Update dynamic function blacklist for security enhancement

Added a mechanism to dynamically retrieve and merge updated WordPress function lists into the blacklist to prevent unsafe usage in dropdown options. Addresses a security issue (CVE-2025-47691) by using a JSON-based function source tied to WordPress versioning.

includes/core/class-fields.php

@@ -1379,8 +1379,30 @@ if ( ! class_exists( 'um\core\Fields' ) ) {
 		public function dropdown_options_source_blacklist() {
 			$list      = get_defined_functions();
 			$blacklist = ! empty( $list['internal'] ) ? $list['internal'] : array();
-			$blacklist = apply_filters( 'um_dropdown_options_source_blacklist', $blacklist );
-			return $blacklist;
+
+			// Get the saved version from the database
+			$wp_functions_version = get_option( 'um_wp_functions_version' );
+			if ( empty( $wp_functions_version ) || version_compare( UM_WP_FUNCTIONS_VERSION, $wp_functions_version, '>' ) ) {
+				// Load the JSON file's content
+				$jsonContent = file_get_contents( UM_PATH . 'includes/lib/php-scoper-wordpress-excludes/exclude-wordpress-functions.json' );
+
+				// Parse the JSON string into a PHP array
+				$um_wp_native_functions_list = json_decode( $jsonContent, true );
+
+				// Save the decoded JSON into wp_option
+				update_option( 'um_wp_functions_list', $um_wp_native_functions_list );
+
+				// Update the saved version in the database
+				update_option( 'um_wp_functions_version', UM_WP_FUNCTIONS_VERSION );
+			} else {
+				$um_wp_native_functions_list = get_option( 'um_wp_functions_list', array() );
+			}
+
+			if ( ! empty( $um_wp_native_functions_list ) ) {
+				$blacklist = array_merge( $blacklist, $um_wp_native_functions_list );
+			}
+
+			return apply_filters( 'um_dropdown_options_source_blacklist', $blacklist );
 		}
 
 		/**