10h30/ultimatemember
1
0
Fork 0
mirror of https://github.com/10h30/ultimatemember.git synced 2026-06-05 15:09:37 +09:00
Code Issues Packages Projects Releases Wiki Activity

- fixed security vulnerability in member directories queries;

Browse Source
This commit is contained in:
Nikita Sinelnikov
2022-07-07 14:30:10 +03:00
parent 4171c03f71
commit fb6a4f5679
2 changed files with 19 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
includes/core/class-member-directory-meta.php
+10 -1
View File
@@ -446,7 +446,16 @@ if ( ! class_exists( 'um\core\Member_Directory_Meta' ) ) {
$blog_id = get_current_blog_id();
$directory_id = $this->get_directory_by_hash( $_POST['directory_id'] );
if ( empty( $_POST['directory_id'] ) ) {
wp_send_json_error( __( 'Wrong member directory data', 'ultimate-member' ) );
}
$directory_id = $this->get_directory_by_hash( sanitize_key( $_POST['directory_id'] ) );
if ( empty( $directory_id ) ) {
wp_send_json_error( __( 'Wrong member directory data', 'ultimate-member' ) );
}
$directory_data = UM()->query()->post_data( $directory_id );
//predefined result for user without capabilities to see other members
includes/core/class-member-directory.php
+9
View File
@@ -2465,7 +2465,16 @@ if ( ! class_exists( 'um\core\Member_Directory' ) ) {
global $wpdb;
if ( empty( $_POST['directory_id'] ) ) {
wp_send_json_error( __( 'Wrong member directory data', 'ultimate-member' ) );
}
$directory_id = $this->get_directory_by_hash( sanitize_key( $_POST['directory_id'] ) );
if ( empty( $directory_id ) ) {
wp_send_json_error( __( 'Wrong member directory data', 'ultimate-member' ) );
}
$directory_data = UM()->query()->post_data( $directory_id );
//predefined result for user without capabilities to see other members