Context Navigation

← Previous Change
Next Change →

file.php

Timestamp:

10/24/2017 11:14:33 PM (8 years ago)

Author:

johnbillion

Message:

Filesystem API: Add more specificity to the rules for valid files in validate_file().

This now treats files containing ./ as valid, and also treats files containing a trailing ../ as valid due to widespread use of this pattern in theme and plugin zip files.

Adds tests.

Props Ipstenu, borgesbruno, DavidAnderson, philipjohn, birgire
Fixes #42016, #36170

File:

: 1 edited

trunk/src/wp-admin/includes/file.php (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed

trunk/src/wp-admin/includes/file.php

r42010	r42011
664	664	* @return string\|null
665	665	*/
666		function validate_file_to_edit( $file, $allowed_files = '' ) {
	666	function validate_file_to_edit( $file, $allowed_files = array() ) {
667	667	$code = validate_file( $file, $allowed_files );
668	668

Note: See TracChangeset for help on using the changeset viewer.

Trac UI Preferences

Make WordPress Core

Context Navigation

Changeset 42011 for trunk/src/wp-admin/includes/file.php

Legend:

trunk/src/wp-admin/includes/file.php

Download in other formats: