10h30/ultimatemember
1
0
Fork 0
mirror of https://github.com/10h30/ultimatemember.git synced 2026-06-05 15:09:37 +09:00
Code Issues Packages Projects Releases Wiki Activity

- security fixes;

Browse Source 
- download last upgrades fixes;
This commit is contained in:
nikitasinelnikov
2019-05-10 15:43:14 +03:00
parent ca1a908aae
commit dc4382acd3
9 changed files with 258 additions and 46 deletions
Download Patch File Download Diff File Expand all files Collapse all files
includes/core/class-uploader.php
+11 -2
View File
@@ -1151,8 +1151,17 @@ if ( ! class_exists( 'um\core\Uploader' ) ) {
$old_filename = get_user_meta( $user_id, $key, true );
if ( ! empty( $old_filename ) ) {
$file = $user_basedir . DIRECTORY_SEPARATOR . $old_filename;
if ( file_exists( $file ) ) {
unlink( $file );
$valid = true;
//validate traversal file
if ( validate_file( $file ) === 1 ) {
$valid = false;
}
if ( $valid ) {
if ( file_exists( $file ) && um_is_file_owner( $file, $user_id ) ) {
unlink( $file );
}
}
}