, true ) || empty( $q_values ) ) {
458
+ $exclude_posts = $this->exclude_posts_array( $force );
459
+ } else {
460
+ $exclude_posts = $this->exclude_posts_array( $force, $q_values );
461
+ }
462
+
463
+ if ( ! empty( $exclude_posts ) ) {
464
+ $post__not_in = $query->get( 'post__not_in', array() );
465
+ $query->set( 'post__not_in', array_merge( wp_parse_id_list( $post__not_in ), $exclude_posts ) );
466
+ }
467
+ }
468
+ }
469
+ }
470
+
471
+
472
+ /**
473
+ * Exclude restricted post from query if there is a single query that exclude post_not_in by default in \WP_Query
474
+ *
475
+ * @param string $where
476
+ * @param \WP_Query $query
477
+ *
478
+ * @return mixed
479
+ */
480
+ function exclude_posts_where( $where, $query ) {
481
+ if ( current_user_can( 'administrator' ) ) {
482
+ return $where;
483
+ }
484
+
485
+ if ( ! $query->is_main_query() ) {
486
+ return $where;
487
+ }
488
+
489
+ if ( ! empty( $query->query_vars['p'] ) && $this->is_restricted( $query->query_vars['p'] ) ) {
490
+ $restriction_settings = $this->get_post_privacy_settings( $query->query_vars['p'] );
491
+ if ( ! empty( $restriction_settings['_um_access_hide_from_queries'] ) && ! empty( $query->query_vars['post__not_in'] ) ) {
492
+ global $wpdb;
493
+ $post__not_in = implode( ',', array_map( 'absint', $query->query_vars['post__not_in'] ) );
494
+ $where .= " AND {$wpdb->posts}.ID NOT IN ($post__not_in)";
495
+ }
496
+ }
497
+
498
+ return $where;
499
+ }
500
+
501
+
502
+ /**
503
+ * Change the posts count based on restriction settings
504
+ *
505
+ * @param object $counts Post counts
506
+ * @param string $type Post type
507
+ * @param string $perm The permission to determine if the posts are 'readable'
508
+ * by the current user.
509
+ *
510
+ * @return object
511
+ */
512
+ function custom_count_posts_handler( $counts, $type = 'post', $perm = '' ) {
513
+ if ( current_user_can( 'administrator' ) ) {
514
+ return $counts;
515
+ }
516
+
517
+ global $wpdb;
518
+
519
+ static $cache = array();
520
+
521
+ $cache_key = _count_posts_cache_key( $type, $perm );
522
+ $force = is_feed() || is_search() || is_admin();
523
+ $cache_key .= $force ? 'force' : '';
524
+
525
+ if ( array_key_exists( $cache_key, $cache ) ) {
526
+ return $cache[ $cache_key ];
527
+ }
528
+
529
+ $exclude_posts = $this->exclude_posts_array( $force, array( $type ) );
530
+ if ( empty( $exclude_posts ) ) {
531
+ $cache[ $cache_key ] = $counts;
532
+ return $counts;
533
+ }
534
+
535
+ $query = "SELECT post_status, COUNT( * ) AS num_posts FROM {$wpdb->posts} WHERE post_type = %s";
536
+
537
+ if ( 'readable' === $perm && is_user_logged_in() ) {
538
+ $post_type_object = get_post_type_object( $type );
539
+ if ( ! current_user_can( $post_type_object->cap->read_private_posts ) ) {
540
+ $query .= $wpdb->prepare(
541
+ " AND (post_status != 'private' OR ( post_author = %d AND post_status = 'private' ))",
542
+ get_current_user_id()
543
+ );
544
+ }
545
+ }
546
+
547
+ $query .= " AND ID NOT IN('" . implode( "','", $exclude_posts ) . "')";
548
+
549
+ $query .= ' GROUP BY post_status';
550
+
551
+ $results = (array) $wpdb->get_results( $wpdb->prepare( $query, $type ), ARRAY_A );
552
+ $counts = array_fill_keys( get_post_stati(), 0 );
553
+
554
+ foreach ( $results as $row ) {
555
+ $counts[ $row['post_status'] ] = $row['num_posts'];
556
+ }
557
+
558
+ $counts = (object) $counts;
559
+
560
+ $cache[ $cache_key ] = $counts;
561
+ return $counts;
562
+ }
563
+
564
+
565
+ /**
566
+ * Exclude restricted posts in Recent Posts widget
567
+ *
568
+ * @param array $array Query args
569
+ *
570
+ * @return array
571
+ */
572
+ function exclude_restricted_posts_widget( $array ) {
573
+ if ( current_user_can( 'administrator' ) ) {
574
+ return $array;
575
+ }
576
+
577
+ $exclude_posts = $this->exclude_posts_array( false, 'post' );
578
+ if ( ! empty( $exclude_posts ) ) {
579
+ $post__not_in = ! empty( $array['post__not_in'] ) ? $array['post__not_in'] : array();
580
+ $array['post__not_in'] = array_merge( wp_parse_id_list( $post__not_in ), $exclude_posts );
581
+ }
582
+
583
+ return $array;
584
+ }
585
+
586
+
587
+ /**
588
+ * Exclude restricted posts in Recent Posts widget
589
+ *
590
+ * @param array $array Query args
591
+ *
592
+ * @return array
593
+ */
594
+ function exclude_restricted_pages( $array ) {
595
+ if ( current_user_can( 'administrator' ) ) {
596
+ return $array;
597
+ }
598
+
599
+ $exclude_posts = $this->exclude_posts_array( false, 'page' );
600
+ if ( ! empty( $exclude_posts ) ) {
601
+ $array = array_merge( $array, $exclude_posts );
602
+ }
603
+
604
+ return $array;
605
+ }
606
+
607
+
608
+ /**
609
+ * Exclude restricted posts in widgets
610
+ *
611
+ * @param string $sql_where
612
+ * @param array $parsed_args
613
+ *
614
+ * @return string
615
+ */
616
+ function exclude_restricted_posts_archives_widget( $sql_where, $parsed_args = array() ) {
617
+ if ( current_user_can( 'administrator' ) ) {
618
+ return $sql_where;
619
+ }
620
+
621
+ $post_type = ! empty( $parsed_args['post_type'] ) ? $parsed_args['post_type'] : false;
622
+
623
+ $exclude_posts = $this->exclude_posts_array( false, $post_type );
624
+ if ( ! empty( $exclude_posts ) ) {
625
+ $exclude_string = implode( ',', $exclude_posts );
626
+ $sql_where .= ' AND ID NOT IN ( ' . $exclude_string . ' )';
627
+ }
628
+
629
+ return $sql_where;
630
+ }
631
+
632
+
633
+ /**
634
+ * Exclude posts from next, previous navigation
635
+ *
636
+ * @param string $where
637
+ * @param bool $in_same_term
638
+ * @param string|array $excluded_terms
639
+ * @param string $taxonomy
640
+ * @param null|\WP_Post $post
641
+ *
642
+ * @return string
643
+ */
644
+ function exclude_navigation_posts( $where, $in_same_term = false, $excluded_terms = '', $taxonomy = 'category', $post = null ) {
645
+ if ( current_user_can( 'administrator' ) ) {
646
+ return $where;
647
+ }
648
+
649
+ if ( empty( $post ) ) {
650
+ return $where;
651
+ }
652
+
653
+ $exclude_posts = $this->exclude_posts_array( false, $post->post_type );
654
+ if ( ! empty( $exclude_posts ) ) {
655
+ $exclude_string = implode( ',', $exclude_posts );
656
+ $where .= ' AND ID NOT IN ( ' . $exclude_string . ' )';
657
+ }
658
+
659
+ return $where;
660
+ }
661
+
662
+
663
+ /**
664
+ * Replace titles of restricted posts
665
+ *
666
+ * @param string $title
667
+ * @param int|null $id
668
+ *
669
+ * @return string
670
+ */
671
+ function filter_restricted_post_title( $title, $id = null ) {
672
+ if ( ! UM()->options()->get( 'restricted_post_title_replace' ) ) {
673
+ return $title;
674
+ }
675
+
676
+ if ( current_user_can( 'administrator' ) ) {
677
+ return $title;
678
+ }
679
+
680
+ if ( ! isset( $id ) ) {
681
+ return $title;
682
+ }
683
+
684
+ if ( ! is_numeric( $id ) ) {
685
+ $id = absint( $id );
686
+ }
687
+
688
+ $ignore = apply_filters( 'um_ignore_restricted_title', false, $id );
689
+ if ( $ignore ) {
690
+ return $title;
691
+ }
692
+
693
+ if ( $this->is_restricted( $id ) ) {
694
+ $restricted_global_title = UM()->options()->get( 'restricted_access_post_title' );
695
+ $title = stripslashes( $restricted_global_title );
696
+ }
697
+
698
+ return $title;
699
+ }
700
+
701
+
702
+ /**
703
