Skip to content

Commit 2496825

Browse files
- fixed vulnerability with uploading cover/profile photo for other user ID;
- re-written member directory meta queries; - fixed search line additional slashes;
1 parent f0e3bc9 commit 2496825

File tree

5 files changed

+309
-489
lines changed

5 files changed

+309
-489
lines changed

Diff for: includes/admin/core/class-admin-settings.php

+1
Original file line numberDiff line numberDiff line change
@@ -120,6 +120,7 @@ function same_page_update_ajax() {
120120

121121
//member directory data
122122
$metakeys[] = 'um_member_directory_data';
123+
$metakeys[] = '_um_verified';
123124

124125
$skip_fields = UM()->builtin()->get_fields_without_metakey();
125126
$skip_fields = array_merge( $skip_fields, UM()->member_directory()->core_search_fields );

Diff for: includes/core/class-files.php

+11
Original file line numberDiff line numberDiff line change
@@ -287,6 +287,12 @@ function ajax_resize_image() {
287287
}
288288

289289
$user_id = empty( $_REQUEST['user_id'] ) ? get_current_user_id() : $_REQUEST['user_id'];
290+
291+
if ( ! UM()->roles()->um_current_user_can( 'edit', $user_id ) ) {
292+
$ret['error'] = esc_js( __( 'You haven\'t ability to edit this user', 'ultimate-member' ) );
293+
wp_send_json_error( $ret );
294+
}
295+
290296
$image_path = um_is_file_owner( $src, $user_id, true );
291297
if ( ! $image_path ) {
292298
wp_send_json_error( esc_js( __( 'Invalid file ownership', 'ultimate-member' ) ) );
@@ -319,6 +325,11 @@ function ajax_image_upload() {
319325
UM()->fields()->set_id = $_POST['set_id'];
320326
UM()->fields()->set_mode = $_POST['set_mode'];
321327

328+
if ( ! UM()->roles()->um_current_user_can( 'edit', $user_id ) ) {
329+
$ret['error'] = __( 'You haven\'t ability to edit this user', 'ultimate-member' );
330+
wp_send_json_error( $ret );
331+
}
332+
322333
/**
323334
* UM hook
324335
*

0 commit comments

Comments
 (0)