From fb6a4f56795f9eae9f1e880e6b1d288f36c0acdb Mon Sep 17 00:00:00 2001
From: Nikita Sinelnikov <nsinelnikov.work@gmail.com>
Date: Thu, 7 Jul 2022 14:30:10 +0300
Subject: [PATCH] - fixed security vulnerability in member directories queries;

---
 includes/core/class-member-directory-meta.php | 11 ++++++++++-
 includes/core/class-member-directory.php      |  9 +++++++++
 2 files changed, 19 insertions(+), 1 deletion(-)

diff --git a/includes/core/class-member-directory-meta.php b/includes/core/class-member-directory-meta.php
index c2f999f6..268934ed 100644
--- a/includes/core/class-member-directory-meta.php
+++ b/includes/core/class-member-directory-meta.php
@@ -446,7 +446,16 @@ if ( ! class_exists( 'um\core\Member_Directory_Meta' ) ) {
 
 			$blog_id = get_current_blog_id();
 
-			$directory_id = $this->get_directory_by_hash( $_POST['directory_id'] );
+			if ( empty( $_POST['directory_id'] ) ) {
+				wp_send_json_error( __( 'Wrong member directory data', 'ultimate-member' ) );
+			}
+
+			$directory_id = $this->get_directory_by_hash( sanitize_key( $_POST['directory_id'] ) );
+
+			if ( empty( $directory_id ) ) {
+				wp_send_json_error( __( 'Wrong member directory data', 'ultimate-member' ) );
+			}
+
 			$directory_data = UM()->query()->post_data( $directory_id );
 
 			//predefined result for user without capabilities to see other members
diff --git a/includes/core/class-member-directory.php b/includes/core/class-member-directory.php
index 9721fd50..752018f5 100644
--- a/includes/core/class-member-directory.php
+++ b/includes/core/class-member-directory.php
@@ -2465,7 +2465,16 @@ if ( ! class_exists( 'um\core\Member_Directory' ) ) {
 
 			global $wpdb;
 
+			if ( empty( $_POST['directory_id'] ) ) {
+				wp_send_json_error( __( 'Wrong member directory data', 'ultimate-member' ) );
+			}
+
 			$directory_id = $this->get_directory_by_hash( sanitize_key( $_POST['directory_id'] ) );
+
+			if ( empty( $directory_id ) ) {
+				wp_send_json_error( __( 'Wrong member directory data', 'ultimate-member' ) );
+			}
+
 			$directory_data = UM()->query()->post_data( $directory_id );
 
 			//predefined result for user without capabilities to see other members