Changeset 52761 for branches/5.9/src/wp-admin/includes/file.php

Timestamp:

02/17/2022 05:42:09 PM (3 years ago)

Author:

SergeyBiryukov

Message:

Filesystem API: Use a temp folder for Content-Disposition files.

#38231 added support for files fetched remotely to have their filename defined by the host using the Content-Disposition header. This would then take priority over the existing temporary file name created with wp_tempnam() earlier in the process.

The change unintentionally omitted the temporary directory path used during uploads, since the wp_tempnam() function would have added it previously, so that files with this header ended up being stored in the WordPress root folder, or wp-admin folder, when triggered by WP_Cron or user interactions respectively.

This change makes sure the file path includes the temporary directory location when the header is used.

Follow-up to [51939].

Props antonynz, azouamauriac, Clorith.
Merges [52734] and [52760] to the 5.9 branch.
Fixes #55109.

Location:

branches/5.9

Files:

• . (modified) (1 prop)
• src/wp-admin/includes/file.php (modified) (1 diff)

branches/5.9/src/wp-admin/includes/file.php

@@ -1199 +1199 @@
             && ( 0 === validate_file( $tmpfname_disposition ) )
         ) {
+            $tmpfname_disposition = dirname( $tmpfname ) . '/' . $tmpfname_disposition;
+
             if ( rename( $tmpfname, $tmpfname_disposition ) ) {
                 $tmpfname = $tmpfname_disposition;