[wp-trac] [WordPress Trac] #12756: WPMU does not handle files with two or more dots in the filename
WordPress Trac
wp-trac at lists.automattic.com
Wed Nov 9 17:46:04 UTC 2011
#12756: WPMU does not handle files with two or more dots in the filename
---------------------------------+-----------------------------
Reporter: Namely | Owner: wpmuguru
Type: defect (bug) | Status: assigned
Priority: normal | Milestone: Future Release
Component: Upload | Version: 2.9.2
Severity: minor | Resolution:
Keywords: multisite has-patch |
---------------------------------+-----------------------------
Comment (by wpmuguru):
Replying to [comment:12 nacin]:
> In IRC, we're wondering whether a backslash could cause some issues,
either via traversal or by escaping characters.
>
> The simple fix is to just not use `..` in a URL. Punt.
For this one, I think the better solution is to sanitize the filename on
upload and replace the .. with --.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/12756#comment:13>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list