WP User Avatar - Version 3.1.12

Version Description

Fixed issue where logout redirect wasnt working.
Fixed issue where line breaks weren't maintained.
Fixed bug where redirect after login was to an invalid url.

Release Info

Developer	Collizo4sky
Plugin	WP User Avatar
Version	3.1.12
Comparing to
See all releases

Code changes from version 3.1.11 to 3.1.12

Files changed (15) hide show

changelog.txt +6 -1
languages/wp-user-avatar.pot +8 -8
readme.txt +6 -1
src/Classes/EditUserProfile.php +1 -1
src/Classes/LoginAuth.php +6 -4
src/Classes/ModifyRedirectDefaultLinks.php +6 -6
src/Classes/RegistrationAuth.php +4 -3
src/Functions/GlobalFunctions.php +2 -2
src/ShortcodeParser/Builder/FieldsShortcodeCallback.php +1 -1
vendor/autoload.php +1 -1
vendor/composer/InstalledVersions.php +2 -2
vendor/composer/autoload_real.php +7 -7
vendor/composer/autoload_static.php +4 -4
vendor/composer/installed.php +2 -2
wp-user-avatar.php +2 -2

changelog.txt CHANGED Viewed

@@ -1,4 +1,9 @@
-            -
            = 3.1.11 =
             * Fixed missing sql unescaping in member directory search.
             * Validate redirect_to urls to prevent redirect to another site.
             * XSS fix by escaping variables in tab widget.


1	+ = 3.1.12 =
2	+ * Fixed issue where logout redirect wasn’t working.
3	+ * Fixed issue where line breaks weren't maintained.
4	+ * Fixed bug where redirect after login was to an invalid url.
5	+
6	+ = 3.1.11 =
7	* Fixed missing sql unescaping in member directory search.
8	* Validate redirect_to urls to prevent redirect to another site.
9	* XSS fix by escaping variables in tab widget.

languages/wp-user-avatar.pot CHANGED Viewed

	@@ -4,7 +4,7 @@ msgid ""
4	msgstr ""
5	"Project-Id-Version: ProfilePress 3.1.11\n"
6	"Report-Msgid-Bugs-To: https://wordpress.org/support/plugin/wp-user-avatar\n"
7	- "POT-Creation-Date: 2021-07-09 16:46:21+00:00\n"
8	"MIME-Version: 1.0\n"
9	"Content-Type: text/plain; charset=UTF-8\n"
10	"Content-Transfer-Encoding: 8bit\n"
	@@ -2866,33 +2866,33 @@ msgstr ""
2866	msgid "Log in"
2867	msgstr ""
2868
2869	- #: src/Classes/RegistrationAuth.php:~~219~~
2870	msgid "%s field is required"
2871	msgstr ""
2872
2873	- #: src/Classes/RegistrationAuth.php:~~228~~
2874	msgid ""
2875	"<strong>ERROR</strong>: This username is invalid because it uses illegal "
2876	"characters. Please enter a valid username."
2877	msgstr ""
2878
2879	- #: src/Classes/RegistrationAuth.php:~~232~~
2880	msgid "Email address is not valid"
2881	msgstr ""
2882
2883	- #: src/Classes/RegistrationAuth.php:~~236~~
2884	msgid "Passwords do not match"
2885	msgstr ""
2886
2887	- #: src/Classes/RegistrationAuth.php:~~240~~
2888	msgid "Email addresses do not match"
2889	msgstr ""
2890
2891	- #: src/Classes/RegistrationAuth.php:~~244~~
2892	msgid "Password is not strong"
2893	msgstr ""
2894
2895	- #: src/Classes/RegistrationAuth.php:~~410~~
2896	#: src/Themes/DragDrop/AbstractTheme.php:110
2897	msgid "Registration successful."
2898	msgstr ""


4	msgstr ""
5	"Project-Id-Version: ProfilePress 3.1.11\n"
6	"Report-Msgid-Bugs-To: https://wordpress.org/support/plugin/wp-user-avatar\n"
7	+ "POT-Creation-Date: 2021-07-13 14:26:48+00:00\n"
8	"MIME-Version: 1.0\n"
9	"Content-Type: text/plain; charset=UTF-8\n"
10	"Content-Transfer-Encoding: 8bit\n"

