Make WordPress Core

Opened 3 months ago

#49865 new defect (bug)

_unzip_file_pclzip attempting to create directories all the way up to /

Reported by: mwheelermindbox Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version: 5.4
Component: Filesystem API Keywords:
Focuses: administration Cc:


In wp-admin/includes/file.php _unzip_file_pclzip looks to be attempting to create directories all the way up to / (the root directory of the server).

Line 1411:

$to          = trailingslashit( $to );

Adds a trailing slash to the destination path.

Line 1636:

$needed_dirs[] = $to . untrailingslashit( $file['folder'] ? $file['filename'] : dirname( $file['filename'] ) );

Adds the $to directory to $needed_dirs if there are files at the root level of the archive.

Line 1655:

if ( untrailingslashit( $to ) == $dir ) {

attempts to skip the $to directory, but since the top-level path in $needed_dirs includes a trailing slash this check fails.

So then lines 1663-1666:

while ( ! empty( $parent_folder ) && untrailingslashit( $to ) != $parent_folder && ! in_array( $parent_folder, $needed_dirs ) ) {
	$needed_dirs[] = $parent_folder;
	$parent_folder = dirname( $parent_folder );

add every directory all the way up to /, the root of the server to $needed_dirs

Finally line 1673:

if ( ! $wp_filesystem->mkdir( $_dir, FS_CHMOD_DIR ) && ! $wp_filesystem->is_dir( $_dir ) ) {

throws an error when checking if / is a directory and the entire unzip fails.

If I remove untrailingslashit from line 1655 (or wrap $dir in untrailingslashit as well) that check works as designed and the problem is avoided.

Change History (0)

Note: See TracTickets for help on using tickets.