[wp-trac] [WordPress Trac] #11122: Sanitize filenames with multiple extensions
WordPress Trac
wp-trac at lists.automattic.com
Wed Nov 11 22:34:48 UTC 2009
#11122: Sanitize filenames with multiple extensions
--------------------------+-------------------------------------------------
Reporter: ryan | Owner: ryan
Type: defect (bug) | Status: new
Priority: normal | Milestone: 2.9
Component: Security | Version: 2.8.5
Severity: normal | Keywords: health-check
--------------------------+-------------------------------------------------
Comment(by ryan):
The patch turns .php.jpg into .php_.jpg. .php.jpg.jpg into .php_.jpg.jpg.
Anything that looks like an extension (a dot followed by [a-zA-Z]{2,5}\d?)
that is not in the whitelist is munged by appending an underscore.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/11122#comment:3>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list