[wp-trac] [WordPress Trac] #42437: Thumbnails can overwrite other uploads if filename matches
WordPress Trac
noreply at wordpress.org
Wed May 16 15:06:13 UTC 2018
#42437: Thumbnails can overwrite other uploads if filename matches
--------------------------+-----------------------------
Reporter: Viper007Bond | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Future Release
Component: Upload | Version: 4.8.3
Severity: normal | Resolution:
Keywords: needs-patch | Focuses:
--------------------------+-----------------------------
Comment (by blobfolio):
Unfortunately new source attachments with a dimension-like suffix naming
structures are only one small part of the issue. The full scope of the
problem is that ''any thumbnail'' for an attachment might collide with
another file in the uploads folder.
For example, say a site user uploaded an image called `image-123x123.jpg`
a year ago. (No patch can fix the past. Haha.) Then today, they decide to
upload a file called `image.jpg`. If we are only looking at the source
file, no collision would be detected, however once WP crunches out the
`123x123` thumbnail size, a collision will happen (the original file from
a year ago will be blown away).
Beyond suffixes, we also have to deal with the new thumbnails WordPress is
generating for non-image attachments like PDFs, as well as all the other
unregistered files that end up in a site's uploads folder (manually edited
thumbnails, files from plugins, etc.)
For a more complete fix, WordPress needs to pre-generate a list of
possible thumbnail paths and run its collision checks in a loop. If any of
the proposed files collide, `-1` the source name, pre-generate a new list,
and check again. Rinse and repeat until all 5 million files are proved
unique. Haha.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/42437#comment:18>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list