From 3b7fd163011406e8af42ff0ee3718b0874e41d89 Mon Sep 17 00:00:00 2001 From: M_Viper Date: Sun, 29 Mar 2026 13:41:26 +0200 Subject: [PATCH] Update from Git Manager GUI --- includes/class-forum-ajax.php | 60 ++++- includes/class-forum-auth.php | 22 +- includes/class-forum-db.php | 53 ++++- includes/class-forum-export.php | 4 +- includes/class-forum-levels.php | 4 +- includes/class-forum-roles.php | 2 +- includes/class-forum-shortcodes.php | 330 ++++++++++++++++++++-------- 7 files changed, 369 insertions(+), 106 deletions(-) diff --git a/includes/class-forum-ajax.php b/includes/class-forum-ajax.php index 5eb1eca..fda76e1 100644 --- a/includes/class-forum-ajax.php +++ b/includes/class-forum-ajax.php @@ -43,23 +43,46 @@ class WBF_Ajax { // ── Auth ────────────────────────────────────────────────────────────────── public static function handle_login() { + // Brute-Force-Schutz: max. 10 Versuche pro IP in 15 Minuten + $ip_key = 'wbf_login_fail_' . md5( $_SERVER['REMOTE_ADDR'] ?? 'unknown' ); + $fails = (int) get_transient( $ip_key ); + if ( $fails >= 10 ) { + wp_send_json_error([ + 'message' => 'Zu viele fehlgeschlagene Loginversuche. Bitte warte 15 Minuten.', + 'locked' => true, + ]); + } + // Login braucht keinen Nonce — Credentials sind die Authentifizierung $result = WBF_Auth::login( sanitize_text_field($_POST['username'] ?? ''), $_POST['password'] ?? '' ); if ($result['success']) { + // Erfolgreicher Login: Fehlzähler löschen + delete_transient( $ip_key ); $u = $result['user']; if ( ! empty($_POST['remember_me']) ) { WBF_Auth::set_remember_cookie($u->id); } wp_send_json_success(['display_name'=>$u->display_name,'avatar_url'=>$u->avatar_url,'user_id'=>$u->id]); } else { + // Fehlversuch zählen — außer bei gesperrten Konten (kein Passwortfehler) + if ( empty($result['banned']) ) { + set_transient( $ip_key, $fails + 1, 15 * MINUTE_IN_SECONDS ); + } wp_send_json_error($result); } } public static function handle_register() { + // Brute-Force/Spam-Schutz: max. 5 Registrierungen pro IP pro Stunde + $reg_ip_key = 'wbf_reg_ip_' . md5( $_SERVER['REMOTE_ADDR'] ?? 'unknown' ); + $reg_fails = (int) get_transient( $reg_ip_key ); + if ( $reg_fails >= 5 ) { + wp_send_json_error(['message' => 'Zu viele Registrierungsversuche von dieser IP. Bitte warte eine Stunde.']); + } + // Spam-Schutz: Honeypot + Zeitlimit if ( ! empty($_POST['wbf_website']) ) { wp_send_json_error(['message' => 'Spam erkannt.']); @@ -98,6 +121,8 @@ class WBF_Ajax { sanitize_text_field($_POST['display_name'] ?? '') ); if ($result['success']) { + // Registrierungs-Zähler für IP erhöhen + set_transient( $reg_ip_key, $reg_fails + 1, HOUR_IN_SECONDS ); $u = $result['user']; // Einladungscode einlösen $reg_mode2 = wbf_get_settings()['registration_mode'] ?? 'open'; @@ -226,9 +251,11 @@ class WBF_Ajax { } // Thread-Abonnenten benachrichtigen $subscribers = WBF_DB::get_thread_subscribers($thread_id); + // $notif_users is a flat array of IDs (from get_col) — cast to int for comparison + $notif_ids = array_map('intval', $notif_users); foreach ($subscribers as $sub) { if ((int)$sub->id === (int)$user->id) continue; // nicht sich selbst - if (in_array($sub->id, array_column($notif_users, 'id') ?: [])) continue; // schon benachrichtigt + if (in_array((int)$sub->id, $notif_ids, true)) continue; // schon benachrichtigt self::send_notification_email($sub, 'reply', $user->display_name, [ 'thread_id' => $thread_id, 