Extra traversal check.

git-svn-id: http://svn.automattic.com/wordpress/trunk@6520 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2007-12-29 03:14:33 +00:00 · 2007-12-29 03:14:33 +00:00 · 5104e0dad0
parent e2f66cbb1d
commit 5104e0dad0
1 changed files with 3 additions and 0 deletions
--- a/wp-admin/includes/file.php
+++ b/wp-admin/includes/file.php
@ -43,6 +43,9 @@ function get_real_file_to_edit( $file ) {
 }

 function validate_file( $file, $allowed_files = '' ) {
+	if ( false !== strpos( $file, '..' ))
+		return 1;
+
 	if ( false !== strpos( $file, './' ))
 		return 1;