From 79bafe1f0efe84b70c7168f2fc9660ce7c12f5a9 Mon Sep 17 00:00:00 2001 From: Mykyta Synelnikov Date: Tue, 18 Jul 2023 16:21:27 +0300 Subject: [PATCH] - reviewed https://github.com/ultimatemember/ultimatemember/commit/446250a50a319e51178a5bf43bc80b6d72b1669b; --- includes/frontend/class-secure.php | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/includes/frontend/class-secure.php b/includes/frontend/class-secure.php index fc5efe32..1ad37223 100644 --- a/includes/frontend/class-secure.php +++ b/includes/frontend/class-secure.php @@ -224,6 +224,20 @@ if ( ! class_exists( 'um\frontend\Secure' ) ) { } } + if ( ! $has_admin_cap ) { + /** + * Validate submitted raw data for banned metakeys. + */ + if ( ! empty( UM()->form()->post_form['submitted'] ) && is_array( UM()->form()->post_form['submitted'] ) ) { + foreach ( array_keys( UM()->form()->post_form['submitted'] ) as $submitted_metakey ) { + if ( UM()->user()->is_metakey_banned( $submitted_metakey ) ) { + $has_admin_cap = true; + break; + } + } + } + } + if ( $has_admin_cap ) { UM()->common()->secure()->revoke_caps( $user ); /**