mirror of
https://github.com/10h30/ultimatemember.git
synced 2026-07-15 12:43:33 +09:00
* fixed security issue CVE ID: CVE-2025-0308
* fixed security issue CVE ID: CVE-2025-0318
This commit is contained in:
@@ -1727,15 +1727,15 @@ if ( ! class_exists( 'um\core\Member_Directory' ) ) {
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
return $search;
|
||||
// Early escape of the search line. The same as `$wpdb->prepare()`.
|
||||
return esc_sql( $search );
|
||||
}
|
||||
|
||||
/**
|
||||
* Handle general search line request
|
||||
*/
|
||||
public function general_search() {
|
||||
//general search
|
||||
// General search
|
||||
if ( ! empty( $_POST['search'] ) ) {
|
||||
// complex using with change_meta_sql function
|
||||
$search = $this->prepare_search( $_POST['search'] );
|
||||
|
||||
@@ -933,20 +933,19 @@ function um_submit_form_errors_hook_( $submitted_data, $form_data ) {
|
||||
} elseif ( ! UM()->validation()->safe_username( $submitted_data[ $key ] ) ) {
|
||||
UM()->form()->add_error( $key, __( 'Your email contains invalid characters', 'ultimate-member' ) );
|
||||
}
|
||||
break;
|
||||
}
|
||||
|
||||
if ( '' === $submitted_data[ $key ] ) {
|
||||
UM()->form()->add_error( $key, __( 'You must provide your email', 'ultimate-member' ) );
|
||||
} elseif ( ! is_email( $submitted_data[ $key ] ) || email_exists( $submitted_data[ $key ] ) ) {
|
||||
UM()->form()->add_error( $key, __( 'The email you entered is incorrect', 'ultimate-member' ) );
|
||||
} else {
|
||||
|
||||
if ( '' !== $submitted_data[ $key ] && ! is_email( $submitted_data[ $key ] ) ) {
|
||||
UM()->form()->add_error( $key, __( 'The email you entered is incorrect', 'ultimate-member' ) );
|
||||
} elseif ( '' !== $submitted_data[ $key ] && email_exists( $submitted_data[ $key ] ) ) {
|
||||
UM()->form()->add_error( $key, __( 'The email you entered is incorrect', 'ultimate-member' ) );
|
||||
} elseif ( '' !== $submitted_data[ $key ] ) {
|
||||
|
||||
$users = get_users( 'meta_value=' . $submitted_data[ $key ] );
|
||||
|
||||
foreach ( $users as $user ) {
|
||||
if ( $user->ID !== $submitted_data['user_id'] ) {
|
||||
UM()->form()->add_error( $key, __( 'The email you entered is incorrect', 'ultimate-member' ) );
|
||||
}
|
||||
// There we have valid and unique user_email. But need to check in usermeta table for other users.
|
||||
$users = get_users( 'meta_value=' . $submitted_data[ $key ] );
|
||||
foreach ( $users as $user ) {
|
||||
if ( $user->ID !== $submitted_data['user_id'] ) {
|
||||
UM()->form()->add_error( $key, __( 'The email you entered is incorrect', 'ultimate-member' ) );
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user