WordPress.org

Make WordPress Core

Ticket #12756: 12756.diff

File 12756.diff, 531 bytes (added by wpmuguru, 5 years ago)
  • wp-includes/ms-files.php

     
    2323        die( '404 — File not found.' ); 
    2424} 
    2525 
    26 $file = BLOGUPLOADDIR . str_replace( '..', '', $_GET[ 'file' ] ); 
    27 if ( !is_file( $file ) ) { 
     26$file = BLOGUPLOADDIR . $_GET[ 'file' ]; 
     27if ( strpos( $_GET[ 'file' ], '../' ) !== false || !is_file( $file ) ) { 
    2828        status_header( 404 ); 
    2929        die( '404 — File not found.' ); 
    3030}