Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-2869: class-wp-members-admin-tab-fields.php in wp-members/trunk/includes/admin/tabs – WordPress Plugin Repository

The WP-Members Membership plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the do_field_reorder function in versions up to, and including, 3.4.7.3. This makes it possible for authenticated attackers with subscriber-level access to reorder form elements on login forms.

CVE
#java#wordpress#php#auth

1<?php2/**3 * WP-Members Admin Functions4 *5 * Functions to manage the fields tab.6 * 7 * This file is part of the WP-Members plugin by Chad Butler8 * You can find out more about this plugin at https://rocketgeek.com9 * Copyright © 2006-2023 Chad Butler10 * WP-Members™ is a trademark of butlerblog.com11 *12 * @package WP-Members13 * @author Chad Butler14 * @copyright 2006-202315 */1617// Exit if accessed directly.18if ( ! defined( ‘ABSPATH’ ) ) {19 exit();20}2122class WP_Members_Admin_Tab_Fields {2324 /**25 * Creates the fields tab.26 *27 * @since 3.0.128 * @since 3.3.0 Renamed wpmem_a_fields_tab() to do_tab().29 *30 * @param string $tab The admin tab being displayed.31 * @return string|bool The fields tab, otherwise false.32 */33 public static function do_tab( $tab ) {34 if ( $tab == ‘fields’ ) {35 // Render the fields tab.36 WP_Members_Admin_Tab_Fields::build_settings();37 return;38 }39 }4041 /**42 * Scripts needed for the fields tab.43 *44 * @since 3.1.845 * @sinec 3.3.0 Renamed wpmem_a_fields_tab_scripts() to enqueue_scripts46 */47 public static function enqueue_scripts() {48 wp_enqueue_script( ‘jquery-ui-sortable’ );49 }5051 /**52 * Renders the content of the fields tab.53 *54 * @since 3.1.855 * @since 3.3.0 Renamed from wpmem_a_render_fields_tab() to build_settings().56 *57 * @global object $wpmem The WP_Members Object.58 * @global string $did_update59 * @global string $delete_action60 */61 public static function build_settings() {6263 global $wpmem, $did_update, $delete_action;64 $wpmem_fields = wpmem_fields();65 $edit_meta = sanitize_text_field( wpmem_get( 'field’, false, ‘get’ ) );66 $add_meta = sanitize_text_field( wpmem_get( 'add_field’, false ) );6768 if ( ‘delete’ == $delete_action ) {6970 $delete_fields = wpmem_sanitize_array( wpmem_get( ‘delete’ ) );?>7172 <?php if ( empty( $delete_fields ) ) { ?>73 <p><?php _e( 'No fields selected for deletion’, ‘wp-members’ ); ?></p>74 <?php } else { ?>75 <p><?php _e( 'Are you sure you want to delete the following fields?’, ‘wp-members’ ); ?></p>76 <?php foreach ( $delete_fields as $meta ) {77 $meta = esc_html( $meta );78 echo esc_html( $wpmem->fields[ $meta ][‘label’] ) . ' (meta key: ' . $meta . ')<br />’;79 } ?>80 <form name="<?php echo esc_attr( $delete_action ); ?>" id="<?php echo esc_attr( $delete_action ); ?>" method="post" action="<?php echo esc_url( wpmem_admin_form_post_url() ); ?>">81 <?php wp_nonce_field( ‘wpmem-confirm-delete’ ); ?>82 <input type="hidden" name="delete_fields" value="<?php echo esc_attr( implode( “,", $delete_fields ) ); ?>” />83 <input type="hidden" name="dodelete" value="delete_confirmed" />84 <?php submit_button( ‘Delete Fields’ ); ?>85 </form><?php86 }87 } else {8889 if ( ‘delete_confirmed’ == wpmem_get( ‘dodelete’ ) ) {9091 check_admin_referer( ‘wpmem-confirm-delete’ );9293 $delete_fields = sanitize_text_field( wpmem_get( 'delete_fields’, array() ) );94 $delete_fields = explode( “,", $delete_fields );95 $wpmem_new_fields = array();96 foreach ( $wpmem_fields as $field ) {97 if ( ! in_array( $field[2], $delete_fields ) ) {98 $wpmem_new_fields[] = $field;99 }100 }101 update_option( 'wpmembers_fields’, $wpmem_new_fields );102 $did_update = __( 'Fields deleted’, ‘wp-members’ );103 }104105 if ( $did_update ) { ?>106 <div id="message” class="updated fade"><p><strong><?php echo $did_update; ?></strong></p></div>107 <?php } 108 if ( $edit_meta || $add_meta ) {109 $mode = ( $edit_meta ) ? sanitize_text_field( wpmem_get( 'mode’, false, ‘get’ ) ) : 'add’;110 self::build_field_edit( $mode, $wpmem_fields, $edit_meta );111 } else {112 self::build_field_table();113 } ?>114 <h3><span><?php _e( 'Need help?’, ‘wp-members’ ); ?></span></h3>115 <div class="inside">116 <strong><i><a href="https://rocketgeek.com/plugins/wp-members/docs/plugin-settings/fields/" target="_blank"><?php _e( 'Field Manager Documentation’, ‘wp-members’ ); ?