mirror of
https://github.com/WordPress/WordPress.git
synced 2024-12-23 01:27:36 +01:00
Filesystem: Normalize allowed_files so comparison is apples to apples.
In [58470] a change was made to normalize the filename in validate_file, however this leads to instances where the list of files that are allowed aren't normalized such as in the theme editor. By normalizing the array, the comparison is apples to apples. Fixes #61488. Props jorbin, hellofromtonya, swissspidy, misulicus, script2see, Presskopp, audrasjb, peterwilsoncc, siliconforks, littler.chicken, paulkevan, Built from https://develop.svn.wordpress.org/trunk@58570 git-svn-id: http://core.svn.wordpress.org/trunk@58018 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
3b4a816522
commit
9da0418c41
@ -6199,8 +6199,10 @@ function validate_file( $file, $allowed_files = array() ) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
// Normalize path for Windows servers
|
||||
// Normalize path for Windows servers.
|
||||
$file = wp_normalize_path( $file );
|
||||
// Normalize path for $allowed_files as well so it's an apples to apples comparison.
|
||||
$allowed_files = array_map( 'wp_normalize_path', $allowed_files );
|
||||
|
||||
// `../` on its own is not allowed:
|
||||
if ( '../' === $file ) {
|
||||
|
@ -16,7 +16,7 @@
|
||||
*
|
||||
* @global string $wp_version
|
||||
*/
|
||||
$wp_version = '6.6-beta4-58569';
|
||||
$wp_version = '6.6-beta4-58570';
|
||||
|
||||
/**
|
||||
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.
|
||||
|
Loading…
Reference in New Issue
Block a user