10h30/ultimatemember
1
0
Fork 0
mirror of https://github.com/10h30/ultimatemember.git synced 2026-06-05 15:09:37 +09:00
Code Issues Packages Projects Releases Wiki Activity

- fixed directory traversal vulnerability;

Browse Source
This commit is contained in:
Nikita Sinelnikov
2022-09-27 13:58:01 +03:00
parent 7bff69f52b
commit 14dc36b813
1 changed files with 3 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
includes/core/class-shortcodes.php
+3
View File
@@ -276,6 +276,9 @@ if ( ! class_exists( 'um\core\Shortcodes' ) ) {
extract( $args );
}
// Avoid Directory Traversal vulnerability.
$tpl = trim( $tpl, "./\\" );
$file = um_path . "templates/{$tpl}.php";
$theme_file = get_stylesheet_directory() . "/ultimate-member/templates/{$tpl}.php";
if ( file_exists( $theme_file ) ) {