Make WordPress Core


Ignore:
Timestamp:
07/10/2023 08:31:35 PM (12 months ago)
Author:
azaozz
Message:

Filesystem API: Ensure wp_tempnam() does not produce file names longer than 255 characters as this is the limit on most filesystems.

Props: costdev, doems, mikeschroder, oglekler, mrinal013.
Fixes: #35755.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/includes/file.php

    r56174 r56186  
    690690    $temp_filename .= '-' . wp_generate_password( 6, false );
    691691    $temp_filename .= '.tmp';
    692     $temp_filename  = $dir . wp_unique_filename( $dir, $temp_filename );
     692    $temp_filename  = wp_unique_filename( $dir, $temp_filename );
     693
     694    /*
     695     * Filesystems typically have a limit of 255 characters for a filename.
     696     *
     697     * If the generated unique filename exceeds this, truncate the initial
     698     * filename and try again.
     699     *
     700     * As it's possible that the truncated filename may exist, producing a
     701     * suffix of "-1" or "-10" which could exceed the limit again, truncate
     702     * it to 252 instead.
     703     */
     704    $characters_over_limit = strlen( $temp_filename ) - 252;
     705    if ( $characters_over_limit > 0 ) {
     706        $filename = substr( $filename, 0, -$characters_over_limit );
     707        return wp_tempnam( $filename, $dir );
     708    }
     709
     710    $temp_filename = $dir . $temp_filename;
    693711
    694712    $fp = @fopen( $temp_filename, 'x' );
Note: See TracChangeset for help on using the changeset viewer.