Make WordPress Core


Ignore:
Timestamp:
12/16/2019 11:22:00 PM (5 years ago)
Author:
azaozz
Message:

Upload:

  • Fix PHP warnings in wp_unique_filename() when the destination directory is unreadable.
  • Run the final name collision test only for files that are saved to the uploads directory.
  • Update the unit tests to match.

Props eden159, audrasjb, azaozz.
Fixes #48960 for trunk.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/functions.php

    r46862 r46965  
    24732473        // Prevent collisions with existing file names that contain dimension-like strings
    24742474        // (whether they are subsizes or originals uploaded prior to #42437).
     2475        $upload_dir = wp_get_upload_dir();
    24752476
    24762477        // The (resized) image files would have name and extension, and will be in the uploads dir.
    2477         if ( @is_dir( $dir ) && $name && $ext ) {
    2478             // List of all files and directories contained in $dir (with the "dot" files removed).
    2479             $files = array_diff( scandir( $dir ), array( '.', '..' ) );
     2478        if ( $name && $ext && @is_dir( $dir ) && false !== strpos( $dir, $upload_dir['basedir'] ) ) {
     2479            // List of all files and directories contained in $dir.
     2480            $files = @scandir( $dir );
     2481
     2482            if ( ! empty( $files ) ) {
     2483                // Remove "dot" dirs.
     2484                $files = array_diff( $files, array( '.', '..' ) );
     2485            }
    24802486
    24812487            if ( ! empty( $files ) ) {
Note: See TracChangeset for help on using the changeset viewer.