- fixed security issues

This commit is contained in:
nikitasinelnikov
2020-10-26 17:21:42 +02:00
parent 255acd7c0a
commit 083a98a50b
3 changed files with 23 additions and 4 deletions
+9 -3
View File
@@ -26,13 +26,15 @@ if ( ! class_exists( 'um\core\User' ) ) {
$this->profile = null;
$this->cannot_edit = null;
global $wpdb;
$this->banned_keys = array(
'metabox','postbox','meta-box',
'dismissed_wp_pointers', 'session_tokens',
'screen_layout', 'wp_user-', 'dismissed',
'cap_key', 'wp_capabilities',
'managenav', 'nav_menu','user_activation_key',
'level_', 'wp_user_level'
'cap_key', $wpdb->get_blog_prefix(). 'capabilities',
'managenav', 'nav_menu', 'user_activation_key',
'level_', $wpdb->get_blog_prefix() . 'user_level'
);
add_action( 'init', array( &$this, 'set' ), 1 );
@@ -1835,6 +1837,10 @@ if ( ! class_exists( 'um\core\User' ) ) {
$changes = apply_filters( 'um_before_update_profile', $changes, $args['ID'] );
foreach ( $changes as $key => $value ) {
if ( in_array( $key, $this->banned_keys ) ) {
continue;
}
if ( ! in_array( $key, $this->update_user_keys ) ) {
if ( $value === 0 ) {
update_user_meta( $this->id, $key, '0' );
+10 -1
View File
@@ -262,6 +262,11 @@ function um_user_edit_profile( $args ) {
continue;
}
// skip saving role here
if ( in_array( $key, [ 'role', 'role_select', 'role_radio' ] ) ) {
continue;
}
//the same code in class-validation.php validate_fields_values for registration form
//rating field validation
if ( $array['type'] == 'rating' && isset( $args['submitted'][ $key ] ) ) {
@@ -371,7 +376,7 @@ function um_user_edit_profile( $args ) {
// Secure selected role
if ( is_admin() ) {
if ( ! empty( $args['submitted']['role'] ) ) {
if ( ! empty( $args['submitted']['role'] ) && current_user_can( 'promote_users' ) ) {
global $wp_roles;
$role_keys = array_map( function( $item ) {
return 'um_' . $item;
@@ -1470,6 +1475,10 @@ function um_submit_form_profile( $args ) {
UM()->fields()->set_mode = 'profile';
UM()->fields()->editing = true;
if ( ! empty( $args['submitted'] ) ) {
$args['submitted'] = array_diff_key( $args['submitted'], array_flip( UM()->user()->banned_keys ) );
}
/**
* UM hook
*
+4
View File
@@ -381,6 +381,10 @@ function um_submit_form_register( $args ) {
'user_email' => trim( $user_email ),
);
if ( ! empty( $args['submitted'] ) ) {
$args['submitted'] = array_diff_key( $args['submitted'], array_flip( UM()->user()->banned_keys ) );
}
$args['submitted'] = array_merge( $args['submitted'], $credentials );
$args = array_merge( $args, $credentials );