- fixed vulnerabilities reported by Sucuri;

includes/core/class-validation.php

@@ -20,6 +20,29 @@ if ( ! class_exists( 'um\core\Validation' ) ) {
 		function __construct() {
 			$this->regex_safe = '/\A[\w\-\.]+\z/';
 			$this->regex_phone_number = '/\A[\d\-\.\+\(\)\ ]+\z/';
+
+
+			add_filter( 'um_user_pre_updating_files_array', array( $this, 'validate_files' ) );
+		}
+
+
+		/**
+		 * Validate files before upload
+		 *
+		 * @param $files
+		 *
+		 * @return mixed
+		 */
+		function validate_files( $files ) {
+			if ( ! empty( $files ) ) {
+				foreach ( $files as $key => $filename ) {
+					if ( validate_file( $filename ) !== 0 ) {
+						unset( $files[ $key ] );
+					}
+				}
+			}
+
+			return $files;
 		}
 
 

includes/core/um-actions-profile.php

@@ -179,14 +179,17 @@ function um_user_edit_profile( $args ) {
 	$to_update = null;
 	$files = array();
 
+	$user_id = null;
 	if ( isset( $args['user_id'] ) ) {
-		if ( UM()->roles()->um_current_user_can( 'edit', $args['user_id'] ) ) {
-			UM()->user()->set( $args['user_id'] );
-		} else {
-			wp_die( __( 'You are not allowed to edit this user.', 'ultimate-member' ) );
-		}
+		$user_id = $args['user_id'];
 	} elseif ( isset( $args['_user_id'] ) ) {
-		UM()->user()->set( $args['_user_id'] );
+		$user_id = $args['_user_id'];
+	}
+
+	if ( UM()->roles()->um_current_user_can( 'edit', $user_id ) ) {
+		UM()->user()->set( $user_id );
+	} else {
+		wp_die( __( 'You are not allowed to edit this user.', 'ultimate-member' ) );
 	}
 
 	$userinfo = UM()->user()->profile;

includes/um-short-functions.php

@@ -727,7 +727,7 @@ function um_user_submitted_registration( $style = false ) {
 				}
 
 				if ( ! empty( $filedata['original_name'] ) ) {
-					$v = '<a href="' . esc_attr( $baseurl . um_user( 'ID' ) . '/' . $file ) . '">' . $filedata['original_name'] . '</a>';
+					$v = '<a href="' . esc_attr( $baseurl . um_user( 'ID' ) . '/' . $file ) . '">' . esc_html( $filedata['original_name'] ) . '</a>';
 				} else {
 					$v = $baseurl . um_user( 'ID' ) . '/' . $file;
 				}

readme.txt

@@ -133,12 +133,18 @@ The plugin works with popular caching plugins by automatically excluding Ultimat
 
 = Important: UM2.0+ is a significant update to the code base from 1.3.88. Please make sure you take a full-site backup with restore point before updating the plugin =
 
+= 2.0.45: May 08, 2019 =
+
+* Bugfixes:
+  - Security vulnerabilities on Profile/Registration submit
+
 = 2.0.44: May 08, 2019 =
 
 * Enhancements:
   - Added automatically template saver when you upgrade your theme
   - Added default value for Date and Time user profile fields
   - Updated Scroll library
+  - Added REST API v2 class with new query vars. There is an ability to select v1 or v2 for use. For old users v1 is default, for new users v2
 
 * Bugfixes:
   - Added nocache headers to reset password form

ultimate-member.php

@@ -3,7 +3,7 @@
 Plugin Name: Ultimate Member
 Plugin URI: http://ultimatemember.com/
 Description: The easiest way to create powerful online communities and beautiful user profiles with WordPress
-Version: 2.0.44
+Version: 2.0.45
 Author: Ultimate Member
 Author URI: http://ultimatemember.com/
 Text Domain: ultimate-member