Context Navigation

← Previous Changeset
Next Changeset →

Changeset 3435099

Timestamp:

01/08/2026 12:07:33 PM (3 months ago)

Author:

wpeverest

Message:

Update to version 4.4.9 from GitHub

Location:

user-registration

Files:

: 10 edited
: 1 copied

tags/4.4.9 (copied) (copied from user-registration/trunk)
tags/4.4.9/CHANGELOG.txt (modified) (1 diff)
tags/4.4.9/includes/abstracts/abstract-ur-list-table.php (modified) (3 diffs)
tags/4.4.9/languages/user-registration.pot (modified) (5 diffs)
tags/4.4.9/readme.txt (modified) (2 diffs)
tags/4.4.9/user-registration.php (modified) (6 diffs)
trunk/CHANGELOG.txt (modified) (1 diff)
trunk/includes/abstracts/abstract-ur-list-table.php (modified) (3 diffs)
trunk/languages/user-registration.pot (modified) (5 diffs)
trunk/readme.txt (modified) (2 diffs)
trunk/user-registration.php (modified) (6 diffs)

Legend:

: Unmodified
: Added
: Removed

user-registration/tags/4.4.9/CHANGELOG.txt

r3413561	r3435099
	1	= 4.4.9 - 08/01/2026 =
	2	* Security - Fixed XSS vulnerability for delete users.
	3
1	4	= 4.4.8 - 07/12/2025 =
2	5	* Tweak - Fixed empty sdk url.

user-registration/tags/4.4.9/includes/abstracts/abstract-ur-list-table.php

-                      r3095484
+                      r3435099
                 case 'bulk_trash':
                 case 'trash':
+                    check_admin_referer( 'bulk-' . $this->_args['plural'] );
                     if ( ! current_user_can( 'delete_posts' ) ) {
                         wp_die( esc_html__( 'You do not have permission to trash posts!', 'user-registration' ) );
 …
                         $this->bulk_trash( $post_ids );
+                    }
                     break;
                 case 'bulk_untrash':
                 case 'untrash':
+                    check_admin_referer( 'bulk-' . $this->_args['plural'] );
                     if ( ! current_user_can( 'edit_posts' ) ) {
                         wp_die( esc_html__( 'You do not have permission to untrash posts!', 'user-registration' ) );
 …
                         $this->bulk_untrash( $post_ids );
+                    }
                     break;
                 case 'bulk_delete':
                 case 'delete':
+                    check_admin_referer( 'bulk-' . $this->_args['plural'] );
                     if ( ! current_user_can( 'delete_posts' ) ) {
                         wp_die( esc_html__( 'You do not have permission to delete posts!', 'user-registration' ) );

