Index: wp-includes/js/tinymce/tiny_mce_gzip.php =================================================================== --- wp-includes/js/tinymce/tiny_mce_gzip.php (revision 4954) +++ wp-includes/js/tinymce/tiny_mce_gzip.php (working copy) @@ -17,25 +17,80 @@ // gzip_compression(); +// New realpath function +{ + if ($path == "") + { + return false; + } + + $path = trim(preg_replace("/\\\\/", "/", (string)$path)); + + if (!preg_match("/(\.\w{1,4})$/", $path) && + !preg_match("/\?[^\\/]+$/", $path) && + !preg_match("/\\/$/", $path)) + { + $path .= '/'; + } + + $pattern = "/^(\\/|\w:\\/|https?:\\/\\/[^\\/]+\\/)?(.*)$/i"; + + preg_match_all($pattern, $path, $matches, PREG_SET_ORDER); + + $path_tok_1 = $matches[0][1]; + $path_tok_2 = $matches[0][2]; + + $path_tok_2 = preg_replace( + array("/^\\/+/", "/\\/+/"), + array("", "/"), + $path_tok_2); + + $path_parts = explode("/", $path_tok_2); + $real_path_parts = array(); + + for ($i = 0, $real_path_parts = array(); $i < count($path_parts); $i++) + { + if ($path_parts[$i] == '.') + { + continue; + } + else if ($path_parts[$i] == '..') + { + if ( (isset($real_path_parts[0]) && $real_path_parts[0] != '..') + || ($path_tok_1 != "") ) + { + array_pop($real_path_parts); + continue; + } + } + + array_push($real_path_parts, $path_parts[$i]); + } + + return $path_tok_1 . implode('/', $real_path_parts); +} + +// End of real_path function + function wp_tinymce_lang($path) { global $language; $text = ''; // Look for xx_YY.js, xx_yy.js, xx.js - $file = realpath(sprintf($path, $language)); + $file = real_path(sprintf($path, $language)); if ( file_exists($file) ) $text = file_get_contents($file); - $file = realpath(sprintf($path, strtolower($language))); + $file = real_path(sprintf($path, strtolower($language))); if ( file_exists($file) ) $text = file_get_contents($file); - $file = realpath(sprintf($path, substr($language, 0, 2))); + $file = real_path(sprintf($path, substr($language, 0, 2))); if ( file_exists($file) ) $text = file_get_contents($file); // Fall back on en.js - $file = realpath(sprintf($path, 'en')); + $file = real_path(sprintf($path, 'en')); if ( empty($text) && file_exists($file) ) $text = file_get_contents($file); @@ -78,7 +133,7 @@ $suffix = ""; // Set to "_src" to use source version $expiresOffset = 3600 * 24 * 10; // 10 days util client cache expires $diskCache = false; // If you enable this option gzip files will be cached on disk. -$cacheDir = realpath("."); // Absolute directory path to where cached gz files will be stored +$cacheDir = real_path("."); // Absolute directory path to where cached gz files will be stored $debug = false; // Enable this option if you need debuging info // Headers @@ -143,10 +198,11 @@ } else $diskCache = false; + if ($index > -1) { // Write main script and patch some things if ($index == 0) { - TinyMCE_echo(wp_compact_tinymce_js(file_get_contents(realpath("tiny_mce" . $suffix . ".js")))); // WP + TinyMCE_echo(wp_compact_tinymce_js(file_get_contents(real_path("tiny_mce" . $suffix . ".js")))); // WP TinyMCE_echo('TinyMCE.prototype.orgLoadScript = TinyMCE.prototype.loadScript;'); TinyMCE_echo('TinyMCE.prototype.loadScript = function() {};var realTinyMCE = tinyMCE;'); } else @@ -161,7 +217,7 @@ // Load theme, language pack and theme language packs if ($theme) { - TinyMCE_echo(wp_compact_tinymce_js(file_get_contents(realpath("themes/" . $theme . "/editor_template" . $suffix . ".js")))); // WP + TinyMCE_echo(wp_compact_tinymce_js(file_get_contents(real_path("themes/" . $theme . "/editor_template" . $suffix . ".js")))); // WP TinyMCE_echo(wp_tinymce_lang("themes/" . $theme . "/langs/%s.js")); // WP } @@ -171,7 +227,7 @@ // Load all plugins and their language packs $plugins = explode(",", $plugins); foreach ($plugins as $plugin) { - $pluginFile = realpath("plugins/" . $plugin . "/editor_plugin" . $suffix . ".js"); + $pluginFile = real_path("plugins/" . $plugin . "/editor_plugin" . $suffix . ".js"); /* WP $languageFile = realpath("plugins/" . $plugin . "/langs/" . $lang . ".js"); WP */ if ($pluginFile)