diff options
| author | webchick <webchick@24967.no-reply.drupal.org> | 2012-05-02 11:41:38 -0700 |
|---|---|---|
| committer | webchick <webchick@24967.no-reply.drupal.org> | 2012-05-02 11:41:38 -0700 |
| commit | ef788926008f96942eaeac0faa4d7b4776b0f25a (patch) | |
| tree | 5a972aba57a201a9431a3b04d7196fb25e739d33 /modules/system/system.install | |
| parent | 58a2b40b3b03b2445c6c31efd3183c7a4b24e24f (diff) | |
| download | brdo-ef788926008f96942eaeac0faa4d7b4776b0f25a.tar.gz brdo-ef788926008f96942eaeac0faa4d7b4776b0f25a.tar.bz2 | |
Issue #966210 follow-up by chx: More secure fix for system_update_7061().
Diffstat (limited to 'modules/system/system.install')
| -rw-r--r-- | modules/system/system.install | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/modules/system/system.install b/modules/system/system.install index 18a0a6749..c0300000e 100644 --- a/modules/system/system.install +++ b/modules/system/system.install @@ -2795,7 +2795,7 @@ function system_update_7061(&$sandbox) { foreach ($revision['file'][LANGUAGE_NONE] as $delta => $file) { // We will convert filepaths to uri using the default scheme // and stripping off the existing file directory path. - $file['uri'] = $scheme . preg_replace('!^' . $basename . '!', '', $file['filepath']); + $file['uri'] = $scheme . preg_replace('!^' . preg_quote($basename) . '!', '', $file['filepath']); $file['uri'] = file_stream_wrapper_uri_normalize($file['uri']); unset($file['filepath']); // Insert into the file_managed table. |