10h30/ultimatemember
1
0
Fork 0
mirror of https://github.com/10h30/ultimatemember.git synced 2026-06-05 15:09:37 +09:00
Code Issues Packages Projects Releases Wiki Activity

* maybe fixed CVE-2024-10528;

Browse Source
This commit is contained in:
Mykyta Synelnikov
2024-11-05 11:55:07 +02:00
parent baaf32c278
commit 61ea1b3e8d
6 changed files with 346 additions and 127 deletions
Download Patch File Download Diff File Expand all files Collapse all files
includes/core/class-uploader.php
+19 -17
View File
@@ -3,6 +3,8 @@ namespace um\core;
// Exit if accessed directly
use Exception;
if ( ! defined( 'ABSPATH' ) ) exit;
@@ -300,13 +302,13 @@ if ( ! class_exists( 'um\core\Uploader' ) ) {
* @since 2.0.22
*
* @return array
* @throws \Exception
* @throws Exception
*/
public function upload_image( $uploadedfile, $user_id = null, $field_key = '', $upload_type = 'stream_photo' ) {
$response = array();
if ( ! function_exists( 'wp_handle_upload' ) ) {
require_once( ABSPATH . 'wp-admin/includes/file.php' );
require_once ABSPATH . 'wp-admin/includes/file.php';
}
if ( empty( $field_key ) ) {
@@ -323,7 +325,7 @@ if ( ! class_exists( 'um\core\Uploader' ) ) {
$this->user_id = $user_id;
}
if ( in_array( $field_key, array( 'profile_photo', 'cover_photo' ) ) ) {
if ( in_array( $field_key, array( 'profile_photo', 'cover_photo' ), true ) ) {
$this->upload_image_type = $field_key;
}
@@ -510,19 +512,20 @@ if ( ! class_exists( 'um\core\Uploader' ) ) {
/**
* Upload Files
*
* @since 2.0.22
*
* @param $uploadedfile
* @param int|null $user_id
* @param string $field_key
*
* @since 2.0.22
*
* @return array
* @throws Exception
*/
public function upload_file( $uploadedfile, $user_id = null, $field_key = '' ) {
$response = array();
if ( ! function_exists( 'wp_handle_upload' ) ) {
require_once( ABSPATH . 'wp-admin/includes/file.php' );
require_once ABSPATH . 'wp-admin/includes/file.php';
}
$this->field_key = $field_key;
@@ -535,19 +538,19 @@ if ( ! class_exists( 'um\core\Uploader' ) ) {
$field_data = UM()->fields()->get_field( $field_key );
$field_allowed_file_types = explode(",", $field_data['allowed_types'] );
$field_allowed_file_types = explode( ',', $field_data['allowed_types'] );
$allowed_file_mimes = array();
foreach ( $field_allowed_file_types as $a ) {
$atype = wp_check_filetype( "test.{$a}" );
$atype = wp_check_filetype( "test.{$a}" );
$allowed_file_mimes[ $atype['ext'] ] = $atype['type'];
}
$upload_overrides = array(
'test_form' => false,
'mimes' => apply_filters( 'um_uploader_allowed_file_mimes', $allowed_file_mimes ),
'unique_filename_callback' => array( $this, 'unique_filename' ),
'test_form' => false,
'mimes' => apply_filters( 'um_uploader_allowed_file_mimes', $allowed_file_mimes ),
'unique_filename_callback' => array( $this, 'unique_filename' ),
);
$upload_overrides = apply_filters( "um_file_upload_handler_overrides__{$field_key}", $upload_overrides );
@@ -556,9 +559,9 @@ if ( ! class_exists( 'um\core\Uploader' ) ) {
if ( isset( $movefile['error'] ) ) {
/*
* Error generated by _wp_handle_upload()
* @see _wp_handle_upload() in wp-admin/includes/file.php
*/
* Error generated by _wp_handle_upload()
* @see _wp_handle_upload() in wp-admin/includes/file.php
*/
$response['error'] = $movefile['error'];
} else {
@@ -574,7 +577,6 @@ if ( ! class_exists( 'um\core\Uploader' ) ) {
$movefile['file_info']['size'] = filesize( $movefile['file'] );
$movefile['file_info']['size_format'] = size_format( $movefile['file_info']['size'] );
/**
* UM hook
*
@@ -690,7 +692,7 @@ if ( ! class_exists( 'um\core\Uploader' ) ) {
$error = null;
if ( ! function_exists( 'wp_get_image_editor' ) ) {
require_once( ABSPATH . 'wp-admin/includes/media.php' );
require_once ABSPATH . 'wp-admin/includes/media.php';
}
$image = wp_get_image_editor( $file );
@@ -814,7 +816,7 @@ if ( ! class_exists( 'um\core\Uploader' ) ) {
$error = null;
if ( ! function_exists( 'wp_get_image_editor' ) ) {
require_once( ABSPATH . 'wp-admin/includes/media.php' );
require_once ABSPATH . 'wp-admin/includes/media.php';
}
$file_type = wp_check_filetype( $file );