10h30/ultimatemember
1
0
Fork 0
mirror of https://github.com/10h30/ultimatemember.git synced 2026-06-05 15:09:37 +09:00
Code Issues Packages Projects Releases Wiki Activity

- added callbacks blacklist. Added PHP command execution functions here to exclude the running them from the custom callback;

Browse Source
This commit is contained in:
Nikita Sinelnikov
2022-09-30 12:31:40 +03:00
parent e1bc94c110
commit aa6a238c61
6 changed files with 75 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files
includes/admin/core/class-admin-builder.php
+4
View File
@@ -1220,6 +1220,10 @@ if ( ! class_exists( 'um\admin\core\Admin_Builder' ) ) {
$arr_options['function_exists'] = function_exists( $um_callback_func );
}
if ( in_array( $um_callback_func, UM()->fields()->dropdown_options_source_blacklist(), true ) ) {
wp_send_json_error( __( 'This is not possible for security reasons. Don\'t use internal PHP functions.', 'ultimate-member' ) );
}
$arr_options['data'] = array();
if ( function_exists( $um_callback_func ) ) {
$arr_options['data'] = call_user_func( $um_callback_func );