Both these plugins let specific role users to do some actions like “Reject Membership”, “Approve Member”, “Edit Profile”, and “Delete event”, “Edit event”, “Manage bookings”, etc…

MY PROBLEM :

When I am logged in as a role who can do those actions, and I click on “Edit Profile” for a member, the right action is always triggered, but sometimes a secondary action is also triggered (without clicking the corresponding a element). For example, the member’s status is set to “Membership Rejected” even when I did not click on it, but I clicked on “Edit Profile”

The same issue happens for the management page of Events Manager. The event can get deleted when I actually just click on “Manage Bookings”.

WHEN THIS PROBLEM HAPPENS ?

• This problem happens only when I am in normal browser mode. It does not happen in Incognito mode.
• It happens for “a” elements that are in the same HTML hierarchy (same parent).
• It happens randomly (sometimes it does not happen, sometimes “Reject Member” is triggered, sometimes “Put as pending review” is triggered, or any other action that is possible to do.

I’ve tried to DUMP and DIE in the functions that trigger the actions (reject, pending, edit profile, etc…)

Here is the code in the Ultimate Members plugin that is responsible for those functions :

$action = sanitize_key( $_REQUEST['um_action'] );
$uid = 0;
	if ( isset( $_REQUEST['uid'] ) ) {
		$uid = absint( $_REQUEST['uid'] );
	}

	if ( ! empty( $uid ) && ! UM()->user()->user_exists_by_id( $uid ) ) {
		return;
	}

switch ( $action ) {
		default:
			do_action( 'um_action_user_request_hook', $action, $uid );
			break;

		case 'edit':
			UM()->fields()->editing = true;
			if ( ! um_is_myprofile() ) {
				if ( ! UM()->roles()->um_current_user_can( 'edit', um_profile_id() ) ) {
					exit( wp_redirect( UM()->permalinks()->get_current_url( true ) ) );
				}
			} else {
				if ( ! um_can_edit_my_profile() ) {
					$url = um_edit_my_profile_cancel_uri();
					exit( wp_redirect( $url ) );
				}
			}
			break;

		case 'um_switch_user':
			if ( ! current_user_can( 'manage_options' ) ) {
				return;
			}
			UM()->user()->auto_login( $uid );
			exit( wp_redirect( UM()->permalinks()->get_current_url( true ) ) );
			break;

		case 'um_reject_membership':
			if ( ! $can_edit_users ) {
				wp_die( esc_html__( 'You do not have permission to make this action.', 'ultimate-member' ) );
			}

			um_fetch_user( $uid );
			
			UM()->user()->reject();
			exit( wp_redirect( UM()->permalinks()->get_current_url( true ) ) );
			break;

I’ve modified it like this to check if the action is triggered at anytime when I click on other link elements :

case 'um_reject_membership':

if ( ! $can_edit_users ) {
wp_die( esc_html__( 'You do not have permission to make this action.', 'ultimate-member' ) );
}

um_fetch_user( $uid );
var_dump(‘trying to reject user $uid‘);
exit;
UM()->user()->reject();
exit( wp_redirect( UM()->permalinks()->get_current_url( true ) ) );

break;

But with this addition, the function that sets the user status to “Rejected” is not triggered. There is not even a dump or white screen from the exit; function. I guess it is because the main action that is called is the one going till the end, and redirecting.

Does anyone has a clue how I could debug this situation ? I need to make it more stable even when not being in Incognito mode browser.

I’ve got a customer registration form with a captcha box that always shows up on my android and PC’s Firefox and chrome browser.

but when I use incognito mode on those browsers or if I use my ios safari browser the hcaptcha box disappears which renders my customer registration form useless. When you hit submit nothing happens, no user is created, no error, no redirect, yada yada. Sometimes it refreshes the page, but that’s it.

ive tried SEVERAL trials with clearing my cache, and have a small pile of devices with several browsers. I can’t think of any changes I’ve made recently that would have cause this, but I don’t remember this being an issue before. Also, I’ve made copies of the form and nothing. I have not yet tested a brand new form, but I’m leaning away from making new forms every time something new pops up with this plugin.

I appreciate ya!

Typed out on mobile, please excuse my mess.

A client of mine just reported that, when the plugin’s anti-spam firewall is active, it makes site visits completely impossible if someone gets redirected from a referrer link pasted in an Instagram bio.

Also, this feature of the plugin basically doesn’t seem working as expected.

When someone tries to access a site, where the anti-spam firewall solution is active, from an incognito window, many times the anti-spam alert screen doesn’t let the site visitor in – at all. There’s just a countdown from 3 to 0 that keeps restarting and restarting.

Average privacy-friendly visitors actively using incognito windows 7/24 will leave such site in about 2 seconds, good bye conversion.

Has this issue been reported by other CleanTalk clients?

Thanks for investigating this further, and/or for your info regarding the issue.

The callender is not loading events unless the page is opened in incognito.
The plugin version is 3.11.0

How could we fix this issue?

Logged out on other devices or in incognito on the same device that I’m signed in as admin, pages either don’t show up or default to what looks like a cached version

BONUS BUG: You can’t actually type in anything in the Exclude IDs box