Enhance SQL injection protection in regex patterns

Updated regular expressions to strengthen protection against sleep and benchmark injection attacks. This change improves the security of queries by handling potential edge cases more effectively.
2026-06-05 15:09:37 +09:00 · 2025-03-07 01:25:05 +02:00
parent 4300a7eb9e
commit 7014623010
1 changed files with 2 additions and 1 deletions
@@ -1710,7 +1710,8 @@ if ( ! class_exists( 'um\core\Member_Directory' ) ) {
 			$regexp_map = array(
 				'/select(.*?)from/im',
 				'/select(.*?)sleep/im',
-				"/sleep\(\d+\)/im", // avoid any sleep injections
+				"/sleep\(\s*[\"'`]?\s*\d+\s*[\"'`]?\s*\)/im", // avoid any sleep injections
+				"/benchmark\(\s*[\"'`]?\s*\d+\s*[\"'`]?\s*,.*\)/im", // avoid any benchmark injections
 				'/select(.*?)database/im',
 				'/select(.*?)where/im',
 				'/update(.*?)set/im',