CVE-2023-3714: profile-magic-group.php in profilegrid-user-profiles-groups-and-communities/tags/5.4.8/public/partials – WordPress Plugin Repository

1<?php2$dbhandler = new PM_DBhandler;3$pm_activator = new Profile_Magic_Activator;4$pmrequests = new PM_request;5$pm_sanitizer = new PM_sanitizer();6$html_creator = new PM_HTML_Creator($this->profile_magic,$this->version);7$textdomain = $this->profile_magic;8$path = plugin_dir_url(__FILE__);9$gid = filter_input(INPUT_GET, ‘gid’);10if(empty($gid))11{12 $gid = get_query_var(‘gid’);13}1415//echo $gid;die;16if(isset($gid) && !empty($gid))17{18 $gid = $pmrequests->pm_get_gid_from_group_slug($gid);19}2021$identifier = ‘GROUPS’;22if(!isset($gid) || empty($gid))23{24 if(isset($content[‘id’]))25 {26 $gid = $content[‘id’];27 }28 else29 {30 $gid = $content[‘gid’];31 }32 33}34$current_user = wp_get_current_user();35$row = $dbhandler->get_row(‘GROUPS’,$gid);36$is_require_admin_approval = $dbhandler->get_global_option_value(‘pm_group_update_require_admin_approval’,0);37$request_obj = $pm_sanitizer->sanitize($_REQUEST);38if(isset($request_obj[“action”]) && $request_obj[“action”]!=’process’)39{40 if(isset($request_obj[“uid”]))$uid = $request_obj[“uid”];else $uid = false;41 $pm_payapl_request = new PM_paypal_request();42 $post_obj = $pm_sanitizer->sanitize($_POST);43 $pm_payapl_request->profile_magic_join_group_payment_process($post_obj, $request_obj[“action”],$gid,$uid);44 return false;45}46if(isset($_POST[‘remove_image’]))47{48 $retrieved_nonce = filter_input(INPUT_POST,’_wpnonce’);49 if (!wp_verify_nonce($retrieved_nonce, ‘save_pm_edit_group’ ) ) die(esc_html__(‘Failed security check’,’profilegrid-user-profiles-groups-and-communities’) );50 $groupid = filter_input(INPUT_POST,’group_id’);51 52 if($groupid!=0 && $is_require_admin_approval==0)53 {54 $data = array(‘group_icon’=>’’);55 $arg = array(‘%d’);56 $dbhandler->update_row($identifier,’id’,$groupid,$data,$arg,’%d’);57 }58 else59 {60 do_action(‘profilegrid_group_update_approval’,$data,$row,$groupid);61 }62 $redirect_url = $pmrequests->profile_magic_get_frontend_url(‘pm_group_page’,’’,$groupid);63 //$redirect_url = add_query_arg(‘gid’,$groupid,$redirect_url);64 wp_safe_redirect( esc_url_raw( $redirect_url ) );65 exit;66 67}6869if(isset($_POST[‘cancel’]))70{71 $retrieved_nonce = filter_input(INPUT_POST,’_wpnonce’);72 if (!wp_verify_nonce($retrieved_nonce, ‘save_pm_edit_group’ ) ) die(esc_html__(‘Failed security check’,’profilegrid-user-profiles-groups-and-communities’) );73 $groupid = filter_input(INPUT_POST,’group_id’);74 $redirect_url = $pmrequests->profile_magic_get_frontend_url(‘pm_group_page’,’’,$groupid);75 //$redirect_url = add_query_arg(‘gid’,$groupid,$redirect_url);76 wp_safe_redirect( esc_url_raw( $redirect_url ) );77 exit;78}7980if(isset($_POST[‘edit_group’]))81{82 83 $retrieved_nonce = filter_input(INPUT_POST,’_wpnonce’);84 if (!wp_verify_nonce($retrieved_nonce, ‘save_pm_edit_group’ ) ) die(esc_html__(‘Failed security check’,’profilegrid-user-profiles-groups-and-communities’) );85 $groupid = filter_input(INPUT_POST,’group_id’);86 $exclude = array(“_wpnonce","_wp_http_referer","edit_group","group_id”);87 $post = $pmrequests->sanitize_request($_POST,$identifier,$exclude);88 if(isset($_FILES[‘group_icon’])){89 $filefield = $_FILES[‘group_icon’];90 $allowed_ext =’jpg|jpeg|png|gif’;91 if(isset($filefield) && !empty($filefield))92 {93 $attachment_id = $pmrequests->make_upload_and_get_attached_id($filefield,$allowed_ext);94 $post[‘group_icon’] = $attachment_id;95 }96 }97 if($post!=false)98 {99 foreach($post as $key=>$value)100 {101 $data[$key] = $value;102 $arg[] = $pm_activator->get_db_table_field_type($identifier,$key);103 }104 }105 if($groupid!