[wp-trac] [WordPress Trac] #28300: Two issues in the code for auto-uploading to subfolders
WordPress Trac
noreply at wordpress.org
Sun May 18 18:56:38 UTC 2014
#28300: Two issues in the code for auto-uploading to subfolders
-----------------------------+------------------------------
Reporter: wiziapp | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Upgrade/Install | Version: 3.9.1
Severity: normal | Resolution:
Keywords: | Focuses:
-----------------------------+------------------------------
Description changed by ocean90:
Old description:
> There are two issues in the code for auto-uploading to subfolders within
> a change rooted FTP (wp-admin/includes/class-wp-filesystem-base.php).
>
> First, it adds a "/" to the replacement expression when the source
> replacement already contains a "/" (Note that ABSPATH has a trailing
> slash):
> $potential_folder = preg_replace( '#^' . preg_quote( $dir,
> '#' ) . '/#i', trailingslashit( constant( $constant ) ), $folder );
>
> This should be:
> $potential_folder = preg_replace( '#^' . preg_quote(
> trailingslashit($dir), '#' ) . '#i', trailingslashit( constant( $constant
> ) ), $folder );
>
> Second, it checks that the directory exists. This is not the case during
> theme and plugin installs, where the not existing directory is specified.
> Instead, only the parent should be checked.
>
> After:
>
> if ( $this->is_dir( $potential_folder ) ) {
> $this->cache[ $folder ] = $potential_folder;
> return $potential_folder;
> }
> Adding:
> else {
> $potential_parent_folder =
> trailingslashit(preg_replace('#[^/]*/$#', '', $potential_folder));
> if ( $this->is_dir( $potential_parent_folder ) ) {
> $this->cache[ $folder ] = $potential_folder;
> return $potential_folder;
> }
> }
>
> Would test for a valid parent, instead. (E.g. wp-content/themes instead
> of wp-content/themes/newtheme)
New description:
There are two issues in the code for auto-uploading to subfolders within a
change rooted FTP (wp-admin/includes/class-wp-filesystem-base.php).
First, it adds a "/" to the replacement expression when the source
replacement already contains a "/" (Note that ABSPATH has a trailing
slash):
{{{
$potential_folder = preg_replace( '#^' . preg_quote( $dir, '#' ) . '/#i',
trailingslashit( constant( $constant ) ), $folder );
}}}
This should be:
{{{
$potential_folder = preg_replace( '#^' . preg_quote(
trailingslashit($dir), '#' ) . '#i', trailingslashit( constant( $constant
) ), $folder );
}}}
Second, it checks that the directory exists. This is not the case during
theme and plugin installs, where the not existing directory is specified.
Instead, only the parent should be checked.
After:
{{{
if ( $this->is_dir( $potential_folder ) ) {
$this->cache[ $folder ] = $potential_folder;
return $potential_folder;
}
}}}
Adding:
{{{
else {
$potential_parent_folder = trailingslashit(preg_replace('#[^/]*/$#',
'', $potential_folder));
if ( $this->is_dir( $potential_parent_folder ) ) {
$this->cache[ $folder ] = $potential_folder;
return $potential_folder;
}
}
}}}
Would test for a valid parent, instead. (E.g. wp-content/themes instead of
wp-content/themes/newtheme)
--
--
Ticket URL: <https://core.trac.wordpress.org/ticket/28300#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list