[wp-trac] [WordPress Trac] #57242: Remove redundant dot in sanitize_file_name function
WordPress Trac
noreply at wordpress.org
Fri Dec 2 16:28:30 UTC 2022
#57242: Remove redundant dot in sanitize_file_name function
-----------------------------------+------------------------------
Reporter: ArtZ91 | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Formatting | Version:
Severity: normal | Resolution:
Keywords: has-patch 2nd-opinion | Focuses:
-----------------------------------+------------------------------
Changes (by SergeyBiryukov):
* keywords: has-patch reporter-feedback => has-patch 2nd-opinion
Comment:
Hi there, welcome back to WordPress Trac! Thanks for the ticket.
Replying to [ticket:57242 ArtZ91]:
> Some web-servers returns Forbidden error if filename contains redundant
dot, for example: filename..jpg
It sounds like `..` triggers some security rule on the server, e.g. to
prevent directory traversal. This appears to be similar to #45368, also
that ticket is about `..` in post content.
Applying `rtrim( $filename, '.' )` before appending the extension probably
makes sense. On the other hand, as noted above, that does not fix the
issue if `..` is in the middle of the file name.
So I'm not quite sure about this change, curious to see what others think.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/57242#comment:4>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list