[wp-trac] [WordPress Trac] #42437: Thumbnails can overwrite other uploads if filename matches

WordPress Trac noreply at wordpress.org
Thu Jan 25 20:28:11 UTC 2018


#42437: Thumbnails can overwrite other uploads if filename matches
--------------------------+------------------------------
 Reporter:  Viper007Bond  |       Owner:
     Type:  defect (bug)  |      Status:  new
 Priority:  normal        |   Milestone:  Awaiting Review
Component:  Upload        |     Version:  4.8.3
 Severity:  normal        |  Resolution:
 Keywords:  needs-patch   |     Focuses:
--------------------------+------------------------------

Comment (by blobfolio):

 Replying to [comment:3 azaozz]:
 > Thinking we should be stripping things like `-1024x768` from the ends of
 image names on upload. That will allow "proper" naming with -2, -3, etc.
 for duplicates and will prevent sub-sizes name conflicts.

 Having seen some absurdly long user filenames in my day, I like the idea
 of stripping trailing dimensions from new files before storing them.

 Temporarily pop off the extension, then something like the following:
 `$filename = preg_replace('/(\-\d+x\d+)+$/', '', $filename);`

 Then make sure the filename isn't empty, add the extension back, and run
 the usual uniqueness filters.

 That'll help things going forward, but won't stop collisions from media
 uploaded before the change. For that, we'd need to loop through all
 possible thumbnail names to check for collisions before settling on a
 source name.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/42437#comment:4>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list