Changeset 46836

Timestamp:

12/09/2019 12:19:19 PM (5 years ago)

Author:

SergeyBiryukov

Message:

Upload: fix wp_unique_filename() to prevent name collisions with existing or future image sub-size file names, and add unit tests.

Props Viper007Bond, pbiron, azaozz.
Merges [46822], [46835] to the 5.3 branch.
Fixes #42437.

Location:

branches/5.3

Files:

• . (modified) (1 prop)
• src/wp-includes/functions.php (modified) (3 diffs)
• tests/phpunit/data/images/one-blue-pixel-1-100x100.png (copied) (copied from trunk/tests/phpunit/data/images/one-blue-pixel-1-100x100.png)
• tests/phpunit/tests/functions.php (modified) (1 diff)

branches/5.3/src/wp-includes/functions.php

@@ -2410 +2410 @@
     $ext  = pathinfo( $filename, PATHINFO_EXTENSION );
     $name = pathinfo( $filename, PATHINFO_BASENAME );
+
     if ( $ext ) {
         $ext = '.' . $ext;
@@ -2427 +2428 @@
     } else {
         $number = '';
+
+
+
+
+
+
+
+
+
 
         // Change '.ext' to lower case.
@@ -2434 +2444 @@
 
             // Check for both lower and upper case extension or image sub-sizes may be overwritten.
-            while ( file_exists( $dir . "/$filename" ) || file_exists( $dir . "/$filename2" ) ) {
+            while ( file_exists( $dir . "/" ) ) {
                 $new_number = (int) $number + 1;
-                $filename   = str_replace( array( "-$number$ext", "$number$ext" ), "-$new_number$ext", $filename );
-                $filename2  = str_replace( array( "-$number$ext2", "$number$ext2" ), "-$new_number$ext2", $filename2 );
+                $filename   = str_replace( array( "-", $filename );
+                $filename2  = str_replace( array( "-", $filename2 );
                 $number     = $new_number;
             }
 
-            /**
-             * Filters the result when generating a unique file name.
-             *
-             * @since 4.5.0
-             *
-             * @param string        $filename                 Unique file name.
-             * @param string        $ext                      File extension, eg. ".png".
-             * @param string        $dir                      Directory path.
-             * @param callable|null $unique_filename_callback Callback function that generates the unique file name.
-             */
-            return apply_filters( 'wp_unique_filename', $filename2, $ext, $dir, $unique_filename_callback );
-        }
-
-        while ( file_exists( $dir . "/$filename" ) ) {
-            $new_number = (int) $number + 1;
-            if ( '' == "$number$ext" ) {
-                $filename = "$filename-" . $new_number;
-            } else {
-                $filename = str_replace( array( "-$number$ext", "$number$ext" ), '-' . $new_number . $ext, $filename );
+            $filename = $filename2;
+        } else {
+            while ( file_exists( $dir . "/{$filename}" ) ) {
+                $new_number = (int) $number + 1;
+
+                if ( '' === "{$number}{$ext}" ) {
+                    $filename = "{$filename}-{$new_number}";
+                } else {
+                    $filename = str_replace( array( "-{$number}{$ext}", "{$number}{$ext}" ), "-{$new_number}{$ext}", $filename );
+                }
+
+                $number = $new_number;
             }
-            $number = $new_number;
-        }
-    }
-
-    /** This filter is documented in wp-includes/functions.php */
+        }
+
+        // Prevent collisions with existing file names that contain dimension-like strings
+        // (whether they are subsizes or originals uploaded prior to #42437).
+
+        // The (resized) image files would have name and extension, and will be in the uploads dir.
+        if ( @is_dir( $dir ) && $name && $ext ) {
+            // List of all files and directories contained in $dir (with the "dot" files removed).
+            $files = array_diff( scandir( $dir ), array( '.', '..' ) );
+
+            if ( ! empty( $files ) ) {
+                while ( _wp_check_existing_file_names( $filename, $files ) ) {
+                    $new_number = (int) $number + 1;
+                    $filename   = str_replace( array( "-{$number}{$ext}", "{$number}{$ext}" ), "-{$new_number}{$ext}", $filename );
+                    $number     = $new_number;
+                }
+            }
+        }
+    }
+
+    /**
+     * Filters the result when generating a unique file name.
+     *
+     * @since 4.5.0
+     *
+     * @param string        $filename                 Unique file name.
+     * @param string        $ext                      File extension, eg. ".png".
+     * @param string        $dir                      Directory path.
+     * @param callable|null $unique_filename_callback Callback function that generates the unique file name.
+     */
     return apply_filters( 'wp_unique_filename', $filename, $ext, $dir, $unique_filename_callback );
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
 }
 

branches/5.3/tests/phpunit/tests/functions.php

@@ -194 +194 @@
         $this->assertEquals( 'abcdefg.png', wp_unique_filename( $testdir, 'abcde\\fg.png' ), 'Double slashed not removed' );
         $this->assertEquals( 'abcdefg.png', wp_unique_filename( $testdir, 'abcde\\\fg.png' ), 'Tripple slashed not removed' );
+
+
+
+
+
+
+
+
+
+
+
+
+
     }