></a></i></strong>117 </div>118 <?php119 }120 }121122 /**123 * Function to dispay the add/edit field form.124 *125 * @since 2.8126 * @since 3.1.8 Changed name from wpmem_a_field_edit().127 * @since 3.3.0 Changed name from wpmem_a_render_fields_tab_field_edit() to build_field_edit().128 *129 * @global object $wpmem The WP_Members Object.130 * @param string $mode The mode for the function (edit|add)131 * @param array|null $wpmem_fields The array of fields132 * @param string|null $field The field being edited133 */134 public static function build_field_edit( $mode, $wpmem_fields, $meta_key ) {135 global $wpmem;136 $fields = wpmem_fields();137 if ( $mode == ‘edit’ ) {138 $field = $fields[ $meta_key ]; 139 } else {140 $field[‘checkbox_label’] = '’; // fixes unset variable at 308/309 since $field would not be set.141 }142 $form_action = ( $mode == ‘edit’ ) ? ‘editfieldform’ : 'addfieldform’; 143 $span_optional = ‘<span class="description">’ . __( '(optional)', ‘wp-members’ ) . '</span>’;144 $span_required = ‘<span class="req">’ . __( '(required)', ‘wp-members’ ) . '</span>’; 145 $form_submit = array( ‘mode’ => $mode ); 146 if ( isset( $_GET[‘field’] ) ) {147 $form_submit[‘field’] = $meta_key; 148 } ?>149 <h3 class="title"><?php ( $mode == ‘edit’ ) ? _e( 'Edit Field’, ‘wp-members’ ) : _e( 'Add a Field’, ‘wp-members’ ); ?></h3>150 <form name="<?php echo $form_action; ?>" id="<?php echo $form_action; ?>" method="post" action="<?php echo wpmem_admin_form_post_url( $form_submit ); ?>">151 <?php wp_nonce_field( ‘wpmem_add_field’ ); ?>152 <ul>153 <li>154 <label><?php _e( 'Field Label’, ‘wp-members’ ); ?> <?php echo $span_required; ?></label>155 <input type="text" name="add_name" value="<?php echo ( $mode == ‘edit’ ) ? $field[‘label’] : false; ?>" required />156 <?php _e( 'The name of the field as it will be displayed to the user.’, ‘wp-members’ ); ?>157 </li>158 <li>159 <label><?php _e( 'Meta Key’, ‘wp-members’ ); ?> <?php echo $span_required; ?></label>160 <?php if ( $mode == ‘edit’ ) { 161 echo “<span>$meta_key</span>"; ?>162 <input type="hidden” name="add_option" value="<?php echo $meta_key; ?>" required /> 163 <?php } else { ?>164 <input type="text" name="add_option" value="" />165 <?php _e( 'The database meta value for the field. It must be unique and contain no spaces (underscores are ok).’, ‘wp-members’ ); ?>166 <?php } ?>167 </li>168 <li>169 <label><?php _e( 'Field Type’, ‘wp-members’ ); ?></label>170 <?php if ( $mode == ‘edit’ ) {171 echo ‘<span>’ . $field[‘type’] . '</span>’; ?>172 <input type="hidden" name="add_type" value="<?php echo $field[‘type’]; ?>" /> 173 <?php } else { ?>174 <select name="add_type" id="wpmem_field_type_select">175 <option value="text"><?php _e( 'text’, ‘wp-members’ ); ?></option>176 <option value="email"><?php _e( 'email’, ‘wp-members’ ); ?></option>177 <option value="textarea"><?php _e( 'textarea’, ‘wp-members’ ); ?></option>178 <option value="checkbox"><?php _e( 'checkbox’, ‘wp-members’ ); ?></option>179 <option value="multicheckbox"><?php _e( 'multiple checkbox’, ‘wp-members’ ); ?></option>180 <option value="select"><?php _e( 'select (dropdown)', ‘wp-members’ ); ?></option>181 <option value="multiselect"><?php _e( 'multiple select’, ‘wp-members’ ); ?></option>182 <option value="radio"><?php _e( 'radio group’, ‘wp-members’ ); ?></option>183 <option value="password"><?php _e( 'password’, ‘wp-members’ ); ?></option>184 <option value="image"><?php _e( 'image’, ‘wp-members’ ); ?></option>185 <option value="file"><?php _e( 'file’, ‘wp-members’ ); ?></option>186 <option value="url"><?php _e( 'url’, ‘wp-members’ ); ?></option>187 <option value="number"><?php _e( 'number’, ‘wp-members’ ); ?></option>188 <option value="date"><?php _e( 'date’, ‘wp-members’ ); ?></option>189 <option value="timestamp"><?php _e( 'timestamp’, ‘wp-members’ ); ?></option>190 <option value="hidden"><?php _e( 'hidden’, ‘wp-members’ ); ?></option>191 <?php if ( $wpmem->enable_products ) { ?>192 <option value="membership"><?php _e( 'membership’, ‘wp-members’ ); ?></option>193 <?php } ?>194 </select>195 <?php } ?>196 </li>197 <li>198 <label><?php _e( 'Display?’, ‘wp-members’ ); ?></label>199 <?php if ( ‘username’ != $meta_key && ‘user_email’ != $meta_key ) { ?>200 <input type="checkbox" name="add_display" value="y" <?php echo ( $mode == ‘edit’ ) ? checked( true, $field[‘register’] ) : false; ?> />201 <?php } else { ?>202 <span><?php _e( 'This field is always displayed’, ‘wp-members’ ); ?></span>203 <input type="hidden" name="add_display" value="y" />204 <?php } ?>205 </li>206 <li>207 <label><?php _e( 'Required?’, ‘wp-members’ ); ?></label>208 <?php if ( ‘username’ != $meta_key && ‘user_email’ != $meta_key ) { ?>209 <input type="checkbox" name="add_required" value="y" <?php echo ( $mode == ‘edit’ ) ? checked( true, $field[‘required’] ) : false; ?> />210 <?php } else { ?>211 <span><?php _e( 'This field is always required’, ‘wp-members’ ); ?></span>212 <input type="hidden" name="add_required" value="y" />213 <?php } ?