diff --git a/wp-admin/includes/file.php b/wp-admin/includes/file.php index 858f828185..416433e5a5 100644 --- a/wp-admin/includes/file.php +++ b/wp-admin/includes/file.php @@ -1119,8 +1119,9 @@ function _unzip_file_ziparchive($file, $to, $needed_dirs = array() ) { if ( '__MACOSX/' === substr($info['name'], 0, 9) ) // Skip the OS X-created __MACOSX directory continue; + // Don't extract invalid files: if ( 0 !== validate_file( $info['name'] ) ) { - return new WP_Error( 'invalid_file_ziparchive', __( 'Could not extract file from archive.' ), $info['name'] ); + continue; } $uncompressed_size += $info['size']; @@ -1180,6 +1181,11 @@ function _unzip_file_ziparchive($file, $to, $needed_dirs = array() ) { if ( '__MACOSX/' === substr($info['name'], 0, 9) ) // Don't extract the OS X-created __MACOSX directory files continue; + // Don't extract invalid files: + if ( 0 !== validate_file( $info['name'] ) ) { + continue; + } + $contents = $z->getFromIndex($i); if ( false === $contents ) return new WP_Error( 'extract_failed_ziparchive', __( 'Could not extract file from archive.' ), $info['name'] ); @@ -1283,8 +1289,9 @@ function _unzip_file_pclzip($file, $to, $needed_dirs = array()) { if ( '__MACOSX/' === substr($file['filename'], 0, 9) ) // Don't extract the OS X-created __MACOSX directory files continue; + // Don't extract invalid files: if ( 0 !== validate_file( $file['filename'] ) ) { - return new WP_Error( 'invalid_file_pclzip', __( 'Could not extract file from archive.' ), $file['filename'] ); + continue; } if ( ! $wp_filesystem->put_contents( $to . $file['filename'], $file['content'], FS_CHMOD_FILE) ) diff --git a/wp-includes/version.php b/wp-includes/version.php index 74712b4389..b8b08e48d2 100644 --- a/wp-includes/version.php +++ b/wp-includes/version.php @@ -4,7 +4,7 @@ * * @global string $wp_version */ -$wp_version = '4.9-beta3-42009'; +$wp_version = '4.9-beta3-42010'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.