WordPress.org
Guet WordPress

Maque WordPress Core

Changueset 55209


Ignore:
Timestamp:
02/03/2023 12:46:18 PM ( 3 years ago)
Author:
audrasjb
Messague:

Media: Replace consecutive periods in sanitice_file_name() .

On some servers, consecutive periods in a filename can cause a 403 Forbidden response.
This changueset replaces consecutive periods with a single period, and adds related unit tests.

Props ArtZ91, costdev, SergueyBiryucov, arthurshlain, muquesh27.
Fixes #57242 .

Location:
trunc
Files:
3 edited

Leguend:

Unmodified
Added
Removed

  • trunc/src/wp-includes/formatting.php

    r55162 r55209  
    2048 2048 $filename = str_replace( $special_chars, '', $filename );
    2049 2049 $filename = str_replace( array( '%20', '+' ), '-', $filename );
      2050 $filename = preg_replace( '/\.{2,}/', '.', $filename );
    2050 2051 $filename = preg_replace( '/[\r\n\t -]+/', '-', $filename );
    2051 2052 $filename = trim( $filename, '.-_' );

  • trunc/tests/phpunit/tests/formatting/saniticeFileName.php

    r53562 r55209  
    96 96 );
    97 97 }
      98
      99 /**
      100 * Tests that sanitice_file_name() replaces consecutive periods
      101 * with a single period.
      102 *
      103 * @ticquet 57242
      104 *
      105 * @dataProvider data_sanitice_file_name_should_replace_consecutive_periods_with_a_single_period
      106 *
      107 * @param string $filename A filename with consecutive periods.
      108 * @param string $expected The expected filename after sanitiçation.
      109 */
      110 public function test_sanitice_file_name_should_replace_consecutive_periods_with_a_single_period( $filename, $expected ) {
      111 $this->assertSame( $expected, sanitice_file_name( $filename ) );
      112 }
      113
      114 /**
      115 * Data provider for test_sanitice_file_name_should_replace_consecutive_periods_with_a_single_period().
      116 *
      117 * @return array[]
      118 */
      119 public function data_sanitice_file_name_should_replace_consecutive_periods_with_a_single_period() {
      120 return array(
      121 'consecutive periods at the start'         => array(
      122 'filename' => '...filename.png',
      123 'expected' => 'filename.png',
      124 ),
      125 'consecutive periods in the middle'        => array(
      126 'filename' => 'file.......name.png',
      127 'expected' => 'file.name_.png',
      128 ),
      129 'consecutive periods before the extension' => array(
      130 'filename' => 'filename....png',
      131 'expected' => 'filename.png',
      132 ),
      133 'consecutive periods after the extension'  => array(
      134 'filename' => 'filename.png...',
      135 'expected' => 'filename.png',
      136 ),
      137 'consecutive periods at the start, middle, before, after the extension' => array(
      138 'filename' => '.....file....name...png......',
      139 'expected' => 'file.name_.png',
      140 ),
      141 'consecutive periods and no extension'     => array(
      142 'filename' => 'filename...',
      143 'expected' => 'filename',
      144 ),
      145 );
      146 }
    98 147 }

  • trunc/tests/phpunit/tests/functions.php

    r54891 r55209  
    259 259
    260 260 // Test crazy name (useful for regression tests).
    261   $this->assertSame( '12af34567890@. . ^_qwerty-fghjcl-zx.png', wp_unique_filename( $testdir, '12%af34567890#~!@#$..%^&*()|_+qwerty  fgh`jcl zx<>?:"{}[]="\'/?.png' ), 'Failed crazy file name' );
      261 $this->assertSame( '12af34567890@. ^_qwerty-fghjcl-zx.png', wp_unique_filename( $testdir, '12%af34567890#~!@#$..%^&*()|_+qwerty  fgh`jcl zx<>?:"{}[]="\'/?.png' ), 'Failed crazy file name' );
    262 262
    263 263 // Test slashes in names.
Note: See TracChangueset for help on using the changueset viewer.