= 4.2.6.6 =

~ Fixed: security check option users_can_register
LearnPress · May 3, 2024 · 3cfbd6e · 3cfbd6e
1 parent 38d5096
commit 3cfbd6e
Show file tree

Hide file tree

Showing 3 changed files with 18 additions and 14 deletions.
diff --git a/inc/class-lp-ajax.php b/inc/class-lp-ajax.php
@@ -109,8 +109,9 @@ public static function checkout_user_email_exists() {
 			$response = new LP_REST_Response();
 
 			try {
-				$email        = LP_Request::get_email( 'email' );
-				$html_wrapper = [
+				$email             = LP_Request::get_email( 'email' );
+				$user_can_register = get_option( 'users_can_register' );
+				$html_wrapper      = [
 					'<label class="lp-guest-checkout-output">' => '</label>',
 				];
 
@@ -119,7 +120,7 @@ public static function checkout_user_email_exists() {
 						'Your email already exists. Do you want to continue with this email?',
 						'learnpress'
 					);
-				} else {
+				} elseif ( $user_can_register ) {
 					$output = sprintf(
 						'<input type="checkbox" name="checkout-email-option" value="new-account"> <span>%s</span>',
 						__(

diff --git a/inc/class-lp-checkout.php b/inc/class-lp-checkout.php
@@ -13,6 +13,7 @@
 
 class LP_Checkout {
 	use Singleton;
+
 	/**
 	 * Payment method
 	 *
@@ -228,20 +229,21 @@ public function checkout_email_exists() {
 	/**
 	 * Create LP Order.
 	 *
-	 * @since 3.0.0
-	 * @version 4.0.2
 	 * @return mixed|string
 	 * @throws Exception
+	 * @since 3.0.0
+	 * @version 4.0.3
 	 */
 	public function create_order() {
-		$cart       = LearnPress::instance()->cart;
-		$cart_total = $cart->calculate_totals();
-		$order      = new LP_Order();
-		$user_id    = 0;
+		$cart              = LearnPress::instance()->cart;
+		$cart_total        = $cart->calculate_totals();
+		$order             = new LP_Order();
+		$user_id           = 0;
+		$user_can_register = get_option( 'users_can_register' );
 
 		if ( is_user_logged_in() ) {
 			$user_id = get_current_user_id();
-		} else {
+		} elseif ( $user_can_register ) {
 			$checkout_option = LP_Request::get_param( 'checkout-email-option' );
 			// Set user id for Order if buy with Guest and email exists on the user
 			$user_id = $this->checkout_email_exists();
@@ -333,7 +335,7 @@ public function is_enable_guest_checkout() {
 	 * @since 3.0.0
 	 */
 	public function is_enable_login() {
-		return apply_filters( 'learn-press/checkout/enable-login', in_array( LP_Settings::instance()->get( 'enable_login_checkout' ), array( '', 'yes' ) ) );
+		return apply_filters( 'learn-press/checkout/enable-login', 'yes' === LP_Settings::get_option( 'enable_login_checkout', 'yes' ) );
 	}
 
 	/**
@@ -343,7 +345,7 @@ public function is_enable_login() {
 	 * @since 3.0.0
 	 */
 	public function is_enable_register() {
-		return apply_filters( 'learn-press/checkout/enable-register', in_array( LP_Settings::instance()->get( 'enable_registration_checkout' ), array( '', 'yes' ) ) && get_option( 'users_can_register' ) );
+		return apply_filters( 'learn-press/checkout/enable-register', 'yes' === LP_Settings::get_option( 'enable_registration_checkout', 'yes' ) );
 	}
 
 	/**
@@ -418,6 +420,7 @@ public function validate_checkout_fields() {
 		$error = apply_filters( 'learn-press/validate-checkout-fields', $this->errors, $fields, $this );
 		if ( is_wp_error( $error ) ) {
 			$this->errors[] = $error;
+
 			return false;
 		}
 

diff --git a/inc/class-lp-install.php b/inc/class-lp-install.php
@@ -85,9 +85,9 @@ public function on_activate() {
 			}
 
 			// Force option users_can_register to ON.
-			if ( ! get_option( 'users_can_register' ) ) {
+			/*if ( ! get_option( 'users_can_register' ) ) {
 				update_option( 'users_can_register', 1 );
-			}
+			}*/
 		}
 
 		/**