user-registration/tags/4.4.9/languages/user-registration.pot

-                      r3413561
+                      r3435099
 # Copyright (C) 2025 WPEverest
+# Copyright (C) 2026 WPEverest
 # This file is distributed under the same license as the User Registration & Membership plugin.
 msgid ""
 msgstr ""
 "Project-Id-Version: User Registration & Membership 4.4.8\n"
+"Project-Id-Version: User Registration & Membership 4.4.9\n"
 "Report-Msgid-Bugs-To: https://wordpress.org/support/plugin/user-registration\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 …
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 "POT-Creation-Date: 2025-12-07T15:35:51+00:00\n"
+"POT-Creation-Date: 2026-01-08T12:06:21+00:00\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "X-Generator: WP-CLI 2.12.0\n"
 …
 #: includes/abstracts/abstract-ur-list-table.php:258
 #: includes/abstracts/abstract-ur-list-table.php:298
+#: includes/abstracts/abstract-ur-list-table.php:306
 #: includes/admin/class-ur-admin-export-users.php:51
 #: includes/admin/class-ur-admin-import-export-forms.php:51
 …
 msgstr ""
 #: includes/abstracts/abstract-ur-list-table.php:267
+#: includes/abstracts/abstract-ur-list-table.php:269
 msgid "You do not have permission to trash posts!"
 msgstr ""
 #: includes/abstracts/abstract-ur-list-table.php:277
+#: includes/abstracts/abstract-ur-list-table.php:282
 msgid "You do not have permission to untrash posts!"
 msgstr ""
 #: includes/abstracts/abstract-ur-list-table.php:287
 #: includes/abstracts/abstract-ur-list-table.php:296
+#: includes/abstracts/abstract-ur-list-table.php:295
+#: includes/abstracts/abstract-ur-list-table.php:304
 msgid "You do not have permission to delete posts!"
 msgstr ""
 #: includes/abstracts/abstract-ur-list-table.php:340
+#: includes/abstracts/abstract-ur-list-table.php:348
 msgid "Copy of "
 msgstr ""
 #: includes/abstracts/abstract-ur-list-table.php:487
+#: includes/abstracts/abstract-ur-list-table.php:495
 msgid "Empty trash"
 msgstr ""
 #: includes/abstracts/abstract-ur-list-table.php:564
+#: includes/abstracts/abstract-ur-list-table.php:572
 msgid "Y/m/d g:i:s A"
 msgstr ""
 #. translators: %s - Human readable time
 #: includes/abstracts/abstract-ur-list-table.php:577
+#: includes/abstracts/abstract-ur-list-table.php:585
 msgid "%s ago"
 msgstr ""
 #: includes/abstracts/abstract-ur-list-table.php:581
+#: includes/abstracts/abstract-ur-list-table.php:589
 msgid "Y/m/d"
 msgstr ""
 #: includes/abstracts/abstract-ur-list-table.php:664
+#: includes/abstracts/abstract-ur-list-table.php:672
 #: includes/admin/settings/class-ur-users-list-table.php:670
 #: includes/admin/views/html-admin-page-form-templates.php:47
 …
 msgstr ""
 #: user-registration.php:643
+#: user-registration.php:659
 msgid "As <strong>User Registration & Membership Pro</strong> is active, <strong>User Registration Free</strong> is now not needed."
 msgstr ""

user-registration/tags/4.4.9/readme.txt

-                      r3413561
+                      r3435099
 Requires PHP: 7.2
 Tested up to: 6.9
 Stable tag: 4.4.8
+Stable tag: 4.4.9
 License: GPLv3
 License URI: http://www.gnu.org/licenses/gpl-3.0.html
 …
 == Changelog ==
+= 4.4.9    - 08/01/2026 =
+* Security - Fixed XSS vulnerability for delete users.
 = 4.4.8    - 07/12/2025 =