2866	msgid "Log in"
2867	msgstr ""
2868
2869	+ #: src/Classes/RegistrationAuth.php:220
2870	msgid "%s field is required"
2871	msgstr ""
2872
2873	+ #: src/Classes/RegistrationAuth.php:229
2874	msgid ""
2875	"<strong>ERROR</strong>: This username is invalid because it uses illegal "
2876	"characters. Please enter a valid username."
2877	msgstr ""
2878
2879	+ #: src/Classes/RegistrationAuth.php:233
2880	msgid "Email address is not valid"
2881	msgstr ""
2882
2883	+ #: src/Classes/RegistrationAuth.php:237
2884	msgid "Passwords do not match"
2885	msgstr ""
2886
2887	+ #: src/Classes/RegistrationAuth.php:241
2888	msgid "Email addresses do not match"
2889	msgstr ""
2890
2891	+ #: src/Classes/RegistrationAuth.php:245
2892	msgid "Password is not strong"
2893	msgstr ""
2894
2895	+ #: src/Classes/RegistrationAuth.php:411
2896	#: src/Themes/DragDrop/AbstractTheme.php:110
2897	msgid "Registration successful."
2898	msgstr ""

readme.txt CHANGED Viewed

	@@ -5,7 +5,7 @@ Tags: user registration, user profile, registration form, membership, login form
5	Requires at least: 4.7
6	Requires PHP: 5.6
7	Tested up to: 5.7
8	- Stable tag: 3.1.11
9	License: GPLv2 or later
10
11	Modern membership plugin for user registration, login form, user profile, member directories & content restriction.
	@@ -117,6 +117,11 @@ No. You can create and manage your forms, user profiles and member directories w
117
118	== Changelog ==
119





120	= 3.1.11 =
121	* Fixed missing sql unescaping in member directory search.
122	* Validate redirect_to urls to prevent redirect to another site.


5	Requires at least: 4.7
6	Requires PHP: 5.6
7	Tested up to: 5.7
8	+ Stable tag: 3.1.12
9	License: GPLv2 or later
10
11	Modern membership plugin for user registration, login form, user profile, member directories & content restriction.

117
118	== Changelog ==
119
120	+ = 3.1.12 =
121	+ * Fixed issue where logout redirect wasn’t working.
122	+ * Fixed issue where line breaks weren't maintained.
123	+ * Fixed bug where redirect after login was to an invalid url.
124	+
125	= 3.1.11 =
126	* Fixed missing sql unescaping in member directory search.
127	* Validate redirect_to urls to prevent redirect to another site.

src/Classes/EditUserProfile.php CHANGED Viewed

	@@ -343,7 +343,7 @@ class EditUserProfile
343	} elseif (is_array($value)) {
344	$escaped_post_data[$key] = array_map('sanitize_text_field', $value);
345	} else {
346	- $escaped_post_data[$key] = ~~sanitize_text_field~~($value);
347	}
348	}
349


343	} elseif (is_array($value)) {
344	$escaped_post_data[$key] = array_map('sanitize_text_field', $value);
345	} else {
346	+ $escaped_post_data[$key] = sanitize_textarea_field($value);
347	}
348	}
349

src/Classes/LoginAuth.php CHANGED Viewed

	@@ -88,14 +88,16 @@ class LoginAuth
88	$redirect = ppress_login_redirect();
89	}
90
91	- $login_redirect = esc_url_raw($redirect);
92	-
93	$requested_redirect_to = isset($_REQUEST['redirect_to']) ? wp_validate_redirect($_REQUEST['redirect_to']) : '';
94
95	- $login_redirection = apply_filters('login_redirect', $~~login_redirect~~, $requested_redirect_to, $user);
96
97	/** Setup a custom location of the builder */
98	- $login_redirection = ~~esc_url_raw~~(~~apply_filters('ppress_login_redirect', $login_redirection, $login_form_id, $user));~~




99
100	// if ajax, return the url to redirect to
101	if (self::is_ajax()) return $login_redirection;