>214 </li>215 <!–<div id="wpmem_allowhtml">216 <li>217 <label><?php //_e( 'Allow HTML?’, ‘wp-members’ ); ?></label>218 <input type="checkbox" name="add_html" value="y" <?php //echo ( $mode == ‘edit’ ) ? checked( true, $field[‘html’] ) : false; ?> />219 </li>220 </div>–>221 <?php if ( $mode == ‘add’ || ( $mode == ‘edit’ && ( in_array( $field[‘type’], array( 'text’, 'password’, 'email’, 'url’, 'number’, 'date’, 'textarea’, ‘timestamp’ ) ) ) ) ) { ?>222 <?php echo ( $mode == ‘add’ ) ? ‘<div id="wpmem_placeholder">’ : '’; ?>223 <li>224 <label><?php _e( 'Placeholder’, ‘wp-members’ ); ?></label>225 <input type="text" name="add_placeholder" value="<?php echo ( $mode == ‘edit’ ) ? ( isset( $field[‘placeholder’] ) ? $field[‘placeholder’] : false ) : false; ?>" /> <?php echo $span_optional; ?>226 </li>227 <?php echo ( $mode == ‘add’ ) ? ‘</div>’ : '’; ?>228 <?php } ?>229 <?php if ( $mode == ‘add’ || ( $mode == ‘edit’ && ( in_array( $field[‘type’], array( 'text’, 'password’, 'email’, 'url’, 'date’, ‘timestamp’ ) ) ) ) ) { ?>230 <?php echo ( $mode == ‘add’ ) ? ‘<div id="wpmem_pattern">’ : '’; ?>231 <li>232 <label><?php _e( 'Pattern’, ‘wp-members’ ); ?></label>233 <input type="text" name="add_pattern" value="<?php echo ( $mode == ‘edit’ ) ? ( isset( $field[‘pattern’] ) ? $field[‘pattern’] : false ) : false; ?>" /> <?php echo $span_optional; ?>234 </li>235 <?php echo ( $mode == ‘add’ ) ? ‘</div>’ : '’; ?>236 <?php } ?>237 <?php if ( $mode == ‘add’ || ( $mode == ‘edit’ && ( in_array( $field[‘type’], array( 'text’, 'password’, 'email’, 'url’, 'number’, 'date’, ‘timestamp’ ) ) ) ) ) { ?>238 <?php echo ( $mode == ‘add’ ) ? ‘<div id="wpmem_title">’ : '’; ?>239 <li>240 <label><?php _e( 'Title’, ‘wp-members’ ); ?></label>241 <input type="text" name="add_title" value="<?php echo ( $mode == ‘edit’ ) ? ( isset( $field[‘title’] ) ? $field[‘title’] : false ) : false; ?>" /> <?php echo $span_optional; ?>242 </li>243 <?php echo ( $mode == ‘add’ ) ? ‘</div>’ : '’; ?>244 <?php } ?>245 <?php if ( $mode == ‘add’ || ( $mode == ‘edit’ && ( in_array( $field[‘type’], array( ‘timestamp’ ) ) ) ) ) { ?>246 <?php echo ( $mode == ‘add’ ) ? ‘<div id="wpmem_date_format">’ : '’; ?>247 <li>248 <label><?php _e( 'PHP Date Format’, ‘wp-members’ ); ?></label>249 <input type="text" name="add_timestamp_display" value="<?php echo ( $mode == ‘edit’ ) ? ( isset( $field[‘timestamp_display’] ) ? $field[‘timestamp_display’] : false ) : false; ?>" /> <?php echo $span_optional; ?>250 </li>251 <?php echo ( $mode == ‘add’ ) ? ‘</div>’ : '’; ?>252 <?php } ?>253254 <?php if ( $mode == ‘add’ || ( $mode == ‘edit’ && ( in_array( $field[‘type’], array( 'number’, ‘date’ ) ) ) ) ) { ?>255 <?php echo ( $mode == ‘add’ ) ? ‘<div id="wpmem_min_max">’ : '’; ?>256 <li>257 <label><?php _e( 'Minimum Value’, ‘wp-members’ ); ?></label>258 <input type="text" name="add_min" value="<?php echo ( $mode == ‘edit’ ) ? ( isset( $field[‘min’] ) ? $field[‘min’] : false ) : false; ?>" /> <?php echo $span_optional; ?>259 </li>260 <li>261 <label><?php _e( 'Maximum Value’, ‘wp-members’ ); ?></label>262 <input type="text" name="add_max" value="<?php echo ( $mode == ‘edit’ ) ? ( isset( $field[‘max’] ) ? $field[‘max’] : false ) : false; ?>" /> <?php echo $span_optional; ?>263 </li>264 <?php echo ( $mode == ‘add’ ) ? ‘</div>’ : '’; ?>265 <?php } ?>266 <?php if ( $mode == ‘add’ || ( $mode == ‘edit’ && ( in_array( $field[‘type’], array( ‘textarea’ ) ) ) ) ) { ?>267 <?php echo ( $mode == ‘add’ ) ? ‘<div id="wpmem_rows_cols">’ : '’; ?>268 <li>269 <label><?php _e( 'Rows’, ‘wp-members’ ); ?></label>270 <input type="number" name="add_rows" value="<?php echo ( $mode == ‘edit’ ) ? ( isset( $field[‘rows’] ) ? $field[‘rows’] : false ) : false; ?>" /> <?php echo $span_optional; ?>271 </li>272 <li>273 <label><?php _e( 'Columns’, ‘wp-members’ ); ?></label>274 <input type="number" name="add_cols" value="<?php echo ( $mode == ‘edit’ ) ? ( isset( $field[‘cols’] ) ? $field[‘cols’] : false ) : false; ?>" /> <?php echo $span_optional; ?>275 </li>276 <?php echo ( $mode == ‘add’ ) ? ‘</div>’ : '’; ?>277 <?php } ?>278 <?php if ( $mode == ‘add’ || ( $mode == ‘edit’ && ( $field[‘type’] == ‘file’ || $field[‘type’] == ‘image’ ) ) ) { ?>279 <?php echo ( $mode == ‘add’ ) ? ‘<div id="wpmem_file_info">’ : '’; ?>280 <li>281 <label><?php _e( 'Accepted file types:’, ‘wp-members’ ); ?></label>282 <input type="text" name="add_file_value" value="<?php echo ( $mode == ‘edit’ && ( $field[‘type’] == ‘file’ || $field[‘type’] == ‘image’ ) ) ? $field[‘file_types’] : false; ?>" />283 </li>284 <li>285 <label> </label>286 <span class="description"><?php _e( 'Accepted file types should be set like this: jpg|jpeg|png|gif’, ‘wp-members’ ); ?