[wp-trac] [WordPress Trac] #48316: Changeset 46482 breaks upload when using ".." in upload_path.
WordPress Trac
noreply at wordpress.org
Wed Nov 6 22:13:20 UTC 2019
#48316: Changeset 46482 breaks upload when using ".." in upload_path.
----------------------------+------------------------------
Reporter: xpoon | Owner: (none)
Type: defect (bug) | Status: reopened
Priority: normal | Milestone: Awaiting Review
Component: Filesystem API | Version: trunk
Severity: major | Resolution:
Keywords: | Focuses:
----------------------------+------------------------------
Comment (by mpcube):
IMHO the right point to address the issue is in _wp_upload_dir() where two
trusted constants (ABSPATH and UPLOADS) are concatenated. At this point
the suspicous '../' at the beginning of the right part could be eliminated
by stripping off the last bit of the left part.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/48316#comment:18>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list