88	$redirect = ppress_login_redirect();
89	}
90


91	$requested_redirect_to = isset($_REQUEST['redirect_to']) ? wp_validate_redirect($_REQUEST['redirect_to']) : '';
92
93	+ $login_redirection = apply_filters('login_redirect', $redirect, $requested_redirect_to, $user);
94
95	/** Setup a custom location of the builder */
96	+ $login_redirection = wp_validate_redirect(
97	+ esc_url_raw(
98	+ apply_filters('ppress_login_redirect', $login_redirection, $login_form_id, $user)
99	+ )
100	+ );
101
102	// if ajax, return the url to redirect to
103	if (self::is_ajax()) return $login_redirection;

src/Classes/ModifyRedirectDefaultLinks.php CHANGED Viewed

	@@ -89,7 +89,7 @@ class ModifyRedirectDefaultLinks
89	$url = get_permalink($login_page_id);
90
91	if ( ! empty($redirect)) {
92	- $url = add_query_arg('redirect_to', wp_validate_redirect(~~rawurlencode(~~$redirect)), $url);
93	}
94
95	if ($force_reauth) {
	@@ -192,11 +192,11 @@ class ModifyRedirectDefaultLinks
192	}
193
194	if ($set_redirect) {
195	- $set_redirect = apply_filters('ppress_logout_redirect', ~~esc_url_raw(~~$set_redirect));
196	- $logout_url = add_query_arg('redirect_to', ~~wp_validate_redirect~~(~~urlencode(~~$set_redirect)), $logout_url);
197	}
198
199	- return ~~esc_url_raw(~~$logout_url);
200	}
201
202	/**
	@@ -210,10 +210,10 @@ class ModifyRedirectDefaultLinks
210	$page_id = ppress_settings_by_key('edit_user_profile_url');
211
212	if ( ! empty($page_id)) {
213	- $url = get_permalink($page_id);
214	}
215
216	- return ~~esc_url_raw(~~$url);
217	}, 9999999999);
218
219	// Filter to disable edit profile redirect for administrator.


89	$url = get_permalink($login_page_id);
90
91	if ( ! empty($redirect)) {
92	+ $url = add_query_arg('redirect_to', rawurlencode(wp_validate_redirect($redirect)), $url);
93	}
94
95	if ($force_reauth) {

192	}
193
194	if ($set_redirect) {
195	+ $set_redirect = apply_filters('ppress_logout_redirect', $set_redirect);
196	+ $logout_url = esc_url_raw(add_query_arg('redirect_to', rawurlencode($set_redirect), $logout_url));
197	}
198
199	+ return $logout_url;
200	}
201
202	/**

210	$page_id = ppress_settings_by_key('edit_user_profile_url');
211
212	if ( ! empty($page_id)) {
213	+ $url = esc_url_raw(get_permalink($page_id));
214	}
215
216	+ return $url;
217	}, 9999999999);
218
219	// Filter to disable edit profile redirect for administrator.

src/Classes/RegistrationAuth.php CHANGED Viewed

	@@ -127,12 +127,13 @@ class RegistrationAuth
127
128	if (in_array($key, $valid_userdata)) {
129
130	- if(in_array($key, ['reg_email', 'reg_email2'])) {
131	$segregated_userdata[$key] = sanitize_email($value);
132	continue;
133	}
134
135	- ~~$segregated_userdata[$key]~~ = ~~sanitize_text_field($value);~~

136	}
137	}
138
	@@ -256,7 +257,7 @@ class RegistrationAuth
256	if ( ! in_array($key, $valid_userdata)) {
257
258	if (in_array($key, array_keys(ppress_custom_fields_key_value_pair(true)))) {
259	- $custom_usermeta[$key] = is_array($value) ? array_map('~~sanitize_text_field~~', $value) : ~~sanitize_text_field~~($value);
260	}
261	}
262	}


127
128	if (in_array($key, $valid_userdata)) {
129
130	+ if (in_array($key, ['reg_email', 'reg_email2'])) {
131	$segregated_userdata[$key] = sanitize_email($value);
132	continue;
133	}
134
135	+ // sanitize_textarea_field is used to preserve any line breaks
136	+ $segregated_userdata[$key] = sanitize_textarea_field($value);
137	}
138	}
139

