Merge pull request #2823 from gocodebox/dev

Release 7.8.5

CHANGELOG.md

@@ -1,6 +1,18 @@
 LifterLMS Changelog
 ===================
 
+v7.8.5 - 2024-12-03
+-------------------
+
+##### Updates and Enhancements
+
++ Now allows copying of text in input and textarea elements, even if copy protection is enabled.
+
+##### Security Fixes
+
++ Fix to avoid saving password confirmation in user meta if Password block has been edited. [#2821](https://github.com/gocodebox/lifterlms/issues/2821)
+
+
 v7.8.4 - 2024-11-18
 -------------------
 

class-lifterlms.php

@@ -34,7 +34,7 @@ final class LifterLMS {
 	 *
 	 * @var string
 	 */
-	public $version = '7.8.4';
+	public $version = '7.8.5';
 
 	/**
 	 * LLMS_Assets instance
@@ -332,6 +332,7 @@ private function define_constants() {
 				'meter'      => $allowed_atts,
 			)
 		);
+		llms_maybe_define_constant( 'LLMS_CONFIRMATION_FIELDS', array( 'email_address_confirm', 'password_confirm' ) );
 	}
 
 	/**

includes/admin/class-llms-admin-profile.php

@@ -50,7 +50,6 @@ public function __construct() {
 
 		// Allow errors to be output.
 		add_action( 'user_profile_update_errors', array( $this, 'add_errors' ) );
-
 	}
 
 	/**
@@ -87,7 +86,6 @@ public function add_user_meta_fields( $user ) {
 		include_once LLMS_PLUGIN_DIR . 'includes/admin/views/user-edit-fields.php';
 
 		return true;
-
 	}
 
 	/**
@@ -108,6 +106,10 @@ public function save_user_meta_fields( $user_id ) {
 		$posted_data = array();
 
 		foreach ( $this->fields as $field ) {
+			if ( in_array( $field['name'], LLMS_CONFIRMATION_FIELDS, true ) ) {
+				continue;
+			}
+
 			//phpcs:disable WordPress.Security.NonceVerification.Missing  -- nonce is verified prior to reaching this method.
 			if ( isset( $_POST[ $field['name'] ] ) &&
 					isset( $field['data_store_key'] ) &&
@@ -129,7 +131,6 @@ public function save_user_meta_fields( $user_id ) {
 		if ( is_wp_error( $submit ) ) {
 			$this->errors = $submit;
 		}
-
 	}
 
 	/**
@@ -145,7 +146,6 @@ public function add_errors( &$errors ) {
 		if ( is_wp_error( $this->errors ) && $this->errors->has_errors() ) {
 			$this->merge_llms_fields_errors( $errors );
 		}
-
 	}
 
 	/**
@@ -192,7 +192,6 @@ private function merge_llms_fields_errors( &$errors ) {
 				$errors->add_data( $data, $code );
 			}
 		}
-
 	}
 
 	/**
@@ -209,7 +208,6 @@ private function get_fields() {
 		}
 
 		return $this->fields;
-
 	}
 
 	/**
@@ -236,13 +234,16 @@ private function prepare_fields() {
 		 */
 		$excluded = apply_filters(
 			'llms_admin_profile_excluded_fields',
-			array(
-				'user_login',
-				'email_address',
-				'password',
-				'first_name',
-				'last_name',
-				'display_name',
+			array_merge(
+				array(
+					'user_login',
+					'email_address',
+					'password',
+					'first_name',
+					'last_name',
+					'display_name',
+				),
+				LLMS_CONFIRMATION_FIELDS
 			)
 		);
 
@@ -271,9 +272,7 @@ private function prepare_fields() {
 		 * @param array[] $fields Array of fields.
 		 */
 		return apply_filters( 'llms_admin_profile_fields', $prepared );
-
 	}
-
 }
 
 return new LLMS_Admin_Profile();

includes/class-llms-elementor-migrate.php

@@ -164,6 +164,10 @@ public function migrate_post() {
 			return;
 		}
 
+		if ( ! current_user_can( 'edit_posts' ) ) {
+			return;
+		}
+
 		$post_id = llms_filter_input( INPUT_GET, 'post', FILTER_SANITIZE_NUMBER_INT );
 		$post    = $post_id ? get_post( $post_id ) : false;
 

includes/class.llms.frontend.assets.php

@@ -101,11 +101,18 @@ function dispatchEvent( type ) {
 				document.dispatchEvent( new Event( type ) );
 			}
 			document.addEventListener( 'copy', function( event ) {
+				// Allow copying if the target is an input or textarea element
+				if (event.target.tagName === 'INPUT' || event.target.tagName === 'TEXTAREA') {
+					return; // Let the default copy behavior proceed
+				}
+
+				// Prevent copying outside input/textarea elements
 				event.preventDefault();
 				event.clipboardData.setData( 'text/plain', '<?php echo esc_html__( 'Copying is not allowed.', 'lifterlms' ); ?>' );
 				dispatchEvent( 'llms-copy-prevented' );
 			}, false );
 			document.addEventListener( 'contextmenu', function( event ) {
+				// Prevent right-click context menu on images
 				if ( event.target && 'IMG' === event.target.nodeName ) {
 					event.preventDefault();
 					dispatchEvent( 'llms-context-prevented' );

includes/forms/class-llms-form-field.php

@@ -866,7 +866,7 @@ protected function prepare_storage() {
 			$name                         = $users_fields[ $name ];
 
 			// Don't save default core confirmation fields.
-		} elseif ( in_array( $name, array( 'email_address_confirm', 'password_confirm' ), true ) ) {
+		} elseif ( in_array( $name, LLMS_CONFIRMATION_FIELDS, true ) ) {
 			$this->settings['data_store'] = false;
 		}
 

includes/forms/class-llms-form-handler.php

@@ -41,7 +41,6 @@ private function __construct() {
 		add_action( 'lifterlms_before_user_update', array( $this, 'maybe_modify_edit_account_field_settings' ), 10, 3 );
 		add_action( 'lifterlms_before_user_update', array( $this, 'maybe_modify_required_address_fields' ), 10, 3 );
 		add_action( 'lifterlms_before_user_registration', array( $this, 'maybe_modify_required_address_fields' ), 10, 3 );
-
 	}
 
 	/**
@@ -71,7 +70,6 @@ protected function get_fields( $action, $location, $args = array() ) {
 		}
 
 		return $fields;
-
 	}
 
 	/**
@@ -95,11 +93,15 @@ protected function insert( $action, $posted_data, $fields ) {
 		}
 
 		foreach ( $prepared['usermeta'] as $key => $val ) {
+			// Double check that fields like password_confirm aren't saved to user meta.
+			if ( in_array( $key, LLMS_CONFIRMATION_FIELDS, true ) ) {
+				continue;
+			}
+
 			update_user_meta( $user_id, $key, $val );
 		}
 
 		return $user_id;
-
 	}
 
 	/**
@@ -156,7 +158,6 @@ public function maybe_modify_edit_account_field_settings( &$posted_data, $locati
 				}
 			}
 		}
-
 	}
 
 	/**
@@ -199,7 +200,6 @@ public function maybe_modify_required_address_fields( &$posted_data, $location,
 				$fields[ $index ]['required'] = false;
 			}
 		}
-
 	}
 
 	/**
@@ -296,7 +296,6 @@ protected function prepare_data_for_insert( $posted_data, $fields, $action ) {
 		$prepared['usermeta'] = apply_filters( "lifterlms_user_{$action}_insert_user_meta", $prepared['usermeta'], $posted_data, $action );
 
 		return $prepared;
-
 	}
 
 	/**
@@ -340,7 +339,6 @@ public function submit( $posted_data, $location, $args = array() ) {
 		}
 
 		return $this->submit_fields( $posted_data, $location, $fields, $action );
-
 	}
 
 	/**
@@ -421,7 +419,6 @@ public function submit_fields( $posted_data, $location, $fields, $action ) {
 		}
 
 		return $user_id;
-
 	}
 
 	/**
@@ -449,7 +446,6 @@ protected function submit_error( $error, $posted_data, $action ) {
 		 * @param string   $action      Submission action, either "registration" or "update"!
 		 */
 		return apply_filters( "lifterlms_user_{$action}_failure", $error, $posted_data, $action );
-
 	}
 
 	/**
@@ -548,7 +544,5 @@ protected function validate_fields( $posted_data, $location, $fields, $action )
 		do_action( "lifterlms_user_{$action}_after_validation", $posted_data, $location, $fields );
 
 		return true;
-
 	}
-
 }

includes/functions/llms-functions-user-information-fields.php

@@ -24,7 +24,6 @@ function llms_get_user_information_field( $name ) {
 
 	$field_index = array_search( $name, array_column( $fields, 'name' ), true );
 	return false === $field_index ? false : $fields[ $field_index ];
-
 }
 
 /**
@@ -50,7 +49,6 @@ function llms_get_user_information_fields() {
 	 * @param array[] $fields List of field definitions.
 	 */
 	return apply_filters( 'llms_user_information_fields', $fields );
-
 }
 
 /**
@@ -90,7 +88,7 @@ function llms_get_user_information_fields_for_editor() {
 
 	// Return a reduced list.
 	return array_map(
-		function( $field ) use ( $keys ) {
+		function ( $field ) use ( $keys ) {
 			return array_intersect_key( $field, $keys );
 		},
 		$fields