[wp-trac] [WordPress Trac] #28208: in wp_handle_upload setting the overwrite `test_upload` to false won't work for move_uploaded_file

WordPress Trac noreply at wordpress.org
Sun May 11 07:08:59 UTC 2014


#28208: in wp_handle_upload setting the overwrite `test_upload` to false won't work
for move_uploaded_file
----------------------------+-----------------------------
 Reporter:  bassjobsen      |      Owner:
     Type:  defect (bug)    |     Status:  new
 Priority:  normal          |  Milestone:  Awaiting Review
Component:  Filesystem API  |    Version:  3.9.1
 Severity:  normal          |   Keywords:
  Focuses:                  |
----------------------------+-----------------------------
 `move_uploaded_file()` also checks `is_uploaded_file` so if you skip
 `is_uploaded_file` by setting `test_upload` to false you can still upload
 your file cause move_uploaded_file() blocks it.

 Possible solution

 replace
 {{{
  if ( false === @ move_uploaded_file( $file['tmp_name'], $new_file ) ) {
 }}}

 with:


 {{{
 if ( (false === $test_upload && false === @ rename( $file['tmp_name'],
 $new_file ))     || false === @ move_uploaded_file( $file['tmp_name'],
 $new_file ) ) {
 }}}

                 `

--
Ticket URL: <https://core.trac.wordpress.org/ticket/28208>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list