tempnam() has been disabled for security reason

[DD32]

​http://wordpress.org/support/topic/164139?replies=1

OK, this might not be a WordPress problem exactly, but maybe someone could help me.

When I click the auto-update option for plugins, the page displays:

Warning: tempnam() has been disabled for security reasons in //wp-admin/includes/file.php on line 316

Is there a way to fix it?

Appears some hosts disable tempnam() all together, Might be worth simply using basename($url) as the filename in the upgrade folder.

It causes the plugin auto upgrade to fail.

Just for reference, its used in download_url() and get_filesystem_method()

Also, getmyuid() and fileowner() are disabled on certain setups.

See: ​http://wordpress.org/support/topic/164424

attachment 6465.diff added.

• Introduces wp_tempnam() to find a filename which is useable, based off a provided filename/url & optionally a path (Note: The args are not the same as PHP's tempnam, as the arguement order makes more sense in this fasion for WordPress's use)
• Adds checks for getmyuid() and fileowner() before attempting to use them
• And adds a filter to the filesystem method.

attachment 6465.2.diff added.

Forgot to touch the file and actually create it.. Apologies if patch doesnt apply, i had to manually hack out another few changes i've made around it.

(In [7840]) tempnam workarounds from DD32. see #6465

Committed for trunk. Let's let it soak in trunk before adding to 2.5.