257	if ( ! in_array($key, $valid_userdata)) {
258
259	if (in_array($key, array_keys(ppress_custom_fields_key_value_pair(true)))) {
260	+ $custom_usermeta[$key] = is_array($value) ? array_map('sanitize_textarea_field', $value) : sanitize_textarea_field($value);
261	}
262	}
263	}

src/Functions/GlobalFunctions.php CHANGED Viewed

	@@ -240,7 +240,7 @@ function ppress_login_redirect()
240	}
241	}
242
243	- return apply_filters('ppress_login_redirect', wp_validate_redirect(~~esc_url_raw(~~$redirect)));
244	}
245
246	/**
	@@ -354,7 +354,7 @@ function ppress_login_url($redirect = '')
354	}
355
356	if ( ! empty($redirect)) {
357	- $login_url = add_query_arg('redirect_to', wp_validate_redirect(~~rawurlencode(~~$redirect)), $login_url);
358	}
359
360	return apply_filters('ppress_login_url', $login_url);


240	}
241	}
242
243	+ return apply_filters('ppress_login_redirect', wp_validate_redirect($redirect));
244	}
245
246	/**

354	}
355
356	if ( ! empty($redirect)) {
357	+ $login_url = add_query_arg('redirect_to', rawurlencode(wp_validate_redirect($redirect)), $login_url);
358	}
359
360	return apply_filters('ppress_login_url', $login_url);

src/ShortcodeParser/Builder/FieldsShortcodeCallback.php CHANGED Viewed

	@@ -414,7 +414,7 @@ class FieldsShortcodeCallback
414
415	if ($this->form_type == FormRepository::EDIT_PROFILE_TYPE) {
416	// default username saved in DB
417	- $atts['value'] = ~~esc_attr(~~$this->current_user->description);
418	}
419
420	$field_name = $this->tag_name . '_bio';


414
415	if ($this->form_type == FormRepository::EDIT_PROFILE_TYPE) {
416	// default username saved in DB
417	+ $atts['value'] = $this->current_user->description;
418	}
419
420	$field_name = $this->tag_name . '_bio';

vendor/autoload.php CHANGED Viewed

	@@ -4,4 +4,4 @@
4
5	require_once __DIR__ . '/composer/autoload_real.php';
6
7	- return ~~ComposerAutoloaderInit0fdb422a45e4c3c2b0634d6336d12939~~::getLoader();


4
5	require_once __DIR__ . '/composer/autoload_real.php';
6
7	+ return ComposerAutoloaderInit73449d6257ab67b134b7a7758b96a290::getLoader();

vendor/composer/InstalledVersions.php CHANGED Viewed

	@@ -29,7 +29,7 @@ private static $installed = array (
29	'aliases' =>
30	array (
31	),
32	- 'reference' => '~~f347da73db260d9e46ea435d42e3288edd3f2249~~',
33	'name' => '__root__',
34	),
35	'versions' =>
	@@ -41,7 +41,7 @@ private static $installed = array (
41	'aliases' =>
42	array (
43	),
44	- 'reference' => '~~f347da73db260d9e46ea435d42e3288edd3f2249~~',
45	),
46	'collizo4sky/persist-admin-notices-dismissal' =>
47	array (


29	'aliases' =>
30	array (
31	),
32	+ 'reference' => '83d7992bb208c8fb5467abec1170c757028bebdd',
33	'name' => '__root__',
34	),
35	'versions' =>

41	'aliases' =>
42	array (
43	),
44	+ 'reference' => '83d7992bb208c8fb5467abec1170c757028bebdd',
45	),
46	'collizo4sky/persist-admin-notices-dismissal' =>
47	array (

