diff options
| author | donncha <donncha@7be80a69-a1ef-0310-a953-fb0f7c49ff36> | 2007-08-23 11:21:31 +0000 |
|---|---|---|
| committer | donncha <donncha@7be80a69-a1ef-0310-a953-fb0f7c49ff36> | 2007-08-23 11:21:31 +0000 |
| commit | c59ac52d8c4b90b51a41a64961a5b0020868fff9 (patch) | |
| tree | 3c1bda3a4300bd9e75091b15f758714c237d8155 /wp-content | |
| parent | 5547be0217e1e73ba81714cdafcf069902c3cada (diff) | |
| download | wordpress-mu-c59ac52d8c4b90b51a41a64961a5b0020868fff9.tar.gz wordpress-mu-c59ac52d8c4b90b51a41a64961a5b0020868fff9.tar.xz wordpress-mu-c59ac52d8c4b90b51a41a64961a5b0020868fff9.zip | |
Use mime_content_type() if available, finfo_file() anyone?
Sanitize filename, props Alexander Concha
git-svn-id: http://svn.automattic.com/wordpress-mu/trunk@1041 7be80a69-a1ef-0310-a953-fb0f7c49ff36
Diffstat (limited to 'wp-content')
| -rw-r--r-- | wp-content/blogs.php | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/wp-content/blogs.php b/wp-content/blogs.php index e359626..115b608 100644 --- a/wp-content/blogs.php +++ b/wp-content/blogs.php @@ -69,15 +69,17 @@ function wp_check_filetype($filename, $mimes = null) { endif;
-$file = $_GET[ 'file' ];
-
-$file = constant( "ABSPATH" ) . constant( "UPLOADS" ) . $file;
+$file = constant( "ABSPATH" ) . constant( "UPLOADS" ) . str_replace( '..', '', $_GET[ 'file' ] );
if ( !is_file( $file ) ) {
header("HTTP/1.1 404 Not Found");
die('404 — File not found.');
}
-$mime = wp_check_filetype( $_SERVER[ 'REQUEST_URI' ] );
+if( function_exists( "mime_content_type" ) ) {
+ $mime[ 'type' ] = mime_content_type( $_SERVER[ 'REQUEST_URI' ] );
+} else {
+ $mime = wp_check_filetype( $_SERVER[ 'REQUEST_URI' ] );
+}
if( $mime[ 'type' ] != false ) {
$mimetype = $mime[ 'type' ];
} else {
|