WordPress-C
/
WordPress
mirror of https://github.com/WordPress/WordPress.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
WordPress/wp-admin/includes
History
johnjamesjacoby 7a0a07d691 Admin/HTTP API: add suggested filename support to `download_url()`. 
This change allows for external clients to supply a suggested filename via a `Content-Disposition` response header. This filename is processed through `sanitize_file_name()` to ensure it is allowable (on the server, MIME's, etc...) and `validate_file()` to prevent directory traversal.

If the suggested filename fails the above processing/checks, that suggestion is discarded and the standard temporary filename (generated by WordPress) is used.

If no `Content-Disposition` header is found in the response headers, the standard temporary filename continues to be used as per normal.

Included in this change are 6 additional PHPUnit tests with 9 assertions. These tests confirm that valid filename values are correctly saved, and invalid filename values are correctly rejected.

Props cklosows, costdev, dd32, johnjamesjacoby, ocean90, psrpinto.

Fixes #38231.
Built from https://develop.svn.wordpress.org/trunk@51939


git-svn-id: http://core.svn.wordpress.org/trunk@51528 1a063a9b-81f0-0310-95a4-ce76da25c4cd
 		2021-10-27 15:00:01 +00:00
..
admin-filters.php Upgrade/Install: Notify users of deactivated plugins during upgrade. 2021-06-30 00:21:58 +00:00
admin.php Code Modernization: Replace `dirname( __FILE__ )` calls with `__DIR__` magic constant. 2020-02-06 06:33:11 +00:00
ajax-actions.php Media: Check the `posts_per_page` value in `wp_ajax_query_attachments()` before using it as a divisor. 2021-07-25 09:56:57 +00:00
bookmark.php Administration: Improve the message about installing the Link Manager plugin to use legacy Links screen. 2021-05-25 20:14:59 +00:00
class-automatic-upgrader-skin.php Code Modernization: Fix reserved keyword and parameter name mismatches for parent/child classes in `WP_Upgrader_Skin::feedback()`. 2021-09-09 13:48:56 +00:00
class-bulk-plugin-upgrader-skin.php Text Changes: Unify various "Back to..." vs. "Return to..." vs. "Go to..." strings. 2020-11-09 10:53:10 +00:00
class-bulk-theme-upgrader-skin.php Text Changes: Unify various "Back to..." vs. "Return to..." vs. "Go to..." strings. 2020-11-09 10:53:10 +00:00
class-bulk-upgrader-skin.php Code Modernization: Fix parameter name mismatches for parent/child classes in `WP_Upgrader_Skin::error()`. 2021-09-09 13:59:56 +00:00
class-core-upgrader.php Docs: Correct DocBlock formatting for `Core_Upgrader::upgrade()`. 2021-06-19 21:37:57 +00:00
class-custom-background.php Customize: Hide native control on background position field. 2021-08-19 02:07:56 +00:00
class-custom-image-header.php Coding Standards: Use strict comparison in `wp-admin/includes/class-custom-image-header.php`. 2021-04-13 19:05:04 +00:00
class-file-upload-upgrader.php Docs: Improve inline comments per the documentation standards. 2020-01-29 00:45:18 +00:00
class-ftp-pure.php Docs: Update URLs in some `@link` tags and switch them to HTTPS. 2019-11-01 14:57:02 +00:00
class-ftp-sockets.php Docs: Update URLs in some `@link` tags and switch them to HTTPS. 2019-11-01 14:57:02 +00:00
class-ftp.php General: Continuing to work towards a passing PHP Compatibility scan. 2020-06-03 17:40:12 +00:00
class-language-pack-upgrader-skin.php Code Modernization: Fix parameter name mismatches for parent/child classes in `WP_Upgrader_Skin::error()`. 2021-09-09 13:59:56 +00:00
class-language-pack-upgrader.php Docs: Add missing `@return` tag to `Language_Pack_Upgrader::check_package()`. 2020-10-05 13:44:11 +00:00
class-pclzip.php Filesystem API: Make sure to only call `fread()` on non-empty files in `PclZip::privAddFile()`. 2021-08-29 01:33:58 +00:00
class-plugin-installer-skin.php I18N: Combine escaping and translation functions. 2021-05-19 18:10:59 +00:00
class-plugin-upgrader-skin.php Text Changes: Unify various "Back to..." vs. "Return to..." vs. "Go to..." strings. 2020-11-09 10:53:10 +00:00
class-plugin-upgrader.php Upgrade/Install: Create a temporary backup of plugins and themes before updating. 2021-09-15 18:41:00 +00:00
class-theme-installer-skin.php I18N: Combine escaping and translation functions. 2021-05-19 18:10:59 +00:00
class-theme-upgrader-skin.php Text Changes: Unify various "Back to..." vs. "Return to..." vs. "Go to..." strings. 2020-11-09 10:53:10 +00:00
class-theme-upgrader.php Upgrade/Install: Create a temporary backup of plugins and themes before updating. 2021-09-15 18:41:00 +00:00
class-walker-category-checklist.php Code Modernization: Fix reserved keyword and parameter name mismatches for parent/child classes in `Walker::end_el()`. 2021-09-09 13:03:55 +00:00
class-walker-nav-menu-checklist.php Code Modernization: Fix last parameter name mismatches for parent/child classes in `Walker::start_el()`. 2021-09-09 12:39:59 +00:00
class-walker-nav-menu-edit.php Code Modernization: Fix last parameter name mismatches for parent/child classes in `Walker::start_el()`. 2021-09-09 12:39:59 +00:00
class-wp-ajax-upgrader-skin.php Code Modernization: Fix reserved keyword and parameter name mismatches for parent/child classes in `WP_Upgrader_Skin::feedback()`. 2021-09-09 13:48:56 +00:00
class-wp-application-passwords-list-table.php Application Passwords: Allow enter key to submit profile form. 2021-06-07 23:49:58 +00:00
class-wp-automatic-updater.php Coding Standards: Use strict comparison in `wp-admin/includes/class-wp-automatic-updater.php`. 2021-04-16 12:01:15 +00:00
class-wp-comments-list-table.php Code Modernization: Fix parameter name mismatches for parent/child classes in `WP_List_Table::handle_row_actions()`. 2021-09-07 19:24:53 +00:00
class-wp-community-events.php Coding Standards: Use static closures when not using `$this`. 2021-08-26 12:59:02 +00:00
class-wp-debug-data.php Coding Standards: Add `public` visibility to methods in `src` directory. 2021-10-18 17:52:58 +00:00
class-wp-filesystem-base.php Docs: Clarify the `@return` value for `WP_Filesystem_Base::getnumchmodfromh()`. 2021-07-27 11:01:57 +00:00
class-wp-filesystem-direct.php Docs: Correct `@return` type for `WP_Filesystem_Base::getnumchmodfromh()`. 2021-07-27 09:29:01 +00:00
class-wp-filesystem-ftpext.php Docs: Correct `@return` type for `WP_Filesystem_Base::getnumchmodfromh()`. 2021-07-27 09:29:01 +00:00
class-wp-filesystem-ftpsockets.php Docs: Correct `@return` type for `WP_Filesystem_Base::getnumchmodfromh()`. 2021-07-27 09:29:01 +00:00
class-wp-filesystem-ssh2.php Docs: Correct `@return` type for `WP_Filesystem_Base::getnumchmodfromh()`. 2021-07-27 09:29:01 +00:00
class-wp-importer.php Coding Standards: Remove unnecessary `unset()` calls in `WP_Importer` methods. 2021-04-08 11:12:08 +00:00
class-wp-internal-pointers.php Docs: Improve inline comments per the documentation standards. 2020-01-29 00:45:18 +00:00
class-wp-links-list-table.php Code Modernization: Fix parameter name mismatches for parent/child classes in `WP_List_Table::handle_row_actions()`. 2021-09-07 19:24:53 +00:00
class-wp-list-table-compat.php Docs: Add missing descriptions for `_WP_List_Table_Compat` methods. 2020-11-14 16:54:08 +00:00
class-wp-list-table.php Administration: Enable first and last page buttons in `WP_List_Table::pagination()`. 2021-10-01 18:39:58 +00:00
class-wp-media-list-table.php I18N: Add context for some Media Library filter strings: 2021-10-12 16:44:01 +00:00
class-wp-ms-sites-list-table.php Coding Standards: Remove duplicate assignment from a ternary operator in `WP_MS_Sites_List_Table::site_states()`. 2021-09-27 00:37:01 +00:00
class-wp-ms-themes-list-table.php Accessibility: Administration: Improve `aria-label` on network admin Themes screen. 2021-09-10 14:49:00 +00:00
