From e0543c6982470f681b47f0539240c2c3826950fb Mon Sep 17 00:00:00 2001
From: Chuck Scott <cscott@gaslightmedia.com>
Date: Mon, 17 Apr 2017 11:56:55 -0400
Subject: [PATCH] Fixed problem with showing wrong member dashboard widgets
 when dashboard tab is clicked by a logged in member manager. Fixed ability of
 a logged in member manager to change the member id on the URL when adding a
 new member info record.

---
 models/admin/member/memberInfo.php | 7 +++++--
 views/admin/member/header.html     | 2 +-
 views/admin/member/index.html      | 2 ++
 3 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/models/admin/member/memberInfo.php b/models/admin/member/memberInfo.php
index a9a2dadd..cca98746 100644
--- a/models/admin/member/memberInfo.php
+++ b/models/admin/member/memberInfo.php
@@ -245,8 +245,11 @@ class GlmMembersAdmin_member_memberInfo extends GlmDataMemberInfo
             }
         }
 
-        // If member ID not supplied - we shouldn't be here, so redirect to an error page
-        if ($this->memberID <= 0) {
+        // Check to see if the user is locked to a particular member
+        $lockedToMember = apply_filters('glm_members_locked_to_member_id', false);
+
+        // If member ID not supplied or someone is tampering with a member id for a locked member - we shouldn't be here, so redirect to an error page
+        if ($this->memberID <= 0 || ($lockedToMember && $this->memberID != $lockedToMember)) {
 
             if (GLM_MEMBERS_PLUGIN_ADMIN_DEBUG) {
                 glmMembersAdmin::addNotice("<b>&nbsp;&nbsp;Member ID expected but no ID was supplied.", 'Alert');
diff --git a/views/admin/member/header.html b/views/admin/member/header.html
index cfcdb418..ead594ca 100644
--- a/views/admin/member/header.html
+++ b/views/admin/member/header.html
@@ -17,7 +17,7 @@
     </h2>
 
     <h2 class="nav-tab-wrapper">
-        <a href="{$thisUrl}?page={$thisPage}&glm_action=index&member={$memberID}&id={$memberInfoID}" class="nav-tab{if $thisAction==index || $thisAction==memberEdit || $thisAction==memberInfo} nav-tab-active{/if}">{$terms.term_member_cap} Dashboard</a>
+        <a href="{$thisUrl}?page={$thisPage}" class="nav-tab{if $thisAction==index || $thisAction==memberEdit || $thisAction==memberInfo} nav-tab-active{/if}">{$terms.term_member_cap} Dashboard</a>
 {if $memberID}
   {foreach $addOnTabs as $a}
         <a href="{$thisUrl}?page={$thisPage}&glm_action={$a.action}{if isset($a.option)}&option={$a.option}{/if}&member={$memberID}" class="nav-tab{if $thisAction==$a.action} nav-tab-active{/if}">{$a.text}</a>
diff --git a/views/admin/member/index.html b/views/admin/member/index.html
index 9ba95936..542101a3 100644
--- a/views/admin/member/index.html
+++ b/views/admin/member/index.html
@@ -99,12 +99,14 @@
     {/if}
     <p>
         <h3 class="glm-left">{$terms.term_member_cap} Profile Versions</h3>
+      {if apply_filters('glm_members_permit_admin_member_index_add_member_info_version', true)}
         <span class="glm-right">
             <p>
                 <input type="checkbox" id="showArchived"{if $showArchived} checked="checked"{/if}> Show archived information&nbsp;&nbsp;
                 <a href="{$thisUrl}?page={$thisPage}&glm_action=memberInfo&member={$memberID}" class="button button-primary glm-button glm-right">Add New {$terms.term_member_cap} Information Version</a>
             </p>
         </span>
+      {/if}
     </p>
     <br clear="all">
     <table class="wp-list-table striped glm-admin-table">
-- 
2.17.1