Opened 6 years ago
Last modified 6 years ago
#44868 new enhancement
Upload plugin and theme functionalities do not check on PATHINFO_EXTENSION before upload.
Reported by: | csorbamedia | Owned by: | |
---|---|---|---|
Milestone: | Future Release | Priority: | normal |
Severity: | normal | Version: | |
Component: | Upload | Keywords: | needs-patch |
Focuses: | administration | Cc: |
Description
If you go to /wp-admin/plugins.php click the button Add new and you upload a .sql file or whatever file then this is possible. The fille end-up in the wp-uploads/ folder and will not be removed. There should which will check the extension and removes it if it is not a .zip file.
Change History (2)
Note: See
TracTickets for help on using
tickets.