Version: 2.8.3 NULLED
* Enhancements:
- Added: Hook arguments ($form_id, $not_searched) to 'um_members_directory_head'
- Added: Using user locale `get_user_locale()` for localization with the 1st priority
- Added: Hooks to change the profile SEO image: 'um_profile_dynamic_meta_image_size', 'um_profile_dynamic_meta_image_type'
- Added: Filter for making 3rd-party roles editable through Ultimate Member interfaces. Use 'um_extend_editable_roles' and pass there an array of role keys( e.g. 'editor', 'administrator', etc. )
* Bugfixes:
- Fixed: Major issues with the Member Directory search line
- Fixed: Social links (Twitch, TikTok, Reddit) colors in profile header
- Fixed: Exclude registered date field from editable fields
- Fixed: Create the custom table for usermeta if does not exists
- Fixed: Locale loading time and hook for that
- Fixed: Used `wp_unslash()` for input POST data on Change Password
- Fixed: Role setting "Avoid indexing profile by search engines"
- Fixed: Date Picker field value format for 3rd-party integration meta fields
- Fixed: Last login timestamp being lost in the users cache
- Fixed: Textdomain typos
- Fixed: Small PHP warnings and notices
* Deprecated:
- Deprecated: VKontakte and Google+ predefined fields. VKontakte and Google+ fields validation changed to just URL validation.
* Templates required update:
- members.php
* Enhancements:
- Added: TikTok, Twitch and Reddit fields
- Added: Handler of restriction settings for blog page
- Added: Support of the `<iframes>` inside textarea with enabled the "HTML using" option
- Added: 'um_get_field_date' hook for filtering date fields
- Added: `UM()->get_allowed_html()` function for using it inside wp_kses allowed HTML tags
* Bugfixes:
- Fixed: Redirect to some links when content is restricted. Using `esc_url_raw()` instead of `esc_url()` for redirect to URLs inside class-access.php
- Fixed: Handle restriction settings for attachments, later hook is used for checking capabilities through `current_user_can()`
- Fixed: Honeypot triggering in password reset, when not set
- Fixed: Small PHP notices and warnings
Fixed: Plugin upgrade DB initialization and PHP Fatal Error.
* Enhancements:
- Added: Input type "tel" using for the "Mobile Number" and "Phone Number" fields
* Bugfixes:
- Fixed: Performance issue on wp-admin Users screen. Queries were replaced to the cache transient values
- Fixed: Privacy policy displaying when there are 2 registration forms on the same page
- Fixed: Password Reset process via Ultimate Member - Password Reset form. Reset password links' arguments changed to the same view as WordPress native has. Password Reset available for the same cases as native WordPress Password Reset has
- Fixed: Sanitizing for the Info Text field-type in wp-admin forms. Needed for the proper 3rd-party integrations
- Fixed: Displaying the filters' titles on the Member Directory pages
* Bugfixes:
- Fixed: Member Directory vulnerabilities
- Fixed: 3rd-party integration with profile tabs and ability to show edit profile form on the 3rd-party profile tab
- Fixed: PHP fatal error on unset
- Fixed: select2 style conflicts with 3rd-party plugins
* Enhancements:
- Added: Number-type Ultimate Member custom fields to the list of the sorting fields on the member directory
* Bugfixes:
- Fixed: XSS issue related to the JS confirmation and links with JS code inside
- Fixed: PHP error when `um_options` option in wp_options table doesn't exist or has wrong format
- Fixed: select2 styles for RTL languages
- Fixed: Using slashes in the `Choices callback` setting for the dropdown/multi-select fields. It's for the using PHP namespaces
- Fixed: Deleting `um_member_directory_data` user meta when user is deleted
- Fixed: Using special chars inside the password and avoid using "\" symbol (WordPress native logic)
- Fixed: Conflict when `wp_get_current_user()` not exists
- Fixed: Changed hook for member directory variables initialization for getting ability to use Ultimate Member hooks for customizing these variables via theme
- Fixed: Remove a redundant WP_Users_Query when getting empty `account_status` users
* Enhancements:
- Added: "Allow external link redirect confirm" setting for the displaying JS.confirm alert before redirect to external link from User Profile links
- Added: "Allowed Choice Callbacks" setting for the security enhancements
* Bugfixes:
- Fixed: PHP warning when nav menu is empty
- Fixed: Security issue related to the User Description field
- Fixed: Security issue related to the [um_loggedin] shortcode
- Fixed: Using $current_screen without checking for existence
- Fixed: `remove_unused_uploads()` function for some PHP installations
* Enhancements:
- Added: wp-admin notice with reminder about locking WordPress native registration for guests
- Added: Users dropdown field for Ultimate Member settings fields in wp-admin. It supports AJAX lazy loading
- Added: JS confirm when redirection from User Profile links to the 3rd-party URL
* Bugfixes:
- Fixed: PHP warning when there aren't proper user while login
- Fixed: Removing UM custom capabilities from global $wp_roles when uninstall
- Fixed: Removing UM custom roles from user roles after uninstall
- Fixed: Issue with echo XSS on User Profile
- Fixed: Sanitizing for the checkbox, radio, multiselect fields for PHP8 installations
* Enhancements:
* Bugfixes:
* Enhancements:
- Added: WhatsApp, Telegram, Discord, Viber messengers predefined fields.
- Added: Callback for deleting the custom field data from member direcroty settings when this custom field has been deleted in Form Builder.
- Added: 'um_account_active_tab_inited' JS hook.
- Updated: Require a strong password option (`Ultimate Member > Settings > General > Users > Require a strong password?`) to make it common for all Ultimate Member forms. Renamed option key from `reset_require_strongpass` to `require_strongpass`.
- Updated: Form errors texts on the login/password reset forms. Made them secure.
- Deprecated: `Ultimate Member > Settings > General > Account > Require a strong password?` option and merged with `Ultimate Member > Settings > General > Users > Require a strong password?` option.
* Bugfixes:
- Fixed: Hiding comments feed for pages with active comments
- Fixed: Changing the post title to the restricted value while displaying in the loop that uses direct `post_title` variable
- Fixed: PHP errors related to not passed function attributes from 3rd-party plugins or themes when using WP native hooks
- Fixed: Handling the login form errors via \WP_Error
* Bugfixes:
- Fixed: `is_restricted()` functions in class-access.php. Avoid using object as array offset