Mercurial Mercurial > enmi-conf.org / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
wp/wp-admin/includes/class-file-upload-upgrader.php
changeset 21 48c4eec2b7e6
parent 19 3d72ae0968f4
equal deleted inserted replaced
20:7b1b88e27a20 21:48c4eec2b7e6 
    14  * to the Upgrade/Installer functions.
 
    14  * to the Upgrade/Installer functions.
 
    15  *
 
    15  *
 
    16  * @since 2.8.0
 
    16  * @since 2.8.0
 
    17  * @since 4.6.0 Moved to its own file from wp-admin/includes/class-wp-upgrader.php.
 
    17  * @since 4.6.0 Moved to its own file from wp-admin/includes/class-wp-upgrader.php.
 
    18  */
 
    18  */
 
       
    19 #[AllowDynamicProperties]
 
    19 class File_Upload_Upgrader {
 
    20 class File_Upload_Upgrader {
 
    20 
    21 
    21 	/**
 
    22 	/**
 
    22 	 * The full path to the file package.
 
    23 	 * The full path to the file package.
 
    23 	 *
 
    24 	 *
 
    66 
    67 
    67 			if ( isset( $file['error'] ) ) {
 
    68 			if ( isset( $file['error'] ) ) {
 
    68 				wp_die( $file['error'] );
 
    69 				wp_die( $file['error'] );
 
    69 			}
 
    70 			}
 
    70 
    71 
       
    72 			if ( 'pluginzip' === $form || 'themezip' === $form ) {
 
       
    73 				if ( ! wp_zip_file_is_valid( $file['file'] ) ) {
 
       
    74 					wp_delete_file( $file['file'] );
 
       
    75 
       
    76 					if ( 'pluginzip' === $form ) {
 
       
    77 						$plugins_page = sprintf(
 
       
    78 							'<a href="%s">%s</a>',
 
       
    79 							self_admin_url( 'plugin-install.php' ),
 
       
    80 							__( 'Return to the Plugin Installer' )
 
       
    81 						);
 
       
    82 						wp_die( __( 'Incompatible Archive.' ) . '<br />' . $plugins_page );
 
       
    83 					}
 
       
    84 
       
    85 					if ( 'themezip' === $form ) {
 
       
    86 						$themes_page = sprintf(
 
       
    87 							'<a href="%s" target="_parent">%s</a>',
 
       
    88 							self_admin_url( 'theme-install.php' ),
 
       
    89 							__( 'Return to the Theme Installer' )
 
       
    90 						);
 
       
    91 						wp_die( __( 'Incompatible Archive.' ) . '<br />' . $themes_page );
 
       
    92 					}
 
       
    93 				}
 
       
    94 			}
 
       
    95 
    71 			$this->filename = $_FILES[ $form ]['name'];
 
    96 			$this->filename = $_FILES[ $form ]['name'];
 
    72 			$this->package  = $file['file'];
 
    97 			$this->package  = $file['file'];
 
    73 
    98 
    74 			// Construct the attachment array.
 
    99 			// Construct the attachment array.
 
    75 			$attachment = array(
 
   100 			$attachment = array(
 
   105 			}
 
   130 			}
 
   106 
   131 
   107 			$this->filename = sanitize_file_name( $_GET[ $urlholder ] );
 
   132 			$this->filename = sanitize_file_name( $_GET[ $urlholder ] );
 
   108 			$this->package  = $uploads['basedir'] . '/' . $this->filename;
 
   133 			$this->package  = $uploads['basedir'] . '/' . $this->filename;
 
   109 
   134 
   110 			if ( 0 !== strpos( realpath( $this->package ), realpath( $uploads['basedir'] ) ) ) {
 
   135 			if ( ! str_starts_with( realpath( $this->package ), realpath( $uploads['basedir'] ) ) ) {
 
   111 				wp_die( __( 'Please select a file' ) );
 
   136 				wp_die( __( 'Please select a file' ) );
 
   112 			}
 
   137 			}
 
   113 		}
 
   138 		}
 
   114 	}
 
   139 	}
 
   115 
   140 
   116 	/**
 
   141 	/**
 
   117 	 * Delete the attachment/uploaded file.
 
   142 	 * Deletes the attachment/uploaded file.
 
   118 	 *
 
   143 	 *
 
   119 	 * @since 3.2.2
 
   144 	 * @since 3.2.2
 
   120 	 *
 
   145 	 *
 
   121 	 * @return bool Whether the cleanup was successful.
 
   146 	 * @return bool Whether the cleanup was successful.
 
   122 	 */
 
   147 	 */
enmi-conf.org