+ * Replace content of restricted posts
704
+ *
705
+ * @param string $content
706
+ *
707
+ * @return string
708
+ */
709
+ function filter_restricted_post_content( $content ) {
710
+ if ( current_user_can( 'administrator' ) ) {
711
+ return $content;
712
+ }
713
+
714
+ $id = get_the_ID();
715
+ if ( ! $id || is_admin() ) {
716
+ return $content;
717
+ }
718
+
719
+ $ignore = apply_filters( 'um_ignore_restricted_content', false, $id );
720
+ if ( $ignore ) {
721
+ return $content;
722
+ }
723
+
724
+ if ( $this->is_restricted( $id ) ) {
725
+ $restriction = $this->get_post_privacy_settings( $id );
726
+
727
+ if ( ! isset( $restriction['_um_restrict_by_custom_message'] ) || '0' == $restriction['_um_restrict_by_custom_message'] ) {
728
+ $content = stripslashes( UM()->options()->get( 'restricted_access_message' ) );
729
+ } elseif ( '1' == $restriction['_um_restrict_by_custom_message'] ) {
730
+ $content = ! empty( $restriction['_um_restrict_custom_message'] ) ? stripslashes( $restriction['_um_restrict_custom_message'] ) : '';
731
+ }
732
+ }
733
+
734
+ return $content;
735
+ }
736
+
737
+
738
+ /**
739
+ * Replace excerpt of restricted posts
740
+ *
741
+ * @param string $post_excerpt
742
+ * @param \WP_Post $post
743
+ *
744
+ * @return string
745
+ */
746
+ function filter_restricted_post_excerpt( $post_excerpt = '', $post = null ) {
747
+ if ( empty( $post ) ) {
748
+ return $post_excerpt;
749
+ }
750
+
751
+ if ( current_user_can( 'administrator' ) || is_admin() ) {
752
+ return $post_excerpt;
753
+ }
754
+
755
+ $ignore = apply_filters( 'um_ignore_restricted_excerpt', false, $post->ID );
756
+ if ( $ignore ) {
757
+ return $post_excerpt;
758
+ }
759
+
760
+ if ( $this->is_restricted( $post->ID ) ) {
761
+ $post_excerpt = '';
762
+ }
763
+
764
+ return $post_excerpt;
765
+ }
766
+
767
+
768
+ /**
769
+ * Hide attachment if the post is restricted
770
+ *
771
+ * @param string $url
772
+ * @param int $attachment_id
773
+ *
774
+ * @return boolean|string
775
+ */
776
+ function filter_attachment( $url, $attachment_id ) {
777
+ if ( current_user_can( 'administrator' ) ) {
778
+ return $url;
779
+ }
780
+
781
+ return ( $attachment_id && $this->is_restricted( $attachment_id ) ) ? false : $url;
782
+ }
783
+
784
+
785
+ /**
786
+ * Hide attachment if the post is restricted
787
+ *
788
+ * @param $has_thumbnail
789
+ * @param $post
790
+ * @param $thumbnail_id
791
+ *
792
+ * @return bool
793
+ */
794
+ function filter_post_thumbnail( $has_thumbnail, $post = null, $thumbnail_id = false ) {
795
+ if ( empty( $thumbnail_id ) ) {
796
+ return $has_thumbnail;
797
+ }
798
+
799
+ if ( current_user_can( 'administrator' ) ) {
800
+ return $has_thumbnail;
801
+ }
802
+
803
+ if ( $this->is_restricted( $thumbnail_id ) ) {
804
+ $has_thumbnail = false;
805
+ } elseif ( ! empty( $post ) && ! empty( $post->ID ) ) {
806
+ if ( $this->is_restricted( $post->ID ) ) {
807
+ $has_thumbnail = false;
808
+ }
809
+ } else {
810
+ $post_id = get_the_ID();
811
+ if ( false !== $post_id && $this->is_restricted( $post_id ) ) {
812
+ $has_thumbnail = false;
813
+ }
814
+ }
815
+
816
+ $has_thumbnail = apply_filters( 'um_restrict_post_thumbnail', $has_thumbnail, $post, $thumbnail_id );
817
+
818
+ return $has_thumbnail;
819
+ }
820
+
821
+
822
+
823
+ /**
824
+ * Exclude comments from restricted posts in widgets
825
+ *
826
+ * @param \WP_Comment_Query $query
827
+ */
828
+ function exclude_posts_comments( $query ) {
829
+ if ( current_user_can( 'administrator' ) ) {
830
+ return;
831
+ }
832
+
833
+ if ( ! empty( $query->query_vars['post_id'] ) ) {
834
+ $exclude_posts = array();
835
+ if ( $this->is_restricted( $query->query_vars['post_id'] ) ) {
836
+ $exclude_posts[] = $query->query_vars['post_id'];
837
+ }
838
+ } else {
839
+ $q_values = ! empty( $query->query_vars['post_type'] ) ? $query->query_vars['post_type'] : array();
840
+ if ( ! is_array( $q_values ) ) {
841
+ $q_values = explode( ',', $query->query_vars['post_type'] );
842
+ }
843
+
844
+ // 'any' will cause the query var to be ignored.
845
+ if ( in_array( 'any', $q_values, true ) || empty( $q_values ) ) {
846
+ $exclude_posts = $this->exclude_posts_array( true, $this->get_available_comments_post_types() );
847
+ } else {
848
+ $exclude_posts = $this->exclude_posts_array( true, $q_values );
849
+ }
850
+ }
851
+
852
+ if ( ! empty( $exclude_posts ) ) {
853
+ $post__not_in = ! empty( $query->query_vars['post__not_in'] ) ? $query->query_vars['post__not_in'] : array();
854
+ $query->query_vars['post__not_in'] = array_merge( wp_parse_id_list( $post__not_in ), $exclude_posts );
855
+ }
856
+ }
857
+
858
+
859
+ /**
860
+ * @return array
861
+ */
862
+ function get_available_comments_post_types() {
863
+ global $wp_taxonomies, $wpdb;
864
+
865
+ $restricted_posts = UM()->options()->get( 'restricted_access_post_metabox' );
866
+ if ( empty( $restricted_posts ) ) {
867
+ $restricted_posts = array();
868
+ }
869
+ $restricted_posts = array_keys( $restricted_posts );
870
+
871
+ $restricted_taxonomies = UM()->options()->get( 'restricted_access_taxonomy_metabox' );
872
+ if ( ! empty( $restricted_taxonomies ) ) {
873
+ $restricted_taxonomies = array_keys( $restricted_taxonomies );
874
+ foreach ( $restricted_taxonomies as $k => $taxonomy ) {
875
+ if ( taxonomy_exists( $taxonomy ) ) {
876
+ $restricted_posts = array_merge( $restricted_posts, $wp_taxonomies[ $taxonomy ]->object_type );
877
+ }
878
+ }
879
+ }
880
+
881
+ $restricted_posts = array_unique( $restricted_posts );
882
+ foreach ( $restricted_posts as $k => $post_type ) {
883
+ if ( 'closed' === get_default_comment_status( $post_type ) ) {
884
+ $open_comments = $wpdb->get_var( $wpdb->prepare(
885
+ "SELECT ID
886
+ FROM {$wpdb->posts}
887
+ WHERE post_type = %s AND
888
+ comment_status != 'closed'",
889
+ $post_type
890
+ ) );
891
+
892
+ if ( empty( $open_comments ) ) {
893
+ unset( $restricted_posts[ $k ] );
894
+ }
895
+ }
896
+ }
897
+
898
+ $restricted_posts = array_values( $restricted_posts );
899
+
900
+ return $restricted_posts;
901
+ }
902
+
903
+
904
+ /**
905
+ * Exclude comments from comments feed
906
+ *
907
+ * @param string $where
908
+ * @param \WP_Query $query
909
+ *
910
+ * @return string
911
+ */
912
+ function exclude_posts_comments_feed( $where, $query ) {
913
+ if ( current_user_can( 'administrator' ) ) {
914
+ return $where;
915
+ }
916
+
917
+ $exclude_posts = $this->exclude_posts_array( true, $this->get_available_comments_post_types() );
918
+ if ( ! empty( $exclude_posts ) ) {
919
+ $exclude_string = implode( ',', $exclude_posts );
920
+ $where .= ' AND comment_post_ID NOT IN ( ' . $exclude_string . ' )';
921
+ }
922
+
923
+ return $where;
924
+ }
925
+
926
+
927
+ /**
928
+ * @param array|object $stats
929
+ * @param int $post_id Post ID. Can be 0 for the whole website
930
+ *
931
+ * @return object
932
+ */
933
+ function custom_comments_count_handler( $stats = array(), $post_id = 0 ) {
934
+ if ( ! empty( $stats ) || current_user_can( 'administrator' ) ) {
935
+ return $stats;
936
+ }
937
+
938
+ if ( $post_id === 0 ) {
939
+ $exclude_posts = $this->exclude_posts_array( true, $this->get_available_comments_post_types() );
940
+ if ( empty( $exclude_posts ) ) {
941
