WordPress.org

Make WordPress Core

Opened 9 months ago

Last modified 8 months ago

#24761 new defect (bug)

PHP Warning: filesize(): stat failed

Reported by: conner_bw Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version: 3.5.2
Component: Upload Keywords: reporter-feedback
Focuses: Cc:

Description

Seeing this more often than I would like.

PHP Warning: filesize(): stat failed for /tmp/php4eOOiM in wp-admin/includes/ms.php on line 30, referer: http://foo.somesite.com/wp-admin/post.php?post=123&action=edit

Line ~30 looks like:

$file_size = filesize( $file['tmp_name'] );

$file could have ['error'], not exist because it's too big and was deleted, etc.

IMHO this should be checked before filesize.

Thank you for your consideration.

Change History (10)

comment:1 markoheijnen9 months ago

  • Keywords reporter-feedback added

Did you get the errors when using the default functionality from WordPress? I can't seem to reproduce it since it does check if there is an error.

So in this case it would mean that $_FILES[ "some_file" ][ "error" ] was 0. That happens on line 22. Unless PHP decided in a certain version to make it numeric. What PHP version do you run?

Last edited 9 months ago by markoheijnen (previous) (diff)

comment:2 conner_bw9 months ago

We're running PHP 5.4.15

Not sure what to say about your default WordPress comment. The only way that code is executed is via your own:

add_filter( 'wp_handle_upload_prefilter', 'check_upload_size' );

It should gracefully handle other plugins also using wp_handle_upload_prefilter?

Regards,

Last edited 9 months ago by conner_bw (previous) (diff)

comment:3 conner_bw9 months ago

Sorry, to be more clear:

The problem is in the function check_upload_size()

WordPress Core invokes this function as follows:
add_filter( 'wp_handle_upload_prefilter', 'check_upload_size' );

Therefore, $file could be changed by others. That should be the default user case. WordPress Core should defensively deal with this not ignore this.

Otherwise, WordPress core should not stack check_upload_size() onto wp_handle_upload_prefilter.

Thanks for your help!

comment:4 conner_bw9 months ago

IMHO the simplest solution would be to supresss the warning, ie.

$file_size = @filesize( $file['tmp_name'] );

But this could be considered sloppy.

Cheers.

comment:5 DrewAPicture9 months ago

  • Summary changed from PHP Warning: filesize(): stat failed for /tmp/php4eOOiM in wp-admin/includes/ms.php on line 30, referer: http://foo.somesite.com/wp-admin/post.php?post=81&action=edit to PHP Warning: filesize(): stat failed

comment:6 follow-ups: markoheijnen9 months ago

I meant that you getting this errors by using WordPress functionality instead of using something a plugin added.

check_upload_size() can check if tmp_name isn't set and ignore the rest but if a plugin unset $filetmp_name? then it isn't a core issue and it is stupid a plugin does that.

Can you explain this sentence:

$file could have ['error'], not exist because it's too big and was deleted, etc.

Also I don't quite understand what you mean with the last part of comment 3. The reason of that filter is to change $file and then specific the 'error' value.

comment:7 in reply to: ↑ 6 conner_bw9 months ago

Replying to markoheijnen:

Can you explain this sentence:

I was listing hypothetical situations as to why filesize() could fail. Emphasis on etc.

Best regards,

comment:8 in reply to: ↑ 6 conner_bw9 months ago

Replying to markoheijnen:

The reason of that filter is to change $file and then specific the 'error' value.

Yes, exactly.

Yet another reason why filesize() could fail. That is, other plugins could change $file before WordPress does.

Best regards,

comment:9 in reply to: ↑ 6 conner_bw9 months ago

Replying to markoheijnen:

I meant that you getting this errors by using WordPress functionality instead of using something a plugin added.

As far as I can tell it's default functionality.

The issue appears in production. Turning on/off plugins to test is not an option. Cannot duplicate in dev or testing environment.

We write our own plugins so I can assure you it' not a stupid one. :)

Best regards,

comment:10 avryl8 months ago

  • Component changed from General to Upload
Note: See TracTickets for help on using tickets.