Make WordPress Core

Opened 10 years ago

Closed 10 years ago

#6465 closed defect (bug) (fixed)

tempnam() has been disabled for security reason

Reported by: DD32 Owned by:
Milestone: 2.6 Priority: normal
Severity: normal Version: 2.5
Component: Administration Keywords: has-patch
Focuses: Cc:



OK, this might not be a WordPress problem exactly, but maybe someone could help me.

When I click the auto-update option for plugins, the page displays:

Warning: tempnam() has been disabled for security reasons in //wp-admin/includes/file.php on line 316

Is there a way to fix it?

Appears some hosts disable tempnam() all together, Might be worth simply using basename($url) as the filename in the upgrade folder.

It causes the plugin auto upgrade to fail.

Attachments (2)

6465.diff (2.2 KB) - added by DD32 10 years ago.
6465.2.diff (2.2 KB) - added by DD32 10 years ago.

Download all attachments as: .zip

Change History (10)

#1 @DD32
10 years ago

Just for reference, its used in download_url() and get_filesystem_method()

#2 @DD32
10 years ago

Also, getmyuid() and fileowner() are disabled on certain setups.

10 years ago

#4 @DD32
10 years ago

  • Keywords has-patch added; needs-patch removed

attachment 6465.diff added.

  • Introduces wp_tempnam() to find a filename which is useable, based off a provided filename/url & optionally a path (Note: The args are not the same as PHP's tempnam, as the arguement order makes more sense in this fasion for WordPress's use)
  • Adds checks for getmyuid() and fileowner() before attempting to use them
  • And adds a filter to the filesystem method.

10 years ago

#5 @DD32
10 years ago

attachment 6465.2.diff added.

Forgot to touch the file and actually create it.. Apologies if patch doesnt apply, i had to manually hack out another few changes i've made around it.

#6 @ryan
10 years ago

(In [7840]) tempnam workarounds from DD32. see #6465

#7 @ryan
10 years ago

Committed for trunk. Let's let it soak in trunk before adding to 2.5.

#8 @ryan
10 years ago

  • Milestone changed from 2.5.2 to 2.6
  • Resolution set to fixed
  • Status changed from new to closed
Note: See TracTickets for help on using tickets.