Changeset 38531

Timestamp:

09/06/2016 05:59:31 PM (10 years ago)

Author:

swissspidy

Message:

Upgrade/Install: Sanitize file name in File_Upload_Upgrader.

Merge of [38524] to the 4.0 branch.

Location:

branches/4.0

Files:

• . (modified) (1 prop)
• src/wp-admin/includes/class-wp-upgrader.php (modified) (1 diff)

branches/4.0/src/wp-admin/includes/class-wp-upgrader.php

@@ -1768 +1768 @@
                 wp_die( $uploads['error'] );
 
-            $this->filename = $_GET[$urlholder];
+            $this->filename = sanitize_file_name( $_GET[ $urlholder ] );
             $this->package = $uploads['basedir'] . '/' . $this->filename;
+
+            if ( 0 !== strpos( realpath( $this->package ), realpath( $uploads['basedir'] ) ) ) {
+                wp_die( __( 'Please select a file' ) );
+            }
         }
     }