WordPress-C
/
WordPress
mirror of https://github.com/WordPress/WordPress.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Sanitize filenames with multiple extensions. see #11122 

git-svn-id: http://svn.automattic.com/wordpress/trunk@12165 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
ryan 2009-11-11 23:07:29 +00:00
parent 4998669f19
commit 6a65d30970
2 changed files with 65 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
wp-includes/formatting.php
View File

@ -651,6 +651,39 @@ function sanitize_file_name( $filename ) {
$filename = str_replace($special_chars, '', $filename); $filename = str_replace($special_chars, '', $filename);
$filename = preg_replace('/[\s-]+/', '-', $filename); $filename = preg_replace('/[\s-]+/', '-', $filename);
$filename = trim($filename, '.-_'); $filename = trim($filename, '.-_');
// Split the filename into a base and extension[s]
$parts = explode('.', $filename);
// Return if only one extension
if ( count($parts) <= 2 )
return apply_filters('sanitize_file_name', $filename, $filename_raw);
// Process multiple extensions
$filename = array_shift($parts);
$extension = array_pop($parts);
$mimes = get_allowed_mime_types();
// Loop over any intermediate extensions. Munge them with a trailing underscore if they are a 2 - 5 character
// long alpha string not in the extension whitelist.
foreach ( (array) $parts as $part) {
$filename .= '.' . $part;
if ( preg_match("/^[a-zA-Z]{2,5}\d?$/", $part) ) {
$allowed = false;
foreach ( $mimes as $ext_preg => $mime_match ) {
$ext_preg = '!(^' . $ext_preg . ')$!i';
if ( preg_match( $ext_preg, $part ) ) {
$allowed = true;
break;
}
}
if ( !$allowed )
$filename .= '_';
}
}
$filename .= '.' . $extension;
return apply_filters('sanitize_file_name', $filename, $filename_raw); return apply_filters('sanitize_file_name', $filename, $filename_raw);
} }

49
wp-includes/functions.php
View File

@ -2260,8 +2260,36 @@ function wp_ext2type( $ext ) {
* @return array Values with extension first and mime type. * @return array Values with extension first and mime type.
*/ */
function wp_check_filetype( $filename, $mimes = null ) { function wp_check_filetype( $filename, $mimes = null ) {
// Accepted MIME types are set here as PCRE unless provided. if ( null === $mimes )
$mimes = ( is_array( $mimes ) ) ? $mimes : apply_filters( 'upload_mimes', array( $mimes = get_allowed_mime_types();
$type = false;
$ext = false;
foreach ( $mimes as $ext_preg => $mime_match ) {
$ext_preg = '!\.(' . $ext_preg . ')$!i';
if ( preg_match( $ext_preg, $filename, $ext_matches ) ) {
$type = $mime_match;
$ext = $ext_matches[1];
break;
}
}
return compact( 'ext', 'type' );
}
/**
* Retrieve list of allowed mime types and file extensions.
*
* @since 2.8.6
*
* @return array Array of mime types keyed by the file extension regex corresponding to those types.
*/
function get_allowed_mime_types() {
static $mimes = false;
if ( !$mimes ) {
// Accepted MIME types are set here as PCRE unless provided.
$mimes = apply_filters( 'upload_mimes', array(
'jpg|jpeg|jpe' => 'image/jpeg', 'jpg|jpeg|jpe' => 'image/jpeg',
'gif' => 'image/gif', 'gif' => 'image/gif',
'png' => 'image/png', 'png' => 'image/png',
@ -2307,24 +2335,11 @@ function wp_check_filetype( $filename, $mimes = null ) {
'odc' => 'application/vnd.oasis.opendocument.chart', 'odc' => 'application/vnd.oasis.opendocument.chart',
'odb' => 'application/vnd.oasis.opendocument.database', 'odb' => 'application/vnd.oasis.opendocument.database',
'odf' => 'application/vnd.oasis.opendocument.formula', 'odf' => 'application/vnd.oasis.opendocument.formula',
) ) );
);
$type = false;
$ext = false;
foreach ( $mimes as $ext_preg => $mime_match ) {
$ext_preg = '!\.(' . $ext_preg . ')$!i';
if ( preg_match( $ext_preg, $filename, $ext_matches ) ) {
$type = $mime_match;
$ext = $ext_matches[1];
break;
}
} }
return compact( 'ext', 'type' ); return $mimes;
} }
/** /**
* Retrieve nonce action "Are you sure" message. * Retrieve nonce action "Are you sure" message.
* *