WP-Members Membership Plugin - Version 3.1.5

Version Description

  • Addressed some security issues to prevent XSS vulnerabilities.
  • Updated [wpmem_show_count] shortcode to include count of total blog users and users by role. See: http://rkt.bz/xC
  • Updated [wpmem_field] shortcode to accept [wpmem_field meta_key] instead of wpmem_field field="meta_key". See http://rkt.bz/ae
  • Updated [wpmem_loginout] shortcode with some improvements to function code and link text attributes. See: http://rkt.bz/29
  • Updated auto excerpt for improved functionality, uses wp_trim_words(), deprecated add_ellipsis, strip_tags, close_tags, parse_shortcodes, strip_shortcodes for filter (these were never documented so it is unlikely that anyone uses them).
  • Updated hidden field type, now allows adding hidden fields to the registration form.
  • Compartmentalized installation of initial settings.
  • Field loader now validates settings, if none exist due to install error it will run the default fields install.
  • Removed dialog setting downgrade on deactivation. Need to re-evaluate necessity of downgrading.
  • Fixed issue with slash handling in Emails tab.
Download this release

Release Info

Developer cbutlerjr
Plugin Icon 128x128 WP-Members Membership Plugin
Version 3.1.5
Comparing to
See all releases

Code changes from version 3.1.4 to 3.1.5

Files changed (19) hide show
  1. admin/includes/api.php +6 -7
  2. admin/includes/class-wp-members-admin-api.php +5 -5
  3. admin/js/admin.js +5 -0
  4. admin/js/shortcodes_tinymce_4.js +8 -2
  5. admin/tab-fields.php +13 -1
  6. admin/user-profile.php +2 -1
  7. changelog.txt +1 -0
  8. inc/api.php +6 -1
  9. inc/class-wp-members-forms.php +4 -3
  10. inc/class-wp-members.php +69 -15
  11. inc/core.php +40 -28
  12. inc/email.php +1 -1
  13. inc/forms.php +1 -1
  14. inc/register.php +3 -2
  15. inc/shortcodes.php +101 -51
  16. inc/utilities.php +3 -67
  17. readme.txt +24 -9
  18. wp-members-install.php +109 -100
  19. wp-members.php +3 -3
admin/includes/api.php CHANGED
@@ -51,13 +51,12 @@ function wpmem_add_custom_email( $tag, $heading, $subject_input, $message_input
51
  * @return array $dialogs Dialog settings array with prepped custom dialog added.
52
  */
53
  function wpmem_add_custom_dialog( $dialogs, $tag, $msg, $label ) {
54
- if ( is_admin() && isset( $_GET['tab'] ) && 'dialogs' == $_GET['tab'] ) {
55
- $dialogs[ $tag ] = array(
56
- 'name' => $tag,
57
- 'label' => $label,
58
- 'value' => ( ! isset( $dialogs[ $tag ] ) ) ? $msg : $dialogs[ $tag ],
59
- );
60
- }
61
  return $dialogs;
62
  }
63
 
51
  * @return array $dialogs Dialog settings array with prepped custom dialog added.
52
  */
53
  function wpmem_add_custom_dialog( $dialogs, $tag, $msg, $label ) {
54
+ $msg = ( ! isset( $dialogs[ $tag ] ) ) ? $msg : $dialogs[ $tag ];
55
+ $dialogs[ $tag ] = array(
56
+ 'name' => $tag,
57
+ 'label' => $label,
58
+ 'value' => $msg,
59
+ );
 
60
  return $dialogs;
61
  }
62
 
admin/includes/class-wp-members-admin-api.php CHANGED
@@ -165,11 +165,11 @@ class WP_Members_Admin_API {
165
  <tr valign="top"><td colspan="2"><strong><?php echo $args['heading']; ?></strong></td></tr>
166
  <tr valign="top">
167
  <th scope="row"><?php echo $args['subject_label']; ?></th>
168
- <td><input type="text" name="<?php echo $args['subject_input']; ?>" size="80" value="<?php echo $args['subject_value']; ?>"></td>
169
  </tr>
170
  <tr valign="top">
171
  <th scope="row"><?php echo $args['body_label']; ?></th>
172
- <td><textarea name="<?php echo $args['body_input']; ?>" rows="12" cols="50" id="" class="large-text code"><?php echo $args['body_value']; ?></textarea></td>
173
  </tr>
174
  <tr><td colspan="2"><hr /></td></tr><?php
175
  }
@@ -234,7 +234,7 @@ class WP_Members_Admin_API {
234
  function do_dialog_input( $args ) { ?>
235
  <tr valign="top">
236
  <th scope="row"><?php echo $args['label']; ?></th>
237
- <td><textarea name="<?php echo $args['name'] . "_dialog"; ?>" rows="3" cols="50" id="" class="large-text code"><?php echo stripslashes( $args['value'] ); ?></textarea></td>
238
  </tr><?php
239
  }
240
 
@@ -268,11 +268,11 @@ class WP_Members_Admin_API {
268
  global $wpmem;
269
  $defaults = array(
270
  'name' => $args['name'],
271
- 'label' => $args['label'],
272
  //'input' => $args['name'] . '_dialog',
273
  'value' => $args['value'],
274
  //'value' => ( $args['value'] ) ? $args['value'] : $wpmem->get_text( $key ),
275
- );
276
 
277
  // Merge args with settings.
278
  $args = wp_parse_args( $args, $defaults );
165
  <tr valign="top"><td colspan="2"><strong><?php echo $args['heading']; ?></strong></td></tr>
166
  <tr valign="top">
167
  <th scope="row"><?php echo $args['subject_label']; ?></th>
168
+ <td><input type="text" name="<?php echo $args['subject_input']; ?>" size="80" value="<?php echo wp_unslash( $args['subject_value'] ); ?>"></td>
169
  </tr>
170
  <tr valign="top">
171
  <th scope="row"><?php echo $args['body_label']; ?></th>
172
+ <td><textarea name="<?php echo $args['body_input']; ?>" rows="12" cols="50" id="" class="large-text code"><?php echo wp_unslash( $args['body_value'] ); ?></textarea></td>
173
  </tr>
174
  <tr><td colspan="2"><hr /></td></tr><?php
175
  }
234
  function do_dialog_input( $args ) { ?>
235
  <tr valign="top">
236
  <th scope="row"><?php echo $args['label']; ?></th>
237
+ <td><textarea name="<?php echo $args['name'] . "_dialog"; ?>" rows="3" cols="50" id="" class="large-text code"><?php echo wp_unslash( $args['value'] ); ?></textarea></td>
238
  </tr><?php
239
  }
240
 
268
  global $wpmem;
269
  $defaults = array(
270
  'name' => $args['name'],
271
+ 'label' => $args['label'],
272
  //'input' => $args['name'] . '_dialog',
273
  'value' => $args['value'],
274
  //'value' => ( $args['value'] ) ? $args['value'] : $wpmem->get_text( $key ),
275
+ );
276
 
277
  // Merge args with settings.
278
  $args = wp_parse_args( $args, $defaults );
admin/js/admin.js CHANGED
@@ -428,6 +428,7 @@ jQuery.fn.extend(
428
  $("#wpmem_dropdown_info").hide();
429
  $("#wpmem_file_info").hide();
430
  $("#wpmem_delimiter_info").hide();
 
431
  });
432
  $(document).ready(function() {
433
  $("#wpmem_field_type_select").change(function() {
@@ -452,6 +453,10 @@ jQuery.fn.extend(
452
  $("#wpmem_file_info").show();
453
  else
454
  $("#wpmem_file_info").hide();
 
 
 
 
455
  });
456
  });
457
  })(jQuery);
428
  $("#wpmem_dropdown_info").hide();
429
  $("#wpmem_file_info").hide();
430
  $("#wpmem_delimiter_info").hide();
431
+ $("#wpmem_hidden_info").hide();
432
  });
433
  $(document).ready(function() {
434
  $("#wpmem_field_type_select").change(function() {
453
  $("#wpmem_file_info").show();
454
  else
455
  $("#wpmem_file_info").hide();
456
+ if ($("#wpmem_field_type_select").val() == 'hidden')
457
+ $("#wpmem_hidden_info").show();
458
+ else
459
+ $("#wpmem_hidden_info").hide();
460
  });
461
  });
462
  })(jQuery);
admin/js/shortcodes_tinymce_4.js CHANGED
@@ -133,7 +133,7 @@
133
  ]
134
  },
135
  {
136
- text: 'Logout Link',
137
  menu: [
138
  {
139
  text: "basic logout link",
@@ -147,6 +147,12 @@
147
  editor.insertContent('[wpmem_logout]This the link text[/wpmem_logout]');
148
  }
149
  },
 
 
 
 
 
