Changeset 3115185
- Timestamp:
- 07/09/2024 09:53:12 PM (20 months ago)
- Location:
- json-api-user/trunk
- Files:
-
- 3 edited
-
controllers/User.php (modified) (6 diffs)
-
json-api-user.php (modified) (2 diffs)
-
readme.txt (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
-
json-api-user/trunk/controllers/User.php
r2993112 r3115185 56 56 57 57 if (!get_option('users_can_register')) { 58 $json_api->error("User registration is disabled. Please enable it in Settings > Ge reral.");58 $json_api->error("User registration is disabled. Please enable it in Settings > General."); 59 59 } 60 60 … … 182 182 183 183 if ($user_id) { 184 $disallowed = array('wp_user_level', 'wp_capabilities'); 184 185 185 186 if (is_array($_REQUEST['custom_fields'])) { 186 187 187 188 foreach ($_REQUEST['custom_fields'] as $field => $val) { 188 $data[$field] = update_user_meta($user_id, $field, $val); 189 if(!in_array($field, $disallowed)){ 190 $data[$field] = update_user_meta($user_id, $field, $val); 191 } 192 189 193 190 194 } … … 618 622 } else 619 623 $meta_value = $json_api->query->meta_value; 620 624 625 $disallowed = array('wp_user_level', 'wp_capabilities'); 626 627 if(in_array($meta_key, $disallowed) ){ 628 $json_api->error("This meta_key '".$meta_key."' is not allowed."); 629 } 630 631 if(!in_array($meta_key, $disallowed) ){ 621 632 if (is_array($meta_value)) { 622 633 … … 626 637 } else 627 638 $data['updated'] = update_user_meta($user_id, $meta_key, $meta_value); 628 639 } 629 640 630 641 return $data; … … 681 692 682 693 if (sizeof($_REQUEST) <= 1) 683 $json_api->error("You must include one or more vars in your request to add or update as user_meta. e.g. 'name', 'website', 'skills'. You must provide multiple meta_key vars in this format: &name=Ali&website=parorrey.com&description=This is test description. If any field has the possibility to hold more than one value for any multi-select fields or check boxes, you must provide an array of values and use POST method."); 684 694 $json_api->error("You must include one or more vars in your request to add or update as user_meta. e.g. 'name', 'website', 'skills'. You must provide multiple meta_key vars in this format: &name=Ali&website=google.com&description=This is test description. If any field has the possibility to hold more than one value for any multi-select fields or check boxes, you must provide an array of values and use POST method."); 695 696 $disallowed = array('wp_user_level', 'wp_capabilities'); 697 698 699 $result = array(); 685 700 686 701 foreach ($_REQUEST as $field => $value) { 702 703 if(in_array($field, $disallowed) ){ 704 $json_api->error("This meta_key '".$field."' is not allowed."); 705 } 687 706 688 707 if ($field == 'cookie') 689 708 continue; 690 709 691 $field_label = str_replace('_', ' ', $field);710 //$field_label = str_replace('_', ' ', $field); 692 711 693 712 if (is_array($value)) { … … 697 716 $values = trim($value); 698 717 699 700 $result[$field_label]['updated'] = update_user_meta($user_id, $field, $values); 718 if(!in_array($field, $disallowed) ){ 719 $result[$field]['updated'] = update_user_meta($user_id, $field, $values); 720 } 701 721 702 722 } -
json-api-user/trunk/json-api-user.php
r2993112 r3115185 9 9 Description: Extends the JSON API for RESTful user registration, authentication, password reset, Facebook Login, user meta and BuddyPress Profile related functions. A Pro version is also available. 10 10 11 Version: 3.9. 311 Version: 3.9.4 12 12 13 13 Author: Ali Qureshi … … 19 19 */ 20 20 21 define('JAU_VERSION', '3.9. 3');21 define('JAU_VERSION', '3.9.4'); 22 22 23 23 include_once(ABSPATH . 'wp-admin/includes/plugin.php'); -
json-api-user/trunk/readme.txt
r2993112 r3115185 4 4 Tags: json api, RESTful user registration, authentication, RESTful Facebook Login, RESTful User Meta and BuddyPress xProfile 5 5 Contributors: parorrey 6 Stable tag: 3.9. 36 Stable tag: 3.9.4 7 7 Requires at least: 3.0.1 8 Tested up to: 6. 4.18 Tested up to: 6.6.0 9 9 Requires PHP: 5.3 10 10 License: GPLv2 or later … … 233 233 == Changelog == 234 234 235 = 3.9.4 = 236 * fixed security vulnerabilities & for new version of WordPress 6.6 237 235 238 = 3.9.3 = 236 239 * Fixed a bug for get_userinfo, generate_auth_cookie, get_currentuserinfo endpoints for avatar
Note: See TracChangeset
for help on using the changeset viewer.