10h30/ultimatemember
1
0
Fork 0
mirror of https://github.com/10h30/ultimatemember.git synced 2026-06-05 15:09:37 +09:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1616 from ultimatemember/fix/md_security

Browse Source 
Fixes security vulnerabilities
This commit is contained in:
Mykyta Synelnikov
2025-01-14 11:55:43 +02:00
committed by GitHub
parent 5cefd5ba3a 5ebefde6b8
commit fa0cfa84c2
2 changed files with 22 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files
includes/core/class-member-directory.php
+10 -4
View File
@@ -1716,6 +1716,9 @@ if ( ! class_exists( 'um\core\Member_Directory' ) ) {
// Make the search line empty if it contains the mySQL query statements.
$regexp_map = array(
'/select(.*?)from/im',
'/select(.*?)sleep/im',
'/select(.*?)database/im',
'/select(.*?)where/im',
'/update(.*?)set/im',
'/delete(.*?)from/im',
);
@@ -1727,15 +1730,15 @@ if ( ! class_exists( 'um\core\Member_Directory' ) ) {
break;
}
}
return $search;
// Early escape of the search line. The same as `$wpdb->prepare()`.
return esc_sql( $search );
}
/**
* Handle general search line request
*/
public function general_search() {
//general search
// General search
if ( ! empty( $_POST['search'] ) ) {
// complex using with change_meta_sql function
$search = $this->prepare_search( $_POST['search'] );
@@ -1873,8 +1876,11 @@ if ( ! class_exists( 'um\core\Member_Directory' ) ) {
$search_where = preg_replace( '/ AND \((.*?)\)/im', "$1 OR", $search_where );
// str_replace( '/', '\/', wp_slash( $search ) ) means that we add backslashes to special symbols + add backslash to slash(/) symbol for proper regular pattern.
$pattern = $wpdb->prepare( $meta_join_for_search . '.meta_value = %s', $search );
$pattern = '/(' . str_replace( '/', '\/', wp_slash( $pattern ) ) . ')/im';
$sql['where'] = preg_replace(
'/(' . $meta_join_for_search . '.meta_value = \'' . str_replace( '/', '\/', wp_slash( $search ) ) . '\')/im',
$pattern,
trim( $search_where ) . " $1",
$sql['where'],
1
includes/core/um-actions-form.php
+12 -13
View File
@@ -933,20 +933,19 @@ function um_submit_form_errors_hook_( $submitted_data, $form_data ) {
} elseif ( ! UM()->validation()->safe_username( $submitted_data[ $key ] ) ) {
UM()->form()->add_error( $key, __( 'Your email contains invalid characters', 'ultimate-member' ) );
}
break;
}
if ( '' === $submitted_data[ $key ] ) {
UM()->form()->add_error( $key, __( 'You must provide your email', 'ultimate-member' ) );
} elseif ( ! is_email( $submitted_data[ $key ] ) || email_exists( $submitted_data[ $key ] ) ) {
UM()->form()->add_error( $key, __( 'The email you entered is incorrect', 'ultimate-member' ) );
} else {
if ( '' !== $submitted_data[ $key ] && ! is_email( $submitted_data[ $key ] ) ) {
UM()->form()->add_error( $key, __( 'The email you entered is incorrect', 'ultimate-member' ) );
} elseif ( '' !== $submitted_data[ $key ] && email_exists( $submitted_data[ $key ] ) ) {
UM()->form()->add_error( $key, __( 'The email you entered is incorrect', 'ultimate-member' ) );
} elseif ( '' !== $submitted_data[ $key ] ) {
$users = get_users( 'meta_value=' . $submitted_data[ $key ] );
foreach ( $users as $user ) {
if ( $user->ID !== $submitted_data['user_id'] ) {
UM()->form()->add_error( $key, __( 'The email you entered is incorrect', 'ultimate-member' ) );
}
// There we have valid and unique user_email. But need to check in usermeta table for other users.
$users = get_users( 'meta_value=' . $submitted_data[ $key ] );
foreach ( $users as $user ) {
if ( $user->ID !== $submitted_data['user_id'] ) {
UM()->form()->add_error( $key, __( 'The email you entered is incorrect', 'ultimate-member' ) );
}
}
}