Filesystem API: Add more specificity to the rules for valid files in validate_file().

This now treats files containing `./` as valid, and also treats files containing a trailing `../` as valid due to widespread use of this pattern in theme and plugin zip files. Adds tests. Props Ipstenu, borgesbruno, DavidAnderson, philipjohn, birgire Fixes #42016, #36170 Built from https://develop.svn.wordpress.org/trunk@42011 git-svn-id: http://core.svn.wordpress.org/trunk@41845 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-24 23:15:49 +00:00
parent 16cfe96580
commit 2f3e91028a
3 changed files with 16 additions and 5 deletions
--- a/wp-admin/includes/file.php
+++ b/wp-admin/includes/file.php
@@ -663,7 +663,7 @@ function wp_tempnam( $filename = '', $dir = '' ) {
 * @param array  $allowed_files Optional. Array of allowed files to edit, $file must match an entry exactly.
 * @return string|null
 */
-function validate_file_to_edit( $file, $allowed_files = '' ) {
+function validate_file_to_edit( $file, $allowed_files = array() ) {
 	$code = validate_file( $file, $allowed_files );

 	if (!$code )