While it is outside the scope of plugin support to get deep into the use of MySQL to handle the querying of user data, there are some basic concepts that can be presented to help you build the applications that you need to handle users. And the fact that WP-Members relies on the existing WordPress database schema means that you can find many related articles and tutorials on the web.
Continue Reading →Search Results for: short code
WP-Members 3.4.9.2
This article is provided free. Find out how you can get full access to premium content, including how-to articles and support forums, as well as priority email support and member exclusive plugin extensions..
WP-Members 3.4.9.2 contains two patches that are included from the upcoming 3.5.0 release and two security patchs.
Security
- Review shortcode object class for sanitizing all shortcode attributes and escaping all output: Due to a reported vulnerability in one of the plugin’s shortcodes, a complete security audit was performed on the entire shortcodes class in the plugin. The result of this review included making sure that every shortcode attribute is sanitized and that every shortcode output is escaped.
- Review admin user profile class for sanitizing input and escaping output: Due to a reported vulnerability in one of the default data fields WP-Members collects during registration, a complete security audit was performed on where this data is collected and the admin user profile screen output. The result of this review included making sure that this data was sanitized on input and escaped on output.
It is recommended that all users update to version 3.4.9.2.
Patches
There were two 3.5.0 bug fix patches included in this update:
- If memberships are enabled but no memberships are defined, that could cause an error when performing a user export. While it is simple enough to disable memberships if there are no defined memberships, the plugin was improved to check for this possibility before assembling export data, solving the problem even if the plugin is misconfigured.
- If the plugin is set up for HTML email, the fields list in the admin notification is a single line because text line breaks are not the same as HTML line breaks. A patch is included to resolve this depending on the email format selected in the plugin’s options.
wpmem_field_sc_meta_keys
Description
Filters the meta keys that may be displayed by the [wpmem_field] shortcode.
Parameters
$allowed_fields
(array) (required) The user meta keys that are allowed to be displayed by the shortcode.
Notes
The default array includes the following default WP fields: ‘ID’, ‘user_registered’, ‘user_url’, ‘description’, ‘display_name’.
It will also include all of the fields by meta key in the WP-Members fields array (see the Fields tab) except for password and the email/password confirmation fields (which are not saved fields anyway).
Use this filter hook to remove or add any meta keys as needed. Only fields that are in the $allowed_fields array will be able to be displayed by the shortcode.
Changelog
Introduced in version 3.4.9
Source
wpmem_field_sc_meta_keys is located in includes/class-wp-members-shortcodes.php
WP-Members 3.4.9
This article is provided free. Find out how you can get full access to premium content, including how-to articles and support forums, as well as priority email support and member exclusive plugin extensions..
The WP-Members 3.4.9 release is mostly a security update, with a couple of additional features and API functions.
Continue Reading →wpmem_field_sc_meta_keys
Description
Filters the meta keys the [wpmem_field] shortcode can display.
Parameters
$allowed_fields
(array)(required) An array of the allowed meta keys the shortcode can display.
Changelog
- Introduced in 3.4.9
Source
wpmem_field_sc_meta_keys is located in includes/class-wp-members-shortcodes.php