[wp-trac] [WordPress Trac] #61488: 6.5.5 Makes Theme Files Inaccessible
WordPress Trac
noreply at wordpress.org
Mon Jun 24 23:43:07 UTC 2024
#61488: 6.5.5 Makes Theme Files Inaccessible
----------------------------+---------------------
Reporter: script2see | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: 6.6
Component: Filesystem API | Version: 6.5.5
Severity: normal | Resolution:
Keywords: needs-patch | Focuses:
----------------------------+---------------------
Comment (by siliconforks):
It looks like this is probably a Windows-only issue.
The problem is that, in 6.5.5, `validate_file()` calls `wp_normalize_path(
$file )` (it didn't in 6.5.4). But `$allowed_files` does not contain
normalized paths. So `in_array( $file, $allowed_files, true )` returns
`false`.
For example, on my Windows installation of WordPress, `$file` is initially
{{{
O:\Apache24\htdocs\wordpress/wp-content/themes/twentyten/style.css
}}}
which becomes (after calling `wp_normalize_path`):
{{{
O:/Apache24/htdocs/wordpress/wp-content/themes/twentyten/style.css
}}}
But `$allowed_files` contains:
{{{
O:\Apache24\htdocs\wordpress/wp-content/themes/twentyten/style.css
}}}
--
Ticket URL: <https://core.trac.wordpress.org/ticket/61488#comment:6>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list