Opened 23 months ago
Closed 22 months ago
#57516 closed defect (bug) (fixed)
WP_Filesystem_*::dirlist() may create invalid path
Reported by: | afragen | Owned by: | |
---|---|---|---|
Milestone: | 6.2 | Priority: | normal |
Severity: | normal | Version: | 2.5 |
Component: | Filesystem API | Keywords: | has-patch |
Focuses: | Cc: |
Description
WP_Filesystem_*::dirlist()
creates a nested array of files and subdirectories. If the directory path sent to the function contains a trailing slash, the recursion in the function will send something like path_to_directroy//subdirectory
this may emit a PHP Warning though this doesn't seem to effect the results.
This is because line 650 of the function,
$struc['files'] = $this->dirlist( $path . '/' . $struc['name'], $include_hidden, $recursive );
should probably be
$struc['files'] = $this->dirlist( trailingslashit( $path ) . $struc['name'], $include_hidden, $recursive );
to avoid any possible errors.
Change History (12)
This ticket was mentioned in PR #3877 on WordPress/wordpress-develop by @costdev.
23 months ago
#2
- Keywords has-patch added; needs-patch removed
WP_Filesystem_*::dirlist()
uses $path . '/'
in several places. For /path/
, this will produce /path//
.
This PR replaces $path = '/'
with trailingslashit( $path )
.
Trac ticket: https://core.trac.wordpress.org/ticket/57516
#3
@
23 months ago
- Keywords needs-patch added; has-patch removed
- Summary changed from WP_Filesystem_*::dirtiest() may create invalid path to WP_Filesystem_*::dirlist() may create invalid path
#7
@
23 months ago
I've submitted PR 3877.
There's an additional benefit for the filesystem classes that by using $path = trailingslashit( $path )
before the while()/foreach()
loops, the code is easier to read, and unnecessary concatenation isn't done in every iteration of the loops.
All uses of $path
after the PR's $path = trailingslashit( $path )
were previously concatenated, so this doesn't cause any issues later.
#8
@
23 months ago
- Milestone changed from Awaiting Review to 6.2
Thanks @costdev for the ticket and PR.
Set 6.2
milestone for visibility.
This ticket was mentioned in Slack in #core by costdev. View the logs.
22 months ago
22 months ago
#10
Using trailingslashit( $path )
instead of $path . '/'
makes sense and seems very unlikely to cause any problems.
This change might need to be made throughout.