CVE-2023-4276: profile_page.php in absolute-privacy/trunk – WordPress Plugin Repository

1<?php2global $userdata;34/**5 * First we’ll run the shortcode that displays the login form6 * if the user isn’t logged in. Otherwise it displays a logout link.7 * This shortcode is found in Absolute Privacy’s functions.php file8 */9echo do_shortcode( '[loginform]' );1011/**12 * We’ll only show any of this profile updating form if the user is logged in.13 */14if ( is_user_logged_in() ) :15 require_once( ABSPATH . WPINC . ‘/registration.php’ ); //this file is needed for functions used below1617 $user_id = $userdata->ID; //reassign the username variable to ensure everything is up to date18 $errors = false;1920 if ( isset( $_POST[‘wp-submit’] ) ) { // The form has been submitted2122 /* Here we check for errors. We’ll throw an error if the user has23 * left the first name, last name, or email address empty.24 */25 if ( empty( $_POST[‘first_name’] ) || empty( $_POST[‘last_name’] ) || empty( $_POST[‘user_email’] ) ) {26 $errors = __( 'You must enter a value for first name, last name, and email address.’, ‘absprivacy’ );27 }282930 /* Here we check if the user is trying to submit a new password.31 * We only update the password if there are no previous errors,32 * and if both inputted passwords match.33 */34 if ( isset( $_POST[‘password’] ) && false === $errors && ! empty( $_POST[‘password’] ) ) {35 if ( strtolower( $_POST[‘password’] ) !== strtolower( $_POST[‘password2’] ) || empty( $_POST[‘password2’] ) ) {36 $errors = __( 'Your passwords do not match.’, ‘absprivacy’ );37 } else {38 wp_set_password( $_POST[‘password’], $user_id );39 }40 }4142 if ( false === $errors ) { //no errors, so lets update the user43 wp_update_user(44 array(45 ‘ID’ => $user_id,46 ‘first_name’ => htmlentities( trim( $_POST[‘first_name’] ) ),47 ‘last_name’ => htmlentities( trim( $_POST[‘last_name’] ) ),48 ‘user_email’ => htmlentities( trim( $_POST[‘user_email’] ) )49 )50 );5152 echo ‘<p class="profile_updated"><em>’ . __( 'Your profile has been updated’, ‘absprivacy’ ) . '</em></p>’;53 } else {54 echo '<p class="profile_errors"><strong>ERROR:</strong> ' . $errors . '</p>’;55 }56 }5758 $user = new WP_User( $user_id ); // use this instead of $userdata so that the changes are reflected after a user updates the form59 ?>606162 <p><?php _e( 'You may edit your profile using the form below.’, ‘absprivacy’ ); ?></p>6364 <form name="profileform" action="" method="post">6566 <p>67 <label for="first_name"><?php _e( 'First Name’, ‘absprivacy’ ); ?></label>68 <input type="text" name="first_name" id="first_name" class="input" value="<?php echo $user->first_name; ?>"69 size="30" tabindex="10"/>70 </p>7172 <p>73 <label for="last_name"><?php _e( 'Last Name’, ‘absprivacy’ ); ?></label>74 <input type="text" name="last_name" id="last_name" class="input" value="<?php echo $user->last_name; ?>"75 size="30" tabindex="20"/>76 </p>777879 <p>80 <label for="user_email"><?php _e( 'Email Address’, ‘absprivacy’ ); ?></label>81 <input type="text" name="user_email" id="user_email" class="input" value="<?php echo $user->user_email; ?>"82 size="40" tabindex="30"/>83 </p>8485 <p><?php _e( 'You may also change your password (optional).’, ‘absprivacy’ ); ?></p>8687 <p>88 <label for="password"><?php _e( 'Password’, ‘absprivacy’ ); ?></label>89 <input type="password" name="password" id="password" class="input" value="" size="20" tabindex="40"/> <br/>90 <label for="password2"><?php _e( 'And Again’, ‘absprivacy’ ); ?></label>91 <input type="password" name="password2" id="password2" class="input" value="" size="20" tabindex="50"/>92 </p>9394 <input type="submit" name="wp-submit" id="wp-submit" class="button-primary" value="<?php _e( 'Submit Changes’, ‘absprivacy’ ); ?>" tabindex="100"/>95 </form>96<?php endif; ?>