WordPress.org

Make WordPress Core

Opened 11 months ago

Last modified 2 weeks ago

#44710 new defect (bug)

Upload plugin and theme functionalities are not removing uploaded files after failure conditions.

Reported by: rawrly Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version: 4.9.7
Component: Administration Keywords: needs-patch
Focuses: Cc:

Description

Within wp-admin, an administrator user may upload files by using the Upload Plugin functionality (Plugins -> Add New -> Upload plugin) and the Upload Theme functionality (Appearance -> Themes -> Add New -> Upload Theme)

These processes uploads the user submitted file to /wp-content/uploads/{month} first, then attempts to extract it to the plugins or theme directory (The form expects a .zip file, yet allows any mime-type or extension for uploaded files, such as images, or .php files). If the process fails for any reason the uploaded file remains in /wp-content/uploads/ and/or /wp-content/upgrade/

It would be best if the plugin and theme upload functionalities properly clean up the uploaded files if a plugin or theme fail to properly get extracted and/or installed.

Note: On successful installations of a plugin or theme, the uploaded file is being properly removed from /wp-content/uploads/ and/or /wp-content/upgrade/

Attachments (1)

44710.diff (824 bytes) - added by sanket.parmar 2 weeks ago.

Download all attachments as: .zip

Change History (4)

#1 @SergeyBiryukov
11 months ago

  • Keywords needs-patch added

#2 @csorbamedia
10 months ago

I have tested this issue and I have the same thing. I'm working on the patch for it and will supply it soon.

#3 @sanket.parmar
2 weeks ago

Hi All,

I've tried to fix this and added code for that in wp-admin/includes/class-wp-upgrader.php file.

@sanket.parmar
2 weeks ago

Note: See TracTickets for help on using tickets.