From ef7326129fae25dd79f56ac9cf08a19165d98342 Mon Sep 17 00:00:00 2001 From: Andrew Ozz Date: Mon, 16 Dec 2019 23:44:04 +0000 Subject: [PATCH] Upload: Fix the final file name collision test in `wp_unique_filename()` when uploading a file with upper case extension. Add a unit test to catch that in the future. Fixes #48975 for trunk. Built from https://develop.svn.wordpress.org/trunk@46966 git-svn-id: http://core.svn.wordpress.org/trunk@46766 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-includes/functions.php | 16 +++++++++++++--- wp-includes/version.php | 2 +- 2 files changed, 14 insertions(+), 4 deletions(-) diff --git a/wp-includes/functions.php b/wp-includes/functions.php index 4cc62be66d..6a7b16563d 100644 --- a/wp-includes/functions.php +++ b/wp-includes/functions.php @@ -2410,6 +2410,7 @@ function _wp_upload_dir( $time = null ) { function wp_unique_filename( $dir, $filename, $unique_filename_callback = null ) { // Sanitize the file name before we begin processing. $filename = sanitize_file_name( $filename ); + $ext2 = null; // Separate the filename into a name and extension. $ext = pathinfo( $filename, PATHINFO_EXTENSION ); @@ -2485,10 +2486,19 @@ function wp_unique_filename( $dir, $filename, $unique_filename_callback = null ) } if ( ! empty( $files ) ) { - while ( _wp_check_existing_file_names( $filename, $files ) ) { + // The extension case may have changed above. + $new_ext = ! empty( $ext2 ) ? $ext2 : $ext; + + // Ensure this never goes into infinite loop + // as it uses pathinfo() and regex in the check but string replacement for the changes. + $count = count( $files ); + $i = 1; + + while ( $i <= $count && _wp_check_existing_file_names( $filename, $files ) ) { $new_number = (int) $number + 1; - $filename = str_replace( array( "-{$number}{$ext}", "{$number}{$ext}" ), "-{$new_number}{$ext}", $filename ); + $filename = str_replace( array( "-{$number}{$new_ext}", "{$number}{$new_ext}" ), "-{$new_number}{$new_ext}", $filename ); $number = $new_number; + $i++; } } } @@ -2530,7 +2540,7 @@ function _wp_check_existing_file_names( $filename, $files ) { $ext = ".$ext"; } - $regex = '/^' . preg_quote( $fname ) . '-(?:\d+x\d+|scaled|rotated)' . preg_quote( $ext ) . '$/'; + $regex = '/^' . preg_quote( $fname ) . '-(?:\d+x\d+|scaled|rotated)' . preg_quote( $ext ) . '$/i'; foreach ( $files as $file ) { if ( preg_match( $regex, $file ) ) { diff --git a/wp-includes/version.php b/wp-includes/version.php index 86b812d71d..4f6fa7089c 100644 --- a/wp-includes/version.php +++ b/wp-includes/version.php @@ -13,7 +13,7 @@ * * @global string $wp_version */ -$wp_version = '5.4-alpha-46965'; +$wp_version = '5.4-alpha-46966'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.