 
150
  ]
151
  },
152
  {
@@ -158,7 +164,7 @@
158
  {
159
  text: 'User Count',
160
  onclick: function(){
161
- editor.insertContent('[wpmem_show_count label="Active Users: " meta=active value=1]');
162
  }
163
  },
164
  ]
133
  ]
134
  },
135
  {
136
+ text: 'Login / Logout Links',
137
  menu: [
138
  {
139
  text: "basic logout link",
147
  editor.insertContent('[wpmem_logout]This the link text[/wpmem_logout]');
148
  }
149
  },
150
+ {
151
+ text: "log in / log out link",
152
+ onclick: function(){
153
+ editor.insertContent('[wpmem_loginout]');
154
+ }
155
+ },
156
  ]
157
  },
158
  {
164
  {
165
  text: 'User Count',
166
  onclick: function(){
167
+ editor.insertContent('[wpmem_show_count label="Active Users: " key=active value=1]');
168
  }
169
  },
170
  ]
admin/tab-fields.php CHANGED
@@ -238,6 +238,11 @@ function wpmem_update_fields( $action ) {
238
  if ( $_POST['add_type'] == 'file' || $_POST['add_type'] == 'image' ) {
239
  $arr[7] = stripslashes( $_POST['add_file_value'] );
240
  }
 
 
 
 
 
241
 
242
  if ( $action == 'add_field' ) {
243
  if ( ! $add_field_err_msg ) {
@@ -443,7 +448,14 @@ Last Row|last_row<?php } } ?></textarea>
443
  </li>
444
  <?php echo ( $mode == 'add' ) ? '</div>' : ''; ?>
445
  <?php } ?>
446
-
 
 
 
 
 
 
 
447
  </ul><br />
448
  <?php if ( $mode == 'edit' ) { ?><input type="hidden" name="field_arr" value="<?php echo $field_arr[2]; ?>" /><?php } ?>
449
  <input type="hidden" name="wpmem_admin_a" value="<?php echo ( $mode == 'edit' ) ? 'edit_field' : 'add_field'; ?>" />
238
  if ( $_POST['add_type'] == 'file' || $_POST['add_type'] == 'image' ) {
239
  $arr[7] = stripslashes( $_POST['add_file_value'] );
240
  }
241
+
242
+ if ( $_POST['add_type'] == 'hidden' ) {
243
+ $add_field_err_msg = ( ! $_POST['add_hidden_value'] ) ? __( 'A value is required for hidden fields. Nothing was updated.', 'wp-members' ) : $add_field_err_msg;
244
+ $arr[7] = ( isset( $_POST['add_hidden_value'] ) ) ? stripslashes( $_POST['add_hidden_value'] ) : '';
245
+ }
246
 
247
  if ( $action == 'add_field' ) {
248
  if ( ! $add_field_err_msg ) {
448
  </li>
449
  <?php echo ( $mode == 'add' ) ? '</div>' : ''; ?>
450
  <?php } ?>
451
+ <?php if ( $mode == 'add' || ( $mode == 'edit' && $field_arr[3] == 'hidden' ) ) { ?>
452
+ <?php echo ( $mode == 'add' ) ? '<div id="wpmem_hidden_info">' : ''; ?>
453
+ <li>
454
+ <label><?php _e( 'Value', 'wp-members' ); ?></label>
455
+ <input type="text" name="add_hidden_value" value="<?php echo ( $mode == 'edit' && $field_arr[3] == 'hidden' ) ? $field_arr[7] : ''; ?>" />
456
+ </li>
457
+ <?php echo ( $mode == 'add' ) ? '</div>' : ''; ?>
458
+ <?php } ?>
459
  </ul><br />
460
  <?php if ( $mode == 'edit' ) { ?><input type="hidden" name="field_arr" value="<?php echo $field_arr[2]; ?>" /><?php } ?>
461
  <input type="hidden" name="wpmem_admin_a" value="<?php echo ( $mode == 'edit' ) ? 'edit_field' : 'add_field'; ?>" />
admin/user-profile.php CHANGED
@@ -109,7 +109,8 @@ function wpmem_admin_fields() {
109
  } elseif( 'multicheckbox' == $meta[3] || 'multiselect' == $meta[3] ) {
110
  $delimiter = ( isset( $meta[8] ) ) ? $meta[8] : '|';
111
  $input = $wpmem->forms->create_form_field( array( 'name'=>$meta[2], 'type'=>$meta[3], 'value'=>$values, 'compare'=>$valtochk, 'delimiter'=>$delimiter ) );
112
- }else {
 
113
  $input = wpmem_create_formfield( $meta[2], $meta[3], $val, $valtochk );
114
  }
115
  }
109
  } elseif( 'multicheckbox' == $meta[3] || 'multiselect' == $meta[3] ) {
110
  $delimiter = ( isset( $meta[8] ) ) ? $meta[8] : '|';
111
  $input = $wpmem->forms->create_form_field( array( 'name'=>$meta[2], 'type'=>$meta[3], 'value'=>$values, 'compare'=>$valtochk, 'delimiter'=>$delimiter ) );
112
+ } else {
113
+ $meta[3] = ( 'hidden' == $meta[3] ) ? 'text' : $meta[3];
114
  $input = wpmem_create_formfield( $meta[2], $meta[3], $val, $valtochk );
115
  }
116
  }
changelog.txt CHANGED
@@ -8,6 +8,7 @@
8
  * Documentation updates, cleaned up and addressed several @todo tags.
9
  * Updated [wpmem_field] shortcode to display display values instead of stored values for select (dropdown), multiple select, multiple checkbox, and radio group field types.
10
  * Fixed bug in admin js file introduced when forgot username shortcode was added.
 
11
 
12
  = 3.1.3 =
13
 
8
  * Documentation updates, cleaned up and addressed several @todo tags.
9
  * Updated [wpmem_field] shortcode to display display values instead of stored values for select (dropdown), multiple select, multiple checkbox, and radio group field types.
10
  * Fixed bug in admin js file introduced when forgot username shortcode was added.
11
+ * Updates to reCAPTCHA2. Trims keys on save to avoid possible copy/paste whitespace issues, displays API error code(s) if WP_DEBUG is turned on, change use of file_get_contents() to wp_remote_fopen() for broader acceptable use.
12
 
13
  = 3.1.3 =
14
 
inc/api.php CHANGED
@@ -169,12 +169,17 @@ function wpmem_form_field( $args ) {
169
  * Wrapper to get form fields.
170
  *
171
  * @since 3.1.1
 
172
  *
173
  * @global object $wpmem
 
174
  * @return array $fields The form fields.
175
  */
176
- function wpmem_fields( $form = false ) {
177
  global $wpmem;
 
 
 
178
  return $wpmem->fields;
179
  }
180
 
169
  * Wrapper to get form fields.
170
  *
171
  * @since 3.1.1
172
+ * @since 3.1.5 Checks if fields array is set or empty before returning.
173
  *
174
  * @global object $wpmem
175
+ * @param string $form The form being generated.
176
  * @return array $fields The form fields.
177
  */
178
+ function wpmem_fields( $form = 'default' ) {
179
  global $wpmem;
180
+ if ( ! isset( $wpmem->fields ) || empty( $wpmem->fields ) ) {
181
+ $wpmem->load_fields( $form );
182
+ }
183
  return $wpmem->fields;
184
  }
185
 
inc/class-wp-members-forms.php CHANGED
@@ -54,6 +54,7 @@ class WP_Members_Forms {
54
  case "url":
55
  case "email":
56
  $class = ( $class == 'textbox' ) ? "textbox" : $class;
 
57
  $str = "<input name=\"$name\" type=\"$type\" id=\"$name\" value=\"$value\" class=\"$class\"" . ( ( $required ) ? " required " : "" ) . " />";
58
  break;
59
 
@@ -65,7 +66,7 @@ class WP_Members_Forms {
65
 
66
  case "checkbox":
67
  $class = ( $class == 'textbox' ) ? "checkbox" : $class;
68
- $str = "<input name=\"$name\" type=\"$type\" id=\"$name\" value=\"$value\"" . checked( $value, $compare, false ) . ( ( $required ) ? " required " : "" ) . " />";
69
  break;
70
 
71
  case "text":
@@ -84,11 +85,11 @@ class WP_Members_Forms {
84
  break;
85
 
86
  case "hidden":
87
- $str = "<input name=\"$name\" type=\"$type\" value=\"$value\" />";
88
  break;
89
 
90
  case "option":
91
- $str = "<option value=\"$value\" " . selected( $value, $compare, false ) . " >$name</option>";
92
  break;
93
 
94
  case "select":
54
  case "url":
55
  case "email":
56
  $class = ( $class == 'textbox' ) ? "textbox" : $class;
57
+ $value = ( 'url' == $type ) ? esc_url( $value ) : esc_attr( wp_unslash( $value ) );
58
  $str = "<input name=\"$name\" type=\"$type\" id=\"$name\" value=\"$value\" class=\"$class\"" . ( ( $required ) ? " required " : "" ) . " />";
59
  break;
60
 
66
 
67
  case "checkbox":
68
  $class = ( $class == 'textbox' ) ? "checkbox" : $class;
69
+ $str = "<input name=\"$name\" type=\"$type\" id=\"$name\" value=\"" . esc_attr( $value ) . "\"" . checked( $value, $compare, false ) . ( ( $required ) ? " required " : "" ) . " />";
70
  break;
71
 
72
  case "text":
85
  break;
86
 
87
  case "hidden":
88
+ $str = "<input name=\"$name\" type=\"$type\" value=\"" . esc_attr( $value ) . "\" />";
89
  break;
90
 
