Changeset 38524
- Timestamp:
- 09/06/2016 05:25:22 PM (8 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/wp-admin/includes/class-file-upload-upgrader.php
r37432 r38524 101 101 wp_die( $uploads['error'] ); 102 102 103 $this->filename = $_GET[$urlholder];103 $this->filename = sanitize_file_name( $_GET[ $urlholder ] ); 104 104 $this->package = $uploads['basedir'] . '/' . $this->filename; 105 106 if ( 0 !== strpos( realpath( $this->package ), realpath( $uploads['basedir'] ) ) ) { 107 wp_die( __( 'Please select a file' ) ); 108 } 105 109 } 106 110 }
Note: See TracChangeset
for help on using the changeset viewer.