* fixed CVE-2024-12276;

* reviewed using $wpdb and WPCS;
* set minimum required version to 6.2 due to using %i for $wpdb->prepare;
This commit is contained in:
Mykyta Synelnikov
2025-02-03 16:17:37 +02:00
parent 26c8aa21e1
commit 4adbe19cbe
19 changed files with 249 additions and 194 deletions
+10 -6
View File
@@ -170,12 +170,16 @@ if ( ! class_exists( 'um\admin\core\Admin_GDPR' ) ) {
function get_metadata( $user_id ) {
global $wpdb;
$metadata = $wpdb->get_results( $wpdb->prepare(
"SELECT meta_key, meta_value
FROM {$wpdb->usermeta}
WHERE user_id = %d",
$user_id
), ARRAY_A );
$metadata = $wpdb->get_results(
$wpdb->prepare(
"SELECT meta_key,
meta_value
FROM {$wpdb->usermeta}
WHERE user_id = %d",
$user_id
),
ARRAY_A
);
$filtered = array();
foreach ( $metadata as $data ) {
+26 -2
View File
@@ -1177,7 +1177,19 @@ if ( ! class_exists( 'um\admin\core\Admin_Metabox' ) ) {
$where = array( 'ID' => $post_id );
// translators: %s: Directory id.
$_POST['post_title'] = sprintf( __( 'Directory #%s', 'ultimate-member' ), $post_id );
$wpdb->update( $wpdb->posts, array( 'post_title' => sanitize_text_field( wp_unslash( $_POST['post_title'] ) ) ), $where );
$wpdb->update(
$wpdb->posts,
array(
'post_title' => sanitize_text_field( wp_unslash( $_POST['post_title'] ) ),
),
$where,
array(
'%s',
),
array(
'%d',
)
);
}
do_action( 'um_before_member_directory_save', $post_id );
@@ -1275,7 +1287,19 @@ if ( ! class_exists( 'um\admin\core\Admin_Metabox' ) ) {
$where = array( 'ID' => $post_id );
// translators: %s: Form id.
$_POST['post_title'] = sprintf( __( 'Form #%s', 'ultimate-member' ), $post_id );
$wpdb->update( $wpdb->posts, array( 'post_title' => sanitize_text_field( wp_unslash( $_POST['post_title'] ) ) ), $where );
$wpdb->update(
$wpdb->posts,
array(
'post_title' => sanitize_text_field( wp_unslash( $_POST['post_title'] ) ),
),
$where,
array(
'%s',
),
array(
'%d',
)
);
}
// save
@@ -55,15 +55,18 @@ if ( ! empty( $um_roles ) ) {
$role_keys[] = $role_key;
}
$all_role_metadata = $wpdb->get_results( $wpdb->prepare(
"SELECT pm.meta_key,
pm.meta_value
FROM {$wpdb->postmeta} pm
WHERE pm.post_id = %d AND
pm.meta_key LIKE %s",
$um_role->ID,
"_um_%"
), ARRAY_A );
$all_role_metadata = $wpdb->get_results(
$wpdb->prepare(
"SELECT pm.meta_key,
pm.meta_value
FROM {$wpdb->postmeta} pm
WHERE pm.post_id = %d AND
pm.meta_key LIKE %s",
$um_role->ID,
"_um_%"
),
ARRAY_A
);
$role_metadata = array();
if ( ! empty( $all_role_metadata ) ) {
@@ -160,4 +163,4 @@ if ( version_compare( $wp_version, '4.9', '<' ) ) {
//temporary option
update_option( 'um_roles_associations', $roles_associations );
update_option( 'um_roles_associations', $roles_associations );
@@ -10,7 +10,8 @@ if ( ! empty( $postmeta ) ) {
update_post_meta( $row['post_id'], '_um_hide_pm_button', $value );
}
$wpdb->delete( "{$wpdb->postmeta}",
$wpdb->delete(
$wpdb->postmeta,
array(