91
  case "option":
92
+ $str = "<option value=\"" . esc_attr( $value ) . "\" " . selected( $value, $compare, false ) . " >$name</option>";
93
  break;
94
 
95
  case "select":
inc/class-wp-members.php CHANGED
@@ -494,22 +494,76 @@ class WP_Members {
494
  * Sets the registration fields.
495
  *
496
  * @since 3.0.0
 
 
 
497
  */
498
- function load_fields() {
499
- $this->fields = get_option( 'wpmembers_fields' );
 
 
 
 
 
 
 
 
 
 
500
 
501
  // Add new field array keys
502
- // @todo multi-form project for 3.1.2
503
- /*for( $row = 0; $row < count( $this->fields ); $row++ ) {
504
- $this->fields[ $row ]['id'] = $this->fields[ $row ][0];
505
- $this->fields[ $row ]['label'] = $this->fields[ $row ][1];
506
- $this->fields[ $row ]['meta_key'] = $this->fields[ $row ][2];
507
- $this->fields[ $row ]['type'] = $this->fields[ $row ][3];
508
- $this->fields[ $row ]['display'] = ( 'y' == $this->fields[ $row ][4] ) ? true : false;
509
- $this->fields[ $row ]['required'] = ( 'y' == $this->fields[ $row ][5] ) ? true : false;
510
- $this->fields[ $row ]['profile_only'] = '';
511
- $this->fields[ $row ]['native'] = ( 'y' == $this->fields[ $row ][6] ) ? true : false;
512
- }*/
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
513
  }
514
 
515
  /**
@@ -602,8 +656,6 @@ class WP_Members {
602
  'forgot_link' => __( 'Click here to reset', 'wp-members' ),
603
  'register_link_before' => __( 'New User?', 'wp-members' ) . '&nbsp;',
604
  'register_link' => __( 'Click here to register', 'wp-members' ),
605
- 'username_link_before' => __( 'Forgot username?', 'wp-members' ) . '&nbsp;',
606
- 'username_link' => __( 'Click here', 'wp-members' ),
607
 
608
  // Password change form.
609
  'pwdchg_heading' => __( 'Change Password', 'wp-members' ),
@@ -616,6 +668,8 @@ class WP_Members {
616
  'pwdreset_username' => __( 'Username' ),
617
  'pwdreset_email' => __( 'Email' ),
618
  'pwdreset_button' => __( 'Reset Password' ),
 
 
619
 
620
  // Retrieve username form.
621
  'username_heading' => __( 'Retrieve username', 'wp-members' ),
494
  * Sets the registration fields.
495
  *
496
  * @since 3.0.0
497
+ * @since 3.1.5 Added $form argument.
498
+ *
499
+ * @param string $form The form being generated.
500
  */
501
+ function load_fields( $form = 'default' ) {
502
+ $fields = get_option( 'wpmembers_fields' );
503
+
504
+ // Validate fields settings.
505
+ if ( ! isset( $fields ) || empty( $fields ) ) {
506
+ /**
507
+ * Load installation routine.
508
+ */
509
+ require_once( WPMEM_PATH . 'wp-members-install.php' );
510
+ // Update settings.
511
+ $fields = wpmem_install_fields();
512
+ }
513
 
514
  // Add new field array keys
515
+ foreach ( $fields as $key => $val ) {
516
+
517
+ // Key fields with meta key.
518
+ $meta_key = $val[2];
519
+
520
+ // Old format, new key.
521
+ foreach ( $val as $subkey => $subval ) {
522
+ $this->fields[ $meta_key ][ $subkey ] = $subval;
523
+ }
524
+
525
+ // Setup field properties.
526
+ $this->fields[ $meta_key ]['label'] = $val[1];
527
+ $this->fields[ $meta_key ]['type'] = $val[3];
528
+ $this->fields[ $meta_key ]['register'] = ( 'y' == $val[4] ) ? true : false;
529
+ $this->fields[ $meta_key ]['required'] = ( 'y' == $val[5] ) ? true : false;
530
+ $this->fields[ $meta_key ]['profile'] = '';
531
+ $this->fields[ $meta_key ]['native'] = ( 'y' == $val[6] ) ? true : false;
532
+
533
+ // Certain field types have additional properties.
534
+ switch ( $val[3] ) {
535
+
536
+ case 'checkbox':
537
+ $this->fields[ $meta_key ]['checked_value'] = $val[7];
538
+ $this->fields[ $meta_key ]['checked_default'] = ( 'y' == $val[8] ) ? true : false;
539
+ break;
540
+
541
+ case 'select':
542
+ case 'multiselect':
543
+ case 'multicheckbox':
544
+ case 'radio':
545
+ $this->fields[ $meta_key ]['values'] = $val[7];
546
+ $this->fields[ $meta_key ]['delimiter'] = ( isset( $val[8] ) ) ? $val[8] : '|';
547
+ $this->fields[ $meta_key ]['options'] = array();
548
+ foreach ( $val[7] as $value ) {
549
+ $pieces = explode( $this->fields[ $meta_key ]['delimiter'], trim( $value ) );
550
+ if ( $pieces[1] != '' ) {
551
+ $this->fields[ $meta_key ]['options'][ $pieces[1] ] = $pieces[0];
552
+ }
553
+ }
554
+ break;
555
+
556
+ case 'file':
557
+ case 'image':
558
+ $this->fields[ $meta_key ]['file_types'] = $val[7];
559
+ break;
560
+
561
+ case 'hidden':
562
+ $this->fields[ $meta_key ]['value'] = $val[7];
563
+ break;
564
+
565
+ }
566
+ }
567
  }
568
 
569
  /**
656
  'forgot_link' => __( 'Click here to reset', 'wp-members' ),
657
  'register_link_before' => __( 'New User?', 'wp-members' ) . '&nbsp;',
658
  'register_link' => __( 'Click here to register', 'wp-members' ),
 
 
659
 
660
  // Password change form.
661
  'pwdchg_heading' => __( 'Change Password', 'wp-members' ),
668
  'pwdreset_username' => __( 'Username' ),
669
  'pwdreset_email' => __( 'Email' ),
670
  'pwdreset_button' => __( 'Reset Password' ),
671
+ 'username_link_before' => __( 'Forgot username?', 'wp-members' ) . '&nbsp;',
672
+ 'username_link' => __( 'Click here', 'wp-members' ),
673
 
674
  // Retrieve username form.
675
  'username_heading' => __( 'Retrieve username', 'wp-members' ),
inc/core.php CHANGED
@@ -283,35 +283,46 @@ function wpmem_change_password() {
283
  global $user_ID;
284
  if ( isset( $_POST['formsubmit'] ) ) {
285
 
286
- $pass1 = trim( $_POST['pass1'] );
287
- $pass2 = trim( $_POST['pass2'] );
288
-
289
- if ( ! $pass1 && ! $pass2 ) { // Check for both fields being empty.
290
-
291
- return "pwdchangempty";
292
-
293
- } elseif ( $pass1 != $pass2 ) { // Make sure the fields match.
294
-
295
- return "pwdchangerr";
296
-
297
- } else { // Update password in db (wp_update_user hashes the password).
298
 
299
- wp_update_user( array ( 'ID' => $user_ID, 'user_pass' => $pass1 ) );
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
300
 
301
- /**
302
- * Fires after password change.
303
- *
304
- * @since 2.9.0
305
- * @since 3.0.5 Added $pass1 to arguments passed.
306
- *
307
- * @param int $user_ID The user's numeric ID.
308
- * @param string $pass1 The user's new plain text password.
309
- */
310
- do_action( 'wpmem_pwd_change', $user_ID, $pass1 );
311
 
312
- return "pwdchangesuccess";
 
 
 
 
 
 
 
 
 
313
 
314
- }
315
  }
316
  return;
317
  }
@@ -357,7 +368,7 @@ function wpmem_reset_password() {
357
 
358
  $user = get_user_by( 'login', $arr['user'] );
359
 
360
- if ( strtolower( $user->user_email ) !== strtolower( $arr['email'] ) || ( ( $wpmem->mod_reg == 1 ) && ( get_user_meta( $user->ID,'active', true ) != 1 ) ) ) {
361
  // The username was there, but the email did not match OR the user hasn't been activated.
362
  return "pwdreseterr";
363
 
@@ -594,8 +605,9 @@ function wpmem_securify_comments_array( $comments , $post_id ) {
594
  function wpmem_retrieve_username() {
595
 
596
  if ( isset( $_POST['formsubmit'] ) ) {
597
-
598
- $user = ( isset( $_POST['user_email'] ) ) ? get_user_by( 'email', $_POST['user_email'] ) : false;
 
599
 
600
  if ( $user ) {
601
 
283
  global $user_ID;
284
  if ( isset( $_POST['formsubmit'] ) ) {
285
 
286
+ $is_error = false;
287
+
288
+ $pass1 = wpmem_get( 'pass1', false ); //trim( $_POST['pass1'] );
289
+ $pass2 = wpmem_get( 'pass2', false ); //trim( $_POST['pass2'] );
 
 
 
 
 
