Opened 14 years ago
Closed 14 years ago
#12866 closed defect (bug) (fixed)
tmpfile() may use non-writable directory causing upgrades to fail
Reported by: | dd32 | Owned by: | dd32 |
---|---|---|---|
Milestone: | 3.0 | Priority: | normal |
Severity: | normal | Version: | |
Component: | Upgrade/Install | Keywords: | has-patch |
Focuses: | Cc: |
Description
According to ocean90's investigation of a core upgrade issue in #8668, and verified by php.net, tmpfile() may use a temporary directory which is not writable.
The temporary directory may be non-writable due to ACL's, or due to open_basedir restrictions - Both bad server configurations.
Example error:
Warning: tmpfile() [function.tmpfile]: open_basedir restriction in effect. File(/tmp) is not within the allowed path(s): ( /var/www/web39/html/: /var/www/web39/phptmp/:/var/www/web39/files/: /var/www/web39/atd/ )in /var/www/web39/html/blog/wp-admin/includes/class-wp-filesystem-ftpext.php on line 116
commit coming up replaced tmpfile() with a wp_tempname()+fopen() call.
Commit also adds static caching to get_temp_dir() as it may be called rather often with this cod branch. In addition to that, to protect against more bad server environments, the temporary directory is checked to be writable in all given branches.
Attachments (1)
Change History (5)
#3
@
14 years ago
- Keywords has-patch added
- Resolution fixed deleted
- Status changed from closed to reopened
We should add @ in front of is_writable(). If $tmp is e.g. /tmp I get a open_basedir warning.
Warning: is_writable() [function.is-writable]: open_basedir restriction in effect. File(/tmp) is not within the allowed path(s):
This appears to be causing some situations of the following errors:
I thought it would be better to move this to its own ticket rather than the old potentially out of date ticket.