From b5738b68a4ddbdf9f84fde3ce294a5a0eb2b13ea Mon Sep 17 00:00:00 2001 From: Melvin Lammerts Date: Tue, 26 Jan 2016 19:55:11 +0100 Subject: [PATCH] make sure the hash parameter is a string This prevents an error (leaking path information on poorly configured servers) if a user supplies an array as `hash` parameter. ``` test.org/?act=activate_via_email&hash[]=hash&user_id=1 Warning: strlen() expects parameter 1 to be string, array given in /var/www/wp-content/plugins/ultimate-member/core/um-permalinks.php on line 75 ``` --- core/um-permalinks.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/core/um-permalinks.php b/core/um-permalinks.php index 45d7daa0..f78a22d3 100644 --- a/core/um-permalinks.php +++ b/core/um-permalinks.php @@ -104,7 +104,7 @@ class UM_Permalinks { function activate_account_via_email_link(){ global $ultimatemember; - if ( isset($_REQUEST['act']) && $_REQUEST['act'] == 'activate_via_email' && isset($_REQUEST['hash']) && strlen($_REQUEST['hash']) == 40 && + if ( isset($_REQUEST['act']) && $_REQUEST['act'] == 'activate_via_email' && isset($_REQUEST['hash']) && is_string($_REQUEST['hash']) && strlen($_REQUEST['hash']) == 40 && isset($_REQUEST['user_id']) && is_numeric($_REQUEST['user_id']) ) { // valid token $user_id = absint( $_REQUEST['user_id'] );