+ return $stats;
942
+ }
943
+ } else {
944
+ $exclude_posts = array();
945
+ if ( $this->is_restricted( $post_id ) ) {
946
+ $exclude_posts[] = $post_id;
947
+ }
948
+ }
949
+
950
+ $stats = $this->get_comment_count( $post_id, $exclude_posts );
951
+ $stats['moderated'] = $stats['awaiting_moderation'];
952
+ unset( $stats['awaiting_moderation'] );
953
+
954
+ $stats_object = (object) $stats;
955
+
956
+ return $stats_object;
957
+ }
958
+
959
+
960
+ /**
961
+ * @param int $post_id
962
+ * @param array $exclude_posts
963
+ *
964
+ * @return array
965
+ */
966
+ function get_comment_count( $post_id = 0, $exclude_posts = array() ) {
967
+ static $cache = array();
968
+
969
+ if ( isset( $cache[ $post_id ] ) ) {
970
+ return $cache[ $post_id ];
971
+ }
972
+
973
+ global $wpdb;
974
+
975
+ $post_id = (int) $post_id;
976
+
977
+ $where = 'WHERE 1=1';
978
+ if ( $post_id > 0 ) {
979
+ $where .= $wpdb->prepare( ' AND comment_post_ID = %d', $post_id );
980
+ }
981
+
982
+ if ( ! empty( $exclude_posts ) ) {
983
+ $exclude_string = implode( ',', $exclude_posts );
984
+ $where .= ' AND comment_post_ID NOT IN ( ' . $exclude_string . ' )';
985
+ }
986
+
987
+ $totals = (array) $wpdb->get_results(
988
+ "
989
+ SELECT comment_approved, COUNT( * ) AS total
990
+ FROM {$wpdb->comments}
991
+ {$where}
992
+ GROUP BY comment_approved
993
+ ",
994
+ ARRAY_A
995
+ );
996
+
997
+ $comment_count = array(
998
+ 'approved' => 0,
999
+ 'awaiting_moderation' => 0,
1000
+ 'spam' => 0,
1001
+ 'trash' => 0,
1002
+ 'post-trashed' => 0,
1003
+ 'total_comments' => 0,
1004
+ 'all' => 0,
1005
+ );
1006
+
1007
+ foreach ( $totals as $row ) {
1008
+ switch ( $row['comment_approved'] ) {
1009
+ case 'trash':
1010
+ $comment_count['trash'] = $row['total'];
1011
+ break;
1012
+ case 'post-trashed':
1013
+ $comment_count['post-trashed'] = $row['total'];
1014
+ break;
1015
+ case 'spam':
1016
+ $comment_count['spam'] = $row['total'];
1017
+ $comment_count['total_comments'] += $row['total'];
1018
+ break;
1019
+ case '1':
1020
+ $comment_count['approved'] = $row['total'];
1021
+ $comment_count['total_comments'] += $row['total'];
1022
+ $comment_count['all'] += $row['total'];
1023
+ break;
1024
+ case '0':
1025
+ $comment_count['awaiting_moderation'] = $row['total'];
1026
+ $comment_count['total_comments'] += $row['total'];
1027
+ $comment_count['all'] += $row['total'];
1028
+ break;
1029
+ default:
1030
+ break;
1031
+ }
1032
+ }
1033
+
1034
+ $comment_count = array_map( 'intval', $comment_count );
1035
+ $cache[ $post_id ] = $comment_count;
1036
+
1037
+ return $comment_count;
1038
+ }
1039
+
1040
+
1041
+ /**
1042
+ * Disable comments if user has not permission to access this post
1043
+ *
1044
+ * @param mixed $open
1045
+ * @param int $post_id
1046
+ * @return boolean
1047
+ */
1048
+ function disable_comments_open( $open, $post_id ) {
1049
+ if ( current_user_can( 'administrator' ) ) {
1050
+ return $open;
1051
+ }
1052
+
1053
+ static $cache = array();
1054
+
1055
+ if ( isset( $cache[ $post_id ] ) ) {
1056
+ return $cache[ $post_id ] ? $open : false;
1057
+ }
1058
+
1059
+ if ( ! $this->is_restricted( $post_id ) ) {
1060
+ $cache[ $post_id ] = $open;
1061
+ return $open;
1062
+ }
1063
+
1064
+ $open = false;
1065
+
1066
+ $cache[ $post_id ] = $open;
1067
+ return $open;
1068
+ }
1069
+
1070
+
1071
+ /**
1072
+ * Disable comments if user has not permission to access this post
1073
+ *
1074
+ * @param int $count
1075
+ * @param int $post_id
1076
+ * @return boolean
1077
+ */
1078
+ function disable_comments_open_number( $count, $post_id = 0 ) {
1079
+ if ( current_user_can( 'administrator' ) ) {
1080
+ return $count;
1081
+ }
1082
+
1083
+ static $cache_number = array();
1084
+
1085
+ if ( isset( $cache_number[ $post_id ] ) ) {
1086
+ return $cache_number[ $post_id ];
1087
+ }
1088
+
1089
+ if ( ! $this->is_restricted( $post_id ) ) {
1090
+ $cache_number[ $post_id ] = $count;
1091
+ return $count;
1092
+ }
1093
+
1094
+ $count = 0;
1095
+
1096
+ $cache_number[ $post_id ] = $count;
1097
+ return $count;
1098
+ }
1099
+
1100
+
1101
+ /**
1102
+ * Protect Post Types in menu query
1103
+ * Restrict content new logic
1104
+ * @param array $menu_items
1105
+ * @param array $args
1106
+ * @return array
1107
+ */
1108
+ function filter_menu( $menu_items, $args = array() ) {
1109
+ //if empty
1110
+ if ( empty( $menu_items ) ) {
1111
+ return $menu_items;
1112
+ }
1113
+
1114
+ if ( current_user_can( 'administrator' ) ) {
1115
+ return $menu_items;
1116
+ }
1117
+
1118
+ $filtered_items = array();
1119
+
1120
+ //other filter
1121
+ foreach ( $menu_items as $menu_item ) {
1122
+ if ( ! empty( $menu_item->object_id ) && ! empty( $menu_item->object ) ) {
1123
+ if ( isset( $menu_item->type ) && 'taxonomy' === $menu_item->type ) {
1124
+ if ( ! $this->is_restricted_term( $menu_item->object_id ) ) {
1125
+ $filtered_items[] = $menu_item;
1126
+ continue;
1127
+ }
1128
+ } elseif ( isset( $menu_item->type ) && 'post_type' === $menu_item->type ) {
1129
+ if ( ! $this->is_restricted( $menu_item->object_id ) ) {
1130
+ $filtered_items[] = $menu_item;
1131
+ continue;
1132
+ } else {
1133
+ $restriction_settings = $this->get_post_privacy_settings( $menu_item->object_id );
1134
+ if ( UM()->options()->get( 'disable_restriction_pre_queries' ) || empty( $restriction_settings['_um_access_hide_from_queries'] ) ) {
1135
+ $filtered_items[] = $menu_item;
1136
+ continue;
1137
+ }
1138
+ }
1139
+ } elseif ( isset( $menu_item->type ) && 'custom' === $menu_item->type ) {
1140
+ $filtered_items[] = $menu_item;
1141
+ continue;
1142
+ } else {
1143
+ $filtered_items[] = $menu_item;
1144
+ continue;
1145
+ }
1146
+ } else {
1147
+ //add all other posts
1148
+ $filtered_items[] = $menu_item;
1149
+ }
1150
+ }
1151
+
1152
+ return $filtered_items;
1153
+ }
1154
+
1155
+
1156
+ /**
1157
+ * @param $block_content
1158
+ * @param $block
1159
+ *
1160
+ * @return string
1161
+ */
1162
+ function restrict_blocks( $block_content, $block ) {
1163
+ if ( is_admin() ) {
1164
+ return $block_content;
1165
+ }
1166
+
1167
+ $restricted_blocks = UM()->options()->get( 'restricted_blocks' );
1168
+ if ( empty( $restricted_blocks ) ) {
1169
+ return $block_content;
1170
+ }
1171
+
1172
+ if ( is_user_logged_in() && current_user_can( 'administrator' ) ) {
1173
+ return $block_content;
1174
+ }
1175
+
1176
+ if ( ! isset( $block['attrs']['um_is_restrict'] ) || $block['attrs']['um_is_restrict'] !== true ) {
1177
+ return $block_content;
1178
+ }
1179
+
1180
+ if ( empty( $block['attrs']['um_who_access'] ) ) {
1181
+ return $block_content;
1182
+ }
1183
+
1184
+ $default_message = UM()->options()->get( 'restricted_block_message' );
1185
+ switch ( $block['attrs']['um_who_access'] ) {
1186
+ case '1': {
1187
+ if ( ! is_user_logged_in() ) {
1188
+ $block_content = '';
1189
+ if ( isset( $block['attrs']['um_message_type'] ) ) {
1190
+ if ( $block['attrs']['um_message_type'] == '1' ) {
1191
+ $block_content = $default_message;
1192
+ } elseif ( $block['attrs']['um_message_type'] == '2' ) {
1193
+ $block_content = $block['attrs']['um_message_content'];
1194
+ }
1195
+ }
1196
+ } else {
1197
+ $display = true;
1198
+
1199
+ // What roles can access this content?