user-registration/tags/4.4.9/user-registration.php

-                      r3413561
+                      r3435099
  * Plugin URI: https://wpuserregistration.com/
  * Description: The most flexible User Registration and Membership plugin for WordPress.
  * Version: 4.4.8
+ * Version: 4.4.9
  * Author: WPEverest
  * Author URI: https://wpuserregistration.com
 …
          * @var string
          */
         public $version = '4.4.8';
+        public $version = '4.4.9';
         /**
 …
             $this->init_hooks();
             add_action( 'plugins_loaded', array( $this, 'objects' ), 1 );
             add_action( 'in_plugin_update_message-' . UR_PLUGIN_BASENAME, array( __CLASS__, 'in_plugin_update_message' ) );
+            add_action( 'in_plugin_update_message-' . UR_PLUGIN_BASENAME, array( __CLASS__, 'in_plugin_update_message' ), 10, 2 );
             do_action( 'user_registration_loaded' );
 …
          * @param array $args Plugin args.
          */
+        public static function in_plugin_update_message( $args ) {
+            $transient_name = 'ur_upgrade_notice_' . $args['Version'];
+        public static function in_plugin_update_message( $plugin_data, $response ) {
+            if ( empty( $response ) || empty( $response->new_version ) ) {
+                return;
+            }
+            $new_version = (string) $response->new_version;
+            $transient_name = 'ur_upgrade_notice_' . $new_version;
             $upgrade_notice = get_transient( $transient_name );
             if ( false === $upgrade_notice ) {
                 $response = wp_safe_remote_get( 'https://plugins.svn.wordpress.org/user-registration/trunk/readme.txt' );
                 if ( ! is_wp_error( $response ) && ! empty( $response['body'] ) ) {
                     $upgrade_notice = self::parse_update_notice( $response['body'], $args['new_version'] );
                     set_transient( $transient_name, $upgrade_notice, DAY_IN_SECONDS );
+                $http_response = wp_safe_remote_get( 'https://plugins.svn.wordpress.org/user-registration/trunk/readme.txt' );
+                if ( ! is_wp_error( $http_response ) && ! empty( $http_response['body'] ) ) {
+                    $upgrade_notice = self::parse_update_notice( $http_response['body'], $new_version );
+                    set_transient( $transient_name, $upgrade_notice, 3 * DAY_IN_SECONDS );
+                }
+            }
 …
          */
         private static function parse_update_notice( $content, $new_version ) {
-            // Output Upgrade Notice.
-            $matches        = null;
-            $regexp         = '~==\s*Upgrade Notice\s*==\s*=\s*(.*)\s*=(.*)(=\s*' . preg_quote( UR_VERSION ) . '\s*=|$)~Uis';
             $upgrade_notice = '';
+            if ( preg_match( $regexp, $content, $matches ) ) {
+                $version = trim( $matches[1] );
+                $notices = (array) preg_split( '~[\r\n]+~', trim( $matches[2] ) );
+                // Check the latest stable version and ignore trunk.
+                if ( $version === $new_version && version_compare( UR_VERSION, $version, '<' ) ) {
+            // Match all version blocks under "== Upgrade Notice =="
+            $blocks_regex = '~=\s*([\d\.]+)\s*=(.*?)(?==\s*[\d\.]+\s*=|$)~s';
+            if ( preg_match_all( $blocks_regex, $content, $matches, PREG_SET_ORDER ) ) {
+                foreach ( $matches as $match ) {
+                    $version_line = trim( $match[1] );
+                    $block_text   = trim( $match[2] );
+                    // Only process the block if it matches $new_version
+                    if ( $version_line !== $new_version ) {
+                        continue;
+                    }
+                    $notices = (array) preg_split( '~[\r\n]+~', $block_text );
                     $upgrade_notice .= '<div class="ur_plugin_upgrade_notice">';
 …
                     foreach ( $notices as $line ) {
+                        $line = trim( $line ); // Remove extra whitespace
+                        $line = trim( $line );
                         if ( empty( $line ) ) {
                             continue; // Skip empty lines
+                            continue;
+                        }
+                        $line = preg_replace( '~\[([^\]]*)\]\(([^\)]*)\)~', '<a href="$2">$1</a>', $line );
+                        $line = preg_replace( '~^###\s*(.*)~', '<p class="upgrade-title" style="font-size: 14px;font-weight: 600" >$1</p>', $line );
+                        if ( ! preg_match( '~^<h3>|<p>|<a |<ul>|<ol>|<li>~', $line ) ) {
+                            $line = '<p style="font-size: 12px;>' . $line . '</p>';
+                        $line = preg_replace(
+                            '~\[\s*([^\]]+)\s*\]\s*\(\s*([^\)]+)\s*\)~',
+                            '<a href="$2" target="_blank" rel="noopener noreferrer">$1</a>',
+                            $line
+                        );
+                        // Convert headings
+                        if ( preg_match( '~^###\s*(.*)~', $line, $heading ) ) {
+                            $line = '<p class="upgrade-title" style="font-size:13px;font-weight:600;">' . $heading[1] . '</p>';
+                        } elseif ( preg_match( '~^##\s*(.*)~', $line, $heading ) ) {
+                            $line = '<p class="upgrade-heading" style="font-size:14px;font-weight:600;">' . $heading[1] . '</p>';
+                        } else {
+                            $line = '<p style="font-size:12px;">' . $line . '</p>';
+                        }
                         $upgrade_notice .= wp_kses_post( trim( $line ) );
+                        $upgrade_notice .= wp_kses_post( $line );
+                    }
+                    $upgrade_notice .= '</div> ';
+                    $upgrade_notice .= '</div> ';
+                    $upgrade_notice .= '</div>';
+                    $upgrade_notice .= '</div>';
+                    break;
+                }
+            }
             return wp_kses_post( $upgrade_notice );
+        }

