Upstream/WordPress
1
0
Fork 0
mirror of https://github.com/WordPress/WordPress.git synced 2024-06-25 06:14:58 +02:00
Code Issues Projects Releases Wiki Activity

Filesystem API: Don't immediately return an error for invalid file names contained within a Zip while it's being extracted.

Browse Source 
This allows the extraction of the rest of the valid files within the archive to continue.

See #42016

Built from https://develop.svn.wordpress.org/trunk@42010


git-svn-id: http://core.svn.wordpress.org/trunk@41844 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
John Blackbourn 2017-10-24 23:11:50 +00:00
parent 48e726bbef
commit 16cfe96580
2 changed files with 10 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
wp-admin/includes/file.php
View File

@ -1119,8 +1119,9 @@ function _unzip_file_ziparchive($file, $to, $needed_dirs = array() ) {
if ( '__MACOSX/' === substr($info['name'], 0, 9) ) // Skip the OS X-created __MACOSX directory
continue;
// Don't extract invalid files:
if ( 0 !== validate_file( $info['name'] ) ) {
return new WP_Error( 'invalid_file_ziparchive', __( 'Could not extract file from archive.' ), $info['name'] );
continue;
}
$uncompressed_size += $info['size'];
@ -1180,6 +1181,11 @@ function _unzip_file_ziparchive($file, $to, $needed_dirs = array() ) {
if ( '__MACOSX/' === substr($info['name'], 0, 9) ) // Don't extract the OS X-created __MACOSX directory files
continue;
// Don't extract invalid files:
if ( 0 !== validate_file( $info['name'] ) ) {
continue;
}
$contents = $z->getFromIndex($i);
if ( false === $contents )
return new WP_Error( 'extract_failed_ziparchive', __( 'Could not extract file from archive.' ), $info['name'] );
@ -1283,8 +1289,9 @@ function _unzip_file_pclzip($file, $to, $needed_dirs = array()) {
if ( '__MACOSX/' === substr($file['filename'], 0, 9) ) // Don't extract the OS X-created __MACOSX directory files
continue;
// Don't extract invalid files:
if ( 0 !== validate_file( $file['filename'] ) ) {
return new WP_Error( 'invalid_file_pclzip', __( 'Could not extract file from archive.' ), $file['filename'] );
continue;
}
if ( ! $wp_filesystem->put_contents( $to . $file['filename'], $file['content'], FS_CHMOD_FILE) )

2
wp-includes/version.php
View File

@ -4,7 +4,7 @@
*
* @global string $wp_version
*/
$wp_version = '4.9-beta3-42009';
$wp_version = '4.9-beta3-42010';
/**
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.