From 0baa8ae85c670d338e78e408f8d6e301c6410c86 Mon Sep 17 00:00:00 2001 From: Sergey Biryukov Date: Wed, 17 Jan 2018 07:15:57 +0000 Subject: [PATCH] Media: In `_wp_handle_upload()`, check if the file was properly uploaded before checking its size. Props achbed, dglingren. Fixes #39522. git-svn-id: https://develop.svn.wordpress.org/trunk@42525 602fd350-edb4-49c9-b593-d223f7449a82 --- src/wp-admin/includes/file.php | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/src/wp-admin/includes/file.php b/src/wp-admin/includes/file.php index 4c42c5be3e..fe05085dd8 100644 --- a/src/wp-admin/includes/file.php +++ b/src/wp-admin/includes/file.php @@ -778,6 +778,12 @@ function _wp_handle_upload( &$file, $overrides, $time, $action ) { return call_user_func_array( $upload_error_handler, array( &$file, $upload_error_strings[ $file['error'] ] ) ); } + // A properly uploaded file will pass this test. There should be no reason to override this one. + $test_uploaded_file = 'wp_handle_upload' === $action ? @ is_uploaded_file( $file['tmp_name'] ) : @ is_readable( $file['tmp_name'] ); + if ( ! $test_uploaded_file ) { + return call_user_func_array( $upload_error_handler, array( &$file, __( 'Specified file failed upload test.' ) ) ); + } + $test_file_size = 'wp_handle_upload' === $action ? $file['size'] : filesize( $file['tmp_name'] ); // A non-empty file will pass this test. if ( $test_size && ! ( $test_file_size > 0 ) ) { @@ -789,12 +795,6 @@ function _wp_handle_upload( &$file, $overrides, $time, $action ) { return call_user_func_array( $upload_error_handler, array( &$file, $error_msg ) ); } - // A properly uploaded file will pass this test. There should be no reason to override this one. - $test_uploaded_file = 'wp_handle_upload' === $action ? @ is_uploaded_file( $file['tmp_name'] ) : @ is_file( $file['tmp_name'] ); - if ( ! $test_uploaded_file ) { - return call_user_func_array( $upload_error_handler, array( &$file, __( 'Specified file failed upload test.' ) ) ); - } - // A correct MIME type will pass this test. Override $mimes or use the upload_mimes filter. if ( $test_type ) { $wp_filetype = wp_check_filetype_and_ext( $file['tmp_name'], $file['name'], $mimes );