Ultimate Member + Extensions Bundle 2.10.0 NULLED

= 2.10.0 February 18, 2025 =

* Enhancements:

- Added: User Profile `form-id` attribute and updated code for Profile/Cover photos actions dropdowns.
- Added: Honeypot scripts/styles via `wp_add_inline_script()`, `wp_add_inline_style()` changed from direct adding in header and footer.
- Updated: We've made improvements to requests for extension updates to boost stability.
- Updated: PHP requirement - the minimum PHP version is now upgraded to 7.0.
- Updated: Using $wpdb and WPCS for queries. Set minimum required version to 6.2 due to using %i for `$wpdb->prepare()`.
- Updated: Revised wp-admin user actions handling. Now, the required capability is `edit_users` instead of `manage_options`.
- Removed: User Profile hidden inputs on view mode.
- Tweak: WPCS enhancements.

* Bugfixes:

- Fixed: Security issue CVE ID: CVE-2024-12276.
- Fixed: Custom usermeta table metakeys for filtering in member directory (from `_money_spent` to `wc_money_spent_` and added `wc_order_count_`).
- Fixed: Layout for "Download your data" and "Erase of your data" fields.
- Fixed: Image sizes used for Open Graph meta in User Profile headers are now corrected.
- Fixed: "Delete account text" settings visibility issue in wp-admin.
- Fixed: The "Privacy Policy" field in the registration form. Disallowed HTML from the "Privacy Policy" content (like `<form>`) is filtered out by the `wp_kses()` function.
- Fixed: Password fields are now sanitized the WordPress native way, with `wp_unslash()` omitted post-submission.

* Templates required update:

- gdpr-register.php
- profile.php

* Cached and optimized/minified assets(JS/CSS) must be flushed/re-generated after upgrade *

2.9.2 2025-01-14​

Enhancements

• Added: Compatibility with the new Ultimate Member – Zapier extension
• Added: Only approved user Reset Password setting defined as true by default
• Added: UM()->is_new_ui() function for future enhancements related to new UI
• Added: Filter hook um_before_user_submitted_registration_data
• Tweak: Changed hook’s priority for initialization of email templates paths
• Tweak: Removed load_plugin_textdomain due to (article)[https://make.wordpress.org/core/202...-support-for-only-using-PHP-translation-files]

Bugfixes

• Fixed: Security issue CVE ID: CVE-2025-0308
• Fixed: Security issue CVE ID: CVE-2025-0318
• Fixed: Using placeholders in email templates when Action Scheduler is active. Using fetch_user_id attribute for fetching necessary user before sending email
• Fixed: PHP 8.4 compatibility. Using WordPress native wp_is_mobile() instead of MobileDetect library
• Fixed: PHP errors related to UM()->localize() function
• Fixed: PHP errors in user meta header when last_update meta is empty
• Fixed: Small CSS changes and avoid duplicates
• Fixed: Removed ms-native show password button for type=”password” field in UM forms
• Fixed: Define scalable attribute for cropper

Deprecated

• Fully deprecated UM()->mobile() function
• Fully deprecated UM()->localize() function
• Fully deprecated um_language_textdomain filter hook

Templates required update

• account.php

Cached and optimized/minified assets(JS/CSS) must be flushed/re-generated after upgrade

2.9.0 2024-11-12​

Enhancements

• Added: Action Scheduler (version 3.8.1) for email sending. More info is here.
• Added: Supporting new wp_register_block_metadata_collection() function for registering WP Blocks

Bugfixes

• Fixed: ajax_image_upload() and ajax_resize_image() handlers vulnerability. CVE ID: CVE-2024-10528
• Fixed: Disabling user status column wp-admin > Users screen
• Fixed: User status filter on wp-admin > Users on mobile devices
• Fixed: Extra unwrapping of the WP Editor field’s value

Cached and optimized/minified assets(JS/CSS) must be flushed/re-generated after upgrade

2.8.9 2024-10-14​

Enhancements

• Added: Using PHP tidy extension (if it’s active) to make HTML textarea value clear
• Added: um_tidy_config filter hook for setting PHP tidy config
• Tweak: Avoid using force set_status() function.
• Tweak: Properly using UM()->common()->users()->get_status( $user_id ) instead of um_user( 'account_status' )
• Tweak: Properly using UM()->common()->users()->get_status( $user_id, 'formatted' ) instead of um_user( 'account_status_name' )
• Tweak: Properly using um_user( 'status' ) for getting user role setting while registration

Bugfixes

• Fixed: UM tipsy removing inside .um-page selector (e.g. tipsy init from um-modal)
• Fixed: Rollback using <iframe> for displaying HTML formatted textarea value
• Fixed: Capability to edit user profile for Administrator when user doesn’t have a capability to edit its profile
• Fixed: Sending email notifications based on user status after registration
• Fixed: PHP error when meta um_member_directory_data has a wrong format

Cached and optimized/minified assets(JS/CSS) must be flushed/re-generated after upgrade

