[wp-trac] [WordPress Trac] #15955: sanitize_file_name not removing invalid characters properly
WordPress Trac
wp-trac at lists.automattic.com
Wed Dec 22 22:15:46 UTC 2010
#15955: sanitize_file_name not removing invalid characters properly
--------------------------+-----------------------------
Reporter: t31os_ | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Media | Version: 3.0.3
Severity: normal | Keywords: needs-patch
--------------------------+-----------------------------
The `sanitize_file_name` function is not filtering alot of character
entities like the degree symbol, this results in invalid media item paths,
see the attached images.
wp-includes/formatting - Line 677
{{{
$special_chars = array("?", "[", "]", "/", "\\", "=", "<", ">", ":", ";",
",", "'", "\"", "&", "$", "#", "*", "(", ")", "|", "~", "`", "!", "{",
"}", chr(0));
}}}
This array is not dealing with invalid entities that could be used in a
filename, and the regular expression further down is not catching these
either.
wp-includes/formatting - Line 700
{{{
if ( preg_match("/^[a-zA-Z]{2,5}\d?$/", $part) ) {
}}}
See attached images, i used 4 varying names with unusual entities in
them(each a copy of a sample jpg image).
Using a filter on the valid chars array results in the extension getting
stripped off but the file still makes it through the upload routine
however(which is worrying).
I'm no file validation expert, so i'm not sure if this is a critical
problem(marked as normal), i'll leave this for you chaps to decide.
'''NOTE:''' Ignore my hostname in the screenies, it's a 3.0.3
installation, i'm just lazy with updating my virtual host settings.
See screenshots for steps to reproduce(just create a file with some dodgy
character entities and upload it basically).
--
Ticket URL: <http://core.trac.wordpress.org/ticket/15955>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list