 
 
 
290
 
291
+ // Check for both fields being empty.
292
+ $is_error = ( ! $pass1 && ! $pass2 ) ? "pwdchangempty" : $is_error;
293
+ // Make sure the fields match.
294
+ $is_error = ( $pass1 != $pass2 ) ? "pwdchangerr" : $is_error;
295
+
296
+ /**
297
+ * Filters the password change error.
298
+ *
299
+ * @since 3.1.5
300
+ *
301
+ * @param string $is_error
302
+ * @param int $user_ID The user's numeric ID.
303
+ * @param string $pass1 The user's new plain text password.
304
+ */
305
+ $is_error = apply_filters( 'wpmem_pwd_change_error', $is_error, $user_ID, $pass1 );
306
+
307
+ if ( $is_error ) {
308
+ return $is_error;
309
+ }
310
 
311
+ // Update user password.
312
+ wp_update_user( array ( 'ID' => $user_ID, 'user_pass' => $pass1 ) );
 
 
 
 
 
 
 
 
313
 
314
+ /**
315
+ * Fires after password change.
316
+ *
317
+ * @since 2.9.0
318
+ * @since 3.0.5 Added $pass1 to arguments passed.
319
+ *
320
+ * @param int $user_ID The user's numeric ID.
321
+ * @param string $pass1 The user's new plain text password.
322
+ */
323
+ do_action( 'wpmem_pwd_change', $user_ID, $pass1 );
324
 
325
+ return "pwdchangesuccess";
326
  }
327
  return;
328
  }
368
 
369
  $user = get_user_by( 'login', $arr['user'] );
370
 
371
+ if ( strtolower( $user->user_email ) !== strtolower( $arr['email'] ) || ( ( $wpmem->mod_reg == 1 ) && ( get_user_meta( $user->ID, 'active', true ) != 1 ) ) ) {
372
  // The username was there, but the email did not match OR the user hasn't been activated.
373
  return "pwdreseterr";
374
 
605
  function wpmem_retrieve_username() {
606
 
607
  if ( isset( $_POST['formsubmit'] ) ) {
608
+
609
+ $email = sanitize_email( $_POST['user_email'] );
610
+ $user = ( isset( $_POST['user_email'] ) ) ? get_user_by( 'email', $email ) : false;
611
 
612
  if ( $user ) {
613
 
inc/email.php CHANGED
@@ -37,7 +37,7 @@ if ( ! function_exists( 'wpmem_inc_regemail' ) ):
37
  * @global string $wpmem_mail_from_name The email from name.
38
  * @param int $user_ID The User's ID.
39
  * @param string $password Password from the registration process.
40
- * @param string $toggle Toggle indicating the email being sent (newreg|newmod|appmod|repass).
41
  * @param array $wpmem_fields Array of the WP-Members fields (defaults to null).
42
  * @param array $fields Array of the registration data (defaults to null).
43
  * @param array $custom Array of custom email information (defaults to null).
37
  * @global string $wpmem_mail_from_name The email from name.
38
  * @param int $user_ID The User's ID.
39
  * @param string $password Password from the registration process.
40
+ * @param string $toggle Toggle indicating the email being sent (newreg|newmod|appmod|repass|getuser).
41
  * @param array $wpmem_fields Array of the WP-Members fields (defaults to null).
42
  * @param array $fields Array of the registration data (defaults to null).
43
  * @param array $custom Array of custom email information (defaults to null).
inc/forms.php CHANGED
@@ -697,7 +697,7 @@ function wpmem_inc_registration( $tag = 'new', $heading = '', $redirect_to = nul
697
  $hidden.= $wpmem->forms->create_form_field( array(
698
  'name' => $meta_key,
699
  'type' => $field[3],
700
- 'value' => $val,
701
  'compare' => $valtochk,
702
  //'class' => ( $class ) ? $class : 'textbox',
703
  'required' => ( 'y' == $field[5] ) ? true : false,
697
  $hidden.= $wpmem->forms->create_form_field( array(
698
  'name' => $meta_key,
699
  'type' => $field[3],
700
+ 'value' => $field[7],
701
  'compare' => $valtochk,
702
  //'class' => ( $class ) ? $class : 'textbox',
703
  'required' => ( 'y' == $field[5] ) ? true : false,
inc/register.php CHANGED
@@ -57,7 +57,7 @@ function wpmem_registration( $tag ) {
57
  }
58
 
59
  // Add the user email to the $fields array for _data hooks.
60
- $fields['user_email'] = ( isset( $_POST['user_email'] ) ) ? $_POST['user_email'] : '';
61
 
62
  /** This filter defined in inc/class-wp-members-forms.php */
63
  $wpmem_fields = apply_filters( 'wpmem_register_fields_arr', $wpmem->fields, $tag );
@@ -70,12 +70,13 @@ function wpmem_registration( $tag ) {
70
  if ( isset( $_POST[ $meta[2] ] ) ) {
71
  switch ( $meta[3] ) {
72
  case 'checkbox':
73
- $fields[ $meta[2] ] = $_POST[ $meta[2] ];
74
  break;
75
  case 'multiselect':
76
  case 'multicheckbox':
77
  $delimiter = ( isset( $meta[8] ) ) ? $meta[8] : '|';
78
  $fields[ $meta[2] ] = ( isset( $_POST[ $meta[2] ] ) ) ? implode( $delimiter, $_POST[ $meta[2] ] ) : '';
 
79
  break;
80
  case 'textarea':
81
  $fields[ $meta[2] ] = $_POST[ $meta[2] ];
57
  }
58
 
59
  // Add the user email to the $fields array for _data hooks.
60
+ $fields['user_email'] = ( isset( $_POST['user_email'] ) ) ? sanitize_email( $_POST['user_email'] ) : '';
61
 
62
  /** This filter defined in inc/class-wp-members-forms.php */
63
  $wpmem_fields = apply_filters( 'wpmem_register_fields_arr', $wpmem->fields, $tag );
70
  if ( isset( $_POST[ $meta[2] ] ) ) {
71
  switch ( $meta[3] ) {
72
  case 'checkbox':
73
+ $fields[ $meta[2] ] = sanitize_text_field( $_POST[ $meta[2] ] );
74
  break;
75
  case 'multiselect':
76
  case 'multicheckbox':
77
  $delimiter = ( isset( $meta[8] ) ) ? $meta[8] : '|';
78
  $fields[ $meta[2] ] = ( isset( $_POST[ $meta[2] ] ) ) ? implode( $delimiter, $_POST[ $meta[2] ] ) : '';
79
+ $fields[ $meta[2] ] = sanitize_text_field( $fields[ $meta[2] ] );
80
  break;
81
  case 'textarea':
82
  $fields[ $meta[2] ] = $_POST[ $meta[2] ];
inc/shortcodes.php CHANGED
@@ -266,7 +266,11 @@ if ( ! function_exists( 'wpmem_shortcode' ) ):
266
  */
267
  function wpmem_shortcode( $attr, $content = null, $tag = 'wp-members' ) {
268
 
269
- wpmem_write_log( "wpmem_shortcode() is deprecated as of WP-Members 3.1.2. This means a [wp-members] shortcode is being used and should be replaced." );
 
 
 
 
270
 
271
  global $wpmem;
272
 
@@ -473,27 +477,36 @@ endif;
473
  /**
474
  * User count shortcode [wpmem_show_count].
475
  *
476
- * @since 3.0.0
 
 
 
477
  *
478
- * @global object $wpdb The WordPress database object.
 
479
  *
480
- * @param array $atts Shortcode attributes.
 
481
  * @param string $content The shortcode content.
482
  * @return string $content
483
  */
484
  function wpmem_sc_user_count( $atts, $content = null ) {
485
- global $wpdb;
486
- $do_query = ( $atts['key'] && $atts['value'] ) ? true : false;
487
- if ( $do_query ) {
488
- $user_meta_query = $wpdb->get_var( $wpdb->prepare(
489
  "SELECT COUNT(*) FROM $wpdb->usermeta WHERE meta_key = %s AND meta_value = %s",
490
  $atts['key'],
491
  $atts['value']
492
  ) );
 
 
 
 
493
  }
494
- if ( $do_query ) {
495
- $content = ( isset( $atts['label'] ) ) ? $atts['label'] . ' ' . $user_meta_query : $content . $user_meta_query;
496
- }
497
  return do_shortcode( $content );
498
  }
499
 
