Ticket #12756: 12756.diff
File 12756.diff, 531 bytes (added by , 14 years ago) |
---|
-
wp-includes/ms-files.php
23 23 die( '404 — File not found.' ); 24 24 } 25 25 26 $file = BLOGUPLOADDIR . str_replace( '..', '', $_GET[ 'file' ] );27 if ( !is_file( $file ) ) {26 $file = BLOGUPLOADDIR . $_GET[ 'file' ]; 27 if ( strpos( $_GET[ 'file' ], '../' ) !== false || !is_file( $file ) ) { 28 28 status_header( 404 ); 29 29 die( '404 — File not found.' ); 30 30 }