Sanitize filenames with multiple extensions. see #11122
git-svn-id: http://svn.automattic.com/wordpress/branches/2.8@12166 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
59457d40dc
commit
9720d33dfb
|
@ -605,6 +605,39 @@ function sanitize_file_name( $filename ) {
|
|||
$filename = str_replace($special_chars, '', $filename);
|
||||
$filename = preg_replace('/[\s-]+/', '-', $filename);
|
||||
$filename = trim($filename, '.-_');
|
||||
|
||||
// Split the filename into a base and extension[s]
|
||||
$parts = explode('.', $filename);
|
||||
|
||||
// Return if only one extension
|
||||
if ( count($parts) <= 2 )
|
||||
return apply_filters('sanitize_file_name', $filename, $filename_raw);
|
||||
|
||||
// Process multiple extensions
|
||||
$filename = array_shift($parts);
|
||||
$extension = array_pop($parts);
|
||||
$mimes = get_allowed_mime_types();
|
||||
|
||||
// Loop over any intermediate extensions. Munge them with a trailing underscore if they are a 2 - 5 character
|
||||
// long alpha string not in the extension whitelist.
|
||||
foreach ( (array) $parts as $part) {
|
||||
$filename .= '.' . $part;
|
||||
|
||||
if ( preg_match("/^[a-zA-Z]{2,5}\d?$/", $part) ) {
|
||||
$allowed = false;
|
||||
foreach ( $mimes as $ext_preg => $mime_match ) {
|
||||
$ext_preg = '!(^' . $ext_preg . ')$!i';
|
||||
if ( preg_match( $ext_preg, $part ) ) {
|
||||
$allowed = true;
|
||||
break;
|
||||
}
|
||||
}
|
||||
if ( !$allowed )
|
||||
$filename .= '_';
|
||||
}
|
||||
}
|
||||
$filename .= '.' . $extension;
|
||||
|
||||
return apply_filters('sanitize_file_name', $filename, $filename_raw);
|
||||
}
|
||||
|
||||
|
|
|
@ -2226,8 +2226,36 @@ function wp_ext2type( $ext ) {
|
|||
* @return array Values with extension first and mime type.
|
||||
*/
|
||||
function wp_check_filetype( $filename, $mimes = null ) {
|
||||
// Accepted MIME types are set here as PCRE unless provided.
|
||||
$mimes = ( is_array( $mimes ) ) ? $mimes : apply_filters( 'upload_mimes', array(
|
||||
if ( null === $mimes )
|
||||
$mimes = get_allowed_mime_types();
|
||||
$type = false;
|
||||
$ext = false;
|
||||
|
||||
foreach ( $mimes as $ext_preg => $mime_match ) {
|
||||
$ext_preg = '!\.(' . $ext_preg . ')$!i';
|
||||
if ( preg_match( $ext_preg, $filename, $ext_matches ) ) {
|
||||
$type = $mime_match;
|
||||
$ext = $ext_matches[1];
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
return compact( 'ext', 'type' );
|
||||
}
|
||||
|
||||
/**
|
||||
* Retrieve list of allowed mime types and file extensions.
|
||||
*
|
||||
* @since 2.8.6
|
||||
*
|
||||
* @return array Array of mime types keyed by the file extension regex corresponding to those types.
|
||||
*/
|
||||
function get_allowed_mime_types() {
|
||||
static $mimes = false;
|
||||
|
||||
if ( !$mimes ) {
|
||||
// Accepted MIME types are set here as PCRE unless provided.
|
||||
$mimes = apply_filters( 'upload_mimes', array(
|
||||
'jpg|jpeg|jpe' => 'image/jpeg',
|
||||
'gif' => 'image/gif',
|
||||
'png' => 'image/png',
|
||||
|
@ -2273,24 +2301,11 @@ function wp_check_filetype( $filename, $mimes = null ) {
|
|||
'odc' => 'application/vnd.oasis.opendocument.chart',
|
||||
'odb' => 'application/vnd.oasis.opendocument.database',
|
||||
'odf' => 'application/vnd.oasis.opendocument.formula',
|
||||
)
|
||||
);
|
||||
|
||||
$type = false;
|
||||
$ext = false;
|
||||
|
||||
foreach ( $mimes as $ext_preg => $mime_match ) {
|
||||
$ext_preg = '!\.(' . $ext_preg . ')$!i';
|
||||
if ( preg_match( $ext_preg, $filename, $ext_matches ) ) {
|
||||
$type = $mime_match;
|
||||
$ext = $ext_matches[1];
|
||||
break;
|
||||
}
|
||||
) );
|
||||
}
|
||||
|
||||
return compact( 'ext', 'type' );
|
||||
return $mimes;
|
||||
}
|
||||
|
||||
/**
|
||||
* Retrieve nonce action "Are you sure" message.
|
||||
*
|
||||
|
|
Loading…
Reference in New Issue