WordPress.org

Make WordPress Core

Opened 45 hours ago

Last modified 39 hours ago

#47539 reviewing enhancement

Incomplete sanitization of upload file name.

Reported by: mt8.biz Owned by: SergeyBiryukov
Milestone: 5.3 Priority: normal
Severity: normal Version: 2.1.1
Component: Media Keywords: has-patch
Focuses: Cc:

Description

The newline code is replaced with "-" in sanitize_file_name, but other control characters have not been sanitized.

For example, ^ P ( \ x10 )

This allows uploading with the control characters included in the file name.

# ls -la
-rw-r--r--  1 root     root     19058 Jun 14 04:21 ???wapuu_escape-150x150.png
-rw-r--r--  1 root     root     41163 Jun 14 04:21 ???wapuu_escape-297x300.png
-rw-r--r--  1 root     root     31022 Jun 14 04:21 ???wapuu_escape.png

After applying the patch:

# ls -la
-rw-r--r-- 1 www-data www-data 19058 Jun 14 04:27 wapuu_escape-150x150.png
-rw-r--r-- 1 www-data www-data 41163 Jun 14 04:27 wapuu_escape-297x300.png
-rw-r--r-- 1 www-data www-data 31022 Jun 14 04:27 wapuu_escape.png

Attach a test file.

Attachments (2)

formatting.php.diff (582 bytes) - added by mt8.biz 45 hours ago.
wapuu.zip (31.5 KB) - added by mt8.biz 45 hours ago.

Download all attachments as: .zip

Change History (3)

@mt8.biz
45 hours ago

#1 @SergeyBiryukov
39 hours ago

  • Milestone changed from Awaiting Review to 5.3
  • Owner set to SergeyBiryukov
  • Status changed from new to reviewing
  • Type changed from feature request to enhancement
Note: See TracTickets for help on using tickets.