From 28fb5db382dc8485a1cb9c84553b368d954663c5 Mon Sep 17 00:00:00 2001
From: milan88888 <chaudharymilan996@gmail.com>
Date: Mon, 25 May 2026 14:48:37 +0545
Subject: [PATCH] Fix - Enhance file path validation and sanitize license plan
 data

---
 includes/functions-ur-core.php | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/includes/functions-ur-core.php b/includes/functions-ur-core.php
index b85970e6d..5cf39e713 100644
--- a/includes/functions-ur-core.php
+++ b/includes/functions-ur-core.php
@@ -1250,9 +1250,12 @@ function ur_load_form_field_class( $class_key ) {
 	/* Backward Compat since 1.4.0 */
 	if ( null != $class_path && file_exists( $class_path ) ) {
 		// Validate the resolved path to prevent directory traversal.
-		$real_class_path = realpath( $class_path );
-		$real_base_path  = realpath( UR_FORM_PATH );
-		if ( false === $real_class_path || false === $real_base_path || 0 !== strpos( $real_class_path, $real_base_path . DIRECTORY_SEPARATOR ) ) {
+		$real_class_path   = realpath( $class_path );
+		$real_base_path    = realpath( UR_FORM_PATH );
+		$real_plugins_path = realpath( WP_PLUGIN_DIR );
+		$in_form_path      = false !== $real_base_path && 0 === strpos( $real_class_path, $real_base_path . DIRECTORY_SEPARATOR );
+		$in_plugins_path   = false !== $real_plugins_path && 0 === strpos( $real_class_path, $real_plugins_path . DIRECTORY_SEPARATOR );
+		if ( false === $real_class_path || ( ! $in_form_path && ! $in_plugins_path ) ) {
 			return null;
 		}
 		$class_name = 'UR_' . join( '_', array_map( 'ucwords', $exploded_class ) );
@@ -4022,11 +4025,15 @@ function ur_get_license_plan() {
 				);
 
 				if ( ! empty( $license_data->item_name ) ) {
-					$license_data->item_plan = strtolower( str_replace( 'LifeTime', '', str_replace( 'User Registration', '', $license_data->item_name ) ) );
+					$license_data->item_plan = trim( strtolower( str_replace( 'LifeTime', '', str_replace( 'User Registration', '', $license_data->item_name ) ) ) );
 					set_transient( 'ur_pro_license_plan', $license_data, WEEK_IN_SECONDS );
 				}
 			}
 
+			if ( ! empty( $license_data->item_plan ) ) {
+				$license_data->item_plan = trim( $license_data->item_plan );
+			}
+
 			return isset( $license_data ) ? $license_data : false;
 		}