diff options
Diffstat (limited to 'wp-includes/functions.php')
| -rw-r--r-- | wp-includes/functions.php | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/wp-includes/functions.php b/wp-includes/functions.php index fd305be..f9d6176 100644 --- a/wp-includes/functions.php +++ b/wp-includes/functions.php @@ -6192,6 +6192,9 @@ function validate_file( $file, $allowed_files = array() ) { return 0; } + // Normalize path for Windows servers + $file = wp_normalize_path( $file ); + // `../` on its own is not allowed: if ( '../' === $file ) { return 1; |