@@ -529,71 +542,108 @@ function wpmem_sc_user_profile( $atts, $content, $tag ) {
529
  function wpmem_sc_loginout( $atts, $content, $tag ) {
530
  $defaults = array(
531
  'login_redirect_to' => ( isset( $atts['login_redirect_to'] ) ) ? $atts['login_redirect_to'] : wpmem_current_url(),
532
- 'logout_redirect_to' => ( isset( $atts['logout_redirect_to'] ) ) ? $atts['logout_redirect_to'] : wpmem_current_url(),
533
- 'login_link_text' => ( isset( $atts['login_link_text'] ) ) ? $atts['login_link_text'] : __( 'log in', 'wp-members' ),
534
- 'logout_link_text' => ( isset( $atts['logout_link_text'] ) ) ? $atts['logout_link_text'] : __( 'log out', 'wp-members' ),
535
  );
536
  $args = wp_parse_args( $atts, $defaults );
537
  $redirect_to = ( is_user_logged_in() ) ? $args['logout_redirect_to'] : $args['login_redirect_to'];
538
- $text = ( is_user_logged_in() ) ? $args['logout_link_text'] : $args['login_link_text'];
539
  if ( is_user_logged_in() ) {
540
  /** This filter is defined in /inc/dialogs.php */
541
  $link = apply_filters( 'wpmem_logout_link', add_query_arg( 'a', 'logout' ) );
542
- $link = sprintf( '<a href="%s">%s</a>', $link, $text );
543
  } else {
544
- $link = wpmem_login_url();
545
- $link = $link . add_query_arg( 'redirect_to', $args['login_redirect_to'], $link );
546
- $link = sprintf( '<a href="%s">%s</a>', $link, $text );
547
  }
548
- return $link;
 
549
  }
550
 
551
 
552
  /**
553
  * Function to handle field shortcodes [wpmem_field].
554
  *
555
- * @since 3.1.2
 
 
 
 
556
  *
557
- * @param array $atts
558
- * @param string $content
559
- * @param string $tag
560
- * @retrun string $content
 
 
 
 
 
 
 
 
 
 
 
 
561
  */
562
- function wpmem_sc_fields( $atts, $content, $tag ) {
563
- if ( isset( $atts['id'] ) && false != $atts['id'] ) {
564
- // We are getting some other user.
565
- if ( $atts['id'] == 'get' ) {
566
- $the_user_ID = ( isset( $_GET['uid'] ) ) ? $_GET['uid'] : '';
567
- } else {
568
- $the_user_ID = $atts['id'];
569
- }
570
  } else {
571
- // Get the current user.
572
- $the_user_ID = get_current_user_id();
573
  }
574
- $user_info = get_userdata( $the_user_ID );
575
 
576
- // @todo - Need a long term scalable solution that fits with new fields array.
 
 
577
  global $wpmem;
578
- if ( ! isset( $wpmem->field_keys ) ) {
579
- $wpmem->field_keys = $wpmem->api->get_field_keys_by_meta();
 
 
 
 
 
 
580
  }
581
- if ( isset( $wpmem->field_keys[ $atts['field'] ] ) ) {
582
- $field_type = $wpmem->fields[ $wpmem->field_keys[ $atts['field'] ] ][3];
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
583
  }
584
- $array_fields = array( 'select', 'multiselect', 'multicheckbox', 'radio' );
585
- if ( isset( $field_type ) && in_array( $field_type, $array_fields ) ) {
586
- $display_values = $wpmem->api->get_select_display_values( $atts['field'] );
587
- $user_info->{$atts['field']} = $display_values[ $user_info->{$atts['field']} ];
588
  }
589
- // @todo - End todo.
590
-
591
 
592
- if ( isset( $atts['underscores'] ) && 'off' == $atts['underscores'] && $user_info ) {
593
- $user_info->{$atts['field']} = str_replace( '_', ' ', $user_info->{$atts['field']} );
594
  }
595
-
596
- return ( $user_info ) ? htmlspecialchars( $user_info->{$atts['field']} ) . do_shortcode( $content ) : do_shortcode( $content );
597
  }
598
 
599
 
266
  */
267
  function wpmem_shortcode( $attr, $content = null, $tag = 'wp-members' ) {
268
 
269
+ $error = "wpmem_shortcode() is deprecated as of WP-Members 3.1.2. The [wp-members] shortcode tag should be replaced. ";
270
+ $error.= 'See replacement shortcodes: http://rkt.bz/logsc ';
271
+ $error.= "post ID: " . get_the_ID() . " ";
272
+ $error.= "page url: " . wpmem_current_url();
273
+ wpmem_write_log( $error );
274
 
275
  global $wpmem;
276
 
477
  /**
478
  * User count shortcode [wpmem_show_count].
479
  *
480
+ * User count displays a total user count or a count of users by specific
481
+ * role (role="some_role"). It also accepts attributes for counting users
482
+ * by a meta field (key="meta_key" value="meta_value"). A label can be
483
+ * displayed using the attribute label (label="Some label:").
484
  *
485
+ * @since 3.0.0
486
+ * @since 3.1.5 Added total user count features.
487
  *
488
+ * @global object $wpdb The WordPress database object.
489
+ * @param array $atts Shortcode attributes.
490
  * @param string $content The shortcode content.
491
  * @return string $content
492
  */
493
  function wpmem_sc_user_count( $atts, $content = null ) {
494
+ if ( isset( $atts['key'] ) && isset( $atts['value'] ) ) {
495
+ // If by meta key.
496
+ global $wpdb;
497
+ $user_count = $wpdb->get_var( $wpdb->prepare(
498
  "SELECT COUNT(*) FROM $wpdb->usermeta WHERE meta_key = %s AND meta_value = %s",
499
  $atts['key'],
500
  $atts['value']
501
  ) );
502
+ } else {
503
+ // If no meta, it's a total count.
504
+ $users = count_users();
505
+ $user_count = ( isset( $atts['role'] ) ) ? $users['avail_roles'][ $atts['role'] ] : $users['total_users'];
506
  }
507
+
508
+ // Assemble the output and return.
509
+ $content = ( isset( $atts['label'] ) ) ? $atts['label'] . ' ' . $user_count : $content . ' ' . $user_count;
510
  return do_shortcode( $content );
511
  }
512
 
542
  function wpmem_sc_loginout( $atts, $content, $tag ) {
543
  $defaults = array(
544
  'login_redirect_to' => ( isset( $atts['login_redirect_to'] ) ) ? $atts['login_redirect_to'] : wpmem_current_url(),
545
+ 'logout_redirect_to' => ( isset( $atts['logout_redirect_to'] ) ) ? $atts['logout_redirect_to'] : wpmem_current_url(), // @todo - This is not currently active.
546
+ 'login_text' => ( isset( $atts['login_text'] ) ) ? $atts['login_text'] : __( 'log in', 'wp-members' ),
547
+ 'logout_text' => ( isset( $atts['logout_text'] ) ) ? $atts['logout_text'] : __( 'log out', 'wp-members' ),
548
  );
549
  $args = wp_parse_args( $atts, $defaults );
550
  $redirect_to = ( is_user_logged_in() ) ? $args['logout_redirect_to'] : $args['login_redirect_to'];
551
+ $text = ( is_user_logged_in() ) ? $args['logout_text'] : $args['login_text'];
552
  if ( is_user_logged_in() ) {
553
  /** This filter is defined in /inc/dialogs.php */
554
  $link = apply_filters( 'wpmem_logout_link', add_query_arg( 'a', 'logout' ) );
 
555
  } else {
556
+ $link = wpmem_login_url( $args['login_redirect_to'] );
 
 
557
  }
558
+ $link = sprintf( '<a href="%s">%s</a>', $link, $text );
559
+ return do_shortcode( $link );
560
  }
561
 
562
 
563
  /**
564
  * Function to handle field shortcodes [wpmem_field].
565
  *
566
+ * Shortcode to display the data for a given user field. Requires
567
+ * that a field meta key be passed as an attribute. Can either of
568
+ * the following:
569
+ * - [wpmem_field field="meta_key"]
570
+ * - [wpmem_field meta_key]
571
  *
572
+ * Other attributes:
573
+ *
574
+ * - id (numeric user ID or "get" to retrieve uid from query string.
575
+ * - underscores="true" strips underscores from the displayed value.
576
+ * - display="raw" displays the stored value for dropdowns, radios, files.
577
+ * - size(thumbnail|medium|large|full|w,h): image field only.
578
+ *
579
+ * @since 3.1.2
580
+ * @since 3.1.4 Changed to display value rather than stored value for dropdown/multicheck/radio.
581
+ * @since 3.1.5 Added display attribute, meta key as a direct attribute, and image/file display.
582
+ *
583
+ * @global object $wpmem The WP_Members object.
584
+ * @param array $atts Shortcode attributes.
585
+ * @param string $content Any content passed with the shortcode (default:null).
586
+ * @param string $tag The shortcode tag (wpmem_form).
587
+ * @return string $content Content to return.
588
  */
589
+ function wpmem_sc_fields( $atts, $content = null, $tag ) {
590
+
591
+ // What field?
592
+ $field = ( isset( $atts[0] ) ) ? $atts[0] : $atts['field'];
593
+
594
+ // What user?
595
+ if ( isset( $atts['id'] ) ) {
596
+ $the_ID = ( $atts['id'] == 'get' ) ? wpmem_get( 'uid', '', 'get' ) : $atts['id'];
597
  } else {
598
+ $the_ID = get_current_user_id();
 
