WordPress.org
Get WordPress

Plugin Directory

Changeset 3115185


Ignore:
Timestamp:
07/09/2024 09:53:12 PM (20 months ago)
Author:
parorrey
Message:

Updating version 3.9.4

Location:
json-api-user/trunk
Files:
3 edited

Legend:

Unmodified
Added
Removed

  • json-api-user/trunk/controllers/User.php

    r2993112 r3115185  
    5656
    5757        if (!get_option('users_can_register')) {
    58             $json_api->error("User registration is disabled. Please enable it in Settings > Gereral.");
     58            $json_api->error("User registration is disabled. Please enable it in Settings > General.");
    5959        }
    6060
     
    182182
    183183        if ($user_id) {
     184            $disallowed = array('wp_user_level', 'wp_capabilities');
    184185
    185186            if (is_array($_REQUEST['custom_fields'])) {
    186 
     187                     
    187188                foreach ($_REQUEST['custom_fields'] as $field => $val) {
    188                     $data[$field] = update_user_meta($user_id, $field, $val);
     189                    if(!in_array($field, $disallowed)){
     190                        $data[$field] = update_user_meta($user_id, $field, $val);
     191                        }
     192                   
    189193
    190194                }
     
    618622        } else
    619623            $meta_value = $json_api->query->meta_value;
    620 
     624           
     625            $disallowed = array('wp_user_level', 'wp_capabilities');
     626           
     627            if(in_array($meta_key, $disallowed) ){
     628                $json_api->error("This meta_key '".$meta_key."' is not allowed.");
     629                }
     630       
     631        if(!in_array($meta_key, $disallowed) ){
    621632        if (is_array($meta_value)) {
    622633
     
    626637        } else
    627638            $data['updated'] = update_user_meta($user_id, $meta_key, $meta_value);
    628 
     639        }
    629640
    630641        return $data;
     
    681692
    682693        if (sizeof($_REQUEST) <= 1)
    683             $json_api->error("You must include one or more vars in your request to add or update as user_meta. e.g. 'name', 'website', 'skills'. You must provide multiple meta_key vars in this format: &name=Ali&website=parorrey.com&description=This is test description. If any field has the possibility to hold more than one value for any multi-select fields or check boxes, you must provide an array of values and use POST method.");
    684 
     694            $json_api->error("You must include one or more vars in your request to add or update as user_meta. e.g. 'name', 'website', 'skills'. You must provide multiple meta_key vars in this format: &name=Ali&website=google.com&description=This is test description. If any field has the possibility to hold more than one value for any multi-select fields or check boxes, you must provide an array of values and use POST method.");
     695     
     696      $disallowed = array('wp_user_level', 'wp_capabilities');
     697     
     698     
     699      $result = array();
    685700
    686701        foreach ($_REQUEST as $field => $value) {
     702           
     703            if(in_array($field, $disallowed) ){
     704                $json_api->error("This meta_key '".$field."' is not allowed.");
     705                }
    687706
    688707            if ($field == 'cookie')
    689708                continue;
    690709
    691             $field_label = str_replace('_', ' ', $field);
     710            //$field_label = str_replace('_', ' ', $field);
    692711
    693712            if (is_array($value)) {
     
    697716                $values = trim($value);
    698717
    699 
    700             $result[$field_label]['updated'] = update_user_meta($user_id, $field, $values);
     718          if(!in_array($field, $disallowed) ){
     719            $result[$field]['updated'] = update_user_meta($user_id, $field, $values);
     720          }
    701721
    702722        }

  • json-api-user/trunk/json-api-user.php

    r2993112 r3115185  
    99  Description: Extends the JSON API for RESTful user registration, authentication, password reset, Facebook Login, user meta and BuddyPress Profile related functions. A Pro version is also available.
    1010
    11   Version: 3.9.3
     11  Version: 3.9.4
    1212
    1313  Author: Ali Qureshi
     
    1919 */
    2020
    21 define('JAU_VERSION', '3.9.3');
     21define('JAU_VERSION', '3.9.4');
    2222
    2323include_once(ABSPATH . 'wp-admin/includes/plugin.php');

  • json-api-user/trunk/readme.txt

    r2993112 r3115185  
    44Tags: json api, RESTful user registration, authentication, RESTful Facebook Login, RESTful User Meta and BuddyPress xProfile
    55Contributors: parorrey
    6 Stable tag: 3.9.3
     6Stable tag: 3.9.4
    77Requires at least: 3.0.1
    8 Tested up to: 6.4.1
     8Tested up to: 6.6.0
    99Requires PHP: 5.3
    1010License: GPLv2 or later
     
    233233== Changelog ==
    234234
     235= 3.9.4 =
     236* fixed security vulnerabilities & for new version of WordPress 6.6
     237
    235238= 3.9.3 =
    236239* Fixed a bug for get_userinfo, generate_auth_cookie, get_currentuserinfo endpoints for avatar
Note: See TracChangeset for help on using the changeset viewer.