Filter uncanny-automator-pro

automator_pro_webhook_blocked_response_functions

Filters the list of blocked functions for webhook responses to prevent potentially harmful code execution.

add_filter( 'automator_pro_webhook_blocked_response_functions', $callback, 10, 1 );

Description

Filters a list of PHP functions blocked for webhook responses. Developers can use this hook to add or remove functions from the blocklist, enhancing security by preventing the execution of potentially dangerous commands via webhook data.

Usage

add_filter( 'automator_pro_webhook_blocked_response_functions', 'your_function_name', 10, 1 );

Return Value

The filtered value.

Examples

/**
 * Example of how to use the 'automator_pro_webhook_blocked_response_functions' filter.
 * This example adds an additional function to the blocked list.
 */
add_filter( 'automator_pro_webhook_blocked_response_functions', 'my_custom_blocked_webhook_functions', 10, 1 );

function my_custom_blocked_webhook_functions( array $blocked_functions ): array {
	// Add a custom function that we also want to block for security reasons.
	// This is just an example; ensure you understand the implications of blocking any function.
	$blocked_functions[] = 'base64_decode';

	// Return the modified array of blocked functions.
	return $blocked_functions;
}

Placement

This code should be placed in the functions.php file of your active theme, a custom plugin, or using a code snippets plugin.

Source Code

uncanny-automator-pro/src/core/webhook/webhook-rest-handler.php:455

}

		if ( 'filter' === $response_type ) {
			$function_name = isset( $trigger['meta']['WEBHOOK_RESPONSE_FILTER_FUNCTION'] ) ? $trigger['meta']['WEBHOOK_RESPONSE_FILTER_FUNCTION'] : '';

			// Block dangerous PHP built-in functions that could be used for RCE
			// if an admin account is compromised or via stored XSS in the recipe editor.
			$blocked_functions = apply_filters(
				'automator_pro_webhook_blocked_response_functions',
				array(
					'system', 'exec', 'passthru', 'shell_exec', 'popen', 'proc_open',
					'pcntl_exec', 'eval', 'assert', 'create_function', 'call_user_func',
					'call_user_func_array', 'preg_replace_callback', 'usort', 'uasort',
					'uksort', 'array_map', 'array_filter', 'array_walk', 'extract',
					'parse_str', 'putenv', 'ini_set', 'dl', 'mail', 'header',
Scroll to Top