Ticket #42016: correct-dots-check-only.diff
File correct-dots-check-only.diff, 681 bytes (added by , 7 years ago) |
---|
-
wp-includes/functions.php
4252 4252 * @return int 0 means nothing is wrong, greater than 0 means something was wrong. 4253 4253 */ 4254 4254 function validate_file( $file, $allowed_files = '' ) { 4255 if ( false !== strpos( $file, '..') )4255 if ( preg_match( '#\.\./#', $file, $matches ) && ( count( $matches ) > 1 || '../' != substr( $file, -3, 3 ) ) ) 4256 4256 return 1; 4257 4257 4258 if ( false !== strpos( $file, './' ) )4259 return 1;4260 4261 4258 if ( ! empty( $allowed_files ) && ! in_array( $file, $allowed_files ) ) 4262 4259 return 3; 4263 4260