user-registration/trunk/CHANGELOG.txt

r3413561	r3435099
	1	= 4.4.9 - 08/01/2026 =
	2	* Security - Fixed XSS vulnerability for delete users.
	3
1	4	= 4.4.8 - 07/12/2025 =
2	5	* Tweak - Fixed empty sdk url.

user-registration/trunk/includes/abstracts/abstract-ur-list-table.php

-                      r3095484
+                      r3435099
                 case 'bulk_trash':
                 case 'trash':
+                    check_admin_referer( 'bulk-' . $this->_args['plural'] );
                     if ( ! current_user_can( 'delete_posts' ) ) {
                         wp_die( esc_html__( 'You do not have permission to trash posts!', 'user-registration' ) );
 …
                         $this->bulk_trash( $post_ids );
+                    }
                     break;
                 case 'bulk_untrash':
                 case 'untrash':
+                    check_admin_referer( 'bulk-' . $this->_args['plural'] );
                     if ( ! current_user_can( 'edit_posts' ) ) {
                         wp_die( esc_html__( 'You do not have permission to untrash posts!', 'user-registration' ) );
 …
                         $this->bulk_untrash( $post_ids );
+                    }
                     break;
                 case 'bulk_delete':
                 case 'delete':
+                    check_admin_referer( 'bulk-' . $this->_args['plural'] );
                     if ( ! current_user_can( 'delete_posts' ) ) {
                         wp_die( esc_html__( 'You do not have permission to delete posts!', 'user-registration' ) );

user-registration/trunk/languages/user-registration.pot

-                      r3413561
+                      r3435099
 # Copyright (C) 2025 WPEverest
+# Copyright (C) 2026 WPEverest
 # This file is distributed under the same license as the User Registration & Membership plugin.
 msgid ""
 msgstr ""
 "Project-Id-Version: User Registration & Membership 4.4.8\n"
+"Project-Id-Version: User Registration & Membership 4.4.9\n"
 "Report-Msgid-Bugs-To: https://wordpress.org/support/plugin/user-registration\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 …
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 "POT-Creation-Date: 2025-12-07T15:35:51+00:00\n"
+"POT-Creation-Date: 2026-01-08T12:06:21+00:00\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "X-Generator: WP-CLI 2.12.0\n"
 …
 #: includes/abstracts/abstract-ur-list-table.php:258
 #: includes/abstracts/abstract-ur-list-table.php:298
+#: includes/abstracts/abstract-ur-list-table.php:306
 #: includes/admin/class-ur-admin-export-users.php:51
 #: includes/admin/class-ur-admin-import-export-forms.php:51
 …
 msgstr ""
 #: includes/abstracts/abstract-ur-list-table.php:267
+#: includes/abstracts/abstract-ur-list-table.php:269
 msgid "You do not have permission to trash posts!"
 msgstr ""
 #: includes/abstracts/abstract-ur-list-table.php:277
+#: includes/abstracts/abstract-ur-list-table.php:282
 msgid "You do not have permission to untrash posts!"
 msgstr ""
 #: includes/abstracts/abstract-ur-list-table.php:287
 #: includes/abstracts/abstract-ur-list-table.php:296
+#: includes/abstracts/abstract-ur-list-table.php:295
+#: includes/abstracts/abstract-ur-list-table.php:304
 msgid "You do not have permission to delete posts!"
 msgstr ""
 #: includes/abstracts/abstract-ur-list-table.php:340
+#: includes/abstracts/abstract-ur-list-table.php:348
 msgid "Copy of "
 msgstr ""
 #: includes/abstracts/abstract-ur-list-table.php:487
+#: includes/abstracts/abstract-ur-list-table.php:495
 msgid "Empty trash"
 msgstr ""
 #: includes/abstracts/abstract-ur-list-table.php:564
+#: includes/abstracts/abstract-ur-list-table.php:572
 msgid "Y/m/d g:i:s A"
 msgstr ""
 #. translators: %s - Human readable time
 #: includes/abstracts/abstract-ur-list-table.php:577
+#: includes/abstracts/abstract-ur-list-table.php:585
 msgid "%s ago"
 msgstr ""
 #: includes/abstracts/abstract-ur-list-table.php:581
+#: includes/abstracts/abstract-ur-list-table.php:589
 msgid "Y/m/d"
 msgstr ""
 #: includes/abstracts/abstract-ur-list-table.php:664
+#: includes/abstracts/abstract-ur-list-table.php:672
 #: includes/admin/settings/class-ur-users-list-table.php:670
 #: includes/admin/views/html-admin-page-form-templates.php:47
 …
 msgstr ""
 #: user-registration.php:643
+#: user-registration.php:659
 msgid "As <strong>User Registration & Membership Pro</strong> is active, <strong>User Registration Free</strong> is now not needed."
 msgstr ""