'thread_title' => $thread->title, @@ -372,6 +399,19 @@ class WBF_Ajax { if (!empty($_POST['new_password'])) { if (strlen($_POST['new_password']) < 6) wp_send_json_error(['message'=>'Passwort mindestens 6 Zeichen.']); + // Sicherheit: aktuelles Passwort muss zur Bestätigung angegeben werden + $current_pw = $_POST['current_password'] ?? ''; + if ( empty($current_pw) ) { + wp_send_json_error(['message'=>'Bitte aktuelles Passwort zur Bestätigung eingeben.']); + } + if ( ! password_verify($current_pw, $user->password) ) { + wp_send_json_error(['message'=>'Aktuelles Passwort ist falsch.']); + } + // Bestätigungsfeld server-seitig prüfen + $new_pw2 = $_POST['new_password2'] ?? ''; + if ( ! empty($new_pw2) && $new_pw2 !== $_POST['new_password'] ) { + wp_send_json_error(['message'=>'Die Passwörter stimmen nicht überein.']); + } $update['password'] = password_hash($_POST['new_password'], PASSWORD_DEFAULT); } @@ -397,6 +437,15 @@ class WBF_Ajax { $value = sanitize_textarea_field( $raw ); } elseif ( $def['type'] === 'number' ) { $value = is_numeric($raw) ? (string)(float)$raw : ''; + } elseif ( $def['type'] === 'date' ) { + // Datum validieren — nur YYYY-MM-DD, nicht in der Zukunft + $raw_date = sanitize_text_field( trim($raw) ); + if ( preg_match('/^\d{4}-\d{2}-\d{2}$/', $raw_date) ) { + $ts = strtotime($raw_date); + $value = ($ts && $ts <= time()) ? $raw_date : ''; + } else { + $value = ''; + } } else { $value = sanitize_text_field( $raw ); } @@ -594,7 +643,8 @@ class WBF_Ajax { self::verify(); $query = sanitize_text_field( $_POST['query'] ?? '' ); if ( mb_strlen( $query ) < 2 ) wp_send_json_error(['message' => 'Suchbegriff zu kurz.']); - $results = WBF_DB::search( $query, 40 ); + $current_search = WBF_Auth::get_current_user(); + $results = WBF_DB::search( $query, 40, $current_search ); wp_send_json_success(['results' => $results, 'query' => $query]); } @@ -1141,6 +1191,12 @@ class WBF_Ajax { self::verify(); $user = WBF_Auth::get_current_user(); if (!$user) wp_send_json_error(['message'=>'Nicht eingeloggt.']); + // Sicherstellen dass Spalte existiert (Schutz für bestehende Installs) + global $wpdb; + $cols = $wpdb->get_col( "DESCRIBE {$wpdb->prefix}forum_users" ); + if ( ! in_array( 'profile_public', $cols ) ) { + $wpdb->query( "ALTER TABLE {$wpdb->prefix}forum_users ADD COLUMN profile_public TINYINT(1) NOT NULL DEFAULT 1" ); + } $current = (int)($user->profile_public ?? 1); $new = $current ? 0 : 1; WBF_DB::update_user($user->id, ['profile_public'=>$new]); diff --git a/includes/class-forum-auth.php b/includes/class-forum-auth.php index 5cdc32a..8535b01 100644 --- a/includes/class-forum-auth.php +++ b/includes/class-forum-auth.php @@ -6,8 +6,25 @@ class WBF_Auth { const SESSION_KEY = 'wbf_forum_user'; public static function init() { + // PHP 8.3: session_start() nach gesendeten Headers erzeugt E_WARNING, + // der direkt in den HTML-Output fließt und das Layout zerstört. + // Lösung: headers_sent() prüfen + session_start() mit Cookie-Optionen aufrufen. if ( ! session_id() ) { - session_start(); + if ( headers_sent() ) { + // Headers bereits gesendet — Session kann nicht sicher gestartet werden. + // Passiert z.B. wenn WP_DEBUG=true und PHP Notices vor dem Hook ausgegeben hat. + return; + } + $session_opts = [ + 'cookie_httponly' => true, + 'cookie_samesite' => 'Lax', + 'use_strict_mode' => true, + ]; + // cookie_secure nur setzen wenn HTTPS aktiv — verhindert Session-Verlust bei HTTP + if ( is_ssl() || ( ! empty( $_SERVER['HTTPS'] ) && $_SERVER['HTTPS'] !