diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-07-01 18:08:41 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-07-01 18:08:41 +0000 |
| commit | 3ce72ee99bc230c3df10841a69d0ff243eb1a0bb (patch) | |
| tree | 035fdbe0ae826e1c990c61f5cecc91ba12545f27 /wp-includes/functions.php | |
| parent | Adding upstream version 6.5.3+dfsg1. (diff) | |
| download | wordpress-upstream.tar.xz wordpress-upstream.zip | |
Adding upstream version 6.5.5+dfsg1.upstream/6.5.5+dfsg1upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'wp-includes/functions.php')
| -rw-r--r-- | wp-includes/functions.php | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/wp-includes/functions.php b/wp-includes/functions.php index fd305be..f9d6176 100644 --- a/wp-includes/functions.php +++ b/wp-includes/functions.php @@ -6192,6 +6192,9 @@ function validate_file( $file, $allowed_files = array() ) { return 0; } + // Normalize path for Windows servers + $file = wp_normalize_path( $file ); + // `../` on its own is not allowed: if ( '../' === $file ) { return 1; |