Skip to content

Extra sanitization and escaping during remove file field value - FIXED/SECURITY #850

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
kprajapatii merged 2 commits into from
Sep 5, 2025
Merged

Extra sanitization and escaping during remove file field value - FIXED/SECURITY #850

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
5893c8c
Merge pull request #57 from AyeCode/master
kprajapatii Sep 5, 2025
9d7c694
Extra sanitization and escaping during remove file field value - FIXE…
kprajapatii Sep 5, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
286 changes: 149 additions & 137 deletions includes/class-meta.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,102 +9,111 @@
*/
class UsersWP_Meta {

/**
* Gets UsersWP user meta value using key.
*
* @since 1.0.0
* @package userswp
*
* @param int|bool $user_id User ID.
* @param string $key User meta Key.
* @param bool|string $default Default value.
*
* @return string User meta Value.
*/
public function get_usermeta( $user_id = false, $key = '', $default = false ) {
if (!$user_id) {
return $default;
}
/**
* Gets UsersWP user meta value using key.
*
* @since 1.0.0
* @package userswp
*
* @param int|bool $user_id User ID.
* @param string $key User meta Key.
* @param bool|string $default Default value.
*
* @return string User meta Value.
*/
public function get_usermeta( $user_id = false, $key = '', $default = false ) {
global $wpdb;

if(!$key){
return $default;
}
if ( ! $user_id ) {
return $default;
}

global $wpdb;
$meta_table = get_usermeta_table_prefix() . 'uwp_usermeta';
if ( ! $key ) {
return $default;
}

if (uwp_str_ends_with($key, '_privacy')) {
if (uwp_str_ends_with($key, '_tab_privacy')) {
$obj_key = $user_id.'_tabs_privacy';
$row = wp_cache_get( $obj_key, 'uwp_usermeta_tabs_privacy' );
if ( ! $row ) {
$row = $wpdb->get_row($wpdb->prepare("SELECT tabs_privacy FROM {$meta_table} WHERE user_id = %d", $user_id), ARRAY_A);
wp_cache_set( $obj_key, $row, 'uwp_usermeta_tabs_privacy' );
}

$value = false;
if (!empty($row)) {
$public_fields = isset($row['tabs_privacy']) ? maybe_unserialize($row['tabs_privacy']) : $default;
$public_fields_keys = is_array($public_fields) ? array_keys($public_fields) : $public_fields;
if (is_array($public_fields) && in_array($key, $public_fields_keys)) {
$value = $public_fields[$key];
}
}
} else {
$obj_key = $user_id.'_user_privacy';
$row = wp_cache_get( $obj_key, 'uwp_usermeta_user_privacy' );
if ( ! $row ) {
$row = $wpdb->get_row($wpdb->prepare("SELECT user_privacy FROM {$meta_table} WHERE user_id = %d", $user_id), ARRAY_A);
wp_cache_set( $obj_key, $row, 'uwp_usermeta_user_privacy' );
}

$value = 'yes';
if (!empty($row)) {
$output = isset($row['user_privacy']) ? $row['user_privacy'] : $default;
$public_fields = explode(',', $output);
if (in_array($key, $public_fields)) {
$value = 'no';
}
}
}
} else {
$value = null;
$user_data = get_userdata($user_id);

if (!$user_data) {
return $value;
}

switch ($key){
case 'email': $value = $user_data->user_email; break;
case 'username': $value = $user_data->user_login; break;
case 'user_nicename': $value = $user_data->user_nicename; break;
case 'bio': $value = $user_data->description; break;
case 'uwp_language': $value = $user_data->locale; break;
default :
$meta_table = get_usermeta_table_prefix() . 'uwp_usermeta';

if ( uwp_str_ends_with( $key, '_privacy' ) ) {
if ( uwp_str_ends_with( $key, '_tab_privacy' ) ) {
$obj_key = $user_id.'_tabs_privacy';
$row = wp_cache_get( $obj_key, 'uwp_usermeta_tabs_privacy' );

if ( ! $row ) {
$row = $wpdb->get_row( $wpdb->prepare( "SELECT tabs_privacy FROM `{$meta_table}` WHERE user_id = %d", $user_id ), ARRAY_A );
wp_cache_set( $obj_key, $row, 'uwp_usermeta_tabs_privacy' );
}

