tmpfile() may use non-writable directory causing upgrades to fail
|Reported by:||dd32||Owned by:||dd32|
According to ocean90's investigation of a core upgrade issue in #8668, and verified by php.net, tmpfile() may use a temporary directory which is not writable.
The temporary directory may be non-writable due to ACL's, or due to open_basedir restrictions - Both bad server configurations.
Warning: tmpfile() [function.tmpfile]: open_basedir restriction in effect. File(/tmp) is not within the allowed path(s): ( /var/www/web39/html/: /var/www/web39/phptmp/:/var/www/web39/files/: /var/www/web39/atd/ )in /var/www/web39/html/blog/wp-admin/includes/class-wp-filesystem-ftpext.php on line 116
commit coming up replaced tmpfile() with a wp_tempname()+fopen() call.
Commit also adds static caching to get_temp_dir() as it may be called rather often with this cod branch. In addition to that, to protect against more bad server environments, the temporary directory is checked to be writable in all given branches.
Change History (5)
- Keywords has-patch added
- Resolution fixed deleted
- Status changed from closed to reopened