[wp-trac] [WordPress Trac] #16189: Uploading files with more than one contiguous period should be disallowed
WordPress Trac
wp-trac at lists.automattic.com
Tue Jan 11 18:40:58 UTC 2011
#16189: Uploading files with more than one contiguous period should be disallowed
---------------------------+-----------------------------
Reporter: simonwheatley | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Upload | Version: 3.1
Severity: normal | Keywords: has-patch
---------------------------+-----------------------------
The file handler for multisite has a security
[http://core.trac.wordpress.org/browser/tags/3.0.4/wp-includes/ms-
files.php#L26|measure] which effectively bars the display of files with
more than one contiguous period in the filename, e.g. `my...file.jpg`.
Seems a silly thing to name a file, but there we go.
If this is the case then we probably should disallow uploading files like
this, so no-one can get themselves in a twist and upload files which are
unviewable on their site.
The attached diff adds a check for more than one contiguous period in the
filename, and disallows the upload if the test fails.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/16189>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list