Last active
October 8, 2020 08:19
-
-
Save nczz/f9bdb3377dbc3a190a2d0b7b9495145d to your computer and use it in GitHub Desktop.
WordPress WPBakery (js_composer) 的漏洞硬修正 Ref: https://www.facebook.com/a.tech.guy
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
//修正 wp-content/plugins/js_composer/include/classes/core/class-vc-post-admin.php 中 saveAjaxFe 方法的權限補強,補強在方法第一行 | |
$user = wp_get_current_user(); | |
// 僅限制「編輯」、「管理員」與「商店管理員」等級開放編輯,若有其他角色,自行補充 | |
$allowed_roles = array('editor', 'administrator', 'shop_manager'); | |
if (empty(array_intersect($allowed_roles, $user->roles))) { | |
wp_send_json_error(); | |
exit; | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment