WordPress.org
Get WordPress

Make WordPress Core


Ignore:
File:
1 edited

Legend:

Unmodified
Added
Removed

  • branches/3.5/wp-admin/includes/file.php

    r22800 r24481  
    329329    // Move the file to the uploads dir
    330330    $new_file = $uploads['path'] . "/$filename";
    331     if ( false === @ move_uploaded_file( $file['tmp_name'], $new_file ) )
    332         return $upload_error_handler( $file, sprintf( __('The uploaded file could not be moved to %s.' ), $uploads['path'] ) );
     331    if ( false === @ move_uploaded_file( $file['tmp_name'], $new_file ) ) {
     332        if ( 0 === strpos( $uploads['basedir'], ABSPATH ) )
     333            $error_path = str_replace( ABSPATH, '', $uploads['basedir'] ) . $uploads['subdir'];
     334        else
     335            $error_path = basename( $uploads['basedir'] ) . $uploads['subdir'];
     336
     337        return $upload_error_handler( $file, sprintf( __('The uploaded file could not be moved to %s.' ), $error_path ) );
     338    }
    333339
    334340    // Set correct file permissions
     
    453459    $new_file = $uploads['path'] . "/$filename";
    454460    if ( false === @ rename( $file['tmp_name'], $new_file ) ) {
    455         return $upload_error_handler( $file, sprintf( __('The uploaded file could not be moved to %s.' ), $uploads['path'] ) );
     461        if ( 0 === strpos( $uploads['basedir'], ABSPATH ) )
     462            $error_path = str_replace( ABSPATH, '', $uploads['basedir'] ) . $uploads['subdir'];
     463        else
     464            $error_path = basename( $uploads['basedir'] ) . $uploads['subdir'];
     465        return $upload_error_handler( $file, sprintf( __('The uploaded file could not be moved to %s.' ), $error_path ) );
    456466    }
    457467
     
    488498        return new WP_Error('http_no_file', __('Could not create Temporary file.'));
    489499
    490     $response = wp_remote_get( $url, array( 'timeout' => $timeout, 'stream' => true, 'filename' => $tmpfname ) );
     500    $response = wp_remote_get( $url, array( 'timeout' => $timeout, 'stream' => true, 'filename' => $tmpfname, 'reject_unsafe_urls' => true ) );
    491501
    492502    if ( is_wp_error( $response ) ) {
Note: See TracChangeset for help on using the changeset viewer.