Decrease the chances that `wp_tempnam()` will conflict with an existing file by suffixing a random ID to the generated filename.

This also switches from using `touch()` to using `fopen( $file, 'x')` to ensure that we're the process creating the file.

Fixes #34562

Built from https://develop.svn.wordpress.org/trunk@35644


git-svn-id: http://core.svn.wordpress.org/trunk@35608 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
Dion Hulse 2015-11-16 05:33:25 +00:00
parent acba061485
commit 42ff945649
2 changed files with 11 additions and 2 deletions

View File

@ -164,9 +164,18 @@ function wp_tempnam( $filename = '', $dir = '' ) {
return wp_tempnam( dirname( $filename ), $dir );
}
// Suffix some random data to avoid filename conflicts
$temp_filename .= '-' . wp_generate_password( 6, false );
$temp_filename .= '.tmp';
$temp_filename = $dir . wp_unique_filename( $dir, $temp_filename );
touch( $temp_filename );
$fp = @fopen( $temp_filename, 'x' );
if ( ! $fp && is_writable( $dir ) && file_exists( $temp_filename ) ) {
return wp_tempnam( $filename, $dir );
}
if ( $fp ) {
fclose( $fp );
}
return $temp_filename;
}

View File

@ -4,7 +4,7 @@
*
* @global string $wp_version
*/
$wp_version = '4.4-beta4-35643';
$wp_version = '4.4-beta4-35644';
/**
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.