Upload plugin and theme functionalities are not removing uploaded files after failure conditions.

[rawrly]

Within wp-admin, an administrator user may upload files by using the Upload Plugin functionality (Plugins -> Add New -> Upload plugin) and the Upload Theme functionality (Appearance -> Themes -> Add New -> Upload Theme)

These processes uploads the user submitted file to /wp-content/uploads/{month} first, then attempts to extract it to the plugins or theme directory (The form expects a .zip file, yet allows any mime-type or extension for uploaded files, such as images, or .php files). If the process fails for any reason the uploaded file remains in /wp-content/uploads/ and/or /wp-content/upgrade/

It would be best if the plugin and theme upload functionalities properly clean up the uploaded files if a plugin or theme fail to properly get extracted and/or installed.

Note: On successful installations of a plugin or theme, the uploaded file is being properly removed from /wp-content/uploads/ and/or /wp-content/upgrade/

[csorbamedia]

I have tested this issue and I have the same thing. I'm working on the patch for it and will supply it soon.

[sanket.parmar]

Hi All,

I've tried to fix this and added code for that in wp-admin/includes/class-wp-upgrader.php file.

[caralin]

Hi, I've tried the patch on WordPress 5.6, but the zip file after failed installation doesn't delete in /wp-content/upgrade/. Does this will be patch in later version WordPress?