Make WordPress Core

Opened 6 years ago

Last modified 3 years ago

#44710 new defect (bug)

Upload plugin and theme functionalities are not removing uploaded files after failure conditions.

Reported by: rawrly's profile rawrly Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version: 4.9.7
Component: Administration Keywords: needs-patch
Focuses: Cc:


Within wp-admin, an administrator user may upload files by using the Upload Plugin functionality (Plugins -> Add New -> Upload plugin) and the Upload Theme functionality (Appearance -> Themes -> Add New -> Upload Theme)

These processes uploads the user submitted file to /wp-content/uploads/{month} first, then attempts to extract it to the plugins or theme directory (The form expects a .zip file, yet allows any mime-type or extension for uploaded files, such as images, or .php files). If the process fails for any reason the uploaded file remains in /wp-content/uploads/ and/or /wp-content/upgrade/

It would be best if the plugin and theme upload functionalities properly clean up the uploaded files if a plugin or theme fail to properly get extracted and/or installed.

Note: On successful installations of a plugin or theme, the uploaded file is being properly removed from /wp-content/uploads/ and/or /wp-content/upgrade/

Attachments (1)

44710.diff (824 bytes) - added by sanket.parmar 5 years ago.

Download all attachments as: .zip

Change History (5)

#1 @SergeyBiryukov
6 years ago

  • Keywords needs-patch added

#2 @csorbamedia
6 years ago

I have tested this issue and I have the same thing. I'm working on the patch for it and will supply it soon.

#3 @sanket.parmar
5 years ago

Hi All,

I've tried to fix this and added code for that in wp-admin/includes/class-wp-upgrader.php file.

5 years ago

#4 @caralin
3 years ago

Hi, I've tried the patch on WordPress 5.6, but the zip file after failed installation doesn't delete in /wp-content/upgrade/. Does this will be patch in later version WordPress?

Note: See TracTickets for help on using tickets.