[wp-trac] [WordPress Trac] #48316: Changeset 46482 breaks upload when using ".." in upload_path.
WordPress Trac
noreply at wordpress.org
Mon Nov 25 22:53:25 UTC 2019
#48316: Changeset 46482 breaks upload when using ".." in upload_path.
----------------------------+------------------------------
Reporter: xpoon | Owner: (none)
Type: defect (bug) | Status: reopened
Priority: normal | Milestone: Awaiting Review
Component: Filesystem API | Version: 5.2.4
Severity: major | Resolution:
Keywords: | Focuses:
----------------------------+------------------------------
Comment (by DreadLox):
@mpcube good one. I think this minimal fix can be merged and backported
ASAP:
- it immediately fixes this issue
- it relies entirely on GLOBALS
- it doesn't hurt the "security" hot fix that caused this issue
- it doesn't modify URIs
Then we can take time to discuss the trusted paths approach.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/48316#comment:27>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list