class-wp-ms-users-list-table.php Code Modernization: Fix parameter name mismatches for parent/child classes in `WP_List_Table::handle_row_actions()`. 2021-09-07 19:24:53 +00:00
class-wp-plugin-install-list-table.php Docs: Document some more common names for dynamic hooks and standardise the phrasing used. 2021-09-21 18:21:00 +00:00
class-wp-plugins-list-table.php Accessibility: Administration: Improve `aria-label` on network admin Themes screen. 2021-09-10 14:49:00 +00:00
class-wp-post-comments-list-table.php Coding Standards: Upgrade WPCS to 1.0.0 2018-08-17 01:51:36 +00:00
class-wp-posts-list-table.php Code Modernization: Fix parameter name mismatches for parent/child classes in `WP_List_Table::handle_row_actions()`. 2021-09-07 19:24:53 +00:00
class-wp-privacy-data-export-requests-list-table.php Coding Standards: Fix WPCS issues in [49258]. 2020-10-20 21:20:07 +00:00
class-wp-privacy-data-removal-requests-list-table.php Coding Standards: Fix WPCS issues in [49258]. 2020-10-20 21:20:07 +00:00
class-wp-privacy-policy-content.php Privacy: Print screen reader text for the "Copy suggested policy text..." action button. 2021-03-25 20:21:04 +00:00
class-wp-privacy-requests-table.php Privacy: Introduce `manage_{$this->screen->id}_custom_column` action in `WP_Privacy_Requests_Table::column_default()`. 2021-02-02 16:44:04 +00:00
class-wp-screen.php Docs: Replace `$this` in hook param docs with more appropriate names. 2021-07-30 19:35:58 +00:00
class-wp-site-health-auto-updates.php Coding Standards: Add `public` visibility to methods in `src` directory. 2021-10-18 17:52:58 +00:00
class-wp-site-health.php Coding Standards: Add `public` visibility to methods in `src` directory. 2021-10-18 17:52:58 +00:00
class-wp-site-icon.php Media: Avoid suppressing errors when using `getimagesize()`. 2021-02-02 16:53:04 +00:00
class-wp-terms-list-table.php Taxonomy: Populate the `WP_Terms_List_Table::$items` property in `::prepare_items()`. 2021-10-08 00:38:00 +00:00
class-wp-theme-install-list-table.php Docs: Add examples of possible names for various hooks whose name contains a dynamic portion. 2021-03-07 12:32:09 +00:00
class-wp-themes-list-table.php I18N: Add context to some theme strings for consistency. 2020-07-21 16:33:05 +00:00
class-wp-upgrader-skin.php Code Modernization: Fix parameter name mismatches for parent/child classes in `WP_Upgrader_Skin::error()`. 2021-09-09 13:59:56 +00:00
class-wp-upgrader-skins.php Docs: Add missing `@deprecated` tags in the file docblock of some deprecated files. 2019-10-08 17:19:04 +00:00
class-wp-upgrader.php Upgrade/Install: Restore or clean up the temporary plugin or theme backup on shutdown. 2021-10-11 15:09:05 +00:00
class-wp-users-list-table.php Administration: Escape the values of data-colname. 2021-06-08 22:21:57 +00:00
comment.php Coding Standards: Use strict comparison in `wp-admin/includes/comment.php`. 2021-04-06 13:45:09 +00:00
continents-cities.php I18N: Update list of continents and cities for the timezone selection. 2021-03-19 15:42:04 +00:00
credits.php Help/About: Don't output empty `<span>` tags on Credits screen. 2021-10-19 23:09:00 +00:00
dashboard.php Docs: Adjust `wp_dashboard_browser_nag()` DocBlock per the documentation standards. 2021-06-30 16:07:57 +00:00
deprecated.php Docs: Remove deprecated option groups from `register_setting()` and `add_option_update_handler()`. 2021-09-20 16:20:00 +00:00
edit-tag-messages.php Coding Standards: Fix the `Squiz.PHP.DisallowMultipleAssignments` violations in `wp-admin`. 2019-07-01 12:52:01 +00:00
export.php Coding Standards: Simplify the check for parent terms in `export_wp()`. 2021-04-11 13:44:13 +00:00
file.php Admin/HTTP API: add suggested filename support to `download_url()`. 2021-10-27 15:00:01 +00:00
image-edit.php Docs: Correct description for the `$image` parameter of the `wp_save_image_file` filter. 2021-07-02 07:11:58 +00:00
