[wp-trac] [WordPress Trac] #12756: WPMU does not handle files with two or more dots in the filename
WordPress Trac
wp-trac at lists.automattic.com
Sat Oct 9 22:22:41 UTC 2010
#12756: WPMU does not handle files with two or more dots in the filename
--------------------------+-------------------------------------------------
Reporter: Namely | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Future Release
Component: Upload | Version: 2.9.2
Severity: minor | Keywords: multisite
--------------------------+-------------------------------------------------
Comment(by wpmuguru):
The purpose of the str_replace was to prevent a request like {{{/files
/../../../../wp-config.php}}} from being processed.
Probably {{{$file = BLOGUPLOADDIR . str_replace( '../', , $_GET[ 'file' ]
);}}} would work, but I haven't tested it.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/12756#comment:5>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list