[wp-trac] [WordPress Trac] #44868: Upload plugin and theme functionalities do not check on PATHINFO_EXTENSION before upload.
WordPress Trac
noreply at wordpress.org
Thu Aug 30 13:18:42 UTC 2018
#44868: Upload plugin and theme functionalities do not check on PATHINFO_EXTENSION
before upload.
-----------------------------+-----------------------------
Reporter: csorbamedia | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Upgrade/Install | Version: 4.9.8
Severity: normal | Keywords: needs-patch
Focuses: administration |
-----------------------------+-----------------------------
If you go to /wp-admin/plugins.php click the button **Add new** and you
upload a .sql file or whatever file then this is possible. The fille end-
up in the wp-uploads/ folder and will not be removed. There should which
will check the extension and removes it if it is not a .zip file.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/44868>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list