From d3bd82f0ac4dfd230d08b30fb662617738de65ea Mon Sep 17 00:00:00 2001 From: Dion Hulse Date: Fri, 30 Aug 2013 07:35:09 +0000 Subject: [PATCH] Theme Upgrader: Be super-careful and check the contents of the $wp_theme_directories variable before merging it, if someone has changed it directly, or worse, unset it, this could've resulted in the $protected_directories being empty. See [25082] See #22501 Built from https://develop.svn.wordpress.org/trunk@25180 git-svn-id: http://core.svn.wordpress.org/trunk@25152 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-admin/includes/class-wp-upgrader.php | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/wp-admin/includes/class-wp-upgrader.php b/wp-admin/includes/class-wp-upgrader.php index 1bd33ed826..7ceda137f9 100644 --- a/wp-admin/includes/class-wp-upgrader.php +++ b/wp-admin/includes/class-wp-upgrader.php @@ -212,7 +212,10 @@ class WP_Upgrader { // Protection against deleting files in any important base directories. // Theme_Upgrader & Plugin_Upgrader also trigger this, as they pass the destination directory (WP_PLUGIN_DIR / wp-content/themes) // intending to copy the directory into the directory, whilst they pass the source as the actual files to copy. - if ( in_array( $destination, array_merge( array( ABSPATH, WP_CONTENT_DIR, WP_PLUGIN_DIR, WP_CONTENT_DIR . '/themes' ), $wp_theme_directories ) ) ) { + $protected_directories = array( ABSPATH, WP_CONTENT_DIR, WP_PLUGIN_DIR, WP_CONTENT_DIR . '/themes' ); + if ( is_array( $wp_theme_directories ) ) + $protected_directories = array_merge( $protected_directories, $wp_theme_directories ); + if ( in_array( $destination, $protected_directories ) ) { $remote_destination = trailingslashit($remote_destination) . trailingslashit(basename($source)); $destination = trailingslashit($destination) . trailingslashit(basename($source)); }