mirror of
https://github.com/10h30/ultimatemember.git
synced 2026-07-11 10:46:11 +09:00
Update dynamic function blacklist for security enhancement
Added a mechanism to dynamically retrieve and merge updated WordPress function lists into the blacklist to prevent unsafe usage in dropdown options. Addresses a security issue (CVE-2025-47691) by using a JSON-based function source tied to WordPress versioning.
This commit is contained in:
+7
-1
@@ -33,7 +33,13 @@
|
||||
"phpcompatibility/phpcompatibility-wp": "*",
|
||||
"wp-coding-standards/wpcs": "2.3.0",
|
||||
"squizlabs/php_codesniffer": "3.*",
|
||||
"phpdocumentor/phpdocumentor": "3.1.*"
|
||||
"phpdocumentor/phpdocumentor": "3.1.*",
|
||||
"sniccowp/php-scoper-wordpress-excludes": "6.8.*"
|
||||
},
|
||||
"scripts": {
|
||||
"wordpress-excludes": [
|
||||
"@php -r \"$dest = 'includes/lib/php-scoper-wordpress-excludes/'; if (!is_dir($dest)) { mkdir($dest, 0755, true); }; copy('vendor/sniccowp/php-scoper-wordpress-excludes/generated/exclude-wordpress-functions.json', $dest . 'exclude-wordpress-functions.json');\""
|
||||
]
|
||||
},
|
||||
"extra": {
|
||||
"installer-paths": {
|
||||
|
||||
Reference in New Issue
Block a user