plugins.trac.wordpress.org
Open in
urlscan Pro
198.143.164.244
Public Scan
URL:
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2864329@profile-builder&new=2864329@profile-builde...
Submission: On February 23 via api from US — Scanned from DE
Submission: On February 23 via api from US — Scanned from DE
Form analysis 3 forms found in the DOM
GET https://wordpress.org/search/do-search.php
<form action="https://wordpress.org/search/do-search.php" method="get">
<label for="global-search" class="screen-reader-text">Search WordPress.org for:</label>
<input id="global-search" class="text" name="search" type="text" value="" maxlength="150" placeholder="Search WordPress.org">
<button type="submit" class="button"><span class="screen-reader-text">Submit</span></button>
</form>GET /search
<form id="search" action="/search" method="get">
<div>
<label for="proj-search">Search:</label>
<input type="text" id="proj-search" name="q" size="18" value="">
<input type="submit" value="Search">
</div>
</form><form id="prefs" action="">
<div>
<label for="style">View differences</label>
<select id="style" name="style">
<option selected="selected" value="inline">inline</option>
<option value="sidebyside">side by side</option>
</select>
<div class="field">
<label><input type="radio" name="contextall" value="0" checked="checked"> Show</label>
<label><input type="text" name="contextlines" id="contextlines" size="2" maxlength="3" value="2"> lines around each change</label><br>
<label><input type="radio" name="contextall" value="1"> Show the changes in full context</label>
</div>
<fieldset id="ignore">
<legend>Ignore:</legend>
<div class="field">
<input type="checkbox" id="ignoreblanklines" name="ignoreblanklines">
<label for="ignoreblanklines">Blank lines</label>
</div>
<div class="field">
<input type="checkbox" id="ignorecase" name="ignorecase">
<label for="ignorecase">Case changes</label>
</div>
<div class="field">
<input type="checkbox" id="ignorewhitespace" name="ignorewhitespace">
<label for="ignorewhitespace">White space changes</label>
</div>
</fieldset>
<div style="display:none;"><input type="text" name="sfp_email" value=""><input type="hidden" name="sfph_mail" value=""></div>
<div class="buttons">
<input type="submit" name="update" value="Update">
</div>
</div>
</form>Text Content
Toggle Menu
WORDPRESS.ORG
Search WordPress.org for: Submit
* Showcase
* Themes
* Plugins
* Mobile
* Support
* Forums
* Documentation
* Get Involved
* About
* Blog
* Hosting
* Download WordPress
PLUGIN DIRECTORY
Search:
* Login
* Timeline
* View Tickets
* Browse Source
CONTEXT NAVIGATION
* ← Previous Change
* Next Change →
--------------------------------------------------------------------------------
CHANGESET 2864329 FOR PROFILE-BUILDER
View differences inline side by side
Show lines around each change
Show the changes in full context
Ignore:
Blank lines
Case changes
White space changes
Timestamp: 02/13/2023 11:35:44 AM (10 days ago) Author: raster02 Message:
tagging version 3.9.1
Location: profile-builder Files:
14 edited 1 copied
*
tags/3.9.1 (copied) (copied from profile-builder/trunk)
*
tags/3.9.1/admin/advanced-settings/includes/shortcodes/usermeta.php
(modified) (3 diffs)
*
tags/3.9.1/features/email-customizer/email-customizer.php (modified) (1 diff)
*
tags/3.9.1/front-end/recover.php (modified) (6 diffs)
*
tags/3.9.1/index.php (modified) (3 diffs)
*
tags/3.9.1/readme.txt (modified) (2 diffs)
*
tags/3.9.1/translation/profile-builder.catalog.php (modified) (1 diff)
*
tags/3.9.1/translation/profile-builder.pot (modified) (8 diffs)
*
trunk/admin/advanced-settings/includes/shortcodes/usermeta.php (modified) (3
diffs)
*
trunk/features/email-customizer/email-customizer.php (modified) (1 diff)
*
trunk/front-end/recover.php (modified) (6 diffs)
*
trunk/index.php (modified) (3 diffs)
*
trunk/readme.txt (modified) (2 diffs)
*
trunk/translation/profile-builder.catalog.php (modified) (1 diff)
*
trunk/translation/profile-builder.pot (modified) (8 diffs)
LEGEND:
Unmodified Added Removed
* TABULARUNIFIED
PROFILE-BUILDER/TAGS/3.9.1/ADMIN/ADVANCED-SETTINGS/INCLUDES/SHORTCODES/USERMETA.PHP
¶
r2555038 r2864329 2121 } 2222 23 if( in_array( $atts['key'], array(
'user_pass', 'user_activation_key' ) ) ) 24 return; 2325 24 $user
= new WP_User($atts['user_id']); 26 $user = new WP_User( $atts['user_id']
); 2527 2628 if ( !$user->exists() ) return; … … 3739 3840 if (
$user->has_prop( $atts['key'] ) ){ 41 3942 if ($atts['wpautop'] ==
'on'){ 4043 $value = wpautop( $user->get( $atts['key'] ) ); … …
4245 $value = $user->get( $atts['key'] ); 4346 } 47 4448
} 4549
* TABULARUNIFIED
PROFILE-BUILDER/TAGS/3.9.1/FEATURES/EMAIL-CUSTOMIZER/EMAIL-CUSTOMIZER.PHP ¶
r2862446 r2864329 169169function
wppb_email_customizer_password_reset_content_filter_handler( $default_string,
$user_id, $user_login, $user_email ) { 170170 $email_customizer_option =
get_option( 'wppb_user_emailc_reset_email_content', 'not_found' ); 171
$key = wppb_retrieve_activation_key( $user_login ); 172 $url =