1200
+ if ( ! empty( $block['attrs']['um_roles_access'] ) ) {
1201
+ $display = false;
1202
+ foreach ( $block['attrs']['um_roles_access'] as $role ) {
1203
+ if ( current_user_can( $role ) ) {
1204
+ $display = true;
1205
+ }
1206
+ }
1207
+ }
1208
+
1209
+ $display = apply_filters( 'um_loggedin_block_restriction', $display, $block );
1210
+
1211
+ if ( ! $display ) {
1212
+ $block_content = '';
1213
+ if ( isset( $block['attrs']['um_message_type'] ) ) {
1214
+ if ( $block['attrs']['um_message_type'] == '1' ) {
1215
+ $block_content = $default_message;
1216
+ } elseif ( $block['attrs']['um_message_type'] == '2' ) {
1217
+ $block_content = $block['attrs']['um_message_content'];
1218
+ }
1219
+ }
1220
+ }
1221
+ }
1222
+ break;
1223
+ }
1224
+ case '2': {
1225
+ if ( is_user_logged_in() ) {
1226
+ $block_content = '';
1227
+ if ( isset( $block['attrs']['um_message_type'] ) ) {
1228
+ if ( $block['attrs']['um_message_type'] == '1' ) {
1229
+ $block_content = $default_message;
1230
+ } elseif ( $block['attrs']['um_message_type'] == '2' ) {
1231
+ $block_content = $block['attrs']['um_message_content'];
1232
+ }
1233
+ }
1234
+ }
1235
+ break;
1236
+ }
1237
+ }
1238
+
1239
+ return $block_content;
1240
+ }
1241
+
1242
+
1243
+ /**
1244
+ * @param \WP_Post $post
1245
+ *
1246
+ * @return \WP_Post
1247
+ */
1248
+ function maybe_replace_title( $post ) {
1249
+ if ( ! UM()->options()->get( 'restricted_post_title_replace' ) ) {
1250
+ return $post;
1251
+ }
1252
+
1253
+ if ( current_user_can( 'administrator' ) ) {
1254
+ return $post;
1255
+ }
1256
+
1257
+ if ( ! is_a( $post, '\WP_Post' ) ) {
1258
+ return $post;
1259
+ }
1260
+
1261
+ $ignore = apply_filters( 'um_ignore_restricted_title', false, $post->ID );
1262
+ if ( $ignore ) {
1263
+ return $post;
1264
+ }
1265
+
1266
+ $restricted_global_title = UM()->options()->get( 'restricted_access_post_title' );
1267
+ $post->post_title = stripslashes( $restricted_global_title );
1268
+
1269
+ return $post;
1270
+ }
1271
+
1272
+
1273
+ /**
1274
+ * Protect Post Types in query
1275
+ * Restrict content new logic
1276
+ *
1277
+ * @param array $posts
1278
+ * @param array|\WP_Query $query
1279
+ * @return array
1280
+ */
1281
+ function filter_protected_posts( $posts, $query ) {
1282
+ if ( current_user_can( 'administrator' ) ) {
1283
+ return $posts;
1284
+ }
1285
+
1286
+ //Woocommerce AJAX fixes....remove filtration on wc-ajax which goes to Front Page
1287
+ if ( ! empty( $_GET['wc-ajax'] ) && defined( 'WC_DOING_AJAX' ) && WC_DOING_AJAX ) {
1288
+ return $posts;
1289
+ }
1290
+
1291
+ //if empty
1292
+ if ( empty( $posts ) || is_admin() ) {
1293
+ return $posts;
1294
+ }
1295
+
1296
+ if ( is_object( $query ) ) {
1297
+ $is_singular = $query->is_singular();
1298
+ } else {
1299
+ $is_singular = ! empty( $query->is_singular ) ? true : false;
1300
+ }
1301
+
1302
+ if ( is_object( $query ) && is_a( $query, '\WP_Query' ) &&
1303
+ ( $query->is_main_query() || ! empty( $query->query_vars['um_main_query'] ) ) ) {
1304
+ if ( $is_singular ) {
1305
+ if ( ! UM()->options()->get( 'disable_restriction_pre_queries' ) && $this->is_restricted( $posts[0]->ID ) ) {
1306
+ $content_restriction = $this->get_post_privacy_settings( $posts[0]->ID );
1307
+ if ( ! empty( $content_restriction['_um_access_hide_from_queries'] ) ) {
1308
+ unset( $posts[0] );
1309
+ return $posts;
1310
+ }
1311
+ }
1312
+ }
1313
+ }
1314
+
1315
+ $filtered_posts = array();
1316
+
1317
+ //other filter
1318
+ foreach ( $posts as $post ) {
1319
+ if ( is_user_logged_in() && isset( $post->post_author ) && $post->post_author == get_current_user_id() ) {
1320
+ $filtered_posts[] = $post;
1321
+ continue;
1322
+ }
1323
+
1324
+ $restriction = $this->get_post_privacy_settings( $post );
1325
+ if ( ! $restriction ) {
1326
+ $filtered_posts[] = $post;
1327
+ continue;
1328
+ }
1329
+
1330
+ if ( $is_singular ) {
1331
+ $this->singular_page = true;
1332
+ }
1333
+
1334
+ if ( ! $this->is_restricted( $post->ID ) ) {
1335
+ $filtered_posts[] = $post;
1336
+ continue;
1337
+ } else {
1338
+ if ( $is_singular ) {
1339
+ if ( ! isset( $restriction['_um_noaccess_action'] ) || '0' == $restriction['_um_noaccess_action'] ) {
1340
+ if ( UM()->options()->get( 'disable_restriction_pre_queries' ) || empty( $restriction['_um_access_hide_from_queries'] ) ) {
1341
+ /**
1342
+ * UM hook
1343
+ *
1344
+ * @type action
1345
+ * @title um_access_fix_external_post_content
1346
+ * @description Hook for 3-d party content filtration
1347
+ * @change_log
1348
+ * ["Since: 2.0"]
1349
+ * @usage add_action( 'um_access_fix_external_post_content', 'function_name', 10 );
1350
+ * @example
1351
+ * <?php
1352
+ * add_action( 'um_access_fix_external_post_content', 'my_access_fix_external_post_content', 10 );
1353
+ * function my_access_fix_external_post_content() {
1354
+ * // your code here
1355
+ * }
1356
+ * ?>
1357
+ */
1358
+ do_action( 'um_access_fix_external_post_content' );
1359
+
1360
+ $filtered_posts[] = $this->maybe_replace_title( $post );
1361
+ continue;
1362
+ }
1363
+ } elseif ( '1' == $restriction['_um_noaccess_action'] ) {
1364
+ $curr = UM()->permalinks()->get_current_url();
1365
+
1366
+ if ( ! isset( $restriction['_um_access_redirect'] ) || '0' == $restriction['_um_access_redirect'] ) {
1367
+
1368
+ exit( wp_redirect( esc_url( add_query_arg( 'redirect_to', urlencode_deep( $curr ), um_get_core_page( 'login' ) ) ) ) );
1369
+
1370
+ } elseif ( '1' == $restriction['_um_access_redirect'] ) {
1371
+
1372
+ if ( ! empty( $restriction['_um_access_redirect_url'] ) ) {
1373
+ $redirect = $restriction['_um_access_redirect_url'];
1374
+ } else {
1375
+ $redirect = esc_url( add_query_arg( 'redirect_to', urlencode_deep( $curr ), um_get_core_page( 'login' ) ) );
1376
+ }
1377
+
1378
+ exit( wp_redirect( $redirect ) );
1379
+ }
1380
+ }
1381
+ } else {
1382
+ if ( UM()->options()->get( 'disable_restriction_pre_queries' ) || empty( $restriction['_um_access_hide_from_queries'] ) ) {
1383
+ $filtered_posts[] = $this->maybe_replace_title( $post );
1384
+ continue;
1385
+ }
1386
+ }
1387
+ }
1388
+ }
1389
+
1390
+ return $filtered_posts;
1391
+ }
1392
+
1393
+
1394
+ /**
1395
+ * Set custom access actions and redirection
1396
+ *
1397
