- fixed vulnerability if wp_capabilities has accent characters;

2026-06-05 15:09:37 +09:00 · 2023-06-29 19:56:54 +03:00
parent f2f5f5818b
commit fae47c6065
1 changed files with 1 additions and 1 deletions
@@ -178,7 +178,7 @@ if ( ! class_exists( 'um\core\User' ) ) {
 		public function is_metakey_banned( $meta_key ) {
 			$is_banned = false;
 			foreach ( $this->banned_keys as $ban ) {
-				if ( is_numeric( $meta_key ) || false !== stripos( $meta_key, $ban ) ) {
+				if ( is_numeric( $meta_key ) || false !== stripos( $meta_key, $ban ) || false !== stripos( remove_accents( $meta_key ), $ban ) ) {
 					$is_banned = true;
 					break;
 				}