sergiotarxz/Wordpress
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Make sure ext passes through sanitize_file_name()

Browse Source 
git-svn-id: https://develop.svn.wordpress.org/trunk@17998 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Ryan Boren 2011-05-22 23:23:57 +00:00
parent ae5e08e457
commit 722cbee7b6
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
wp-app.php
View File

@ -607,13 +607,13 @@ EOD;
$slug = '';
if ( isset( $_SERVER['HTTP_SLUG'] ) )
$slug = sanitize_file_name( $_SERVER['HTTP_SLUG'] );
$slug = $_SERVER['HTTP_SLUG'];
elseif ( isset( $_SERVER['HTTP_TITLE'] ) )
$slug = sanitize_file_name( $_SERVER['HTTP_TITLE'] );
$slug = $_SERVER['HTTP_TITLE'];
elseif ( empty( $slug ) ) // just make a random name
$slug = substr( md5( uniqid( microtime() ) ), 0, 7);
$ext = preg_replace( '|.*/([a-z0-9]+)|', '$1', $_SERVER['CONTENT_TYPE'] );
$slug = "$slug.$ext";
$slug = sanitize_file_name( "$slug.$ext" );
$file = wp_upload_bits( $slug, NULL, $bits);
log_app('wp_upload_bits returns:',print_r($file,true));