Make WordPress Core


Ignore:
File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/2.7/wp-admin/includes/file.php

    r10150 r10199  
    668668    $credentials['private_key'] = defined('FTP_PRIKEY') ? FTP_PRIKEY : (!empty($_POST['private_key']) ? $_POST['private_key'] : $credentials['private_key']);
    669669
     670    //sanitize the hostname, Some people might pass in odd-data:
     671    $credentials['hostname'] = preg_replace('|\w+://|', '', $credentials['hostname']); //Strip any schemes off
     672
    670673    if ( strpos($credentials['hostname'], ':') )
    671674        list( $credentials['hostname'], $credentials['port'] ) = explode(':', $credentials['hostname'], 2);
     675    else
     676        unset($credentials['port']);
    672677
    673678    if ( defined('FTP_SSH') || (isset($_POST['connection_type']) && 'ssh' == $_POST['connection_type']) )
     
    680685    if ( ! $error && !empty($credentials['password']) && !empty($credentials['username']) && !empty($credentials['hostname']) ) {
    681686        $stored_credentials = $credentials;
    682         unset($stored_credentials['password'], $stored_credentials['private_key'], $stored_credentials['public_key']);
     687        if ( !empty($stored_credentials['port']) ) //save port as part of hostname to simplify above code.
     688            $stored_credentials['hostname'] .= ':' . $stored_credentials['port'];
     689
     690        unset($stored_credentials['password'], $stored_credentials['port'], $stored_credentials['private_key'], $stored_credentials['public_key']);
    683691        update_option('ftp_credentials', $stored_credentials);
    684692        return $credentials;
Note: See TracChangeset for help on using the changeset viewer.