WordPress.org
Get WordPress

Make WordPress Core

Ticket #42986: implement.3.diff

File implement.3.diff, 2.3 KB (added by lenon, 5 years ago)

Sorry by two last errors of file. This really diff that I believe to help security on remove files

  • wp-includes/functions.php 

    diff --git a/wp-includes/functions.php b/wp-includes/functions.php
index 9b5f292..9200d04 100644
    a b function wp_validate_boolean( $var ) { 
    57375737 * Delete a file
    57385738 *
    57395739 * @since 4.2.0
     5740 * @since 4.7.2 Added the $unblock_directories parameter and default filters.
    57405741 *
    5741  * @param string $file The path to the file to delete.
     5742 * @param string $file                The path to the file to delete.
     5743 * @param array  $unblock_directories By default path core directories are block and $unblock_directories are clear.
     5744 *                                    To unblock core folders you need set in array names ROOT, WP_CONTENT_DIR,
     5745 *                                    WP_ADMIN_DIR or WP_INCLUDE_DIR.
    57425746 */
    5743 function wp_delete_file( $file ) {
     5747function wp_delete_file( $file, $unblock_directories = array() ) {
     5748
     5749        // Default Filters the path of the file to delete.
     5750        $path_blocked = array(
     5751                'ROOT' => realpath( untrailingslashit( ABSPATH ) ), // Root path folder.
     5752                'WP_CONTENT_DIR' => realpath( WP_CONTENT_DIR ), // wp-content path folder.
     5753                'WP_ADMIN_DIR' => realpath( ABSPATH . 'wp-admin'), // wp-admin path folder.
     5754                'WP_INCLUDE_DIR' => realpath( ABSPATH . WPINC ) // wp-incluide path folder.
     5755    );
     5756
     5757        $path_blocked     = array_diff_key( $path_blocked, array_flip( $unblock_directories ) );
     5758        $file_folder_path = realpath( ltrim( dirname( $file ), DIRECTORY_SEPARATOR ) );
     5759
     5760        if ( in_array( $file_folder_path, $path_blocked, true) )  {
     5761                return;
     5762        }
     5763
    57445764        /**
    57455765         * Filters the path of the file to delete.
    57465766         *
    5747          * @since 2.1.0
    5748          *
    5749          * @param string $file Path to the file to delete.
     5767         * @since 4.2.0
     5768         * @since 4.7.2 Added the $unblock_directories parameter and default filters.
     5769     *
     5770         * @param string $file                Path to the file to delete.
     5771         * @param array  $unblock_directories By default path core directories are block and $unblock_directories are clear.
     5772         *                                    To unblock core folders you need set in array names ROOT, WP_CONTENT_DIR,
     5773         *                                    WP_ADMIN_DIR or WP_INCLUDE_DIR.
    57505774         */
    5751         $delete = apply_filters( 'wp_delete_file', $file );
     5775        $delete = apply_filters( 'wp_delete_file', $file, $unblock_directories );
    57525776        if ( ! empty( $delete ) ) {
    57535777                @unlink( $delete );
    57545778        }