X-Git-Url: https://scripts.mit.edu/gitweb/autoinstalls/wordpress.git/blobdiff_plain/6c8f14c09105d0afa4c1574215c59b5021040e76..61343b82c4f0da4c68e4c6373daafff4a81efdd1:/wp-admin/includes/file.php diff --git a/wp-admin/includes/file.php b/wp-admin/includes/file.php index 942f347f..ca424264 100644 --- a/wp-admin/includes/file.php +++ b/wp-admin/includes/file.php @@ -90,7 +90,7 @@ function get_home_path() { $home_path = ABSPATH; } - return $home_path; + return str_replace( '\\', '/', $home_path ); } /** @@ -328,8 +328,14 @@ function wp_handle_upload( &$file, $overrides = false, $time = null ) { // Move the file to the uploads dir $new_file = $uploads['path'] . "/$filename"; - if ( false === @ move_uploaded_file( $file['tmp_name'], $new_file ) ) - return $upload_error_handler( $file, sprintf( __('The uploaded file could not be moved to %s.' ), $uploads['path'] ) ); + if ( false === @ move_uploaded_file( $file['tmp_name'], $new_file ) ) { + if ( 0 === strpos( $uploads['basedir'], ABSPATH ) ) + $error_path = str_replace( ABSPATH, '', $uploads['basedir'] ) . $uploads['subdir']; + else + $error_path = basename( $uploads['basedir'] ) . $uploads['subdir']; + + return $upload_error_handler( $file, sprintf( __('The uploaded file could not be moved to %s.' ), $error_path ) ); + } // Set correct file permissions $stat = stat( dirname( $new_file )); @@ -452,7 +458,11 @@ function wp_handle_sideload( &$file, $overrides = false, $time = null ) { // Move the file to the uploads dir $new_file = $uploads['path'] . "/$filename"; if ( false === @ rename( $file['tmp_name'], $new_file ) ) { - return $upload_error_handler( $file, sprintf( __('The uploaded file could not be moved to %s.' ), $uploads['path'] ) ); + if ( 0 === strpos( $uploads['basedir'], ABSPATH ) ) + $error_path = str_replace( ABSPATH, '', $uploads['basedir'] ) . $uploads['subdir']; + else + $error_path = basename( $uploads['basedir'] ) . $uploads['subdir']; + return $upload_error_handler( $file, sprintf( __('The uploaded file could not be moved to %s.' ), $error_path ) ); } // Set correct file permissions @@ -487,7 +497,7 @@ function download_url( $url, $timeout = 300 ) { if ( ! $tmpfname ) return new WP_Error('http_no_file', __('Could not create Temporary file.')); - $response = wp_remote_get( $url, array( 'timeout' => $timeout, 'stream' => true, 'filename' => $tmpfname ) ); + $response = wp_safe_remote_get( $url, array( 'timeout' => $timeout, 'stream' => true, 'filename' => $tmpfname ) ); if ( is_wp_error( $response ) ) { unlink( $tmpfname ); @@ -901,13 +911,13 @@ function request_filesystem_credentials($form_post, $type = '', $error = false, $credentials = get_option('ftp_credentials', array( 'hostname' => '', 'username' => '')); // If defined, set it to that, Else, If POST'd, set it to that, If not, Set it to whatever it previously was(saved details in option) - $credentials['hostname'] = defined('FTP_HOST') ? FTP_HOST : (!empty($_POST['hostname']) ? stripslashes($_POST['hostname']) : $credentials['hostname']); - $credentials['username'] = defined('FTP_USER') ? FTP_USER : (!empty($_POST['username']) ? stripslashes($_POST['username']) : $credentials['username']); - $credentials['password'] = defined('FTP_PASS') ? FTP_PASS : (!empty($_POST['password']) ? stripslashes($_POST['password']) : ''); + $credentials['hostname'] = defined('FTP_HOST') ? FTP_HOST : (!empty($_POST['hostname']) ? wp_unslash( $_POST['hostname'] ) : $credentials['hostname']); + $credentials['username'] = defined('FTP_USER') ? FTP_USER : (!empty($_POST['username']) ? wp_unslash( $_POST['username'] ) : $credentials['username']); + $credentials['password'] = defined('FTP_PASS') ? FTP_PASS : (!empty($_POST['password']) ? wp_unslash( $_POST['password'] ) : ''); // Check to see if we are setting the public/private keys for ssh - $credentials['public_key'] = defined('FTP_PUBKEY') ? FTP_PUBKEY : (!empty($_POST['public_key']) ? stripslashes($_POST['public_key']) : ''); - $credentials['private_key'] = defined('FTP_PRIKEY') ? FTP_PRIKEY : (!empty($_POST['private_key']) ? stripslashes($_POST['private_key']) : ''); + $credentials['public_key'] = defined('FTP_PUBKEY') ? FTP_PUBKEY : (!empty($_POST['public_key']) ? wp_unslash( $_POST['public_key'] ) : ''); + $credentials['private_key'] = defined('FTP_PRIKEY') ? FTP_PRIKEY : (!empty($_POST['private_key']) ? wp_unslash( $_POST['private_key'] ) : ''); //sanitize the hostname, Some people might pass in odd-data: $credentials['hostname'] = preg_replace('|\w+://|', '', $credentials['hostname']); //Strip any schemes off @@ -925,8 +935,8 @@ function request_filesystem_credentials($form_post, $type = '', $error = false, else if ( (defined('FTP_SSL') && FTP_SSL) && 'ftpext' == $type ) //Only the FTP Extension understands SSL $credentials['connection_type'] = 'ftps'; else if ( !empty($_POST['connection_type']) ) - $credentials['connection_type'] = stripslashes($_POST['connection_type']); - else if ( !isset($credentials['connection_type']) ) //All else fails (And its not defaulted to something else saved), Default to FTP + $credentials['connection_type'] = wp_unslash( $_POST['connection_type'] ); + else if ( !isset($credentials['connection_type']) ) //All else fails (And it's not defaulted to something else saved), Default to FTP $credentials['connection_type'] = 'ftp'; if ( ! $error && @@ -979,7 +989,7 @@ jQuery(function($){ }); --> -
+

@@ -1050,7 +1060,7 @@ jQuery(function($){ '; + echo ''; } submit_button( __( 'Proceed' ), 'button', 'upgrade' ); ?>