2.8.7 2024-10-01​

Enhancements

• Added: Single user actions on WP Users list table
• Updated: User status filter on WP Users list table
• Updated: User bulk actions on WP Users list table
• Updated: User actions on User Profile and Member Directory card
• Added: Applying shortcodes in the post restriction message
• Added: ProfilePage Structured Data
• Added: Ability to use HTML tags (allowed in wp_kses_post) in the global block restriction message
• Changed: Some wp-admin fields descriptions
• Updated: Data format in um_admin_bulk_user_actions_hook filter hook. Changed format from $action_slug => array( 'label' => $action_title ) to $action_slug => $action_title
• Added: $old_status param to um_after_user_status_is_changed action hook
• Added: $user_id param to um_before_user_hash_is_changed action hook
• Added: $user_id, $hash, $expiration params to um_after_user_hash_is_changed action hook
• Added: um_restricted_post_content filter hook
• Added: um_loggedin_inner_content filter hook
• Added: um_profile_dynamic_meta_profile_schema filter hook
• Removed: UM()->fields()->get_restricted_fields_for_edit() function from a fields loop

2.8.6 2024-05-22​

Enhancements

• Added: Member Directory > Admin Filtering supports datepicker and timepicker filter-types with only “From” or “To” filled value
• Added: Ability to customize modal templates upload-single.php and view-photo.php
• Added: New FontAwesome library. Version 6.5.2

= 2.8.3: February 19, 2024 =

* Enhancements:

- Added: Link to the Ultimate Member docs
- Tweak: Ultimate Member > Settings redesign. More details about setting up. Tooltips changed to descriptions.

* Bugfixes:

- Fixed: Member directory queries to custom usermeta table properly escaped and validated
- Fixed: Member directory custom sorting when wp_usermeta table is used
- Fixed: aria-invalid attribute for the user description field
- Fixed: wp_kses protocols for email notifications content
- Fixed: PHP notice while registration form validation
- Fixed: Field validations (English letters, Alpha-numeric types)
- Fixed: Hidden buttons in the modal when uploading profile and cover photo
- Fixed: Theme updater log message
- Fixed: Search line shortcode layout
- Fixed: PHP notice while login form submission
- Fixed: Email notifications HTML layout
- Fixed: Default email notification body color
- Fixed: Ignore username slug when custom meta slug exists when parse user from query

* Templates required update:

- email/notification_deletion.php
- email/notification_new_user.php
- email/notification_review.php
- email/welcome_email.php
- password-change.php

* Cached and optimized/minified assets(JS/CSS) must be flushed/re-generated after upgrade

2.8.2: JANUARY 15, 2024​

• Enhancements:
  • Added: The data protocol for embedding base64 encoded logos in emails
  • Added: Hook um_access_restricted_post_instance for filtering the restricted post instance
  • Added: Shortcode [um_author_profile_link] for getting user Profile URL
  • Updated: Using underscore.js native debounce method for resize handler
  • Updated: Texts spelling
• Bugfixes:
  • Fixed: AJAX requests conflict with um_current_locale attribute
  • Fixed: Pickadate styling (Date & Time fields) in wp-admin screen
  • Fixed: RTL styling and removed um class from UM frontend predefined pages
  • Fixed: select2 conflict with Impreza theme
  • Fixed: cropper conflict with Avada theme and active Fusion Image lazyload
  • Fixed: MegaMenu conflict with nav menu items conditional settings (e.g. Newsletter theme)
  • Fixed: PHP Fatal error when there isn’t a proper WP_Post object in UM User Profile > Posts loop
  • Fixed: Account styles
  • Fixed: Saving um_form_version postmeta
• Templates required update:
  • profile/posts-single.php
• Cached and optimized/minified assets(JS/CSS) must be flushed/re-generated after upgrade

2.7.0: OCTOBER 11, 2023​

• Enhancements:
  • Added: Site Health sections
  • Added: oEmbed field type
  • Added: YouTube field type supports YouTube Shorts links
  • Added: Profile permalink base options: Unique hash, Custom usermeta
  • Added: UM Form meta um_form_version for legacy support in the future
  • Added: Setting “Deleting user comments after deleting a user” for WordPress native logic workaround
  • Added: aria-invalid and aria-errormessage attributes to the fields on UM Forms
  • Updated: Structure for enqueue assets PHP classes
  • Updated: Hooks Documentation v2
• Bugfixes:
  • Fixed: Member directory search query escaping process
  • Fixed: Added ‘ID’ metakey to the blacklist. It’s not possible to create field with ‘ID’ metakey to avoid the conflict
  • Fixed: Add/Edit Field metabox and “Field Icon”, “Conditional logic” fields
  • Fixed: Init jquery-slider-ui script/style on the block editor page
  • Fixed: Displaying “Notifications Account Tab” setting
  • Fixed: Displaying Post Date on the User Profile > Posts tab based on this article
  • Fixed: Small PHP warning, notices and typos
• Deprecated:
  • UM()->enqueue() use UM()->frontend()->enqueue() method
  • UM()->admin_enqueue() use UM()->admin()->enqueue() method
  • UM()->admin_enqueue()->suffix property use UM()->frontend()->enqueue()::get_suffix()
  • UM()->admin()->enqueue()->suffix property use UM()->frontend()->enqueue()::get_suffix()
  • Changed directories for the fonts (fonticons + raty), and JS/CSS files related to libs jquery-ui, raty, select2, tipsy, fonticons (FontAwesome + Ionicons)
• Templates required update:
  • account.php
  • login.php
  • password-change.php
  • password-reset.php
  • register.php
  • profile/posts-single.php
• Cached and optimized/minified assets(JS/CSS) must be flushed/re-generated after upgrade