[wp-trac] [WordPress Trac] #18592: add trailingslashit to BLOGUPLOADDIR in ms-files.php
WordPress Trac
wp-trac at lists.automattic.com
Mon Sep 5 09:02:40 UTC 2011
#18592: add trailingslashit to BLOGUPLOADDIR in ms-files.php
----------------------------+-----------------------------
Reporter: wonderboymusic | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Media | Version: 3.3
Severity: normal | Keywords: has-patch
----------------------------+-----------------------------
BLOGUPLOADDIR is trailingslashit'd inconsistently - since this value can
be set by the user, adding trailingslashit to the constant value in ms-
files.php will prevent broken images in sub-blogs when in Multisite mode
{{{
// WRONG
define( 'BLOGUPLOADDIR', $_SERVER['DOCUMENT_ROOT'] .
"/blogs.dir/{$the_id}/files" );
// RIGHT
define( 'BLOGUPLOADDIR', $_SERVER['DOCUMENT_ROOT'] .
"/blogs.dir/{$the_id}/files/" );
// CURRENT
$file = BLOGUPLOADDIR . str_replace( '..', '', $_GET[ 'file' ] );
// PROPOSED
$file = trailingslashit( BLOGUPLOADDIR ) . str_replace( '..', '', $_GET[
'file' ] );
}}}
It's subtle, and hard to debug
--
Ticket URL: <http://core.trac.wordpress.org/ticket/18592>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list