Opened 13 years ago
Closed 13 years ago
#18592 closed defect (bug) (fixed)
add trailingslashit to BLOGUPLOADDIR in ms-files.php
Reported by: | wonderboymusic | Owned by: | nacin |
---|---|---|---|
Milestone: | 3.3 | Priority: | normal |
Severity: | normal | Version: | 3.3 |
Component: | Multisite | Keywords: | has-patch needs-unit-tests |
Focuses: | Cc: |
Description
BLOGUPLOADDIR is trailingslashit'd inconsistently - since this value can be set by the user, adding trailingslashit to the constant value in ms-files.php will prevent broken images in sub-blogs when in Multisite mode
// WRONG define( 'BLOGUPLOADDIR', $_SERVER['DOCUMENT_ROOT'] . "/blogs.dir/{$the_id}/files" ); // RIGHT define( 'BLOGUPLOADDIR', $_SERVER['DOCUMENT_ROOT'] . "/blogs.dir/{$the_id}/files/" ); // CURRENT $file = BLOGUPLOADDIR . str_replace( '..', '', $_GET[ 'file' ] ); // PROPOSED $file = trailingslashit( BLOGUPLOADDIR ) . str_replace( '..', '', $_GET[ 'file' ] );
It's subtle, and hard to debug
Attachments (1)
Change History (8)
#4
@
13 years ago
- Keywords needs-unit-tests added
Noticed a few other things while looking at BLOGUPLOADDIR usage. We rather consistently slash/unslash the constant depending on what we want to do with it -- except for here.
We should probably have unit tests for a lot of these constants.
Note: See
TracTickets for help on using
tickets.
Patch for this ticket