Make WordPress Core

Changeset 55209


Ignore:
Timestamp:
02/03/2023 12:46:18 PM (22 months ago)
Author:
audrasjb
Message:

Media: Replace consecutive periods in sanitize_file_name().

On some servers, consecutive periods in a filename can cause a 403 Forbidden response.
This changeset replaces consecutive periods with a single period, and adds related unit tests.

Props ArtZ91, costdev, SergeyBiryukov, arthurshlain, mukesh27.
Fixes #57242.

Location:
trunk
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/formatting.php

    r55162 r55209  
    20482048    $filename = str_replace( $special_chars, '', $filename );
    20492049    $filename = str_replace( array( '%20', '+' ), '-', $filename );
     2050    $filename = preg_replace( '/\.{2,}/', '.', $filename );
    20502051    $filename = preg_replace( '/[\r\n\t -]+/', '-', $filename );
    20512052    $filename = trim( $filename, '.-_' );
  • trunk/tests/phpunit/tests/formatting/sanitizeFileName.php

    r53562 r55209  
    9696        );
    9797    }
     98
     99    /**
     100     * Tests that sanitize_file_name() replaces consecutive periods
     101     * with a single period.
     102     *
     103     * @ticket 57242
     104     *
     105     * @dataProvider data_sanitize_file_name_should_replace_consecutive_periods_with_a_single_period
     106     *
     107     * @param string $filename A filename with consecutive periods.
     108     * @param string $expected The expected filename after sanitization.
     109     */
     110    public function test_sanitize_file_name_should_replace_consecutive_periods_with_a_single_period( $filename, $expected ) {
     111        $this->assertSame( $expected, sanitize_file_name( $filename ) );
     112    }
     113
     114    /**
     115     * Data provider for test_sanitize_file_name_should_replace_consecutive_periods_with_a_single_period().
     116     *
     117     * @return array[]
     118     */
     119    public function data_sanitize_file_name_should_replace_consecutive_periods_with_a_single_period() {
     120        return array(
     121            'consecutive periods at the start'         => array(
     122                'filename' => '...filename.png',
     123                'expected' => 'filename.png',
     124            ),
     125            'consecutive periods in the middle'        => array(
     126                'filename' => 'file.......name.png',
     127                'expected' => 'file.name_.png',
     128            ),
     129            'consecutive periods before the extension' => array(
     130                'filename' => 'filename....png',
     131                'expected' => 'filename.png',
     132            ),
     133            'consecutive periods after the extension'  => array(
     134                'filename' => 'filename.png...',
     135                'expected' => 'filename.png',
     136            ),
     137            'consecutive periods at the start, middle, before, after the extension' => array(
     138                'filename' => '.....file....name...png......',
     139                'expected' => 'file.name_.png',
     140            ),
     141            'consecutive periods and no extension'     => array(
     142                'filename' => 'filename...',
     143                'expected' => 'filename',
     144            ),
     145        );
     146    }
    98147}
  • trunk/tests/phpunit/tests/functions.php

    r54891 r55209  
    259259
    260260        // Test crazy name (useful for regression tests).
    261         $this->assertSame( '12af34567890@..^_qwerty-fghjkl-zx.png', wp_unique_filename( $testdir, '12%af34567890#~!@#$..%^&*()|_+qwerty  fgh`jkl zx<>?:"{}[]="\'/?.png' ), 'Failed crazy file name' );
     261        $this->assertSame( '12af34567890@.^_qwerty-fghjkl-zx.png', wp_unique_filename( $testdir, '12%af34567890#~!@#$..%^&*()|_+qwerty  fgh`jkl zx<>?:"{}[]="\'/?.png' ), 'Failed crazy file name' );
    262262
    263263        // Test slashes in names.
Note: See TracChangeset for help on using the changeset viewer.