vhad/wordpress-develop
1
0
Fork 0
mirror of https://github.com/gosticks/wordpress-develop.git synced 2026-03-31 18:54:29 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Do not allow .. anywhere in the filename.

Browse Source 
git-svn-id: https://develop.svn.wordpress.org/trunk@2019 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Ryan Boren
2004-12-30 18:05:46 +00:00
parent c5f6ac8cc4
commit 0215f2ba6a
2 changed files with 32 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
wp-admin/admin-functions.php
View File

@@ -760,20 +760,37 @@ function add_management_page($page_title, $menu_title, $access_level, $file) {
add_submenu_page('edit.php', $page_title, $menu_title, $access_level, $file);
}
function validate_file_to_edit($file, $allowed_files = '') {
if ('..' == substr($file,0,2))
die (__('Sorry, can’t edit files with ".." in the name. If you are trying to edit a file in your WordPress home directory, you can just type the name of the file in.'));
function validate_file($file, $allowed_files = '') {
if ( false !== strpos($file, './'))
return 1;
if (':' == substr($file,1,1))
die (__('Sorry, can’t call files with their real path.'));
return 2;
if ( !empty($allowed_files) && (! in_array($file, $allowed_files)) ) {
die (__('Sorry, that file cannot be edited.'));
}
if ( !empty($allowed_files) && (! in_array($file, $allowed_files)) )
return 3;
return 0;
}
function validate_file_to_edit($file, $allowed_files = '') {
$file = stripslashes($file);
return $file;
$code = validate_file($file, $allowed_files);
if (! $code)
return $file;
switch ($code) {
case 1:
die (__('Sorry, can’t edit files with ".." in the name. If you are trying to edit a file in your WordPress home directory, you can just type the name of the file in.'));
case 2:
die (__('Sorry, can’t call files with their real path.'));
case 3:
die (__('Sorry, that file cannot be edited.'));
}
}
function get_home_path() {