Ticket #22813: 22813-ms-files.diff
| File 22813-ms-files.diff, 550 bytes (added by , 12 years ago) |
|---|
-
wp-includes/ms-files.php
23 23 die( '404 — File not found.' ); 24 24 } 25 25 26 $file = rtrim( BLOGUPLOADDIR, '/' ) . '/' . str_replace( '..', '', $_GET[ 'file'] );26 $file = rtrim( BLOGUPLOADDIR, '/' ) . '/' . str_replace( array( '..', ' ' ), array( '', '+' ), $_GET['file'] ); 27 27 if ( !is_file( $file ) ) { 28 28 status_header( 404 ); 29 29 die( '404 — File not found.' );