WordPress.org

Make WordPress Core

Ticket #42016: correct-dots-check-only.diff

File correct-dots-check-only.diff, 681 bytes (added by DavidAnderson, 2 years ago)

Finally... this patch contains only the correction to the validation, without adding the filter, in case that is preferred.

  • wp-includes/functions.php

     
    42524252 * @return int 0 means nothing is wrong, greater than 0 means something was wrong.
    42534253 */
    42544254function validate_file( $file, $allowed_files = '' ) {
    4255         if ( false !== strpos( $file, '..' ) )
     4255        if ( preg_match( '#\.\./#', $file, $matches ) && ( count( $matches ) > 1 || '../' != substr( $file, -3, 3 ) ) )
    42564256                return 1;
    42574257
    4258         if ( false !== strpos( $file, './' ) )
    4259                 return 1;
    4260 
    42614258        if ( ! empty( $allowed_files ) && ! in_array( $file, $allowed_files ) )
    42624259                return 3;
    42634260