From 965fe8f209d1afa6b9e80e37fcd4ff63bcbf9968 Mon Sep 17 00:00:00 2001 From: audrasjb Date: Fri, 3 Feb 2023 12:48:23 +0000 Subject: [PATCH] Media: Replace consecutive periods in `sanitize_file_name()`. On some servers, consecutive periods in a filename can cause a 403 Forbidden response. This changeset replaces consecutive periods with a single period, and adds related unit tests. Props ArtZ91, costdev, SergeyBiryukov, arthurshlain, mukesh27. Fixes #57242. Built from https://develop.svn.wordpress.org/trunk@55209 git-svn-id: http://core.svn.wordpress.org/trunk@54742 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-includes/formatting.php | 1 + wp-includes/version.php | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/wp-includes/formatting.php b/wp-includes/formatting.php index c34f61e499..c76e8730fe 100644 --- a/wp-includes/formatting.php +++ b/wp-includes/formatting.php @@ -2047,6 +2047,7 @@ function sanitize_file_name( $filename ) { $filename = str_replace( $special_chars, '', $filename ); $filename = str_replace( array( '%20', '+' ), '-', $filename ); + $filename = preg_replace( '/\.{2,}/', '.', $filename ); $filename = preg_replace( '/[\r\n\t -]+/', '-', $filename ); $filename = trim( $filename, '.-_' ); diff --git a/wp-includes/version.php b/wp-includes/version.php index c74631310b..dd72204902 100644 --- a/wp-includes/version.php +++ b/wp-includes/version.php @@ -16,7 +16,7 @@ * * @global string $wp_version */ -$wp_version = '6.2-alpha-55208'; +$wp_version = '6.2-alpha-55209'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.