[wp-trac] [WordPress Trac] #12756: WPMU does not handle files with two or more dots in the filename
WordPress Trac
wp-trac at lists.automattic.com
Wed Nov 9 17:22:56 UTC 2011
#12756: WPMU does not handle files with two or more dots in the filename
---------------------------------+-----------------------------
Reporter: Namely | Owner: wpmuguru
Type: defect (bug) | Status: assigned
Priority: normal | Milestone: Future Release
Component: Upload | Version: 2.9.2
Severity: minor | Resolution:
Keywords: multisite has-patch |
---------------------------------+-----------------------------
Changes (by nacin):
* milestone: 3.3 => Future Release
Comment:
Using validate_file() here would yield the same bug anyway. Curious if
".." rather than "../" could therefore prevent path traversal with "..\".
Since this isn't a regression, I'm inclined to continue to punt it.
In IRC, we're wondering whether a backslash could cause some issues,
either via traversal or by escaping characters.
The simple fix is to just not use `..` in a URL. Punt.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/12756#comment:12>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list