add_query_arg( array( 'key' => $key ), wppb_curpageurl() ); 171 $user =
new WP_User( $user_id ); 172 $key = get_password_reset_key( $user );
173 $url = add_query_arg( array( 'key' => $key, 'login' =>
$user->user_login ), wppb_curpageurl() ); 173174 174175 if(
$email_customizer_option != 'not_found' ) {
* TABULARUNIFIED PROFILE-BUILDER/TAGS/3.9.1/FRONT-END/RECOVER.PHP ¶
r2801035 r2864329 2424} 2525 26 /** 27 * Function that retrieves the
unique user key from the database. If we don't have one we generate one and
add it to the database 28 * 29 * @param string $requested_user_login the
user login 30 * 31 */ 32 function wppb_retrieve_activation_key(
$requested_user_login ){ 33 global $wpdb; 34 35 $key =
$wpdb->get_var( $wpdb->prepare( "SELECT user_activation_key FROM $wpdb->users
WHERE user_login = %s", $requested_user_login ) ); 36 37 if ( empty(
$key ) ) { 38 39 // Generate something random for a key... 40
$key = wp_generate_password( 20, false ); 41
do_action('wppb_retrieve_password_key', $requested_user_login, $key); 42
43 // Now insert the new md5 key into the db 44
$wpdb->update($wpdb->users, array('user_activation_key' => $key),
array('user_login' => $requested_user_login)); 45 } 46 47 return
$key; 48 } 4926 5027 /** … … 9572 <input name="action2"
type="hidden" id="action2" value="recover_password2" /> 9673
<input name="key" type="hidden" id="key" value="<?php echo esc_attr( isset(
$_GET['key'] ) ? sanitize_text_field( $_GET['key'] ) : '' ) ?>" /> 74
<input name="login" type="hidden" id="login" value="<?php echo esc_attr(
isset( $_GET['login'] ) ? sanitize_text_field( $_GET['login'] ) : '' ) ?>" />
9775 </p><!-- .form-submit --> 9876 <?php wp_nonce_field(
'verify_true_password_recovery2_'.$user->ID, 'password_recovery_nonce_field2'
); ?> … … 172150 return false; 173151 174 $requested_user_id =
$user->ID; 175 $requested_user_login = $user->user_login; 176
$requested_user_email = $user->user_email; 152 $user_object = new
WP_User( $user->ID ); 153 154 if( empty( $user_object->ID ) ) 155
return false; 156 157 $requested_user_id = $user_object->ID; 158
$requested_user_login = $user_object->user_login; 159
$requested_user_email = $user_object->user_email; 177160 178161 //search
if there is already an activation key present, if not create one 179 $key
= wppb_retrieve_activation_key( $requested_user_login ); 162 $key =
get_password_reset_key( $user_object ); 180163 181164
$display_username_email = wppb_get_email_display_username($user); 182165
183166 //send primary email message 184 $recovery_email_message =
sprintf( __('Someone requested that the password be reset for the following
account: <b>%1$s</b><br/>If this was a mistake, just ignore this email and
nothing will happen.<br/>To reset your password, visit the following
link:%2$s', 'profile-builder'), $display_username_email, '<a href="'.esc_url(
add_query_arg( array( 'key' => $key ), wppb_curpageurl() ) ).'">'.esc_url(
add_query_arg( array( 'key' => $key ), wppb_curpageurl() ) ).'</a>' ); 167
$recovery_email_message = sprintf( __('Someone requested that the password
be reset for the following account: <b>%1$s</b><br/>If this was a mistake,
just ignore this email and nothing will happen.<br/>To reset your password,
visit the following link:%2$s', 'profile-builder'), $display_username_email,
'<a href="'.esc_url( add_query_arg( array( 'key' => $key, 'login' =>
$requested_user_login ), wppb_curpageurl() ) ).'">'.esc_url( add_query_arg(
array( 'key' => $key, 'login' => $requested_user_login ), wppb_curpageurl() )
).'</a>' ); 185168 $recovery_email_message = apply_filters(
'wppb_recover_password_message_content_sent_to_user1',
$recovery_email_message, $requested_user_id, $requested_user_login,
$requested_user_email ); 186169 … … 367350 } 368351 369
$user_object = $wpdb->get_row( $wpdb->prepare( "SELECT * FROM
$wpdb->users WHERE user_activation_key = %s", $key ) ); 370 if(
empty( $user_object ) || ( !empty( $user_object ) && $user_object->ID ===
absint( $_POST['userData'] ) ) ){ 352 if( isset( $_POST['login']
) ) 353 $login = sanitize_text_field( $_POST['login'] );
354 else 355 $login = ''; 356 357
if( empty( $login ) ){ 358 $password_change_message =
__('Login cannot be empty!', 'profile-builder'); 359 $output
.= wppb_password_recovery_error( $password_change_message,
'wppb_recover_password_password_changed_message2' ); 360 } 361
362 $user = check_password_reset_key( $key, $login ); 363 364
if( is_wp_error( $user ) || empty( $user ) || ( !empty( $user ) &&
$user->ID != absint( $_POST['userData'] ) ) ){ 371365
$password_change_message = __('Invalid key!', 'profile-builder'); 372366
$output .= wppb_password_recovery_error( $password_change_message,
'wppb_recover_password_password_changed_message2' ); … … 395389
$password_changed_success = true; 396390 397 398 399
$userID = absint( $_POST['userData'] ); 391 $userID =
$user->ID; 400392 $new_pass = $_POST['passw1']; //
phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized,
WordPress.Security.ValidatedSanitizedInput.MissingUnslash 401393 … … 454446
