saadchellah

same /public_html/wp-content/plugins/defender-security/src/behavior/scan-item/class-core-integrity.php on line 36

/public_html/wp-content/plugins/defender-security/src/behavior/scan-item/class-core-integrity.php on line 42

change to this in \wp-includes/functions.php

    // Normalize path for Windows servers

    $file = wp_normalize_path( $file );

    // Normalize all allowed file paths

    $allowed_files = array_map( 'wp_normalize_path', $allowed_files );

    // ../ on its own is not allowed:

    if ( '../' === $file ) {

        return 1;

    }

    // More than one occurrence of ../ is not allowed:

    if ( preg_match_all( '#\.\./#', $file, $matches, PREG_SET_ORDER ) && ( count( $matches ) > 1 ) ) {

        return 1;

    }

    // ../ which does not occur at the end of the path is not allowed:

    if ( str_contains( $file, '../' ) && '../' !== mb_substr( $file, -3, 3 ) ) {

        return 1;

    }

    // Files not in the allowed file list are not allowed:

    if ( ! empty( $allowed_files ) && ! in_array( $file, $allowed_files, true ) ) {

        return 3;

    }

    // Absolute Windows drive paths are not allowed:

    if ( ':' === substr( $file, 1, 1 ) ) {

        return 2;

    }

    return 0;

}

• This reply was modified 3 months, 1 week ago by saadchellah.