Changeset 12166 for branches/2.8/wp-includes/formatting.php

Timestamp:

11/11/2009 11:10:13 PM (15 years ago)

Author:

ryan

Message:

Sanitize filenames with multiple extensions. see #11122

File:

• branches/2.8/wp-includes/formatting.php (modified) (1 diff)

branches/2.8/wp-includes/formatting.php

@@ -606 +606 @@
     $filename = preg_replace('/[\s-]+/', '-', $filename);
     $filename = trim($filename, '.-_');
+
+    // Split the filename into a base and extension[s]
+    $parts = explode('.', $filename);
+
+    // Return if only one extension
+    if ( count($parts) <= 2 )
+        return apply_filters('sanitize_file_name', $filename, $filename_raw);
+
+    // Process multiple extensions
+    $filename = array_shift($parts);
+    $extension = array_pop($parts);
+    $mimes = get_allowed_mime_types();
+
+    // Loop over any intermediate extensions.  Munge them with a trailing underscore if they are a 2 - 5 character
+    // long alpha string not in the extension whitelist.
+    foreach ( (array) $parts as $part) {
+        $filename .= '.' . $part;
+        
+        if ( preg_match("/^[a-zA-Z]{2,5}\d?$/", $part) ) {
+            $allowed = false;
+            foreach ( $mimes as $ext_preg => $mime_match ) {
+                $ext_preg = '!(^' . $ext_preg . ')$!i';
+                if ( preg_match( $ext_preg, $part ) ) {
+                    $allowed = true;
+                    break;
+                }
+            }
+            if ( !$allowed )
+                $filename .= '_';
+        }
+    }
+    $filename .= '.' . $extension;
+
     return apply_filters('sanitize_file_name', $filename, $filename_raw);
 }