WordPress.org

Make WordPress Core

Opened 11 years ago

Closed 11 years ago

Last modified 11 years ago

#16189 closed defect (bug) (duplicate)

Uploading files with more than one contiguous period should be disallowed

Reported by: simonwheatley Owned by:
Milestone: Priority: normal
Severity: normal Version: 3.1
Component: Upload Keywords:
Focuses: Cc:

Description

The file handler for multisite has a security http://core.trac.wordpress.org/browser/tags/3.0.4/wp-includes/ms-files.php#L26|measure which effectively bars the display of files with more than one contiguous period in the filename, e.g. my...file.jpg. Seems a silly thing to name a file, but there we go.

If this is the case then we probably should disallow uploading files like this, so no-one can get themselves in a twist and upload files which are unviewable on their site.

The attached diff adds a check for more than one contiguous period in the filename, and disallows the upload if the test fails.

Attachments (1)

check for double periods.diff (1.0 KB) - added by simonwheatley 11 years ago.
Add a file upload test for more than one contiguous period

Download all attachments as: .zip

Change History (4)

@simonwheatley
11 years ago

Add a file upload test for more than one contiguous period

#1 @westi
11 years ago

  • Keywords 3.2-early added
  • Milestone changed from Awaiting Review to Future Release

#2 @nacin
11 years ago

  • Keywords has-patch 3.2-early removed
  • Milestone Future Release deleted
  • Resolution set to duplicate
  • Status changed from new to closed

Duplicate of #12756.

#3 @simonwheatley
11 years ago

Ooops, thanks Nacin.

Note: See TracTickets for help on using tickets.