Make WordPress Core

Opened 7 years ago

Last modified 3 years ago

#24824 new defect (bug)

get_attached_file() treats fully qualified URLs as relative

Reported by: tobiaskochsonlinenet Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version: 2.7
Component: Media Keywords: dev-feedback has-patch has-unit-tests
Focuses: Cc:


If you call the function get_attached_file() of wp-include/post.php with a fully qualified URL (like "http://www.example.com/file.ext") it will prepend the upload directory.

Checking the file's URI for :// would prevent this.

!preg_match('|^://|', $file)

Attachments (2)

24824.diff (755 bytes) - added by stevenlinx 3 years ago.
tck24824.2.diff (1.7 KB) - added by stevenlinx 3 years ago.
added unit test

Download all attachments as: .zip

Change History (8)

#1 @tobiaskochsonlinenet
7 years ago

Oops, actually the regular expression should read:

!preg_match('|://|', $file)

#2 @SergeyBiryukov
7 years ago

  • Version changed from trunk to 2.7

Related: [8796], [9242].

#3 @chriscct7
5 years ago

  • Keywords dev-feedback added

#4 @stevenlinx
3 years ago

  • Keywords has-patch removed

3 years ago

#5 @stevenlinx
3 years ago

  • Keywords has-patch added

Related: 36308 patch fixes Windows paths and also makes the expression more compact.

This patch, which adds on top of the patch above, also fixes URL paths by prevent an URL from going into the relative path conditional.

3 years ago

added unit test

#6 @stevenlinx
3 years ago

  • Keywords has-unit-tests added
Note: See TracTickets for help on using tickets.