Replace use of tmpfile() with a safe get_temp_dir(). tmpfile() may use a temporary directly which is not writable. Add static caching to get_temp_dir() & better protect against bad server configs. Fixes #12866

git-svn-id: http://svn.automattic.com/wordpress/trunk@14016 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
dd32 2010-04-06 11:20:51 +00:00
parent 07a523894a
commit d5ee7bca10
2 changed files with 21 additions and 8 deletions

View File

@ -92,7 +92,9 @@ class WP_Filesystem_FTPext extends WP_Filesystem_Base {
if ( empty($type) )
$type = FTP_BINARY;
$temp = tmpfile();
$tempfile = wp_tempnam($file);
$temp = fopen($tempfile, 'w+');
if ( ! $temp )
return false;
@ -106,6 +108,7 @@ class WP_Filesystem_FTPext extends WP_Filesystem_Base {
$contents .= fread($temp, 8192);
fclose($temp);
unlink($tempfile);
return $contents;
}
function get_contents_array($file) {
@ -113,7 +116,8 @@ class WP_Filesystem_FTPext extends WP_Filesystem_Base {
}
function put_contents($file, $contents, $mode = false ) {
$temp = tmpfile();
$tempfile = wp_tempnam($file);
$temp = fopen($tempfile, 'w+');
if ( ! $temp )
return false;
@ -124,6 +128,7 @@ class WP_Filesystem_FTPext extends WP_Filesystem_Base {
$ret = @ftp_fput($this->link, $file, $temp, $type);
fclose($temp);
unlink($tempfile);
$this->chmod($file, $mode);

View File

@ -149,21 +149,29 @@ function list_files( $folder = '', $levels = 100 ) {
* @return string Writable temporary directory
*/
function get_temp_dir() {
static $temp;
if ( defined('WP_TEMP_DIR') )
return trailingslashit(WP_TEMP_DIR);
if ( $temp )
return trailingslashit($temp);
$temp = WP_CONTENT_DIR . '/';
if ( is_dir($temp) && is_writable($temp) )
return $temp;
if ( function_exists('sys_get_temp_dir') )
return trailingslashit(sys_get_temp_dir());
if ( function_exists('sys_get_temp_dir') ) {
$temp = sys_get_temp_dir();
if ( is_writable($temp) )
return trailingslashit($temp);
}
$temp = ini_get('upload_tmp_dir');
if ( is_dir($temp) ) // always writable
if ( is_dir($temp) && is_writable($temp) )
return trailingslashit($temp);
return '/tmp/';
$temp = '/tmp/';
return $temp;
}
/**
@ -179,7 +187,7 @@ function get_temp_dir() {
* @param string $dir (optional) Directory to store the file in
* @return string a writable filename
*/
function wp_tempnam($filename = '', $dir = ''){
function wp_tempnam($filename = '', $dir = '') {
if ( empty($dir) )
$dir = get_temp_dir();
$filename = basename($filename);
@ -603,7 +611,7 @@ function _unzip_file_ziparchive($file, $to, $needed_dirs = array() ) {
return new WP_Error('extract_failed', __('Could not extract file from archive.'), $info['name']);
if ( ! $wp_filesystem->put_contents( $to . $info['name'], $contents, FS_CHMOD_FILE) )
return new WP_Error('copy_failed', __('Could not copy file.'), $to . $file['filename']);
return new WP_Error('copy_failed', __('Could not copy file.'), $to . $info['filename']);
}
$z->close();