Make WordPress Core

Changeset 46979


Ignore:
Timestamp:
12/17/2019 09:10:14 PM (5 years ago)
Author:
azaozz
Message:

Upload:

  • Fix PHP warnings in wp_unique_filename() when the destination directory is unreadable.
  • Run the final name collision test only for files that are saved to the uploads directory.
  • Update the unit tests to match.

Props eden159, audrasjb, azaozz.
Merges [46965] to the 5.3 branch.
Fixes #48960.

Location:
branches/5.3
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • branches/5.3

  • branches/5.3/src/wp-includes/functions.php

    r46863 r46979  
    24732473        // Prevent collisions with existing file names that contain dimension-like strings
    24742474        // (whether they are subsizes or originals uploaded prior to #42437).
     2475        $upload_dir = wp_get_upload_dir();
    24752476
    24762477        // The (resized) image files would have name and extension, and will be in the uploads dir.
    2477         if ( @is_dir( $dir ) && $name && $ext ) {
    2478             // List of all files and directories contained in $dir (with the "dot" files removed).
    2479             $files = array_diff( scandir( $dir ), array( '.', '..' ) );
     2478        if ( $name && $ext && @is_dir( $dir ) && false !== strpos( $dir, $upload_dir['basedir'] ) ) {
     2479            // List of all files and directories contained in $dir.
     2480            $files = @scandir( $dir );
     2481
     2482            if ( ! empty( $files ) ) {
     2483                // Remove "dot" dirs.
     2484                $files = array_diff( $files, array( '.', '..' ) );
     2485            }
    24802486
    24812487            if ( ! empty( $files ) ) {
  • branches/5.3/tests/phpunit/tests/functions.php

    r46836 r46979  
    202202        $testdir = DIR_TESTDATA . '/images/';
    203203
     204        add_filter( 'upload_dir', array( $this, 'upload_dir_patch_basedir' ) );
     205
    204206        // Test collision with "dimension-like" original filename.
    205207        $this->assertEquals( 'one-blue-pixel-100x100-1.png', wp_unique_filename( $testdir, 'one-blue-pixel-100x100.png' ) );
     
    207209        // Existing files: one-blue-pixel-100x100.png, one-blue-pixel-1-100x100.png.
    208210        $this->assertEquals( 'one-blue-pixel-2.png', wp_unique_filename( $testdir, 'one-blue-pixel.png' ) );
     211
     212        remove_filter( 'upload_dir', array( $this, 'upload_dir_patch_basedir' ) );
     213    }
     214
     215    // Callback to patch "basedir" when used in `wp_unique_filename()`.
     216    function upload_dir_patch_basedir( $upload_dir ) {
     217        $upload_dir['basedir'] = DIR_TESTDATA . '/images/';
     218        return $upload_dir;
    209219    }
    210220
     
    229239            ),
    230240        );
     241
    231242        foreach ( $cases as $case ) {
    232243            $this->assertTrue( is_serialized( $case ), "Serialized data: $case" );
     
    238249            's:4:test;',
    239250        );
     251
    240252        foreach ( $not_serialized as $case ) {
    241253            $this->assertFalse( is_serialized( $case ), "Test data: $case" );
Note: See TracChangeset for help on using the changeset viewer.