image.php Docs: Update syntax for multi-line comment in `wp_generate_attachment_metadata()` per the documentation standards. 2021-06-15 19:10:58 +00:00
import.php Docs: Corrections and improvements to types used in various docblocks. 2021-01-05 17:16:11 +00:00
list-table.php Docs: Promote many `bool` types to `true` or `false` where only that value is used. 2021-01-03 22:04:04 +00:00
media.php Docs: Document some more common names for dynamic hooks and standardise the phrasing used. 2021-09-21 18:21:00 +00:00
menu.php Coding Standards: Use strict comparison for `count()` calls. 2020-05-23 11:38:08 +00:00
meta-boxes.php Docs: Document some more common names for dynamic hooks and standardise the phrasing used. 2021-09-21 18:21:00 +00:00
misc.php Docs: Document some more common names for dynamic hooks and standardise the phrasing used. 2021-09-21 18:21:00 +00:00
ms-admin-filters.php Docs: Improve comments in some `wp-admin` files per the documentation standards. 2020-01-29 00:35:08 +00:00
ms-deprecated.php I18N: Capitalize translator comments consistently, add trailing punctuation. 2019-09-03 00:41:05 +00:00
ms.php Posts, Post Types: Don't add a trailing number when there is a unique post parent. 2021-09-23 20:27:58 +00:00
nav-menu.php General: Avoid unnecessary calls to `update_user_option()`. 2021-05-24 19:59:57 +00:00
network.php Coding Standards: Adds spacing so `define()` statements displayed when creating a network. 2021-05-11 17:10:02 +00:00
noop.php Code Modernization: Remove conditional use of PHP `realpath()`. 2019-09-20 20:46:56 +00:00
options.php External Libraries: First pass at fixing jQuery deprecations in WordPress core and bundled themes. 2021-01-22 12:32:03 +00:00
plugin-install.php Plugins: Escape the currently installed version number on Add Plugins screen. 2021-05-07 13:49:58 +00:00
plugin.php Upgrade/Install: Notify users of deactivated plugins during upgrade. 2021-06-30 00:21:58 +00:00
post.php Docs: Further type corrections and improvements for various docblocks. 2021-07-01 22:02:57 +00:00
privacy-tools.php Coding Standards: Fix indentation and remove `ignore` annotation in `wp_privacy_send_personal_data_export_email()`. 2021-08-26 14:05:58 +00:00
revision.php Docs: Add examples of possible names for various hooks whose name contains a dynamic portion. 2021-03-07 12:32:09 +00:00
schema.php Coding Standards: Remove redundant ignore annotation in `populate_options()`. 2021-08-26 13:50:59 +00:00
screen.php Coding Standards: Use strict comparison in `wp-admin/includes/screen.php`. 2021-05-09 20:27:02 +00:00
taxonomy.php Docs: Further type corrections and improvements for various docblocks. 2021-07-01 22:02:57 +00:00
template.php Coding Standards: Remove duplicate assignment from a ternary operator in `WP_MS_Sites_List_Table::site_states()`. 2021-09-27 00:37:01 +00:00
theme-install.php Coding Standards: Add a space before `/` character in some self-closing HTML tags. 2021-03-20 18:30:08 +00:00
theme.php Themes: Make sure the theme API response is not an error before operating on it in `themes_api()`. 2021-08-11 13:01:56 +00:00
translation-install.php Docs: Promote many `bool` types to `true` or `false` where only that value is used. 2021-01-03 22:04:04 +00:00
update-core.php Coding Standards: Use static closures when not using `$this`. 2021-08-26 12:59:02 +00:00
update.php Docs: Correct documentation for the `in_plugin_update_message-{$file}` filter. 2021-09-07 12:55:00 +00:00
upgrade.php Cron: Remove errant `false` values in cron array when upgrading to 5.9+. 2021-10-18 13:30:57 +00:00
user.php Application Passwords: Improve various user-facing and developer-facing terminology. 2021-07-19 21:14:57 +00:00
widgets.php Widgets: Make sure `WP_Widget` constructor creates a correct `classname` value for a namespaced widget class. 2021-05-24 09:51:56 +00:00