=0 && $is_require_admin_approval==0)106 {107 $dbhandler->update_row($identifier,’id’,$groupid,$data,$arg,’%d’);108 do_action('profilegrid_group_update’,$data,$row,$groupid);109 }110 else111 {112 do_action('profilegrid_group_update_approval’,$data,$row,$groupid);113 }114 $redirect_url = $pmrequests->profile_magic_get_frontend_url('pm_group_page’,’’,$groupid);115 //$redirect_url = add_query_arg('gid’,$groupid,$redirect_url);116 wp_safe_redirect( esc_url_raw( $redirect_url ) );117 exit; 118}119120if(isset($_POST[‘pg_join_group’]))121{122 $pg_uid = filter_input(INPUT_POST, ‘pg_uid’);123 $pg_join_gid = filter_input(INPUT_POST, ‘pg_join_gid’);124 $group_type = $pmrequests->profile_magic_get_group_type($pg_join_gid);125 $is_paid_group = $pmrequests->profile_magic_check_paid_group($pg_join_gid);126 if($is_paid_group>0)127 {128 $html_creator->pg_join_paid_group_html($pg_join_gid, $pg_uid);129 }130 else131 {132 $result = $pmrequests->profile_magic_join_group_fun($pg_uid, $pg_join_gid,$group_type);133 134 if($result==true)135 {136 $redirect_url = $pmrequests->profile_magic_get_frontend_url('pm_group_page’,’’,$pg_join_gid);137 //$redirect_url = add_query_arg('gid’,$pg_join_gid,$redirect_url);138 wp_safe_redirect( esc_url_raw( $redirect_url ) );139 exit; 140 }141 142 }143}144145if(isset($_POST[‘pg_join_paid_group’]))146{147 $pg_uid = filter_input(INPUT_POST, ‘pg_uid’);148 $pg_join_gid = filter_input(INPUT_POST, ‘pg_join_gid’);149 do_action('profile_magic_join_group_registration_process’,$_POST,$pg_join_gid,$pg_uid);150 do_action('profile_magic_join_paid_group_process’,$_POST,$pg_join_gid,$pg_uid);151}152153if(!isset($_POST[‘pg_join_group’]) && !isset($_POST[‘pg_join_paid_group’])):154if(!empty($row))155{156 $pagenum = filter_input(INPUT_GET, ‘pagenum’);157 158 $pagenum = isset($pagenum) ? absint($pagenum) : 1;159 $pm_default_group_sorting = $dbhandler->get_global_option_value(‘pm_default_group_sorting’,’oldest_first’);160 switch($pm_default_group_sorting)161 {162 case 'name_asc’:163 $sortby = 'display_name’;164 $order = 'ASC’;165 break;166 case 'name_desc’:167 $sortby = 'display_name’;168 $order = 'DESC’;169 break;170 case 'latest_first’:171 $sortby = 'registered’;172 $order = 'DESC’;173 break;174 case 'oldest_first’:175 $sortby = 'registered’;176 $order = 'ASC’;177 break;178 case 'suspended’:179 $sortby = 'registered’;180 $order = 'DESC’;181 $get[‘status’] = '1’;182 break;183 case 'first_name_asc’:184 $sortby = 'first_name’;185 $order = 'ASC’;186 break;187 case 'first_name_desc’:188 $sortby = 'first_name’;189 $order = 'DESC’;190 break;191 case 'last_name_asc’:192 $sortby = 'last_name’;193 $order = 'ASC’;194 break;195 case 'last_name_desc’:196 $sortby = 'last_name’;197 $order = 'DESC’;198 break;199 default:200 $sortby = 'display_name’;201 $order = 'ASC’;202 break;203 204 }205 206 $limit = $dbhandler->get_global_option_value(‘pm_number_of_users_on_group_page’,’10’); // number of rows in page207 $offset = ( $pagenum - 1 ) * $limit;208 $hide_users = $pmrequests->pm_get_hide_users_array();209 $query_args = array(210 ‘relation’ => 'AND’,211 array(212 ‘key’ => 'pm_group’,213 ‘value’ => sprintf(':"%s";’,$gid),214 ‘compare’ => 'like’215 ),216 array(217 ‘key’ => 'rm_user_status’,218 ‘value’ => '0’,219 ‘compare’ => '=’220 )221 222 );223 224 if($row->is_group_leader!=0)225 {226 $leaders = $pmrequests->pg_get_group_leaders($gid);227 }228 if(isset($group_leader))$exclude = array($group_leader);else{ $exclude = array(); $group_leader = 0;}229 $meta_query = array( ‘relation’ => 'OR’, $query_args );230 $user_query = $dbhandler->pm_get_all_users_ajax('’,$meta_query,’’,$offset,$limit,$order,$sortby,$hide_users);231 $total_users = $user_query->get_total();232 $users = $user_query->get_results();233 $num_of_pages = ceil( $total_users/$limit);234 $pagination = $dbhandler->pm_get_pagination($num_of_pages,$pagenum);235 if(filter_input(INPUT_GET, ‘edit’) && in_array($current_user->ID,$leaders) && is_user_logged_in())236 {237 $themepath = $this->profile_magic_get_pm_theme(‘edit-group-tpl’);238 include $themepath;239 }240 else241 {242 $themepath = $this->profile_magic_get_pm_theme(‘group-tpl’);243 include $themepath; 244 }245 246}247else248{249 echo '<div class="pmrow pg-alert-info pg-alert-warning">’. esc_html__( ‘Sorry, this group is currently not accessible. Either it was deleted or its ID does not matches.’,’profilegrid-user-profiles-groups-and-communities’ ).’</div>’; 250}251endif;252?>