'meta_value' => '_um_show_pm_button',
),
@@ -185,4 +186,4 @@ if ( ! empty( $groups ) && ! is_wp_error( $groups ) ) {
}
}
}
}
}
@@ -1,18 +1,22 @@
<?php if ( ! defined( 'ABSPATH' ) ) exit;
<?php
if ( ! defined( 'ABSPATH' ) ) {
exit;
}
global $wpdb;
$wpdb->update( "{$wpdb->usermeta}",
$wpdb->update(
$wpdb->usermeta,
array(
'meta_value' => serialize( array() ),
'meta_value' => serialize( array() ),
),
array(
'meta_key' => 'um_account_secure_fields',
'meta_key' => 'um_account_secure_fields',
),
array(
'%s'
'%s',
),
array(
'%s'
'%s',
)
);
);
@@ -28,29 +28,35 @@ function um_upgrade_metadata_per_user213beta3() {
global $wpdb;
$min_max = $wpdb->get_row( $wpdb->prepare(
"SELECT MIN(ID) AS MinID, MAX(ID) AS MaxID
FROM (
SELECT u.ID
FROM {$wpdb->users} as u
ORDER BY u.ID
LIMIT %d, %d
) as dt",
( absint( $_POST['page'] ) - 1 ) * $per_page,
$per_page
), ARRAY_A );
$min_max = $wpdb->get_row(
$wpdb->prepare(
"SELECT MIN(ID) AS MinID, MAX(ID) AS MaxID
FROM (
SELECT u.ID
FROM {$wpdb->users} as u
ORDER BY u.ID
LIMIT %d, %d
) as dt",
( absint( $_POST['page'] ) - 1 ) * $per_page,
$per_page
),
ARRAY_A
);
$metadata = $wpdb->get_results( $wpdb->prepare(
"SELECT u.ID as user_id,
um.meta_key as meta_key,
um.meta_value as meta_value
FROM {$wpdb->users} u
LEFT JOIN {$wpdb->usermeta} um ON ( um.user_id = u.ID AND um.meta_key IN( 'account_status','hide_in_members','synced_gravatar_hashed_id','synced_profile_photo','profile_photo','cover_photo','_um_verified' ) )
WHERE u.ID >= %d AND
u.ID <= %d",
$min_max['MinID'],
$min_max['MaxID']
), ARRAY_A );
$metadata = $wpdb->get_results(
$wpdb->prepare(
"SELECT u.ID as user_id,
um.meta_key as meta_key,
um.meta_value as meta_value
FROM {$wpdb->users} u
LEFT JOIN {$wpdb->usermeta} um ON ( um.user_id = u.ID AND um.meta_key IN( 'account_status','hide_in_members','synced_gravatar_hashed_id','synced_profile_photo','profile_photo','cover_photo','_um_verified' ) )
WHERE u.ID >= %d AND
u.ID <= %d",
$min_max['MinID'],
$min_max['MaxID']
),
ARRAY_A
);
$users_map = array();
foreach ( $metadata as $metadatarow ) {
+6 -6
View File
@@ -14,9 +14,9 @@ function um_upgrade_usermeta_count280() {
"SELECT COUNT(*)
FROM {$wpdb->usermeta}
WHERE meta_key = 'use_gdpr_agreement' OR
meta_key = 'um_user_blocked__timestamp' OR
meta_key = '_um_last_login' OR
meta_key = 'submitted'"
meta_key = 'um_user_blocked__timestamp' OR
meta_key = '_um_last_login' OR
meta_key = 'submitted'"
);
wp_send_json_success( array( 'count' => $count ) );
@@ -40,9 +40,9 @@ function um_upgrade_metadata_per_user280() {
"SELECT *
FROM {$wpdb->usermeta}
WHERE meta_key = 'use_gdpr_agreement' OR
meta_key = 'um_user_blocked__timestamp' OR
meta_key = '_um_last_login' OR
meta_key = 'submitted'
meta_key = 'um_user_blocked__timestamp' OR
meta_key = '_um_last_login' OR
meta_key = 'submitted'
LIMIT %d, %d",
( absint( $_POST['page'] ) - 1 ) * $per_page,
$per_page