Make WordPress Core


Ignore:
Timestamp:
04/06/2010 11:20:51 AM (15 years ago)
Author:
dd32
Message:

Replace use of tmpfile() with a safe get_temp_dir(). tmpfile() may use a temporary directly which is not writable. Add static caching to get_temp_dir() & better protect against bad server configs. Fixes #12866

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/includes/class-wp-filesystem-ftpext.php

    r13869 r14016  
    9393            $type = FTP_BINARY;
    9494
    95         $temp = tmpfile();
     95        $tempfile = wp_tempnam($file);
     96        $temp = fopen($tempfile, 'w+');
     97
    9698        if ( ! $temp )
    9799            return false;
     
    107109
    108110        fclose($temp);
     111        unlink($tempfile);
    109112        return $contents;
    110113    }
     
    114117
    115118    function put_contents($file, $contents, $mode = false ) {
    116         $temp = tmpfile();
     119        $tempfile = wp_tempnam($file);
     120        $temp = fopen($tempfile, 'w+');
    117121        if ( ! $temp )
    118122            return false;
     
    125129
    126130        fclose($temp);
     131        unlink($tempfile);
    127132
    128133        $this->chmod($file, $mode);
Note: See TracChangeset for help on using the changeset viewer.