Make WordPress Core


Ignore:
Timestamp:
11/16/2015 05:32:32 AM (8 years ago)
Author:
dd32
Message:

Decrease the chances that wp_tempnam() will conflict with an existing file by suffixing a random ID to the generated filename.
This also switches from using touch() to using fopen( $file, 'x') to ensure that we're the process creating the file.

Fixes #34562

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/includes/file.php

    r35579 r35644  
    165165    }
    166166
     167    // Suffix some random data to avoid filename conflicts
     168    $temp_filename .= '-' . wp_generate_password( 6, false );
    167169    $temp_filename .= '.tmp';
    168170    $temp_filename = $dir . wp_unique_filename( $dir, $temp_filename );
    169     touch( $temp_filename );
     171
     172    $fp = @fopen( $temp_filename, 'x' );
     173    if ( ! $fp && is_writable( $dir ) && file_exists( $temp_filename ) ) {
     174        return wp_tempnam( $filename, $dir );
     175    }
     176    if ( $fp ) {
     177        fclose( $fp );
     178    }
    170179
    171180    return $temp_filename;
Note: See TracChangeset for help on using the changeset viewer.