From 79f09bd32f20bb5c1ecbba16a151a0f2ea8d6a2e Mon Sep 17 00:00:00 2001 From: John Blackbourn Date: Thu, 5 Jul 2018 15:08:20 +0000 Subject: [PATCH] Media: Limit thumbnail file deletions to the same directory as the original file. Merges [43393] into the 4.1 branch. Built from https://develop.svn.wordpress.org/branches/4.1@43401 git-svn-id: http://core.svn.wordpress.org/branches/4.1@43229 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-includes/functions.php | 54 ++++++++++++++++++++++++++++--- wp-includes/post.php | 67 +++++++++++++++++++++++++++++---------- 2 files changed, 100 insertions(+), 21 deletions(-) diff --git a/wp-includes/functions.php b/wp-includes/functions.php index ab45ac150c..1c097bff9b 100644 --- a/wp-includes/functions.php +++ b/wp-includes/functions.php @@ -1575,18 +1575,38 @@ function path_join( $base, $path ) { /** * Normalize a filesystem path. * - * Replaces backslashes with forward slashes for Windows systems, and ensures - * no duplicate slashes exist. + * On windows systems, replaces backslashes with forward slashes + * and forces upper-case drive letters. + * Allows for two leading slashes for Windows network shares, but + * ensures that all other duplicate slashes are reduced to a single. * * @since 3.9.0 + * @since 4.4.0 Ensures upper-case drive letters on Windows systems. + * @since 4.5.0 Allows for Windows network shares. + * @since 4.9.7 Allows for PHP file wrappers. * * @param string $path Path to normalize. * @return string Normalized path. */ function wp_normalize_path( $path ) { + $wrapper = ''; + if ( wp_is_stream( $path ) ) { + list( $wrapper, $path ) = explode( '://', $path, 2 ); + $wrapper .= '://'; + } + + // Standardise all paths to use / $path = str_replace( '\\', '/', $path ); - $path = preg_replace( '|/+|','/', $path ); - return $path; + + // Replace multiple slashes down to a singular, allowing for network shares having two slashes. + $path = preg_replace( '|(?<=.)/+|', '/', $path ); + + // Windows paths should uppercase the drive letter + if ( ':' === substr( $path, 1, 1 ) ) { + $path = ucfirst( $path ); + } + + return $wrapper . $path; } /** @@ -4855,3 +4875,29 @@ function wp_validate_boolean( $var ) { return (bool) $var; } + +/** + * Deletes a file if its path is within the given directory. + * + * @since 4.9.7 + * + * @param string $file Absolute path to the file to delete. + * @param string $directory Absolute path to a directory. + * @return bool True on success, false on failure. + */ +function wp_delete_file_from_directory( $file, $directory ) { + $real_file = realpath( wp_normalize_path( $file ) ); + $real_directory = realpath( wp_normalize_path( $directory ) ); + + if ( false === $real_file || false === $real_directory || strpos( wp_normalize_path( $real_file ), trailingslashit( wp_normalize_path( $real_directory ) ) ) !== 0 ) { + return false; + } + + /** This filter is documented in wp-admin/custom-header.php */ + $delete = apply_filters( 'wp_delete_file', $file ); + if ( ! empty( $delete ) ) { + @unlink( $delete ); + } + + return true; +} diff --git a/wp-includes/post.php b/wp-includes/post.php index 7ca570c972..1cac006e62 100644 --- a/wp-includes/post.php +++ b/wp-includes/post.php @@ -4806,46 +4806,79 @@ function wp_delete_attachment( $post_id, $force_delete = false ) { /** This action is documented in wp-includes/post.php */ do_action( 'deleted_post', $post_id ); + wp_delete_attachment_files( $post_id, $meta, $backup_sizes, $file ); + + clean_post_cache( $post ); + + return $post; +} + +/** + * Deletes all files that belong to the given attachment. + * + * @since 4.9.7 + * + * @param int $post_id Attachment ID. + * @param array $meta The attachment's meta data. + * @param array $backup_sizes The meta data for the attachment's backup images. + * @param string $file Absolute path to the attachment's file. + * @return bool True on success, false on failure. + */ +function wp_delete_attachment_files( $post_id, $meta, $backup_sizes, $file ) { + global $wpdb; + $uploadpath = wp_upload_dir(); + $deleted = true; if ( ! empty($meta['thumb']) ) { // Don't delete the thumb if another attachment uses it. if (! $wpdb->get_row( $wpdb->prepare( "SELECT meta_id FROM $wpdb->postmeta WHERE meta_key = '_wp_attachment_metadata' AND meta_value LIKE %s AND post_id <> %d", '%' . $wpdb->esc_like( $meta['thumb'] ) . '%', $post_id)) ) { $thumbfile = str_replace(basename($file), $meta['thumb'], $file); - /** This filter is documented in wp-admin/custom-header.php */ - $thumbfile = apply_filters( 'wp_delete_file', $thumbfile ); - @ unlink( path_join($uploadpath['basedir'], $thumbfile) ); + if ( ! empty( $thumbfile ) ) { + $thumbfile = path_join( $uploadpath['basedir'], $thumbfile ); + $thumbdir = path_join( $uploadpath['basedir'], dirname( $file ) ); + + if ( ! wp_delete_file_from_directory( $thumbfile, $thumbdir ) ) { + $deleted = false; + } + } } } // Remove intermediate and backup images if there are any. if ( isset( $meta['sizes'] ) && is_array( $meta['sizes'] ) ) { + $intermediate_dir = path_join( $uploadpath['basedir'], dirname( $file ) ); foreach ( $meta['sizes'] as $size => $sizeinfo ) { $intermediate_file = str_replace( basename( $file ), $sizeinfo['file'], $file ); - /** This filter is documented in wp-admin/custom-header.php */ - $intermediate_file = apply_filters( 'wp_delete_file', $intermediate_file ); - @ unlink( path_join( $uploadpath['basedir'], $intermediate_file ) ); + if ( ! empty( $intermediate_file ) ) { + $intermediate_file = path_join( $uploadpath['basedir'], $intermediate_file ); + + if ( ! wp_delete_file_from_directory( $intermediate_file, $intermediate_dir ) ) { + $deleted = false; + } + } } } if ( is_array($backup_sizes) ) { + $del_dir = path_join( $uploadpath['basedir'], dirname( $meta['file'] ) ); foreach ( $backup_sizes as $size ) { $del_file = path_join( dirname($meta['file']), $size['file'] ); - /** This filter is documented in wp-admin/custom-header.php */ - $del_file = apply_filters( 'wp_delete_file', $del_file ); - @ unlink( path_join($uploadpath['basedir'], $del_file) ); + if ( ! empty( $del_file ) ) { + $del_file = path_join( $uploadpath['basedir'], $del_file ); + + if ( ! wp_delete_file_from_directory( $del_file, $del_dir ) ) { + $deleted = false; + } + } } } - /** This filter is documented in wp-admin/custom-header.php */ - $file = apply_filters( 'wp_delete_file', $file ); + if ( ! wp_delete_file_from_directory( $file, $uploadpath['basedir'] ) ) { + $deleted = false; + } - if ( ! empty($file) ) - @ unlink($file); - - clean_post_cache( $post ); - - return $post; + return $deleted; } /**