user-registration/trunk/readme.txt

-                      r3413561
+                      r3435099
 Requires PHP: 7.2
 Tested up to: 6.9
 Stable tag: 4.4.8
+Stable tag: 4.4.9
 License: GPLv3
 License URI: http://www.gnu.org/licenses/gpl-3.0.html
 …
 == Changelog ==
+= 4.4.9    - 08/01/2026 =
+* Security - Fixed XSS vulnerability for delete users.
 = 4.4.8    - 07/12/2025 =

user-registration/trunk/user-registration.php

-                      r3413561
+                      r3435099
  * Plugin URI: https://wpuserregistration.com/
  * Description: The most flexible User Registration and Membership plugin for WordPress.
  * Version: 4.4.8
+ * Version: 4.4.9
  * Author: WPEverest
  * Author URI: https://wpuserregistration.com
 …
          * @var string
          */
         public $version = '4.4.8';
+        public $version = '4.4.9';
         /**
 …
             $this->init_hooks();
             add_action( 'plugins_loaded', array( $this, 'objects' ), 1 );
             add_action( 'in_plugin_update_message-' . UR_PLUGIN_BASENAME, array( __CLASS__, 'in_plugin_update_message' ) );
+            add_action( 'in_plugin_update_message-' . UR_PLUGIN_BASENAME, array( __CLASS__, 'in_plugin_update_message' ), 10, 2 );
             do_action( 'user_registration_loaded' );
 …
          * @param array $args Plugin args.
          */
+        public static function in_plugin_update_message( $args ) {
+            $transient_name = 'ur_upgrade_notice_' . $args['Version'];
+        public static function in_plugin_update_message( $plugin_data, $response ) {
+            if ( empty( $response ) || empty( $response->new_version ) ) {
+                return;
+            }
+            $new_version = (string) $response->new_version;
+            $transient_name = 'ur_upgrade_notice_' . $new_version;
             $upgrade_notice = get_transient( $transient_name );
             if ( false === $upgrade_notice ) {
                 $response = wp_safe_remote_get( 'https://plugins.svn.wordpress.org/user-registration/trunk/readme.txt' );
                 if ( ! is_wp_error( $response ) && ! empty( $response['body'] ) ) {
                     $upgrade_notice = self::parse_update_notice( $response['body'], $args['new_version'] );
                     set_transient( $transient_name, $upgrade_notice, DAY_IN_SECONDS );
+                $http_response = wp_safe_remote_get( 'https://plugins.svn.wordpress.org/user-registration/trunk/readme.txt' );
+                if ( ! is_wp_error( $http_response ) && ! empty( $http_response['body'] ) ) {
+                    $upgrade_notice = self::parse_update_notice( $http_response['body'], $new_version );
+                    set_transient( $transient_name, $upgrade_notice, 3 * DAY_IN_SECONDS );
+                }
+            }
 …
          */
         private static function parse_update_notice( $content, $new_version ) {
-            // Output Upgrade Notice.
-            $matches        = null;
-            $regexp         = '~==\s*Upgrade Notice\s*==\s*=\s*(.*)\s*=(.*)(=\s*' . preg_quote( UR_VERSION ) . '\s*=|$)~Uis';
             $upgrade_notice = '';
+            if ( preg_match( $regexp, $content, $matches ) ) {
+                $version = trim( $matches[1] );
