10h30/ultimatemember
1
0
Fork 0
mirror of https://github.com/10h30/ultimatemember.git synced 2026-06-05 15:09:37 +09:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1659 from ultimatemember/fix/1654_additional

Browse Source 
Enhance SQL injection protection in regex patterns
This commit is contained in:
Mykyta Synelnikov
2025-03-10 15:05:47 +02:00
committed by GitHub
parent 4300a7eb9e 51dc3b5747
commit 6fea2c7f6a
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
includes/core/class-member-directory.php
+2 -1
View File
@@ -1710,7 +1710,8 @@ if ( ! class_exists( 'um\core\Member_Directory' ) ) {
$regexp_map = array(
'/select(.*?)from/im',
'/select(.*?)sleep/im',
"/sleep\(\d+\)/im", // avoid any sleep injections
"/sleep\([^)]+\)/im", // avoid any sleep injections
"/benchmark\([^)]+\)/im", // avoid any benchmark injections
'/select(.*?)database/im',
'/select(.*?)where/im',
'/update(.*?)set/im',