WordPress.org

Make WordPress Core

Opened 15 months ago

Last modified 15 months ago

#44868 new enhancement

Upload plugin and theme functionalities do not check on PATHINFO_EXTENSION before upload.

Reported by: csorbamedia Owned by:
Milestone: Future Release Priority: normal
Severity: normal Version:
Component: Upload Keywords: needs-patch
Focuses: administration Cc:
PR Number:

Description

If you go to /wp-admin/plugins.php click the button Add new and you upload a .sql file or whatever file then this is possible. The fille end-up in the wp-uploads/ folder and will not be removed. There should which will check the extension and removes it if it is not a .zip file.

Change History (2)

#1 @flixos90
15 months ago

  • Milestone changed from Awaiting Review to Future Release

#2 @mukesh27
15 months ago

  • Component changed from Upgrade/Install to Upload
  • Type changed from defect (bug) to enhancement
  • Version 4.9.8 deleted
Note: See TracTickets for help on using tickets.