></span>287 </li>288 <?php echo ( $mode == ‘add’ ) ? ‘</div>’ : '’; ?>289 <?php } ?>290 <?php if ( $mode == ‘add’ || ( $mode == ‘edit’ && $field[‘type’] == ‘checkbox’ ) ) { ?>291 <?php echo ( $mode == ‘add’ ) ? ‘<div id="wpmem_checkbox_info">’ : '’; ?>292 <li>293 <label><?php _e( 'Checked by default?’, ‘wp-members’ ); ?></label>294 <input type="checkbox" name="add_checked_default" value="y" <?php echo ( $mode == ‘edit’ && $field[‘type’] == ‘checkbox’ ) ? checked( true, $field[‘checked_default’] ) : false; ?> />295 </li>296 <li>297 <label><?php _e( 'HTML label position’, ‘wp-members’ ); ?></label>298 <select name="add_checkbox_label">299 <option value="0" <?php selected( $field[‘checkbox_label’], 0 ); ?>><?php _e( 'Before the input tag’, ‘wp-members’ ); ?></option>300 <option value="1" <?php selected( $field[‘checkbox_label’], 1 ); ?>><?php _e( 'After the input tag’, ‘wp-members’ ); ?></option>301 </select> <span class="description"><?php _e( 'Selecting “after” will generally display the label to the right of the checkbox’, ‘wp-members’ ); ?></span>302 </li>303 <li>304 <label><?php _e( 'Stored value if checked:’, ‘wp-members’ ); ?> <span class="req"><?php _e( '(required)', ‘wp-members’ ); ?></span></label>305 <input type="text" name="add_checked_value" id="add_checked_value" value="<?php echo ( $mode == ‘edit’ && $field[‘type’] == ‘checkbox’ ) ? $field[‘checked_value’] : false; ?>" />306 </li>307 <?php echo ( $mode == ‘add’ ) ? ‘</div>’ : '’; ?>308 <?php } 309310 if ( isset( $field[‘type’] ) ) {311 $additional_settings = ( $field[‘type’] == ‘select’ || $field[‘type’] == ‘multiselect’ || $field[‘type’] == ‘multicheckbox’ || $field[‘type’] == ‘radio’ ) ? true : false;312 $delimiter_settings = ( $field[‘type’] == ‘multiselect’ || $field[‘type’] == ‘multicheckbox’ ) ? true : false;313 }314 if ( $mode == ‘add’ || ( $mode == ‘edit’ && $additional_settings ) ) { ?>315 <?php echo ( $mode == ‘add’ ) ? ‘<div id="wpmem_dropdown_info">’ : '’; ?>316 <?php if ( $mode == ‘add’ || ( $mode == ‘edit’ && $delimiter_settings ) ) {317 echo ( $mode == ‘add’ ) ? ‘<div id="wpmem_delimiter_info">’ : '’; 318 if ( isset( $field[‘delimiter’] ) && ( “|” == $field[‘delimiter’] || “,” == $field[‘delimiter’] ) ) {319 $delimiter = $field[‘delimiter’];320 } else {321 $delimiter = “|";322 }323 ?>324 <li>325 <label><?php _e( 'Stored values delimiter:’, ‘wp-members’ ); ?></label>326 <select name = “add_delimiter_value">327 <option value="|” <?php selected( '|’, $delimiter ); ?>>pipe “|"</option>328 <option value=",” <?php selected( ',’, $delimiter ); ?>>comma “,"</option>329 </select>330 </li>331 <?php echo ( $mode == ‘add’ ) ? ‘</div>’ : '’;332 } ?>333 <li>334 <label style="vertical-align:top"><?php _e( 'Values (Displayed|Stored):’, ‘wp-members’ ); ?> <?php echo $span_required; ?></label>335 <textarea name="add_dropdown_value” id="add_dropdown_value” rows="5" cols="40"><?php336 // Accomodate editing the current dropdown values or create dropdown value example.337 if ( $mode == ‘edit’ ) {338 for ( $row = 0; $row < count( $field[‘values’] ); $row++ ) {339 // If the row contains commas (i.e. 1,000-10,000), wrap in double quotes.340 if ( strstr( $field[‘values’][ $row ], ‘,’ ) ) {341 echo ‘"’ . $field[‘values’][ $row ]; echo ( $row == count( $field[‘values’] )- 1 ) ? ‘"’ : “\",\n";342 } else {343 echo $field[‘values’][ $row ]; echo ( $row == count( $field[‘values’] )- 1 ) ? “” : “,\n";344 } }345 } else {346 if (version_compare(PHP_VERSION, ‘5.3.0’) >= 0) { ?>347---- Select One ----|,348Choice One|choice_one,349"1,000|one_thousand",350"1,000-10,000|1,000-10,000",351Last Row|last_row<?php } else { ?>352---- Select One ----|,353Choice One|choice_one,354Choice 2|choice_two,355Last Row|last_row<?php } } ?></textarea>356 </li>357 <li>358 <label> </label>359 <span class="description"><?php _e( 'Options should be Option Name|option_value,’, ‘wp-members’ ); ?></span>360 </li>361 <li>362 <label> </label>363 <span class="description"><a href="https://rocketgeek.com/plugins/wp-members/docs/registration/choosing-fields/” target="_blank"><?php _e( 'Visit plugin site for more information’, ‘wp-members’ ); ?></a></span>364 </li>365 <?php echo ( $mode == ‘add’ ) ? ‘</div>’ : '’; ?>366 <?php } ?>367 <?php if ( $mode == ‘add’ || ( $mode == ‘edit’ && $field[‘type’] == ‘hidden’ ) ) { ?>368 <?php echo ( $mode == ‘add’ ) ? ‘<div id="wpmem_hidden_info">’ : '’; ?>369 <li>370 <label><?php _e( 'Value’, ‘wp-members’ ); ?> <?php echo $span_required; ?></label>371 <input type="text” name="add_hidden_value" id="add_hidden_value" value="<?php echo ( $mode == ‘edit’ && $field[‘type’] == ‘hidden’ ) ? $field[‘value’] : '’; ?