[wp-trac] [WordPress Trac] #47539: Incomplete sanitization of upload file name.
WordPress Trac
noreply at wordpress.org
Fri Jun 14 05:03:01 UTC 2019
#47539: Incomplete sanitization of upload file name.
-----------------------------+-----------------------------
Reporter: mt8.biz | Owner: (none)
Type: feature request | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Media | Version: 2.1.1
Severity: normal | Keywords: has-patch
Focuses: |
-----------------------------+-----------------------------
The newline code is replaced with "-" in sanitize_file_name, but other
control characters have not been sanitized.
For example, `^ P` ( ` \ x10` )
This allows uploading with the control characters included in the file
name.
{{{
# ls -la
-rw-r--r-- 1 root root 19058 Jun 14 04:21 ???wapuu_escape-
150x150.png
-rw-r--r-- 1 root root 41163 Jun 14 04:21 ???wapuu_escape-
297x300.png
-rw-r--r-- 1 root root 31022 Jun 14 04:21 ???wapuu_escape.png
}}}
After applying the patch:
{{{
# ls -la
-rw-r--r-- 1 www-data www-data 19058 Jun 14 04:27 wapuu_escape-150x150.png
-rw-r--r-- 1 www-data www-data 41163 Jun 14 04:27 wapuu_escape-297x300.png
-rw-r--r-- 1 www-data www-data 31022 Jun 14 04:27 wapuu_escape.png
}}}
Attach a test file.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/47539>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list