Opened 6 years ago
Last modified 6 months ago
#49865 new defect (bug)
_unzip_file_pclzip attempting to create directories all the way up to /
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Milestone: | Awaiting Review | Priority: | normal |
| Severity: | normal | Version: | 5.4 |
| Component: | Filesystem API | Keywords: | needs-test-info needs-testing close |
| Focuses: | administration | Cc: |
Description
In wp-admin/includes/file.php _unzip_file_pclzip looks to be attempting to create directories all the way up to / (the root directory of the server).
Line 1411:
$to = trailingslashit( $to );
Adds a trailing slash to the destination path.
Line 1636:
$needed_dirs[] = $to . untrailingslashit( $file['folder'] ? $file['filename'] : dirname( $file['filename'] ) );
Adds the $to directory to $needed_dirs if there are files at the root level of the archive.
Line 1655:
if ( untrailingslashit( $to ) == $dir ) {
attempts to skip the $to directory, but since the top-level path in $needed_dirs includes a trailing slash this check fails.
So then lines 1663-1666:
while ( ! empty( $parent_folder ) && untrailingslashit( $to ) != $parent_folder && ! in_array( $parent_folder, $needed_dirs ) ) {
$needed_dirs[] = $parent_folder;
$parent_folder = dirname( $parent_folder );
}
add every directory all the way up to /, the root of the server to $needed_dirs
Finally line 1673:
if ( ! $wp_filesystem->mkdir( $_dir, FS_CHMOD_DIR ) && ! $wp_filesystem->is_dir( $_dir ) ) {
throws an error when checking if / is a directory and the entire unzip fails.
If I remove untrailingslashit from line 1655 (or wrap $dir in untrailingslashit as well) that check works as designed and the problem is avoided.
Hi @mwheelermindbox, welcome to Trac and thanks for opening this ticket!
Unfortunately, I was unable to reproduce this. When updating the Rollback Update Failure feature plugin, and with a breakpoint set here, Xdebug shows the following:
$needed_dirs = [ '/var/www/html/wordpress-develop/src/wp-content/upgrade/rollback-update-failure.5.1.1', '/var/www/html/wordpress-develop/src/wp-content/upgrade/rollback-update-failure.5.1.1/rollback-update-failure', '/var/www/html/wordpress-develop/src/wp-content/upgrade/rollback-update-failure.5.1.1/rollback-update-failure/src', '/var/www/html/wordpress-develop/src/wp-content/upgrade/rollback-update-failure.5.1.1/rollback-update-failure/src/testing', '/var/www/html/wordpress-develop/src/wp-content/upgrade/rollback-update-failure.5.1.1/rollback-update-failure/src/wp-admin', '/var/www/html/wordpress-develop/src/wp-content/upgrade/rollback-update-failure.5.1.1/rollback-update-failure/src/wp-admin/includes', '/var/www/html/wordpress-develop/src/wp-content/upgrade/rollback-update-failure.5.1.1/rollback-update-failure/src/wp-includes' ]As I can't reproduce this, I'm tentatively adding
needs-testing-infoandclose. Reproduction steps should include an archive structure, an appropriate$file,$to, and$needed_dirsarguments for_unzip_file_pclzip().If reproduction steps aren't available within the next month, I'll close this ticket as
invalid.