WordPress.org

Make WordPress Core

Changeset 31936


Ignore:
Timestamp:
03/31/2015 02:10:06 AM (5 years ago)
Author:
dd32
Message:

Add some logic into wp_tempnam to prevent it creating 'falsey' directory names that might get used elsewhere within WordPress.
Although this logic looks a little strange at this low level, it's the best location within the Upgrades code for it to happen.
Fixes #31811

Location:
trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/includes/file.php

    r31884 r31936  
    142142 * @return string a writable filename
    143143 */
    144 function wp_tempnam($filename = '', $dir = '') {
    145     if ( empty($dir) )
     144function wp_tempnam( $filename = '', $dir = '' ) {
     145    if ( empty( $dir ) ) {
    146146        $dir = get_temp_dir();
    147     $filename = basename($filename);
    148     if ( empty($filename) )
     147    }
     148
     149    if ( empty( $filename ) || '.' == $filename ) {
    149150        $filename = time();
    150 
    151     $filename = preg_replace('|\..*$|', '.tmp', $filename);
    152     $filename = $dir . wp_unique_filename($dir, $filename);
    153     touch($filename);
    154     return $filename;
     151    }
     152
     153    // Use the basename of the given file without the extension as the name for the temporary directory
     154    $temp_filename = basename( $filename );
     155    $temp_filename = preg_replace( '|\.[^.]*$|', '', $temp_filename );
     156
     157    // If the folder is falsey, use it's parent directory name instead
     158    if ( ! $temp_filename ) {
     159        return wp_tempnam( dirname( $filename ), $dir );
     160    }
     161
     162    $temp_filename .= '.tmp';
     163    $temp_filename = $dir . wp_unique_filename( $dir, $temp_filename );
     164    touch( $temp_filename );
     165
     166    return $temp_filename;
    155167}
    156168
     
    628640    // Create those directories if need be:
    629641    foreach ( $needed_dirs as $_dir ) {
    630         if ( ! $wp_filesystem->mkdir($_dir, FS_CHMOD_DIR) && ! $wp_filesystem->is_dir($_dir) ) // Only check to see if the Dir exists upon creation failure. Less I/O this way.
     642        // Only check to see if the Dir exists upon creation failure. Less I/O this way.
     643        if ( ! $wp_filesystem->mkdir( $_dir, FS_CHMOD_DIR ) && ! $wp_filesystem->is_dir( $_dir ) ) {
    631644            return new WP_Error( 'mkdir_failed_ziparchive', __( 'Could not create directory.' ), substr( $_dir, strlen( $to ) ) );
     645        }
    632646    }
    633647    unset($needed_dirs);
  • trunk/tests/phpunit/tests/file.php

    r25002 r31936  
    153153    }
    154154
     155    /**
     156     * @dataProvider data_wp_tempnam_filenames
     157     */
     158    function test_wp_tempnam( $case ) {
     159        $file = wp_tempnam( $case );
     160        unlink( $file );
     161
     162        $this->assertNotEmpty( basename( basename( $file, '.tmp' ), '.zip' ) );
     163    }
     164    function data_wp_tempnam_filenames() {
     165        return array(
     166            array( '0.zip' ),
     167            array( '0.1.2.3.zip' ),
     168            array( 'filename.zip' ),
     169            array( 'directory/0.zip' ),
     170            array( 'directory/filename.zip' ),
     171            array( 'directory/0/0.zip' ),
     172        );
     173    }
     174
    155175}
Note: See TracChangeset for help on using the changeset viewer.