455447 //this is the part that shows the forms 456 if( isset(
$_GET['key'] ) ){ 457 458 $key = sanitize_text_field( $_GET['key']
); 459 460 if( !empty( $key ) && !$password_changed_success ) { 461
462 //get the login name and key and verify if they match the
ones in the database 463 $user = $wpdb->get_row( $wpdb->prepare(
"SELECT * FROM $wpdb->users WHERE user_activation_key = %s", $key ) ); 464
465 if( !empty( $user ) ) { 448 if( isset( $_GET['key'] ) &&
isset( $_GET['login'] ) ){ 449 450 $key = sanitize_text_field(
$_GET['key'] ); 451 $login = sanitize_text_field( $_GET['login'] );
452 453 if( !empty( $key ) && !empty( $login ) &&
!$password_changed_success ) { 454 455 $user =
check_password_reset_key( $key, $login ); 456 457 if(
!is_wp_error( $user ) ){ 458 466459
ob_start(); 467 wppb_create_recover_password_form($user,
$_POST); 468 $output .= ob_get_contents(); 460
wppb_create_recover_password_form( $user, $_POST ); 461
$output .= ob_get_contents(); 469462 ob_end_clean(); 470
} 471 else { 463 464 } else { 472465
$output .= wppb_password_recovery_error('<b>' . __('ERROR:',
'profile-builder') . '</b>' . __('Invalid key!', 'profile-builder'),
'wppb_recover_password_invalid_key_message'); 473466 }
* TABULARUNIFIED PROFILE-BUILDER/TAGS/3.9.1/INDEX.PHP ¶
r2862446 r2864329 44 * Plugin URI:
https://www.cozmoslabs.com/wordpress-profile-builder/ 55 * Description:
Login, registration and edit profile shortcodes for the front-end. Also you
can choose what fields should be displayed or add new (custom) ones both in
the front-end and in the dashboard. 6 * Version: 3.9.0 6 * Version: 3.9.1
77 * Author: Cozmoslabs 88 * Author URI: https://www.cozmoslabs.com/ … …
1010 * Domain Path: /translation 1111 * License: GPL2 12 * Elementor tested
up to: 3.10.2 13 * Elementor Pro tested up to: 3.10.2 12 * Elementor tested
up to: 3.11.0 13 * Elementor Pro tested up to: 3.11.0 1414 * 1515 * ==
Copyright == … … 397397 * 398398 */ 399 define('PROFILE_BUILDER_VERSION',
'3.9.0' ); 399define('PROFILE_BUILDER_VERSION', '3.9.1' );
400400define('WPPB_PLUGIN_DIR', plugin_dir_path(__FILE__));
401401define('WPPB_PLUGIN_URL', plugin_dir_url(__FILE__));
* TABULARUNIFIED PROFILE-BUILDER/TAGS/3.9.1/README.TXT ¶
r2862446 r2864329 55Requires at least: 3.1 66Tested up to: 6.1 7 Stable
tag: 3.9.0 7Stable tag: 3.9.1 88License: GPLv2 or later 99License URI:
http://www.gnu.org/licenses/gpl-2.0.html … … 178178 179179== Changelog ==
180= 3.9.1 = 181* Fix: Improve security for password reset functionality.
Thanks to Istvan Marton (Lana Codes) 182* Fix: Disallow retrieval of certain
user keys through the optional usermeta shortcode. Thanks to Istvan Marton
(Lana Codes) 183 180184= 3.9.0 = 181185* Fix: Issue with the Email From
filter
* TABULARUNIFIED
PROFILE-BUILDER/TAGS/3.9.1/TRANSLATION/PROFILE-BUILDER.CATALOG.PHP ¶
r2836042 r2864329 903903<?php __("The password must not be empty!",
"profile-builder"); ?> 904904<?php __("The key cannot be empty!",
"profile-builder"); ?> 905<?php __("Login cannot be empty!",
"profile-builder"); ?> 905906<?php __("Invalid key!", "profile-builder"); ?>
906907<?php __("The entered passwords don't match!", "profile-builder"); ?>
* TABULARUNIFIED PROFILE-BUILDER/TAGS/3.9.1/TRANSLATION/PROFILE-BUILDER.POT ¶
r2861357 r2864329 850850msgstr "" 851851 852 #:
admin/general-settings.php:314, front-end/login.php:540,
front-end/recover.php:118, add-ons/email-customizer/email-customizer.php:29,
add-ons/user-listing/userlisting.php:119,
add-ons/user-listing/userlisting.php:891,
add-ons/user-listing/userlisting.php:2568,
features/admin-approval/class-admin-approval.php:177,
features/email-confirmation/class-email-confirmation.php:169,
features/email-customizer/email-customizer.php:29,
add-ons-free/gdpr-communication-preferences/admin/manage-fields.php:24,
add-ons-free/gdpr-communication-preferences/front-end/gdpr-communication-preferences.php:9,
admin/advanced-settings/includes/shortcodes/resend-activation.php:9 852#:
admin/general-settings.php:314, front-end/login.php:540,
front-end/recover.php:96, add-ons/email-customizer/email-customizer.php:29,
add-ons/user-listing/userlisting.php:119,
add-ons/user-listing/userlisting.php:891,
add-ons/user-listing/userlisting.php:2568,
features/admin-approval/class-admin-approval.php:177,
features/email-confirmation/class-email-confirmation.php:169,
features/email-customizer/email-customizer.php:29,
add-ons-free/gdpr-communication-preferences/admin/manage-fields.php:24,
add-ons-free/gdpr-communication-preferences/front-end/gdpr-communication-preferences.php:9,
admin/advanced-settings/includes/shortcodes/resend-activation.php:9
853853msgid "Email" 854854msgstr "" … … 14421442msgstr "" 14431443 1444 #:
admin/manage-fields.php:398, front-end/login.php:121,
front-end/recover.php:72, add-ons/email-customizer/email-customizer.php:30,
features/email-customizer/email-customizer.php:30 1444#:
admin/manage-fields.php:398, front-end/login.php:121,
front-end/recover.php:49, add-ons/email-customizer/email-customizer.php:30,
