Make WordPress Core

Ticket #12756: 12756.diff

File 12756.diff, 531 bytes (added by wpmuguru, 14 years ago)
  • wp-includes/ms-files.php

     
    2323        die( '404 — File not found.' );
    2424}
    2525
    26 $file = BLOGUPLOADDIR . str_replace( '..', '', $_GET[ 'file' ] );
    27 if ( !is_file( $file ) ) {
     26$file = BLOGUPLOADDIR . $_GET[ 'file' ];
     27if ( strpos( $_GET[ 'file' ], '../' ) !== false || !is_file( $file ) ) {
    2828        status_header( 404 );
    2929        die( '404 — File not found.' );
    3030}