[wp-trac] [WordPress Trac] #42437: Thumbnails can overwrite other uploads if filename matches

WordPress Trac noreply at wordpress.org
Sun Nov 5 00:40:37 UTC 2017


#42437: Thumbnails can overwrite other uploads if filename matches
--------------------------+-----------------------------
 Reporter:  Viper007Bond  |      Owner:
     Type:  defect (bug)  |     Status:  new
 Priority:  normal        |  Milestone:  Awaiting Review
Component:  Upload        |    Version:  4.8.3
 Severity:  normal        |   Keywords:  needs-patch
  Focuses:                |
--------------------------+-----------------------------
 Imagine you're browsing some WordPress site and you find an image ~~you
 want to steal~~ you like and want to upload to your own site. Not knowing
 any better, you download and save a thumbnail, `image-1024x768.png`. Later
 on you upload a different image called `image.png` to your site. Assuming
 you haven't changed thumbnail sizes, the large thumbnail of the second
 image will overwrite the original first image.

 I've attached two images that you can use to test. Notice that `image-
 1024x768.png` will become the red image instead of staying green.

 One possible solution to this is to add a flag to the thumbnail generation
 function that toggles overwriting existing files. It should default to
 overwriting for backwards compatibility but not overwrite on initial
 upload. If not overwriting, then `-2` could be added somewhere in the
 filename. The filename doesn't need to be predictable because it's stored
 in the metadata.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/42437>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list