Changeset 2836680
- Timestamp:
- 12/20/2022 01:57:50 PM (3 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
wp-contentools/trunk/includes/class-contentools-rest.php
r2835252 r2836680 254 254 } 255 255 256 $php_auth_user = sanitize_user($_SERVER['PHP_AUTH_USER']);257 258 256 if (!isset($_SERVER['PHP_AUTH_USER']) && (isset($_SERVER['HTTP_AUTHORIZATION']) || isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION']))) { 259 257 … … 269 267 270 268 if (!empty($header)) { 269 $php_auth_user = sanitize_user($_SERVER['PHP_AUTH_USER']); 271 270 272 271 list($php_auth_user, $_SERVER['PHP_AUTH_PW']) = explode(':', base64_decode(substr($header, 6))); … … 283 282 } 284 283 285 $username = $php_auth_user;284 $username = sanitize_user($_SERVER['PHP_AUTH_USER']); 286 285 $password = $_SERVER['PHP_AUTH_PW']; 287 286 … … 599 598 600 599 } elseif (isset($_POST['file'])) { 600 601 $allowed_extensions = array('jpg', 'jpeg', 'png', 'gif', 'ico', 'bmp', 'webp'); 602 603 $image_extension = pathinfo($_FILES['file'][0], PATHINFO_EXTENSION); 604 605 $image_size = wp_getimagesize(empty($_FILES['file'][1])); 606 607 if (!in_array($image_extension, $allowed_extensions) || empty($image_size)) { 608 609 return new WP_Error('upload_error', __('Image extension not allowed.'), array('status' => 500)); 610 611 } 601 612 602 613 $tempnam = wp_tempnam(sanitize_file_name($_POST['file'][0]));
Note: See TracChangeset
for help on using the changeset viewer.