Changeset 58475 for branches/6.4/src/wp-includes/functions.php

Timestamp:

06/24/2024 03:08:05 PM (2 years ago)

Author:

audrasjb

Message:

Grouped Backports to the 6.4 branch.

• Editor: Fix Path Traversal issue on Windows in Template-Part Block.
• Editor: Sanitize Template Part HTML tag on save.
• HTML API: Run URL attributes through esc_url().

Merges [58470], [58471], [58472] and [58473] to the 6.4 branch.
Props xknown, peterwilsoncc, jorbin, bernhard-reiter, azaozz, dmsnell, gziolo.

File:

• branches/6.4/src/wp-includes/functions.php (modified) (1 diff)

branches/6.4/src/wp-includes/functions.php

@@ -6146 +6146 @@
     }
 
+    // Normalize path for Windows servers
+    $file = wp_normalize_path( $file );
+
     // `../` on its own is not allowed:
     if ( '../' === $file ) {