+ * Old global restrict content logic
1398
+ */
1399
+ function template_redirect() {
1400
+ global $post, $wp_query;
1401
+
1402
+ //if we logged by administrator it can access to all content
1403
+ if ( current_user_can( 'administrator' ) ) {
1404
+ return;
1405
+ }
1406
+
1407
+ if ( is_object( $wp_query ) ) {
1408
+ $is_singular = $wp_query->is_singular();
1409
+ } else {
1410
+ $is_singular = ! empty( $wp_query->is_singular ) ? true : false;
1411
+ }
1412
+
1413
+ //if we use individual restrict content options skip this function
1414
+ if ( $is_singular && $this->singular_page ) {
1415
+ return;
1416
+ }
1417
+
1418
+ //also skip if we currently at wp-admin or 404 page
1419
+ if ( is_admin() || is_404() ) {
1420
+ return;
1421
+ }
1422
+
1423
+ //also skip if we currently at UM Register|Login|Reset Password pages
1424
+ if ( um_is_core_post( $post, 'register' ) ||
1425
+ um_is_core_post( $post, 'password-reset' ) ||
1426
+ um_is_core_post( $post, 'login' ) ) {
1427
+ return;
1428
+ }
1429
+
1430
+ /**
1431
+ * UM hook
1432
+ *
1433
+ * @type action
1434
+ * @title um_roles_add_meta_boxes_um_role_meta
1435
+ * @description Check terms individual restrict options
1436
+ * @change_log
1437
+ * ["Since: 2.0"]
1438
+ * @usage add_action( 'um_access_check_individual_term_settings', 'function_name', 10 );
1439
+ * @example
1440
+ * <?php
1441
+ * add_action( 'um_access_check_individual_term_settings', 'my_access_check_individual_term_settings', 10 );
1442
+ * function my_access_check_individual_term_settings() {
1443
+ * // your code here
1444
+ * }
1445
+ * ?>
1446
+ */
1447
+ do_action( 'um_access_check_individual_term_settings' );
1448
+ //exit from function if term page is accessible
1449
+ if ( $this->check_access() ) {
1450
+ return;
1451
+ }
1452
+
1453
+ /**
1454
+ * UM hook
1455
+ *
1456
+ * @type action
1457
+ * @title um_access_check_global_settings
1458
+ * @description Check global restrict content options
1459
+ * @change_log
1460
+ * ["Since: 2.0"]
1461
+ * @usage add_action( 'um_access_check_global_settings', 'function_name', 10 );
1462
+ * @example
1463
+ * <?php
1464
+ * add_action( 'um_access_check_global_settings', 'my_access_check_global_settings', 10 );
1465
+ * function my_access_check_global_settings() {
1466
+ * // your code here
1467
+ * }
1468
+ * ?>
1469
+ */
1470
+ do_action( 'um_access_check_global_settings' );
1471
+
1472
+ $this->check_access();
1473
+ }
1474
+
1475
+
1476
+ /**
1477
+ * Check individual term Content Restriction settings
1478
+ */
1479
+ function um_access_check_individual_term_settings() {
1480
+ //check only tax|tags|categories - skip archive, author, and date lists
1481
+ if ( ! ( is_tax() || is_tag() || is_category() ) ) {
1482
+ return;
1483
+ }
1484
+
1485
+ $term_id = null;
1486
+ if ( is_tag() ) {
1487
+ $term_id = get_query_var( 'tag_id' );
1488
+ } elseif ( is_category() ) {
1489
+ $term_id = get_query_var( 'cat' );
1490
+ } elseif ( is_tax() ) {
1491
+ $tax_name = get_query_var( 'taxonomy' );
1492
+
1493
+ $term_name = get_query_var( 'term' );
1494
+ $term = get_term_by( 'slug', $term_name, $tax_name );
1495
+
1496
+ $term_id = ! empty( $term->term_id ) ? $term->term_id : $term_id;
1497
+ }
1498
+
1499
+ if ( ! isset( $term_id ) ) {
1500
+ return;
1501
+ }
1502
+
1503
+ if ( $this->is_restricted_term( $term_id, true ) ) {
1504
+ $restriction = get_term_meta( $term_id, 'um_content_restriction', true );
1505
+ if ( '1' == $restriction['_um_noaccess_action'] ) {
1506
+ $curr = UM()->permalinks()->get_current_url();
1507
+
1508
+ if ( ! isset( $restriction['_um_access_redirect'] ) || '0' == $restriction['_um_access_redirect'] ) {
1509
+
1510
+ $this->redirect_handler = $this->set_referer( esc_url( add_query_arg( 'redirect_to', urlencode_deep( $curr ), um_get_core_page( 'login' ) ) ), 'individual_term' );
1511
+
1512
+ } elseif ( '1' == $restriction['_um_access_redirect'] ) {
1513
+
1514
+ if ( ! empty( $restriction['_um_access_redirect_url'] ) ) {
1515
+ $redirect = $restriction['_um_access_redirect_url'];
1516
+ } else {
1517
+ $redirect = esc_url( add_query_arg( 'redirect_to', urlencode_deep( $curr ), um_get_core_page( 'login' ) ) );
1518
+ }
1519
+
1520
+ $this->redirect_handler = $this->set_referer( $redirect, 'individual_term' );
1521
+
1522
+ }
1523
+ } else {
1524
+ add_filter( 'tag_template', array( &$this, 'taxonomy_message' ), 10, 3 );
1525
+ add_filter( 'archive_template', array( &$this, 'taxonomy_message' ), 10, 3 );
1526
+ add_filter( 'category_template', array( &$this, 'taxonomy_message' ), 10, 3 );
1527
+ add_filter( 'taxonomy_template', array( &$this, 'taxonomy_message' ), 10, 3 );
1528
+ }
1529
+ }
1530
+ }
1531
+
1532
+
1533
+ /**
1534
+ * @param $template
1535
+ * @param $type
1536
+ * @param $templates
1537
+ *
1538
+ * @return string
1539
+ */
1540
+ function taxonomy_message( $template, $type, $templates ) {
1541
+ return UM()->locate_template( 'restricted-taxonomy.php' );
1542
+ }
1543
+
1544
+
1545
+ /**
1546
+ * Check global accessible settings
1547
+ */
1548
+ function um_access_check_global_settings() {
1549
+ global $post;
1550
+
1551
+ $curr = UM()->permalinks()->get_current_url();
1552
+ $ms_empty_role_access = is_multisite() && is_user_logged_in() && ! UM()->roles()->get_priority_user_role( um_user( 'ID' ) );
1553
+
1554
+ if ( is_front_page() ) {
1555
+ if ( is_user_logged_in() && ! $ms_empty_role_access ) {
1556
+
1557
+ $user_default_homepage = um_user( 'default_homepage' );
1558
+ if ( ! empty( $user_default_homepage ) ) {
1559
+ return;
1560
+ }
1561
+
1562
+ $redirect_homepage = um_user( 'redirect_homepage' );
1563
+ /**
1564
+ * UM hook
1565
+ *
1566
+ * @type filter
1567
+ * @title um_custom_homepage_redirect_url
1568
+ * @description Change custom homepage redirect
1569
+ * @input_vars
1570
+ * [{"var":"$url","type":"string","desc":"Redirect URL"},
1571
+ * {"var":"$id","type":"int","desc":"User ID"}]
1572
+ * @change_log
1573
+ * ["Since: 2.0"]
1574
+ * @usage
1575
+ * <?php add_filter( 'um_custom_homepage_redirect_url', 'function_name', 10, 2 ); ?>
1576
+ * @example
1577
+ * <?php
1578
+ * add_filter( 'um_custom_homepage_redirect_url', 'my_custom_homepage_redirect_url', 10, 2 );
1579
+ * function my_custom_homepage_redirect_url( $url, $id ) {
