[wp-trac] [WordPress Trac] #48316: Changeset 46482 breaks upload when using ".." in upload_path.
WordPress Trac
noreply at wordpress.org
Mon Nov 25 00:44:12 UTC 2019
#48316: Changeset 46482 breaks upload when using ".." in upload_path.
----------------------------+------------------------------
Reporter: xpoon | Owner: (none)
Type: defect (bug) | Status: reopened
Priority: normal | Milestone: Awaiting Review
Component: Filesystem API | Version: 5.2.4
Severity: major | Resolution:
Keywords: | Focuses:
----------------------------+------------------------------
Comment (by DreadLox):
I think we should use realpath() to build the upload dir **base** path and
then url which have to exists. It would be simplier and faster and would
resolve any back ref (../). Then we forbid any ../ in final paths (to
directories or files)
--
Ticket URL: <https://core.trac.wordpress.org/ticket/48316#comment:26>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list