[wp-trac] [WordPress Trac] #28300: Two issues in the code for auto-uploading to subfolders

WordPress Trac noreply at wordpress.org
Sun May 18 18:56:38 UTC 2014


#28300: Two issues in the code for auto-uploading to subfolders
-----------------------------+------------------------------
 Reporter:  wiziapp          |       Owner:
     Type:  defect (bug)     |      Status:  new
 Priority:  normal           |   Milestone:  Awaiting Review
Component:  Upgrade/Install  |     Version:  3.9.1
 Severity:  normal           |  Resolution:
 Keywords:                   |     Focuses:
-----------------------------+------------------------------
Description changed by ocean90:

Old description:

> There are two issues in the code for auto-uploading to subfolders within
> a change rooted FTP (wp-admin/includes/class-wp-filesystem-base.php).
>
> First, it adds a "/" to the replacement expression when the source
> replacement already contains a "/" (Note that ABSPATH has a trailing
> slash):
>             $potential_folder = preg_replace( '#^' . preg_quote( $dir,
> '#' ) . '/#i', trailingslashit( constant( $constant ) ), $folder );
>
> This should be:
>                $potential_folder = preg_replace( '#^' . preg_quote(
> trailingslashit($dir), '#' ) . '#i', trailingslashit( constant( $constant
> ) ), $folder );
>
> Second, it checks that the directory exists. This is not the case during
> theme and plugin installs, where the not existing directory is specified.
> Instead, only the parent should be checked.
>
> After:
>
>                 if ( $this->is_dir( $potential_folder ) ) {
>                     $this->cache[ $folder ] = $potential_folder;
>                     return $potential_folder;
>                 }
> Adding:
>               else {
>                     $potential_parent_folder =
> trailingslashit(preg_replace('#[^/]*/$#', '', $potential_folder));
>                     if ( $this->is_dir( $potential_parent_folder ) ) {
>                         $this->cache[ $folder ] = $potential_folder;
>                         return $potential_folder;
>                     }
>                 }
>
> Would test for a valid parent, instead. (E.g. wp-content/themes instead
> of wp-content/themes/newtheme)

New description:

 There are two issues in the code for auto-uploading to subfolders within a
 change rooted FTP (wp-admin/includes/class-wp-filesystem-base.php).

 First, it adds a "/" to the replacement expression when the source
 replacement already contains a "/" (Note that ABSPATH has a trailing
 slash):

 {{{
 $potential_folder = preg_replace( '#^' . preg_quote( $dir, '#' ) . '/#i',
 trailingslashit( constant( $constant ) ), $folder );
 }}}


 This should be:

 {{{
 $potential_folder = preg_replace( '#^' . preg_quote(
 trailingslashit($dir), '#' ) . '#i', trailingslashit( constant( $constant
 ) ), $folder );
 }}}


 Second, it checks that the directory exists. This is not the case during
 theme and plugin installs, where the not existing directory is specified.
 Instead, only the parent should be checked.

 After:


 {{{
 if ( $this->is_dir( $potential_folder ) ) {
     $this->cache[ $folder ] = $potential_folder;
     return $potential_folder;
 }
 }}}

 Adding:

 {{{
 else {
       $potential_parent_folder = trailingslashit(preg_replace('#[^/]*/$#',
 '', $potential_folder));
       if ( $this->is_dir( $potential_parent_folder ) ) {
             $this->cache[ $folder ] = $potential_folder;
             return $potential_folder;
       }
 }
 }}}


 Would test for a valid parent, instead. (E.g. wp-content/themes instead of
 wp-content/themes/newtheme)

--

--
Ticket URL: <https://core.trac.wordpress.org/ticket/28300#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list