Make WordPress Core

Opened 11 years ago

Closed 9 years ago

#24761 closed defect (bug) (worksforme)

PHP Warning: filesize(): stat failed

Reported by: conner_bw's profile conner_bw Owned by:
Milestone: Priority: normal
Severity: normal Version: 3.5.2
Component: Upload Keywords:
Focuses: Cc:

Description

Seeing this more often than I would like.

PHP Warning: filesize(): stat failed for /tmp/php4eOOiM in wp-admin/includes/ms.php on line 30, referer: http://foo.somesite.com/wp-admin/post.php?post=123&action=edit

Line ~30 looks like:

$file_size = filesize( $file['tmp_name'] );

$file could have ['error'], not exist because it's too big and was deleted, etc.

IMHO this should be checked before filesize.

Thank you for your consideration.

Change History (11)

#1 @markoheijnen
11 years ago

  • Keywords reporter-feedback added

Did you get the errors when using the default functionality from WordPress? I can't seem to reproduce it since it does check if there is an error.

So in this case it would mean that $_FILES[ "some_file" ][ "error" ] was 0. That happens on line 22. Unless PHP decided in a certain version to make it numeric. What PHP version do you run?

Last edited 11 years ago by markoheijnen (previous) (diff)

#2 @conner_bw
11 years ago

We're running PHP 5.4.15

Not sure what to say about your default WordPress comment. The only way that code is executed is via your own:

add_filter( 'wp_handle_upload_prefilter', 'check_upload_size' );

It should gracefully handle other plugins also using wp_handle_upload_prefilter?

Regards,

Last edited 11 years ago by conner_bw (previous) (diff)

#3 @conner_bw
11 years ago

Sorry, to be more clear:

The problem is in the function check_upload_size()

WordPress Core invokes this function as follows:
add_filter( 'wp_handle_upload_prefilter', 'check_upload_size' );

Therefore, $file could be changed by others. That should be the default user case. WordPress Core should defensively deal with this not ignore this.

Otherwise, WordPress core should not stack check_upload_size() onto wp_handle_upload_prefilter.

Thanks for your help!

#4 @conner_bw
11 years ago

IMHO the simplest solution would be to supresss the warning, ie.

$file_size = @filesize( $file['tmp_name'] );

But this could be considered sloppy.

Cheers.

#5 @DrewAPicture
11 years ago

  • Summary changed from PHP Warning: filesize(): stat failed for /tmp/php4eOOiM in wp-admin/includes/ms.php on line 30, referer: http://foo.somesite.com/wp-admin/post.php?post=81&action=edit to PHP Warning: filesize(): stat failed

#6 follow-ups: @markoheijnen
11 years ago

I meant that you getting this errors by using WordPress functionality instead of using something a plugin added.

check_upload_size() can check if tmp_name isn't set and ignore the rest but if a plugin unset $filetmp_name? then it isn't a core issue and it is stupid a plugin does that.

Can you explain this sentence:

$file could have ['error'], not exist because it's too big and was deleted, etc.

Also I don't quite understand what you mean with the last part of comment 3. The reason of that filter is to change $file and then specific the 'error' value.

#7 in reply to: ↑ 6 @conner_bw
11 years ago

Replying to markoheijnen:

Can you explain this sentence:

I was listing hypothetical situations as to why filesize() could fail. Emphasis on etc.

Best regards,

#8 in reply to: ↑ 6 @conner_bw
11 years ago

Replying to markoheijnen:

The reason of that filter is to change $file and then specific the 'error' value.

Yes, exactly.

Yet another reason why filesize() could fail. That is, other plugins could change $file before WordPress does.

Best regards,

#9 in reply to: ↑ 6 @conner_bw
11 years ago

Replying to markoheijnen:

I meant that you getting this errors by using WordPress functionality instead of using something a plugin added.

As far as I can tell it's default functionality.

The issue appears in production. Turning on/off plugins to test is not an option. Cannot duplicate in dev or testing environment.

We write our own plugins so I can assure you it' not a stupid one. :)

Best regards,

#10 @iseulde
11 years ago

  • Component changed from General to Upload

#11 @chriscct7
9 years ago

  • Keywords reporter-feedback removed
  • Milestone Awaiting Review deleted
  • Resolution set to worksforme
  • Status changed from new to closed

Zero additional reports in 2 years and unable to reproduce. Closing as worksforme

Note: See TracTickets for help on using tickets.