Changeset 38533

Timestamp:

09/06/2016 06:03:57 PM (8 years ago)

Author:

swissspidy

Message:

Upgrade/Install: Sanitize file name in File_Upload_Upgrader.

Merge of [38524] to the 3.8 branch.

Location:

branches/3.8

Files:

• . (modified) (1 prop)
• src/wp-admin/includes/class-wp-upgrader.php (modified) (1 diff)

branches/3.8/src/wp-admin/includes/class-wp-upgrader.php

@@ -1602 +1602 @@
                 wp_die( $uploads['error'] );
 
-            $this->filename = $_GET[$urlholder];
+            $this->filename = sanitize_file_name( $_GET[ $urlholder ] );
             $this->package = $uploads['basedir'] . '/' . $this->filename;
+
+            if ( 0 !== strpos( realpath( $this->package ), realpath( $uploads['basedir'] ) ) ) {
+                wp_die( __( 'Please select a file' ) );
+            }
         }
     }