Make WordPress Core

Opened 6 years ago

Last modified 6 years ago

#44868 new enhancement

Upload plugin and theme functionalities do not check on PATHINFO_EXTENSION before upload.

Reported by: csorbamedia's profile csorbamedia Owned by:
Milestone: Future Release Priority: normal
Severity: normal Version:
Component: Upload Keywords: needs-patch
Focuses: administration Cc:


If you go to /wp-admin/plugins.php click the button Add new and you upload a .sql file or whatever file then this is possible. The fille end-up in the wp-uploads/ folder and will not be removed. There should which will check the extension and removes it if it is not a .zip file.

Change History (2)

#1 @flixos90
6 years ago

  • Milestone changed from Awaiting Review to Future Release

#2 @mukesh27
6 years ago

  • Component changed from Upgrade/Install to Upload
  • Type changed from defect (bug) to enhancement
  • Version 4.9.8 deleted
Note: See TracTickets for help on using tickets.