1580
+ * // your code here
1581
+ * return $url;
1582
+ * }
1583
+ * ?>
1584
+ */
1585
+ $redirect_homepage = apply_filters( 'um_custom_homepage_redirect_url', $redirect_homepage, um_user( 'ID' ) );
1586
+ $redirect_to = ! empty( $redirect_homepage ) ? $redirect_homepage : um_get_core_page( 'user' );
1587
+ $this->redirect_handler = $this->set_referer( esc_url( add_query_arg( 'redirect_to', urlencode_deep( $curr ), $redirect_to ) ), 'custom_homepage' );
1588
+
1589
+ } else {
1590
+ $access = UM()->options()->get( 'accessible' );
1591
+
1592
+ if ( $access == 2 ) {
1593
+ //global settings for accessible home page
1594
+ $home_page_accessible = UM()->options()->get( 'home_page_accessible' );
1595
+
1596
+ if ( $home_page_accessible == 0 ) {
1597
+ //get redirect URL if not set get login page by default
1598
+ $redirect = UM()->options()->get( 'access_redirect' );
1599
+ if ( ! $redirect ) {
1600
+ $redirect = um_get_core_page( 'login' );
1601
+ }
1602
+
1603
+ $this->redirect_handler = $this->set_referer( esc_url( add_query_arg( 'redirect_to', urlencode_deep( $curr ), $redirect ) ), 'global' );
1604
+ } else {
1605
+ $this->allow_access = true;
1606
+ return;
1607
+ }
1608
+ }
1609
+ }
1610
+ } elseif ( is_category() ) {
1611
+ if ( ! is_user_logged_in() || $ms_empty_role_access ) {
1612
+
1613
+ $access = UM()->options()->get( 'accessible' );
1614
+
1615
+ if ( $access == 2 ) {
1616
+ //global settings for accessible home page
1617
+ $category_page_accessible = UM()->options()->get( 'category_page_accessible' );
1618
+ if ( $category_page_accessible == 0 ) {
1619
+ //get redirect URL if not set get login page by default
1620
+ $redirect = UM()->options()->get( 'access_redirect' );
1621
+ if ( ! $redirect ) {
1622
+ $redirect = um_get_core_page( 'login' );
1623
+ }
1624
+
1625
+ $this->redirect_handler = $this->set_referer( esc_url( add_query_arg( 'redirect_to', urlencode_deep( $curr ), $redirect ) ), 'global' );
1626
+ } else {
1627
+ $this->allow_access = true;
1628
+ return;
1629
+ }
1630
+ }
1631
+ }
1632
+ }
1633
+
1634
+ $access = UM()->options()->get( 'accessible' );
1635
+
1636
+ if ( $access == 2 && ( ! is_user_logged_in() || $ms_empty_role_access ) ) {
1637
+
1638
+ //build exclude URLs pages
1639
+ $redirects = array();
1640
+ $redirects[] = trim( untrailingslashit( UM()->options()->get( 'access_redirect' ) ) );
1641
+
1642
+ $exclude_uris = UM()->options()->get( 'access_exclude_uris' );
1643
+ if ( ! empty( $exclude_uris ) ) {
1644
+ $exclude_uris = array_map( 'trim', $exclude_uris );
1645
+ $redirects = array_merge( $redirects, $exclude_uris );
1646
+ }
1647
+
1648
+ $redirects = array_unique( $redirects );
1649
+
1650
+ $current_url = UM()->permalinks()->get_current_url( get_option( 'permalink_structure' ) );
1651
+ $current_url = untrailingslashit( $current_url );
1652
+ $current_url_slash = trailingslashit( $current_url );
1653
+
1654
+ if ( ! ( isset( $post->ID ) && ( in_array( $current_url, $redirects ) || in_array( $current_url_slash, $redirects ) ) ) ) {
1655
+ //if current page not in exclude URLs
1656
+ //get redirect URL if not set get login page by default
1657
+ $redirect = UM()->options()->get( 'access_redirect' );
1658
+ if ( ! $redirect ) {
1659
+ $redirect = um_get_core_page( 'login' );
1660
+ }
1661
+
1662
+ $this->redirect_handler = $this->set_referer( esc_url( add_query_arg( 'redirect_to', urlencode_deep( $curr ), $redirect ) ), 'global' );
1663
+ } else {
1664
+ $this->redirect_handler = false;
1665
+ $this->allow_access = true;
1666
+ }
1667
+ }
1668
+ }
1669
+
1670
+
1671
+ /**
1672
+ * Check access
1673
+ *
1674
+ * @return bool
1675
+ */
1676
+ function check_access() {
1677
+ if ( $this->allow_access === true ) {
1678
+ return true;
1679
+ }
1680
+
1681
+ if ( $this->redirect_handler ) {
1682
+ wp_redirect( $this->redirect_handler );
1683
+ exit;
1684
+ }
1685
+
1686
+ return false;
1687
+ }
1688
+
1689
+
1690
+ /**
1691
+ * Sets a custom access referer in a redirect URL
1692
+ *
1693
+ * @param string $url
1694
+ * @param string $referer
1695
+ *
1696
+ * @return string
1697
+ */
1698
+ function set_referer( $url, $referer ) {
1699
+
1700
+ /**
1701
+ * UM hook
1702
+ *
1703
+ * @type filter
1704
+ * @title um_access_enable_referer
1705
+ * @description Access Referrer Enable/Disable
1706
+ * @input_vars
1707
+ * [{"var":"$referrer","type":"bool","desc":"Access referrer"}]
1708
+ * @change_log
1709
+ * ["Since: 2.0"]
1710
+ * @usage add_filter( 'um_access_enable_referer', 'function_name', 10, 1 );
1711
+ * @example
1712
+ * <?php
1713
+ * add_filter( 'um_access_enable_referer', 'my_access_enable_referer', 10, 1 );
1714
+ * function my_access_enable_referer( $referrer ) {
1715
+ * // your code here
1716
+ * return $referrer;
1717
+ * }
1718
+ * ?>
1719
+ */
1720
+ $enable_referer = apply_filters( 'um_access_enable_referer', false );
1721
+ if ( ! $enable_referer ) {
1722
+ return $url;
1723
+ }
1724
+
1725
+ $url = add_query_arg( 'um_ref', $referer, $url );
1726
+ return $url;
1727
+ }
1728
+
1729
+
1730
+ /**
1731
+ * Get privacy settings for post
1732
+ * return false if post is not private
1733
+ * Restrict content new logic
1734
+ *
1735
+ * @param \WP_Post|int $post Post ID or object
1736
+ * @return bool|array
1737
+ */
1738
+ function get_post_privacy_settings( $post ) {
1739
+ // break for incorrect post
1740
+ if ( empty( $post ) ) {
1741
+ return false;
1742
+ }
1743
+
1744
+ static $cache = array();
1745
+
1746
+ $cache_key = is_numeric( $post ) ? $post : $post->ID;
1747
+
1748
+ if ( isset( $cache[ $cache_key ] ) ) {
1749
+ return $cache[ $cache_key ];
1750
+ }
1751
+
1752
+ if ( is_numeric( $post ) ) {
1753
+ $post = get_post( $post );
1754
+ }
1755
+
1756
+ //if logged in administrator all pages are visible
1757
+ if ( current_user_can( 'administrator' ) ) {
1758
+ $cache[ $cache_key ] = false;
1759
+ return false;
1760
+ }
1761
+
1762
+ $exclude = false;
1763
+ //exclude from privacy UM default pages (except Members list and User(Profile) page)
1764
+ if ( ! empty( $post->post_type ) && $post->post_type === 'page' ) {
1765
+
1766
+ if ( um_is_core_post( $post, 'login' ) || um_is_core_post( $post, 'register' ) ||
1767
