Uploading files with more than one contiguous period should be disallowed
|Reported by:||simonwheatley||Owned by:|
The file handler for multisite has a security http://core.trac.wordpress.org/browser/tags/3.0.4/wp-includes/ms-files.php#L26|measure which effectively bars the display of files with more than one contiguous period in the filename, e.g. my...file.jpg. Seems a silly thing to name a file, but there we go.
If this is the case then we probably should disallow uploading files like this, so no-one can get themselves in a twist and upload files which are unviewable on their site.
The attached diff adds a check for more than one contiguous period in the filename, and disallows the upload if the test fails.
Change History (4)
- Keywords 3.2-early added
- Milestone changed from Awaiting Review to Future Release
- Keywords has-patch 3.2-early removed
- Milestone Future Release deleted
- Resolution set to duplicate
- Status changed from new to closed