== 'off' ) ) { + $session_opts['cookie_secure'] = true; + } + session_start( $session_opts ); } // Auto-login via Remember-Me cookie if not already logged in if ( empty( $_SESSION[ self::SESSION_KEY ] ) && isset( $_COOKIE['wbf_remember'] ) ) { @@ -55,6 +72,7 @@ class WBF_Auth { ]); // Frisch laden und einloggen $user = WBF_DB::get_user( $user->id ); + if ( session_id() ) session_regenerate_id( true ); // Session Fixation verhindern $_SESSION[ self::SESSION_KEY ] = $user->id; WBF_DB::touch_last_active( $user->id ); return array( 'success' => true, 'user' => $user ); @@ -67,6 +85,7 @@ class WBF_Auth { } return array( 'success' => false, 'banned' => true, 'message' => $reason ); } + if ( session_id() ) session_regenerate_id( true ); // Session Fixation verhindern $_SESSION[ self::SESSION_KEY ] = $user->id; WBF_DB::touch_last_active( $user->id ); return array( 'success' => true, 'user' => $user ); @@ -96,6 +115,7 @@ class WBF_Auth { 'avatar_url' => $avatar, )); + if ( session_id() ) session_regenerate_id( true ); // Session Fixation verhindern $_SESSION[ self::SESSION_KEY ] = $id; return array('success'=>true,'user'=>WBF_DB::get_user($id)); } diff --git a/includes/class-forum-db.php b/includes/class-forum-db.php index bae5ec3..65100ab 100644 --- a/includes/class-forum-db.php +++ b/includes/class-forum-db.php @@ -490,7 +490,7 @@ class WBF_DB { } // Move post_count contribution too $post_count = (int)$wpdb->get_var($wpdb->prepare( - "SELECT COUNT(*) FROM {$wpdb->prefix}forum_posts WHERE thread_id=%d", $thread_id + "SELECT COUNT(*) FROM {$wpdb->prefix}forum_posts WHERE thread_id=%d AND deleted_at IS NULL", $thread_id )); if ( $post_count > 0 ) { $wpdb->query($wpdb->prepare( @@ -512,7 +512,7 @@ class WBF_DB { FROM {$wpdb->prefix}forum_threads t JOIN {$wpdb->prefix}forum_users u ON u.id = t.user_id LEFT JOIN {$wpdb->prefix}forum_prefixes p ON p.id = t.prefix_id - WHERE t.id = %d", $id + WHERE t.id = %d AND t.deleted_at IS NULL", $id )); } @@ -572,7 +572,7 @@ class WBF_DB { public static function count_posts( $thread_id ) { global $wpdb; - return (int)$wpdb->get_var($wpdb->prepare("SELECT COUNT(*) FROM {$wpdb->prefix}forum_posts WHERE thread_id=%d", $thread_id)); + return (int)$wpdb->get_var($wpdb->prepare("SELECT COUNT(*) FROM {$wpdb->prefix}forum_posts WHERE thread_id=%d AND deleted_at IS NULL", $thread_id)); } public static function create_post( $data ) { @@ -643,8 +643,8 @@ class WBF_DB { public static function get_stats() { global $wpdb; return [ - 'threads' => $wpdb->get_var("SELECT COUNT(*) FROM {$wpdb->prefix}forum_threads WHERE status != 'archived'"), - 'posts' => $wpdb->get_var("SELECT COUNT(*) FROM {$wpdb->prefix}forum_posts"), + 'threads' => $wpdb->get_var("SELECT COUNT(*) FROM {$wpdb->prefix}forum_threads WHERE status != 'archived' AND deleted_at IS NULL"), + 'posts' => $wpdb->get_var("SELECT COUNT(*) FROM {$wpdb->prefix}forum_posts WHERE deleted_at IS NULL"), 'members' => $wpdb->get_var("SELECT COUNT(*) FROM {$wpdb->prefix}forum_users"), 'newest' => $wpdb->get_var("SELECT display_name FROM {$wpdb->prefix}forum_users ORDER BY registered DESC LIMIT 1"), ]; @@ -731,9 +731,23 @@ class WBF_DB { // ── Suche ───────────────────────────────────────────────────────────────── - public static function search( $query, $limit = 30 ) { + public static function search( $query, $limit = 30, $user = null ) { global $wpdb; $like = '%' . $wpdb->esc_like( $query ) . '%'; + + // Kategorie-Sichtbarkeit: Gäste und Member dürfen keine privaten Kategorien sehen + $user_level = $user ? WBF_Roles::level( $user->role ) : -99; + if ( $user_level >= 50 ) { + // Moderatoren+ sehen alles (inkl. soft-deleted ist extra) + $cat_filter = ''; + } elseif ( $user ) { + // Eingeloggte Member/VIP: nur guest_visible oder eigene Rolle reicht + $cat_filter = "AND c.guest_visible = 1 AND (c.min_role IS NULL OR c.min_role IN ('member','vip'))"; + } else { + // Gäste: nur komplett öffentliche Kategorien + $cat_filter = "AND c.guest_visible = 1 AND (c.min_role IS NULL OR c.min_role = 'member')"; + } + return $wpdb->get_results( $wpdb->prepare( "SELECT 'thread' AS result_type, t.id, t.title, t.content, t.created_at, t.reply_count, @@ -742,7 +756,9 @@ class WBF_DB { FROM {$wpdb->prefix}forum_threads t JOIN {$wpdb->prefix}forum_users u ON u.id = t.user_id JOIN {$wpdb->prefix}forum_categories c ON c.id = t.category_id - WHERE (t.title LIKE %s OR t.content LIKE %s) AND t.status != 'archived' + WHERE (t.title LIKE %s OR t.content LIKE %s) + AND t.status != 'archived' AND t.deleted_at IS NULL + $cat_filter UNION ALL SELECT 'post' AS result_type, p.id, t.title, p.content, p.created_at, 0 AS reply_count, @@ -752,7 +768,9 @@ class WBF_DB { JOIN {$wpdb->prefix}forum_threads t ON t.id = p.thread_id JOIN {$wpdb->prefix}forum_users u ON u.id = p.user_id JOIN {$wpdb->prefix}forum_categories c ON c.id = t.category_id - WHERE p.content LIKE %s AND t.status != 'archived' + WHERE p.content LIKE %s + AND p.deleted_at IS NULL AND t.status != 'archived' AND t.deleted_at IS NULL + $cat_filter ORDER BY created_at DESC LIMIT %d", $like, $like, $like, $limit @@ -1476,6 +1494,25 @@ class WBF_DB { update_option( 'wbf_profile_fields', $fields ); } + public static function get_profile_field_categories() { + $cats = get_option( 'wbf_profile_field_cats', null ); + if ( $cats === null ) { + // Default-Kategorien beim ersten Aufruf + $defaults = [ + [ 'id' => 'cat_allgemein', 'name' => 'Allgemein', 'icon' => '👤' ], + [ 'id' => 'cat_kontakt', 'name' => 'Kontakt', 'icon' => '✉️' ], + [ 'id' => 'cat_social', 'name' => 'Social Media', 'icon' => '🌐' ], + ]; + update_option( 'wbf_profile_field_cats', $defaults ); + return $defaults; + } + return is_array( $cats ) ? $cats : []; + } + + public static function save_profile_field_categories( $cats ) { + update_option( 'wbf_profile_field_cats', $cats ); + } + public static function get_user_meta( $user_id ) { global $wpdb; $rows = $wpdb->get_results( $wpdb->prepare( diff --git a/includes/class-forum-export.php b/includes/class-forum-export.php index 37c10ac..7d789a3 100644 --- a/includes/class-forum-export.php +++ b/includes/class-forum-export.php @@ -103,6 +103,7 @@ class WBF_Export { case 'settings': $data['settings'] = get_option( 'wbf_settings', [] ); $data['profile_fields'] = get_option( 'wbf_profile_fields', [] ); + $data['profile_field_cats'] = get_option( 'wbf_profile_field_cats', [] ); $data['reactions_cfg'] = get_option( 'wbf_reactions', [] ); $data['word_filter'] = get_option( 'wbf_word_filter', '' ); break; @@ -275,6 +276,7 @@ class WBF_Export { } if ( isset( $data['profile_fields'] ) ) { update_option( 'wbf_profile_fields', $data['profile_fields'] ); + if ( isset($data['profile_field_cats']) ) update_option( 'wbf_profile_field_cats', $data['profile_field_cats'] ); $log[] = '✅ Profilfeld-Definitionen (' . count( $data['profile_fields'] ) . ') importiert.'; } if ( isset( $data['reactions_cfg'] ) && is_array( $data['reactions_cfg'] ) ) { @@ -1172,7 +1174,7 @@ class WBF_Export { /** Prüft ob eine Tabelle existiert */ private static function table_exists( string $table ): bool { global $wpdb; - return $wpdb->get_var( "SHOW TABLES LIKE '$table'" ) === $table; + return $wpdb->get_var( $wpdb->prepare( "SHOW TABLES LIKE %s", $table ) ) === $table; } /** Erstellt ein standardisiertes Ergebnis-Array */ diff --git a/includes/class-forum-levels.php b/includes/class-forum-levels.php index 29b271d..3c1e39c 100644 --- a/includes/class-forum-levels.php +++ b/includes/class-forum-levels.php @@ -43,12 +43,12 @@ class WBF_Levels { return $defaults; } $levels = (array) $saved; - usort( $levels, fn($a,$b) => (int)$a['min'] <=> (int)$b['min'] ); + usort( $levels, function($a, $b) { return (int)$a['min'] <=> (int)$b['min']; } ); return $levels; } public static function save( $levels ) { - usort( $levels, fn($a,$b) => (int)$a['min'] <=> (int)$b['min'] ); + usort( $levels, function($a, $b) { return (int)$a['min'] <=> (int)$b['min']; } ); update_option( self::OPTION_KEY, $levels ); } diff --git a/includes/class-forum-roles.php b/includes/class-forum-roles.php index 351063c..3d74c93 100644 --- a/includes/class-forum-roles.php +++ b/includes/class-forum-roles.php @@ -108,7 +108,7 @@ class WBF_Roles { /** Nach Level sortiert (höchstes zuerst) */ public static function get_sorted() { $all = self::get_all(); - uasort($all, fn($a,$b) => $b['level'] <=> $a['level']); + uasort($all, function($a, $b) { return $b['level'] <=> $a['level']; }); return $all; } diff --git a/includes/class-forum-shortcodes.php b/includes/class-forum-shortcodes.php index be0c07d..b0c6808 100644 --- a/includes/class-forum-shortcodes.php +++ b/includes/class-forum-shortcodes.php @@ -9,6 +9,15 @@ class WBF_Shortcodes { // ── Helpers ─────────────────────────────────────────────────────────────── + /** Alter aus Geburtsdatum berechnen */ + public static function calc_age( $date_str ) { + if ( ! $date_str || ! preg_match('/^\d{4}-\d{2}-\d{2}$/', $date_str) ) return null; + $birth = new DateTime( $date_str ); + $today = new DateTime(); + if ( $birth > $today ) return null; + return (int) $birth->diff($today)->y; + } + public static function time_ago( $datetime ) { $diff = time() - strtotime($datetime); if ($diff < 60) return 'Gerade eben'; @@ -149,8 +158,12 @@ class WBF_Shortcodes { // ── Router ──────────────────────────────────────────────────────────────── public static function forum_main( $atts ) { - // Server-seitiger Logout-Fallback + // Server-seitiger Logout-Fallback — Nonce-Schutz gegen CSRF if (isset($_GET['wbf_do_logout'])) { + if ( ! isset($_GET['_wpnonce']) || ! wp_verify_nonce( sanitize_text_field($_GET['_wpnonce']), 'wbf_logout' ) ) { + wp_redirect( wbf_get_forum_url() ); + exit; + } WBF_Auth::logout(); wp_redirect( wbf_get_forum_url() ); exit; @@ -310,7 +323,7 @@ class WBF_Shortcodes {
Profil - +
@@ -893,7 +906,9 @@ class WBF_Shortcodes { $is_own = $current && $current->id == $profile->id; $is_staff = $current && WBF_Roles::level($current->role) >= 50; // Profil-Sichtbarkeit prüfen - if (!$is_own && !$is_staff && (int)($profile->profile_public ?? 1) === 0) { + // profile_public NULL = Spalte fehlt noch = als öffentlich (1) behandeln + $profile_public = isset($profile->profile_public) ? (int)$profile->profile_public : 1; + if (!$is_own && !$is_staff && $profile_public === 0) { ob_start(); ?>
