- fixed access redirect with "redirect_to" attribute;

- fixed vulnerability with dynamic_css function and $mode variable;
This commit is contained in:
nikitozzzzzzz
2018-01-07 14:15:18 +08:00
parent 955eef5e53
commit a40b1c57e1
2 changed files with 19 additions and 19 deletions
+13 -7
View File
@@ -351,13 +351,14 @@ if ( ! class_exists( 'Shortcodes' ) ) {
}
/**
* Load dynamic css
*
* @param array $args
*/
/**
* Load dynamic css
*
* @param array $args
*
* @return string
*/
function dynamic_css( $args = array() ) {
/*
* for fix the issue #306
*/
@@ -365,16 +366,21 @@ if ( ! class_exists( 'Shortcodes' ) ) {
if ( $disable_css )
return '';
/**
* @var $mode
*/
extract( $args );
include_once um_path . 'assets/dynamic_css/dynamic_global.php';
if ( isset( $mode ) ) {
if ( isset( $mode ) && in_array( $mode, array( 'profile', 'directory' ) ) ) {
$file = um_path . 'assets/dynamic_css/dynamic_' . $mode . '.php';
if ( file_exists( $file ) )
include_once $file;
}
return '';
}