vhad/wordpress-develop
1
0
Fork 0
mirror of https://github.com/gosticks/wordpress-develop.git synced 2026-04-05 13:14:29 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Media: Limit thumbnail file deletions to the same directory as the original file.

Browse Source 
git-svn-id: https://develop.svn.wordpress.org/trunk@43392 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
John Blackbourn
2018-07-05 14:31:24 +00:00
parent ec9d77b103
commit 0f5488c3fc
2 changed files with 72 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
src/wp-includes/functions.php
View File

@@ -5847,6 +5847,28 @@ function wp_delete_file( $file ) {
}
}
/**
* Deletes a file if its path is within the given directory.
*
* @since 4.9.7
*
* @param string $file Absolute path to the file to delete.
* @param string $directory Absolute path to a directory.
* @return bool True on success, false on failure.
*/
function wp_delete_file_from_directory( $file, $directory ) {
$real_file = realpath( wp_normalize_path( $file ) );
$real_directory = realpath( wp_normalize_path( $directory ) );
if ( false === $real_file || false === $real_directory || strpos( wp_normalize_path( $real_file ), trailingslashit( wp_normalize_path( $real_directory ) ) ) !== 0 ) {
return false;
}
wp_delete_file( $file );
return true;
}
/**
* Outputs a small JS snippet on preview tabs/windows to remove `window.name` on unload.
*