+ um_is_core_post( $post, 'account' ) || um_is_core_post( $post, 'logout' ) ||
1768
+ um_is_core_post( $post, 'password-reset' ) || ( is_user_logged_in() && um_is_core_post( $post, 'user' ) ) )
1769
+ $exclude = true;
1770
+ }
1771
+
1772
+ $exclude = apply_filters( 'um_exclude_posts_from_privacy', $exclude, $post );
1773
+ if ( $exclude ) {
1774
+ $cache[ $cache_key ] = false;
1775
+ return false;
1776
+ }
1777
+
1778
+ $restricted_posts = UM()->options()->get( 'restricted_access_post_metabox' );
1779
+
1780
+ if ( ! empty( $post->post_type ) && ! empty( $restricted_posts[ $post->post_type ] ) ) {
1781
+ $restriction = get_post_meta( $post->ID, 'um_content_restriction', true );
1782
+
1783
+ if ( ! empty( $restriction['_um_custom_access_settings'] ) ) {
1784
+ if ( ! isset( $restriction['_um_accessible'] ) ) {
1785
+ $restricted_taxonomies = UM()->options()->get( 'restricted_access_taxonomy_metabox' );
1786
+
1787
+ //get all taxonomies for current post type
1788
+ $taxonomies = get_object_taxonomies( $post );
1789
+
1790
+ //get all post terms
1791
+ $terms = array();
1792
+ if ( ! empty( $taxonomies ) ) {
1793
+ foreach ( $taxonomies as $taxonomy ) {
1794
+ if ( empty( $restricted_taxonomies[ $taxonomy ] ) ) {
1795
+ continue;
1796
+ }
1797
+
1798
+ $terms = array_merge( $terms, wp_get_post_terms( $post->ID, $taxonomy, array( 'fields' => 'ids', 'um_ignore_exclude' => true, ) ) );
1799
+ }
1800
+ }
1801
+
1802
+ //get restriction options for first term with privacy settigns
1803
+ foreach ( $terms as $term_id ) {
1804
+ $restriction = get_term_meta( $term_id, 'um_content_restriction', true );
1805
+
1806
+ if ( ! empty( $restriction['_um_custom_access_settings'] ) ) {
1807
+ if ( ! isset( $restriction['_um_accessible'] ) ) {
1808
+ continue;
1809
+ } else {
1810
+ $cache[ $cache_key ] = $restriction;
1811
+ return $restriction;
1812
+ }
1813
+ }
1814
+ }
1815
+
1816
+ $cache[ $cache_key ] = false;
1817
+ return false;
1818
+ } else {
1819
+
1820
+ // set default redirect if Profile page is restricted for not-logged in users and showing message instead of redirect
1821
+ // this snippet was added to make the same action for {site_url}/user and {site_url}/user/{user_slug} URLs
1822
+ // by default {site_url}/user is redirected to Homepage in rewrite rules because hasn't found username in query when user is not logged in
1823
+ if ( ! is_user_logged_in() && um_is_core_post( $post, 'user' ) && $restriction['_um_accessible'] == '2' && $restriction['_um_noaccess_action'] == '0' ) {
1824
+ if ( isset( $restriction['_um_access_roles'] ) ) {
1825
+ $restriction = array(
1826
+ '_um_accessible' => '2',
1827
+ '_um_access_roles' => $restriction['_um_access_roles'],
1828
+ '_um_noaccess_action' => '1',
1829
+ '_um_access_redirect' => '1',
1830
+ '_um_access_redirect_url' => get_home_url( get_current_blog_id() )
1831
+ );
1832
+ } else {
1833
+ $restriction = array(
1834
+ '_um_accessible' => '2',
1835
+ '_um_noaccess_action' => '1',
1836
+ '_um_access_redirect' => '1',
1837
+ '_um_access_redirect_url' => get_home_url( get_current_blog_id() )
1838
+ );
1839
+ }
1840
+ }
1841
+
1842
+ $restriction = apply_filters( 'um_post_content_restriction_settings', $restriction, $post );
1843
+
1844
+ $cache[ $cache_key ] = $restriction;
1845
+ return $restriction;
1846
+ }
1847
+ }
1848
+ }
1849
+
1850
+ //post hasn't privacy settings....check all terms of this post
1851
+ $restricted_taxonomies = UM()->options()->get( 'restricted_access_taxonomy_metabox' );
1852
+
1853
+ //get all taxonomies for current post type
1854
+ $taxonomies = get_object_taxonomies( $post );
1855
+
1856
+ //get all post terms
1857
+ $terms = array();
1858
+ if ( ! empty( $taxonomies ) ) {
1859
+ foreach ( $taxonomies as $taxonomy ) {
1860
+ if ( empty( $restricted_taxonomies[ $taxonomy ] ) ) {
1861
+ continue;
1862
+ }
1863
+
1864
+ $terms = array_merge( $terms, wp_get_post_terms( $post->ID, $taxonomy, array( 'fields' => 'ids', 'um_ignore_exclude' => true, ) ) );
1865
+ }
1866
+ }
1867
+
1868
+ //get restriction options for first term with privacy settings
1869
+ foreach ( $terms as $term_id ) {
1870
+ $restriction = get_term_meta( $term_id, 'um_content_restriction', true );
1871
+
1872
+ if ( ! empty( $restriction['_um_custom_access_settings'] ) ) {
1873
+ if ( ! isset( $restriction['_um_accessible'] ) ) {
1874
+ continue;
1875
+ } else {
1876
+ $cache[ $cache_key ] = $restriction;
1877
+ return $restriction;
1878
+ }
1879
+ }
1880
+ }
1881
+
1882
+ $cache[ $cache_key ] = false;
1883
+ //post is public
1884
+ return false;
1885
+ }
1886
+
1887
+
1888
+ /**
1889
+ * Helper for checking if the user can some of the roles array
1890
+ *
1891
+ * @param $user_id
1892
+ * @param $roles
1893
+ * @return bool
1894
+ */
1895
+ function user_can( $user_id, $roles ) {
1896
+ $user_can = false;
1897
+
1898
+ if ( ! empty( $roles ) ) {
1899
+ foreach ( $roles as $key => $value ) {
1900
+ if ( ! empty( $value ) && user_can( $user_id, $key ) ) {
1901
+ $user_can = true;
1902
+ break;
1903
+ }
1904
+ }
1905
+ }
1906
+
1907
+ return $user_can;
1908
+ }
1909
+
1910
+
1911
+ /**
1912
+ * Helper for 3rd-party integrations with content restriction settings
1913
+ *
1914
+ * @param array $restriction
1915
+ *
1916
+ * @return bool
1917
+ */
1918
+ function um_custom_restriction( $restriction ) {
1919
+ /**
1920
+ * UM hook
1921
+ *
1922
+ * @type filter
1923
+ * @title um_custom_restriction
1924
+ * @description Extend Sort Types for Member Directory
1925
+ * @input_vars
1926
+ * [{"var":"$custom_restriction","type":"bool","desc":"Custom Restriction"},
1927
+ * {"var":"$restriction","type":"array","desc":"Restriction settings"}]
1928
+ * @change_log
1929
+ * ["Since: 2.0"]
1930
+ * @usage add_filter( 'um_custom_restriction', 'function_name', 10, 2 );
1931
+ * @example
1932
+ * <?php
1933
+ * add_filter( 'um_custom_restriction', 'my_custom_restriction', 10, 2 );
1934
+ * function my_directory_sort_users_select( $custom_restriction, $restriction ) {
1935
+ * // your code here
1936
+ * return $custom_restriction;
1937
+ * }
1938
+ * ?>
1939
+ */
1940
+ return apply_filters( 'um_custom_restriction', true, $restriction );
1941
+ }
1942
+
1943
+
1944
+ /**
1945
+ * Is post restricted?
