WordPress.org

Make WordPress Core

Opened 6 months ago

#52844 new defect (bug)

wp_tempnam [download_url] unable to create temporary file if file name is too long

Reported by: nextendweb Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version:
Component: General Keywords:
Focuses: Cc:

Description

If the first parameter of the wp_tempnam function is too long, then the temporary file could not be created as filesystems has limit to the path and the file name length.

This mainly impacts download_url function which takes an url argument and tries to create temporary file based on basename( parse_url( $url, PHP_URL_PATH ) )

For example this url points to a Google avatar:

https://lh3.googleusercontent.com/a-/AOh14Gglfqpi2Kz6aFTysWWgDnP2PszwkmL55tl4QNSX62jNTt-GK7ERhWuIT9AehHIzIlTdxBrNUUeWLwGyZeqsM3W300OX8xDy6lOmUMIChjOUMmfM1qHUKRbpZmElOXyT4DNLJiixrPuwkAH24sy5cQLtp8YPhdKR1SrErcXzFLjO1EQ2JvgLFvihaL92ddDERbdFVziBgsl9R0VDplz-EX2Qr3q5ieaJ3d8pXBA-DyZB5FSQWx1RHUBXECE7CFGGKORHYwNrrJnvh8P57TlrdfYFNvzmPgoUJFGl7WITIKG7saB3nhdY2j9MdQ4j1a1lH-QuK6p_Pz1fYYJVHQEmYRhMWOXExh675j7k3xB4NYRbPnpKFjinayfkWNq7aZg5dfX0Pv_ZjhO9crZnpqAbfATL5DxG0zomMtY4KZqma3qKLq3MXpijXqD4vshMheoo90IcTKOUkopcP7RFES-R3TXb-R_JtNUQ-Uw-Wc41t03ySkvM4U8nuPX_XZ3nzc6fLlHtRKC0dw5Bm7cELv7Nb1YgSVIAqJveQ_QtzSwfbJo9-wXDgjv13jA24l34IPbieVfXJ2LIExKVuptVyfKy4G8FndRlMRbhhsAeQuHw6l3dmSxD8VOVfCTa3YPCFyQ66AI_B2ALHRwbdibkxI_DBhuH2WDZxHD8jPhKK0GrcPniIbIR0QwsZ7NBNGBQNGD4c3nf0xeYQQTr8VzteRhEpz2ERXiGboqslL10qTch8s7pz_mu5Xqty2Izs7Xm6vowIKAEYA=s96-c

The argument for wp_tempnam will be AOh14Gglfqpi2Kz6aFTysWWgDnP2PszwkmL55tl4QNSX62jNTt-GK7ERhWuIT9AehHIzIlTdxBrNUUeWLwGyZeqsM3W300OX8xDy6lOmUMIChjOUMmfM1qHUKRbpZmElOXyT4DNLJiixrPuwkAH24sy5cQLtp8YPhdKR1SrErcXzFLjO1EQ2JvgLFvihaL92ddDERbdFVziBgsl9R0VDplz-EX2Qr3q5ieaJ3d8pXBA-DyZB5FSQWx1RHUBXECE7CFGGKORHYwNrrJnvh8P57TlrdfYFNvzmPgoUJFGl7WITIKG7saB3nhdY2j9MdQ4j1a1lH-QuK6p_Pz1fYYJVHQEmYRhMWOXExh675j7k3xB4NYRbPnpKFjinayfkWNq7aZg5dfX0Pv_ZjhO9crZnpqAbfATL5DxG0zomMtY4KZqma3qKLq3MXpijXqD4vshMheoo90IcTKOUkopcP7RFES-R3TXb-R_JtNUQ-Uw-Wc41t03ySkvM4U8nuPX_XZ3nzc6fLlHtRKC0dw5Bm7cELv7Nb1YgSVIAqJveQ_QtzSwfbJo9-wXDgjv13jA24l34IPbieVfXJ2LIExKVuptVyfKy4G8FndRlMRbhhsAeQuHw6l3dmSxD8VOVfCTa3YPCFyQ66AI_B2ALHRwbdibkxI_DBhuH2WDZxHD8jPhKK0GrcPniIbIR0QwsZ7NBNGBQNGD4c3nf0xeYQQTr8VzteRhEpz2ERXiGboqslL10qTch8s7pz_mu5Xqty2Izs7Xm6vowIKAEYA=s96-c and it will result in a too long file name.