@@ -907,12 +922,18 @@ class WBF_Shortcodes { $bookmarks = $is_own ? WBF_DB::get_user_bookmarks($current->id, 50) : []; $ignore_list = $is_own ? WBF_DB::get_ignore_list($current->id) : []; $cf_defs = WBF_DB::get_profile_field_defs(); + $cf_cats = WBF_DB::get_profile_field_categories(); + $cf_cat_map = array_column( $cf_cats, null, 'id' ); $cf_vals = WBF_DB::get_user_meta( $profile->id ); // Aktiven Tab aus URL lesen (tab=1|2|3), Standard: 1 für eigenes, 2 für fremdes - $active_tab = (int)($_GET['ptab'] ?? ($is_own ? 1 : 2)); - $active_tab = in_array($active_tab, [1,2,3]) ? $active_tab : ($is_own ? 1 : 2); - // Tab 1 + 3 nur für eigenes Profil - if (!$is_own && $active_tab !== 2) $active_tab = 2; + // Tab-ID: numerisch (1–4) oder String-Slug (z.B. 'mc' von der Forum-Bridge) + $ptab_raw = $_GET['ptab'] ?? ($is_own ? 1 : 2); + $active_tab = ctype_digit( (string) $ptab_raw ) ? (int) $ptab_raw : sanitize_key( $ptab_raw ); + if ( is_int($active_tab) && ! in_array($active_tab, [1,2,3,4]) ) { + $active_tab = $is_own ? 1 : 2; + } + // Tab 1, 3, 4 und String-Tabs nur für eigenes Profil (außer Tab 2 = Aktivität) + if ( ! $is_own && $active_tab !== 2 ) $active_tab = 2; ob_start(); ?>
@@ -930,6 +951,7 @@ class WBF_Shortcodes {
<?php echo esc_attr($profile->display_name); ?>
- - + + $def_sb,'val'=>$val_sb]; + } + $sb_sections = $cf_cats; + if (isset($cf_by_cat_sb['__none__'])) { + $sb_sections[] = ['id'=>'__none__','name'=>'Weitere Infos','icon'=>'']; + } + foreach ($sb_sections as $scat_sb): + $scid_sb = $scat_sb['id']; + if (empty($cf_by_cat_sb[$scid_sb])) continue; + ?>
- - - + + + + + - - - - - -

- -

- + +
+ + + + + + + + @ + + + + + + + + + + + + +
+
@@ -1043,6 +1109,16 @@ class WBF_Shortcodes { class="wbf-profile-tab"> Privatsphäre + + Sicherheit + + + + Minecraft + +
@@ -1057,15 +1133,9 @@ class WBF_Shortcodes { Profil bearbeiten
-
-
- - -
-
- - -
+
+ +
@@ -1076,62 +1146,36 @@ class WBF_Shortcodes {
signature??''); ?>/300
-
- - profile_public ?? 1); ?> - -
-
- - -
- + + '__none__','name'=>'Weitere Angaben','icon'=>'📋']; + } + if (!empty($cf_defs)): + foreach ($edit_sections as $ecat): + $ecid = $ecat['id']; + if (empty($cf_edit_by_cat[$ecid])) continue; + ?>
- E-Mail-Adresse -
-
-

- Aktuelle Adresse: email); ?> -

-
-
- - -
-
- - -
-
-
- - -
-
-
- - - -
-
- Weitere Profilangaben + + + +
- > + + >
-
- - -
- + + + +
+ + +
@@ -1260,6 +1313,29 @@ class WBF_Shortcodes { ══════════════════════════════════════════════════ --> + + profile_public ?? 1); ?> +
+
+ Profil-Sichtbarkeit +
+
+
+
+
Profil öffentlich sichtbar
+
Wenn deaktiviert, können nur du selbst und Moderatoren dein Profil sehen.
+
+ +
+
+
+
@@ -1394,6 +1470,78 @@ class WBF_Shortcodes { + + + + +
+
+ Passwort ändern +
+
+
+ + +
+
+
+ + +
+
+ + +
+
+
+ + +
+
+
+ + +
+
+ E-Mail-Adresse +
+
+

+ Aktuelle Adresse: email); ?> +

+
+
+ + +
+
+ + +
+
+
+ + +
+
+
+ + + + + +
@@ -1608,7 +1756,7 @@ class WBF_Shortcodes { if ($maint_s === '1' && (!$cur_s || WBF_Roles::level($cur_s->role) < 50)) return self::view_maintenance(); $query = sanitize_text_field($_GET['q'] ?? ''); $current = WBF_Auth::get_current_user(); - $results = mb_strlen($query) >= 2 ? WBF_DB::search($query, 40) : []; + $results = mb_strlen($query) >= 2 ? WBF_DB::search($query, 40, $current) : []; ob_start(); ?>
@@ -1711,7 +1859,7 @@ class WBF_Shortcodes { display_name); ?> role); ?> - +