1946
+ *
1947
+ * @param int $post_id
1948
+ * @return bool
1949
+ */
1950
+ function is_restricted( $post_id ) {
1951
+ // break for incorrect post
1952
+ if ( empty( $post_id ) ) {
1953
+ return false;
1954
+ }
1955
+
1956
+ static $cache = array();
1957
+
1958
+ if ( isset( $cache[ $post_id ] ) ) {
1959
+ return $cache[ $post_id ];
1960
+ }
1961
+
1962
+ if ( current_user_can( 'administrator' ) ) {
1963
+ $cache[ $post_id ] = false;
1964
+ return false;
1965
+ }
1966
+
1967
+ $post = get_post( $post_id );
1968
+ if ( is_user_logged_in() && isset( $post->post_author ) && $post->post_author == get_current_user_id() ) {
1969
+ $cache[ $post_id ] = false;
1970
+ return false;
1971
+ }
1972
+
1973
+ $restricted = true;
1974
+
1975
+ $restriction = $this->get_post_privacy_settings( $post_id );
1976
+ if ( ! $restriction ) {
1977
+ $restricted = false;
1978
+ } else {
1979
+ if ( '0' == $restriction['_um_accessible'] ) {
1980
+ //post is private
1981
+ $restricted = false;
1982
+ } elseif ( '1' == $restriction['_um_accessible'] ) {
1983
+ //if post for not logged in users and user is not logged in
1984
+ if ( ! is_user_logged_in() ) {
1985
+ $restricted = false;
1986
+ }
1987
+ } elseif ( '2' == $restriction['_um_accessible'] ) {
1988
+ //if post for logged in users and user is not logged in
1989
+ if ( is_user_logged_in() ) {
1990
+ $custom_restrict = $this->um_custom_restriction( $restriction );
1991
+
1992
+ if ( empty( $restriction['_um_access_roles'] ) || false === array_search( '1', $restriction['_um_access_roles'] ) ) {
1993
+ if ( $custom_restrict ) {
1994
+ $restricted = false;
1995
+ }
1996
+ } else {
1997
+ $user_can = $this->user_can( get_current_user_id(), $restriction['_um_access_roles'] );
1998
+
1999
+ if ( $user_can && $custom_restrict ) {
2000
+ $restricted = false;
2001
+ }
2002
+ }
2003
+ }
2004
+ }
2005
+ }
2006
+
2007
+ $restricted = apply_filters( 'um_is_restricted_post', $restricted, $post_id );
2008
+
2009
+ $cache[ $post_id ] = $restricted;
2010
+
2011
+ return $restricted;
2012
+ }
2013
+
2014
+
2015
+ /**
2016
+ * Is term restricted?
2017
+ *
2018
+ * @param int $term_id
2019
+ * @param bool $on_term_page
2020
+ * @return bool
2021
+ */
2022
+ function is_restricted_term( $term_id, $on_term_page = false ) {
2023
+ static $cache = array();
2024
+
2025
+ if ( isset( $cache[ $term_id ] ) ) {
2026
+ return $cache[ $term_id ];
2027
+ }
2028
+
2029
+ if ( current_user_can( 'administrator' ) ) {
2030
+ $cache[ $term_id ] = false;
2031
+ return false;
2032
+ }
2033
+
2034
+ $restricted_taxonomies = UM()->options()->get( 'restricted_access_taxonomy_metabox' );
2035
+ if ( empty( $restricted_taxonomies ) ) {
2036
+ $cache[ $term_id ] = false;
2037
+ return false;
2038
+ }
2039
+
2040
+ $term = get_term( $term_id );
2041
+ if ( empty( $term->taxonomy ) || empty( $restricted_taxonomies[ $term->taxonomy ] ) ) {
2042
+ $cache[ $term_id ] = false;
2043
+ return false;
2044
+ }
2045
+
2046
+ $restricted = true;
2047
+
2048
+ // $this->allow_access = true only in case if the
2049
+
2050
+ $restriction = get_term_meta( $term_id, 'um_content_restriction', true );
2051
+ if ( empty( $restriction ) ) {
2052
+ $restricted = false;
2053
+ } else {
2054
+ if ( empty( $restriction['_um_custom_access_settings'] ) ) {
2055
+ $restricted = false;
2056
+ } else {
2057
+ if ( '0' == $restriction['_um_accessible'] ) {
2058
+ //term is private
2059
+ $restricted = false;
2060
+ if ( $on_term_page ) {
2061
+ $this->allow_access = true;
2062
+ }
2063
+ } elseif ( '1' == $restriction['_um_accessible'] ) {
2064
+ //if term for not logged in users and user is not logged in
2065
+ if ( ! is_user_logged_in() ) {
2066
+ $restricted = false;
2067
+ if ( $on_term_page ) {
2068
+ $this->allow_access = true;
2069
+ }
2070
+ }
2071
+ } elseif ( '2' == $restriction['_um_accessible'] ) {
2072
+ //if term for logged in users and user is not logged in
2073
+ if ( is_user_logged_in() ) {
2074
+ $custom_restrict = $this->um_custom_restriction( $restriction );
2075
+
2076
+ if ( empty( $restriction['_um_access_roles'] ) || false === array_search( '1', $restriction['_um_access_roles'] ) ) {
2077
+ if ( $custom_restrict ) {
2078
+ $restricted = false;
2079
+ if ( $on_term_page ) {
2080
+ $this->allow_access = true;
2081
+ }
2082
+ }
2083
+ } else {
2084
+ $user_can = $this->user_can( get_current_user_id(), $restriction['_um_access_roles'] );
2085
+
2086
+ if ( $user_can && $custom_restrict ) {
2087
+ $restricted = false;
2088
+ if ( $on_term_page ) {
2089
+ $this->allow_access = true;
2090
+ }
2091
+ }
2092
+ }
2093
+ }
2094
+ }
2095
+ }
2096
+ }
2097
+
2098
+ $restricted = apply_filters( 'um_is_restricted_term', $restricted, $term_id, $on_term_page );
2099
+
2100
+ $cache[ $term_id ] = $restricted;
2101
+ return $restricted;
2102
+ }
2103
+ }
2104
+ }
includes/core/class-form.php CHANGED
@@ -312,7 +312,8 @@ if ( ! class_exists( 'um\core\Form' ) ) {
312
 
313
  /**
314
  * Return the errors as a WordPress Error object
315
- * @return WP_Error
 
316
  */
317
  function get_wp_error() {
318
  $wp_error = new \WP_Error();
312
 
313
  /**
314
  * Return the errors as a WordPress Error object
315
+ *
316
+ * @return \WP_Error
317
  */
318
  function get_wp_error() {
319
  $wp_error = new \WP_Error();
readme.txt CHANGED
@@ -7,7 +7,7 @@ Tags: community, member, membership, user-profile, user-registration
7
  Requires PHP: 5.6
8
  Requires at least: 5.0
9
  Tested up to: 5.8
10
- Stable tag: 2.2.3
11
  License: GNU Version 2 or Any Later Version
12
  License URI: http://www.gnu.org/licenses/gpl-3.0.txt
13
 
@@ -155,6 +155,15 @@ The plugin works with popular caching plugins by automatically excluding Ultimat
155
  * To learn more about version 2.1 please see this [docs](https://docs.ultimatemember.com/article/1512-upgrade-2-1-0)
156
  * UM2.1+ is a significant update to the Member Directories' code base from 2.0.x. Please make sure you take a full-site backup with restore point before updating the plugin
157
 
 
 
 
 
 
 
 
 
 
158
  = 2.2.3: August 25, 2021 =
159
 
160
  * Enhancements:
7
  Requires PHP: 5.6
8
  Requires at least: 5.0
9
  Tested up to: 5.8
10
+ Stable tag: 2.2.4
11
  License: GNU Version 2 or Any Later Version
12
  License URI: http://www.gnu.org/licenses/gpl-3.0.txt
13
 
155
  * To learn more about version 2.1 please see this [docs](https://docs.ultimatemember.com/article/1512-upgrade-2-1-0)
156
  * UM2.1+ is a significant update to the Member Directories' code base from 2.0.x. Please make sure you take a full-site backup with restore point before updating the plugin
157
 
158
+ = 2.2.4: August 27, 2021 =
159
+
160
+ * Bugfixes:
161
+
162
+ - Fixed: Hiding comments feed for pages with active comments
163
+ - Fixed: Changing the post title to the restricted value while displaying in the loop that uses direct `post_title` variable
164
+ - Fixed: PHP errors related to not passed function attributes from 3rd-party plugins or themes when using WP native hooks
165
+ - Fixed: Handling the login form errors via \WP_Error
166
+
167
  = 2.2.3: August 25, 2021 =
168
 
169
  * Enhancements:
ultimate-member.php CHANGED
@@ -3,7 +3,7 @@
3
  Plugin Name: Ultimate Member
4
  Plugin URI: http://ultimatemember.com/
5
  Description: The easiest way to create powerful online communities and beautiful user profiles with WordPress
6
- Version: 2.2.3
7
  Author: Ultimate Member
8
  Author URI: http://ultimatemember.com/
9
  Text Domain: ultimate-member
3
  Plugin Name: Ultimate Member
4
  Plugin URI: http://ultimatemember.com/
5
  Description: The easiest way to create powerful online communities and beautiful user profiles with WordPress
6
+ Version: 2.2.4
7
  Author: Ultimate Member
8
  Author URI: http://ultimatemember.com/
9
  Text Domain: ultimate-member