$value = false;

if ( ! empty( $row ) ) {
$public_fields = isset( $row['tabs_privacy'] ) ? maybe_unserialize( $row['tabs_privacy'] ) : $default;
$public_fields_keys = is_array( $public_fields ) ? array_keys( $public_fields ) : $public_fields;

if ( is_array( $public_fields ) && in_array( $key, $public_fields_keys ) ) {
$value = $public_fields[ $key ];
}
}
} else {
$obj_key = $user_id.'_user_privacy';
$row = wp_cache_get( $obj_key, 'uwp_usermeta_user_privacy' );

if ( ! $row ) {
$row = $wpdb->get_row( $wpdb->prepare("SELECT user_privacy FROM `{$meta_table}` WHERE user_id = %d", $user_id ), ARRAY_A );
wp_cache_set( $obj_key, $row, 'uwp_usermeta_user_privacy' );
}

$value = 'yes';

if ( ! empty( $row ) ) {
$output = isset( $row['user_privacy'] ) ? $row['user_privacy'] : $default;
$public_fields = explode( ',', $output );

if ( in_array( $key, $public_fields ) ) {
$value = 'no';
}
}
}
} else {
$value = null;
$user_data = get_userdata( $user_id );

if ( ! $user_data ) {
return $value;
}

switch ( $key ) {
case 'email': $value = $user_data->user_email; break;
case 'username': $value = $user_data->user_login; break;
case 'user_nicename': $value = $user_data->user_nicename; break;
case 'bio': $value = $user_data->description; break;
case 'uwp_language': $value = $user_data->locale; break;
default :
$obj_key = $user_id.'_'.$key;
$row = wp_cache_get( $obj_key, 'uwp_usermeta' );
if ( ! $row ) {
if(uwp_column_exist($meta_table, $key)){
$row = $wpdb->get_row($wpdb->prepare("SELECT {$key} FROM {$meta_table} WHERE user_id = %d", $user_id), ARRAY_A);
wp_cache_set( $obj_key, $row, 'uwp_usermeta' );
}
}

if (!empty($row)) {
$value = isset($row[$key]) ? $row[$key] : $default;
} else {
$value = $default;
}
break;
}
}
$row = wp_cache_get( $obj_key, 'uwp_usermeta' );

if ( ! $row ) {
if ( in_array( $key, array( 'user_id', 'user_ip', 'user_privacy', 'tabs_privacy', 'username', 'email', 'first_name', 'last_name', 'avatar_thumb', 'banner_thumb', 'display_name', 'user_url', 'bio' ) ) || uwp_column_exist( $meta_table, $key ) ) {
$row = $wpdb->get_row( $wpdb->prepare( "SELECT `{$key}` FROM `{$meta_table}` WHERE user_id = %d", $user_id ), ARRAY_A );
wp_cache_set( $obj_key, $row, 'uwp_usermeta' );
}
}

if ( ! empty( $row ) ) {
$value = isset( $row[ $key ] ) ? $row[ $key ] : $default;
} else {
$value = $default;
}
break;
}
}

$value = uwp_maybe_unserialize($key, $value);
$value = wp_unslash($value);
$value = apply_filters( 'uwp_get_usermeta', $value, $user_id, $key, $default );
return apply_filters( 'uwp_get_usermeta_' . $key, $value, $user_id, $key, $default );
}
$value = uwp_maybe_unserialize($key, $value);
$value = wp_unslash($value);
$value = apply_filters( 'uwp_get_usermeta', $value, $user_id, $key, $default );

return apply_filters( 'uwp_get_usermeta_' . $key, $value, $user_id, $key, $default );
}