599
  }
600
+ $user_info = get_userdata( $the_ID );
601
 
602
+ // If there is userdata.
603
+ if ( $user_info ) {
604
+
605
  global $wpmem;
606
+ $field_type = ( isset( $wpmem->fields[ $field ]['type'] ) ) ? $wpmem->fields[ $field ]['type'] : 'native';
607
+
608
+ $result = $user_info->{$field};
609
+
610
+ // Handle select, multiple select, multiple checkbox, and radio groups.
611
+ $array_fields = array( 'select', 'multiselect', 'multicheckbox', 'radio' );
612
+ if ( ( ! isset( $atts['options'] ) ) && in_array( $field_type, $array_fields ) ) {
613
+ $result = ( isset( $atts['display'] ) && 'raw' == $atts['display'] ) ? $user_info->{$field} : $wpmem->fields[ $field ]['options'][ $user_info->{$field} ];
614
  }
615
+
616
+ // Handle file/image fields.
617
+ if ( isset( $field_type ) && ( 'file' == $field_type || 'image' == $field_type ) ) {
618
+ if ( isset( $atts['display'] ) && 'raw' == $atts['display'] ) {
619
+ $result = $user_info->{$field};
620
+ } else {
621
+ if ( 'file' == $field_type ) {
622
+ $attachment_url = wp_get_attachment_url( $user_info->{$field} );
623
+ $result = ( $attachment_url ) ? '<a href="' . esc_url( $attachment_url ) . '">' . get_the_title( $user_info->{$field} ) . '</a>' : '';
624
+ } else {
625
+ $size = 'thumbnail';
626
+ if ( isset( $atts['size'] ) ) {
627
+ $sizes = array( 'thumbnail', 'medium', 'large', 'full' );
628
+ $size = ( ! in_array( $atts['size'], $sizes ) ) ? explode( ",", $atts['size'] ) : $atts['size'];
629
+ }
630
+ $image = wp_get_attachment_image_src( $user_info->{$field}, $size );
631
+ $result = ( $image ) ? '<img src="' . esc_url( $image[0] ) . '" width="' . esc_attr( $image[1] ) . '" height="' . esc_attr( $image[2] ) . '" />' : '';
632
+ }
633
+ }
634
+ return do_shortcode( $result );
635
  }
636
+
637
+ // Remove underscores from value if requested (default: on).
638
+ if ( isset( $atts['underscores'] ) && 'off' == $atts['underscores'] && $user_info ) {
639
+ $result = str_replace( '_', ' ', $result );
640
  }
641
+
642
+ $content = ( $content ) ? $result . $content : $result;
643
 
644
+ return do_shortcode( htmlspecialchars( $content ) );
 
645
  }
646
+ return;
 
647
  }
648
 
649
 
inc/utilities.php CHANGED
@@ -215,11 +215,6 @@ function wpmem_do_excerpt( $content ) {
215
 
216
  $defaults = array(
217
  'length' => $autoex['length'],
218
- 'strip_tags' => false,
219
- 'close_tags' => array( 'i', 'b', 'strong', 'em', 'h1', 'h2', 'h3', 'h4', 'h5' ),
220
- 'parse_shortcodes' => false,
221
- 'strip_shortcodes' => false,
222
- 'add_ellipsis' => false,
223
  'more_link' => $more_link,
224
  'blocked_only' => false,
225
  );
@@ -227,19 +222,14 @@ function wpmem_do_excerpt( $content ) {
227
  * Filter auto excerpt defaults.
228
  *
229
  * @since 3.0.9
 
230
  *
231
  * @param array {
232
  * An array of settings to override the function defaults.
233
  *
234
  * @type int $length The default length of the excerpt.
235
- * @type bool|string $strip_tags Can be a boolean to strip HTML tags from the excerpt
236
- * or a string of allowed tags. default: false.
237
- * @type array $close_tags An array of tags to close (without < >:
238
- * for example i, b, h1, etc).
239
- * @type bool $parse_shortcodes Parse shortcodes in the excerpt. default: false.
240
- * @type bool $strip_shortcodes Remove shortcodes in the excerpt. default: false.
241
- * @type bool $add_ellipsis Add ellipsis (...) to the end of the excerpt.
242
  * @type string $more_link The more link HTML.
 
243
  * }
244
  * @param string $post->ID The post ID.
245
  * @param string $post->post_type The content's post type.
@@ -264,61 +254,7 @@ function wpmem_do_excerpt( $content ) {
264
  }
265
 
266
  if ( $do_excerpt ) {
267
-
268
- // If strip_tags is enabled, remove HTML tags.
269
- if ( $args['strip_tags'] ) {
270
- $allowable_tags = ( ! is_bool( $args['strip_tags'] ) ) ? $args['strip_tags'] : '';
271
- $content = strip_tags( $content, $allowable_tags );
272
- }
273
-
274
- // If parse shortcodes is enabled, parse shortcodes in the excerpt.
275
- $content = ( $args['parse_shortcodes'] ) ? do_shortcode( $content ) : $content;
276
-
277
- // If strip shortcodes is enabled, strip shortcodes from the excerpt.
278
- $content = ( $args['strip_shortcodes'] ) ? strip_shortcodes( $content ) : $content;
279
-
280
- // Create the excerpt.
281
- $words = preg_split( "/[\n\r\t ]+/", $content, $args['length'] + 1, PREG_SPLIT_NO_EMPTY|PREG_SPLIT_OFFSET_CAPTURE );
282
- if ( count( $words ) > $args['length'] ) {
283
- end( $words );
284
- $last_word = prev( $words );
285
- $content = substr( $content, 0, $last_word[1] + strlen( $last_word[0] ) );
286
- }
287
-
288
- /* @todo - Possible better excerpt creation.
289
- $excerpt = ''; $x = 1; $end_chk = false;
290
- $words = explode( ' ', $content, ( $args['length'] + 100 ) );
291
- foreach ( $words as $word ) {
292
- if ( $x < $args['length'] + 1 ) {
293
- $excerpt.= trim( $word ) . ' ';
294
- $offset = ( $x == 1 ) ? 1 : 0;
295
- if ( strpos( $word, '<', $offset ) || $end_chk ) {
296
- $end_chk = true;
297
- if ( strpos( $word, '>' ) && ! strpos( $word, '><' ) ) {
298
- $end_chk = false;
299
- $x++;
300
- }
301
- } else {
302
- $x++;
303
- }
304
- } else {
305
- break;
306
- }
307
- }
308
- $content = $excerpt;
309
- */
310
-
311
- // Check for common html tags and make sure they're closed.
312
- foreach ( $args['close_tags'] as $tag ) {
313
- if ( stristr( $content, '<' . $tag . '>' ) || stristr( $content, '<' . $tag . ' ' ) ) {
314
- $after = stristr( $content, '</' . $tag . '>' );
315
- $content = ( ! stristr( $after, '</' . $tag . '>' ) ) ? $content . '</' . $tag . '>' : $content;
316
- }
317
- }
318
- $content = ( $args['add_ellipsis'] ) ? $content . '...' : $content;
319
-
320
- // Add the more link to the excerpt.
321
- $content = $content . ' ' . $args['more_link'];
322
  }
323
 
324
  }
215
 
216
  $defaults = array(
217
  'length' => $autoex['length'],
 
 
 
 
 
218
  'more_link' => $more_link,
219
  'blocked_only' => false,
220
  );
222
  * Filter auto excerpt defaults.
223
  *
224
  * @since 3.0.9
225
+ * @since 3.1.5 Deprecated add_ellipsis, strip_tags, close_tags, parse_shortcodes, strip_shortcodes.
226
  *
227
  * @param array {
228
  * An array of settings to override the function defaults.
229
  *
230
  * @type int $length The default length of the excerpt.
 
 
 
 
 
 
 
231
  * @type string $more_link The more link HTML.
232
+ * @type boolean $blocked_only Run autoexcerpt only on blocked content. default: false.
233
  * }
234
  * @param string $post->ID The post ID.
235
  * @param string $post->post_type The content's post type.
254
  }
255
 
256
  if ( $do_excerpt ) {
257
+ $content = wp_trim_words( $content, $args['length'], $args['more_link'] );
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
258
  }
259
 
260
  }
readme.txt CHANGED
@@ -2,8 +2,8 @@
2
  Contributors: cbutlerjr
3
  Tags: access, authentication, content, login, member, membership, password, protect, register, registration, restriction, subscriber
4
  Requires at least: 3.6
5
- Tested up to: 4.6.0
6
- Stable tag: 3.1.4.2
7
  License: GPLv2
8
 
9
  WP-Members&trade; is a free membership management framework for WordPress&reg; that restricts content to registered users.
@@ -112,8 +112,8 @@ Premium priority support is available at the plugin's site [RocketGeek.com](http
112
 
113
  == Upgrade Notice ==
114
 
115
- WP-Members 3.1.4.2 addresses an issue with loading the PayPal extension from the 3.1.4 update.
116
- WP-Members 3.1.4 is primarily a feature update (see changelog). Minimum WP version is 3.6.
117
 
118
  == Screenshots ==
119
 
@@ -136,14 +136,28 @@ WP-Members 3.1.4 is primarily a feature update (see changelog). Minimum WP versi
136
 
137
  == Changelog ==
138
 
139
- = 3.1.4.2 =
140
 
141
- * Addressed an issue with the change to the way the PayPal extension is now loaded in 3.1.4. This update allows for backward compatibility with versions of the PayPal extension (expirations module) prior to version 0.7.0.
142
- * Updates to reCAPTCHA2. Trims keys on save to avoid possible copy/paste whitespace issues, displays API error code(s) if WP_DEBUG is turned on, change use of file_get_contents() to wp_remote_fopen() for broader acceptable use.
 