vendor/composer/autoload_real.php CHANGED Viewed

	@@ -2,7 +2,7 @@
2
3	// autoload_real.php @generated by Composer
4
5	- class ~~ComposerAutoloaderInit0fdb422a45e4c3c2b0634d6336d12939~~
6	{
7	private static $loader;
8
	@@ -24,15 +24,15 @@ class ComposerAutoloaderInit0fdb422a45e4c3c2b0634d6336d12939
24
25	require __DIR__ . '/platform_check.php';
26
27	- spl_autoload_register(array('~~ComposerAutoloaderInit0fdb422a45e4c3c2b0634d6336d12939~~', 'loadClassLoader'), true, true);
28	self::$loader = $loader = new \Composer\Autoload\ClassLoader();
29	- spl_autoload_unregister(array('~~ComposerAutoloaderInit0fdb422a45e4c3c2b0634d6336d12939~~', 'loadClassLoader'));
30
31	$useStaticLoader = PHP_VERSION_ID >= 50600 && !defined('HHVM_VERSION') && (!function_exists('zend_loader_file_encoded') \|\| !zend_loader_file_encoded());
32	if ($useStaticLoader) {
33	require __DIR__ . '/autoload_static.php';
34
35	- call_user_func(\Composer\Autoload\~~ComposerStaticInit0fdb422a45e4c3c2b0634d6336d12939~~::getInitializer($loader));
36	} else {
37	$map = require __DIR__ . '/autoload_namespaces.php';
38	foreach ($map as $namespace => $path) {
	@@ -53,19 +53,19 @@ class ComposerAutoloaderInit0fdb422a45e4c3c2b0634d6336d12939
53	$loader->register(true);
54
55	if ($useStaticLoader) {
56	- $includeFiles = Composer\Autoload\~~ComposerStaticInit0fdb422a45e4c3c2b0634d6336d12939~~::$files;
57	} else {
58	$includeFiles = require __DIR__ . '/autoload_files.php';
59	}
60	foreach ($includeFiles as $fileIdentifier => $file) {
61	- ~~composerRequire0fdb422a45e4c3c2b0634d6336d12939~~($fileIdentifier, $file);
62	}
63
64	return $loader;
65	}
66	}
67
68	- function ~~composerRequire0fdb422a45e4c3c2b0634d6336d12939~~($fileIdentifier, $file)
69	{
70	if (empty($GLOBALS['__composer_autoload_files'][$fileIdentifier])) {
71	require $file;


2
3	// autoload_real.php @generated by Composer
4
5	+ class ComposerAutoloaderInit73449d6257ab67b134b7a7758b96a290
6	{
7	private static $loader;
8

24
25	require __DIR__ . '/platform_check.php';
26
27	+ spl_autoload_register(array('ComposerAutoloaderInit73449d6257ab67b134b7a7758b96a290', 'loadClassLoader'), true, true);
28	self::$loader = $loader = new \Composer\Autoload\ClassLoader();
29	+ spl_autoload_unregister(array('ComposerAutoloaderInit73449d6257ab67b134b7a7758b96a290', 'loadClassLoader'));
30
31	$useStaticLoader = PHP_VERSION_ID >= 50600 && !defined('HHVM_VERSION') && (!function_exists('zend_loader_file_encoded') \|\| !zend_loader_file_encoded());
32	if ($useStaticLoader) {
33	require __DIR__ . '/autoload_static.php';
34
35	+ call_user_func(\Composer\Autoload\ComposerStaticInit73449d6257ab67b134b7a7758b96a290::getInitializer($loader));
36	} else {
37	$map = require __DIR__ . '/autoload_namespaces.php';
38	foreach ($map as $namespace => $path) {

53	$loader->register(true);
54
55	if ($useStaticLoader) {
56	+ $includeFiles = Composer\Autoload\ComposerStaticInit73449d6257ab67b134b7a7758b96a290::$files;
57	} else {
58	$includeFiles = require __DIR__ . '/autoload_files.php';
59	}
60	foreach ($includeFiles as $fileIdentifier => $file) {
61	+ composerRequire73449d6257ab67b134b7a7758b96a290($fileIdentifier, $file);
62	}
63
64	return $loader;
65	}
66	}
67
68	+ function composerRequire73449d6257ab67b134b7a7758b96a290($fileIdentifier, $file)
69	{
70	if (empty($GLOBALS['__composer_autoload_files'][$fileIdentifier])) {
71	require $file;

