sergiotarxz/Wordpress
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Theme Upgrader: Be super-careful and check the contents of the $wp_theme_directories variable before merging it, if someone has changed it directly, or worse, unset it, this could've resulted in the $protected_directories being empty. See [25082] See #22501

Browse Source 
git-svn-id: https://develop.svn.wordpress.org/trunk@25180 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Dion Hulse 2013-08-30 07:34:24 +00:00
parent 21b61a9e6f
commit e320a48146
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/wp-admin/includes/class-wp-upgrader.php
View File

@ -212,7 +212,10 @@ class WP_Upgrader {
// Protection against deleting files in any important base directories.
// Theme_Upgrader & Plugin_Upgrader also trigger this, as they pass the destination directory (WP_PLUGIN_DIR / wp-content/themes)
// intending to copy the directory into the directory, whilst they pass the source as the actual files to copy.
if ( in_array( $destination, array_merge( array( ABSPATH, WP_CONTENT_DIR, WP_PLUGIN_DIR, WP_CONTENT_DIR . '/themes' ), $wp_theme_directories ) ) ) {
$protected_directories = array( ABSPATH, WP_CONTENT_DIR, WP_PLUGIN_DIR, WP_CONTENT_DIR . '/themes' );
if ( is_array( $wp_theme_directories ) )
$protected_directories = array_merge( $protected_directories, $wp_theme_directories );
if ( in_array( $destination, $protected_directories ) ) {
$remote_destination = trailingslashit($remote_destination) . trailingslashit(basename($source));
$destination = trailingslashit($destination) . trailingslashit(basename($source));
}