 
 
143
 
144
- = 3.1.4.1 =
145
 
146
- * Corrected an issue with the [wpmem_field] shortcode where fields that are not actually saved in the plugin's fields array (fields found in the plugin's fields tab) would not display.
 
 
 
 
 
 
 
 
 
 
 
147
 
148
  = 3.1.4 =
149
 
@@ -155,6 +169,7 @@ WP-Members 3.1.4 is primarily a feature update (see changelog). Minimum WP versi
155
  * Documentation updates, cleaned up and addressed several @todo tags.
156
  * Updated [wpmem_field] shortcode to display display values instead of stored values for select (dropdown), multiple select, multiple checkbox, and radio group field types.
157
  * Fixed bug in admin js file introduced when forgot username shortcode was added.
 
158
 
159
  = 3.1.3 =
160
 
2
  Contributors: cbutlerjr
3
  Tags: access, authentication, content, login, member, membership, password, protect, register, registration, restriction, subscriber
4
  Requires at least: 3.6
5
+ Tested up to: 4.6.1
6
+ Stable tag: 3.1.5.2
7
  License: GPLv2
8
 
9
  WP-Members&trade; is a free membership management framework for WordPress&reg; that restricts content to registered users.
112
 
113
  == Upgrade Notice ==
114
 
115
+ WP-Members 3.1.5 is a security and feature update. Minimum WP version is 3.6.
116
+ WP-Members 3.1.5.1 and 3.1.5.2 are minor fixes to shortcodes.
117
 
118
  == Screenshots ==
119
 
136
 
137
  == Changelog ==
138
 
139
+ = 3.1.5.2 =
140
 
141
+ * Fixes undefined index for [wpmem_field] if the field is not a field in the plugin's fields array (such as user_login, user_registered, etc).
142
+ * Fixes undefined index for [wpmem_loginout] for text attributes.
143
+ * Updated [wp-members] deprecated shortcode notice to include post/page information on where the shortcode is being used.
144
+
145
+ = 3.1.5.1 =
146
 
147
+ * Fixes [wpmem_field] support for raw data display (when display=raw attribute is used) for select (dropdown), multiple select, multiple checkbox, and radio groups.
148
 
149
+ = 3.1.5 =
150
+
151
+ * Addressed some security issues to prevent XSS vulnerabilities.
152
+ * Updated [wpmem_show_count] shortcode to include count of total blog users and users by role. See: http://rkt.bz/xC
153
+ * Updated [wpmem_field] shortcode to accept [wpmem_field meta_key] instead of [wpmem_field field="meta_key"] (although the latter will still work). See http://rkt.bz/ae
154
+ * Updated [wpmem_loginout] shortcode with some improvements to function code and link text attributes. See: http://rkt.bz/29
155
+ * Updated auto excerpt for improved functionality, uses wp_trim_words(), deprecated add_ellipsis, strip_tags, close_tags, parse_shortcodes, strip_shortcodes for filter (these were never documented so it is unlikely that anyone uses them).
156
+ * Updated hidden field type, now allows adding hidden fields to the registration form.
157
+ * Compartmentalized installation of initial settings.
158
+ * Field loader now validates settings, if none exist due to install error it will run the default fields install.
159
+ * Removed dialog setting downgrade on deactivation. Need to re-evaluate necessity of downgrading.
160
+ * Fixed issue with slash handling in Emails tab.
161
 
162
  = 3.1.4 =
163
 
169
  * Documentation updates, cleaned up and addressed several @todo tags.
170
  * Updated [wpmem_field] shortcode to display display values instead of stored values for select (dropdown), multiple select, multiple checkbox, and radio group field types.
171
  * Fixed bug in admin js file introduced when forgot username shortcode was added.
172
+ * Updates to reCAPTCHA2. Trims keys on save to avoid possible copy/paste whitespace issues, displays API error code(s) if WP_DEBUG is turned on, change use of file_get_contents() to wp_remote_fopen() for broader acceptable use.
173
 
174
  = 3.1.3 =
175
 
wp-members-install.php CHANGED
@@ -43,107 +43,10 @@ function wpmem_do_install() {
43
 
44
  if ( ! get_option( 'wpmembers_settings' ) || $chk_force == true ) {
45
 
46
- // This is a clean install (or an upgrade from 2.1 or earlier).
47
-
48
- $wpmem_settings = array(
49
- 'version' => WPMEM_VERSION,
50
- 'block' => array(
51
- 'post' => ( is_multisite() ) ? 0 : 1,
52
- 'page' => 0,
53
- ),
54
- 'show_excerpt' => array(
55
- 'post' => 0,
56
- 'page' => 0,
57
- ),
58
- 'show_reg' => array(
59
- 'post' => 1,
60
- 'page' => 1,
61
- ),
62
- 'show_login' => array(
63
- 'post' => 1,
64
- 'page' => 1,
65
- ),
66
- 'autoex' => array(
67
- 'post' => array( 'enabled' => 0, 'length' => '' ),
68
- 'page' => array( 'enabled' => 0, 'length' => '' ),
69
- ),
70
- 'notify' => 0,
71
- 'mod_reg' => 0,
72
- 'captcha' => 0,
73
- 'use_exp' => 0,
74
- 'use_trial' => 0,
75
- 'warnings' => 0,
76
- 'user_pages' => array(
77
- 'profile' => '',
78
- 'register' => '',
79
- 'login' => '',
80
- ),
81
- 'cssurl' => '',
82
- 'style' => plugin_dir_url ( __FILE__ ) . 'css/generic-no-float.css',
83
- 'attrib' => 0,
84
- 'post_types' => array(),
85
- 'form_tags' => array( 'default' => 'Registration Default' ),
86
- 'email' => array( 'from' => '', 'from_name' => '' ),
87
- );
88
-
89
- // Using update_option to allow for forced update.
90
- update_option( 'wpmembers_settings', $wpmem_settings, '', 'yes' );
91
-
92
- /*
93
- * Field array elements:
94
- *
95
- * array(
96
- * order,
97
- * label,
98
- * optionname,
99
- * type,
100
- * display,
101
- * required,
102
- * native,
103
- * checked value,
104
- * checked by default,
105
- * );
106
- */
107
- $wpmem_fields_options_arr = array(
108
- array( 1, 'First Name', 'first_name', 'text', 'y', 'y', 'y' ),
109
- array( 2, 'Last Name', 'last_name', 'text', 'y', 'y', 'y' ),
110
- array( 3, 'Address 1', 'addr1', 'text', 'y', 'y', 'n' ),
111
- array( 4, 'Address 2', 'addr2', 'text', 'y', 'n', 'n' ),
112
- array( 5, 'City', 'city', 'text', 'y', 'y', 'n' ),
113
- array( 6, 'State', 'thestate', 'text', 'y', 'y', 'n' ),
114
- array( 7, 'Zip', 'zip', 'text', 'y', 'y', 'n' ),
115
- array( 8, 'Country', 'country', 'text', 'y', 'y', 'n' ),
116
- array( 9, 'Day Phone', 'phone1', 'text', 'y', 'y', 'n' ),
117
- array( 10, 'Email', 'user_email', 'email', 'y', 'y', 'y' ),
118
- array( 11, 'Confirm Email', 'confirm_email', 'email', 'n', 'n', 'n' ),
119
- array( 12, 'Website', 'user_url', 'url', 'n', 'n', 'y' ),
120
- array( 13, 'Biographical Info', 'description', 'textarea', 'n', 'n', 'y' ),
121
- array( 14, 'Password', 'password', 'password', 'n', 'n', 'n' ),
122
- array( 15, 'Confirm Password', 'confirm_password', 'password', 'n', 'n', 'n' ),
123
- array( 16, 'TOS', 'tos', 'checkbox', 'n', 'n', 'n', 'agree', 'n' ),
124
- );
125
-
126
- update_option( 'wpmembers_fields', $wpmem_fields_options_arr, '', 'yes' ); // using update_option to allow for forced update
127
-
128
- $wpmem_dialogs_arr = array(
129
- 'restricted_msg' => "This content is restricted to site members. If you are an existing user, please log in. New users may register below.",
130
- 'user' => "Sorry, that username is taken, please try another.",
131
- 'email' => "Sorry, that email address already has an account.<br />Please try another.",
132
- 'success' => "Congratulations! Your registration was successful.<br /><br />You may now log in using the password that was emailed to you.",
133
- 'editsuccess' => "Your information was updated!",
134
- 'pwdchangerr' => "Passwords did not match.<br /><br />Please try again.",
135
- 'pwdchangesuccess' => "Password successfully changed!",
136
- 'pwdreseterr' => "Either the username or email address do not exist in our records.",
137
- 'pwdresetsuccess' => "Password successfully reset!<br /><br />An email containing a new password has been sent to the email address on file for your account.",
138
- );
139
-
140
- // Insert TOS dialog placeholder.
141
- $dummy_tos = "Put your TOS (Terms of Service) text here. You can use HTML markup.";
142
- update_option( 'wpmembers_tos', $dummy_tos );
143
- update_option( 'wpmembers_dialogs', $wpmem_dialogs_arr, '', 'yes' ); // using update_option to allow for forced update
144
  wpmem_append_email();
145
-
146
- // If it's a new install, use the Twenty Twelve stylesheet.
147
  update_option( 'wpmembers_style', plugin_dir_url ( __FILE__ ) . 'css/generic-no-float.css', '', 'yes' );
148
 