vendor/composer/autoload_static.php CHANGED Viewed

	@@ -4,7 +4,7 @@
4
5	namespace Composer\Autoload;
6
7	- class ~~ComposerStaticInit0fdb422a45e4c3c2b0634d6336d12939~~
8	{
9	public static $files = array (
10	'fda73876e8be17735f680f484cec1679' => __DIR__ . '/../..' . '/src/Functions/custom-settings-api.php',
	@@ -286,9 +286,9 @@ class ComposerStaticInit0fdb422a45e4c3c2b0634d6336d12939
286	public static function getInitializer(ClassLoader $loader)
287	{
288	return \Closure::bind(function () use ($loader) {
289	- $loader->prefixLengthsPsr4 = ~~ComposerStaticInit0fdb422a45e4c3c2b0634d6336d12939~~::$prefixLengthsPsr4;
290	- $loader->prefixDirsPsr4 = ~~ComposerStaticInit0fdb422a45e4c3c2b0634d6336d12939~~::$prefixDirsPsr4;
291	- $loader->classMap = ~~ComposerStaticInit0fdb422a45e4c3c2b0634d6336d12939~~::$classMap;
292
293	}, null, ClassLoader::class);
294	}


4
5	namespace Composer\Autoload;
6
7	+ class ComposerStaticInit73449d6257ab67b134b7a7758b96a290
8	{
9	public static $files = array (
10	'fda73876e8be17735f680f484cec1679' => __DIR__ . '/../..' . '/src/Functions/custom-settings-api.php',

286	public static function getInitializer(ClassLoader $loader)
287	{
288	return \Closure::bind(function () use ($loader) {
289	+ $loader->prefixLengthsPsr4 = ComposerStaticInit73449d6257ab67b134b7a7758b96a290::$prefixLengthsPsr4;
290	+ $loader->prefixDirsPsr4 = ComposerStaticInit73449d6257ab67b134b7a7758b96a290::$prefixDirsPsr4;
291	+ $loader->classMap = ComposerStaticInit73449d6257ab67b134b7a7758b96a290::$classMap;
292
293	}, null, ClassLoader::class);
294	}

vendor/composer/installed.php CHANGED Viewed

	@@ -6,7 +6,7 @@
6	'aliases' =>
7	array (
8	),
9	- 'reference' => '~~f347da73db260d9e46ea435d42e3288edd3f2249~~',
10	'name' => '__root__',
11	),
12	'versions' =>
	@@ -18,7 +18,7 @@
18	'aliases' =>
19	array (
20	),
21	- 'reference' => '~~f347da73db260d9e46ea435d42e3288edd3f2249~~',
22	),
23	'collizo4sky/persist-admin-notices-dismissal' =>
24	array (


6	'aliases' =>
7	array (
8	),
9	+ 'reference' => '83d7992bb208c8fb5467abec1170c757028bebdd',
10	'name' => '__root__',
11	),
12	'versions' =>

18	'aliases' =>
19	array (
20	),
21	+ 'reference' => '83d7992bb208c8fb5467abec1170c757028bebdd',
22	),
23	'collizo4sky/persist-admin-notices-dismissal' =>
24	array (

wp-user-avatar.php CHANGED Viewed

	@@ -3,7 +3,7 @@
3	* Plugin Name: ProfilePress
4	* Plugin URI: https://profilepress.net
5	* Description: The modern WordPress membership and user profile plugin.
6	- * Version: 3.1.11
7	* Author: ProfilePress Team
8	* Author URI: https://profilepress.net
9	* Text Domain: wp-user-avatar
	@@ -14,7 +14,7 @@
14	defined('ABSPATH') or die("No script kiddies please!");
15
16	define('PROFILEPRESS_SYSTEM_FILE_PATH', __FILE__);
17	- define('PPRESS_VERSION_NUMBER', '3.1.11');
18
19	require __DIR__ . '/vendor/autoload.php';
20


3	* Plugin Name: ProfilePress
4	* Plugin URI: https://profilepress.net
5	* Description: The modern WordPress membership and user profile plugin.
6	+ * Version: 3.1.12
7	* Author: ProfilePress Team
8	* Author URI: https://profilepress.net
9	* Text Domain: wp-user-avatar

14	defined('ABSPATH') or die("No script kiddies please!");
15
16	define('PROFILEPRESS_SYSTEM_FILE_PATH', __FILE__);
17	+ define('PPRESS_VERSION_NUMBER', '3.1.12');
18
19	require __DIR__ . '/vendor/autoload.php';
20