WordPress-C
/
WordPress
mirror of https://github.com/WordPress/WordPress.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Make sure ext passes through sanitize_file_name() 

git-svn-id: http://svn.automattic.com/wordpress/branches/3.1@18022 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
ryan 2011-05-24 15:56:40 +00:00
parent 5966a08d07
commit d8912e1b29
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
wp-app.php
View File

@ -607,13 +607,13 @@ EOD;
$slug = ''; $slug = '';
if ( isset( $_SERVER['HTTP_SLUG'] ) ) if ( isset( $_SERVER['HTTP_SLUG'] ) )
$slug = sanitize_file_name( $_SERVER['HTTP_SLUG'] ); $slug = $_SERVER['HTTP_SLUG'];
elseif ( isset( $_SERVER['HTTP_TITLE'] ) ) elseif ( isset( $_SERVER['HTTP_TITLE'] ) )
$slug = sanitize_file_name( $_SERVER['HTTP_TITLE'] ); $slug = $_SERVER['HTTP_TITLE'];
elseif ( empty( $slug ) ) // just make a random name elseif ( empty( $slug ) ) // just make a random name
$slug = substr( md5( uniqid( microtime() ) ), 0, 7); $slug = substr( md5( uniqid( microtime() ) ), 0, 7);
$ext = preg_replace( '|.*/([a-z0-9]+)|', '$1', $_SERVER['CONTENT_TYPE'] ); $ext = preg_replace( '|.*/([a-z0-9]+)|', '$1', $_SERVER['CONTENT_TYPE'] );
$slug = "$slug.$ext"; $slug = sanitize_file_name( "$slug.$ext" );
$file = wp_upload_bits( $slug, NULL, $bits); $file = wp_upload_bits( $slug, NULL, $bits);
log_app('wp_upload_bits returns:',print_r($file,true)); log_app('wp_upload_bits returns:',print_r($file,true));