149
  } else {
@@ -533,4 +436,110 @@ function wpmem_upgrade_captcha() {
533
  return;
534
  }
535
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
536
  // End of file.
43
 
44
  if ( ! get_option( 'wpmembers_settings' ) || $chk_force == true ) {
45
 
46
+ wpmem_install_settings();
47
+ wpmem_install_fields();
48
+ wpmem_install_dialogs();
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
49
  wpmem_append_email();
 
 
50
  update_option( 'wpmembers_style', plugin_dir_url ( __FILE__ ) . 'css/generic-no-float.css', '', 'yes' );
51
 
52
  } else {
436
  return;
437
  }
438
 
439
+
440
+ function wpmem_install_settings() {
441
+
442
+ $wpmem_settings = array(
443
+ 'version' => WPMEM_VERSION,
444
+ 'block' => array(
445
+ 'post' => ( is_multisite() ) ? 0 : 1,
446
+ 'page' => 0,
447
+ ),
448
+ 'show_excerpt' => array(
449
+ 'post' => 0,
450
+ 'page' => 0,
451
+ ),
452
+ 'show_reg' => array(
453
+ 'post' => 1,
454
+ 'page' => 1,
455
+ ),
456
+ 'show_login' => array(
457
+ 'post' => 1,
458
+ 'page' => 1,
459
+ ),
460
+ 'autoex' => array(
461
+ 'post' => array( 'enabled' => 0, 'length' => '' ),
462
+ 'page' => array( 'enabled' => 0, 'length' => '' ),
463
+ ),
464
+ 'notify' => 0,
465
+ 'mod_reg' => 0,
466
+ 'captcha' => 0,
467
+ 'use_exp' => 0,
468
+ 'use_trial' => 0,
469
+ 'warnings' => 0,
470
+ 'user_pages' => array(
471
+ 'profile' => '',
472
+ 'register' => '',
473
+ 'login' => '',
474
+ ),
475
+ 'cssurl' => '',
476
+ 'style' => plugin_dir_url ( __FILE__ ) . 'css/generic-no-float.css',
477
+ 'attrib' => 0,
478
+ 'post_types' => array(),
479
+ 'form_tags' => array( 'default' => 'Registration Default' ),
480
+ 'email' => array( 'from' => '', 'from_name' => '' ),
481
+ );
482
+
483
+ // Using update_option to allow for forced update.
484
+ update_option( 'wpmembers_settings', $wpmem_settings, '', 'yes' );
485
+ }
486
+
487
+ function wpmem_install_fields() {
488
+ /*
489
+ * Field array elements:
490
+ *
491
+ * array(
492
+ * order,
493
+ * label,
494
+ * optionname,
495
+ * type,
496
+ * display,
497
+ * required,
498
+ * native,
499
+ * checked value,
500
+ * checked by default,
501
+ * );
502
+ */
503
+ $wpmem_fields_options_arr = array(
504
+ array( 1, 'First Name', 'first_name', 'text', 'y', 'y', 'y' ),
505
+ array( 2, 'Last Name', 'last_name', 'text', 'y', 'y', 'y' ),
506
+ array( 3, 'Address 1', 'addr1', 'text', 'y', 'y', 'n' ),
507
+ array( 4, 'Address 2', 'addr2', 'text', 'y', 'n', 'n' ),
508
+ array( 5, 'City', 'city', 'text', 'y', 'y', 'n' ),
509
+ array( 6, 'State', 'thestate', 'text', 'y', 'y', 'n' ),
510
+ array( 7, 'Zip', 'zip', 'text', 'y', 'y', 'n' ),
511
+ array( 8, 'Country', 'country', 'text', 'y', 'y', 'n' ),
512
+ array( 9, 'Day Phone', 'phone1', 'text', 'y', 'y', 'n' ),
513
+ array( 10, 'Email', 'user_email', 'email', 'y', 'y', 'y' ),
514
+ array( 11, 'Confirm Email', 'confirm_email', 'email', 'n', 'n', 'n' ),
515
+ array( 12, 'Website', 'user_url', 'url', 'n', 'n', 'y' ),
516
+ array( 13, 'Biographical Info', 'description', 'textarea', 'n', 'n', 'y' ),
517
+ array( 14, 'Password', 'password', 'password', 'n', 'n', 'n' ),
518
+ array( 15, 'Confirm Password', 'confirm_password', 'password', 'n', 'n', 'n' ),
519
+ array( 16, 'TOS', 'tos', 'checkbox', 'n', 'n', 'n', 'agree', 'n' ),
520
+ );
521
+
522
+ update_option( 'wpmembers_fields', $wpmem_fields_options_arr, '', 'yes' ); // using update_option to allow for forced update
523
+ }
524
+
525
+ function wpmem_install_dialogs() {
526
+ $wpmem_dialogs_arr = array(
527
+ 'restricted_msg' => "This content is restricted to site members. If you are an existing user, please log in. New users may register below.",
528
+ 'user' => "Sorry, that username is taken, please try another.",
529
+ 'email' => "Sorry, that email address already has an account.<br />Please try another.",
530
+ 'success' => "Congratulations! Your registration was successful.<br /><br />You may now log in using the password that was emailed to you.",
531
+ 'editsuccess' => "Your information was updated!",
532
+ 'pwdchangerr' => "Passwords did not match.<br /><br />Please try again.",
533
+ 'pwdchangesuccess' => "Password successfully changed!",
534
+ 'pwdreseterr' => "Either the username or email address do not exist in our records.",
535
+ 'pwdresetsuccess' => "Password successfully reset!<br /><br />An email containing a new password has been sent to the email address on file for your account.",
536
+ );
537
+
538
+ // Insert TOS dialog placeholder.
539
+ $dummy_tos = "Put your TOS (Terms of Service) text here. You can use HTML markup.";
540
+
541
+ update_option( 'wpmembers_tos', $dummy_tos );
542
+ update_option( 'wpmembers_dialogs', $wpmem_dialogs_arr, '', 'yes' ); // using update_option to allow for forced update
543
+ }
544
+
545
  // End of file.
wp-members.php CHANGED
@@ -3,7 +3,7 @@
3
  Plugin Name: WP-Members
4
  Plugin URI: http://rocketgeek.com
5
  Description: WP access restriction and user registration. For more information on plugin features, refer to <a href="http://rocketgeek.com/plugins/wp-members/users-guide/">the online Users Guide</a>. A <a href="http://rocketgeek.com/plugins/wp-members/quick-start-guide/">Quick Start Guide</a> is also available. WP-Members(tm) is a trademark of butlerblog.com.
6
- Version: 3.1.4.2
7
  Author: Chad Butler
8
  Author URI: http://butlerblog.com/
9
  Text Domain: wp-members
@@ -62,7 +62,7 @@ License: GPLv2
62
 
63
 
64
  // Initialize constants.
65
- define( 'WPMEM_VERSION', '3.1.4.2' );
66
  define( 'WPMEM_DEBUG', false );
67
  define( 'WPMEM_DIR', plugin_dir_url ( __FILE__ ) );
68
  define( 'WPMEM_PATH', plugin_dir_path( __FILE__ ) );
@@ -77,7 +77,7 @@ add_action( 'after_setup_theme', 'wpmem_init', 10 );
77
  register_activation_hook( __FILE__, 'wpmem_install' );
78
 
79
  // Downgrade settings on deactivation.
80
- register_deactivation_hook( __FILE__, 'wpmem_downgrade' );
81
 
82
 
83
  /**
3
  Plugin Name: WP-Members
4
  Plugin URI: http://rocketgeek.com
5
  Description: WP access restriction and user registration. For more information on plugin features, refer to <a href="http://rocketgeek.com/plugins/wp-members/users-guide/">the online Users Guide</a>. A <a href="http://rocketgeek.com/plugins/wp-members/quick-start-guide/">Quick Start Guide</a> is also available. WP-Members(tm) is a trademark of butlerblog.com.
6
+ Version: 3.1.5.2
7
  Author: Chad Butler
8
  Author URI: http://butlerblog.com/
9
  Text Domain: wp-members
62
 
63
 
64
  // Initialize constants.
65
+ define( 'WPMEM_VERSION', '3.1.5.2' );
66
  define( 'WPMEM_DEBUG', false );
67
  define( 'WPMEM_DIR', plugin_dir_url ( __FILE__ ) );
68
  define( 'WPMEM_PATH', plugin_dir_path( __FILE__ ) );
77
  register_activation_hook( __FILE__, 'wpmem_install' );
78
 
79
  // Downgrade settings on deactivation.
80
+ //register_deactivation_hook( __FILE__, 'wpmem_downgrade' );
81
 
82
 
83
  /**