sergiotarxz/Wordpress
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

In _wp_handle_upload(), if test_upload is set to false in the array of dangerous overrides that the function allows, the only thing that happens when an upload fails is more potential breakage.

Browse Source 
`$test_uploaded_file` lets is know if `$file['tmp_name']` exists, which allows to exit with an error, instead of continuing to attempt to move the file.

`$test_upload` override is now a noop.

Fixes #28208.


git-svn-id: https://develop.svn.wordpress.org/trunk@30076 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Scott Taylor 2014-10-28 21:16:06 +00:00
parent 52151956ea
commit 45a635d8c2
1 changed files with 1 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/wp-admin/includes/file.php
View File

@ -269,8 +269,6 @@ function _wp_handle_upload( &$file, $overrides, $time, $action ) {
$test_type = isset( $overrides['test_type'] ) ? $overrides['test_type'] : true;
$mimes = isset( $overrides['mimes'] ) ? $overrides['mimes'] : false;
$test_upload = isset( $overrides['test_upload'] ) ? $overrides['test_upload'] : true;
// A correct form post will pass this test.
if ( $test_form && ( ! isset( $_POST['action'] ) || ( $_POST['action'] != $action ) ) ) {
return call_user_func( $upload_error_handler, $file, __( 'Invalid form submission.' ) );
@ -293,7 +291,7 @@ function _wp_handle_upload( &$file, $overrides, $time, $action ) {
// A properly uploaded file will pass this test. There should be no reason to override this one.
$test_uploaded_file = 'wp_handle_upload' === $action ? @ is_uploaded_file( $file['tmp_name'] ) : @ is_file( $file['tmp_name'] );
if ( $test_upload && ! $test_uploaded_file ) {
if ( ! $test_uploaded_file ) {
return call_user_func( $upload_error_handler, $file, __( 'Specified file failed upload test.' ) );
}