Support » Fixing WordPress » Upgrade 1.2.2 and upload.php remove underscore

  • I’ve upgrade my site from release 1.2.1 to 1.2.2.
    But now upload.php remove the underscore character (_) in the name of image file. Why?
    This a fix of security bug? Can i keep underscore character?
    The modify of new upload.php respect the old versione are:

    $imgalt = basename( (isset($_POST[‘imgalt’])) ? $_POST[‘imgalt’] : ” );

    $img1_name = (strlen($imgalt)) ? $imgalt : basename( $_FILES[‘img1’][‘name’] );
    $img1_name = preg_replace(‘/[^a-z0-9.]/i’, ”, strtolower($img1_name));
    $img1_type = (strlen($imgalt)) ? $_POST[‘img1_type’] : $_FILES[‘img1’][‘type’];
    $imgdesc = htmlentities2($imgdesc);

    $pi = pathinfo($img1_name);
    $imgtype = strtolower($pi[‘extension’]);

    Thanks!

Viewing 3 replies - 1 through 3 (of 3 total)
  • Sounds like an over-aggressive attempt to protect us from invalid characters and spaces. As far as I’m concerned, it’s a bug, since underscores (and dashes, which also seem to get hit in 1.2.2) are valid.

    Oh, and if anyone needs to edit upload.php so it retains _ and -, it’s to this line:

    $img1_name = preg_replace('/[^a-z0-9.]/i', '', strtolower($img1_name));

    Just change it to:

    $img1_name = preg_replace('/[^a-z0-9_\-.]/i', '', strtolower($img1_name));

    Thread Starter levysoft

    (@levysoft)

    Up this post…sure this is a bug?
    Where i must signal this bug?
    Thanks

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Upgrade 1.2.2 and upload.php remove underscore’ is closed to new replies.