WordPress-C
/
WordPress
mirror of https://github.com/WordPress/WordPress.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Decrease the chances that `wp_tempnam()` will conflict with an existing file by suffixing a random ID to the generated filename. 

This also switches from using `touch()` to using `fopen( $file, 'x')` to ensure that we're the process creating the file.

Fixes #34562

Built from https://develop.svn.wordpress.org/trunk@35644


git-svn-id: http://core.svn.wordpress.org/trunk@35608 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
Dion Hulse 2015-11-16 05:33:25 +00:00
parent acba061485
commit 42ff945649
2 changed files with 11 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
wp-admin/includes/file.php
View File

@ -164,9 +164,18 @@ function wp_tempnam( $filename = '', $dir = '' ) {
return wp_tempnam( dirname( $filename ), $dir ); return wp_tempnam( dirname( $filename ), $dir );
} }
// Suffix some random data to avoid filename conflicts
$temp_filename .= '-' . wp_generate_password( 6, false );
$temp_filename .= '.tmp'; $temp_filename .= '.tmp';
$temp_filename = $dir . wp_unique_filename( $dir, $temp_filename ); $temp_filename = $dir . wp_unique_filename( $dir, $temp_filename );
touch( $temp_filename );
$fp = @fopen( $temp_filename, 'x' );
if ( ! $fp && is_writable( $dir ) && file_exists( $temp_filename ) ) {
return wp_tempnam( $filename, $dir );
}
if ( $fp ) {
fclose( $fp );
}
return $temp_filename; return $temp_filename;
} }

2
wp-includes/version.php
View File

@ -4,7 +4,7 @@
* *
* @global string $wp_version * @global string $wp_version
*/ */
$wp_version = '4.4-beta4-35643'; $wp_version = '4.4-beta4-35644';
/** /**
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema. * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.