features/email-customizer/email-customizer.php:30 14451445msgid "Password"
14461446msgstr "" … … 14501450msgstr "" 14511451 1452 #:
admin/manage-fields.php:399, front-end/recover.php:73 1452#:
admin/manage-fields.php:399, front-end/recover.php:50 14531453msgid "Repeat
Password" 14541454msgstr "" … … 33663366msgstr "" 33673367 3368 #:
features/functions.php:821, front-end/recover.php:386,
front-end/default-fields/password/password.php:59 3368#:
features/functions.php:821, front-end/recover.php:380,
front-end/default-fields/password/password.php:59 33693369msgid "The password
must have a minimum strength of %s" 33703370msgstr "" … … 35393539msgstr ""
35403540 3541 #: front-end/login.php:322, front-end/login.php:414,
front-end/login.php:452, front-end/recover.php:18, front-end/recover.php:326,
features/two-factor-authentication/class-two-factor-authentication.php:577,
front-end/default-fields/fields-functions.php:62,
front-end/extra-fields/extra-fields.php:118 3541#: front-end/login.php:322,
front-end/login.php:414, front-end/login.php:452, front-end/recover.php:18,
front-end/recover.php:309,
features/two-factor-authentication/class-two-factor-authentication.php:577,
front-end/default-fields/fields-functions.php:62,
front-end/extra-fields/extra-fields.php:118 35423542msgid "ERROR"
35433543msgstr "" … … 36033603msgstr "" 36043604 3605 #:
front-end/login.php:550, front-end/recover.php:122 3605#:
front-end/login.php:550, front-end/recover.php:100 36063606msgid "Username or
Email" 36073607msgstr "" … … 36153615msgstr "" 36163616 3617 #:
front-end/recover.php:93 3617#: front-end/recover.php:70 36183618msgid
"Reset Password" 36193619msgstr "" 36203620 3621 #: front-end/recover.php:121
3621#: front-end/recover.php:99 36223622msgid "Please enter your username or
email address." 36233623msgstr "" 36243624 3625 #: front-end/recover.php:117
3625#: front-end/recover.php:95 36263626msgid "Please enter your email
address." 36273627msgstr "" 36283628 3629 #: front-end/recover.php:125
3629#: front-end/recover.php:103 36303630msgid "You will receive a link to
create a new password via email." 36313631msgstr "" 36323632 3633 #:
front-end/recover.php:138 3633#: front-end/recover.php:116 36343634msgid
"Get New Password" 36353635msgstr "" 36363636 3637 #:
front-end/recover.php:184 3637#: front-end/recover.php:167 36383638msgid
"Someone requested that the password be reset for the following account:
<b>%1$s</b><br/>If this was a mistake, just ignore this email and nothing
will happen.<br/>To reset your password, visit the following link:%2$s"
36393639msgstr "" 36403640 3641 #: front-end/recover.php:187 3641#:
front-end/recover.php:170 36423642msgid "Password Reset from %1$s"
36433643msgstr "" 36443644 3645 #: front-end/recover.php:214 3645#:
front-end/recover.php:197 36463646msgid "You have successfully reset your
password." 36473647msgstr "" 36483648 3649 #: front-end/recover.php:216
3649#: front-end/recover.php:199 36503650msgid "Password Successfully Reset
for %1$s on %2$s" 36513651msgstr "" 36523652 3653 #:
front-end/recover.php:234 3653#: front-end/recover.php:217 36543654msgid
"%1$s has requested a password change via the password reset
feature.<br/>His/her new password is:%2$s" 36553655msgstr "" 36563656 3657 #:
front-end/recover.php:271 3657#: front-end/recover.php:254 36583658msgid
"You are already logged in. You can change your password on the edit profile
form." 36593659msgstr "" 36603660 3661 #: front-end/recover.php:446 3661#:
front-end/recover.php:438 36623662msgid "The password must not be empty!"
36633663msgstr "" 36643664 3665 #: front-end/recover.php:365 3665#:
front-end/recover.php:348 36663666msgid "The key cannot be empty!"
36673667msgstr "" 36683668 3669 #: front-end/recover.php:371,
front-end/recover.php:472 3669#: front-end/recover.php:358 3670msgid "Login
cannot be empty!" 3671msgstr "" 3672 3673#: front-end/recover.php:365,
front-end/recover.php:465 36703674msgid "Invalid key!" 36713675msgstr ""
36723676 3673 #: front-end/recover.php:376 3677#: front-end/recover.php:370
36743678msgid "The entered passwords don't match!" 36753679msgstr "" 36763680
3677 #: front-end/recover.php:382,
front-end/default-fields/password/password.php:55 3681#:
front-end/recover.php:376, front-end/default-fields/password/password.php:55
36783682msgid "The password must have the minimum length of %s characters"
36793683msgstr "" 36803684 3681 #: front-end/recover.php:393 3685#:
front-end/recover.php:387 36823686msgid "Your password has been successfully
changed!" 36833687msgstr "" 36843688 3685 #: front-end/recover.php:299
3689#: front-end/recover.php:282 36863690msgid "The username entered wasn't
found in the database!" 36873691msgstr "" 36883692 3689 #:
front-end/recover.php:299 3693#: front-end/recover.php:282 36903694msgid
"Please check that you entered the correct username." 36913695msgstr ""
36923696 3693 #: front-end/recover.php:342 3697#: front-end/recover.php:325
36943698msgid "The email address entered wasn't found in the database!"
