10h30/ultimatemember
1
0
Fork 0
mirror of https://github.com/10h30/ultimatemember.git synced 2026-06-05 15:09:37 +09:00
Code Issues Packages Projects Releases Wiki Activity

- fixed Directory Traversal vulnerability. Using realpath for that;

Browse Source
This commit is contained in:
Nikita Sinelnikov
2022-09-27 15:13:35 +03:00
parent 14dc36b813
commit e1bc94c110
1 changed files with 6 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files
includes/core/class-shortcodes.php
+6 -4
View File
@@ -276,9 +276,6 @@ if ( ! class_exists( 'um\core\Shortcodes' ) ) {
extract( $args );
}
// Avoid Directory Traversal vulnerability.
$tpl = trim( $tpl, "./\\" );
$file = um_path . "templates/{$tpl}.php";
$theme_file = get_stylesheet_directory() . "/ultimate-member/templates/{$tpl}.php";
if ( file_exists( $theme_file ) ) {
@@ -286,7 +283,12 @@ if ( ! class_exists( 'um\core\Shortcodes' ) ) {
}
if ( file_exists( $file ) ) {
include $file;
// Avoid Directory Traversal vulnerability by the checking the realpath.
// Templates can be situated only in the get_stylesheet_directory() or plugindir templates.
$real_file = realpath( $file );
if ( 0 === strpos( $real_file, um_path . "templates" . DIRECTORY_SEPARATOR ) || 0 === strpos( $real_file, get_stylesheet_directory() . DIRECTORY_SEPARATOR . 'ultimate-member' . DIRECTORY_SEPARATOR . 'templates' . DIRECTORY_SEPARATOR ) ) {
include $file;
}
}
}