WordPress.org

Make WordPress Core

Ticket #42986: implement.2.diff

File implement.2.diff, 3.0 KB (added by lenon, 3 years ago)

sorry correctly diff with new idea to help security on remove files

  • wp-includes/functions.php

    diff --git a/wp-includes/functions.php b/wp-includes/functions.php
    index fd60560..9200d04 100644
    a b function wp_validate_boolean( $var ) { 
    57375737 * Delete a file
    57385738 *
    57395739 * @since 4.2.0
     5740 * @since 4.7.2 Added the $unblock_directories parameter and default filters.
    57405741 *
    5741  * @param string $file The path to the file to delete.
    5742  * @param array $directories_unblock Are directory to unblocked. They are ROOT, WP_CONTENT_DIR, WP_ADMIN_DIR
    5743  *                                   and WP_INCLUDE_DIR.
    5744  * @return bool Whether the param is invalidated.
     5742 * @param string $file                The path to the file to delete.
     5743 * @param array  $unblock_directories By default path core directories are block and $unblock_directories are clear.
     5744 *                                    To unblock core folders you need set in array names ROOT, WP_CONTENT_DIR,
     5745 *                                    WP_ADMIN_DIR or WP_INCLUDE_DIR.
    57455746 */
    5746 function wp_delete_file( $file, $directories_unblock = array() ) {
     5747function wp_delete_file( $file, $unblock_directories = array() ) {
    57475748
    57485749        // Default Filters the path of the file to delete.
    5749         $path_blocked['ROOT']           = rtrim( ABSPATH, '/' );
    5750         $path_blocked['WP_CONTENT_DIR'] = WP_CONTENT_DIR;
    5751         $path_blocked['WP_ADMIN_DIR']   = ABSPATH . 'wp-admin';
    5752         $path_blocked['WP_INCLUDE_DIR'] = realpath( ABSPATH . WPINC );
    5753         $path_blocked                   = array_diff_key( $path_blocked, array_flip( $directories_unblock ) );
    5754         $file_folder_path               = realpath( ltrim( dirname( $file ), '/' ) );
    5755 
    5756         if ( in_array( $file_folder_path, $path_blocked ) ) {
    5757                 return false;
     5750        $path_blocked = array(
     5751                'ROOT' => realpath( untrailingslashit( ABSPATH ) ), // Root path folder.
     5752                'WP_CONTENT_DIR' => realpath( WP_CONTENT_DIR ), // wp-content path folder.
     5753                'WP_ADMIN_DIR' => realpath( ABSPATH . 'wp-admin'), // wp-admin path folder.
     5754                'WP_INCLUDE_DIR' => realpath( ABSPATH . WPINC ) // wp-incluide path folder.
     5755    );
     5756
     5757        $path_blocked     = array_diff_key( $path_blocked, array_flip( $unblock_directories ) );
     5758        $file_folder_path = realpath( ltrim( dirname( $file ), DIRECTORY_SEPARATOR ) );
     5759
     5760        if ( in_array( $file_folder_path, $path_blocked, true) )  {
     5761                return;
    57585762        }
    57595763
    57605764        /**
    57615765         * Filters the path of the file to delete.
    57625766         *
    5763          * @since 2.1.0
    5764          * @param string $file Path to the file to delete.
     5767         * @since 4.2.0
     5768         * @since 4.7.2 Added the $unblock_directories parameter and default filters.
     5769     *
     5770         * @param string $file                Path to the file to delete.
     5771         * @param array  $unblock_directories By default path core directories are block and $unblock_directories are clear.
     5772         *                                    To unblock core folders you need set in array names ROOT, WP_CONTENT_DIR,
     5773         *                                    WP_ADMIN_DIR or WP_INCLUDE_DIR.
    57655774         */
    5766         $delete = apply_filters( 'wp_delete_file', $file );
     5775        $delete = apply_filters( 'wp_delete_file', $file, $unblock_directories );
    57675776        if ( ! empty( $delete ) ) {
    57685777                @unlink( $delete );
    57695778        }