>" />372 </li>373 <?php echo ( $mode == ‘add’ ) ? ‘</div>’ : '’; ?>374 <?php } ?>375 </ul><br />376 <?php if ( $mode == ‘edit’ ) { ?><input type="hidden" name="field_arr" value="<?php echo $meta_key; ?>" /><?php } ?>377 <?php if ( ‘add’ == $mode ) {378 $ids = array();379 foreach ( $fields as $f ) {380 $ids[] = $f[0];381 }382 sort( $ids );383 $field_order_id = end( $ids ) + 1;384 } else {385 $field_order_id = $field[0];386 } ?>387 <input type="hidden" name="add_order_id" value="<?php echo $field_order_id; ?>" />388 <input type="hidden" name="wpmem_admin_a" value="<?php echo ( $mode == ‘edit’ ) ? ‘edit_field’ : 'add_field’; ?>" />389 <?php $text = ( $mode == ‘edit’ ) ? __( 'Save Changes’, ‘wp-members’ ) : __( 'Add Field’, ‘wp-members’ ); ?>390 <?php submit_button( $text ); ?>391 <p><a href="<?php echo add_query_arg( array( ‘page’ => 'wpmem-settings’, ‘tab’ => ‘fields’ ), get_admin_url() . ‘options-general.php’ ); ?>">« <?php _e( 'Return to Fields Table’, ‘wp-members’ ); ?></a></p>392 </form><?php393 }394395 /**396 * Function to display the table of fields in the field manager tab.397 * 398 * @since 2.8.0399 * @since 3.1.8 Changed name from wpmem_a_field_table().400 * @since 3.3.0 Changed namme from wpmem_a_render_fields_tab_field_table() to build_field_table().401 *402 * @global object $wpmem403 */404 public static function build_field_table() {405 global $wpmem; 406407 $wpmem_ut_fields_skip = array( 'username’, 'user_email’, 'confirm_email’, 'password’, ‘confirm_password’ ); 408 $wpmem_ut_fields = get_option( ‘wpmembers_utfields’ );409 $wpmem_us_fields_skip = array( 'username’, 'user_email’, 'confirm_email’, 'password’, ‘confirm_password’ ); 410 $wpmem_us_fields = get_option( ‘wpmembers_usfields’ );411412 $wpmem_fields = get_option( 'wpmembers_fields’, array() );413 foreach ( $wpmem_fields as $key => $field ) {414415 // @todo - transitional until new array keys (so maybe never, or maybe 3.5.0)416 if ( is_numeric( $key ) ) {417 // Adjust for profile @todo - temporary until new array keys.418 if ( isset( $field[‘profile’] ) ) {419 $profile = ( true == $field[‘profile’] ) ? ‘y’ : 'n’;420 } else {421 $profile = $field[4];422 }423424 $meta = $field[2];425 $ut_checked = ( ( $wpmem_ut_fields ) && ( array_key_exists( $meta, $wpmem_ut_fields ) ) ) ? $meta : false;426 $us_checked = ( ( $wpmem_us_fields ) && ( array_key_exists( $meta, $wpmem_us_fields ) ) ) ? $meta : false;427428 $item[‘order’] = $field[0];429 $item[‘label’] = $field[1];430 $item[‘meta’] = $meta;431 $item[‘type’] = $field[3];432 $item[‘display’] = ( ‘user_email’ != $meta && ‘username’ != $meta ) ? wpmem_form_field( array(433 ‘name’ => "wpmem_fields_display[]",434 ‘type’ => 'checkbox’,435 ‘value’ => $meta,436 ‘compare’ => ( ( ‘y’ == $field[4] ) ? $meta : false ) 437 ) ) : '’;438 $item[‘req’] = ( ‘user_email’ != $meta && ‘username’ != $meta ) ? wpmem_form_field( array(439 ‘name’ => "wpmem_fields_required[]",440 ‘type’ => 'checkbox’,441 ‘value’ => $meta,442 ‘compare’ => ( ( ‘y’ == $field[5] ) ? $meta : false ) 443 ) ) : ‘’;444 $item[‘profile’] = ( ‘user_email’ != $meta && ‘username’ != $meta && ‘password’ != $meta && ‘confirm_password’ != $meta ) ? wpmem_form_field( array(445 ‘name’ => “wpmem_fields_profile[]“,446 ‘type’ => “checkbox",447 ‘value’ => $meta,448 ‘compare’ => ( ( ‘y’ == $profile ) ? $meta : false )449 ) ) : '’;450 $item[‘userscrn’] = ( ! in_array( $meta, $wpmem_ut_fields_skip ) ) ? wpmem_form_field( array(451 ‘name’ => “wpmem_fields_uscreen[" . $meta . "]“,452 ‘type’ => 'checkbox’,453 ‘value’ => $field[1],454 ‘compare’ => ( ( $ut_checked == $meta ) ? $field[1] : false ) 455 ) ) : ‘’;456 $item[‘usearch’] = ( ! in_array( $meta, $wpmem_us_fields_skip ) ) ? wpmem_form_field( array(457 ‘name’ => "wpmem_fields_usearch[" . $meta . "]“,458 ‘type’ => 'checkbox’,459 ‘value’ => $field[1],460 ‘compare’ => ( ( $us_checked == $meta ) ? $field[1] : false ) 461 ) ) : '’;462463 /*464 if ( wpmem_is_woo_active() ) {465 if ( wpmem_is_enabled( ‘woo/add_checkout_fields’ ) ) {466 $item[‘wcchkout’] = ( ! in_array( $meta, $wpmem_ut_fields_skip ) && ! in_array( $meta, $wpmem_wc_checkout_skip ) ) ? wpmem_form_field( array(467 ‘name’ => “wpmem_fields_wcchkout[]“,468 ‘type’ => 'checkbox’,469 ‘value’ => $meta,470 ‘compare’ => ( ( isset( $field[‘wcchkout’] ) && ‘y’ == $field[‘wcchkout’] ) ? $meta : false ) 471 ) ) : '’;472 }473 if ( wpmem_is_enabled( ‘woo/add_my_account_fields’ ) ) {474 $item[‘wcaccount’] = ( ! in_array( $meta, $wpmem_ut_fields_skip ) && ! in_array( $meta, $wpmem_wc_checkout_skip ) ) ? wpmem_form_field( array(475 ‘name’ => “wpmem_fields_wcaccount[]“,476 ‘type’ => 'checkbox’,477 ‘value’ => $meta,478 ‘compare’ => ( ( isset( $field[‘wcaccount’] ) && ‘y’ == $field[‘wcaccount’] ) ? $meta : false ) 479 ) ) : ‘’;480 }481 if ( wpmem_is_enabled( ‘woo/add_update_fields’ ) ) {482 $item[‘wcupdate’] = ( ! in_array( $meta, $wpmem_ut_fields_skip ) && ! in_array( $meta, $wpmem_wc_checkout_skip ) ) ? wpmem_form_field( array(483 ‘name’ => "wpmem_fields_wcupdate[]“,484 ‘type’ => 'checkbox’,485 ‘value’ => $meta,486 ‘compare’ => ( ( isset( $field[‘wcupdate’] ) && ‘y’ == $field[‘wcupdate’] ) ? $meta : false ) 487 ) ) : '’;488 }489 }490 */491492 $item[‘edit’] = '<span class="dashicons dashicons-move” title="’ . __( 'Drag and drop to reorder fields’, ‘wp-members’ ) . '"></span>’;493494 $field_items[] = $item;495 }496 }497498 $extra_user_screen_items = array(499 ‘user_registered’ => __( 'Registration Date’, ‘wp-members’ ),500 ‘_wpmem_user_confirmed’ => __( 'Confirmed’, ‘wp-members’ ),501 ‘active’ => __( 'Activated’, ‘wp-members’ ),502 ‘wpmem_reg_ip’ => __( 'Registration IP’, ‘wp-members’ ),503 ‘exp_type’ => __( 'Subscription Type’, ‘wp-members’ ),504 ‘expires’ => __( 'Expires’, ‘wp-members’ ),505 ‘user_id’ => __( 'User ID’, ‘wp-members’ ),506 );507508 foreach ( $extra_user_screen_items as $key => $item ) {509 $ut_checked = ( ( $wpmem_ut_fields ) && ( in_array( $item, $wpmem_ut_fields ) ) ) ? $item : '’;510 if ( ‘user_id’ == $key511 || ‘user_registered’ == $key 512 || ‘wpmem_reg_ip’ == $key 513 || ( ‘_wpmem_user_confirmed’ == $key && 1 == $wpmem->act_link ) 514 || ( ‘active’ == $key && 1 == $wpmem->mod_reg ) 515 || defined( ‘WPMEM_EXP_MODULE’ ) && $wpmem->use_exp == 1 && ( ‘exp_type’ == $key || ‘expires’ == $key ) ) {516 $user_screen_items[ $key ] = array( ‘label’ => __( $item, ‘wp-members’ ), ‘meta’ => $key,517 ‘userscrn’ => wpmem_form_field( “ut_fields[{$key}]“, 'checkbox’, $item, $ut_checked ),518 );519 }520 }521522 foreach ( $user_screen_items as $screen_item ) {523 $field_items[] = array(524 ‘label’ => $screen_item[‘label’],525 ‘meta’ => $screen_item[‘meta’],526 ‘type’ => '’,527 ‘display’ => '’,528 ‘req’ => '’,529 ‘profile’ => '’,530 ‘userscrn’ => $screen_item[‘userscrn’],531 ‘usearch’ => '’,532 ‘edit’ => '’,533 ‘sort’ => '’,534 );535 }536537 $table = new WP_Members_Fields_Table();538539 $heading = __( 'Manage Fields’, ‘wp-members’ );540 //$description = __( 'Displaying fields for:’, ‘wp-members’ );541 //$which_form = $wpmem->form_tags[ $wpmem->admin->current_form ];542543 echo '<div class="wrap">’;544 printf( '<h3 class="title">%s</h3>’, $heading );545 //printf( '<p>%s <strong>%s</strong></p>’, $description, $which_form );546 printf( '<form name="updatefieldform” id="updatefieldform” method="post” action="%s">’, wpmem_admin_form_post_url() );547548 $table->items = $field_items;549 $table->prepare_items(); 550 $table->display(); 551 echo '</form>’;552 echo '</div>’; 553 }554555 /** 556 * Javascript to ID the fields table and add curser style to rows.557 *558 * @since 3.1.8559 * @since 3.3.0 Changed from wpmem_bulk_fields_actions() to bulk_actions().560 */ 561562 public static function bulk_actions() { 563 if ( ‘wpmem-settings’ == wpmem_get( 'page’, false, ‘get’ ) && ‘fields’ == wpmem_get( 'tab’, false, ‘get’ ) ) {564 ?><script type="text/javascript">565 (function($) {566 $(document).ready(function() {567 $(“table”).attr(“id", “wpmem-fields”);568 /**$(“tr”).attr('style’, ‘cursor:move;’);**/569 });570 })(jQuery);571 jQuery('<input id="add_field” name="add_field” class="button action” type="submit” value="<?php _e( 'Add Field’, ‘wp-members’ ); ?>” />’).appendTo(“.top .bulkactions”);572 jQuery('<input id="add_field2” name="add_field” class="button action” type="submit” value="<?php _e( 'Add Field’, ‘wp-members’ ); ?>” />’).appendTo(“.bottom .bulkactions”);573 </script><?php574 }575 }576577 /**578 * Updates fields.579 *580 * Derived from wpmem_update_fields()581 *582 * @since 3.1.8583 * @since 3.3.0 Changed from wpmem_admin_fields_update() to update().584 * @since 3.3.9 load_fields() moved to forms object class.585 *586 * @global object $wpmem587 * @global string $did_update588 * @global string $add_field_err_msg The add field error message589 */590 public static function update() {591592 global $wpmem, $did_update, $delete_action;593594 if ( ‘wpmem-settings’ == wpmem_get( 'page’, false, ‘get’ ) && ‘fields’ == wpmem_get( 'tab’, false, ‘get’ ) ) {595 // Get the current fields.596 $wpmem_fields = get_option( ‘wpmembers_fields’ );597598 $action = sanitize_text_field( wpmem_get( 'action’, false ) );599 $action = ( -1 == $action ) ? sanitize_text_field( wpmem_get( ‘action2’ ) ) : $action;600601 $delete_action = false;602603 if ( ‘save’ == $action ) {604605 // Check nonce.606 check_admin_referer( ‘bulk-settings_page_wpmem-settings’ );607608 // Update user table fields.609 $ut_fields_arr = wpmem_sanitize_array( wpmem_get( 'wpmem_fields_uscreen’, array() ) );610 update_option( 'wpmembers_utfields’, $ut_fields_arr );611612 // Update user search fields.613 $us_fields_arr = wpmem_sanitize_array( wpmem_get( 'wpmem_fields_usearch’, array() ) );614 update_option( 'wpmembers_usfields’, $us_fields_arr );615616 $wpmem_fields_display_post = wpmem_get( 'wpmem_fields_display’, array() );617 $wpmem_fields_required_post = wpmem_get( 'wpmem_fields_required’, array() );618 $wpmem_fields_profile_post = wpmem_get( 'wpmem_fields_profile’, array() );619620 // Update display/required settings621 foreach ( $wpmem_fields as $key => $field ) {622 623 // What is the field?624 $meta_key = $field[2];625 626 // Main settings (display, required, profile).627 if ( ‘username’ == $meta_key || ‘user_email’ == $meta_key ) {628 $wpmem_fields[ $key ][4] = 'y’;629 $wpmem_fields[ $key ][5] = 'y’;630 $wpmem_fields[ $key ][‘profile’] = ( ‘username’ == $meta_key ) ? false : true;631 } else {632 $wpmem_fields[ $key ][4] = ( in_array( $meta_key, $wpmem_fields_display_post ) ) ? ‘y’ : '’;633 $wpmem_fields[ $key ][5] = ( in_array( $meta_key, $wpmem_fields_required_post ) ) ? ‘y’ : '’;634 $wpmem_fields[ $key ][‘profile’] = ( in_array( $meta_key, $wpmem_fields_profile_post ) ) ? true : false;635 }636 }637638 // Save updates.639 update_option( 'wpmembers_fields’, $wpmem_fields );640 $wpmem->forms->load_fields();641 642 // Set update message.643 $did_update = __( 'WP-Members fields were updated’, ‘wp-members’ );644 645 // Return.646 return $did_update;647648 } elseif ( ‘delete’ == $action ) {649650 // Check nonce.651 check_admin_referer( ‘bulk-settings_page_wpmem-settings’ );652653 $delete_action = 'delete’;654655 } elseif ( ( ‘add_field’ == wpmem_get( ‘wpmem_admin_a’ ) || ‘edit_field’ == wpmem_get( ‘wpmem_admin_a’ ) ) && check_admin_referer( ‘wpmem_add_field’ ) ) {656657 // Set action.658 $action = sanitize_text_field( wpmem_get( ‘wpmem_admin_a’ ) );659660 global $add_field_err_msg;661662 $add_field_err_msg = false;663 $add_name = sanitize_text_field( wpmem_get( ‘add_name’ ) );664 $add_option = sanitize_text_field( wpmem_get( ‘add_option’ ) );665666 // Error check that field label and option name are included and unique.667 $add_field_err_msg = ( ! $add_name ) ? __( 'Field Label is required. Nothing was updated.’, ‘wp-members’ ) : $add_field_err_msg;668 $add_field_err_msg = ( ! $add_option ) ? __( 'Meta Key is required. Nothing was updated.’, ‘wp-members’ ) : $add_field_err_msg;669670 $add_field_err_msg = ( ! preg_match(“/^[A-Za-z0-9_]*$/", $add_option ) ) ? __( 'Meta Key must contain only letters, numbers, and underscores’, ‘wp-members’ ) : $add_field_err_msg;671672 // Check for duplicate field names.673 $chk_fields = array();674 foreach ( $wpmem_fields as $field ) {675 $chk_fields[] = $field[2];676 }677 $add_field_err_msg = ( in_array( $add_option, $chk_fields ) ) ? __( 'A field with that meta key already exists’, ‘wp-members’ ) : $add_field_err_msg;678679 // Error check for reserved terms.680 $reserved_terms = wpmem_wp_reserved_terms();681 if ( in_array( strtolower( $add_option ), $reserved_terms ) ) {682 $add_field_err_msg = sprintf( __( 'Sorry, “%s” is a <a href="https://codex.wordpress.org/Function_Reference/register_taxonomy#Reserved_Terms” target="_blank">reserved term</a>. Field was not added.’, ‘wp-members’ ), $add_option );683 }684685 // Error check option name for spaces and replace with underscores.686 $us_option = preg_replace( "/ /", '_’, $add_option );687688 $arr = array();689690 $type = sanitize_text_field( wpmem_get( ‘add_type’ ) );691692 $arr[0] = filter_var( wpmem_get( ‘add_order_id’ ), FILTER_SANITIZE_NUMBER_INT );693 $arr[1] = sanitize_text_field( stripslashes( wpmem_get( ‘add_name’ ) ) );694 $arr[2] = $us_option;695 $arr[3] = $type;696 $arr[4] = ( ‘y’ == wpmem_get( 'add_display’, ‘n’ ) ) ? ‘y’ : 'n’;697 $arr[5] = ( ‘y’ == wpmem_get( 'add_required’, ‘n’ ) ) ? ‘y’ : 'n’;698699 // Mark native fields:700 $native_fields = array( 'user_login’, 'user_pass’, 'user_nicename’, 'user_email’, 'user_url’, 'user_registered’, 'display_name’, 'first_name’, 'last_name’, 'nickname’, ‘description’ );701 $arr[6] = ( in_array( $us_option, $native_fields ) ) ? ‘y’ : 'n’;702703 if ( ‘text’ == $type || ‘email’ == $type || ‘textarea’ == $type || ‘password’ == $type || ‘url’ == $type || ‘number’ == $type || ‘date’ == $type || ‘timestamp’ == $type ) {704 $arr[‘placeholder’] = sanitize_text_field( stripslashes( wpmem_get( ‘add_placeholder’ ) ) );705 }706707 if ( ‘text’ == $type || ‘email’ == $type || ‘password’ == $type || ‘url’ == $type || ‘number’ == $type || ‘date’ == $type || ‘timestamp’ == $type ) {708 $arr[‘pattern’] = sanitize_text_field( stripslashes( wpmem_get( ‘add_pattern’ ) ) );709 $arr[‘title’] = sanitize_text_field( stripslashes( wpmem_get( ‘add_title’ ) ) );710 }711712 if ( ‘number’ == $type || ‘date’ == $type ) {713 $arr[‘min’] = filter_var( wpmem_get( ‘add_min’ ), FILTER_SANITIZE_NUMBER_INT );714 $arr[‘max’] = filter_var( wpmem_get( ‘add_max’ ), FILTER_SANITIZE_NUMBER_INT );715 }716717 if ( ‘textarea’ == $type ) {718 $arr[‘rows’] = filter_var( wpmem_get( ‘add_rows’ ), FILTER_SANITIZE_NUMBER_INT );719 $arr[‘cols’] = filter_var( wpmem_get( ‘add_cols’ ), FILTER_SANITIZE_NUMBER_INT );720 }721722 if ( $type == ‘checkbox’ ) {723 $add_field_err_msg = ( ! $_POST[‘add_checked_value’] ) ? __( 'Checked value is required for checkboxes. Nothing was updated.’, ‘wp-members’ ) : $add_field_err_msg;724 $arr[7] = sanitize_text_field( wpmem_get( 'add_checked_value’, false ) );725 $arr[8] = ( ‘y’ == wpmem_get( 'add_checked_default’, ‘n’ ) ) ? ‘y’ : 'n’;726 $arr[‘checkbox_label’] = intval( wpmem_get( 'add_checkbox_label’, 0 ) );727 }728729 if ( $type == ‘select’ 730 || $type == ‘multiselect’ 731 || $type == 'radio’732 || $type == ‘multicheckbox’ 733 ) {734 // Get the values.735 $str = stripslashes( sanitize_textarea_field( $_POST[‘add_dropdown_value’] ) );736 // Remove linebreaks.737 $str = trim( str_replace( array("\r", "\r\n", “\n”), '’, $str ) );738 // Create array.739 if ( ! function_exists( ‘str_getcsv’ ) ) {740 $arr[7] = explode( ',’, $str );741 } else {742 $arr[7] = str_getcsv( $str, ',’, ‘"’ );743 }744 // If multiselect or multicheckbox, set delimiter.745 if ( ‘multiselect’ == $type || ‘multicheckbox’ == $type ) {746 $arr[8] = ( ‘,’ === wpmem_get( 'add_delimiter_value’, ‘|’ ) ) ? ‘,’ : '|’;747 }748 }749750 if ( $type == ‘file’ || $type == ‘image’ ) {751 $arr[7] = sanitize_text_field( stripslashes( $_POST[‘add_file_value’] ) );752 }753754 if ( wpmem_get( ‘add_type’ ) == ‘hidden’ ) { 755 $add_field_err_msg = ( ! $_POST[‘add_hidden_value’] ) ? __( 'A value is required for hidden fields. Nothing was updated.’, ‘wp-members’ ) : $add_field_err_msg;756 $arr[7] = ( isset( $_POST[‘add_hidden_value’] ) ) ? sanitize_text_field( stripslashes( $_POST[‘add_hidden_value’] ) ) : '’;757 }758759 if ( ‘timestamp’ == wpmem_get( ‘add_type’ ) ) {760 $arr[‘timestamp_display’] = sanitize_text_field( wpmem_get( 'add_timestamp_display’, 'Y-m-d’, ‘post’ ) );761 }762763 if ( $action == ‘add_field’ ) {764 if ( ! $add_field_err_msg ) {765 array_push( $wpmem_fields, $arr );766 $did_update = sprintf( __( '%s was added’, ‘wp-members’ ), esc_html( $_POST[‘add_name’] ) );767 } else {768 $did_update = $add_field_err_msg;769 }770 } else {771 for ( $row = 0; $row < count( $wpmem_fields ); $row++ ) {772 if ( $wpmem_fields[ $row ][2] == wpmem_get( 'field’, false, ‘get’ ) ) {773 $arr[0] = $wpmem_fields[ $row ][0];774 foreach ( $arr as $key => $value ) {775 $wpmem_fields[ $row ][ $key ] = $arr[ $key ];776 }777 }778 }779 $did_update = sprintf( __( '%s was updated’, ‘wp-members’ ), esc_html( stripslashes( $add_name ) ) );780 $did_update.= ‘<p><a href="’ . esc_url( add_query_arg( array( ‘page’ => 'wpmem-settings’, ‘tab’ => ‘fields’ ), get_admin_url() . ‘options-general.php’ ) ) . '">« ' . __( 'Return to Fields Table’, ‘wp-members’ ) . '</a></p>’;781 }782783 $wpmem_newfields = $wpmem_fields;784785 update_option( 'wpmembers_fields’, $wpmem_newfields );786 $wpmem->forms->load_fields();787 return $did_update; 788 }789 }790 }791792 /**793 * Reorders form fields.794 *795 * @since 2.5.1796 * @since 3.1.8 Rebuilt for new List Table.797 * @since 3.3.0 Merged do_field_reorder() and field_reorder().798 */799 public static function do_field_reorder() {800801 // Start fresh.802 $new_order = $wpmem_fields = $field = $key = $wpmem_new_fields = $id = $k = '’;803 $wpmem_fields = get_option( ‘wpmembers_fields’ );804805 // Get the list items806 $new_order = $_POST;807808 // Put fields in the proper order for the current form.809 $wpmem_new_fields = array();810 foreach ( $new_order[‘list_items’] as $id ) {811 foreach( $wpmem_fields as $val ) {812 if ( $val[0] == $id ) {813 $wpmem_new_fields[] = $val;814 }815 }816 }817818 // Save fields array with new current form field order.819 update_option( 'wpmembers_fields’, $wpmem_new_fields ); 820821 // Indicate successful transaction.822 _e( 'Form field order updated.’, ‘wp-members’ );823824 die(); // This is required to return a proper result.825826 }827}828// End of file.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907