mirror of
https://github.com/10h30/ultimatemember.git
synced 2026-07-11 18:56:10 +09:00
Merge pull request #1771 from ultimatemember/fix/CVE-2025-14081
Fix: CVE-2025-14081 and update field filtering logic.
This commit is contained in:
+1
-1
@@ -2,7 +2,7 @@
|
|||||||
|
|
||||||
= 2.11.1 December xx, 2025 =
|
= 2.11.1 December xx, 2025 =
|
||||||
|
|
||||||
|
Fixed: CVE-2025-14081
|
||||||
|
|
||||||
= 2.11.0 December 02, 2025 =
|
= 2.11.0 December 02, 2025 =
|
||||||
|
|
||||||
|
|||||||
@@ -473,23 +473,27 @@ if ( ! class_exists( 'um\core\Account' ) ) {
|
|||||||
return $url;
|
return $url;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @param $fields
|
* @param $fields
|
||||||
* @param $shortcode_args
|
* @param $shortcode_args
|
||||||
* @return mixed
|
* @return mixed
|
||||||
*/
|
*/
|
||||||
function filter_fields_by_attrs( $fields, $shortcode_args ) {
|
private function filter_fields_by_attrs( $fields, $shortcode_args ) {
|
||||||
foreach ( $fields as $k => $field ) {
|
foreach ( $fields as $k => $field ) {
|
||||||
if ( isset( $shortcode_args[ $field['metakey'] ] ) && 0 == $shortcode_args[ $field['metakey'] ] ) {
|
if ( isset( $shortcode_args[ $field['metakey'] ] ) && 0 == $shortcode_args[ $field['metakey'] ] ) {
|
||||||
unset( $fields[ $k ] );
|
unset( $fields[ $k ] );
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
|
||||||
|
// required user permission 'required_perm' - it's field attribute predefined in the field data in code.
|
||||||
|
if ( isset( $data['required_perm'] ) && ! UM()->roles()->um_user_can( $data['required_perm'] ) ) {
|
||||||
|
unset( $fields[ $k ] );
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
return $fields;
|
return $fields;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Init displayed fields for security check
|
* Init displayed fields for security check
|
||||||
*
|
*
|
||||||
|
|||||||
@@ -171,6 +171,7 @@ IMPORTANT: PLEASE UPDATE THE PLUGIN TO AT LEAST VERSION 2.6.7 IMMEDIATELY. VERSI
|
|||||||
|
|
||||||
**Bugfixes**
|
**Bugfixes**
|
||||||
|
|
||||||
|
* Fixed: CVE-2025-14081.
|
||||||
* Fixed: CVE-2025-12492.
|
* Fixed: CVE-2025-12492.
|
||||||
|
|
||||||
= 2.11.0 2025-12-02 =
|
= 2.11.0 2025-12-02 =
|
||||||
|
|||||||
Reference in New Issue
Block a user