WordPress.org

Make WordPress Core

Ticket #21292: 21292-2.diff

File 21292-2.diff, 3.9 KB (added by markoheijnen, 21 months ago)

Added unfiltered_upload capability check

  • wp-includes/functions.php

     
    15861586                return array( 'error' => __( 'Empty filename' ) ); 
    15871587 
    15881588        $wp_filetype = wp_check_filetype( $name ); 
    1589         if ( !$wp_filetype['ext'] ) 
     1589        if ( ( ! $wp_filetype['type'] || ! $wp_filetype['ext'] ) && ! current_user_can( 'unfiltered_upload' ) ) 
    15901590                return array( 'error' => __( 'Invalid file type' ) ); 
    15911591 
    15921592        $upload = wp_upload_dir( $time ); 
     
    15951595                return $upload; 
    15961596 
    15971597        $upload_bits_error = apply_filters( 'wp_upload_bits', array( 'name' => $name, 'bits' => $bits, 'time' => $time ) ); 
    1598         if ( !is_array( $upload_bits_error ) ) { 
     1598        if ( ! is_array( $upload_bits_error ) || isset( $upload_bits_error['error'] ) ) { 
    15991599                $upload[ 'error' ] = $upload_bits_error; 
    16001600                return $upload; 
    16011601        } 
     
    16171617        clearstatcache(); 
    16181618 
    16191619        // Set correct file permissions 
    1620         $stat = @ stat( dirname( $new_file ) ); 
     1620        $stat  = stat( dirname( $new_file ) ); 
    16211621        $perms = $stat['mode'] & 0007777; 
    16221622        $perms = $perms & 0000666; 
    16231623        @ chmod( $new_file, $perms ); 
     
    16261626        // Compute the URL 
    16271627        $url = $upload['url'] . "/$filename"; 
    16281628 
     1629        if ( is_multisite() ) 
     1630                delete_transient( 'dirsize_cache' ); 
     1631 
    16291632        return array( 'file' => $new_file, 'url' => $url, 'error' => false ); 
    16301633} 
    16311634 
  • wp-includes/class-wp-xmlrpc-server.php

     
    45574557                } 
    45584558 
    45594559                $upload = wp_upload_bits($name, null, $bits); 
     4560 
    45604561                if ( ! empty($upload['error']) ) { 
    45614562                        $errorString = sprintf(__('Could not write file %1$s (%2$s)'), $name, $upload['error']); 
    45624563                        return new IXR_Error(500, $errorString); 
  • wp-admin/includes/ms.php

     
    1919        if ( get_site_option( 'upload_space_check_disabled' ) ) 
    2020                return $file; 
    2121 
    22         if ( $file['error'] != '0' ) // there's already an error 
     22        if ( $file['error'] && $file['error'] != '0' ) // there's already an error 
    2323                return $file; 
    2424 
    2525        if ( defined( 'WP_IMPORTING' ) ) 
     
    2828        $space_allowed = 1048576 * get_space_allowed(); 
    2929        $space_used = get_dirsize( BLOGUPLOADDIR ); 
    3030        $space_left = $space_allowed - $space_used; 
    31         $file_size = filesize( $file['tmp_name'] ); 
    32         if ( $space_left < $file_size ) 
     31 
     32        if( 'wp_upload_bits' == current_filter() ) { 
     33                if( function_exists( 'mb_strlen' ) ) 
     34                        $file_size = mb_strlen( $file['bits'], 'ascii'); 
     35                else 
     36                        $file_size = strlen( $file['bits'] ); 
     37        } 
     38        else { 
     39                $file_size = filesize( $file['tmp_name'] ); 
     40        } 
     41 
     42        if( $space_left < $file_size ) 
    3343                $file['error'] = sprintf( __( 'Not enough space to upload. %1$s KB needed.' ), number_format( ($file_size - $space_left) /1024 ) ); 
    34         if ( $file_size > ( 1024 * get_site_option( 'fileupload_maxk', 1500 ) ) ) 
     44        if( $file_size > ( 1024 * get_site_option( 'fileupload_maxk', 1500 ) ) ) 
    3545                $file['error'] = sprintf(__('This file is too big. Files must be less than %1$s KB in size.'), get_site_option( 'fileupload_maxk', 1500 ) ); 
    36         if ( upload_is_user_over_quota( false ) ) { 
     46        if( upload_is_user_over_quota( false ) ) { 
    3747                $file['error'] = __( 'You have used your space quota. Please delete files before uploading.' ); 
    3848        } 
    39         if ( $file['error'] != '0' && !isset($_POST['html-upload']) ) 
     49        if( $file['error'] != '0' && ! isset( $_POST['html-upload'] ) && 'wp_handle_upload_prefilter' == current_filter() ) 
    4050                wp_die( $file['error'] . ' <a href="javascript:history.go(-1)">' . __( 'Back' ) . '</a>' ); 
    4151 
    4252        return $file; 
    4353} 
    4454add_filter( 'wp_handle_upload_prefilter', 'check_upload_size' ); 
     55add_filter( 'wp_upload_bits', 'check_upload_size' ); 
    4556 
    4657/** 
    4758 * Delete a blog