mirror of
https://github.com/WordPress/WordPress.git
synced 2025-01-23 00:31:28 +01:00
Replace use of tmpfile() with a safe get_temp_dir(). tmpfile() may use a temporary directly which is not writable. Add static caching to get_temp_dir() & better protect against bad server configs. Fixes #12866
git-svn-id: http://svn.automattic.com/wordpress/trunk@14016 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
07a523894a
commit
d5ee7bca10
@ -92,7 +92,9 @@ class WP_Filesystem_FTPext extends WP_Filesystem_Base {
|
||||
if ( empty($type) )
|
||||
$type = FTP_BINARY;
|
||||
|
||||
$temp = tmpfile();
|
||||
$tempfile = wp_tempnam($file);
|
||||
$temp = fopen($tempfile, 'w+');
|
||||
|
||||
if ( ! $temp )
|
||||
return false;
|
||||
|
||||
@ -106,6 +108,7 @@ class WP_Filesystem_FTPext extends WP_Filesystem_Base {
|
||||
$contents .= fread($temp, 8192);
|
||||
|
||||
fclose($temp);
|
||||
unlink($tempfile);
|
||||
return $contents;
|
||||
}
|
||||
function get_contents_array($file) {
|
||||
@ -113,7 +116,8 @@ class WP_Filesystem_FTPext extends WP_Filesystem_Base {
|
||||
}
|
||||
|
||||
function put_contents($file, $contents, $mode = false ) {
|
||||
$temp = tmpfile();
|
||||
$tempfile = wp_tempnam($file);
|
||||
$temp = fopen($tempfile, 'w+');
|
||||
if ( ! $temp )
|
||||
return false;
|
||||
|
||||
@ -124,6 +128,7 @@ class WP_Filesystem_FTPext extends WP_Filesystem_Base {
|
||||
$ret = @ftp_fput($this->link, $file, $temp, $type);
|
||||
|
||||
fclose($temp);
|
||||
unlink($tempfile);
|
||||
|
||||
$this->chmod($file, $mode);
|
||||
|
||||
|
@ -149,21 +149,29 @@ function list_files( $folder = '', $levels = 100 ) {
|
||||
* @return string Writable temporary directory
|
||||
*/
|
||||
function get_temp_dir() {
|
||||
static $temp;
|
||||
if ( defined('WP_TEMP_DIR') )
|
||||
return trailingslashit(WP_TEMP_DIR);
|
||||
|
||||
if ( $temp )
|
||||
return trailingslashit($temp);
|
||||
|
||||
$temp = WP_CONTENT_DIR . '/';
|
||||
if ( is_dir($temp) && is_writable($temp) )
|
||||
return $temp;
|
||||
|
||||
if ( function_exists('sys_get_temp_dir') )
|
||||
return trailingslashit(sys_get_temp_dir());
|
||||
if ( function_exists('sys_get_temp_dir') ) {
|
||||
$temp = sys_get_temp_dir();
|
||||
if ( is_writable($temp) )
|
||||
return trailingslashit($temp);
|
||||
}
|
||||
|
||||
$temp = ini_get('upload_tmp_dir');
|
||||
if ( is_dir($temp) ) // always writable
|
||||
if ( is_dir($temp) && is_writable($temp) )
|
||||
return trailingslashit($temp);
|
||||
|
||||
return '/tmp/';
|
||||
$temp = '/tmp/';
|
||||
return $temp;
|
||||
}
|
||||
|
||||
/**
|
||||
@ -179,7 +187,7 @@ function get_temp_dir() {
|
||||
* @param string $dir (optional) Directory to store the file in
|
||||
* @return string a writable filename
|
||||
*/
|
||||
function wp_tempnam($filename = '', $dir = ''){
|
||||
function wp_tempnam($filename = '', $dir = '') {
|
||||
if ( empty($dir) )
|
||||
$dir = get_temp_dir();
|
||||
$filename = basename($filename);
|
||||
@ -603,7 +611,7 @@ function _unzip_file_ziparchive($file, $to, $needed_dirs = array() ) {
|
||||
return new WP_Error('extract_failed', __('Could not extract file from archive.'), $info['name']);
|
||||
|
||||
if ( ! $wp_filesystem->put_contents( $to . $info['name'], $contents, FS_CHMOD_FILE) )
|
||||
return new WP_Error('copy_failed', __('Could not copy file.'), $to . $file['filename']);
|
||||
return new WP_Error('copy_failed', __('Could not copy file.'), $to . $info['filename']);
|
||||
}
|
||||
|
||||
$z->close();
|
||||
|
Loading…
Reference in New Issue
Block a user