10h30/ultimatemember
1
0
Fork 0
mirror of https://github.com/10h30/ultimatemember.git synced 2026-06-05 15:09:37 +09:00
Code Issues Packages Projects Releases Wiki Activity

make sure the hash parameter is a string

Browse Source 
This prevents an error (leaking path information on poorly configured servers) if a user supplies an array as `hash` parameter.

```
test.org/?act=activate_via_email&hash[]=hash&user_id=1

Warning: strlen() expects parameter 1 to be string, array given in /var/www/wp-content/plugins/ultimate-member/core/um-permalinks.php on line 75
```
This commit is contained in:
Melvin Lammerts
2016-01-26 19:55:11 +01:00
parent c8ae488891
commit b5738b68a4
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
core/um-permalinks.php
+1 -1
View File
@@ -104,7 +104,7 @@ class UM_Permalinks {
function activate_account_via_email_link(){
global $ultimatemember;
if ( isset($_REQUEST['act']) && $_REQUEST['act'] == 'activate_via_email' && isset($_REQUEST['hash']) && strlen($_REQUEST['hash']) == 40 &&
if ( isset($_REQUEST['act']) && $_REQUEST['act'] == 'activate_via_email' && isset($_REQUEST['hash']) && is_string($_REQUEST['hash']) && strlen($_REQUEST['hash']) == 40 &&
isset($_REQUEST['user_id']) && is_numeric($_REQUEST['user_id']) ) { // valid token
$user_id = absint( $_REQUEST['user_id'] );