+                $notices = (array) preg_split( '~[\r\n]+~', trim( $matches[2] ) );
+                // Check the latest stable version and ignore trunk.
+                if ( $version === $new_version && version_compare( UR_VERSION, $version, '<' ) ) {
+            // Match all version blocks under "== Upgrade Notice =="
+            $blocks_regex = '~=\s*([\d\.]+)\s*=(.*?)(?==\s*[\d\.]+\s*=|$)~s';
+            if ( preg_match_all( $blocks_regex, $content, $matches, PREG_SET_ORDER ) ) {
+                foreach ( $matches as $match ) {
+                    $version_line = trim( $match[1] );
+                    $block_text   = trim( $match[2] );
+                    // Only process the block if it matches $new_version
+                    if ( $version_line !== $new_version ) {
+                        continue;
+                    }
+                    $notices = (array) preg_split( '~[\r\n]+~', $block_text );
                     $upgrade_notice .= '<div class="ur_plugin_upgrade_notice">';
 …
                     foreach ( $notices as $line ) {
+                        $line = trim( $line ); // Remove extra whitespace
+                        $line = trim( $line );
                         if ( empty( $line ) ) {
                             continue; // Skip empty lines
+                            continue;
+                        }
+                        $line = preg_replace( '~\[([^\]]*)\]\(([^\)]*)\)~', '<a href="$2">$1</a>', $line );
+                        $line = preg_replace( '~^###\s*(.*)~', '<p class="upgrade-title" style="font-size: 14px;font-weight: 600" >$1</p>', $line );
+                        if ( ! preg_match( '~^<h3>|<p>|<a |<ul>|<ol>|<li>~', $line ) ) {
+                            $line = '<p style="font-size: 12px;>' . $line . '</p>';
+                        $line = preg_replace(
+                            '~\[\s*([^\]]+)\s*\]\s*\(\s*([^\)]+)\s*\)~',
+                            '<a href="$2" target="_blank" rel="noopener noreferrer">$1</a>',
+                            $line
+                        );
+                        // Convert headings
+                        if ( preg_match( '~^###\s*(.*)~', $line, $heading ) ) {
+                            $line = '<p class="upgrade-title" style="font-size:13px;font-weight:600;">' . $heading[1] . '</p>';
+                        } elseif ( preg_match( '~^##\s*(.*)~', $line, $heading ) ) {
+                            $line = '<p class="upgrade-heading" style="font-size:14px;font-weight:600;">' . $heading[1] . '</p>';
+                        } else {
+                            $line = '<p style="font-size:12px;">' . $line . '</p>';
+                        }
                         $upgrade_notice .= wp_kses_post( trim( $line ) );
+                        $upgrade_notice .= wp_kses_post( $line );
+                    }
+                    $upgrade_notice .= '</div> ';
+                    $upgrade_notice .= '</div> ';
+                    $upgrade_notice .= '</div>';
+                    $upgrade_notice .= '</div>';
+                    break;
+                }
+            }
             return wp_kses_post( $upgrade_notice );
+        }

Note: See TracChangeset for help on using the changeset viewer.

Trac UI Preferences

Download in other formats: