(From the Support Desk.)
I'm confused by the regex in UploadStash.php:
# When this task was originally filed the const was set to '/^[\w\-\.]+\.\w*$/'. See comment below. const KEY_FORMAT_REGEX = '/^[\w-\.]+\.\w*$/';
What is [\w-\.] supposed to mean?
In any case, while the regex works in php 5.x and 7.2, in 7.3, it returns different results. The following one-liner can be used to test this:
php -r '$file="a.bcd"; $key="/^[\w-\.]+\.\w*$/"; var_dump(preg_match($key, $file));'
That works for me on php 5.6 and php 7.2 (it prints int(1)), but fails on php 7.3 where it returns:
PHP Warning: preg_match(): Compilation failed: invalid range in character class at offset 4 in Command line code on line 1 bool(false)