Make WordPress Core

Opened 5 years ago

Last modified 3 months ago

#24824 new defect (bug)

get_attached_file() treats fully qualified URLs as relative

Reported by: tobiaskochsonlinenet Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version: 2.7
Component: Media Keywords: dev-feedback has-patch
Focuses: Cc:


If you call the function get_attached_file() of wp-include/post.php with a fully qualified URL (like "http://www.example.com/file.ext") it will prepend the upload directory.

Checking the file's URI for :// would prevent this.

!preg_match('|^://|', $file)

Attachments (1)

24824.diff (755 bytes) - added by stevenlinx 3 months ago.

Download all attachments as: .zip

Change History (6)

#1 @tobiaskochsonlinenet
5 years ago

Oops, actually the regular expression should read:

!preg_match('|://|', $file)

#2 @SergeyBiryukov
5 years ago

  • Version changed from trunk to 2.7

Related: [8796], [9242].

#3 @chriscct7
3 years ago

  • Keywords dev-feedback added

#4 @stevenlinx
3 months ago

  • Keywords has-patch removed

3 months ago

#5 @stevenlinx
3 months ago

  • Keywords has-patch added

Related: 36308 patch fixes Windows paths and also makes the expression more compact.

This patch, which adds on top of the patch above, also fixes URL paths by prevent an URL from going into the relative path conditional.

Note: See TracTickets for help on using tickets.