Media: Limit thumbnail file deletions to the same directory as the original file.
Merges [43393] into the 4.1 branch. Built from https://develop.svn.wordpress.org/branches/4.1@43401 git-svn-id: http://core.svn.wordpress.org/branches/4.1@43229 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
7773c57a7b
commit
79f09bd32f
|
@ -1575,18 +1575,38 @@ function path_join( $base, $path ) {
|
||||||
/**
|
/**
|
||||||
* Normalize a filesystem path.
|
* Normalize a filesystem path.
|
||||||
*
|
*
|
||||||
* Replaces backslashes with forward slashes for Windows systems, and ensures
|
* On windows systems, replaces backslashes with forward slashes
|
||||||
* no duplicate slashes exist.
|
* and forces upper-case drive letters.
|
||||||
|
* Allows for two leading slashes for Windows network shares, but
|
||||||
|
* ensures that all other duplicate slashes are reduced to a single.
|
||||||
*
|
*
|
||||||
* @since 3.9.0
|
* @since 3.9.0
|
||||||
|
* @since 4.4.0 Ensures upper-case drive letters on Windows systems.
|
||||||
|
* @since 4.5.0 Allows for Windows network shares.
|
||||||
|
* @since 4.9.7 Allows for PHP file wrappers.
|
||||||
*
|
*
|
||||||
* @param string $path Path to normalize.
|
* @param string $path Path to normalize.
|
||||||
* @return string Normalized path.
|
* @return string Normalized path.
|
||||||
*/
|
*/
|
||||||
function wp_normalize_path( $path ) {
|
function wp_normalize_path( $path ) {
|
||||||
|
$wrapper = '';
|
||||||
|
if ( wp_is_stream( $path ) ) {
|
||||||
|
list( $wrapper, $path ) = explode( '://', $path, 2 );
|
||||||
|
$wrapper .= '://';
|
||||||
|
}
|
||||||
|
|
||||||
|
// Standardise all paths to use /
|
||||||
$path = str_replace( '\\', '/', $path );
|
$path = str_replace( '\\', '/', $path );
|
||||||
$path = preg_replace( '|/+|','/', $path );
|
|
||||||
return $path;
|
// Replace multiple slashes down to a singular, allowing for network shares having two slashes.
|
||||||
|
$path = preg_replace( '|(?<=.)/+|', '/', $path );
|
||||||
|
|
||||||
|
// Windows paths should uppercase the drive letter
|
||||||
|
if ( ':' === substr( $path, 1, 1 ) ) {
|
||||||
|
$path = ucfirst( $path );
|
||||||
|
}
|
||||||
|
|
||||||
|
return $wrapper . $path;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -4855,3 +4875,29 @@ function wp_validate_boolean( $var ) {
|
||||||
|
|
||||||
return (bool) $var;
|
return (bool) $var;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Deletes a file if its path is within the given directory.
|
||||||
|
*
|
||||||
|
* @since 4.9.7
|
||||||
|
*
|
||||||
|
* @param string $file Absolute path to the file to delete.
|
||||||
|
* @param string $directory Absolute path to a directory.
|
||||||
|
* @return bool True on success, false on failure.
|
||||||
|
*/
|
||||||
|
function wp_delete_file_from_directory( $file, $directory ) {
|
||||||
|
$real_file = realpath( wp_normalize_path( $file ) );
|
||||||
|
$real_directory = realpath( wp_normalize_path( $directory ) );
|
||||||
|
|
||||||
|
if ( false === $real_file || false === $real_directory || strpos( wp_normalize_path( $real_file ), trailingslashit( wp_normalize_path( $real_directory ) ) ) !== 0 ) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
/** This filter is documented in wp-admin/custom-header.php */
|
||||||
|
$delete = apply_filters( 'wp_delete_file', $file );
|
||||||
|
if ( ! empty( $delete ) ) {
|
||||||
|
@unlink( $delete );
|
||||||
|
}
|
||||||
|
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
|
@ -4806,46 +4806,79 @@ function wp_delete_attachment( $post_id, $force_delete = false ) {
|
||||||
/** This action is documented in wp-includes/post.php */
|
/** This action is documented in wp-includes/post.php */
|
||||||
do_action( 'deleted_post', $post_id );
|
do_action( 'deleted_post', $post_id );
|
||||||
|
|
||||||
|
wp_delete_attachment_files( $post_id, $meta, $backup_sizes, $file );
|
||||||
|
|
||||||
|
clean_post_cache( $post );
|
||||||
|
|
||||||
|
return $post;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Deletes all files that belong to the given attachment.
|
||||||
|
*
|
||||||
|
* @since 4.9.7
|
||||||
|
*
|
||||||
|
* @param int $post_id Attachment ID.
|
||||||
|
* @param array $meta The attachment's meta data.
|
||||||
|
* @param array $backup_sizes The meta data for the attachment's backup images.
|
||||||
|
* @param string $file Absolute path to the attachment's file.
|
||||||
|
* @return bool True on success, false on failure.
|
||||||
|
*/
|
||||||
|
function wp_delete_attachment_files( $post_id, $meta, $backup_sizes, $file ) {
|
||||||
|
global $wpdb;
|
||||||
|
|
||||||
$uploadpath = wp_upload_dir();
|
$uploadpath = wp_upload_dir();
|
||||||
|
$deleted = true;
|
||||||
|
|
||||||
if ( ! empty($meta['thumb']) ) {
|
if ( ! empty($meta['thumb']) ) {
|
||||||
// Don't delete the thumb if another attachment uses it.
|
// Don't delete the thumb if another attachment uses it.
|
||||||
if (! $wpdb->get_row( $wpdb->prepare( "SELECT meta_id FROM $wpdb->postmeta WHERE meta_key = '_wp_attachment_metadata' AND meta_value LIKE %s AND post_id <> %d", '%' . $wpdb->esc_like( $meta['thumb'] ) . '%', $post_id)) ) {
|
if (! $wpdb->get_row( $wpdb->prepare( "SELECT meta_id FROM $wpdb->postmeta WHERE meta_key = '_wp_attachment_metadata' AND meta_value LIKE %s AND post_id <> %d", '%' . $wpdb->esc_like( $meta['thumb'] ) . '%', $post_id)) ) {
|
||||||
$thumbfile = str_replace(basename($file), $meta['thumb'], $file);
|
$thumbfile = str_replace(basename($file), $meta['thumb'], $file);
|
||||||
/** This filter is documented in wp-admin/custom-header.php */
|
if ( ! empty( $thumbfile ) ) {
|
||||||
$thumbfile = apply_filters( 'wp_delete_file', $thumbfile );
|
$thumbfile = path_join( $uploadpath['basedir'], $thumbfile );
|
||||||
@ unlink( path_join($uploadpath['basedir'], $thumbfile) );
|
$thumbdir = path_join( $uploadpath['basedir'], dirname( $file ) );
|
||||||
|
|
||||||
|
if ( ! wp_delete_file_from_directory( $thumbfile, $thumbdir ) ) {
|
||||||
|
$deleted = false;
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// Remove intermediate and backup images if there are any.
|
// Remove intermediate and backup images if there are any.
|
||||||
if ( isset( $meta['sizes'] ) && is_array( $meta['sizes'] ) ) {
|
if ( isset( $meta['sizes'] ) && is_array( $meta['sizes'] ) ) {
|
||||||
|
$intermediate_dir = path_join( $uploadpath['basedir'], dirname( $file ) );
|
||||||
foreach ( $meta['sizes'] as $size => $sizeinfo ) {
|
foreach ( $meta['sizes'] as $size => $sizeinfo ) {
|
||||||
$intermediate_file = str_replace( basename( $file ), $sizeinfo['file'], $file );
|
$intermediate_file = str_replace( basename( $file ), $sizeinfo['file'], $file );
|
||||||
/** This filter is documented in wp-admin/custom-header.php */
|
if ( ! empty( $intermediate_file ) ) {
|
||||||
$intermediate_file = apply_filters( 'wp_delete_file', $intermediate_file );
|
$intermediate_file = path_join( $uploadpath['basedir'], $intermediate_file );
|
||||||
@ unlink( path_join( $uploadpath['basedir'], $intermediate_file ) );
|
|
||||||
|
if ( ! wp_delete_file_from_directory( $intermediate_file, $intermediate_dir ) ) {
|
||||||
|
$deleted = false;
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( is_array($backup_sizes) ) {
|
if ( is_array($backup_sizes) ) {
|
||||||
|
$del_dir = path_join( $uploadpath['basedir'], dirname( $meta['file'] ) );
|
||||||
foreach ( $backup_sizes as $size ) {
|
foreach ( $backup_sizes as $size ) {
|
||||||
$del_file = path_join( dirname($meta['file']), $size['file'] );
|
$del_file = path_join( dirname($meta['file']), $size['file'] );
|
||||||
/** This filter is documented in wp-admin/custom-header.php */
|
if ( ! empty( $del_file ) ) {
|
||||||
$del_file = apply_filters( 'wp_delete_file', $del_file );
|
$del_file = path_join( $uploadpath['basedir'], $del_file );
|
||||||
@ unlink( path_join($uploadpath['basedir'], $del_file) );
|
|
||||||
|
if ( ! wp_delete_file_from_directory( $del_file, $del_dir ) ) {
|
||||||
|
$deleted = false;
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/** This filter is documented in wp-admin/custom-header.php */
|
if ( ! wp_delete_file_from_directory( $file, $uploadpath['basedir'] ) ) {
|
||||||
$file = apply_filters( 'wp_delete_file', $file );
|
$deleted = false;
|
||||||
|
}
|
||||||
|
|
||||||
if ( ! empty($file) )
|
return $deleted;
|
||||||
@ unlink($file);
|
|
||||||
|
|
||||||
clean_post_cache( $post );
|
|
||||||
|
|
||||||
return $post;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
Loading…
Reference in New Issue