Created
November 20, 2024 05:53
-
-
Save kharissulistiyo/52f0a611237395006e6000778d9dac46 to your computer and use it in GitHub Desktop.
Patch code sample: Broken Access Control vulnerability
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| public function get_content_editor() { | |
| if (current_user_can('edit_posts')) { | |
| $content_key = $this->request['key']; | |
| $content_type = $this->request['type']; | |
| $builder_post_title = 'dynamic-content-' . $content_type . '-' . $content_key; | |
| $builder_post_id = Utils::get_page_by_title( $builder_post_title, 'elementskit_content' ); | |
| if ( is_null( $builder_post_id ) ) { | |
| $defaults = array( | |
| 'post_content' => '', | |
| 'post_title' => $builder_post_title, | |
| 'post_status' => 'publish', | |
| 'post_type' => 'elementskit_content', | |
| ); | |
| $builder_post_id = wp_insert_post( $defaults ); | |
| update_post_meta( $builder_post_id, '_wp_page_template', 'elementor_canvas' ); | |
| } else { | |
| $builder_post_id = $builder_post_id->ID; | |
| } | |
| } else { | |
| wp_die( esc_html__( 'You are not allowed to access this page.', 'elementskit-lite' ) ); | |
| } | |
| // if wpml is active and wpml not set for this post | |
| if ( defined( 'ICL_SITEPRESS_VERSION' ) ) { | |
| $builder_post_id = $this->set_wpml_data($builder_post_id); | |
| } | |
| $url = admin_url( 'post.php?post=' . $builder_post_id . '&action=elementor' ); | |
| wp_safe_redirect( $url ); | |
| exit; | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment