Changeset 14016 for trunk/wp-admin/includes/file.php

Timestamp:

04/06/2010 11:20:51 AM (16 years ago)

Author:

dd32

Message:

Replace use of tmpfile() with a safe get_temp_dir(). tmpfile() may use a temporary directly which is not writable. Add static caching to get_temp_dir() & better protect against bad server configs. Fixes #12866

File:

• trunk/wp-admin/includes/file.php (modified) (4 diffs)

trunk/wp-admin/includes/file.php

@@ -150 +150 @@
  */
 function get_temp_dir() {
+    static $temp;
     if ( defined('WP_TEMP_DIR') )
         return trailingslashit(WP_TEMP_DIR);
+
+    if ( $temp )
+        return trailingslashit($temp);
 
     $temp = WP_CONTENT_DIR . '/';
@@ -157 +161 @@
         return $temp;
 
-    if  ( function_exists('sys_get_temp_dir') )
-        return trailingslashit(sys_get_temp_dir());
+    if  ( function_exists('sys_get_temp_dir') ) {
+        $temp = sys_get_temp_dir();
+        if ( is_writable($temp) )
+            return trailingslashit($temp);
+    }
 
     $temp = ini_get('upload_tmp_dir');
-    if ( is_dir($temp) ) // always writable
+    if ( is_dir($temp) && is_writable($temp) )
         return trailingslashit($temp);
 
-    return '/tmp/';
+    $temp = '/tmp/';
+    return $temp;
 }
 
@@ -180 +188 @@
  * @return string a writable filename
  */
-function wp_tempnam($filename = '', $dir = ''){
+function wp_tempnam($filename = '', $dir = '') {
     if ( empty($dir) )
         $dir = get_temp_dir();
@@ -604 +612 @@
 
         if ( ! $wp_filesystem->put_contents( $to . $info['name'], $contents, FS_CHMOD_FILE) )
-            return new WP_Error('copy_failed', __('Could not copy file.'), $to . $file['filename']);
+            return new WP_Error('copy_failed', __('Could not copy file.'), $to . $info['filename']);
     }