36953699msgstr "" 36963700 3697 #: front-end/recover.php:342 3701#:
front-end/recover.php:325 36983702msgid "Please check that you entered the
correct email address." 36993703msgstr "" 37003704 3701 #:
front-end/recover.php:312 3705#: front-end/recover.php:295 37023706msgid
"Check your email for the confirmation link." 37033707msgstr "" 37043708
3705 #: front-end/recover.php:326 3709#: front-end/recover.php:309
37063710msgid "There was an error while trying to send the activation link to
%1$s!" 37073711msgstr "" 37083712 3709 #: front-end/recover.php:472 3713#:
front-end/recover.php:465 37103714msgid "ERROR:" 37113715msgstr "" … …
41124116msgstr "" 41134117 4114 #:
add-ons/email-customizer/email-customizer.php:601,
features/email-customizer/email-customizer.php:578 4118#:
add-ons/email-customizer/email-customizer.php:602,
features/email-customizer/email-customizer.php:579 41154119msgid "The users
selected password at signup" 41164120msgstr "" 41174121 4118 #:
add-ons/email-customizer/email-customizer.php:609,
add-ons/email-customizer/email-customizer.php:616,
add-ons/email-customizer/email-customizer.php:630,
features/email-confirmation/email-confirmation.php:618,
features/email-customizer/email-customizer.php:586,
features/email-customizer/email-customizer.php:593,
features/email-customizer/email-customizer.php:607 4122#:
add-ons/email-customizer/email-customizer.php:610,
add-ons/email-customizer/email-customizer.php:617,
add-ons/email-customizer/email-customizer.php:631,
features/email-confirmation/email-confirmation.php:618,
features/email-customizer/email-customizer.php:587,
features/email-customizer/email-customizer.php:594,
features/email-customizer/email-customizer.php:608 41194123msgid "Your
selected password at signup" 41204124msgstr ""
* TABULARUNIFIED
PROFILE-BUILDER/TRUNK/ADMIN/ADVANCED-SETTINGS/INCLUDES/SHORTCODES/USERMETA.PHP
¶
r2555038 r2864329 2121 } 2222 23 if( in_array( $atts['key'], array(
'user_pass', 'user_activation_key' ) ) ) 24 return; 2325 24 $user
= new WP_User($atts['user_id']); 26 $user = new WP_User( $atts['user_id']
); 2527 2628 if ( !$user->exists() ) return; … … 3739 3840 if (
$user->has_prop( $atts['key'] ) ){ 41 3942 if ($atts['wpautop'] ==
'on'){ 4043 $value = wpautop( $user->get( $atts['key'] ) ); … …
4245 $value = $user->get( $atts['key'] ); 4346 } 47 4448
} 4549
* TABULARUNIFIED
PROFILE-BUILDER/TRUNK/FEATURES/EMAIL-CUSTOMIZER/EMAIL-CUSTOMIZER.PHP ¶
r2862446 r2864329 169169function
wppb_email_customizer_password_reset_content_filter_handler( $default_string,
$user_id, $user_login, $user_email ) { 170170 $email_customizer_option =
get_option( 'wppb_user_emailc_reset_email_content', 'not_found' ); 171
$key = wppb_retrieve_activation_key( $user_login ); 172 $url =
add_query_arg( array( 'key' => $key ), wppb_curpageurl() ); 171 $user =
new WP_User( $user_id ); 172 $key = get_password_reset_key( $user );
173 $url = add_query_arg( array( 'key' => $key, 'login' =>
$user->user_login ), wppb_curpageurl() ); 173174 174175 if(
$email_customizer_option != 'not_found' ) {
* TABULARUNIFIED PROFILE-BUILDER/TRUNK/FRONT-END/RECOVER.PHP ¶
r2801035 r2864329 2424} 2525 26 /** 27 * Function that retrieves the
unique user key from the database. If we don't have one we generate one and
add it to the database 28 * 29 * @param string $requested_user_login the
user login 30 * 31 */ 32 function wppb_retrieve_activation_key(
$requested_user_login ){ 33 global $wpdb; 34 35 $key =
$wpdb->get_var( $wpdb->prepare( "SELECT user_activation_key FROM $wpdb->users
WHERE user_login = %s", $requested_user_login ) ); 36 37 if ( empty(
$key ) ) { 38 39 // Generate something random for a key... 40
$key = wp_generate_password( 20, false ); 41
do_action('wppb_retrieve_password_key', $requested_user_login, $key); 42
43 // Now insert the new md5 key into the db 44
$wpdb->update($wpdb->users, array('user_activation_key' => $key),
array('user_login' => $requested_user_login)); 45 } 46 47 return
$key; 48 } 4926 5027 /** … … 9572 <input name="action2"
type="hidden" id="action2" value="recover_password2" /> 9673
<input name="key" type="hidden" id="key" value="<?php echo esc_attr( isset(
$_GET['key'] ) ? sanitize_text_field( $_GET['key'] ) : '' ) ?>" /> 74
<input name="login" type="hidden" id="login" value="<?php echo esc_attr(
isset( $_GET['login'] ) ? sanitize_text_field( $_GET['login'] ) : '' ) ?>" />
9775 </p><!-- .form-submit --> 9876 <?php wp_nonce_field(
'verify_true_password_recovery2_'.$user->ID, 'password_recovery_nonce_field2'
); ?> … … 172150 return false; 173151 174 $requested_user_id =
$user->ID; 175 $requested_user_login = $user->user_login; 176
$requested_user_email = $user->user_email; 152 $user_object = new
WP_User( $user->ID ); 153 154 if( empty( $user_object->ID ) ) 155
return false; 156 157 $requested_user_id = $user_object->ID; 158
$requested_user_login = $user_object->user_login; 159
$requested_user_email = $user_object->user_email; 177160 178161 //search
if there is already an activation key present, if not create one 179 $key
= wppb_retrieve_activation_key( $requested_user_login ); 162 $key =
get_password_reset_key( $user_object ); 180163 181164
