From a40b1c57e14d5d5d425caab7181c529c7a7bfa6f Mon Sep 17 00:00:00 2001 From: nikitozzzzzzz Date: Sun, 7 Jan 2018 14:15:18 +0800 Subject: [PATCH] - fixed access redirect with "redirect_to" attribute; - fixed vulnerability with dynamic_css function and $mode variable; --- includes/core/class-access.php | 18 ++++++------------ includes/core/class-shortcodes.php | 20 +++++++++++++------- 2 files changed, 19 insertions(+), 19 deletions(-) diff --git a/includes/core/class-access.php b/includes/core/class-access.php index 6c8182d5..6b6b8e33 100644 --- a/includes/core/class-access.php +++ b/includes/core/class-access.php @@ -54,9 +54,6 @@ if ( ! class_exists( 'Access' ) ) { //check the site's accessible more priority have Individual Post/Term Restriction settings add_action( 'template_redirect', array( &$this, 'template_redirect' ), 1000 ); - //add_action( 'um_access_global_settings', array( &$this, 'um_access_global_settings' ) ); - //add_action( 'um_access_home_page', array( &$this, 'um_access_home_page' ) ); - //add_action( 'um_access_taxonomy_settings', array( &$this, 'um_access_taxonomy_settings' ) ); add_action( 'um_access_check_individual_term_settings', array( &$this, 'um_access_check_individual_term_settings' ) ); add_action( 'um_access_check_global_settings', array( &$this, 'um_access_check_global_settings' ) ); } @@ -182,6 +179,8 @@ if ( ! class_exists( 'Access' ) ) { function um_access_check_global_settings() { global $post; + $curr = UM()->permalinks()->get_current_url(); + if ( is_front_page() ) { if ( is_user_logged_in() ) { @@ -191,7 +190,7 @@ if ( ! class_exists( 'Access' ) ) { return; $redirect_to = ! empty( $role_meta['redirect_homepage'] ) ? $role_meta['redirect_homepage'] : um_get_core_page( 'user' ); - $this->redirect_handler = $this->set_referer( $redirect_to, "custom_homepage" ); + $this->redirect_handler = $this->set_referer( esc_url( add_query_arg( 'redirect_to', urlencode_deep( $curr ), $redirect_to ) ), "custom_homepage" ); } else { $access = UM()->options()->get( 'accessible' ); @@ -206,7 +205,7 @@ if ( ! class_exists( 'Access' ) ) { if ( ! $redirect ) $redirect = um_get_core_page( 'login' ); - $this->redirect_handler = $this->set_referer( $redirect, 'global' ); + $this->redirect_handler = $this->set_referer( esc_url( add_query_arg( 'redirect_to', urlencode_deep( $curr ), $redirect ) ), 'global' ); } else { $this->allow_access = true; return; @@ -227,7 +226,7 @@ if ( ! class_exists( 'Access' ) ) { if ( ! $redirect ) $redirect = um_get_core_page( 'login' ); - $this->redirect_handler = $this->set_referer( $redirect, 'global' ); + $this->redirect_handler = $this->set_referer( esc_url( add_query_arg( 'redirect_to', urlencode_deep( $curr ), $redirect ) ), 'global' ); } else { $this->allow_access = true; return; @@ -263,7 +262,7 @@ if ( ! class_exists( 'Access' ) ) { if ( ! $redirect ) $redirect = um_get_core_page( 'login' ); - $this->redirect_handler = $this->set_referer( $redirect, 'global' ); + $this->redirect_handler = $this->set_referer( esc_url( add_query_arg( 'redirect_to', urlencode_deep( $curr ), $redirect ) ), 'global' ); } else { $this->redirect_handler = false; $this->allow_access = true; @@ -307,11 +306,6 @@ if ( ! class_exists( 'Access' ) ) { //check global restrict content options do_action( 'um_access_check_global_settings' ); - /*var_dump($this->allow_access); - var_dump($this->redirect_handler); - var_dump('12345678'); - exit;*/ - $this->check_access(); } diff --git a/includes/core/class-shortcodes.php b/includes/core/class-shortcodes.php index 553b98ac..7550907b 100644 --- a/includes/core/class-shortcodes.php +++ b/includes/core/class-shortcodes.php @@ -351,13 +351,14 @@ if ( ! class_exists( 'Shortcodes' ) ) { } - /** - * Load dynamic css - * - * @param array $args - */ + /** + * Load dynamic css + * + * @param array $args + * + * @return string + */ function dynamic_css( $args = array() ) { - /* * for fix the issue #306 */ @@ -365,16 +366,21 @@ if ( ! class_exists( 'Shortcodes' ) ) { if ( $disable_css ) return ''; + /** + * @var $mode + */ extract( $args ); include_once um_path . 'assets/dynamic_css/dynamic_global.php'; - if ( isset( $mode ) ) { + if ( isset( $mode ) && in_array( $mode, array( 'profile', 'directory' ) ) ) { $file = um_path . 'assets/dynamic_css/dynamic_' . $mode . '.php'; if ( file_exists( $file ) ) include_once $file; } + + return ''; }