From c319239bc377e565b91c8f3409ce50b3994b7f11 Mon Sep 17 00:00:00 2001 From: Andrew Ozz Date: Mon, 10 Jul 2023 20:33:23 +0000 Subject: [PATCH] Filesystem API: Ensure `wp_tempnam()` does not produce file names longer than 255 characters as this is the limit on most filesystems. Props: costdev, doems, mikeschroder, oglekler, mrinal013. Fixes: #35755. Built from https://develop.svn.wordpress.org/trunk@56186 git-svn-id: http://core.svn.wordpress.org/trunk@55698 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-admin/includes/file.php | 20 +++++++++++++++++++- wp-includes/version.php | 2 +- 2 files changed, 20 insertions(+), 2 deletions(-) diff --git a/wp-admin/includes/file.php b/wp-admin/includes/file.php index 91d15cc4cc..b9f58b32a7 100644 --- a/wp-admin/includes/file.php +++ b/wp-admin/includes/file.php @@ -689,7 +689,25 @@ function wp_tempnam( $filename = '', $dir = '' ) { // Suffix some random data to avoid filename conflicts. $temp_filename .= '-' . wp_generate_password( 6, false ); $temp_filename .= '.tmp'; - $temp_filename = $dir . wp_unique_filename( $dir, $temp_filename ); + $temp_filename = wp_unique_filename( $dir, $temp_filename ); + + /* + * Filesystems typically have a limit of 255 characters for a filename. + * + * If the generated unique filename exceeds this, truncate the initial + * filename and try again. + * + * As it's possible that the truncated filename may exist, producing a + * suffix of "-1" or "-10" which could exceed the limit again, truncate + * it to 252 instead. + */ + $characters_over_limit = strlen( $temp_filename ) - 252; + if ( $characters_over_limit > 0 ) { + $filename = substr( $filename, 0, -$characters_over_limit ); + return wp_tempnam( $filename, $dir ); + } + + $temp_filename = $dir . $temp_filename; $fp = @fopen( $temp_filename, 'x' ); diff --git a/wp-includes/version.php b/wp-includes/version.php index 742b09af5b..96ff884f40 100644 --- a/wp-includes/version.php +++ b/wp-includes/version.php @@ -16,7 +16,7 @@ * * @global string $wp_version */ -$wp_version = '6.3-beta3-56185'; +$wp_version = '6.3-beta3-56186'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.