search

humanmade / S3-Uploads

The WordPress Plugin to Store Uploads on Amazon S3
1.92k stars 389 forks source link

Plugin crashes with improper input #634

Open Firmware-Repairman opened 1 year ago

Firmware-Repairman commented 1 year ago

The function get_files_for_unique_filename_file_list() returns a boolean (false) if the parameter passed to scandir() is not a directory. This causes the filter where it is used to crash. If scandir() returns false the function should return an empty array.

Function

    /**
     * Override the files used for wp_unique_filename() comparisons
     *
     * @param array|null $files
     * @param string $dir
     * @return array
     */
    public function get_files_for_unique_filename_file_list( ?array $files, string $dir, string $filename ) : array {
        $name = pathinfo( $filename, PATHINFO_FILENAME );
        // The s3:// streamwrapper support listing by partial prefixes with wildcards.
        // For example, scandir( s3://bucket/2019/06/my-image* )
        return scandir( trailingslashit( $dir ) . $name . '*' );
    }

Error trace

Fatal error: Uncaught Error: Return value of S3_Uploads\Plugin::get_files_for_unique_filename_file_list() must be of the type array, bool returned in /srv/htdocs/wp-content/plugins/s3-uploads/inc/class-plugin.php on line 668

Call stack:

S3_Uploads\Plugin::get_files_for_unique_filename_file_list() wp-includes/class-wp-hook.php:308 WP_Hook::apply_filters() wp-includes/plugin.php:205 apply_filters() wp-includes/functions.php:2643 ...

rasmuswinter commented 1 year ago

Duplicate of issue #630

Fixed in PR #637