Refine regex patterns to improve injection protection.

Simplified the regex patterns for detecting and preventing `sleep` and `benchmark` injections. This improves the accuracy and maintainability of the security checks in the member directory code.
This commit is contained in:
Mykyta Synelnikov
2025-03-07 10:51:48 +02:00
parent 7014623010
commit 51dc3b5747
+2 -2
View File
@@ -1710,8 +1710,8 @@ if ( ! class_exists( 'um\core\Member_Directory' ) ) {
$regexp_map = array(
'/select(.*?)from/im',
'/select(.*?)sleep/im',
"/sleep\(\s*[\"'`]?\s*\d+\s*[\"'`]?\s*\)/im", // avoid any sleep injections
"/benchmark\(\s*[\"'`]?\s*\d+\s*[\"'`]?\s*,.*\)/im", // avoid any benchmark injections
"/sleep\([^)]+\)/im", // avoid any sleep injections
"/benchmark\([^)]+\)/im", // avoid any benchmark injections
'/select(.*?)database/im',
'/select(.*?)where/im',
'/update(.*?)set/im',