Upstream/WordPress
1
0
Fork 0
mirror of https://github.com/WordPress/WordPress.git synced 2024-06-25 22:35:02 +02:00
Code Issues Projects Releases Wiki Activity

Media: In _wp_handle_upload(), check if the file was properly uploaded before checking its size.

Browse Source 
Props achbed, dglingren.
Fixes #39522.
Built from https://develop.svn.wordpress.org/trunk@42525


git-svn-id: http://core.svn.wordpress.org/trunk@42354 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
Sergey Biryukov 2018-01-17 07:16:30 +00:00
parent 3b73ac9eb3
commit 0eb2581c67
2 changed files with 7 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
wp-admin/includes/file.php
View File

@ -778,6 +778,12 @@ function _wp_handle_upload( &$file, $overrides, $time, $action ) {
return call_user_func_array( $upload_error_handler, array( &$file, $upload_error_strings[ $file['error'] ] ) );
}
// A properly uploaded file will pass this test. There should be no reason to override this one.
$test_uploaded_file = 'wp_handle_upload' === $action ? @ is_uploaded_file( $file['tmp_name'] ) : @ is_readable( $file['tmp_name'] );
if ( ! $test_uploaded_file ) {
return call_user_func_array( $upload_error_handler, array( &$file, __( 'Specified file failed upload test.' ) ) );
}
$test_file_size = 'wp_handle_upload' === $action ? $file['size'] : filesize( $file['tmp_name'] );
// A non-empty file will pass this test.
if ( $test_size && ! ( $test_file_size > 0 ) ) {
@ -789,12 +795,6 @@ function _wp_handle_upload( &$file, $overrides, $time, $action ) {
return call_user_func_array( $upload_error_handler, array( &$file, $error_msg ) );
}
// A properly uploaded file will pass this test. There should be no reason to override this one.
$test_uploaded_file = 'wp_handle_upload' === $action ? @ is_uploaded_file( $file['tmp_name'] ) : @ is_file( $file['tmp_name'] );
if ( ! $test_uploaded_file ) {
return call_user_func_array( $upload_error_handler, array( &$file, __( 'Specified file failed upload test.' ) ) );
}
// A correct MIME type will pass this test. Override $mimes or use the upload_mimes filter.
if ( $test_type ) {
$wp_filetype = wp_check_filetype_and_ext( $file['tmp_name'], $file['name'], $mimes );

2
wp-includes/version.php
View File

@ -4,7 +4,7 @@
*
* @global string $wp_version
*/
$wp_version = '5.0-alpha-42523';
$wp_version = '5.0-alpha-42525';
/**
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.