From 45a635d8c250e6bbeec024c7468e35c860989609 Mon Sep 17 00:00:00 2001 From: Scott Taylor Date: Tue, 28 Oct 2014 21:16:06 +0000 Subject: [PATCH] In `_wp_handle_upload()`, if `test_upload` is set to `false` in the array of dangerous overrides that the function allows, the only thing that happens when an upload fails is more potential breakage. `$test_uploaded_file` lets is know if `$file['tmp_name']` exists, which allows to exit with an error, instead of continuing to attempt to move the file. `$test_upload` override is now a noop. Fixes #28208. git-svn-id: https://develop.svn.wordpress.org/trunk@30076 602fd350-edb4-49c9-b593-d223f7449a82 --- src/wp-admin/includes/file.php | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/src/wp-admin/includes/file.php b/src/wp-admin/includes/file.php index 18c1fc9a2f..964fc4ad0b 100644 --- a/src/wp-admin/includes/file.php +++ b/src/wp-admin/includes/file.php @@ -269,8 +269,6 @@ function _wp_handle_upload( &$file, $overrides, $time, $action ) { $test_type = isset( $overrides['test_type'] ) ? $overrides['test_type'] : true; $mimes = isset( $overrides['mimes'] ) ? $overrides['mimes'] : false; - $test_upload = isset( $overrides['test_upload'] ) ? $overrides['test_upload'] : true; - // A correct form post will pass this test. if ( $test_form && ( ! isset( $_POST['action'] ) || ( $_POST['action'] != $action ) ) ) { return call_user_func( $upload_error_handler, $file, __( 'Invalid form submission.' ) ); @@ -293,7 +291,7 @@ function _wp_handle_upload( &$file, $overrides, $time, $action ) { // A properly uploaded file will pass this test. There should be no reason to override this one. $test_uploaded_file = 'wp_handle_upload' === $action ? @ is_uploaded_file( $file['tmp_name'] ) : @ is_file( $file['tmp_name'] ); - if ( $test_upload && ! $test_uploaded_file ) { + if ( ! $test_uploaded_file ) { return call_user_func( $upload_error_handler, $file, __( 'Specified file failed upload test.' ) ); }