Filesystem API: Add more specificity to the rules for valid files in `validate_file()`.
This now treats files containing `./` as valid, and also treats files containing a trailing `../` as valid due to widespread use of this pattern in theme and plugin zip files. Adds tests. Props Ipstenu, borgesbruno, DavidAnderson, philipjohn, birgire Fixes #42016, #36170 Built from https://develop.svn.wordpress.org/trunk@42011 git-svn-id: http://core.svn.wordpress.org/trunk@41845 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
16cfe96580
commit
2f3e91028a
|
@ -663,7 +663,7 @@ function wp_tempnam( $filename = '', $dir = '' ) {
|
|||
* @param array $allowed_files Optional. Array of allowed files to edit, $file must match an entry exactly.
|
||||
* @return string|null
|
||||
*/
|
||||
function validate_file_to_edit( $file, $allowed_files = '' ) {
|
||||
function validate_file_to_edit( $file, $allowed_files = array() ) {
|
||||
$code = validate_file( $file, $allowed_files );
|
||||
|
||||
if (!$code )
|
||||
|
|
|
@ -4252,16 +4252,27 @@ function iis7_supports_permalinks() {
|
|||
* @param array $allowed_files Optional. List of allowed files.
|
||||
* @return int 0 means nothing is wrong, greater than 0 means something was wrong.
|
||||
*/
|
||||
function validate_file( $file, $allowed_files = '' ) {
|
||||
if ( false !== strpos( $file, '..' ) )
|
||||
function validate_file( $file, $allowed_files = array() ) {
|
||||
// `../` on its own is not allowed:
|
||||
if ( '../' === $file ) {
|
||||
return 1;
|
||||
}
|
||||
|
||||
if ( false !== strpos( $file, './' ) )
|
||||
// More than one occurence of `../` is not allowed:
|
||||
if ( preg_match_all( '#\.\./#', $file, $matches, PREG_SET_ORDER ) && ( count( $matches ) > 1 ) ) {
|
||||
return 1;
|
||||
}
|
||||
|
||||
// `../` which does not occur at the end of the path is not allowed:
|
||||
if ( false !== strpos( $file, '../' ) && '../' !== mb_substr( $file, -3, 3 ) ) {
|
||||
return 1;
|
||||
}
|
||||
|
||||
// Files not in the allowed file list are not allowed:
|
||||
if ( ! empty( $allowed_files ) && ! in_array( $file, $allowed_files ) )
|
||||
return 3;
|
||||
|
||||
// Absolute Windows drive paths are not allowed:
|
||||
if (':' == substr( $file, 1, 1 ) )
|
||||
return 2;
|
||||
|
||||
|
|
|
@ -4,7 +4,7 @@
|
|||
*
|
||||
* @global string $wp_version
|
||||
*/
|
||||
$wp_version = '4.9-beta3-42010';
|
||||
$wp_version = '4.9-beta3-42011';
|
||||
|
||||
/**
|
||||
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.
|
||||
|
|
Loading…
Reference in New Issue