#16189 closed defect (bug) (duplicate)
Uploading files with more than one contiguous period should be disallowed
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Priority: | normal | Milestone: | |
| Component: | Upload | Version: | 3.1 |
| Severity: | normal | Keywords: | |
| Cc: |
Description
The file handler for multisite has a security http://core.trac.wordpress.org/browser/tags/3.0.4/wp-includes/ms-files.php#L26|measure which effectively bars the display of files with more than one contiguous period in the filename, e.g. my...file.jpg. Seems a silly thing to name a file, but there we go.
If this is the case then we probably should disallow uploading files like this, so no-one can get themselves in a twist and upload files which are unviewable on their site.
The attached diff adds a check for more than one contiguous period in the filename, and disallows the upload if the test fails.
Attachments (1)
Change History (4)
simonwheatley — 2 years ago
- Keywords 3.2-early added
- Milestone changed from Awaiting Review to Future Release
- Keywords has-patch 3.2-early removed
- Milestone Future Release deleted
- Resolution set to duplicate
- Status changed from new to closed
Duplicate of #12756.
comment:3
simonwheatley — 2 years ago
Ooops, thanks Nacin.
Note: See
TracTickets for help on using
tickets.
Add a file upload test for more than one contiguous period