/**
* Updates UsersWP user meta value using key.
Expand All @@ -118,64 +127,67 @@ public function get_usermeta( $user_id = false, $key = '', $default = false ) {
*
* @return bool Update success or not?.
*/
public function update_usermeta( $user_id, $key, $value ) {
public function update_usermeta( $user_id, $key, $value ) {
global $wpdb;

if (!$user_id || !$key ) {
return false;
}

global $wpdb;
$meta_table = get_usermeta_table_prefix() . 'uwp_usermeta';
$cache_group = 'uwp_usermeta';
$obj_key = $user_id . '_' . $key;
if ( ! $user_id || ! $key ) {
return false;
}

if (uwp_str_ends_with($key, '_privacy')) {
if ( 'tabs_privacy' == $key ) {
$obj_key = $user_id . '_tabs_privacy';
$cache_group = 'uwp_usermeta_tab_privacy';
} elseif('user_privacy' == $key) {
$obj_key = $user_id . '_user_privacy';
$cache_group = 'uwp_usermeta_user_privacy';
}
}
$meta_table = get_usermeta_table_prefix() . 'uwp_usermeta';
$cache_group = 'uwp_usermeta';
$obj_key = $user_id . '_' . $key;

$user_meta_info = $wpdb->get_col( $wpdb->prepare( "SELECT $key FROM $meta_table WHERE user_id = %d", $user_id ) );
if ( ! in_array( $key, array( 'user_id', 'user_ip', 'user_privacy', 'tabs_privacy', 'username', 'email', 'first_name', 'last_name', 'avatar_thumb', 'banner_thumb', 'display_name', 'user_url', 'bio' ) ) && ! uwp_column_exist( $meta_table, $key ) ) {
return false;
}

$value = apply_filters( 'uwp_update_usermeta', $value, $user_id, $key, $user_meta_info );
$value = apply_filters( 'uwp_update_usermeta_' . $key, $value, $user_id, $key, $user_meta_info );
if ( uwp_str_ends_with( $key, '_privacy' ) ) {
if ( 'tabs_privacy' == $key ) {
$obj_key = $user_id . '_tabs_privacy';
$cache_group = 'uwp_usermeta_tab_privacy';
} elseif('user_privacy' == $key) {
$obj_key = $user_id . '_user_privacy';
$cache_group = 'uwp_usermeta_user_privacy';
}
}

do_action( 'uwp_before_update_usermeta', $user_id, $key, $value, $user_meta_info );
$user_meta_info = $wpdb->get_col( $wpdb->prepare( "SELECT `{$key}` FROM `{$meta_table}` WHERE user_id = %d", $user_id ) );

$value = uwp_maybe_serialize($key, $value);
$value = apply_filters( 'uwp_update_usermeta', $value, $user_id, $key, $user_meta_info );
$value = apply_filters( 'uwp_update_usermeta_' . $key, $value, $user_id, $key, $user_meta_info );

if (!empty($user_meta_info)) {
$result = $wpdb->update(
$meta_table,
array($key => $value),
array('user_id' => $user_id),
array('%s'),
array('%d')
);
do_action( 'uwp_before_update_usermeta', $user_id, $key, $value, $user_meta_info );

if ( ! $result ) {
return false;
}
$value = uwp_maybe_serialize( $key, $value );

} else {
$result = $wpdb->insert(
$meta_table,
array('user_id' => $user_id, $key => $value)
);
if ( ! empty( $user_meta_info ) ) {
$result = $wpdb->update(
$meta_table,
array( $key => $value ),
array( 'user_id' => $user_id ),
array('%s'),
array('%d')
);

if ( ! $result ) {
return false;
}
}
if ( ! $result ) {
return false;
}
} else {
$result = $wpdb->insert(
$meta_table,
array( 'user_id' => $user_id, $key => $value )
);

if ( ! $result ) {
return false;
}
}

wp_cache_delete( $obj_key, $cache_group );
wp_cache_delete( $obj_key, $cache_group );

return true;
}
return true;
}

/**
* Gets UsersWP user meta row using user ID.
Expand Down
5 changes: 4 additions & 1 deletion readme.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -150,7 +150,10 @@ Yes, you can customize it with Elementor, but also with Gutenberg, Divi, Beaver

== Changelog ==

= 1.2.44 - 2025-06-28 =
= 1.2.45 - 2025-09-TBD =
* Extra sanitization and escaping during remove file field value - FIXED/SECURITY

= 1.2.44 - 2025-08-28 =
* Merge AUI 0.2.41 & SD 1.2.26 - CHANGED

= 1.2.43 - 2025-08-25 =
Expand Down