$display_username_email = wppb_get_email_display_username($user); 182165
183166 //send primary email message 184 $recovery_email_message =
sprintf( __('Someone requested that the password be reset for the following
account: <b>%1$s</b><br/>If this was a mistake, just ignore this email and
nothing will happen.<br/>To reset your password, visit the following
link:%2$s', 'profile-builder'), $display_username_email, '<a href="'.esc_url(
add_query_arg( array( 'key' => $key ), wppb_curpageurl() ) ).'">'.esc_url(
add_query_arg( array( 'key' => $key ), wppb_curpageurl() ) ).'</a>' ); 167
$recovery_email_message = sprintf( __('Someone requested that the password
be reset for the following account: <b>%1$s</b><br/>If this was a mistake,
just ignore this email and nothing will happen.<br/>To reset your password,
visit the following link:%2$s', 'profile-builder'), $display_username_email,
'<a href="'.esc_url( add_query_arg( array( 'key' => $key, 'login' =>
$requested_user_login ), wppb_curpageurl() ) ).'">'.esc_url( add_query_arg(
array( 'key' => $key, 'login' => $requested_user_login ), wppb_curpageurl() )
).'</a>' ); 185168 $recovery_email_message = apply_filters(
'wppb_recover_password_message_content_sent_to_user1',
$recovery_email_message, $requested_user_id, $requested_user_login,
$requested_user_email ); 186169 … … 367350 } 368351 369
$user_object = $wpdb->get_row( $wpdb->prepare( "SELECT * FROM
$wpdb->users WHERE user_activation_key = %s", $key ) ); 370 if(
empty( $user_object ) || ( !empty( $user_object ) && $user_object->ID ===
absint( $_POST['userData'] ) ) ){ 352 if( isset( $_POST['login']
) ) 353 $login = sanitize_text_field( $_POST['login'] );
354 else 355 $login = ''; 356 357
if( empty( $login ) ){ 358 $password_change_message =
__('Login cannot be empty!', 'profile-builder'); 359 $output
.= wppb_password_recovery_error( $password_change_message,
'wppb_recover_password_password_changed_message2' ); 360 } 361
362 $user = check_password_reset_key( $key, $login ); 363 364
if( is_wp_error( $user ) || empty( $user ) || ( !empty( $user ) &&
$user->ID != absint( $_POST['userData'] ) ) ){ 371365
$password_change_message = __('Invalid key!', 'profile-builder'); 372366
$output .= wppb_password_recovery_error( $password_change_message,
'wppb_recover_password_password_changed_message2' ); … … 395389
$password_changed_success = true; 396390 397 398 399
$userID = absint( $_POST['userData'] ); 391 $userID =
$user->ID; 400392 $new_pass = $_POST['passw1']; //
phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized,
WordPress.Security.ValidatedSanitizedInput.MissingUnslash 401393 … … 454446
455447 //this is the part that shows the forms 456 if( isset(
$_GET['key'] ) ){ 457 458 $key = sanitize_text_field( $_GET['key']
); 459 460 if( !empty( $key ) && !$password_changed_success ) { 461
462 //get the login name and key and verify if they match the
ones in the database 463 $user = $wpdb->get_row( $wpdb->prepare(
"SELECT * FROM $wpdb->users WHERE user_activation_key = %s", $key ) ); 464
465 if( !empty( $user ) ) { 448 if( isset( $_GET['key'] ) &&
isset( $_GET['login'] ) ){ 449 450 $key = sanitize_text_field(
$_GET['key'] ); 451 $login = sanitize_text_field( $_GET['login'] );
452 453 if( !empty( $key ) && !empty( $login ) &&
!$password_changed_success ) { 454 455 $user =
check_password_reset_key( $key, $login ); 456 457 if(
!is_wp_error( $user ) ){ 458 466459
ob_start(); 467 wppb_create_recover_password_form($user,
$_POST); 468 $output .= ob_get_contents(); 460
wppb_create_recover_password_form( $user, $_POST ); 461
$output .= ob_get_contents(); 469462 ob_end_clean(); 470
} 471 else { 463 464 } else { 472465
$output .= wppb_password_recovery_error('<b>' . __('ERROR:',
'profile-builder') . '</b>' . __('Invalid key!', 'profile-builder'),
'wppb_recover_password_invalid_key_message'); 473466 }
* TABULARUNIFIED PROFILE-BUILDER/TRUNK/INDEX.PHP ¶
r2862446 r2864329 44 * Plugin URI:
https://www.cozmoslabs.com/wordpress-profile-builder/ 55 * Description:
Login, registration and edit profile shortcodes for the front-end. Also you
can choose what fields should be displayed or add new (custom) ones both in
the front-end and in the dashboard. 6 * Version: 3.9.0 6 * Version: 3.9.1
77 * Author: Cozmoslabs 88 * Author URI: https://www.cozmoslabs.com/ … …
1010 * Domain Path: /translation 1111 * License: GPL2 12 * Elementor tested
up to: 3.10.2 13 * Elementor Pro tested up to: 3.10.2 12 * Elementor tested
up to: 3.11.0 13 * Elementor Pro tested up to: 3.11.0 1414 * 1515 * ==
Copyright == … … 397397 * 398398 */ 399 define('PROFILE_BUILDER_VERSION',
'3.9.0' ); 399define('PROFILE_BUILDER_VERSION', '3.9.1' );
400400define('WPPB_PLUGIN_DIR', plugin_dir_path(__FILE__));
401401define('WPPB_PLUGIN_URL', plugin_dir_url(__FILE__));
* TABULARUNIFIED PROFILE-BUILDER/TRUNK/README.TXT ¶
r2862446 r2864329 55Requires at least: 3.1 66Tested up to: 6.1 7 Stable
tag: 3.9.0 7Stable tag: 3.9.1 88License: GPLv2 or later 99License URI:
http://www.gnu.org/licenses/gpl-2.0.html … … 178178 179179== Changelog ==
180= 3.9.1 = 181* Fix: Improve security for password reset functionality.