Example code:

$path = download_url('https://lh3.googleusercontent.com/a-/AOh14Gglfqpi2Kz6aFTysWWgDnP2PszwkmL55tl4QNSX62jNTt-GK7ERhWuIT9AehHIzIlTdxBrNUUeWLwGyZeqsM3W300OX8xDy6lOmUMIChjOUMmfM1qHUKRbpZmElOXyT4DNLJiixrPuwkAH24sy5cQLtp8YPhdKR1SrErcXzFLjO1EQ2JvgLFvihaL92ddDERbdFVziBgsl9R0VDplz-EX2Qr3q5ieaJ3d8pXBA-DyZB5FSQWx1RHUBXECE7CFGGKORHYwNrrJnvh8P57TlrdfYFNvzmPgoUJFGl7WITIKG7saB3nhdY2j9MdQ4j1a1lH-QuK6p_Pz1fYYJVHQEmYRhMWOXExh675j7k3xB4NYRbPnpKFjinayfkWNq7aZg5dfX0Pv_ZjhO9crZnpqAbfATL5DxG0zomMtY4KZqma3qKLq3MXpijXqD4vshMheoo90IcTKOUkopcP7RFES-R3TXb-R_JtNUQ-Uw-Wc41t03ySkvM4U8nuPX_XZ3nzc6fLlHtRKC0dw5Bm7cELv7Nb1YgSVIAqJveQ_QtzSwfbJo9-wXDgjv13jA24l34IPbieVfXJ2LIExKVuptVyfKy4G8FndRlMRbhhsAeQuHw6l3dmSxD8VOVfCTa3YPCFyQ66AI_B2ALHRwbdibkxI_DBhuH2WDZxHD8jPhKK0GrcPniIbIR0QwsZ7NBNGBQNGD4c3nf0xeYQQTr8VzteRhEpz2ERXiGboqslL10qTch8s7pz_mu5Xqty2Izs7Xm6vowIKAEYA=s96-c');

Suggested changes:

  • in the download_url function, generate temporary file with empty argument, which creates a random filename: $tmpfname = wp_tempnam( );
  • in the wp_tempnam function limit the length of the input filename:
    function wp_tempnam( $filename = '', $dir = '' ) {
        if ( empty( $dir ) ) {
            $dir = get_temp_dir();
        }
     
        if ( empty( $filename ) || in_array( $filename, array( '.', '/', '\\' ), true ) ) {
            $filename = uniqid();
        }
     
        // Use the basename of the given file without the extension as the name for the temporary directory.
        $temp_filename = basename( $filename );
        $temp_filename = preg_replace( '|\.[^.]*$|', '', $temp_filename );
     
        // If the folder is falsey, use its parent directory name instead.
        if ( ! $temp_filename ) {
            return wp_tempnam( dirname( $filename ), $dir );
        }
    
        $temp_filename  = substr( $temp_filename, 0, 8 );
     
        // Suffix some random data to avoid filename conflicts.
        $temp_filename .= '-' . wp_generate_password( 6, false );
        $temp_filename .= '.tmp';
        $temp_filename  = $dir . wp_unique_filename( $dir, $temp_filename );
     
        $fp = @fopen( $temp_filename, 'x' );
        if ( ! $fp && is_writable( $dir ) && file_exists( $temp_filename ) ) {
            return wp_tempnam( $filename, $dir );
        }
        if ( $fp ) {
            fclose( $fp );
        }
     
        return $temp_filename;
    }
    

Change History (0)

Note: See TracTickets for help on using tickets.