[wp-trac] [WordPress Trac] #12756: WPMU does not handle files with two or more dots in the filename
WordPress Trac
wp-trac at lists.automattic.com
Wed Dec 1 19:59:54 UTC 2010
#12756: WPMU does not handle files with two or more dots in the filename
--------------------------+-------------------------------------------------
Reporter: Namely | Owner: wpmuguru
Type: defect (bug) | Status: assigned
Priority: normal | Milestone: Future Release
Component: Upload | Version: 2.9.2
Severity: minor | Keywords: multisite
--------------------------+-------------------------------------------------
Changes (by larysa):
* cc: larysa (added)
* owner: => wpmuguru
* status: new => assigned
Comment:
Anything
$file = BLOGUPLOADDIR . str_replace( '../', '', $_GET[ 'file' ] );
or
$file = BLOGUPLOADDIR . str_replace( '/..', '', $_GET[ 'file' ] );
or
$file = BLOGUPLOADDIR . str_replace( '/../', '', $_GET[ 'file' ] );
would solve the issue.
The last one is enough. Any chance to see this change in the official
release soon? Shame to miss it in 3.0.2.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/12756#comment:7>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list