Thanks to Istvan Marton (Lana Codes) 182* Fix: Disallow retrieval of certain
user keys through the optional usermeta shortcode. Thanks to Istvan Marton
(Lana Codes) 183 180184= 3.9.0 = 181185* Fix: Issue with the Email From
filter
* TABULARUNIFIED PROFILE-BUILDER/TRUNK/TRANSLATION/PROFILE-BUILDER.CATALOG.PHP
¶
r2836042 r2864329 903903<?php __("The password must not be empty!",
"profile-builder"); ?> 904904<?php __("The key cannot be empty!",
"profile-builder"); ?> 905<?php __("Login cannot be empty!",
"profile-builder"); ?> 905906<?php __("Invalid key!", "profile-builder"); ?>
906907<?php __("The entered passwords don't match!", "profile-builder"); ?>
* TABULARUNIFIED PROFILE-BUILDER/TRUNK/TRANSLATION/PROFILE-BUILDER.POT ¶
r2861357 r2864329 850850msgstr "" 851851 852 #:
admin/general-settings.php:314, front-end/login.php:540,
front-end/recover.php:118, add-ons/email-customizer/email-customizer.php:29,
add-ons/user-listing/userlisting.php:119,
add-ons/user-listing/userlisting.php:891,
add-ons/user-listing/userlisting.php:2568,
features/admin-approval/class-admin-approval.php:177,
features/email-confirmation/class-email-confirmation.php:169,
features/email-customizer/email-customizer.php:29,
add-ons-free/gdpr-communication-preferences/admin/manage-fields.php:24,
add-ons-free/gdpr-communication-preferences/front-end/gdpr-communication-preferences.php:9,
admin/advanced-settings/includes/shortcodes/resend-activation.php:9 852#:
admin/general-settings.php:314, front-end/login.php:540,
front-end/recover.php:96, add-ons/email-customizer/email-customizer.php:29,
add-ons/user-listing/userlisting.php:119,
add-ons/user-listing/userlisting.php:891,
add-ons/user-listing/userlisting.php:2568,
features/admin-approval/class-admin-approval.php:177,
features/email-confirmation/class-email-confirmation.php:169,
features/email-customizer/email-customizer.php:29,
add-ons-free/gdpr-communication-preferences/admin/manage-fields.php:24,
add-ons-free/gdpr-communication-preferences/front-end/gdpr-communication-preferences.php:9,
admin/advanced-settings/includes/shortcodes/resend-activation.php:9
853853msgid "Email" 854854msgstr "" … … 14421442msgstr "" 14431443 1444 #:
admin/manage-fields.php:398, front-end/login.php:121,
front-end/recover.php:72, add-ons/email-customizer/email-customizer.php:30,
features/email-customizer/email-customizer.php:30 1444#:
admin/manage-fields.php:398, front-end/login.php:121,
front-end/recover.php:49, add-ons/email-customizer/email-customizer.php:30,
features/email-customizer/email-customizer.php:30 14451445msgid "Password"
14461446msgstr "" … … 14501450msgstr "" 14511451 1452 #:
admin/manage-fields.php:399, front-end/recover.php:73 1452#:
admin/manage-fields.php:399, front-end/recover.php:50 14531453msgid "Repeat
Password" 14541454msgstr "" … … 33663366msgstr "" 33673367 3368 #:
features/functions.php:821, front-end/recover.php:386,
front-end/default-fields/password/password.php:59 3368#:
features/functions.php:821, front-end/recover.php:380,
front-end/default-fields/password/password.php:59 33693369msgid "The password
must have a minimum strength of %s" 33703370msgstr "" … … 35393539msgstr ""
35403540 3541 #: front-end/login.php:322, front-end/login.php:414,
front-end/login.php:452, front-end/recover.php:18, front-end/recover.php:326,
features/two-factor-authentication/class-two-factor-authentication.php:577,
front-end/default-fields/fields-functions.php:62,
front-end/extra-fields/extra-fields.php:118 3541#: front-end/login.php:322,
front-end/login.php:414, front-end/login.php:452, front-end/recover.php:18,
front-end/recover.php:309,
features/two-factor-authentication/class-two-factor-authentication.php:577,
front-end/default-fields/fields-functions.php:62,
front-end/extra-fields/extra-fields.php:118 35423542msgid "ERROR"
35433543msgstr "" … … 36033603msgstr "" 36043604 3605 #:
front-end/login.php:550, front-end/recover.php:122 3605#:
front-end/login.php:550, front-end/recover.php:100 36063606msgid "Username or
Email" 36073607msgstr "" … … 36153615msgstr "" 36163616 3617 #:
front-end/recover.php:93 3617#: front-end/recover.php:70 36183618msgid
"Reset Password" 36193619msgstr "" 36203620 3621 #: front-end/recover.php:121
3621#: front-end/recover.php:99 36223622msgid "Please enter your username or
email address." 36233623msgstr "" 36243624 3625 #: front-end/recover.php:117
3625#: front-end/recover.php:95 36263626msgid "Please enter your email
address." 36273627msgstr "" 36283628 3629 #: front-end/recover.php:125
3629#: front-end/recover.php:103 36303630msgid "You will receive a link to
create a new password via email." 36313631msgstr "" 36323632 3633 #:
front-end/recover.php:138 3633#: front-end/recover.php:116 36343634msgid
"Get New Password" 36353635msgstr "" 36363636 3637 #:
front-end/recover.php:184 3637#: front-end/recover.php:167 36383638msgid
"Someone requested that the password be reset for the following account:
<b>%1$s</b><br/>If this was a mistake, just ignore this email and nothing
will happen.<br/>To reset your password, visit the following link:%2$s"
36393639msgstr "" 36403640 3641 #: front-end/recover.php:187 3641#:
front-end/recover.php:170 36423642msgid "Password Reset from %1$s"
36433643msgstr "" 36443644 3645 #: front-end/recover.php:214 3645#:
front-end/recover.php:197 36463646msgid "You have successfully reset your
password." 36473647msgstr "" 36483648 3649 #: front-end/recover.php:216
3649#: front-end/recover.php:199 36503650msgid "Password Successfully Reset
for %1$s on %2$s" 36513651msgstr "" 36523652 3653 #:
front-end/recover.php:234 3653#: front-end/recover.php:217 36543654msgid
"%1$s has requested a password change via the password reset
feature.<br/>His/her new password is:%2$s" 36553655msgstr "" 36563656 3657 #:
front-end/recover.php:271 3657#: front-end/recover.php:254 36583658msgid
"You are already logged in. You can change your password on the edit profile
form." 36593659msgstr "" 36603660 3661 #: front-end/recover.php:446 3661#:
front-end/recover.php:438 36623662msgid "The password must not be empty!"
36633663msgstr "" 36643664 3665 #: front-end/recover.php:365 3665#:
front-end/recover.php:348 36663666msgid "The key cannot be empty!"
36673667msgstr "" 36683668 3669 #: front-end/recover.php:371,
front-end/recover.php:472 3669#: front-end/recover.php:358 3670msgid "Login
cannot be empty!" 3671msgstr "" 3672 3673#: front-end/recover.php:365,
front-end/recover.php:465 36703674msgid "Invalid key!" 36713675msgstr ""
36723676 3673 #: front-end/recover.php:376 3677#: front-end/recover.php:370
36743678msgid "The entered passwords don't match!" 36753679msgstr "" 36763680
3677 #: front-end/recover.php:382,
front-end/default-fields/password/password.php:55 3681#:
front-end/recover.php:376, front-end/default-fields/password/password.php:55
36783682msgid "The password must have the minimum length of %s characters"
36793683msgstr "" 36803684 3681 #: front-end/recover.php:393 3685#:
front-end/recover.php:387 36823686msgid "Your password has been successfully
changed!" 36833687msgstr "" 36843688 3685 #: front-end/recover.php:299
3689#: front-end/recover.php:282 36863690msgid "The username entered wasn't
found in the database!" 36873691msgstr "" 36883692 3689 #:
front-end/recover.php:299 3693#: front-end/recover.php:282 36903694msgid
"Please check that you entered the correct username." 36913695msgstr ""
36923696 3693 #: front-end/recover.php:342 3697#: front-end/recover.php:325
36943698msgid "The email address entered wasn't found in the database!"
36953699msgstr "" 36963700 3697 #: front-end/recover.php:342 3701#:
front-end/recover.php:325 36983702msgid "Please check that you entered the
correct email address." 36993703msgstr "" 37003704 3701 #:
front-end/recover.php:312 3705#: front-end/recover.php:295 37023706msgid
"Check your email for the confirmation link." 37033707msgstr "" 37043708
3705 #: front-end/recover.php:326 3709#: front-end/recover.php:309
37063710msgid "There was an error while trying to send the activation link to
%1$s!" 37073711msgstr "" 37083712 3709 #: front-end/recover.php:472 3713#:
front-end/recover.php:465 37103714msgid "ERROR:" 37113715msgstr "" … …
41124116msgstr "" 41134117 4114 #:
add-ons/email-customizer/email-customizer.php:601,
features/email-customizer/email-customizer.php:578 4118#:
add-ons/email-customizer/email-customizer.php:602,
features/email-customizer/email-customizer.php:579 41154119msgid "The users
selected password at signup" 41164120msgstr "" 41174121 4118 #:
add-ons/email-customizer/email-customizer.php:609,
add-ons/email-customizer/email-customizer.php:616,
add-ons/email-customizer/email-customizer.php:630,
features/email-confirmation/email-confirmation.php:618,
features/email-customizer/email-customizer.php:586,
features/email-customizer/email-customizer.php:593,
features/email-customizer/email-customizer.php:607 4122#:
add-ons/email-customizer/email-customizer.php:610,
add-ons/email-customizer/email-customizer.php:617,
add-ons/email-customizer/email-customizer.php:631,
features/email-confirmation/email-confirmation.php:618,
features/email-customizer/email-customizer.php:587,
features/email-customizer/email-customizer.php:594,
features/email-customizer/email-customizer.php:608 41194123msgid "Your
selected password at signup" 41204124msgstr ""
Note: See TracChangeset for help on using the changeset viewer.
Trac UI Preferences
DOWNLOAD IN OTHER FORMATS:
* Unified Diff
* Zip Archive
* About
* Blog
* Hosting
* Donate
* Support
* Developers
* Get Involved
* Learn
* Showcase
* Plugins
* Themes
* Ideas
* WordCamp
* WordPress.TV
* BuddyPress
* bbPress
* WordPress.com
* Matt
* Privacy
* License / GPLv2
Code is Poetry