Ticket #42016: correct-dots-check.2.diff
File correct-dots-check.2.diff, 1.2 KB (added by , 7 years ago) |
---|
-
wp-includes/functions.php
4252 4252 * @return int 0 means nothing is wrong, greater than 0 means something was wrong. 4253 4253 */ 4254 4254 function validate_file( $file, $allowed_files = '' ) { 4255 if ( false !== strpos( $file, '..' ) ) 4256 return 1; 4255 $result = 0; 4257 4256 4258 if ( false !== strpos( $file, './') )4259 return 1;4257 if (':' == substr( $file, 1, 1 ) ) 4258 $result = 2; 4260 4259 4261 4260 if ( ! empty( $allowed_files ) && ! in_array( $file, $allowed_files ) ) 4262 return3;4261 $result = 3; 4263 4262 4264 if (':' == substr( $file, 1, 1 ) ) 4265 return 2; 4266 4267 return 0; 4263 if ( preg_match( '#\.\./#', $file, $matches ) && ( count( $matches ) > 1 || '../' != substr( $file, -3, 3 ) ) ) 4264 $result = 1; 4265 4266 /** 4267 * Filters the returned result. 4268 * 4269 * @since 4.8.3 4270 * 4271 * @param int As described for the return value of the function. 4272 * @param string $file As provided to the function (file path). 4273 * @param array $allowed_files As provided to the function (list of allowed files). 4274 */ 4275 return apply_filters( 'validate_file', $result, $file, $allowed_files ); 4268 4276 } 4269 4277 4270 4278 /**