From 8cdbafe879466bee5450d96cd233d68cd9e55290 Mon Sep 17 00:00:00 2001
From: Nikita Sinelnikov <nsinelnikov.work@gmail.com>
Date: Thu, 6 Oct 2022 15:27:51 +0300
Subject: [PATCH] - changed getting blacklist functions;

---
 includes/core/class-fields.php | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/includes/core/class-fields.php b/includes/core/class-fields.php
index 0ff3768f..88a6cb35 100644
--- a/includes/core/class-fields.php
+++ b/includes/core/class-fields.php
@@ -1295,14 +1295,15 @@ if ( ! class_exists( 'um\core\Fields' ) ) {
 			return '';
 		}
 
+		/**
+		 * Getting the blacklist of the functions that cannot be used as callback.
+		 * All internal PHP functions are insecure for using inside callback functions.
+		 *
+		 * @return array
+		 */
 		public function dropdown_options_source_blacklist() {
-			$blacklist = array(
-				'phpinfo',
-				'exec',
-				'passthru',
-				'shell_exec',
-				'system',
-			);
+			$list      = get_defined_functions();
+			$blacklist = ! empty( $list['internal'] ) ? $list['internal'] : array();
 			$blacklist = apply_filters( 'um_dropdown_options_source_blacklist', $blacklist );
 			return $blacklist;
 		}