WordPress.org

Make WordPress Core

Opened 5 years ago

Last modified 2 months ago

#24824 new defect (bug)

get_attached_file() treats fully qualified URLs as relative

Reported by: tobiaskochsonlinenet Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version: 2.7
Component: Media Keywords: dev-feedback has-patch has-unit-tests
Focuses: Cc:

Description

If you call the function get_attached_file() of wp-include/post.php with a fully qualified URL (like "http://www.example.com/file.ext") it will prepend the upload directory.

Checking the file's URI for :// would prevent this.

!preg_match('|^://|', $file)

Attachments (2)

24824.diff (755 bytes) - added by stevenlinx 6 months ago.
tck24824.2.diff (1.7 KB) - added by stevenlinx 2 months ago.
added unit test

Download all attachments as: .zip

Change History (8)

#1 @tobiaskochsonlinenet
5 years ago

Oops, actually the regular expression should read:

!preg_match('|://|', $file)

#2 @SergeyBiryukov
5 years ago

  • Version changed from trunk to 2.7

Related: [8796], [9242].

#3 @chriscct7
3 years ago

  • Keywords dev-feedback added

#4 @stevenlinx
6 months ago

  • Keywords has-patch removed

@stevenlinx
6 months ago

#5 @stevenlinx
6 months ago

  • Keywords has-patch added

1.) Related: 36308 patch fixes Windows paths and also makes the expression more compact.

2.) This patch, which adds on top of the patch above, also fixes URL paths by prevent an URL from going into the relative path conditional.

@stevenlinx
2 months ago

added unit test

#6 @stevenlinx
2 months ago

  • Keywords has-unit-tests added
Note: See TracTickets for help on using tickets.